This Privacy Policy explains how World Iconic Events LLC (“WIE”, “we”, “us”, “our”) collects, uses, shares, and protects personal data in connection with our events, websites, and communications. It applies to World Iconic Events LLC and all event brands operated by us, including Burj2Burj, Ultra Trail Dubai and Antarctica OCR, and any future event brands we may introduce.

Please read this Policy carefully. By registering for our events, subscribing to our communications, or using our websites, you confirm that you have read and understood this Policy. Where we rely on your consent to process your data, we will ask for it separately at the point of collection.

1. Who We Are

1.1 The data controller responsible for your personal data is World Iconic Events LLC, a company registered in Dubai, United Arab Emirates.

1.2 For all privacy enquiries, including data subject requests and complaints, contact us at team@worldsiconic.com.

1.3 This Policy applies to all websites, registration platforms, communications, and on-site activities operated by WIE in connection with our events.

2. Scope

2.1 This Policy applies to:

• Participants who register for any WIE event;
• Spectators, volunteers, and visitors at any WIE event;
• Subscribers to our newsletters and marketing communications;
• Visitors to our websites and digital platforms;
• Applicants to our ambassador, media, partner, charity, run club, or volunteer programmes;
• Parents and guardians registering a child for a children’s event.

2.2 References in this Policy to “you” and “your” apply to all of the above.

3. Personal Data We Collect

We collect personal data in the following categories. Not all categories apply to every interaction — for example, medical and timing data are collected only for registered Participants of timed races.

Identity and contact data

• Full name, date of birth, age, gender, nationality, country of residence;
• Email address, phone number, postal address;
• Emergency contact name and phone number.

Registration and transactional data

• Race entry details, including event, distance, category, pace batch, and bib number;
• Payment information (card details are processed directly by our payment provider; we do not store full card numbers on our systems);
• Order history, refunds, transfers, and deferrals;
• Discount or promotional code usage.

Race and performance data

• Timing data, including start time, split times, finish time, and pace;
• Race results and ranking information;
• Photographs and video footage captured at the Event.

Health and safety data

• Self-declared medical alerts, conditions, and allergies relevant to participation;
• Medical certificates submitted in support of deferral requests;
• Records of medical treatment received during the Event;
• Records of any safety incident in which you were involved.

Marketing and engagement data

• Newsletter subscription status and email engagement data (opens, clicks);
• Survey responses and feedback;
• Submissions to ambassador, media, charity, partner, or volunteer programmes.

Technical and website data

• IP address, device type, browser type, and operating system;
• Pages visited, time on site, referral source, and other analytics data;
• Cookie and similar tracking data — see Section 12.

4. How We Collect Personal Data

4.1 We collect personal data in the following ways:

• Directly from you, when you register for an event, subscribe to communications, complete a form, contact us, or interact with our websites;
• From third parties, including registration platforms, payment providers, timing providers, photography providers, and partner organisations who register Participants under their allocation;
• Automatically, when you visit our websites, through cookies and similar technologies (see Section 12);
• From parents or guardians, where a child is being registered for a children’s event.

5. Lawful Basis for Processing

Under applicable data protection law, including UAE Federal Decree-Law No. 45 of 2021 (the UAE Personal Data Protection Law) and, where it applies to you, the UK General Data Protection Regulation and the EU General Data Protection Regulation, we are required to identify a lawful basis for each purpose for which we process your data. We rely on the following lawful bases:

Performance of a contract

To register you for an event, take payment, deliver race-day services, issue results, and meet our commitments to you under the event Terms & Conditions.

Compliance with a legal obligation

To comply with applicable law, including data protection law, tax record-keeping obligations, and to share information with police, medical authorities, or other competent authorities where required.

Legitimate interests

To operate our events safely, prevent fraud and Bib swapping, publish race results, conduct post-event analysis, market similar future events to past Participants, and protect our commercial and reputational interests. Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You may object to processing on this basis at any time — see Section 14.

Consent

For newsletter sign-ups by individuals who are not past Participants, marketing to leads, optional features such as photo tagging, and any other processing where we ask for your specific consent. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

6. How We Use Your Personal Data

6.1 We use personal data for the following purposes:

• Processing your event registration and payment;
• Issuing your bib, timing chip, and race-day instructions;
• Operating safety, medical, and emergency response on race day;
• Capturing and publishing official race results and timing data;
• Producing and distributing official event photography and video;
• Communicating with you about events you have registered for, including logistics, schedule changes, and post-event information;
• Sending marketing communications about future events and related offers — see Section 11;
• Operating loyalty, ambassador, charity, partner, run club, and volunteer programmes;
• Improving our events, websites, and services through analytics and feedback;
• Detecting and preventing fraud, Bib swapping, and other prohibited conduct;
• Complying with applicable law and responding to lawful requests from authorities.

7. Sharing Your Data With Third Parties

7.1 We share personal data only where necessary and only with categories of third parties listed below. We do not sell personal data to anyone, and we do not share it for third-party advertising.

7.2 Categories of third parties with whom we share data:

• Registration and ticketing platform providers, who host registration data on our behalf;
• Payment service providers, who process card transactions on our behalf;
• Email marketing service providers, who deliver our communications;
• Timing service providers, who capture and process race-day timing data;
• Photography and videography providers, who capture and supply event imagery;
• Website analytics and tag management providers, who help us understand how our websites are used;
• Sponsors, charity partners, run clubs, and group coordinators, where you have registered through one of their allocations — limited to the data necessary for them to administer that allocation;
• Medical and emergency services, where required for your safety or the safety of others;
• Government authorities, including police, civil defence, and licensing authorities, where required by law or for the lawful operation of the Event;
• Professional advisers, including legal, accounting, and insurance advisers, where reasonably necessary.

7.3 Where we engage a third-party processor, we put in place a written agreement that requires them to protect your data, use it only for the purposes we instruct, and meet appropriate security standards.

7.4 Race results, including your name, nationality, age category, and finish time, are published as part of the official event record and may be publicly accessible online indefinitely. You may request anonymisation of your published result — see Section 14.

8. International Data Transfers

8.1 Some of our service providers operate outside the United Arab Emirates. As a result, your personal data may be transferred to, stored in, and processed in countries other than the country in which you reside, including in the European Union, the United Kingdom, and the United States.

8.2 Where we transfer your personal data outside the United Arab Emirates, we put in place appropriate safeguards as required by UAE Federal Decree-Law No. 45 of 2021. Where the transfer is from the United Kingdom or European Economic Area, we also put in place safeguards required by the UK GDPR or EU GDPR, including standard contractual clauses or other approved transfer mechanisms.

8.3 You may request further information about our international transfer arrangements by contacting us at team@worldsiconic.com.

9. How Long We Keep Your Data

9.1 We retain personal data only for as long as necessary for the purposes for which it was collected, including any retention required by law. The following retention periods apply:

Registration and transactional data

Retained as part of the official event record indefinitely, from the date of the relevant Event.

Race results and timing data

Published as part of the official event record indefinitely. You may request anonymisation of your published result — see Section 14.

Health and safety data

Retained as part of the official event record indefinitely, from the date of the relevant Event, to allow for any subsequent medical, insurance, or legal enquiry.

Marketing data

Retained until you ask us to delete it. We do not automatically delete marketing data after a fixed period. You may unsubscribe from any marketing email at any time using the link in the email, or by contacting team@worldsiconic.com to request full deletion of your marketing record.

Website analytics and cookie data

Retained for the period set out in Section 12 and in our cookie settings.

Programme and application data

Ambassador, media, charity, partner, and volunteer applications: Retained as part of the official event record indefinitely, from the date of the relevant Event.

10. Children’s Data

10.1 Some of our events include formats designed for children. We collect and process personal data about children only where a parent or legal guardian has registered the child and provided consent on the child’s behalf.

10.2 When registering a child for one of our events, the parent or legal guardian will be asked to:

• Confirm they are the parent or legal guardian of the child and have legal authority to register them;
• Consent, on behalf of the child, to the processing of the child’s data as described in this Policy;
• Provide their own contact details, which we use as the primary contact for the registration.

10.3 We collect only the minimum personal data necessary to deliver the children’s event safely. This is limited to the child’s first name, last name, date of birth, t-shirt size, and any medical alerts or allergies relevant to participation.

10.4 We do not collect an email address from a child, do not enrol a child in any marketing list, and do not send marketing communications to a child.

10.5 A parent or legal guardian may at any time request access to, correction of, or deletion of their child’s personal data by contacting team@worldsiconic.com.

11. Marketing & Communications

11.1 We send two types of communications:

• Service communications: directly related to an Event you are registered for, including registration confirmation, race-day logistics, schedule changes, results, and post-event information. These are not marketing and you cannot opt out of them while you are registered for an Event.
• Marketing communications: about future events, registration windows, training content, partner offers, and similar topics. You can opt out of these at any time.

11.2 Past Participants of any WIE event may receive marketing about similar future events on the basis of our legitimate interest. You may opt out of these communications at any time using the unsubscribe link in any marketing email, or by contacting team@worldsiconic.com.

11.3 Newsletter subscribers, leads, and other individuals who are not past Participants will receive marketing only where they have given explicit consent at the point of sign-up.

11.4 An opt-out from marketing does not prevent us from sending you service communications about an Event you are currently registered for.

12. Cookies & Similar Technologies

12.1 Our websites use cookies and similar technologies to operate the site, remember your preferences, measure performance, and support marketing. Cookies are small text files placed on your device when you visit a website.

12.2 We use the following categories of cookies:

• Strictly necessary cookies: required for the website to function, including session management and security.
• Performance and analytics cookies: help us understand how visitors use our websites, so we can improve them.
• Functional cookies: remember your choices and preferences.
• Marketing and advertising cookies: used to measure marketing effectiveness and to deliver relevant content. These are set only where you have given consent through our cookie banner.

12.3 You can manage cookie preferences at any time using the cookie settings on our websites, or by adjusting your browser settings. Blocking strictly necessary cookies may affect website functionality.

13. How We Protect Your Data

13.1 We apply technical and organisational security measures appropriate to the sensitivity of the data we hold, including:

• Encryption of data in transit;
• Restricted access to personal data on a need-to-know basis;
• Written data processing agreements with all third-party processors;
• Regular review of our security and data handling practices.

13.2 No system is completely secure. If we become aware of a personal data breach affecting your data, we will notify you and the relevant supervisory authorities where required by law, in the manner and timeframes required by the applicable data protection regime.

13.3 You are responsible for keeping your registration account credentials secure and for notifying us promptly if you suspect unauthorised access to your account.

14. Your Rights

14.1 Subject to applicable law, you have the following rights in relation to your personal data:

• Right of access: to obtain a copy of the personal data we hold about you.
• Right to rectification: to ask us to correct inaccurate or incomplete data.
• Right to erasure: to ask us to delete your data, subject to any legal retention obligations.
• Right to restriction: to ask us to limit how we use your data.
• Right to object: to object to processing based on legitimate interests, including direct marketing.
• Right to data portability: to receive a copy of certain data in a structured, commonly used format.
• Right to withdraw consent: where we process data on the basis of your consent.
• Right to anonymisation of published results: to ask us to remove your name from publicly searchable race results.

14.2 Some of these rights apply only in certain circumstances and may be subject to exceptions under applicable law. For example, we may not be able to delete data we are required to keep for tax or insurance purposes.

15. How to Exercise Your Rights

15.1 To exercise any of your rights, contact us at team@worldsiconic.com. Please include enough information to allow us to identify your record. We may ask you to verify your identity before responding.

15.2 We will respond within thirty (30) calendar days of receipt, or such longer period as may be permitted by applicable law where the request is complex.

15.3 There is no fee for exercising your rights, except where the request is manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or refuse to act on the request, as permitted by law.

16. Complaints

16.1 If you have a concern about how we have handled your personal data, we encourage you to contact us first at team@worldsiconic.com so we can address it.

16.2 You also have the right to lodge a complaint with the relevant data protection authority:

• United Arab Emirates: the UAE Data Office, established under UAE Federal Decree-Law No. 45 of 2021.
• United Kingdom: the Information Commissioner’s Office (ico.org.uk).
• European Economic Area: your local data protection supervisory authority.

17. Changes to This Policy

17.1 We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The latest version will always be available on our websites with an updated effective date.

17.2 Where the changes are material, we will take reasonable steps to notify you, including by email where appropriate. Your continued use of our services after the effective date of an update constitutes acceptance of the updated Policy.

18. Contact Us

18.1 For all privacy enquiries, including data subject requests, complaints, and questions about this Policy, please contact:

World Iconic Events LLC

Email: team@worldsiconic.com

Dubai, United Arab Emirates

Worlds Iconic Events LLC © 2026