Privacy policy
As of August 12, 20221. Importance of your Privacy
At Race Roster, your privacy is of great importance to us. We understand that you entrust us with certain personal data when using our website (raceroster.com) and related services (collectively “the Platform”).
PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THE PLATFORM OR ALLOWING/DIRECTING SOMEONE TO USE THE PLATFORM. BY VOLUNTARILY PROVIDING ANY PERSONAL DATA TO RACE ROSTER AND USING OUR PLATFORM, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND UNDERSTOOD THIS POLICY.
2. Who We Are and Getting in Touch
The Platform is owned and operated by Race Roster North America Corporation, (hereinafter referred to as “Race Roster,” or “we” or “us” or the “Company”). Race Roster operates collectively under the corporate names of Race Roster US Inc., Race Roster Running UK Ltd., and Race Roster North America Corporation. If you have any privacy concerns or questions at any time, or would like to request access to your personal information, please do not hesitate to email us at privacy@raceroster.com, call 1-855-969-5515 or via mail at Race Roster, 4281 Express Lane, Suite M9706, Sarasota, Florida, United States, 34249 or Race Roster, 186 York St. London, Ontario, Canada, N6A 1B5, Attention: Privacy Officer.
EU residents may also exercise their data subject rights by contacting our Privacy Officer, who is also Race Roster’s Data Protection Officer (see Section 9 of this policy: GDPR Compliance at Race Roster).
3. Personal Data We Collect
“Personal Data” is any information about an identifiable individual that is collected from users of and/or visitors (“you” or “your”) to the Platform.
We may collect your Personal Data directly from you or from event organizers for the means specified below. In the interest of clarity, and for the purposes of this Privacy Policy, “you” may be any of the following sources of Personal Data:
i. registered users who are event managers and planners (“Managers”)
ii. users who want to purchase event entries, goods and services, register for or donate to events (whether free or paid) listed by Managers on the Platform (“Registrants”), and
iii. other non-Manager users, or visitors, to the Platform (“other non-managers”).
Based on our 2021 data practices (January 1, 2021 – December 31, 2021),we give you notice that we collected the following types of Personal Data about you, and used and shared Personal Data as set forth below in Sections 3.1 (Personal Data), 4 (How is my Personal Data Used?) and 5 (Sharing of Personal Data). The following chart explains the categories of Personal Data collected and the categories of recipients with which we shared each category.
Category of Personal Data | Examples of Personal Data | Categories of Recipients with which Personal Data is Shared, if Shared | LEGAL GROUND for the processing |
---|---|---|---|
1. Identifiers | This may include but is not limited to: a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, image or photograph, email address, account name, or other similar identifiers. | Business Purpose Disclosure: (1) Service Providers such as payment processors, fraud prevention and security providers, analytics providers, and external auditors; and (2) public authorities / government bodies and (3) Third Parties as compelled or required by law; and (4) for our everyday business operations. Sale: Not Sold | a) Processing is necessary for the performance of the contract with you (in the case of (4), following art. 6.1(b) GDPR b) Processing is necessary for compliance with a legal obligation (in all cases under (1),(2), (3), following art. 6.1(c) GDPR) |
2. Personal Records | This may include information such as: name, telephone number, address, or medical information related to COVID-19 testing and/or status, medical records and/or medical clearance documentation in accordance with applicable law (France and Italy (only)), and any other payment information. | Business Purpose Disclosure: (1) Service Providers such as payment processors, fraud prevention and security providers, analytics providers, and external auditors; and (2) public authorities / government bodies and (3) Third Parties as compelled or required by law; and (4) for our everyday business operations. Sale: Not Sold | a) Processing is necessary for the performance of the contract with you (in the case under (4), following art. 6.1(b) GDPR b) Processing is necessary for compliance with a legal obligation (in all cases under (1),(2), (3), following art. 6.1(c) GDPR) |
3. Consumer Characteristics | This may include, but is not limited to: clothing size or gender. | Business Purpose Disclosure: (1) Service Providers such as analytics providers; and (2) public authorities / government bodies and (3) Third Parties as compelled or required by law; and (4) for our everyday business operations. Sale: Not Sold | a) Processing is necessary for the purposes of legitimate interests pursued by the Company (in the case under (1) and (4), following art. 6.1(f) GDPR b) Processing is necessary for compliance with a legal obligation (in all cases under (2) and (3), following art. 6.1(c) GDPR) |
4. Customer Account Details / Commercial Information | This may include, but is not limited to: products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies; personal testimonials related to products or services. | Business Purpose Disclosure: (1) Service Providers such as payment processors, fraud prevention and security providers, analytics providers, and external auditors; and (2) public authorities / government bodies and (3) Third Parties as compelled or required by law; and (4) for our everyday business operations. Sale: Not Sold | a) Processing is necessary for the purposes of legitimate interests pursued by the Company (in the case under (1) and 4, following art. 6.1(f) GDPR) b) Processing is necessary for compliance with a legal obligation (in all cases under (2) and (3), following art. 6.1(c) GDPR) |
5. Internet Usage Information | This may include, but is not limited to: information regarding your interaction with an Internet Web site, application, or advertisement. | Business Purpose Disclosure: (1) Service Providers such as payment processors, fraud prevention and security providers, and analytics providers; (2) public authorities / government bodies and (3) Third Parties as compelled or required by law; and (4) for our everyday business operations. Sale: Not Sold | a) Processing is necessary for the purposes of legitimate interests pursued by the Company (in the case under (1) and (4), following art. 6.1(f) GDPR b) Processing is necessary for compliance with a legal obligation (in all cases under (2) and (3), following art. 6.1(c) GDPR) |
6. Geolocation Data | This may include, but is not limited to: approximate physical location based on your IP address. | Business Purpose Disclosure: (1) Service Providers such as payment processors, fraud prevention and security providers, analytics providers, and external auditors; and (2) public authorities / government bodies and (3) Third Parties as compelled or required by law; and (4) for our everyday business operations. Sale: Not Sold | a) Processing is necessary for the purposes of legitimate interests pursued by the Company (in the case under (1) and (4), following art. 6.1(f) GDPR b) Processing is necessary for compliance with a legal obligation (in all cases under (2) (3), following art. 6.1(c) GDPR) |
7. Sensory Data | This may include, but is not limited to: audio recordings of customer call center audio recordings. | Business Purpose Disclosure: (1) Service Providers such as security providers, analytics providers, and external auditors; and (2) public authorities / government bodies and (3) Third Parties as compelled or required by law; and (4) for our everyday business operations. Sale: Not Sold | a) Processing is necessary for the purposes of legitimate interests pursued by by the (in the case under (1) and 4, following art. 6.1(f) GDPR b) Processing is necessary for compliance with a legal obligation (in all cases under (2) and (3), following art. 6.1(c) GDPR) |
3.1. Personal Data
Log in: To log in to the Platform, you must select a username and password or use Facebook for social sign in. The password you select is stored hashed, such that it remains unknown even to Race Roster, and if using social sign in, none of your Facebook profile information is collected by Race Roster. We also collect your IP address or unique device identifier in order to investigate any suspicious use of the Platform.
Managers: We collect Personal Data from you when you voluntarily provide such information to the Platform, such as when you register for access to the Platform as a Manager, contact us with inquiries, or use the Platform to manage an event or activity. The Personal Data we collect includes without limitation your name, address, email address, phone number and other personally identifiable information. In addition, if you use our payment processing services, we will collect financial information from you (e.g., your bank account information or an address) as necessary to facilitate payments and information required for tax purposes (e.g., your taxpayer identification number).
Registrants and other non-managers: We collect Personal Data from you when you voluntarily provide information to the Platform (including event registration pages within the Platform), such as when you register for access to the Platform (whether as a Manager or otherwise), register for an event as a Registrant, purchase goods and services, make a donation, contact us with inquiries, respond to one of our surveys or use certain parts of the Platform. The Personal Data we collect includes without limitation your name, address, email address, phone number, billing information, and other personally identifiable information. In addition, Managers can set up event registration pages to collect virtually any information from Registrants in connection with registration for a Manager’s event or activity listed on the Platform. If a Registrant voluntarily provides Personal Data in connection with registration for an event or otherwise, it will be available to us and will be held by us in accordance with this Privacy Policy.
3.2 Sources of Personal Data
We may collect your Personal Data directly from you; from your devices; from your email accounts, chat logs or social media accounts; from Service Providers such as analytics companies, joint marketing providers, order processors; from other Third Parties such as data providers; from other individuals, such as friends or family; and we may create Personal Data about you. For more specifics regarding each category of Personal Data, see the chart above.
If you have chosen to create a Race Roster account via a third-party account such as OneASICS, we will receive basic information retained in such account, including as your email address. If you have chosen to connect your OneASICS account to your Race Roster account, we will receive information about your OneASICS account, such as your name, email address and information relating to your race registration(s) or race result(s).
3.3. Non-Personal Data:
Non-Identifiable Data: When you interact with the Platform, we collect certain personally non-identifiable information (“Non-Personal Data”). The Non-Personal Data we collect includes without limitation, characteristics of your device and software, Internet browser type, domain names of your Internet Service Provider, your approximate geographic location, a record of your usage of the Platform, including the time of your usage and how long you stayed. Such information, which is collected passively using various technologies, cannot, in and of itself, be used to specifically identify you. We also collect Non-Personal Data (including, without limitation, of the type set forth above) from third parties. The information we collect from third parties may be combined with the information we collect.
Cookies and Other Session Identifiers: In operating the Platform, we use “cookies” which are small text files placed on your device hard drive when you access the Platform. Our cookies help provide additional functionality to the Platform and help us analyze service usage more accurately. For instance, our Platform may set a cookie through your browser that allows you to access the Platform without needing to remember and then enter a password more than once during a visit. These cookies may be used to tailor content (including advertising) you see on the Platform as well as other Internet sites that you may visit in the future. Cookies are also used for website usage analytics so we have an understanding of how our Platform is used and how it can be improved. Cookies may be session cookies (i.e., last only for one browser session) or persistent cookies (i.e., continue in your browser until they are deleted or expire). Note that since cookies are only text files, they cannot run on your device, search your device for other information or transmit any information to anyone.
Through your web browser’s preference settings you may be able to:
i. receive notifications when you are receiving new cookies
ii. disable cookies, and/or
iii. delete cookies
Please refer to your web browser’s help section for information on how to do this. We recommend that you leave cookies turned on because they allow you to take advantage of some of the features of the Platform. For more information about the cookies used and set by Race Roster visit our Cookie Statement.
Aggregated or Deidentified Personal Data: In an ongoing effort to better understand and serve our Platform users, we often conduct research on our customer demographics, interests and behavior. This research involves compiling and analyzing Personal Data on an aggregate basis and this aggregate information does not identify you personally and therefore is considered and treated as Non-Personal Data under this Privacy Policy.
4. How is my Personal Data Used and Stored?
Generally, we collect, use and disclose your Personal Data to provide you services and as otherwise related to the operation of our business. For more specific detail on our disclosures of Personal Data see the section “Sharing of Personal Data.”We may collect, use and disclose the Personal Data we collect for one or more of the following business purposes:
- Managing Interactions and Transactions
- Performing Services
- Research and Development
- Quality Assurance
- Security
- Debugging
We use the Personal Data we collect in a manner that is consistent with this Privacy Policy. We listed the legal grounds applicable to our processing operations above. In furtherance of the above uses, the following is additional detail for how we use Personal Data:
Specific Reason: If you provide Personal Data for a certain reason, we may use the Personal Data in connection with the reason for which it was provided. For instance, if you contact us by email, we will use the Personal Data you provide to answer your question or resolve your problem and will respond to the email address from which the contact came. If you provide credit card information, or other financial account information, we will use it to process payments through payment processing providers. Payment processors will comply with payment card industry (“PCI”) standards for data security and privacy. We may also use testimonials for marketing purposes, provided we receive your consent prior to such use, or if such use was disclosed to you prior to you providing a testimonial.
Access and Use: If you provide Personal Data in order to obtain access to or use of the Platform or any functionality thereof, we will use your Personal Data to provide you with access and monitor your use of the Platform.
Data Linkage: Personal Data may be used to link data points and provide Registrants with additional value. For example, bib numbers may be used to link images to Registrant profiles. Race Roster makes best efforts to ensure the accuracy of any such data linkage.
Internal Business Purposes: We may use your Personal Data for internal business purposes, including without limitation, to help us improve the content and functionality of the Platform, to better understand our users, to protect against, identify or address fraudulent or inappropriate activities, to enforce our Terms of Service, to manage your account and provide you with customer service, and to generally manage the Platform and our business.
Manager Emails: We allow Managers to use our email system and tools, as well as Registrants’ email addresses, to contact Registrants for their current and past events, and other communications as described above, so you may receive emails from our system that originate with such Managers, as well as directly from such Managers. The Manager, and not Race Roster, is responsible for the content and sending of these emails. A Registrant will always be provided with the ability to opt out from electronic communications. Please note that if you unsubscribe from receiving a particular Manager’s emails, you will no longer receive emails from that particular Manager from our Platform, but you may still receive emails sent by that Manager through means other than our system in accordance with the Manager’s own Privacy Policy that Race Roster takes no responsibility for.
Other Purposes: Additional business purposes for which we collect, retain, use and/or disclose Personal Data include sharing Personal Data with Third Parties for other than a sale or one of the foregoing Business Purposes as required or permitted by applicable law, such as to our vendors that perform services for us, to the government or private parties to comply with law or legal process, to you or other parties at the your request, for the additional purposes explained in our online Privacy Policy, and to assignees as part of a merger or asset sale (“Other Business Purposes”).
Subject to restrictions and obligations of the CCPA and GDPR with regard to participants residing in the EU/EEA, our vendors may also use your Personal Data for some or all of the above listed Business Purposes, and engage subcontractors to help them perform services for us. In addition, we may collect, retain, use and disclose your Personal Data as required or permitted by applicable law. We treat all of these purposes as Other Business Purposes.
If we intend to use any Personal Data in any manner that is not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time at which the Personal Data is collected or we will obtain your consent subsequent to such collection but prior to such use.
Location: Personal Data that is collected from you may be transferred and stored in a country other than point of collection. Race Roster uses service providers in the United States that employ servers in Virginia and Oregon.
Notwithstanding anything else in this Policy, we may share aggregate or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.
5. Sharing of Personal Data
Registrants and Managers and Related Parties: When you register for, or donate to, an event or activity on the Platform, you acknowledge to our providing your Personal Data to the Managers and Related Parties of such event or activity. “Related Parties” include Charitable or Not-For-Profit organizations, or other types of organizations that collect funds for specific causes and are retained in relation to events hosted on the Platform, as well as other third parties as required with respect to the Platform and Managers, such as Timers and other Event Administrators. While on the Platform, anyone with access to your data is required to respect your privacy in accordance with this Privacy Policy and applicable privacy laws. They must also process Personal Data in accordance with Race Roster’s Terms of Service for Event Organizers. However, Managers and Related Parties are not bound to treat your Personal Data in accordance with this Privacy Policy if they move such data off the Platform. You agree that we are not responsible for the actions of these Managers and Related Parties with respect to your Personal Data. It is important that you review the applicable policies of the Managers and Related Parties of an event before providing Personal Data or other information in connection with that event.
Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets. You acknowledge and agree that any successor to or acquirer of the Company (or its assets) will continue to have the right to use your Personal Data and other information in accordance with the terms of this Privacy Policy.
Subsidiaries and Affiliates: We may also share your Personal Data with our subsidiaries and/or affiliates for purposes consistent with this Privacy Policy. Our subsidiaries and affiliates will be bound to maintain that Personal Data in accordance with this Privacy Policy.
Agents, Consultants and Service Providers: We, like many businesses, sometimes engage other companies to perform certain business-related functions. Examples of such functions include mailing information, hosting and maintaining databases and processing payments. When we engage another company to perform such functions, we may provide them with information, including Personal Data, in connection with their performance of such functions. In working with service providers, your Personal Data may be transferred to a foreign jurisdiction to be processed or stored. Such data may be provided to law enforcement or national security authorities of that jurisdiction upon request, in order to comply with foreign laws.
ASICS: If you choose to connect your Race Roster account with your OneASICS account, personal data (including your name, email address and Race Roster data, such as your run activity data) will be shared with ASICS and will be processed by ASICS in accordance with the applicable privacy policy.
Third Parties: If you explicitly request certain services such as, but not limited to, race insurance or a customized medal, we will share limited Personal Data with the third parties who will provide you with these services only in the event you give explicit consent to do so.
Legal Requirements: We may disclose your Personal Data if required to do so by law (including, without limitation responding to a subpoena or request from law enforcement, court or government agency) or in the good faith belief that such action is necessary to:
i. comply with a legal obligation;
ii. protect or defend our legal rights, interests or property or that of users of the Platform;
iii. act in critical circumstances to investigate wrongdoing in connection with the Platform; or
iv. protect the personal safety of users of the Platform or the public.
6. How is my Personal Data Kept Secure?
Race Roster has implemented critical physical, organizational and technical measures to guard against unauthorized or unlawful processing of the data we collect. We have also taken steps to avoid accidental loss or destruction of, or damage to, your Personal Data. While no system is completely secure, the measures implemented by Race Roster significantly reduce the likelihood of a data security breach.
In addition, we recommend that you do your part in protecting yourself from unauthorized access to your Race Roster account by ensuring no one else uses your computer or device when you are logged in, by logging off when you are not using the Platform and by keeping your password confidential. Race Roster is not liable for any unauthorized use of your personal information that is beyond our reasonable control.
Here are some examples of the data security controls in place at Race Roster (this is not an exhaustive list):
- The use of encryption when personal information is transferred to and stored on Race Roster’s servers. Transmission between your browser and our web server is implemented using Secure Sockets Layer (SSL) technology;
- Limited access to personal information by Race Roster staff on a need-to-know basis, and the use of robust authentication processes;
- The use of data centers with effective physical and logical data security controls, and the use of reputable third parties who have demonstrated security consciousness; and
- Secure office premises and staff that are keenly aware of their data protection responsibilities.
No method of transmitting or storing data is 100% secure. As a result, although we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us. If you have reason to believe that your Race Roster account is no longer secure (for example, if you feel that the security of your account has been compromised), you must immediately notify us of the problem at privacy@raceroster.com in order for Race Roster to resolve the issue in a timely manner. Also keep in mind that e-mail is not a secure form of communication so never send sensitive personal information to us via e-mail. Examples of sensitive information include social insurance numbers or credit card numbers.
7. Not for Children Under Thirteen:
The Race Roster Platform is neither designed nor intended to collect Personal Data directly from children who are under the age of thirteen (13).
In order to ensure compliance with the provisions of the U.S. Children’s Online Privacy Protection Act and other data protection laws around the world aimed at protecting children, children under the age of thirteen (13) are not permitted to access or use the Platform, and children under the age of thirteen (13) should not directly provide any personal information to Race Roster. You may reside in a country where local laws fix the digital age of consent to be older than 13. You may only use the Platform if you have reached this age of consent, in accordance with applicable local laws. If you do not meet the digital age of consent of your country, you must immediately cease using the Platform. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data through the Platform without their permission. If you have reason to believe that a child under the age of 13 has directly provided Personal Data to us through the Platform, please contact us, and we will endeavor to delete that information from our Platform.
If you are at least 13 but under 16 years of age, you must get the consent of your parent or legal guardian before you give us any personal data about yourself. Your parent or guardian should contact the Race Roster company responsible for using your personal data and provide us with their name, e-mail address and any other identifying information that we may request. Race Roster needs this information in order to verify that they have provided the necessary consent. We may follow up by phone or other means in some circumstances. If you are at least 13 but under 16 years of age, do not contact us or provide us with any personal data until after your parent or guardian has sent us an e-mail consenting to your contact and provision of such information.
8. How Long is my Personal Information Retained?
We will retain your information as long as you have a Race Roster account, to permit us to use it for the purposes that we have identified in this Privacy Policy. However, Race Roster has implemented retention schedules to avoid indefinitely storing personal information associated with an inactive account.
Personal information that is no longer required for administrative or business purposes, and that does not need to be archived by Race Roster, will be overwritten or scrambled such that it no longer identifies the Race Roster user. Keep in mind however that third parties who store data on our behalf have their own retention rules.
9. GDPR Compliance at Race Roster
Under the General Data Protection Regulation EU/2016/679 (GDPR), a Data Controller determines the purposes and means of the processing of Personal Data. Race Roster remains the Controller of all Personal Data provided to and stored in the Platform, including the data of Registrants, Managers and Related Parties. Thus, we take accountability for the security and use of such data when sending confirmations, processing payments and generally assisting Managers and Related Parties plan and manage their event (for example, providing event reports, using analytics to gain insights into the effectiveness of various sales channels, marketing the event, obtaining event feedback, etc.).
Under the GDPR, a Data Processor processes Personal Data on behalf of the Controller. Every party who receives or has access to Personal Data from or through the Platform is processing Personal Data and is bound by Race Roster’s Data Processing Addendum. When Personal Data is removed from the Platform by Managers or Related Parties because they are authorized to download the data, Race Roster is no longer the Controller of such downloaded data.
Race Roster’s legal grounds for processing Personal Data include contractual relationships through Terms of Service with Registrants, Managers and Related Parties, compliance with legal obligations and Race Roster’s legitimate interest in providing an effective event organizing platform.
EU data subjects residing in the European Union may have supplementary statutory rights with respect to their personal data as outlined in the GDPR. This includes the right to access their personal data, have it deleted, have it corrected, object to/restrict processing of such data, and the right to data portability. If you would like to make such a request, please e-mail privacy@raceroster.com (Attn: Data Protection Officer). Race Roster has developed an EU Data Subject Rights Procedure to ensure your request is responded to in a timely manner and within a month. In the context of a request for erasure, Race Roster will scramble or pseudonymize the data subject’s information to make it anonymous. If you are not satisfied with our response or believe we are processing personal data not in accordance with the law you can lodge a complaint to the Data Protection Authority of the EU Member States where you reside.
Race Roster has required our service providers who we entrust with Race Roster user data to commit to the continued protection of such data as a data processor. If at any time in the future we plan to share Personal Data with additional third parties to deliver Race Roster services, we will ensure that they too maintain a high standard of care for such data.
Race Roster operates through its Canadian organization. Canada was the first country outside of Europe deemed adequate by the EU Commission in 2001, under the EU Data Protection Directive 95/46/EC (the GDPR’s predecessor). An adequacy finding allows the flow of data from the EU to Canada as a trusted country in data protection. In addition, Race Roster uses data hosting providers who have made GDPR commitments of their own.
Please be informed that we transfer and process any personal data you provide to us to countries other than your country of residence. The laws of these countries may not afford the same level of protection to your personal data. Race Roster will therefore seek to ensure that all adequate safeguards are in place and that all applicable laws and regulations are complied with in connection with such transfer. More in particular for data transferred from the EU to countries outside the EU, Race Roster is using Intra Group Data Transfer Agreements based on new EU Model Clauses.
10. California Consumer Privacy Act compliance at Race Roster
We provide California Consumers the privacy rights described in this section. You have the right to exercise these rights via an authorized agent who meets the agency requirements of the California Consumer Privacy Act (“CCPA“) and related regulations. As permitted by the CCPA, any request you submit to us is subject to an identification process (“Verifiable Consumer Request”). We will not fulfill your CCPA request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected Personal Data. Please follow the instructions at our Consumer Rights Request page and respond to any follow up inquires we may make.
Some Personal Data we maintain about users is not sufficiently associated with enough Personal Data about the user for us to be able to verify that it is a particular user’s Personal Data when a user request that requires verification pursuant to the CCPA’s verification standards is made (e.g., clickstream data tied only to a pseudonymous browser ID). As required by the CCPA we do not include that Personal Data in response to those requests. If we cannot comply with a request, we will explain the reasons in our response. You are not required to create an account with us to make a Verifiable Consumer Request but you may use your account to do so. We will use Personal Data provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.
We will make commercially reasonable efforts to identify Consumer Personal Data that we collect, process, store, disclose and otherwise use and to respond to your California Consumer privacy rights requests. In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest that you receive the most recent or a summary of your Personal Data and give you the opportunity to elect whether you want the rest or not. We reserve the right to direct you to where you may access and copy responsive Personal Data yourself. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.
Your California Consumer privacy rights are as follows:
A. The Right to Know:
i. Information Rights:
You have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:
- The categories of Personal Data we have collected about you.
- The categories of sources from which we collected your Personal Data.
- The business or commercial purposes for our collecting or selling your Personal Data.
- The categories of third parties to whom we have shared your Personal Data.
- The specific pieces of Personal Data we have collected about you.
- A list of the categories of Personal Data disclosed for a business purpose in the prior 12 months, or that no disclosure occurred.
To make a request, please follow the instructions at our Consumer Rights Request page here and respond to any follow up inquires we may make, or call us at 1-855-969-5515. We may request account history, account activity, other names associated with your account (ie, co-registrants), or verification of previously-provided information to confirm identity. For your specific pieces of information, as required by the CCPA, we will apply the heightened verification standards set forth in subsection (ii) below.
Please note that Personal Data is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.
ii. Obtaining Copies of Personal Data:
You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your Personal Data that we have collected in the period that is 12 months prior to the request date and are maintaining. To make a request, please follow the instructions at our Consumer Rights Request page here and respond to any follow up inquires we may make, email to privacy@raceroster.com with the subject line “Request for Copies of Personal Data”, or call us at 1-855-969-5515. We may request account history, account activity, other names associated with your account (ie, co-registrants), or verification of previously-provided information to confirm identity.
Please note that Personal Data is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.
B. Do Not Sell:
We do not believe that we “sell” your Personal Data as such is defined under the CCPA and will not sell your Personal Data we collected during a period in which we did not offer you the opportunity to opt-out of a sale unless we first obtain your affirmative consent to do so. However, while there is not yet a consensus, and although we think otherwise, data practices of third-party cookies and tracking technologies associated with our websites and mobile applications may potentially be determined to constitute a “sale” of your Personal Data as defined by the CCPA. Because we do not think these third-party activities are a sale by us, we do not offer an express “Do Not Sell” option. However, the rest of this section explains how you can exercise control over cookies, essentially opting out of their data collection, and in some cases provide certain opt-outs directly to cookie operators.
For instance, you can exercise control over browser-based cookies by adjusting the settings on your browser, and mobile devices may offer ad and data limitation choices. Please note that when you use cookie control tools, you will have to change your settings for each browser and device you use, and your limitation on cookies can limit the functionality of online services you use, including our services. Use the help function on your browser or click on the applicable links below to learn more:
- Chrome
- Firefox
- Internet Explorer
- Safari
You can use mobile device settings to limit mobile tracking technologies and associated activities. For instance, you can adjust or reset the advertising identifiers on your mobile device in the device settings. iOS users can visit Settings > Privacy > Advertising > Reset Advertising Identifier. Android users can visit Google settings > Ads > Reset advertising ID. These controls work much like deleting cookies in a browser—the device is harder to associate with past activity, but tracking may still occur using the new advertising identifier. In addition, third party tools may enable you to search for and opt-out of some of these trackers, such as the Ghostery browser plug-in available at https://www.ghostery.com/.
Some third parties that may collect personal information in association with your use of our online services for advertising, analytics and other purposes, and may sell that Personal Data downstream, provide you the opportunity to opt-out of their Sales. Please visit https://www.privacyrights.info/ to opt-out of the sale of Personal Data by participating Third Parties. You must opt out on every device and browser you use in order to effectuate your “Do Not Sell” requests from these parties. However, opting out does not mean you will stop seeing ads and you may continue to still see interest-based ads. To learn more about interest-based advertising and additional opt-out choices related to it, please visit https://optout.aboutads.info/?c=2&lang=EN and https://optout.networkadvertising.org/?c=1.
For more information on cookies and other tracking technologies that may be associated with our web sites and mobile applications, and more information on ways you may exercise preferences regarding them, see also our Cookie Policy.
Clearing cookies or changing settings may affect your choices and you have to opt-out separately via each browser and other device you use. Cookie-enabled opt-out signals may no longer be effective if you delete, block or clear cookies. We are not responsible for the completeness, accuracy or effectiveness of any third-party notices, tools or choices.
Some browsers have signals that may be characterized as do not track signals, but we do not understand them to operate in that manner or to indicate a “Do Not Sell” expression by you, so we currently do not recognize these as do not sell requests. We understand that various parties are developing “Do Not Sell” signals. Since we do not believe that we currently sell Personal Data, we do not currently look for such signals.
We will not knowingly sell the Personal Data of Consumers under 16.
We may disclose your Personal Data for the following purposes, which are not a sale: (i) if you direct us to share your Personal Data; (ii) to comply with your requests under the CCPA; (iii) disclosures to our Service Providers, or as part of a merger or asset sale; and (iv) as otherwise required or permitted by applicable law.
C. Delete:
Except to the extent we have a basis for retention under CCPA, you may request that we delete your Personal Data that we have collected directly from you and are maintaining. Our retention rights include, without limitation, to complete transactions and service you have requested or that are reasonably anticipated, for legitimate internal business purposes, including maintaining business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. Note also that we are not required to delete your Personal Data that we did not collect directly from you. To make a request, please send an email to privacy@raceroster.com with the subject line “Personal Data Deletion Request”, or call us at 1-855-969-5515.We may request account history, account activity, other names associated with your account (i.e., co-registrants), or verification of previously-provided information to confirm identity.
D. Non-Discrimination and Financial Incentive Programs:
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable data. In addition, we may offer you financial incentives for the collection, sale and retention and use of your Personal Data as permitted by the CCPA that can, without limitation, result in reasonably different prices, rates, or quality levels. The material aspects of any financial incentive will be explained and described in its program terms. Please note that participating in incentive programs is entirely optional, you will have to affirmatively opt-in to the program and you can opt-out of each program (i.e., terminate participation and forgo the ongoing incentives) prospectively by following the instructions in the applicable program description and terms. We may add or change incentive programs and/or their terms by posting notice on the program descriptions and terms linked to above so check them regularly.
E. Authorized Agents:
You may designate an agent to exercise your CCPA rights on your behalf. To provide information to an Authorized Agent, we must receive information from the Authorized Agent that can verify your account history, account activity, other names associated with your account (ie, co-registrants), or verification of previously-provided information.
F. Our and Other’s Rights:
Notwithstanding anything to the contrary, we may collect, use and disclose your Personal Data as required or permitted by applicable law and this may override your CCPA rights. In addition, we need not honor any of your requests to the extent that doing so would infringe upon our or any other person or party’s rights or conflict with applicable law.
G. Limitations on Rights
Notwithstanding anything to the contrary, we may collect, use and disclose your Personal Data as required or permitted by applicable law and this may override your CCPA rights. In addition, we need not honor any of your requests to the extent that doing so would infringe upon our or any other person or party’s rights or conflict with applicable law. Further, to protect your privacy and security we will not provide you with access to or copies of sensitive personal information such as government identification or financial account numbers, passwords or answers to security questions or biometric identifiers; provided, however, that we will inform you if we maintain any such applicable types of Personal Data. We are also not required to search for Personal Data not maintained in a searchable or reasonably accessible format that is used for internal purposes only, or other Personal Data where the request is excessive, repetitive, unfounded or overly burdensome. In addition, as explained above, we will reject requests to the extent we are not able to sufficiently verify your identity, or your agent’s authority. If we conclude we have a basis for not fully responding to your request, our response to you will explain the basis for the limitation, unless we are prohibited from doing so by applicable law.
We may receive some limited Personal Information to perform services for other businesses as a Service Provider, but that Personal Data is not subject to our rights request obligations to consumers since we retain it only as a Service Provider. You will need to make your requests directly to those businesses with which you have the consumer relationship.
11. Other California Consumer Notices
In addition to CCPA rights, certain Californians are entitled to certain other notices, including:
a) Third Party Marketing and Your California Privacy Rights
Separate from your CCPA “Do Not Sell” rights, California’s “Shine the Light” law permits California residents to request certain information regarding our disclosure of Personal Data to third parties for their own direct marketing purposes.
We do not share personal information of our customers, as those terms are defined by California Civil Code § 1798.83 (“Shine the Light law” or “STL”) with third parties for their direct marketing purposes without either obtaining your consent or giving you the ability to opt-out. To opt-out of sharing within our family of companies (affiliates) for their direct marketing purposes, notify us at the postal or email address(es) noted below. Our sharing with non-affiliates will be on an opt-in basis for California customers so there is no need to opt-out of that sharing. If you are a California customer, you may also request information about our compliance with the Shine the Light law by contacting us here or by sending a letter, to the following address, as applicable. Compliance is met by providing the California customers the opt-in and opt-out choices described in this paragraph.
Race Roster North America Corp. 186 York Street London, ON N6A 1B5
Any such request must include “California STL Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please indicate if you are opting out of affiliate sharing, seeking information on our compliance, or both. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through these email addresses or mail addresses.
As these rights and your CCPA rights are not the same and exist under different laws, you must exercise your rights under each law separately.
b) Online Privacy Practices
Without limitation, Californians that visit our online services and seek or acquire goods or services for personal, family or household purposes are entitled to the following notices of their rights:
i) Tracking and Targeting
When you visit our online services, we and third parties may use tracking technologies to collect usage information based on your device for a variety of purposes, including serving you advertising, based on your having visited our services or your activities across time and third-party locations. Some browsers may enable you to turn on or off a so-called “Do Not Track” signal. Because there is no industry consensus on what these signals should mean and how they should operate, we do not look for or respond to “Do Not Track” signals.
ii) California Minors
Any California residents under the age of eighteen (18) who have registered to use our online services, and who posted content or information on the service, can request removal by contacting us here detailing where the content or information is posted and attesting that you posted it. Subject to our reasonable verification of your identity, we will then make reasonably good faith efforts to remove the post from prospective public view or anonymize it, so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content by search engines and others that we do not control.
c) eCommerce
In accordance with California Business and Professions Code § 17538 et al., the legal names under which we conduct business online are Race Roster North America Corp., and our business address is:
Race Roster North America Corp.
186 York Street
London, ON N6A 1B5
Within five (5) days of our receipt of your request, California residents may receive verification of this information by email by contacting us here or at the postal address(es) noted above. Residents of California are also entitled to the following specific Consumer rights information: you may contact the Complaint Assistance Unit of the Division of Consumer Services of the Department of Consumer Affairs by mail at: 1625 North Market Blvd., Suite N 112, Sacramento, California, 95834, or by telephone at (916) 445-1254. Hearing-impaired users can reach the Complaint Assistance Unit at TDD (800) 326-2297 or TDD (916) 322-1700. Their website is located at: http://www.dca.ca.gov.
2) Contact Us
For more information on your California privacy rights contact us at 1-855-969-5515.
12. Notice to Nevada Consumers
Although we do not “sell” “covered information” of Nevada “consumers” as those terms are defined by Chapter 603A of the Nevada Revised Statutes, you may contact us at privacy@raceroster.com and register an e-mail contact address for us to provide you notice in the event we should do so in the future, at which point you will have an opportunity to be verified and exercise your opt-out rights under that law. Contact us in the same manner to update your contact email for notices. Changing your email address elsewhere (e.g., information requests, account information, etc.) will not update your Nevada notice contact information. It is your responsibility to keep your notice contact information current.
13. Data Deletion
If you initiate a data deletion request, you agree that Race Roster is authorized to delete or anonymize Personal Data of yours from the Platform even if that means removing its availability to the Event Organizer through the Platform. However, you understand that even if Race Roster deletes or anonymizes your Personal Data upon your request or pursuant to this Policy, your Personal Data may still be available in the Event Organizer’s own databases if transmitted to the Event Organizer prior to Race Roster receiving or taking action on any deletion or anonymization activity.
14. External Links and Race Roster Social Media
We may offer links from the Platform to the sites or apps of our service providers, affiliates or unrelated companies that may be of interest to you. Race Roster makes no representations as to such third parties’ practices for dealing with your personal information.
Race Roster’s use of social media serves as an extension of our presence on the Internet. Social media account(s) are public and are not hosted on Race Roster’s servers. Users who choose to interact with Race Roster via social media should read the terms of service and privacy policies of these third party services/platforms.
This Privacy Policy only applies to the Race Roster Platform and does not govern the activities of third parties. We recommend that you check the privacy policies of any apps, sites or platforms you associate with before sharing your personal information with such third parties.
15. Changes to this Privacy Policy
We may change this Privacy Policy from time to time in order to better reflect our current data handling practices. Thus, we encourage you to review this Privacy Policy frequently, and especially before you provide us with your Personal Data. The “Last Updated” date at the top of this Privacy Policy indicates when changes to this policy were published and thus in force. In some cases (for example, if we significantly expand our use or sharing of your Personal Data), we may also tell you about changes by additional means, such as by sending an e-mail to the e-mail address we have on file for you. In some cases, we may request your consent to the changes. Your continued use of the Platform after any changes or revisions to this Privacy Policy indicates your agreement with the terms of such revised Privacy Policy.