Total Race Timing (“we”, “us”) is based in the United Kingdom and processes personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what we collect when you use our website and services (including race registration, payments, timing and results features), why we use it, who we share it with, and your rights.
Data controller
The data controller responsible for your personal data is Total Race Timing. You can contact us about data protection at
info@totalracetiming.co.uk or using the postal address at the end of this policy.
What personal data we collect
Depending on how you use our service, we may collect:
• Identity and contact details (for example name, email address, postal address, telephone number)
• Account and authentication data (including if you sign in with a third-party provider such as Facebook, Google or Strava, subject to their terms)
• Race and entry details (event, category, emergency contact where collected, club or team, date of birth or age category where needed for the event)
• Payment-related data processed by our payment providers (we do not store full card details on our servers)
• Technical and usage data (IP address, browser type, cookies and similar technologies, pages visited)
• Communications you send us (for example support requests)
Why we use your data (lawful bases)
We use personal data as follows:
• Contract — to register you for events, process entries and payments, provide timing and results features, and deliver the service you request
• Legitimate interests — to secure our systems, prevent fraud and abuse, improve the service, and communicate with you about your account or entries where proportionate
• Legal obligation — where we must comply with law, court orders, or requests from regulators
• Consent — where required (for example certain marketing messages or non-essential cookies); you may withdraw consent at any time
Who we share data with
We share personal data with trusted service providers who process it on our instructions (for example hosting, payment processing, email delivery), and with race organisers where necessary to run the events you enter. We may also disclose data if required by law or to protect rights, safety and security. We do not sell your personal data.
International transfers
Some of our providers may process data outside the UK. Where we transfer personal data internationally, we ensure appropriate safeguards are in place (for example the UK “adequacy” regulations or standard contractual clauses approved for use in the UK).
How long we keep data
We keep personal data only as long as needed for the purposes above, including legal, accounting and reporting requirements, and to resolve disputes. Retention periods depend on the type of data and the nature of your relationship with us.
Security
We implement appropriate technical and organisational measures to protect personal data. Sensitive payment information is handled by PCI-compliant payment providers; card data is not stored on our servers in a way that duplicates their role as payment processor.
Cookies and similar technologies
We use cookies and similar technologies where necessary for the site to function, and where applicable for analytics or preferences. Non-essential cookies are used in line with the Privacy and Electronic Communications Regulations (PECR) and your choices (for example through your browser settings or any cookie banner we provide). If you disable cookies, parts of the site may not work as intended.
Marketing
We send marketing emails only where permitted under UK law (for example with your consent or, where applicable, the “soft opt-in” for existing customers in relation to similar services). You can opt out of marketing emails at any time using
this unsubscribe page (no login required), using the link in marketing emails where provided, in your account settings, or by contacting us at
info@totalracetiming.co.uk.
Children
Our services may be used by parents or guardians entering children for events. Where information society services are offered directly to children under 13 in the UK, parental responsibility and consent rules under UK GDPR apply. We do not direct marketing at young children.
Your rights
Under UK data protection law you may have the right to access, correct, erase or restrict processing of your personal data, to object to certain processing, to data portability, and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
https://ico.org.uk/make-a-complaint/.
How to ask for erasure or exercise your rights
To exercise your rights or ask for your data to be removed, email
info@totalracetiming.co.uk. We will respond without undue delay and within one month in most cases (we may extend this period where the law allows and will tell you if we do).
Automated decision-making
We do not use automated processing that produces legal or similarly significant effects solely by automated means, unless we tell you otherwise in a specific feature.
Third-party websites
Our site may link to third-party sites or sign-in services. Their privacy notices apply to their services; we are not responsible for their practices.
Changes to this policy
We may update this policy from time to time. The current version will be published on this page with an updated “last updated” date.
Contact
Questions about this privacy policy or our use of personal data:
Total Race Timing
The White House
Guestwick, Norfolk NR20 5QD
United Kingdom
Last updated: 1 April 2026