Privacy policy

As of December 12, 2018

1. Importance of your Privacy

At Race Roster, your privacy is of great importance to us. We understand that you entrust us with certain personal data when using our website (raceroster.com) and related services such as Salesforce ® (collectively “the Platform”).

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THE PLATFORM OR ALLOWING/DIRECTING SOMEONE TO USE THE PLATFORM. BY VOLUNTARILY PROVIDING ANY PERSONAL DATA TO RACE ROSTER AND USING OUR PLATFORM, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND UNDERSTOOD THIS POLICY AND THAT YOU CONSENT TO OUR COLLECTION, USE AND DISCLOSURE OF SUCH DATA AS SET FORTH IN THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT PROVIDE US WITH ANY DATA.

2. Who We Are and Getting in Touch

The Platform is owned and operated by Race Roster, (hereinafter referred to as “Race Roster,” or “we” or “us” or the “Company”). Race Roster operates collectively under the corporate names of Race Roster USA Inc., and Fast North Corp.. If you have any privacy concerns or questions at any time, please do not hesitate to email us at privacy@raceroster.com, or via mail at Race Roster, 4281 Express Lane, Suite M9706, Sarasota, Florida, United States, 34249 or Race Roster, 103 King St. London, Ontario, Canada, N6A 1C1, Attention: Privacy Officer.
EU residents may also exercise their data subject rights by contacting our Privacy Officer, who is also Race Roster’s Data Protection Officer (see Section 9 of this policy: GDPR Compliance at Race Roster).

3. What Information is Collected About Me?

“Personal data” is any information about an identifiable individual that is collected from users of and/or visitors (“you” or “your”) to the Platform, including:

i. registered users who are event managers and planners (“Managers”)
ii. users who want to purchase event entries, goods and services, register for or donate to events (whether free or paid) listed by Managers on the Platform (“Registrants”), and
iii. other non-Manager users, or visitors, to the Platform (“other non-managers”).

When you interact with us through the Platform, we may collect Personal Data and other information from you or someone on your behalf, as further described below:

3.1. Personal Data

Log in: To log in to the Platform, you must select a username and password or use Facebook for social sign in. The password you select is stored hashed, such that it remains unknown even to Race Roster, and if using social sign in, none of your Facebook profile information is collected by Race Roster. We also collect your IP address or unique device identifier in order to investigate any suspicious use of the Platform.

Managers: We collect Personal Data from you when you voluntarily provide such information to the Platform, such as when you register for access to the Platform as a Manager, contact us with inquiries, or use the Platform to manage an event or activity. The Personal Data we collect includes without limitation your name, address, email address, phone number and other personally identifiable information. In addition, if you use our payment processing services, we will collect financial information from you (e.g., your bank account information or an address) as necessary to facilitate payments and information required for tax purposes (e.g., your taxpayer identification number).

Registrants and other non-managers: We collect Personal Data from you when you voluntarily provide information to the Platform (including event registration pages within the Platform), such as when you register for access to the Platform (whether as a Manager or otherwise), register for an event as a Registrant, purchase goods and services, make a donation, contact us with inquiries, respond to one of our surveys or use certain parts of the Platform. The Personal Data we collect includes without limitation your name, address, email address, phone number, billing information, and other personally identifiable information. In addition, Managers can set up event registration pages to collect virtually any information from Registrants in connection with registration for a Manager’s event or activity listed on the Platform. If a Registrant voluntarily provides Personal Data in connection with registration for an event or otherwise, it will be available to us and will be held by us in accordance with this Privacy Policy.

3.2. Non-Personal Data:

Non-Identifiable Data: When you interact with the Platform, we collect certain personally non-identifiable information (“Non-Personal Data”). The Non-Personal Data we collect includes without limitation, characteristics of your device and software, , Internet browser type, domain names of your Internet Service Provider, your approximate geographic location, a record of your usage of the Platform, including the time of your usage and how long you stayed. Such information, which is collected passively using various technologies, cannot, in and of itself, be used to specifically identify you. We also collect Non-Personal Data (including, without limitation, of the type set forth above) from third parties. The information we collect from third parties may be combined with the information we collect.

Cookies and Other Session Identifiers: In operating the Platform, we use “cookies” which are small text files placed on your device hard drive when you access the Platform. Our cookies help provide additional functionality to the Platform and help us analyze service usage more accurately. For instance, our Platform may set a cookie through your browser that allows you to access the Platform without needing to remember and then enter a password more than once during a visit. These cookies may be used to tailor content (including advertising) you see on the Platform as well as other Internet sites that you may visit in the future. Cookies are also used for website usage analytics so we have an understanding of how our Platform is used and how it can be improved. Cookies may be session cookies (i.e., last only for one browser session) or persistent cookies (i.e., continue in your browser until they are deleted or expire). Note that since cookies are only text files, they cannot run on your device, search your device for other information or transmit any information to anyone.

Through your web browser’s preference settings you may be able to:

i. receive notifications when you are receiving new cookies
ii. disable cookies, and/or
iii. delete cookies

Please refer to your web browser’s help section for information on how to do this. We recommend that you leave cookies turned on because they allow you to take advantage of some of the features of the Platform. For more information about the cookies used and set by Race Roster visit our Cookie Statement

Aggregated Personal Data: In an ongoing effort to better understand and serve our Platform users, we often conduct research on our customer demographics, interests and behavior. This research involves compiling and analyzing Personal Data on an aggregate basis and this aggregate information does not identify you personally and therefore is considered and treated as Non-Personal Data under this Privacy Policy.

4. How is my Personal Data Used?

We use the Personal Data we collect in a manner that is consistent with this Privacy Policy. We may use the Personal Data as follows:

Specific Reason: If you provide Personal Data for a certain reason, we may use the Personal Data in connection with the reason for which it was provided. For instance, if you contact us by email, we will use the Personal Data you provide to answer your question or resolve your problem and will respond to the email address from which the contact came. If you provide credit card information, or other financial account information, we will use it to process payments through payment processing providers. Payment processors will comply with payment card industry (“PCI”) standards for data security and privacy.

Access and Use: If you provide Personal Data in order to obtain access to or use of the Platform or any functionality thereof, we will use your Personal Data to provide you with access and monitor your use of the Platform.

Data Linkage: Personal Data may be used to link data points and provide Registrants with additional value. For example, bib numbers may be used to link images to Registrant profiles. Race Roster makes best efforts to ensure the accuracy of any such data linkage.

Internal Business Purposes: We may use your Personal Data for internal business purposes, including without limitation, to help us improve the content and functionality of the Platform, to better understand our users, to protect against, identify or address fraudulent or inappropriate activities, to enforce our Terms of Service, to manage your account and provide you with customer service, and to generally manage the Platform and our business.

Marketing and Communications: We may use your Personal Data to contact you in the future for our marketing and advertising purposes, including without limitation to inform you about services or events we believe might be of interest to you, to develop promotional or marketing materials and provide those materials to you, and to display content and advertising on or off the Platform that we believe might be of relevance to you. Note that any automated data collection does not lead to profiling that significantly affects Platform users, but is simply used to give Race Roster a clear picture of its users or to provide special offers to Platform users. Note that consent for receiving marketing and communication from Race Roster can be removed at any time.

Manager Emails: We allow Managers to use our email system and tools, as well as Registrants’ email addresses, to contact Registrants for their current and past events, and other communications as described above, so you may receive emails from our system that originate with such Managers, as well as directly from such Managers. The Manager, and not Race Roster, is responsible for the content and sending of these emails. A Registrant will always be provided with the ability to opt out from electronic communications. Please note that if you unsubscribe from receiving a particular Manager’s emails, you will no longer receive emails from that particular Manager from our Platform, but you may still receive emails sent by that Manager through means other than our system in accordance with the Manager’s own Privacy Policy that Race Roster takes no responsibility for.

Other Purposes: If we intend to use any Personal Data in any manner that is not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time at which the Personal Data is collected or we will obtain your consent subsequent to such collection but prior to such use.

5. Who is my Personal Data Shared With?

Registrants and Managers and Related Parties: When you register for, or donate to, an event or activity on the Platform, you consent to our providing your Personal Data to the Managers and Related Parties of such event or activity. “Related Parties” include Charitable or Not-For-Profit organizations, or other types of organizations that collect funds for specific causes and are retained in relation to events hosted on the Platform, as well as other third parties as required with respect to the Platform and Managers, such as Timers and other Event Administrators. While on the Platform, anyone with access to your data is required to respect your privacy in accordance with this Privacy Policy and applicable privacy laws. They must also process Personal Data in accordance with Race Roster’s Terms of Service for Event Organizers. However, Managers and Related Parties are not bound to treat your Personal Data in accordance with this Privacy Policy if they move such data off the Platform. You agree that we are not responsible for the actions of these Managers and Related Parties with respect to your Personal Data. It is important that you review the applicable policies of the Managers and Related Parties of an event before providing Personal Data or other information in connection with that event.

Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets. You acknowledge and agree that any successor to or acquirer of the Company (or its assets) will continue to have the right to use your Personal Data and other information in accordance with the terms of this Privacy Policy.

Subsidiaries and Affiliates: We may also share your Personal Data with our subsidiaries and/or affiliates for purposes consistent with this Privacy Policy. Our subsidiaries and affiliates will be bound to maintain that Personal Data in accordance with this Privacy Policy.

Agents, Consultants and Service Providers: We, like many businesses, sometimes engage other companies to perform certain business-related functions. Examples of such functions include mailing information, hosting and maintaining databases and processing payments. When we engage another company to perform such functions, we may provide them with information, including Personal Data, in connection with their performance of such functions. In working with service providers, your Personal Data may be transferred to a foreign jurisdiction to be processed or stored. Such data may be provided to law enforcement or national security authorities of that jurisdiction upon request, in order to comply with foreign laws

Third Parties: We may sell or share the Personal Data of American residents or residents of other jurisdictions where consumer contact information may be sold to third parties without explicit consent, including third party advertisers of consumer brands such as, but not limited to, those relating to athletic apparel or health & fitness, whom we think may provide products or services that may be of interest to you. If we do so, we will always ask such third parties to provide you an opportunity to opt out from receiving such communications.

Legal Requirements: We may disclose your Personal Data if required to do so by law (including, without limitation responding to a subpoena or request from law enforcement, court or government agency) or in the good faith belief that such action is necessary to:

i. comply with a legal obligation;
ii. protect or defend our legal rights, interests or property or that of users of the Platform;
iii. act in critical circumstances to investigate wrongdoing in connection with the Platform; or
iv. protect the personal safety of users of the Platform or the public.

6. How is my Personal Data Kept Secure?

Race Roster has implemented critical physical, organizational and technical measures to guard against unauthorized or unlawful processing of the data we collect. We have also taken steps to avoid accidental loss or destruction of, or damage to, your Personal Data. While no system is completely secure, the measures implemented by Race Roster significantly reduce the likelihood of a data security breach.

In addition, we recommend that you do your part in protecting yourself from unauthorized access to your Race Roster account by ensuring no one else uses your computer or device when you are logged in, by logging off when you are not using the Platform and by keeping your password confidential. Race Roster is not liable for any unauthorized use of your personal information that is beyond our reasonable control.

Here are some examples of the data security controls in place at Race Roster (this is not an exhaustive list):

  • The use of encryption when personal information is transferred to and stored on Race Roster’s servers. Transmission between your browser and our web server is implemented using Secure Sockets Layer (SSL) technology;
  • Limited access to personal information by Race Roster staff on a need-to-know basis, and the use of robust authentication processes;
  • The use of data centers with effective physical and logical data security controls, and the use of reputable third parties who have demonstrated security consciousness; and
  • Secure office premises and staff that are keenly aware of their data protection responsibilities.

No method of transmitting or storing data is 100% secure. As a result, although we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us. If you have reason to believe that your Race Roster account is no longer secure (for example, if you feel that the security of your account has been compromised), you must immediately notify us of the problem at privacy@raceroster.com in order for Race Roster to resolve the issue in a timely manner. Also keep in mind that e-mail is not a secure form of communication so never send sensitive personal information to us via e-mail. Examples of sensitive information include social insurance numbers or credit card numbers.

7. Not for Children Under Thirteen:

The Race Roster Platform is neither designed nor intended to collect Personal Data directly from children who are under the age of thirteen (13).

In order to ensure compliance with the provisions of the U.S. Children’s Online Privacy Protection Act and other data protection laws around the world aimed at protecting children, children under the age of thirteen (13) are not permitted to access or use the Platform, and children under the age of thirteen (13) should not directly provide any personal information to Race Roster. You may reside in a country where local laws fix the digital age of consent to be older than 13. You may only use the Platform if you have reached this age of consent, in accordance with applicable local laws. If you do not meet the digital age of consent of your country, you must immediately cease using the Platform. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data through the Platform without their permission. If you have reason to believe that a child under the age of 13 has directly provided Personal Data to us through the Platform, please contact us, and we will endeavor to delete that information from our Platform.

8. How Long is my Personal Information Retained?

We will retain your information as long as you have a Race Roster account, to permit us to use it for the purposes that we have identified in this Privacy Policy. However, Race Roster has implemented retention schedules to avoid indefinitely storing personal information associated with an inactive account.

Personal information that is no longer required for administrative or business purposes, and that does not need to be archived by Race Roster, will be overwritten or scrambled such that it no longer identifies the Race Roster user. Keep in mind however that third parties who store data on our behalf have their own retention rules.

9. GDPR Compliance at Race Roster

Under the General Data Protection Regulation EU/2016/679 (GDPR), a Data Controller determines the purposes and means of the processing of Personal Data. Race Roster remains the Controller of all Personal Data provided to and stored in the Platform, including the data of Registrants, Managers and Related Parties. Thus, we take accountability for the security and use of such data when sending confirmations, processing payments and generally assisting Managers and Related Parties plan and manage their event (for example, providing event reports, using analytics to gain insights into the effectiveness of various sales channels, marketing the event, obtaining event feedback, etc.).

Under the GDPR, a Data Processor processes Personal Data on behalf of the Controller. Every party who receives or has access to Personal Data from or through the Platform is processing Personal Data and is bound by Race Roster’s Data Processing Addendum. When Personal Data is removed from the Platform by Managers or Related Parties because they are authorized to download the data, Race Roster is no longer the Controller of such downloaded data.

Race Roster’s legal grounds for processing Personal Data include the provision of consent, contractual relationships through Terms of Service with Registrants, Managers and Related Parties, and Race Roster’s legitimate interest in providing an effective event organizing platform.

EU data subjects permanently residing in the European Union may have supplementary statutory rights with respect to their personal data as outlined in the GDPR. This includes the right to access their personal data, have it deleted, have it corrected, or object to/restrict processing of such data. If you would like to make such a request, please e-mail privacy@raceroster.com (Attn: Data Protection Officer). Race Roster has developed an EU Data Subject Rights Procedure to ensure your request is responded to in a timely manner. In the context of a request for erasure, Race Roster will scramble or pseudonymize the data subject’s information to make it anonymous.

Race Roster has required our service providers who we entrust with Race Roster user data to commit to the continued protection of such data as a data processor. If at any time in the future we plan to share Personal Data with additional third parties to deliver Race Roster services, we will ensure that they too maintain a high standard of care for such data.

Race Roster operates through its Canadian organization. Canada was the first country outside of Europe deemed adequate by the EU Commission in 2001, under the EU Data Protection Directive 95/46/EC (the GDPR’s predecessor). An adequacy finding allows the flow of data from the EU to Canada as a trusted country in data protection. In addition, Race Roster uses data hosting providers who have made GDPR commitments of their own. Where data is stored in the U.S. by Race Roster’s service providers, these entities comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the processing of personal data transferred from the EU to the United States. To learn more about the Privacy Shield program or the Privacy Shield Principles, please visit www.privacyshield.gov.

10. External Links and Race Roster Social Media

We may offer links from the Platform to the sites or apps of our service providers, affiliates or unrelated companies that may be of interest to you. Race Roster makes no representations as to such third parties’ practices for dealing with your personal information.

Race Roster’s use of social media serves as an extension of our presence on the Internet. Social media account(s) are public and are not hosted on Race Roster’s servers. Users who choose to interact with Race Roster via social media should read the terms of service and privacy policies of these third party services/platforms.

This Privacy Policy only applies to the Race Roster Platform and does not govern the activities of third parties. We recommend that you check the privacy policies of any apps, sites or platforms you associate with before sharing your personal information with such third parties.

11. Changes to this Privacy Policy

We may change this Privacy Policy from time to time in order to better reflect our current data handling practices. Thus, we encourage you to review this Privacy Policy frequently, and especially before you provide us with your Personal Data. The “Last Updated” date at the top of this Privacy Policy indicates when changes to this policy were published and thus in force. In some cases (for example, if we significantly expand our use or sharing of your Personal Data), we may also tell you about changes by additional means, such as by sending an e-mail to the e-mail address we have on file for you. In some cases, we may request your consent to the changes. Your continued use of the Platform after any changes or revisions to this Privacy Policy indicates your agreement with the terms of such revised Privacy Policy.