Privacy policy

As of December 30, 2019

Scroll to top

1. Importance of your Privacy

At Race Roster, your privacy is of great importance to us. We understand that you entrust us with certain personal data when using our website (raceroster.com) and related services such as Salesforce ® (collectively “the Platform”).

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THE PLATFORM OR ALLOWING/DIRECTING SOMEONE TO USE THE PLATFORM. BY VOLUNTARILY PROVIDING ANY PERSONAL DATA TO RACE ROSTER AND USING OUR PLATFORM, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND UNDERSTOOD THIS POLICY AND THAT YOU CONSENT TO OUR COLLECTION, USE AND DISCLOSURE OF SUCH DATA AS SET FORTH IN THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT PROVIDE US WITH ANY DATA.

2. Who We Are and Getting in Touch

The Platform is owned and operated by Race Roster North America Corporation, (hereinafter referred to as “Race Roster,” or “we” or “us” or the “Company”). Race Roster operates collectively under the corporate names of Race Roster US Inc., Race Roster Running UK Ltd., and Race Roster North America Corporation. If you have any privacy concerns or questions at any time, or would like to request access to your personal information, please do not hesitate to email us at privacy@raceroster.com, call 1-855-969-5515 or via mail at Race Roster, 4281 Express Lane, Suite M9706, Sarasota, Florida, United States, 34249 or Race Roster, 186 York St. London, Ontario, Canada, N6A 1B5, Attention: Privacy Officer.

EU residents may also exercise their data subject rights by contacting our Privacy Officer, who is also Race Roster’s Data Protection Officer (see Section 9 of this policy: GDPR Compliance at Race Roster).

3. Personal Data We Collect

“Personal Data” is any information about an identifiable individual that is collected from users of and/or visitors (“you” or “your”) to the Platform.

We may collect your Personal Data directly from you or from event organizers. In the interest of clarity, and for the purposes of this Privacy Policy, “you” may be any of the following sources of Personal Data:

i. registered users who are event managers and planners (“Managers”)
ii. users who want to purchase event entries, goods and services, register for or donate to events (whether free or paid) listed by Managers on the Platform (“Registrants”), and
iii. other non-Manager users, or visitors, to the Platform (“other non-managers”).

For more specifics tied to each category of Personal Data, see the chart below.

Category of Personal
Data
Examples of Personal
Data
Sources of
Personal Data
Business or
Commercial
Purposes for
Personal Data
Collection
1. IdentifiersThis may include but is not limited to: a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, image or photograph, email address, account name, or other similar identifiers.Either through direct input from consumer, or direct from event organizer.(1) processing interactions and transactions;
(2) managing interactions and transactions;
(3) performing services;
(4) quality assurance;
(5) security; and
(6) debugging.

2. Personal Records
This may include information such as: name, telephone number, address, or any other payment information.Direct from event organizer.(1) processing interactions and transactions;
(2) managing interactions and transactions;
(3) performing services
(4) quality assurance;
(5) security; and
(6) debugging.
3. Consumer CharacteristicsThis may include, but is not limited to: gender.Either through direct input from consumer, or direct from event organizer.(1) processing interactions and transactions;
(2) managing interactions and transactions;
(3) performing services;
4. Customer Account Details / Commercial InformationThis may include, but is not limited to: products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.Either through direct input from consumer, or direct from event organizer.(1) processing interactions and transactions;
(2) managing interactions and transactions;
(3) performing services;
(4) quality assurance;
5. Internet Usage InformationThis may include, but is not limited to: information regarding your interaction with an Internet Web site, application, or advertisement.Information about how you use Race Roster may be collected to help improve our platform.(1) research and development;
(2) quality assurance;
(3) security; and
(4) debugging.
6. Geolocation DataThis may include, but is not limited to: precise physical location or movements and travel patterns.Location data (via IP address) is gathered when processing a transaction on Race Roster.(1) processing interactions and transactions;
(2) managing interactions and transactions;
(3) performing services;
(4) security; and (5) debugging.
7. Sensory DataThis may include, but is not limited to: audio recordings of customer care calls.When calling our support team, your call may be recorded for training and quality purposes.(1) research and development;
(2) quality assurance;
(3) security; and (4) debugging.
8. Professional or Employment InformationThis may include, but is not limited to: professional, educational, or employment-related information.Either through direct input from consumer, or direct from event organizer.(1) processing interactions and transactions;
(2) managing interactions and transactions;
(3) performing services;

3.1. Personal Data

Log in: To log in to the Platform, you must select a username and password or use Facebook for social sign in. The password you select is stored hashed, such that it remains unknown even to Race Roster, and if using social sign in, none of your Facebook profile information is collected by Race Roster. We also collect your IP address or unique device identifier in order to investigate any suspicious use of the Platform.

Managers: We collect Personal Data from you when you voluntarily provide such information to the Platform, such as when you register for access to the Platform as a Manager, contact us with inquiries, or use the Platform to manage an event or activity. The Personal Data we collect includes without limitation your name, address, email address, phone number and other personally identifiable information. In addition, if you use our payment processing services, we will collect financial information from you (e.g., your bank account information or an address) as necessary to facilitate payments and information required for tax purposes (e.g., your taxpayer identification number).

Registrants and other non-managers: We collect Personal Data from you when you voluntarily provide information to the Platform (including event registration pages within the Platform), such as when you register for access to the Platform (whether as a Manager or otherwise), register for an event as a Registrant, purchase goods and services, make a donation, contact us with inquiries, respond to one of our surveys or use certain parts of the Platform. The Personal Data we collect includes without limitation your name, address, email address, phone number, billing information, and other personally identifiable information. In addition, Managers can set up event registration pages to collect virtually any information from Registrants in connection with registration for a Manager’s event or activity listed on the Platform. If a Registrant voluntarily provides Personal Data in connection with registration for an event or otherwise, it will be available to us and will be held by us in accordance with this Privacy Policy.

3.2. Non-Personal Data:

Non-Identifiable Data: When you interact with the Platform, we collect certain personally non-identifiable information (“Non-Personal Data”). The Non-Personal Data we collect includes without limitation, characteristics of your device and software, Internet browser type, domain names of your Internet Service Provider, your approximate geographic location, a record of your usage of the Platform, including the time of your usage and how long you stayed. Such information, which is collected passively using various technologies, cannot, in and of itself, be used to specifically identify you. We also collect Non-Personal Data (including, without limitation, of the type set forth above) from third parties. The information we collect from third parties may be combined with the information we collect.

Cookies and Other Session Identifiers: In operating the Platform, we use “cookies” which are small text files placed on your device hard drive when you access the Platform. Our cookies help provide additional functionality to the Platform and help us analyze service usage more accurately. For instance, our Platform may set a cookie through your browser that allows you to access the Platform without needing to remember and then enter a password more than once during a visit. These cookies may be used to tailor content (including advertising) you see on the Platform as well as other Internet sites that you may visit in the future. Cookies are also used for website usage analytics so we have an understanding of how our Platform is used and how it can be improved. Cookies may be session cookies (i.e., last only for one browser session) or persistent cookies (i.e., continue in your browser until they are deleted or expire). Note that since cookies are only text files, they cannot run on your device, search your device for other information or transmit any information to anyone.

Through your web browser’s preference settings you may be able to:

i. receive notifications when you are receiving new cookies
ii. disable cookies, and/or
iii. delete cookies

Please refer to your web browser’s help section for information on how to do this. We recommend that you leave cookies turned on because they allow you to take advantage of some of the features of the Platform. For more information about the cookies used and set by Race Roster visit our Cookie Statement.

Aggregated Personal Data: In an ongoing effort to better understand and serve our Platform users, we often conduct research on our customer demographics, interests and behavior. This research involves compiling and analyzing Personal Data on an aggregate basis and this aggregate information does not identify you personally and therefore is considered and treated as Non-Personal Data under this Privacy Policy.

4. How is my Personal Data Used?

Generally, we collect, use and disclose your Personal Data to provide you services and as otherwise related to the operation of our business.  For more specific detail on our disclosures of Personal Data see the section “Sharing of Personal Data.”We may collect, use and disclose the Personal Data we collect for one or more of the following business purposes:

  • Managing Interactions and Transactions 
  • Performing Services 
  • Research and Development 
  • Quality Assurance 
  • Security 
  • Debugging

We use the Personal Data we collect in a manner that is consistent with this Privacy Policy. In furtherance of the above uses, the following is additional detail for how we use Personal Data:

Specific Reason: If you provide Personal Data for a certain reason, we may use the Personal Data in connection with the reason for which it was provided. For instance, if you contact us by email, we will use the Personal Data you provide to answer your question or resolve your problem and will respond to the email address from which the contact came. If you provide credit card information, or other financial account information, we will use it to process payments through payment processing providers. Payment processors will comply with payment card industry (“PCI”) standards for data security and privacy.

Access and Use: If you provide Personal Data in order to obtain access to or use of the Platform or any functionality thereof, we will use your Personal Data to provide you with access and monitor your use of the Platform.

Data Linkage: Personal Data may be used to link data points and provide Registrants with additional value. For example, bib numbers may be used to link images to Registrant profiles. Race Roster makes best efforts to ensure the accuracy of any such data linkage.

Internal Business Purposes: We may use your Personal Data for internal business purposes, including without limitation, to help us improve the content and functionality of the Platform, to better understand our users, to protect against, identify or address fraudulent or inappropriate activities, to enforce our Terms of Service, to manage your account and provide you with customer service, and to generally manage the Platform and our business.

Marketing and Communications: We may use your Personal Data to contact you in the future for our marketing and advertising purposes, including without limitation to inform you about services or events we believe might be of interest to you, to develop promotional or marketing materials and provide those materials to you, and to display content and advertising on or off the Platform that we believe might be of relevance to you. Note that any automated data collection does not lead to profiling that significantly affects Platform users, but is simply used to give Race Roster a clear picture of its users or to provide special offers to Platform users. Note that consent for receiving marketing and communication from Race Roster can be removed at any time.

Manager Emails: We allow Managers to use our email system and tools, as well as Registrants’ email addresses, to contact Registrants for their current and past events, and other communications as described above, so you may receive emails from our system that originate with such Managers, as well as directly from such Managers. The Manager, and not Race Roster, is responsible for the content and sending of these emails. A Registrant will always be provided with the ability to opt out from electronic communications. Please note that if you unsubscribe from receiving a particular Manager’s emails, you will no longer receive emails from that particular Manager from our Platform, but you may still receive emails sent by that Manager through means other than our system in accordance with the Manager’s own Privacy Policy that Race Roster takes no responsibility for.

Other Purposes: If we intend to use any Personal Data in any manner that is not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time at which the Personal Data is collected or we will obtain your consent subsequent to such collection but prior to such use.

5. Sharing of personal data

Registrants and Managers and Related Parties: When you register for, or donate to, an event or activity on the Platform, you consent to our providing your Personal Data to the Managers and Related Parties of such event or activity. “Related Parties” include Charitable or Not-For-Profit organizations, or other types of organizations that collect funds for specific causes and are retained in relation to events hosted on the Platform, as well as other third parties as required with respect to the Platform and Managers, such as Timers and other Event Administrators. While on the Platform, anyone with access to your data is required to respect your privacy in accordance with this Privacy Policy and applicable privacy laws. They must also process Personal Data in accordance with Race Roster’s Terms of Service for Event Organizers. However, Managers and Related Parties are not bound to treat your Personal Data in accordance with this Privacy Policy if they move such data off the Platform. You agree that we are not responsible for the actions of these Managers and Related Parties with respect to your Personal Data. It is important that you review the applicable policies of the Managers and Related Parties of an event before providing Personal Data or other information in connection with that event.

Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets. You acknowledge and agree that any successor to or acquirer of the Company (or its assets) will continue to have the right to use your Personal Data and other information in accordance with the terms of this Privacy Policy.

Subsidiaries and Affiliates: We may also share your Personal Data with our subsidiaries and/or affiliates for purposes consistent with this Privacy Policy. Our subsidiaries and affiliates will be bound to maintain that Personal Data in accordance with this Privacy Policy.

Agents, Consultants and Service Providers: We, like many businesses, sometimes engage other companies to perform certain business-related functions. Examples of such functions include mailing information, hosting and maintaining databases and processing payments. When we engage another company to perform such functions, we may provide them with information, including Personal Data, in connection with their performance of such functions. In working with service providers, your Personal Data may be transferred to a foreign jurisdiction to be processed or stored. Such data may be provided to law enforcement or national security authorities of that jurisdiction upon request, in order to comply with foreign laws

Third Parties: If you explicitly request certain services such as, but not limited to, race insurance or a customized medal, we will share limited Personal Data with the third parties who will provide you with these services. We may sell or share the Personal Data of American residents (excluding California residents – see s.10: CCPA Compliance at Race Roster) or residents of other jurisdictions where consumer contact information may be sold to third parties as long as doing so is in compliance with data protection or other laws, , including third party advertisers of consumer brands such as, but not limited to, those relating to athletic apparel or health & fitness, whom we think may provide products or services that may be of interest to you. If we do so, such third parties will always provide you with an opportunity to opt out from receiving such communications.

Legal Requirements: We may disclose your Personal Data if required to do so by law (including, without limitation responding to a subpoena or request from law enforcement, court or government agency) or in the good faith belief that such action is necessary to:

i. comply with a legal obligation;
ii. protect or defend our legal rights, interests or property or that of users of the Platform;
iii. act in critical circumstances to investigate wrongdoing in connection with the Platform; or
iv. protect the personal safety of users of the Platform or the public.

In the interest of clarity, and in accordance with the California Consumer Protection Act (“CCPA”), we may share Personal Data with our service providers, other vendors including those that facilitate interest-based and other advertising and marketing, affiliates, and/or third parties including without limitation during calendar year 2019 as follows:

Category of PIShared with Third Parties?Categories of Third Parties
1. IdentifiersYesConsumer brands
2. Personal RecordsNo
3. Consumer Characteristics No
4. Customer Account Details / Commercial InformationYesConsumer brands
5. Internet Usage InformationNo
6. Geolocation DataNo
7. Sensory DataNo
8. Professional or Employment InformationNo

We may share your Personal Data (as described above in Personal Data We Collect) with our service providers and other qualified vendors for the same business purposes for which we collect such Personal Data as described above in the Collection and Use of Personal Data, including in the calendar year 2019 as follows:

Category of PIDisclosed for a Business Purpose?Business Purposes for DisclosuresCategories of Recipients of Business Purpose Disclosure
1. IdentifiersYes1) processing interactions and transactions; (2) managing interactions and transactions; (3) performing services; (4) research and development; (5) quality assurance; (6) security; and (7) debugging.Service providers
2. Personal RecordsYes1) processing interactions and transactions; (2) managing interactions and transactions; (3) performing services; (4) research and development; (5) quality assurance; (6) security; and (7) debugging.Service providers
3. Consumer CharacteristicsYes1) processing interactions and transactions; (2) managing interactions and transactions; (3) performing services;Service providers
4. Customer Account Details / Commercial InformationYes1) processing interactions and transactions; (2) managing interactions and transactions; (3) performing services; (4) quality assurance;Service providers
5. Biometric InformationNoN/AN/A
6. Internet Usage InformationYes(1) research and development; (2) quality assurance; (3) security; and (4) debugging.Service providers
7. Geolocation DataYes1) processing interactions and transactions; (2) managing interactions and transactions; (3) performing services; (4) security; and (5) debugging.Service providers
8. Sensory DataYes(1) performing services; (2) research and development; (3) quality assurance; (4) security; and (5) debugging.Service providers
9. Professional or Employment InformationYes1) processing interactions and transactions; (2) managing interactions and transactions; (3) performing services;Service providers

6. How is my Personal Data Kept Secure?

Race Roster has implemented critical physical, organizational and technical measures to guard against unauthorized or unlawful processing of the data we collect. We have also taken steps to avoid accidental loss or destruction of, or damage to, your Personal Data. While no system is completely secure, the measures implemented by Race Roster significantly reduce the likelihood of a data security breach.

In addition, we recommend that you do your part in protecting yourself from unauthorized access to your Race Roster account by ensuring no one else uses your computer or device when you are logged in, by logging off when you are not using the Platform and by keeping your password confidential. Race Roster is not liable for any unauthorized use of your personal information that is beyond our reasonable control.

Here are some examples of the data security controls in place at Race Roster (this is not an exhaustive list):

  • The use of encryption when personal information is transferred to and stored on Race Roster’s servers. Transmission between your browser and our web server is implemented using Secure Sockets Layer (SSL) technology;
  • Limited access to personal information by Race Roster staff on a need-to-know basis, and the use of robust authentication processes;
  • The use of data centers with effective physical and logical data security controls, and the use of reputable third parties who have demonstrated security consciousness; and
  • Secure office premises and staff that are keenly aware of their data protection responsibilities.

No method of transmitting or storing data is 100% secure. As a result, although we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us. If you have reason to believe that your Race Roster account is no longer secure (for example, if you feel that the security of your account has been compromised), you must immediately notify us of the problem at privacy@raceroster.com in order for Race Roster to resolve the issue in a timely manner. Also keep in mind that e-mail is not a secure form of communication so never send sensitive personal information to us via e-mail. Examples of sensitive information include social insurance numbers or credit card numbers.

7. Not for Children Under Thirteen:

The Race Roster Platform is neither designed nor intended to collect Personal Data directly from children who are under the age of thirteen (13).

In order to ensure compliance with the provisions of the U.S. Children’s Online Privacy Protection Act and other data protection laws around the world aimed at protecting children, children under the age of thirteen (13) are not permitted to access or use the Platform, and children under the age of thirteen (13) should not directly provide any personal information to Race Roster. You may reside in a country where local laws fix the digital age of consent to be older than 13. You may only use the Platform if you have reached this age of consent, in accordance with applicable local laws. If you do not meet the digital age of consent of your country, you must immediately cease using the Platform. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data through the Platform without their permission. If you have reason to believe that a child under the age of 13 has directly provided Personal Data to us through the Platform, please contact us, and we will endeavor to delete that information from our Platform.

8. How Long is my Personal Information Retained?

We will retain your information as long as you have a Race Roster account, to permit us to use it for the purposes that we have identified in this Privacy Policy. However, Race Roster has implemented retention schedules to avoid indefinitely storing personal information associated with an inactive account.

Personal information that is no longer required for administrative or business purposes, and that does not need to be archived by Race Roster, will be overwritten or scrambled such that it no longer identifies the Race Roster user. Keep in mind however that third parties who store data on our behalf have their own retention rules.

9. GDPR Compliance at Race Roster

Under the General Data Protection Regulation EU/2016/679 (GDPR), a Data Controller determines the purposes and means of the processing of Personal Data. Race Roster remains the Controller of all Personal Data provided to and stored in the Platform, including the data of Registrants, Managers and Related Parties. Thus, we take accountability for the security and use of such data when sending confirmations, processing payments and generally assisting Managers and Related Parties plan and manage their event (for example, providing event reports, using analytics to gain insights into the effectiveness of various sales channels, marketing the event, obtaining event feedback, etc.).

Under the GDPR, a Data Processor processes Personal Data on behalf of the Controller. Every party who receives or has access to Personal Data from or through the Platform is processing Personal Data and is bound by Race Roster’s Data Processing Addendum. When Personal Data is removed from the Platform by Managers or Related Parties because they are authorized to download the data, Race Roster is no longer the Controller of such downloaded data.

Race Roster’s legal grounds for processing Personal Data include the provision of consent, contractual relationships through Terms of Service with Registrants, Managers and Related Parties, and Race Roster’s legitimate interest in providing an effective event organizing platform.

EU data subjects permanently residing in the European Union may have supplementary statutory rights with respect to their personal data as outlined in the GDPR. This includes the right to access their personal data, have it deleted, have it corrected, or object to/restrict processing of such data. If you would like to make such a request, please e-mail privacy@raceroster.com (Attn: Data Protection Officer). Race Roster has developed an EU Data Subject Rights Procedure to ensure your request is responded to in a timely manner. In the context of a request for erasure, Race Roster will scramble or pseudonymize the data subject’s information to make it anonymous.

Race Roster has required our service providers who we entrust with Race Roster user data to commit to the continued protection of such data as a data processor. If at any time in the future we plan to share Personal Data with additional third parties to deliver Race Roster services, we will ensure that they too maintain a high standard of care for such data.

Race Roster operates through its Canadian organization. Canada was the first country outside of Europe deemed adequate by the EU Commission in 2001, under the EU Data Protection Directive 95/46/EC (the GDPR’s predecessor). An adequacy finding allows the flow of data from the EU to Canada as a trusted country in data protection. In addition, Race Roster uses data hosting providers who have made GDPR commitments of their own. Where data is stored in the U.S. by Race Roster’s service providers, these entities comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the processing of personal data transferred from the EU to the United States. To learn more about the Privacy Shield program or the Privacy Shield Principles, please visit www.privacyshield.gov.

10. CCPA Compliance at Race Roster

We provide California Consumers the privacy rights described in this section.  You have the right to exercise these rights via an authorized agent who meets the agency requirements of the CCPA and related regulations.  As permitted by the CCPA, any request you submit to us is subject to an identification process (“Verifiable Consumer Request”).  We will not fulfill your CCPA request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected Personal Data.  Please follow the instructions at our Consumer Rights Request page and respond to any follow up inquires we may make.

Some Personal Data we maintain about users is not sufficiently associated with enough Personal Data about the user for us to be able to verify that it is a particular user’s Personal Data when a user request that requires verification pursuant to the CCPA’s verification standards is made (e.g., clickstream data tied only to a pseudonymous browser ID).  As required by the CCPA we do not include that Personal Data in response to those requests. If we cannot comply with a request, we will explain the reasons in our response.  You are not required to create an account with us to make a Verifiable Consumer Request but you may use your account to do so. We will use Personal Data provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.

We will make commercially reasonable efforts to identify Consumer Personal Data that we collect, process, store, disclose and otherwise use and to respond to your California Consumer privacy rights requests.  In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest that you receive the most recent or a summary of your Personal Data and give you the opportunity to elect whether you want the rest or not.  We reserve the right to direct you to where you may access and copy responsive Personal Data yourself. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded or overly burdensome.  If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.

Your California Consumer privacy rights are as follows:

A. The Right to Know:

i. Information Rights:

You have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:

  • The categories of Personal Data we have collected about you.
  • The categories of sources from which we collected your Personal Data.
  • The business or commercial purposes for our collecting or selling your Personal Data.
  • The categories of third parties to whom we have shared your Personal Data.
  • The specific pieces of Personal Data we have collected about you.
  • A list of the categories of Personal Data disclosed for a business purpose in the prior 12 months, or that no disclosure occurred.
  • A list of the categories of Personal Data sold about you in the prior 12 months, or that no sale occurred.  If we sold your Personal Data, we will explain:
    • The categories of your Personal Data we have sold.
    • The categories of third parties to which we sold Personal Data, by categories of Personal Data sold for each third party.

To make a request, please follow the instructions at our Consumer Rights Request page here and respond to any follow up inquires we may make, or call us at 1-855-969-5515.  We may request account history, account activity, other names associated with your account (ie, co-registrants), or verification of previously-provided information to confirm identity. For your specific pieces of information, as required by the CCPA, we will apply the heightened verification standards set forth in subsection (ii) below. 

Please note that Personal Data is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.

ii. Obtaining Copies of Personal Data:

You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your Personal Data that we have collected in the period that is 12 months prior to the request date and are maintaining.  To make a request, please follow the instructions at our Consumer Rights Request page here and respond to any follow up inquires we may make, email to privacy@raceroster.com with the subject line “Request for Copies of Personal Data”, or call us at 1-855-969-5515.   We may request account history, account activity, other names associated with your account (ie, co-registrants), or verification of previously-provided information to confirm identity. 

Please note that Personal Data is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.

B. Do Not Sell:

While there is not yet a consensus, data practices of third party cookies and tracking devices associated with our websites and mobile apps may constitute a “sale” of your Personal Data as defined by the CCPA.  You can exercise control over browser-based cookies by adjusting the settings on your browser.  In addition, third party tools enable you to search for and opt-out of some of these devices, such as the Ghostery browser plug-in available at https://www.ghostery.com/.   We also list cookies and provide access to their privacy information and, if available, opt-out programs here. We do not represent that these third party tools, programs or statements are complete or accurate.

We do not knowingly sell the Personal Data of Consumers we know are under 16 unless we receive an opt-in from the Consumer who is at least 13 but under 16, or from the parent or guardian of a Consumer younger than 13.  Consumers who opt-in to Personal Data sales may opt-out at any time. If you think we may have unknowingly collected Personal Data for sale of yourself or of your child under the age of 13, or if you are at least 13 but under 16, exercising the opt-out will stop our selling of the PI.

C. Delete:

Except to the extent we have a basis for retention under CCPA, you may request that we delete your Personal Data that we have collected directly from you and are maintaining.  Our retention rights include, without limitation, to complete transactions and service you have requested or that are reasonably anticipated, for legitimate internal business purposes, including maintaining business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. Note also that we are not required to delete your Personal Data that we did not collect directly from you. To make a request, please send an email to privacy@raceroster.com with the subject line “Personal Data Deletion Request”, or call us at 1-855-969-5515.We may request account history, account activity, other names associated with your account (ie, co-registrants), or verification of previously-provided information to confirm identity.

D. Non-Discrimination and Financial Incentive Programs:

We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights.  However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable data. In addition, we may offer you financial incentives for the collection, sale and retention and use of your Personal Data as permitted by the CCPA that can, without limitation, result in reasonably different prices, rates, or quality levels.  The material aspects of any financial incentive will be explained and described in its program terms.  Please note that participating in incentive programs is entirely optional, you will have to affirmatively opt-in to the program and you can opt-out of each program (i.e., terminate participation and forgo the ongoing incentives) prospectively by following the instructions in the applicable program description and terms.  We may add or change incentive programs and/or their terms by posting notice on the program descriptions and terms linked to above so check them regularly.

E. Authorized Agents:

To provide information to an Authorized Agent, we must receive information from the Authorized Agent that can verify your account history, account activity, other names associated with your account (ie, co-registrants), or verification of previously-provided information. 

F. Our and Other’s Rights:

Notwithstanding anything to the contrary, we may collect, use and disclose your Personal Data as required or permitted by applicable law and this may override your CCPA rights.  In addition, we need not honor any of your requests to the extent that doing so would infringe upon our or any other person or party’s rights or conflict with applicable law.

11. Data Deletion

If you initiate a data deletion request, you agree that Race Roster is authorized to delete or anonymize Personal Data of yours from the Platform even if that means removing its availability to the Event Organizer through the Platform. However, you understand that even if Race Roster deletes or anonymizes your Personal Data upon your request or pursuant to this Policy, your Personal Data may still be available in the Event Organizer’s own databases if transmitted to the Event Organizer prior to Race Roster receiving or taking action on any deletion or anonymization activity.

12. External Links and Race Roster Social Media

We may offer links from the Platform to the sites or apps of our service providers, affiliates or unrelated companies that may be of interest to you. Race Roster makes no representations as to such third parties’ practices for dealing with your personal information.

Race Roster’s use of social media serves as an extension of our presence on the Internet. Social media account(s) are public and are not hosted on Race Roster’s servers. Users who choose to interact with Race Roster via social media should read the terms of service and privacy policies of these third party services/platforms.

This Privacy Policy only applies to the Race Roster Platform and does not govern the activities of third parties. We recommend that you check the privacy policies of any apps, sites or platforms you associate with before sharing your personal information with such third parties.

13. Changes to this Privacy Policy

We may change this Privacy Policy from time to time in order to better reflect our current data handling practices. Thus, we encourage you to review this Privacy Policy frequently, and especially before you provide us with your Personal Data. The “Last Updated” date at the top of this Privacy Policy indicates when changes to this policy were published and thus in force. In some cases (for example, if we significantly expand our use or sharing of your Personal Data), we may also tell you about changes by additional means, such as by sending an e-mail to the e-mail address we have on file for you. In some cases, we may request your consent to the changes. Your continued use of the Platform after any changes or revisions to this Privacy Policy indicates your agreement with the terms of such revised Privacy Policy.