Privacy Policy

The Racehorse Owners Association Privacy Notice

(last updated September 28, 2020)

We are delighted that you have shown interest in our organisation. Data protection is of a particularly high priority for the Racehorse Owners Association (the ROA).

This privacy notice explains how we process your personal information when you visit our website and/or if you’re a contact, prospective member, existing member, ex-member, racehorse trainer, corporate partner or attend an ROA event. It explains how we will protect data subjects {your} information and personal data, and the controls and safeguards we provide for this data. This includes understanding, at all times, precisely what data we’re storing for and about you, who (if anyone) can see that data, and whether you give permission for that data to be shared with third-parties.

The processing of personal data, such as the name, address, e-mail address, or telephone number shall always be in line with the General Data Protection Regulation (GDPR), The Data Protection Act 2018 and Privacy and Electronic Communication Regulations (PECR).

By means of this data protection declaration, we would like to inform you of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

Specific data protection declarations will be provided separately when booking onto the ROA’s events, this will allow for the nuances of such event data processing to be communicated to you in a transparent manner.

Who are we?

The Racehorse Owners Association (ROA) has over 7,500 members and promotes and protects the interests of racehorse owners in Great Britain. Since 1945 we have been making members' racehorse ownership more cost-effective and enjoyable.

We aim to ensure that the views of owners are represented within the various bodies involved in the running and funding of the British racing industry and our objectives are to work with other members of the Horsemen's Group to bring about a dramatic improvement to the financial state of British racing whilst supporting owners through the process of purchasing a racehorse and the ongoing experience of racehorse ownership.

We are registered as a data controller under registration number ZA207366.

The information we collect about you, why we need it and who it's safely shared with

We collect information depending on the relationship we have with you but typically this would be:

  • When you apply for or renew your membership.
  • When you purchase products, services, or attend events either online, over the phone, via fax, post or at an ROA event.
  • When you create a registered user account for our website.
  • When you set up a direct debit for membership payments.
  • When you apply for our direct debit offer.
  • When you engage with us on social media.
  • When you contact us by any means with queries, complaints etc.
  • When you ask one of our team to email you information about a membership or other products or services we offer.
  • When you enter prize draws or competitions.
  • When you register for any kind of course or event with us.
  • When you choose to complete any surveys we send to you.
  • When you fill in any forms. For example, membership forms or racecourse feedback forms.
  • When you have given a third-party permission, such as Weatherbys or the BHA, to share with us the information they hold about you.
  • If you attend our offices at 12 Forbury Road, Reading, RG1 1SB your image may be recorded on our CCTV cameras that are operated for the security of both visitors and staff.
  • Photographs and videos of members attending our events.
  • Publicly available information we have collected about you if you’re a racehorse trainer.

The personal data we may collect from you and process is:

Personal data type:


Title, First Name & Last Name

On-Line Membership Application Form, Paper Membership Application Form, Membership Newsletter Sign-Up


Membership Newsletter Sign-Up, Online Member Application form, Paper Application Form

Postal Address

Online Member Application form, Paper Application Form

Telephone Number

Online Member Application form, Paper Application Form

Debit or credit card details

Online Member Application form, Paper Application Form

Date of Birth

Online Member Application form, Paper Application Form

Friend’s Name (Member Recommendations)

Online Member Application form, Paper Application Form

Facial Photograph

Membership Card

The personal data we collect may be used for the following purposes depending on the relationship we have with you:

  • Processing a membership application and ongoing essential membership related processing
  • Sending you information about the ROA (and selected relevant partners), our activities and campaigns and for marketing purposes (including via Facebook and other social media channels)
  • Processing a purchase that you have made
  • Responding to correspondence you have sent to us

In any event, we are committed to ensuring that the information we collect, and use is appropriate for this purpose, and does not constitute an invasion of your privacy.

The legal basis we use under the General Data Protection Regulation for the processing of personal data:

  • Fulfilling our Contractual obligations to you
  • Our legitimate interests as the Racehorse Owners Association
  • Your Consent
  • Any Legal Requirement we may have

Processing to fulfil the membership contract

When you join as a member of the ROA, we need to use your personal information to provide the services for you have paid for and subscribed to for the lifetime of your membership. We will create an online account for you and use your personal email as a log-in and send details of your membership number to this account. We will create another account, if necessary on the Weatherbys Database. Data we hold will be used confidentially, and to help us run our services and keep you informed - for example, to collect subscriptions, mail out publications and let you know about conferences and events; or to fulfil legal or regulatory requirements if necessary.

We will use this email account to send essential membership communications to you in regards to the core member services you have paid for, these include free race days, member events, third-party liability insurance, emails from our partners The Owner Breeder (however we do not share your data, we only send occasional messages on their behalf) and access to voting and other membership benefits and services.

We will send you a membership pack via post but may send other essential membership service emails by email. Communications will be relevant, timely and not excessive. You can contact us via the details at the bottom of this notice to request a preference for postal communications although we cannot guarantee that all electronic communications can be transferred. Please be aware you are likely to miss out on a number of the essential membership offers that your subscription has paid for by not allowing electronic communications.

The ROA will never sell, trade, rent, exchange or otherwise share your personal information with any other person, company or organisation unless it is necessary to fulfil our contractual responsibilities, where we consider we have a legitimate interest, we have a legal obligation to do so or without gaining consent to do so. The information you provide will be held securely by us and/or our data processors, whether the information is in electronic or physical format. We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

Processing through the use of our Legitimate Interests

Broadly speaking this means that we are processing your personal information if:

  • We have a genuine and legitimate reason and we are not harming any of your rights and interests

The legitimate interests we pursue are to run a membership organisation, in favour of the well-being of all our members, employees, board members, non-member racehorse owners, members of the Horseman’s Group and for the broader good of the British racing.

When you provide your personal details to us we use your information for our legitimate business interests to carry out our work supporting ownership. Before doing this, we will carefully consider and balance any potential impact on you and your rights.

Some typical examples of when we might use this lawful basis are for direct marketing, presenting relevant adverts to you via social media, maintaining the security of our system, data analytics, research, enhancing, modifying or improving our services, identifying usage trends and determining the effectiveness of our campaigns and fundraising.

Direct marketing is generally seen as an important tool, but we want to respect your wishes as the recipients of our marketing. For this reason, we have undertaken a balancing test to compare our legitimate interests versus your interests and indeed fundamental rights and freedoms, which require the protection of your personal data.

We believe that the recipients of our marketing have a reasonable expectation that the ROA will store and process their Personal Data in this manner and for this purpose.

It is not always the case that the ROA collects personal information directly from the recipients of our marketing; such as is the case with non-members trainers, where we’ve used publicly available sources, typically trainer websites or through public events. Here we issue fair processing notices within one month of collecting personal data, or at the time of first communication, whichever is the soonest. These fair processing notices adhere to new General Data Protection Regulation and provide a clear and simple mechanism to object to our decision and immediately stop all future processing.

If you do not wish for us to contact you, please let us know through the unsubscribe link below:


Our assessment has considered the technical and organisational security measures that the ROA has implemented and the safeguards being put in place in regards to your privacy and the protection of your personal data.

The ROA routinely conducts Data Protection Impact Assessments with outputs that support privacy by design and default and include:

  • data minimisation;
  • de-identiļ¬cation and anonymisation;
  • appropriate technical and organisational security measures;
  • adding extra transparency;
  • encryption and access control;
  • data retention limits;
  • restricted access to systems;
  • where appropriate, encryption, hashing and salting of data;
  • other technical security methods used to protect data;
  • organisation wide privacy training;
  • the sensitivityof the personal data we have collected and processed;
  • whether you'd be likely to object to the processing or find it intrusive;
  • that a mechanism exists through which you may challenge our assessment.

The likelihood of impact and the severity of negative impact of our processing on your data has been assessed and deemed to be negligible.

Processing Using Consent

There are certain circumstances, particularly in regards electronic marketing communications where we may need consent from you, in order to process your data.

If this is the case we will ensure that the consent that you provide is by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of your agreement to the processing of personal data relating to you.

The ROA is monitoring future developments in EU electronic marketing regulation presently under debate in the EU Council and subject to delay and change.

Email Marketing

In relation to any email marketing that you may receive from us, either at your request or in any other circumstances, we may monitor whether you open and/or click on any links in such emails and we uses various tracking techniques to measure the effectiveness of our email campaigns and tailor our communications to your interests

If you elect to receive the ROA e-newsletters, we will use your email to send you the requested newsletters. We currently use MailChimp, a US-hosted third-party provider to send out and monitor our communications. For more information, please see MailChimp’s Privacy Policy.

We endeavour to keep all personal data hosted within the EEA. However, if it is essential to transfer your data outside of the EEA, as is the case with MailChimp, we look at this on a case-by-case basis to ensure that robust data-sharing agreements are in place. For example, MailChimp hosts its data in the US and is a member of the Privacy Shield scheme. This scheme has been declared by the EU to provide adequate protection for personal data, and as such we are happy to use it whilst we review their terms and conditions in more detail.

If you no longer wish to receive these emails, you can unsubscribe directly on our website or by following the instructions in the relevant communication.

We conduct this email marketing in adherence with the Privacy and Electronic Communications Regulation which derive from the European Directive 2002/58/EC.

We’ll always act upon your choice of how you want to receive marketing and communications (for example, by email, post or phone). However, there are some communications that we need to send.

These are essential to fulfil our promises to you as a member, owner, or buyer of goods or services from the ROA. Examples are:

  • Transaction messaging, such as Direct Debit schedules, purchase confirmations and event booking confirmations
  • ROA Membership-related mailings such as renewal reminders, ROA magazine The Owner Breeder and notice of our Annual General Meeting
  • Member benefit emails such as emails from The Owner Breeder 

Who your information is shared with

The Racehorse Owners Association will share your personal data with third parties only for the purposes of sub-contracted processing. We will seek assurances that these contractors/processors have in place appropriate technical and organizational measures to safeguard the security of your data. Where appropriate robust data processing agreements will be in place as per article 28 of the GDPR and mechanisms allowing the monitoring of such safeguards will be agreed.   

As an example we may share your data with Facebook in order that they can present personalised adverts to you via their social media platform if you use it. Here your data (email) is hashed locally before being sent to Facebook, hashing is a process that turns your data into short fingerprints that can't be reversed so as to protect and anonymise; it provides sufficient guarantees as to its security.  

If you would like to opt-out of sharing data in this way please do so via the unsubscribe option above and click the facebook sharing radio button.  Where we have used the Facebook ‘look a like’ facility to identify groups of individuals who may be interested in our advertising we; consider Facebook to be the data controller and advise that you read Facebook’s privacy for more information 

Our website uses cookies, this is what they do and how you can stop them

You do not have to give us any personal data in order to use this website. However you may provide us with personal data by completing forms on this website or by contacting us by telephone or email.

When you visit this website, we will automatically collect the internet protocol (IP) address of the device used by you to visit this website as well as the type of the device, browser version and time zone setting. This will enable us to identify you as a unique user for analytical purposes and to optimise our website for your device. This data does not allow us to, and we will not attempt to use this data to, identify you.


This website uses small text files, called cookies, which are automatically stored on your device when you access and use certain features of this website. As cookies are unique, we can use them to distinguish you from other users. To find out more about cookies, how to refuse them and how to change your device’s cookie settings, you should visit All About Cookies. Please note that if you refuse to accept cookies or change your device’s cookie settings, you may not be able to use all of this website’s features.

Data collected from the use of cookies does not allow us to, and we will not attempt to use this data to, identify you.

The categories of cookies used by this website are as follows:

  • Strictly necessary cookies – cookies that are required for the operation of this website and its features, such as accessing secure areas of this website
  • Performance cookies – cookies that allow us to recognise and new and returning users to this website and to track how they navigate around it to help us improve this website
  • Targeting or Advertising Cookies: Based on your interests and visit patterns, these cookies allow us to deliver the most relevant products, offers, and advertisements on our site and third-party sites, e.g. on search engines, social media sites, or through email and other message platforms. For example, some Advertising Cookies help us to present to you advertisements that are based on your interests, including those expressed or inferred by visits to our websites or online services. Others help prevent the same advertisement from continuously reappearing for you. Advertising Cookies also include Social Plug-In Cookies, which are used to share content from the Site with members and non-members of social media networks such as Facebook and Twitter. These cookies are usually set by the social networking provider, enabling such sharing to be smooth and seamless.

The cookies/trackers/web analytics used by this website are as follows:




Add This

Add This

Provides statistics about bookmarking and sharing activity of users

Google Analytics


This cookie creates a unique ID when a new visitor browses our website. It helps us to assess the number of new visitors to our site, and also identify whether we are receiving repeat visitors, too.


These two cookies help us measure a visitor's session, giving us data on what time visitors arrive and how long they spend browsing our website.



This cookie gives us information about how a visitor got to our site (e.g. Google Search, referral site, social media, direct URL, etc.) and also which pages they viewed after they arrived.

Double Click

This cookie collects anonymised Ad Views, Analytics, Browser Information, Date/Time, Demographic Data, Hardware/Software Type, Internet Service Provider, Interaction Data, Page Views, Serving Domains)


This cookie collects anonymous data (Ad Views, Analytics, Browser Information, Cookie Data , Date/Time, Demographic Data, Hardware/Software Type, Internet Service Provider, Interaction Data , Page Views , Serving Domains)


Facebook Audiences The Facebook pixel is an analytics tool that helps us measure the effectiveness of our advertising on the Facebook, Instagram, and Audience Network. We use the Facebook pixel to understand what actions people take on our sites in order to generate audience lists using Facebook Custom Audience that are used to target adverts to those audiences.


These cookies are used by the Google Analytics service to identify unique visitors to this website, where they came from, which pages they visit and how long they spend on it.

Further information can be found in the Google Privacy Policy.

Most browsers allow you to refuse to accept cookies; for example:

  1. In Internet Explorer (version 11) you can block cookies using the cookie handling override settings available by clicking "Tools", "Internet Options", "Privacy" and then "Advanced";
  2. In Firefox (version 39) you can block all cookies by clicking "Tools", "Options", "Privacy", selecting "Use custom settings for history" from the drop-down menu, and unticking "Accept cookies from sites"; and
  3. In Chrome (version 44), you can block all cookies by accessing the "Customise and control" menu, and clicking "Settings", "Show advanced settings" and "Content settings", and then selecting "Block sites from setting any data" under the "Cookies" heading.

Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.

You can also delete cookies already stored on your computer; for example:

  1. In Internet Explorer (version 11), you must manually delete cookie files (you can find instructions for doing so at;
  2. In Firefox (version 39), you can delete cookies by clicking "Tools", "Options" and "Privacy", then selecting "Use custom settings for history" from the drop-down menu, clicking "Show Cookies", and then clicking "Remove All Cookies"; and
  3. In Chrome (version 44), you can delete all cookies by accessing the "Customise and control" menu, and clicking "Settings", "Show advanced settings" and "Clear browsing data", and then selecting "Cookies and other site and plug-in data" before clicking "Clear browsing data".


The ROA website collects data about your activities that does not personally or directly identify you when you visit. This information may include the content you view, the date and time that you view this content, any services you purchase, or your location information associated with your IP address. This information is collected via services provided by Google, Instagram, Twitter and Facebook who will also use cookies, stored on your computer to serve and display ROA adverts on other websites that you visit thereafter across the internet (this is called re-marketing or re-targeting).

You can opt-out of the use of cookies for this kind of service by visiting the following sites/using these instructions:

Google -

Facebook - To opt out of Facebook showing you targeted ads from other sites, or from seeing Facebook’s ads on other sites, open your Facebook page and click “settings,” and then “ads.”

Then click on the “ads based on my use of websites and apps” setting and press the “choose setting” button and select “off.”

Twitter – If you do not want Twitter to show you interest-based ads on and off of Twitter, there are several ways to turn off this feature:

  • Using your Twitter settings, visit the Personalization and data settings and adjust the setting Personalize ads.
  • If you are on the web, you can visit the Digital Advertising Alliance’s consumer choice tool at to opt out of seeing interest-based advertising from Twitter in your current browser.


Go to your ad preferences on Facebook to control how we use information from partners to show you ads across Instagram and other Facebook Company Products. If we can determine you've made a choice on other Facebook Company accounts that you use, we'll apply your ads preferences to them as well. To make sure your ad preferences are applied, connect your Instagram account to your Facebook account. Learn more about how advertising works on Facebook.


You may find the following link useful - Network Advertising Initiative opt out page.

Social Buttons

Visitors may use these to bookmark or share our web pages. There are buttons for: Twitter Share, Facebook Share and Google Plus. These work using scripts from domains outside of The ROA and it is likely those sites will collect their own information about what you are doing. You should review the policies of each of these sites to see how they use your information and to find out how to opt out, or delete, such information.

Social Media Contact with the ROA: We use Twitter. If you intend to post a comment on our Twitter feed, Twitter will require you to set up your own account. Please review the Twitter privacy notice to see how it uses your information and to find out how to opt out, or delete, such information. Direct messages sent to The ROA’s Twitter account will be deleted after 1 year.

Your privacy rights explained

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you free of charge
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review: in the event that The ROA refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below

All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.


Other websites

On occasion our website will contain links to other websites. This privacy policy only applies to the ROA’s website. When you link to other websites you should read their own privacy policies.

Changes to our privacy policy

We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated on September 28, 2020

How long we keep your personal data

How long we keep information collected about you

Any information provided by you will be retained for as long as necessary in connection with the purposes for which it was provided, for example, to respond to your enquiry. In respect of any contact information stored within our customer relationship management (CRM) system, we will delete your details upon request, or where we have not had any further communication with you within a period of 3 years.

If you are a ROA member and your membership lapses, your membership profile and details of financial transactions made with the ROA, will be retained for 3 years. If you decide to rejoin, your original profile will be made active again, if still on record.

Any information collected about you or your activity through the use of cookies will be retained for the time periods set out in the above table.

In any case, once we have processed any information about you in connection with the purposes for which it was provided or collected, we will securely delete or anonymise (to the extent such information was capable of identifying you in the first instance) such information upon expiry of the above time periods.

How to contact us in regards your rights, or to make a complaint

In the event that you wish to make a complaint in regards to how your personal data is being processed by the ROA (or the third parties above), please contact the ROA’s data protection representative, if you are unhappy with how your complaint has been handled, you have the right to lodge a complaint directly with the ICO.


Data Protection Representative contact details

Contact Name:

Data Protection Representative

Address line 1:

12 Forbury Road

Address line 2:


Post Code:




01183 385 680