1. Importance of your Privacy
At Race Roster, your privacy is of great importance to us. We understand that you entrust us with certain personal data when using our website (raceroster.com) and related services such as Salesforce ® (collectively “the Platform”).
2. Who We Are and Getting in Touch
The Platform is owned and operated by Race Roster, (hereinafter referred to as “Race Roster,” or “we” or “us” or the “Company”). Race Roster operates collectively under the corporate names of Race Roster USA Inc., and Fast North Corp.. If you have any privacy concerns or questions at any time, please do not hesitate to email us at firstname.lastname@example.org, or via mail at Race Roster, 4281 Express Lane, Suite M9706, Sarasota, Florida, United States, 34249 or Race Roster, 103 King St. London, Ontario, Canada, N6A 1C1, Attention: Privacy Officer.
EU residents may also exercise their data subject rights by contacting our Privacy Officer, who is also Race Roster’s Data Protection Officer (see Section 9 of this policy: GDPR Compliance at Race Roster).
3. What Information is Collected About Me?
“Personal data” is any information about an identifiable individual that is collected from users of and/or visitors (“you” or “your”) to the Platform, including:
i. registered users who are event managers and planners (“Managers”)
ii. users who want to purchase event entries, goods and services, register for or donate to events (whether free or paid) listed by Managers on the Platform (“Registrants”), and
iii. other non-Manager users, or visitors, to the Platform (“other non-managers”).
When you interact with us through the Platform, we may collect Personal Data and other information from you or someone on your behalf, as further described below:
3.1. Personal Data
Log in: To log in to the Platform, you must select a username and password or use Facebook for social sign in. The password you select is stored hashed, such that it remains unknown even to Race Roster, and if using social sign in, none of your Facebook profile information is collected by Race Roster. We also collect your IP address or unique device identifier in order to investigate any suspicious use of the Platform.
Managers: We collect Personal Data from you when you voluntarily provide such information to the Platform, such as when you register for access to the Platform as a Manager, contact us with inquiries, or use the Platform to manage an event or activity. The Personal Data we collect includes without limitation your name, address, email address, phone number and other personally identifiable information. In addition, if you use our payment processing services, we will collect financial information from you (e.g., your bank account information or an address) as necessary to facilitate payments and information required for tax purposes (e.g., your taxpayer identification number).
3.2. Non-Personal Data:
Non-Identifiable Data: When you interact with the Platform, we collect certain personally non-identifiable information (“Non-Personal Data”). The Non-Personal Data we collect includes without limitation, characteristics of your device and software, Internet browser type, domain names of your Internet Service Provider, your approximate geographic location, a record of your usage of the Platform, including the time of your usage and how long you stayed. Such information, which is collected passively using various technologies, cannot, in and of itself, be used to specifically identify you. We also collect Non-Personal Data (including, without limitation, of the type set forth above) from third parties. The information we collect from third parties may be combined with the information we collect.
Cookies and Other Session Identifiers: In operating the Platform, we use “cookies” which are small text files placed on the internal storage of your device when you access the Platform. Our cookies help provide additional functionality to the Platform and help us analyze service usage more accurately. For instance, our Platform may set a cookie through your browser that allows you to access the Platform without needing to remember and then enter a password more than once during a visit. These cookies may be used to tailor content (including advertising) you see on the Platform as well as other Internet sites that you may visit in the future. Cookies are also used for website usage analytics so we have an understanding of how our Platform is used and how it can be improved. Cookies may be session cookies (i.e., last only for one browser session) or persistent cookies (i.e., continue in your browser until they are deleted or expire). Note that since cookies are only text files, they cannot run on your device, search your device for other information or transmit any information to anyone.
Through your web browser’s preference settings you may be able to:
i. receive notifications when you are receiving new cookies
ii. disable cookies, and/or
iii. delete cookies
Please refer to your web browser’s help section for information on how to do this. We recommend that you leave cookies turned on because they allow you to take advantage of some of the features of the Platform. For more information about the cookies used and set by Race Roster visit our Cookie Statement
4. How is my Personal Data Used?
Specific Reason: If you provide Personal Data for a certain reason, we may use the Personal Data in connection with the reason for which it was provided. For instance, if you contact us by email, we will use the Personal Data you provide to answer your question or resolve your problem and will respond to the email address from which the contact came. If you provide credit card information, or other financial account information, we will use it to process payments through payment processing providers. Payment processors will comply with payment card industry (“PCI”) standards for data security and privacy.
Access and Use: If you provide Personal Data in order to obtain access to or use of the Platform or any functionality thereof, we will use your Personal Data to provide you with access and monitor your use of the Platform.
Data Linkage: Personal Data may be used to link data points and provide Registrants with additional value. For example, bib numbers may be used to link images to Registrant profiles. Race Roster makes best efforts to ensure the accuracy of any such data linkage.
Internal Business Purposes: We may use your Personal Data for internal business purposes, including without limitation, to help us improve the content and functionality of the Platform, to better understand our users, to protect against, identify or address fraudulent or inappropriate activities, to enforce our Terms of Service, to manage your account and provide you with customer service, and to generally manage the Platform and our business.
Marketing and Communications: We may use your Personal Data to contact you in the future for our marketing and advertising purposes, including without limitation to inform you about services or events we believe might be of interest to you, to develop promotional or marketing materials and provide those materials to you, and to display content and advertising on or off the Platform that we believe might be of relevance to you. Note that any automated data collection does not lead to profiling that significantly affects Platform users, but is simply used to give Race Roster a clear picture of its users or to provide special offers to Platform users. Note that consent for receiving marketing and communication from Race Roster can be removed at any time.
5. Who is my Personal Data Shared With?
Agents, Consultants and Service Providers: We, like many businesses, sometimes engage other companies to perform certain business-related functions. Examples of such functions include mailing information, hosting and maintaining databases and processing payments. When we engage another company to perform such functions, we may provide them with information, including Personal Data, in connection with their performance of such functions. In working with service providers, your Personal Data may be transferred to a foreign jurisdiction to be processed or stored. Such data may be provided to law enforcement or national security authorities of that jurisdiction upon request, in order to comply with foreign laws
Third Parties: We may sell or share the Personal Data of American residents or residents of other jurisdictions where consumer contact information may be sold to third parties without explicit consent, including third party advertisers of consumer brands such as, but not limited to, those relating to athletic apparel or health & fitness, whom we think may provide products or services that may be of interest to you. If we do so, we will always ask such third parties to provide you an opportunity to opt out from receiving such communications.
Legal Requirements: We may disclose your Personal Data if required to do so by law (including, without limitation responding to a subpoena or request from law enforcement, court or government agency) or in the good faith belief that such action is necessary to:
i. comply with a legal obligation;
ii. protect or defend our legal rights, interests or property or that of users of the Platform;
iii. act in critical circumstances to investigate wrongdoing in connection with the Platform; or
iv. protect the personal safety of users of the Platform or the public.
6. How is my Personal Data Kept Secure?
Race Roster has implemented critical physical, organizational and technical measures to guard against unauthorized or unlawful processing of the data we collect. We have also taken steps to avoid accidental loss or destruction of, or damage to, your Personal Data. While no system is completely secure, the measures implemented by Race Roster significantly reduce the likelihood of a data security breach.
In addition, we recommend that you do your part in protecting yourself from unauthorized access to your Race Roster account by ensuring no one else uses your computer or device when you are logged in, by logging off when you are not using the Platform and by keeping your password confidential. Race Roster is not liable for any unauthorized use of your personal information that is beyond our reasonable control.
Here are some examples of the data security controls in place at Race Roster (this is not an exhaustive list):
- The use of encryption when personal information is transferred to and stored on Race Roster’s servers. Transmission between your browser and our web server is implemented using Secure Sockets Layer (SSL) technology;
- Limited access to personal information by Race Roster staff on a need-to-know basis, and the use of robust authentication processes;
- The use of data centers with effective physical and logical data security controls, and the use of reputable third parties who have demonstrated security consciousness; and
- Secure office premises and staff that are keenly aware of their data protection responsibilities.
No method of transmitting or storing data is 100% secure. As a result, although we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us. If you have reason to believe that your Race Roster account is no longer secure (for example, if you feel that the security of your account has been compromised), you must immediately notify us of the problem at email@example.com in order for Race Roster to resolve the issue in a timely manner. Also keep in mind that e-mail is not a secure form of communication so never send sensitive personal information to us via e-mail. Examples of sensitive information include social insurance numbers or credit card numbers.
7. Children Under Thirteen:
The Race Roster Platform is neither designed nor intended to collect Personal Data directly from children who are under the age of thirteen (13).
8. How Long is my Personal Information Retained?
Personal information that is no longer required for administrative or business purposes, and that does not need to be archived by Race Roster, will be overwritten or scrambled such that it no longer identifies the Race Roster user. Keep in mind however that third parties who store data on our behalf have their own retention rules.
9. GDPR Compliance at Race Roster
Under the General Data Protection Regulation EU/2016/679 (GDPR), a Data Controller determines the purposes and means of the processing of Personal Data. Race Roster remains the Controller of all Personal Data provided by a data subject to and stored in the Platform, including the data of Registrants, Managers and Related Parties. Thus, we take accountability for the security and use of such data when sending confirmations, processing payments and generally assisting Managers and Related Parties plan and manage their event (for example, providing event reports, using analytics to gain insights into the effectiveness of various sales channels, marketing the event, obtaining event feedback, etc.).
Under the GDPR, a Data Processor processes Personal Data on behalf of the Controller. Every party who receives or has access to Personal Data from or through the Platform is processing Personal Data and is bound by Race Roster’s Data Processing Addendum or a similar agreement in place with an Event Organizer. When Personal Data is removed from the Platform by Managers or Related Parties because they are authorized to download the data, Race Roster is no longer the Controller of such downloaded data.
Race Roster’s legal grounds for processing Personal Data include the provision of consent, contractual relationships through Terms of Service with Registrants, Managers and Related Parties, and Race Roster’s legitimate interest in providing an effective event organizing platform.
EU data subjects permanently residing in the European Union may have supplementary statutory rights with respect to their personal data as outlined in the GDPR. This includes the right to access their personal data via a Data Subject Access Request (DSAR), have it deleted, have it corrected, or object to/restrict processing of such data. If you would like to make such a request, please e-mail firstname.lastname@example.org (Attn: Data Protection Officer). Race Roster has developed an EU Data Subject Rights Procedure to ensure your request is responded to in a timely manner. In the context of a request for erasure, Race Roster will scramble or pseudonymize the data subject’s information to make it anonymous.
Race Roster has required our service providers who we entrust with Race Roster user data to commit to the continued protection of such data as a data processor. If at any time in the future we plan to share Personal Data with additional third parties to deliver Race Roster services, we will ensure that they too maintain a high standard of care for such data.
Race Roster operates through its Canadian organization. Canada was the first country outside of Europe deemed adequate by the EU Commission in 2001, under the EU Data Protection Directive 95/46/EC (the GDPR’s predecessor). An adequacy finding allows the flow of data from the EU to Canada as a trusted country in data protection. In addition, Race Roster uses data hosting providers who have made GDPR commitments of their own. Where data is stored in the U.S. by Race Roster’s service providers, these entities comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the processing of personal data transferred from the EU to the United States. To learn more about the Privacy Shield program or the Privacy Shield Principles, please visit www.privacyshield.gov.
10. External Links and Race Roster Social Media
We may offer links from the Platform to the sites or apps of our service providers, affiliates or unrelated companies that may be of interest to you. Race Roster makes no representations as to such third parties’ practices for dealing with your personal information.
Race Roster’s use of social media serves as an extension of our presence on the Internet. Social media account(s) are public and are not hosted on Race Roster’s servers. Users who choose to interact with Race Roster via social media should read the terms of service and privacy policies of these third party services/platforms.