Privacy Policy - The Equestrian 25 Challenge

Privacy Policy

How we collect, use, and protect your personal information

Important Information

We are committed to protecting your privacy and personal data. This policy explains how we handle your information when you participate in The Equestrian 25 Challenge.

International Service: We are based in the United States but serve participants worldwide, including the UK. We comply with applicable data protection laws, including UK GDPR for UK residents.

Contents

1. About Us & Contact

This Privacy Policy is provided by FMD LLC, incorporated in Wyoming, United States.

Data Controller Details:

Company: FMD LLC
Address: 30 N Gould St Ste N, Sheridan, WY 82801
Email: [email protected]

For the purposes of UK data protection law, we act as the data controller for personal information collected through our services. This means we determine how and why your personal data is processed.

2. What Data We Collect

2.1 Information You Provide Directly

When you register for The Autumn Equestrian Challenge, we collect:

Data Type Examples Purpose
Personal Details Name, email address, age range Account creation, communication
Postal Address Full delivery address including postcode Rosette delivery
Equestrian Background Experience level, disciplines, horse access Challenge customization, statistics
Payment Information Card details (processed by payment provider) Registration payment processing
Challenge Data Activity logs, completion status, feedback Challenge administration, improvement

2.2 Information We Collect Automatically

  • Website Usage: Pages visited, time spent, browser type, device information
  • IP Address: For security and approximate location
  • Cookies: See our Cookie Policy section below

2.3 Information from Third Parties

  • Payment Processors: Transaction confirmations and fraud prevention data
  • Email Services: Delivery confirmations and engagement metrics

3. How We Use Your Data

We use your personal information for the following purposes:

3.1 Challenge Administration

  • Processing your registration and payment
  • Sending your personalised activity log
  • Monitoring challenge progress and completion
  • Reviewing submitted activity logs
  • Arranging rosette production and delivery

3.2 Communication

  • Sending registration confirmations and important updates
  • Providing customer support and answering queries
  • Sending challenge reminders and motivation (if consented)
  • Requesting feedback and testimonials

3.3 Business Operations

  • Preventing fraud and ensuring payment security
  • Improving our services based on participant feedback
  • Analyzing trends and statistics (in anonymized form)
  • Maintaining records for legal and accounting purposes

3.4 Marketing (With Consent)

  • Sending information about future challenges
  • Sharing equestrian tips and content
  • Inviting participation in surveys or research

5. Data Sharing & International Transfers

5.1 When We Share Your Data

We only share your personal data in limited circumstances:

  • Service Providers: Payment processors, email services, rosette suppliers
  • Legal Requirements: If required by law or to protect our legal rights
  • Business Transfer: If our business is sold or merged (with notification)
  • With Your Consent: For testimonials or case studies (always optional)

5.2 International Data Transfers

As a US-based company, your data may be processed in the United States. For UK residents, this constitutes an international data transfer.

UK Resident Protections

When we transfer UK residents' data to the US, we implement appropriate safeguards:

  • Standard Contractual Clauses approved by UK authorities
  • Equivalent data protection standards
  • Regular security and compliance assessments
  • Your UK privacy rights remain fully intact

5.3 Third-Party Service Providers

  • Payment Processing: Stripe, PayPal (PCI DSS compliant)
  • Email Services: Mailchimp, SendGrid (privacy certified)
  • Rosette Production: UK-based suppliers (GDPR compliant)
  • Website Hosting: AWS, Google Cloud (certified secure)

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Data Type Retention Period Reason
Registration & Contact Info 3 years after Challenge completion Customer support, future marketing (if consented)
Payment Records 7 years Tax and accounting legal requirements
Challenge Activity Logs 1 year after completion Dispute resolution, service improvement
Marketing Consent Records Until consent withdrawn + 1 year Compliance demonstration
Website Analytics 26 months (anonymized after 14 months) Service improvement, trend analysis

After these periods, we will securely delete or anonymize your data unless we have a legal obligation to retain it longer.

7. Your Privacy Rights

You have important rights regarding your personal data. These rights apply regardless of where you're located, but UK residents have additional protections under UK GDPR.

Your Data Rights Include:

  • Access: Request a copy of personal data we hold about you
  • Rectification: Ask us to correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal obligations)
  • Restriction: Ask us to limit how we use your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Stop marketing communications anytime

7.1 How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected] with:

  • Your full name and email address used for registration
  • Clear description of your request
  • Proof of identity (if requesting sensitive information)

We will respond within 30 days for most requests, or 1 month for UK GDPR requests.

7.2 UK Residents - Additional Rights

UK residents can also:

  • Complain to the Information Commissioner's Office (ICO) if unhappy with our response
  • Request information about automated decision-making (though we don't use this)
  • Exercise rights through a third party or representative

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

8.1 Technical Safeguards

  • Encryption: All data transmitted using SSL/TLS encryption
  • Access Controls: Role-based access with strong authentication
  • Regular Backups: Secure, encrypted backup systems
  • Security Monitoring: 24/7 monitoring for threats and breaches

8.2 Organizational Measures

  • Staff Training: Regular privacy and security training
  • Data Minimization: Only collect data we actually need
  • Vendor Management: All service providers must meet our security standards
  • Incident Response: Procedures for handling any security incidents

8.3 Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

  • Notify relevant authorities within 72 hours (where required by law)
  • Inform affected individuals without undue delay
  • Provide clear information about what happened and what we're doing
  • Offer support and guidance on protective steps you can take

9. Cookies & Website Tracking

Our website uses cookies and similar technologies to improve your experience and provide our services.

9.1 Types of Cookies We Use

Cookie Type Purpose Duration Consent Required
Essential Website functionality, security, registration process Session/30 days No (necessary for service)
Analytics Understanding how visitors use our site 2 years Yes (can opt out)
Marketing Showing relevant advertisements (if used) 1 year Yes (explicit consent)
Preferences Remembering your choices and settings 1 year No (improves service)

9.2 Managing Cookies

You can control cookies through:

  • Browser Settings: Most browsers allow you to refuse cookies
  • Our Cookie Banner: Choose which categories to accept
  • Opt-Out Tools: Use industry opt-out services for advertising cookies

Note: Disabling essential cookies may affect website functionality and your ability to register for the Challenge.

10. Marketing Communications

10.1 Consent-Based Marketing

We will only send you marketing communications if you have given us explicit consent. This includes:

  • Information about future seasonal challenges
  • Equestrian tips and advice content
  • Special offers or early registration opportunities
  • Survey and feedback requests

10.2 Opting Out

You can stop marketing communications at any time:

  • Unsubscribe Link: Click the link at the bottom of any marketing email
  • Email Us: Send a request to [email protected]
  • Account Settings: Update preferences in your account (when available)

Important: Opting out of marketing does not stop essential communications about your Challenge participation (registration confirmations, activity logs, etc.).

10.3 Email Service Providers

Our marketing emails are sent through reputable providers who comply with international privacy standards and anti-spam laws.

11. Children's Privacy

We welcome participants of all ages but have special protections for children's data.

11.1 Participants Under 16

  • Parental Consent: Required for all participants under 16
  • Limited Data Collection: We collect only essential information
  • No Direct Marketing: We don't send marketing to under-16s
  • Parental Rights: Parents can access, correct, or delete their child's data

11.2 US Participants Under 13

For US residents under 13, we comply with the Children's Online Privacy Protection Act (COPPA), requiring verifiable parental consent before collecting any personal information.

11.3 Safeguarding

All staff handling children's data receive appropriate training. We never share children's information for marketing purposes and maintain strict access controls.

12. Policy Changes

12.1 Updates to This Policy

We may update this Privacy Policy to reflect:

  • Changes in applicable privacy laws
  • New features or services we offer
  • Improvements to our data protection practices
  • Changes to our business operations

12.2 How We Notify You

For significant changes that affect your rights:

  • Email Notification: Sent to all registered participants
  • Website Notice: Prominent notice on our homepage
  • Version Dating: Clear indication of when changes took effect

Continued use of our services after changes indicates acceptance of the updated policy.

13. Contact Us

13.1 Privacy Questions

For any questions about this Privacy Policy or how we handle your data:

Privacy Email: [email protected]
Postal Address: FMD LLC, 30 N Gould St Ste N, Sheridan, WY 82801
Response Time: Within 30 days

13.2 Complaints and Concerns

UK Residents: If you're not satisfied with our response to a privacy concern, you can complain to:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Other Residents: Contact your local data protection authority or consumer rights organization.

Last updated: 24 August 2025
Version 1.0
This Privacy Policy is effective as of the date shown above