Privacy Policy

TOWCESTER RACECOURSE PRIVACY POLICY

Last Updated: 4th February 2026

  1. Who We Are

This privacy policy explains how we collect, use, and protect your personal information when you use our website, book tickets or hospitality, or interact with us.

Data Controller:
Orchestrate UK Limited (trading as Towcester Racecourse)

Registered Address:
5 Margaret Road, Romford, Essex, England, RM2 5SH

Company Registration Number: 02880114

Contact Details:
Email: info@towcester-racecourse.co.uk
Phone: 0800 304 7700
Website: towcester-racecourse.co.uk
Post: Towcester Racecourse, London Road, Towcester, Northamptonshire, NN12 8UB

We are committed to protecting your privacy and personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

  1. What Information We Collect

We collect and process different types of personal information depending on how you interact with us:

When You Book Tickets or Hospitality:

  • Your name, email address, and phone number
  • Billing address and delivery address (if applicable)
  • Payment information (securely processed by our payment provider)
  • Booking preferences and special requirements (dietary needs, accessibility requirements, etc.)
  • Information about tickets or packages purchased

 

When You Sign Up for Marketing:

  • Your name and email address

When You Visit Our Website:

  • Technical information including IP address, browser type and version, operating system
  • Information about your visit including pages you viewed, time spent on pages, navigation paths
  • Cookies and similar tracking technologies (see Cookie Policy section below)

When You Contact Us:

  • Any information you provide in emails, phone calls, or contact forms
  • Records of correspondence
  • Phone calls may be recorded

When You Attend Our Events:

  • CCTV footage for security purposes
  • Photography and video content captured at events (which may feature attendees)

When You Apply for Jobs:

  • Information provided in your CV, application form, and interview
  • References and background check information (where applicable)
  1. How We Use Your Information

We only use your personal information when we have a legal basis to do so. Here’s how we use your data and why:

To Process Your Bookings (Legal basis: Contract performance)

  • Fulfilling your ticket or hospitality bookings
  • Processing payments
  • Sending booking confirmations and event updates
  • Managing event attendance and access
  • Handling refunds or changes to bookings

To Send Marketing Communications (Legal basis: Consent or Legitimate interest)

With Your Consent: When you opt in, we send you:

  • Information about upcoming events, race meetings, and special occasions
  • Exclusive offers, early bird pricing, and promotions
  • Derby updates and racing news
  • Newsletters and venue updates

You must opt in to receive marketing emails. You can unsubscribe at any time (see Section 6).

Legitimate Interest (for existing customers): If you’ve previously purchased tickets or made bookings with us, we have a legitimate interest to send you information about similar events and offers that may interest you based on your previous engagement. You can opt out at any time.

To Improve Our Website and Services (Legal basis: Legitimate interest)

  • Understanding how visitors use our website
  • Analysing booking patterns and customer preferences
  • Improving user experience and website functionality
  • Developing new products and services
  • Responding to customer enquiries and providing support
  • Investigating and resolving complaints

We have a legitimate interest in these activities because they help us provide better service to you and operate our business effectively.

To Comply with Legal Obligations (Legal basis: Legal requirement)

  • Keeping financial records for tax purposes (7 years)
  • Complying with health and safety regulations
  • Responding to legal requests from authorities
  • Preventing and detecting fraud

For Security and Safety (Legal basis: Legitimate interest)

  • Monitoring CCTV for venue security
  • Preventing fraud in our booking and payment systems
  • Investigating incidents or complaints
  • Maintaining the safety of our staff, customers, and premises
  1. Who We Share Your Information With

We share your personal data with trusted third-party service providers who help us operate our business. These providers are contractually required to keep your data secure and only use it for the purposes we specify.

Data Processors (Service Providers):

Mailchimp (Email marketing)

  • Sends marketing emails to subscribers
  • US-based with EU Standard Contractual Clauses
  • Privacy policy: mailchimp.com/legal/privacy

Booking management system

  • Manages ticket bookings and hospitality reservations
  • Processes booking information and coordinates with payment systems
  • Sends transactional emails to you e.g. order confirmation

Payment Processor Name

  • Securely processes card payments on our behalf
  • We do not store full card details ourselves

Google Analytics (Website analytics)

  • Helps us understand website usage through anonymised data
  • Uses cookies to track visitor behaviour
  • Privacy policy: policies.google.com/privacy

Meta/Facebook (Advertising and analytics)

  • Facebook Pixel tracks website visits for advertising purposes
  • Helps us show relevant ads to people who’ve visited our site
  • Requires cookie consent (see Cookie Policy below)
  • Privacy policy: facebook.com/privacy

 

Other Recipients:

Professional Advisors:
We may share data with accountants, lawyers, business consultants, and other professional advisors when necessary for business operations.

Regulatory Authorities:
We may share information with:

  • Information Commissioner’s Office (ICO) – data protection regulator
  • HMRC – for tax compliance
  • Police or law enforcement – if required by law
  • Other regulators as legally required

Emergency Services:
We may share information with emergency services if there’s an incident at our venue requiring medical or emergency response.

Business Partners:
We may share information with event partners, sponsors, or co-promoters where you’ve consented or where necessary to deliver services you’ve requested.

Third Parties You’ve Consented To:
If you’ve given explicit consent, we may share your information with selected commercial partners so they can contact you about their services.

We Will Never:

  • Sell your personal data to third parties
  • Share your data for others’ marketing purposes without your explicit consent
  • Transfer your data outside the UK/EU without appropriate safeguards
  1. Information We Receive From Other Sources

We may receive personal information about you from:

Corporate and Group Bookings:

  • Corporate clients who book hospitality packages or tickets on behalf of their employees or guests
  • Event organisers who make group bookings and provide attendee details
  • Travel agents or hospitality booking agencies acting on behalf of customers

Gift Purchases:

  • People who purchase gift vouchers and provide recipient details
  • Friends or family members who book tickets on your behalf

Publicly Available Sources:

  • Social media platforms where you publicly tag our venue, post reviews, or share content mentioning us
  • Business directories and public company information websites for verification purposes

Business Partners:

  • Sponsors or partners who refer customers to us (with appropriate consent)
  • Co-promotion partners for joint events

All third parties are required to have appropriate consent or legal basis to share personal information with us.

  1. Marketing Communications

We want to keep you updated with the latest news, offers, and exclusive content related to our events.

How to Opt In:

You can choose to receive marketing emails by:

  • Ticking the consent box when making a booking
  • Signing up via forms on our website (e.g., Derby interest registration)
  • Registering at our venue or events
  • Contacting us directly to subscribe

What You’ll Receive:

Event announcements: Derby dates, race fixtures, special events
Exclusive offers: Early bird ticket pricing, hospitality packages, seasonal promotions
Venue updates: New facilities, behind-the-scenes content, racing news
Partner offers: Occasionally, we share carefully selected offers from our event-day partners. You can opt out of partner communications while continuing to receive Towcester updates.

 

How to Opt Out:

You can unsubscribe at any time by:

  • Clicking the “unsubscribe” link in any marketing email
  • Emailing us at info@towcester-racecourse.co.uk with “Unsubscribe” in the subject
  • Calling us on 0800 304 7700

We will process your unsubscribe at the earliest opportunity.

Important: You will still receive essential booking confirmations and event-related information for tickets you’ve purchased, even if you unsubscribe from marketing.

  1. Cookies and Tracking Technologies

Our website uses cookies – small text files stored on your device when you visit our website.

Types of Cookies We Use:

Essential Cookies (Always active)
Required for our booking system and website to function properly. These cannot be disabled as the website wouldn’t work without them.

Examples:

  • Session cookies for booking process
  • Security cookies for fraud prevention
  • Load balancing cookies

Analytics Cookies (Optional – requires consent)
Google Analytics helps us understand how visitors use our website:

  • Which pages are most popular
  • How long people spend on the site
  • Where visitors come from
  • How people navigate through the booking process

This helps us improve user experience and website performance.

Marketing Cookies (Optional – requires consent)
Facebook/Meta Pixel allows us to:

  • Show relevant ads to people who’ve visited our website
  • Measure the effectiveness of our advertising
  • Build audiences for targeted marketing campaigns
  • Track conversions from ads

Managing Cookies:

You can control cookie preferences through:

  • Your browser settings – Most browsers allow you to refuse cookies or delete existing cookies
  • Our cookie consent banner – Shown on your first visit, where you can accept or reject optional cookies

Note: Blocking essential cookies will prevent you from using our booking system. Blocking analytics and marketing cookies won’t affect website functionality but will limit our ability to improve the site and show you relevant advertising.

For more information about cookies, visit: allaboutcookies.org

  1. How Long We Keep Your Data

We only keep your personal data for as long as necessary for the purposes we collected it. Here are our retention periods:

After these periods, we will securely delete or anonymise your data so it can no longer identify you.

If you have questions about how long we keep specific types of data, please contact us at info@towcester-racecourse.co.uk

  1. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Access (Subject Access Request)

You can request a copy of the personal data we hold about you.

Right to Rectification

You can ask us to correct inaccurate or incomplete personal data.

Right to Erasure (“Right to be Forgotten”)

You can ask us to delete your personal data in certain circumstances:

  • It’s no longer needed for the purpose we collected it
  • You withdraw consent (for marketing)
  • You object to processing and we have no overriding legitimate reason
  • The data was unlawfully processed

Note: We may need to keep some data for legal reasons (e.g., financial records for 7 years).

Right to Restrict Processing

You can ask us to temporarily stop using your data in certain situations.

Right to Data Portability

You can ask for a copy of your data in a commonly used electronic format so you can transfer it to another service.

Right to Object

You can object to:

  • Processing based on legitimate interests
  • Direct marketing (including profiling)
  • Processing for research or statistical purposes

Right to Withdraw Consent

Where we rely on consent (e.g., marketing emails), you can withdraw it at any time. This won’t affect any processing we’ve already done.

How to Exercise Your Rights:

Email: info@towcester-racecourse.co.uk
Phone: 0800 304 7700
Post: Data Protection Enquiry, Towcester Racecourse, London Road, Towcester, Northamptonshire, NN12 8UB

We will respond to your request within 30 days. If your request is complex or we receive multiple requests, we may extend this by a further 60 days and will let you know.

Proof of identity: We may ask for identification to verify your identity before fulfilling your request to protect your personal data.

  1. Children’s Privacy

We welcome families to our events. However, our online services and marketing are intended for individuals aged 16 and over.

If you are under 16 years old: Please ask your parent or guardian for permission before providing any personal information (name, email, phone number, etc.).

Parents/Guardians: If you believe your child (under 16) has provided us with personal information without your consent, please contact us immediately at info@towcester-racecourse.co.uk and we will delete it promptly.

We do not knowingly collect or process personal data from children under 16 without parental consent.

  1. Security

We take the security of your personal data seriously and have appropriate technical and organisational measures in place to protect it from:

  • Unauthorised access or disclosure
  • Accidental loss or destruction
  • Malicious or unlawful damage

Security measures include:

  • Secure servers with encryption (HTTPS)
  • Password protection and access controls
  • Regular security updates and monitoring
  • Staff training and agreement to our internal data protection policies
  • Secure payment processing – we do not store full card details
  • CCTV and physical security at our venue

However: No data transmission over the internet can be guaranteed to be 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.

If there’s a data breach: If a breach occurs that’s likely to result in high risk to your rights and freedoms, we will notify you and the Information Commissioner’s Office (ICO) within 72 hours.

 

  1. International Data Transfers

Some of our service providers are based outside the UK (e.g., Mailchimp in the USA).

When we transfer your data outside the UK, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the UK Government
  • Adequacy decisions where the destination country has been deemed to provide adequate protection
  • Additional security measures to protect data during transfer

Your personal data is always protected in accordance with UK GDPR requirements, regardless of where it’s processed.

  1. Links to Other Websites

Our website may contain links to third-party websites (e.g., social media platforms, partner organisations, ticket resellers etc.)

Please note: We are not responsible for the privacy practices of other websites. When you leave our website, we encourage you to read the privacy policy of every website you visit.

This privacy policy applies only to towcester-racecourse.co.uk and our direct communications with you.

  1. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in:

  • How we process your data
  • Legal requirements
  • Our business practices

When we make changes:

  • We will update the “Last Updated” date at the top
  • Significant changes will be highlighted on our website
  • For material changes affecting marketing consent, we will notify you by email

We encourage you to review this policy periodically.

  1. Contact Us About Privacy

If you have any questions, concerns, or complaints about this privacy policy or how we handle your personal data, please contact us:

General Enquiries:
Email: info@towcester-racecourse.co.uk
Phone: 0800 304 7700
Post: Towcester Racecourse, London Road, Towcester, Northamptonshire, NN12 8UB

Data Protection Matters:
For specific data protection questions or to exercise your rights, please mark your communication “Data Protection Enquiry” and send to the above contact details.

  1. Complaints to the Regulator

You have the right to lodge a complaint with the UK’s data protection regulator if you believe your data protection rights have been violated:

Information Commissioner’s Office (ICO)

🌐 Website: ico.org.uk/make-a-complaint

We’d appreciate the chance to resolve your concern first – please contact us before going to the ICO if possible.