BucketRace

Privacy Policy

Last updated: March 2026

1. Introduction

BucketRace Ltd ("BucketRace," "we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website (bucketrace.com), book our events, or interact with us.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

2. Data Controller

BucketRace Ltd is the data controller for the personal data collected through this website. If you have any questions about how we handle your data, contact us at:

3. What Data We Collect

We may collect the following personal data:

Information you provide to us:

  • Booking information: Name, email address, phone number, company name, group size, event date, and any messages or special requirements.
  • Contact form submissions: Name, email address, subject, and message content.
  • Newsletter subscriptions: Email address and subscription preferences.
  • Payment information: Processed securely via Stripe. We do not store your full card details on our servers.

Information collected automatically:

  • Website analytics: IP address, browser type, operating system, device type, screen resolution, pages visited, time spent, and referral source.
  • Cookies: We use cookies and similar technologies as described in Section 7 below.
  • Location data: Approximate location derived from IP address for analytics purposes.

4. How We Use Your Data

We use your personal data for the following purposes:

  • To process bookings: Confirming events, sending booking details, and communicating about your event.
  • To respond to enquiries: Replying to contact form submissions and customer questions.
  • To send marketing communications: Newsletters and event promotions (only with your consent, and you can unsubscribe at any time).
  • To improve our services: Analysing website usage to improve the user experience and our events.
  • To comply with legal obligations: Tax records, fraud prevention, and regulatory compliance.

Legal Basis for Processing

We process your data based on the following legal grounds:

  • Contract: Processing necessary to fulfil your booking or respond to your enquiry.
  • Consent: Marketing communications and non-essential cookies.
  • Legitimate interest: Website analytics, fraud prevention, and improving our services.
  • Legal obligation: Tax and regulatory compliance.

5. Data Sharing

We do not sell your personal data to third parties. We may share your data with the following service providers who help us operate our business:

  • Stripe: Payment processing (PCI-DSS compliant).
  • Resend: Email delivery for booking confirmations and marketing.
  • DigitalOcean: Website and server hosting.
  • Google Analytics / website analytics: Anonymous website usage data.

All third-party providers are contractually obligated to protect your data and process it only as instructed by us.

6. Data Retention

We retain your personal data for the following periods:

  • Booking data: 6 years from the event date (for tax and legal purposes).
  • Contact form submissions: 2 years, or until the enquiry is resolved.
  • Newsletter subscribers: Until you unsubscribe.
  • Website analytics: Aggregated data retained indefinitely; identifiable data for up to 26 months.

7. Cookies

Our website uses cookies - small text files stored on your device - to enhance your browsing experience. We use the following types of cookies:

  • Essential cookies: Required for the website to function (e.g., session management). These cannot be disabled.
  • Analytics cookies: Help us understand how visitors use our website so we can improve it. These collect anonymous data.
  • Marketing cookies: Used to track the effectiveness of our advertising. Only set with your consent.

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of our website.

8. Your Rights

Under the UK GDPR, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Request your data in a portable, machine-readable format.
  • Right to object: Object to processing based on legitimate interest or direct marketing.
  • Right to withdraw consent: Withdraw consent at any time for consent-based processing.

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • HTTPS encryption on all website pages.
  • Secure server infrastructure hosted on DigitalOcean.
  • Access controls restricting data access to authorised personnel only.
  • Payment processing handled by PCI-DSS compliant Stripe.
  • Regular security reviews and updates.

10. International Data Transfers

Some of our service providers operate outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, in compliance with UK GDPR requirements.

11. Children's Privacy

Our website is not directed at children under 16. We do not knowingly collect personal data from children without parental consent. If you believe we have collected data from a child under 16, please contact us immediately and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

13. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us: