Back to Battle for Hastings

Battle for Hastings

Privacy Policy

Effective from 1 April 2026 · Last updated 18 May 2026

This policy explains how Stash Racing Inc. ("we", "us") collects, uses, and looks after the personal data you provide when applying for Battle for Hastings, when we invite you to register and pay for a team berth, and when you participate in the event. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR).

---

1. What data we collect

Application — When you submit an application for Battle for Hastings, we collect the following information:

• Whether your team is complete or still forming, and team category (mixed or all-women's)
• Team name (or provisional details) and optional notes while you are still forming a team
• Team captain's full name, email address, and phone number
• Names and email addresses of team members you list (up to four when your team is complete)
• Typical running habits, your reason for applying, and how you heard about the event

Invited registration & runner checkout — If you are invited to confirm a captain or teammate place and complete checkout via our invitation links (including relay squad berths paid per rider), we also collect:

• Team or squad name (including provisional names supplied by organisers where applicable)
• Email addresses used for captain and teammate invitations, confirmations, and support
• Full name as you submit it for the event roster
• Phone number and gender, where requested for logistics, safety, kit, or race operations
• Jersey and race-kit sizing preferences (including top fit/size selections you choose at checkout)
• Records that you accepted our terms of entry, waiver, and photo / media consent where presented at checkout — we rely on these to evidence your agreement rather than storing long legal text in full
• Cryptographic invite and session identifiers (for example hashed or stored tokens associated with Stripe Checkout and your berth) — so we can match payment to the correct team slot without handing out open-ended access

Payment card details are collected and processed solely by our payment provider (Stripe). We do not receive or store full card numbers, though we may see payment status, amounts, Checkout session identifiers, and fraud-prevention signals that Stripe attaches to successful or attempted payments.

2. How we use your data

We use the information you provide to:

• Assess and respond to your application
• Send transactional emails (such as invitations, payment links, confirmations, and operational updates tied to checkout)
• Administer invited registrations and berth-by-berth runner checkout alongside your application if accepted — including aligning kit orders and roster slots with payments
• Administer your entry if accepted, including sending event information and logistics
• Process entry fees and per-rider berth payments securely
• Contact you about changes to the event or emergency communications on race day
• Compile participant lists and results

We will not use your data for unrelated marketing without your explicit consent.

3. Legal basis for processing

We process your data on the following bases under UK GDPR:

• Contractual necessity — to fulfil our obligations to you as a participant
• Legitimate interests — to administer and improve the event safely
• Legal obligation — where required by law (e.g. safety records)

4. Who we share your data with

We do not sell your personal data. We may share it with:

• Google — application responses are stored in Google Sheets, subject to Google's privacy policy
• Stripe — to process payments and Checkout sessions securely; Stripe processes card data according to its own terms and privacy policy
• Email delivery providers — to send transactional messages (for example invites and receipts). Their subprocessors may process message metadata in line with their policies
• Cloud infrastructure and database providers — to host our site, APIs, and registration records (including invited checkout data) in secure environments
• Event safety personnel — where necessary for participant welfare on race day

All third parties are required to handle your data securely and in accordance with applicable law.

5. How long we keep your data

We retain participant and invited-checkout data (including registration and payment-correlation records) for up to two years after the event date, unless a shorter period is required or we delete it earlier on request. Data relating to unsuccessful applications is deleted within six months of the application window closing. You can request earlier deletion at any time (see section 7).

6. Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to certain uses of your data
• Request restriction of processing in certain circumstances
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

7. Contact us

To exercise any of your rights, or if you have any questions about how we handle your data, contact us at hello@stashrunning.com. We aim to respond within 30 days.

8. Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with an updated effective date. For significant changes, we will notify accepted participants directly by email.

---

Also see our Terms & Conditions.