Horseracing Integrity and Safety Authority

Last Updated: June 29, 2022

Your privacy is important to us. This Privacy Policy applies to HISAUS.ORG, HISAUSREGS.ORG and

HISAUSAPPS.ORG (each a “Website” and collectively, the “Websites”) and all services provided through

the Websites, including without limitation, all mobile, tablet and other smart device applications and

application program interfaces and associated services (collectively, the “Service”).

Horseracing Integrity and Safety Authority, Inc., the operator of this website (“we”, “us”, “our” or “the

Authority”). is a not-for-profit organization with the purpose of developing and implementing a horseracing

anti-doping and medication control program and a racetrack safety program for covered horses, covered

persons and cover racetracks. The Authority was created pursuant to the Horseracing Safety and Integrity Act

of 2020 (the “Act”).

We provide this Privacy Policy to disclose how we collect and use information that you provide to us, as well

your rights to access, update and delete your data. To that effect, this Privacy Policy covers the following

topics:

• What Data Do We Collect and How Do We Collect It?

• How Will We Use Your Data?

• How Do We Share Your Data?

• How Do We Protect and Store Your Data?

• What Are Your Data Protection Rights?

• Other Terms & Conditions.

• Contact Us.

Please read this Privacy Policy carefully and contact us with any questions at any time. You acknowledge

that this Privacy Policy is part of our Terms and Conditions of Use, and by accessing or using our Service,

you agree to be bound by all of its terms and conditions. If you do not agree with the terms, your choice is

not to use our Service. By using the Service, you consent to all of the terms and conditions of this Privacy

Policy and our collection, storage, use and disclosure of your information as described in this Privacy Policy.

If you would like to exercise any of the rights available to you with respect to the collection, processing

and storage of your personal information please send us an email communication with your specific

request to: legaldepartment@hisaus.org.

What Data Do We Collect and How Do We Collect It?

Personal information as used in this Privacy Policy is information that alone, or when combined with other

information, identifies or reasonably can be used to identify you. The types of personal information we collect

may include, but is not limited to:

• Names, dates of birth and contact information (e.g. addresses, email addresses, telephone numbers,

etc.);

• Usernames or passwords;

• Horseracing industry related information;

• IP addresses;

• Internet activity or network activity related to you use of our Websites, including information from

registration or forms you complete or partially complete;

• Information generated by your receiving, opening or taking action on any email we send to you; and

• Information relating to enforcement actions, injury, horse medication and health and other sensitive

information.

− Information You Choose to Provide. We collect and store any information that you enter on the Service

or provide to us in any other way. Examples include: your name, mailing address and email address;

your phone number or fax number; unique identifiers such as a user ID or password; or demographic

information, such as your date of birth or age.

− Information from Mobile Devices. If you access the Service on a mobile device or through a mobile

application, we may receive information about your equipment, including without limitation, your

mobile device identifier and/or IP address, the name you have associated with your device, device type,

telephone number, country and geolocation.

− Payment Transaction Information. If you purchase an item through the Service or pay any fines or fees

in connection the Authority’s regulatory obligations, we may collect information related to your

payment transactions, including the payment instrument used, date and time, payment amount, payment

instrument expiration date and billing postcode, IBAN information, your address and other related

transaction details.

− Automated Information Collection. We or our service providers may use automated technologies,

which include, but are not limited to, “cookies” (text files placed by a Website’s server on a visitor

computer hard drive) and similar technologies, such as “flash cookies” (local stored objects not

managed by the same browser settings as browser cookies), “web beacons” (small electronic files also

referred to as clear gifs, pixel tags and single-pixel gifs that permit us to count users who have visited

a page or opened an e-mail), and other identifiers to collect information about your use of the Service,

the content you viewed, and information about your browser or device. For further information on

automated data collection technologies, including how to remove them from your browser, visit the

“What Are Your Data Protection Rights?” section of this Privacy Policy.

− Third Party Automated Information Collection. Some content or applications, including

advertisements, on the Service are served by third-parties, including advertisers, ad networks and

servers, content providers and application providers. These third parties may use cookies alone or in

conjunction with web beacons or other tracking technologies to collect information about you when

you use our Service. The information they collect may be associated with your personal information or

they may collect information, including personal information, about your online activities over time

and across different websites and other online services. They may use this information to provide you

with interest-based (behavioral) advertising or other targeted content. We do not control these third

parties’ tracking technologies or how they may be used. If you have any questions about an

advertisement or other targeted content, you should contact the responsible provider directly.

− Aggregate Information. We or our service providers may also use automated technologies to collect

information that is not personally identifiable, such as information about your online activities across

third-party websites or other online services, advertising, demographic and other analytic data. In

addition, we expect to collect and aggregate information for research, studies, monitoring the industry

and other purposes.

How Will We Use Your Data?

We use information collected for regulatory purposes under the Act. The Authority, our affiliates and third-

party service providers may use, store and process information collected as follows:

− To perform our legal and regulatory duties and responsibilities, including maintaining the registration

and reporting for the horseracing anti-doping and medication control program and the racetrack safety

program and the related enforcement program.

− To enable you to access the Service and/or your registration under the Service.

− Process and manage your registration.

− To enhance and develop your experience on the Websites, such as by using cookies and similar

technologies to recognize you and remember and automatically employ your previously selected

preferences.

− To carry out our obligations and enforce our rights arising from any contracts entered into between you

and us, including but not limited to providing access to the Service or to your registration.

− To provide information or services you have requested.

− To allow you to participate in interactive features on the Service.

− To detect and prevent fraud, spam, abuse, security incidents and other harmful activity.

− To conduct security investigations and risk assessments.

− To verify or authenticate information or identifications provided by you.

− To comply with our legal obligations.

− To resolve any disputes with any of our users and enforce our agreements with third parties.

− To enforce our Terms of Use and other policies.

− To fulfill any other purpose that you might request upon you consenting to our use of your personal

information or data for such purpose if possible.

We process your information for the purposes listed in this section given our legitimate interest in protecting

our Service, to measure the adequate performance of our contract with you, to comply with applicable laws,

and to provide information relating to our programs as allowed or required under the Act.

How Do We Share Your Data?

We do not sell, trade or rent your personal information to any third parties. By uploading information to a

Website or otherwise providing information to us through the Service, you expressly consent to our use of

your information in the performance of our regulatory duties. In addition, we do not disclose your information

without your consent except as follows:

− Performance of Regulatory Duties. We will disclose your personal information and any other information

collected by the Service with third-parties as necessary to perform our legal and regulatory duties and

requirements.

− Service Providers. We may employ businesses and individuals to perform functions on our behalf. Any

service provider employed on our behalf may have access to personally identifiable information needed

to perform their functions with their use of nonpublic personal information limited to that necessary to

provide the service to the Authority. The typical functions a service provider may perform include,

without limitation, website maintenance, fulfilling orders, site analysis, analyzing data, processing credit

card payments and providing customer service.

− Aggregate Information. We may share aggregate information, such as statistics or studies based on

information collected or demographics and site usage statistics, with other organizations or the public.

When this type of information is shared, the other parties do not have access to your personally

identifiable information; however, we may maintain or associate this information with personal

information about you that we collect from other sources or you provide to us.

− Transfers. In the event that our assets are sold or transferred to another party, or another transaction

occurs in which your personally identifiable information is one of the items transferred, all personally

identifiable information that has been collected and saved may be one of the items we transfer. We will

post a notice on the Website in the event of such a transfer.

− Legal Compliance. We will disclose your personal information and any other information collected by

the Service to law enforcement agencies and other third parties without notice to you if necessary to

comply with applicable law, to investigate suspected fraud, harassment or other violations of applicable

law or of our Service policies, to protect ours or a third parties’ rights, or to protect the rights of other

visitors.

− When You Consent. Other than as described above, your personal information will not be used or

processed without your express written consent.

How Do We Protect and Store Your Data?

We incorporate reasonable safeguards to protect the security, integrity, completeness, accuracy and privacy

of the personal information that we may collect. We are continuously implementing and updating our

administrative, technical and physical security measures to help protect your information against

unauthorized access, loss, destruction or alteration. We will retain your information for as long as your

account is active or as needed to fulfill the purposes or the Act and as outlined in this Privacy Policy, unless

a longer retention period is required or permitted by law.

What Are Your Data Protection Rights?

Every user of the Service is entitled to the rights set forth in this section. You may exercise any of the rights

described in this section by sending us a communication with your request to legaldepartment@hisaus.org,

or by following any specific instructions listed below. Please note that we may ask you to verify your identity

before taking further action on your request.

− Withdrawing Your Consent. Where you have provided your consent for us to process your personal

information for any of the purposes set forth in this Privacy Policy, you may withdraw such consent at

any time by sending an email specifying which consent you are withdrawing. Please note that the

withdrawal of your consent does not affect the lawfulness of any processing activities based on such

consent before its withdrawal and that information previously collected will be maintained so long as

required in connection with the Act or underlying regulations.

− Marketing. If you have agreed to receive marketing or promotional materials from us or any of our

affiliates or corporate partners, you may always opt out and indicate your desire to no longer receive

such materials by sending as an email communication with your request. Upon receipt of your request,

we will no longer contact you for marketing or promotional purposes, nor will we give your data to our

affiliates or corporate partners for use in any similar manner.

− Tracking Technologies. You can set your browser to refuse all or some cookies and similar data

collection technologies, or to alert you when cookies and similar technologies are being used. To learn

how you can manage your cookie settings, visit your website browser’s settings. If you disable or refuse

cookies and similar tracking technologies, please note that some parts of this Service may be inaccessible

or not function properly as a result.

− Third Party Tracking Technologies and Advertising. We do not control the manner in which third

parties’ may collect your personal information when you are using the Service. If you choose not to have

your information collected or used by a third party website or service, you may set your browser to

refuse all or some cookies, pixels or similar automated data collection technologies. If you have any

questions about an advertisement or other targeted content, you should contact the responsible provider

directly. For more information on how to manage cookies, pixels and similar automated data collection

technologies, visit the settings display in your web browser. In addition, you can opt out of receiving

targeted ads from participating ad networks, audience segment providers, ad serving vendors, and other

service providers by visiting websites operated by the Network Advertising Initiative and Digital

Advertising Alliance.

− Objection to Processing. Applicable law may entitle you to require us not to process your personal

information for certain specific purposes (including profiling). If you object to such processing, we will

no longer process your personal information for these purposes unless we can demonstrate compelling

legitimate grounds for such processing or such processing is required for the establishment, exercise or

defense of legal claims.

− Data Access and Portability. You may request copies of personal information that you have provided

to us in a structured, commonly used and machine-readable format and/or request us to transmit this

information to another service provider (where technically feasible).

− Rectification of Inaccurate or Incomplete Information. You have the right to ask us to correct inaccurate

or incomplete personal information concerning you (and which you cannot update yourself within your

account settings).

− Data Retention and Erasure. We generally retain your personal information for only as long as is

necessary for the performance of the contract between you and us and to comply with our legal

obligations. If you no longer want us to use your information, you can request that we erase your personal

information and close any accounts created through the Service by sending us an email with your request.

Please note that if you request the erasure of your personal information:

▪ We may retain some of your personal information as necessary for our legitimate business

interests, such as complying with our responsibility under the Act or fraud detection and

prevention and enhancing safety.

▪ We may retain and use your personal information to the extent necessary to comply with our

legal obligations, such as for tax, legal reporting and auditing obligations.

▪ Because we maintain the Service to protect from accidental or malicious loss and destruction,

residual copies of your personal information may not be removed from our backup systems

for a limited period of time.

− Lodging Complaints. You have the right to lodge complaints about the data processing activities carried

out by the Authority to the appropriate data protection authorities.

If you would like to exercise any of these rights, please send us an email communication specifying

which right you would like to exercise to: legaldepartment@hisaus.org.

Other Terms and Conditions.

− Third Party Websites. The Service may contain links to third party websites that we do not control.

When you click one of these links, the collection and use of your information will no longer be governed

by the terms of this Privacy Policy. This may include links from advertisers, sponsors and marketing

partners, and these third parties may use our logos as part of a sponsorship agreement. These other

websites may send their own cookies to you, independently collect data or solicit personal information

and may or may not have their own published privacy policies. If you visit a website that is linked to the

Service, you should consult that website’s privacy policy before providing any personal information.

We do not have any control over third party websites and are not liable to you for any claims that may

arise from your use of third party websites.

− Information You Make Public. The Service, including pages available on our website through social

networking sites, may have features that allow you to post information that can be viewed by other

visitors, such as commenting, chat rooms, forums and message boards. You are not required to provide

any personal information when using these features, but you may choose to do so. If you post personal

information online, it will be publicly available and you may receive unsolicited messages from other

parties. In addition, when you post a comment to a mobile application, the user name with which you

registered for the Service and your current location may be made publicly available on the Service and

through the mobile application. We cannot ensure the security of any information you choose to make

public using these features, and it may remain available indefinitely. Also, we cannot ensure that parties

who have access to such publicly available information will respect your privacy. Please exercise caution

when deciding to disclose personal information in these areas.

− Our Policies Concerning Children. Our Service is not intended for children under the age of 18 and we

do not knowingly collect any personal information from children under the age of 18. In the event that

we learn that we have inadvertently gathered personal information from a child under the age of 18, we

will take reasonable measures to promptly erase such information from our records.

− Your California Privacy Rights. California Civil Code Section 1798.83 permits users of the Service

who are California residents to request certain information regarding our disclosure of personal

information to third parties for their direct marketing purposes. To make such a request, please send us

an email communication in the manner set forth in the Contact Us Section of this Privacy Policy.

− Changes to this Privacy Policy. We reserve the right to amend, modify or update this Privacy Policy at

any time in accordance with this provision. If we make changes to this Privacy Policy, we will take

reasonable measures to notify you of the revised Privacy Policy on the Service and update the “Last

Updated” date at the top of this Privacy Policy.

If you have any questions about or comments regarding this Privacy Policy, or if you would like to exercise

any your rights as set forth herein, please contact us at legaldepartment@hisaus.org.

Any user of this Service may, at any time, contact us directly with questions and suggestions concerning the

terms of this Privacy Policy. In the event of a privacy related issue or complaint, we will investigate and

attempt to promptly resolve any issues and complaints regarding our collection and use of information under

this Privacy Policy.