Depending on the type of service or location where the services take place, different Spartan Race entities will be the data controller in relation to your personal data. The data controller is Spartan Race, Inc. and the Spartan Race affiliate(s) named when your personal data was collected or the affiliate(s) identified in the Spartan Race media source (website, email, etc.) that referred you to this Privacy Notice.
2. Your Acceptance
4. Information We May Collect
Except as disclosed below, we do not sell, barter, give away, or license your personal information.
(a) Information You Provide to Us. If you have registered with Spartan Race, or ordered items from us, you may have provided us with your name, email address, telephone number, postal address, postal/ZIP code, gender, bank account details, and payment information. If you entered an event you may also have provided your date of birth, photograph, and information about the person who serves as your emergency contact. We also may collect and store your Personal Information that we receive from other sources, (e.g. the information we receive from chronotrack.com or athlinks.com or any race registration company we utilize when you register for an event or to be a spectator). Please be advised that chronotrack.com and athlinks.com have their own privacy policies and you should refer to them for any questions you may have about the information they may collect about you when you register for one of our events or to be a spectator using chronotrack.com or athlinks.com.
(b) Information We Collect Automatically. Even if you do not request a newsletter or fill-out a survey, when you interact with our Sites, we may collect certain information. For example, our servers keep an activity log that tracks all visitors to our Sites. The information our servers collect may include, but is not limited to: your IP address, your registered domain or home server, time of access, date of access, web page(s) visited, number of clicks, software crash reports, type of browser used, session identification number, search terms, search results, access times, and referring website’s addresses.
(c) Cookies and Spyware. We do not install spyware on your computer, nor do we use spyware to retrieve information from your computer.
You have the ability to accept or decline Cookies. Most web browsers automatically accept Cookies, but, if you prefer, you can usually modify your browser setting to decline Cookies. For more information on Cookies and how to disable them, you can consult the information provided by the Interactive Advertising Bureau at www.allaboutcookies.org.
(e) No Information Collected From Children. Our services are not directed to or intended for use by children, except for children who are registered for Spartan Race events by their parents or guardians. We will only collect information about children when we have the express consent from the child’s parent or guardian. The information we collect will only be used by Spartan Race and our partners to provide relevant event entries and participation. We need to use the information that you give us about your children to fulfil our agreement with you to provide our services. [Consistent with the requirements of the US Children’s Online Privacy Protection Act, the GDPR, and all other applicable laws and regulations,] if we learn that we have received information directly from a child under age 16 (or age 13 in certain jurisdictions) without his or her parent’s or legal guardian’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use our services. Subsequently, we will delete such information.
5. How We May Use Your Information
(a) Personal Data Obtained in Connection with the Services. We use your personal data in different ways, depending on the nature of the Services, communications, or other interactions between you and Spartan Race. Below is a table describing how we use personal data we process, why we do it, and the legal basis for each category of use.
|Categories of Personal Data||Purpose for Processing||Legal Basis under the GDPR|
|Name and Contact Details||Deliver or confirm a purchase||Performance of a contract|
|Name and Contact Details||Send service messages email and postal mail regarding the Services such as order updates||Performance of a contract|
|Name and Contact Details||Enable you to enter and participate in an event||Performance of a contract|
|Name and Contact Details||Send information by email, sms messaging, and postal mail about new events and products||Legitimate interests or consent|
|Name and Contact Details||Third-parties to send information by email, sms messaging, and postal mail about their products or services||Consent|
|Name and Contact Details||Fraud prevention and detection||Legal obligation|
|Name and Contact Details||Provide customer services and support||Performance of a contract or legitimate interests|
|Date of birth information||Enable you to enter and participate in an event that have age restrictions||Performance of a contract|
|Purchase/financial account info.||Enable our Partners/Affiliates to process payment of goods and services we provide to you||Performance of a contract or legitimate interests|
|Emergency contact information||If an emergency arises during an event you are participating in||Performance of a contract or legitimate interests|
|Information we collect automatically||Enable us to perform website analytic; and to make our website and the advertising displayed on it, and the marketing messages we send to you more relevant to your interest||Consent|
(b) Use of Anonymous Information. We may use information we collect automatically to help us determine how viewers use our Sites and who our users are in order to improve our Sites. We may also use this information to provide information in aggregated form to our partners and other third parties (e.g. Rakuten Marketing) about how our users collectively use our Sites. We may also use or share this information (or other information, other than Personal Information) in any other manner that we deem appropriate or necessary, subject to your consent.
(c) Third-Parties. We may occasionally have third party representatives, agents, affiliates, and partners perform functions on our behalf, such as event registration, marketing, analytics, etc. These entities may have access to your Personal Information, but only as needed to perform their services.
(d) Emergency Situations. We may also use or disclose Personal Information if required to do so by law or in the good-faith belief that such action is necessary to: (a) conform to applicable law or comply with legal process served on us or our Sites; (b) protect and defend the our rights or property, our Sites or our users, and (c) act under emergency circumstances to protect the personal safety of us, our affiliates, agents, the users of our Sites or the public.
6. How We Share Personal Data
Your personal data will be used by other Spartan Race affiliates for the purposes described above and for accounting, tax and other administrative purposes.
We may disclose some or all of your personal data to third parties in accordance with contractual arrangements we have in place with them, including representatives, agents, affiliates, and partners that perform functions on our behalf, such as event registration, timekeeping, race results processing, marketing, analytics, IT services, data storage, payment processing, survey and market research.
If we determine it to be necessary, we may also disclose your personal data to a third party: (i) to respond to an emergency or health incident; (ii) to comply with any law applicable to us, a court order, a request from law enforcement or other legal process; (iii) to protect the legitimate rights, privacy, property, interest or safety of Spartan Race, our personnel, customers, business partners or the general public; (iv) in relation to a change in ownership or control of Spartan Race such as a merger, sale, acquisition, or bankruptcy; or (v) to prevent, detect to actual or potential fraud or other illegal activities.
Spartan Race will maintain appropriate security measures to minimize the risk that personal data will be lost, used without authorization, or accessed without authorization. We limit access to your personal information to those who have a legitimate business need to use it. Those who process your information will do so only in an authorized manner and are subject to a duty of confidentiality. We have implemented procedures to deal with suspected security incidents involving personal data and will notify the applicable regulators and you of such incidents as required by applicable law.
8. Linking to or from Other Websites
9. International Transfer of Your Personal Data
We transfer your personal information to countries outside the European Economic Area. Spartan Race, Inc. is a United States based company that conducts data processing in the United States. Therefore, we will require that you consent the transfer of your personal data to Spartan Race, Inc. in the United States before providing you with the Services.
We have taken steps to protect your privacy and fundamental rights when your personal data is transferred to third parties the United States and other countries where no adequacy decision of the European Commission exists. Spartan Race will make sure that the recipient is subject to a jurisdiction for which an adequacy decision of the European Commission (including the EU-US Privacy Shield where the recipient is a participant), or that there are adequate safeguards in place such as the Standard Contract Causes or binding corporate rules.
10. Your Rights
Under the European Union General Data Protection Regulation, residents of the European Economic Area have important rights regarding access to and control of your personal data, including:
- Right of Access: You have the right to ascertain what type of personal data Spartan Race holds about you and to a copy of this personal data.
- Right to Complain: You have the right to file a complaint regarding the processing of your personal data to the Supervisory Authority of your Member State.
- Right to Erasure: In certain circumstances you may request that we delete the personal data that we hold about you.
- Right to Object: When we rely on our legitimate interests to process personal data, you have a right to object to this use. We will stop processing your personal information unless we can demonstrate an overriding legitimate interest in the continued processing.
- Right to Portability: You may request that we provide you with certain personal data which you have given us in a structured, commonly used and machine-readable format and you may request that we transmit your personal data directly to another data controller where this is technically feasible.
- Right to Rectification: You have the right to have any inaccurate personal data which we hold about you updated or corrected.
- Right to Restriction: You have the right to request that we stop using your personal data in certain circumstances including if you believe that the personal data we hold about you is inaccurate or that our use of your personal data is unlawful. If you validly exercise this right, we will store your personal data and will not carry out any other processing until the issue is resolved.
Please bear in mind that your rights in relation to your personal data are not absolute and that we must be cognizant of our legal obligations. If you choose to exercise some of your rights, we may not be able to perform the actions necessary to provide the Services or otherwise achieve the purposes set forth above.
You can exercise these rights by contacting us using the information in the Contact Us section below. We may request that you provide proof of your identity for security reasons and in order to prevent the unauthorized disclosure or misuse of personal data. We will only charge you for requests to access your personal data where they are unreasonable, unfounded or excessive. If we are unable to honor your request, or before we charge a fee, we will let you know why.
11. Retention of Personal Data
We will keep your personal data for the time necessary to fulfill the purposes for which it was collected, including any legal, accounting or reporting requirements. To determine the appropriate retention period, we consider the categories, amount, nature and sensitivity of personal data, the potential risk of harm from unauthorized use of disclosure of the personal data, the purposes for which we process the personal data, if we can achieve the purposes through other means, and the applicable legal requirements.
We may change our ownership or corporate organization while providing you with access to our Sites. As a result, please be aware that we may transfer your information to another company that is affiliated with us or with which we have merged.
13. Changes to this Policy
This Privacy Notice became effective on May 25, 2018 and was last updated on June 8, 2018.
We may amend this Privacy Notice on occasion, at our sole discretion. Any change will be effective immediately. You should check this page from time to time to note any changes we make, as they will be binding on you. We will notify you of changes to this Privacy Notice by updating the version date. We may also notify you of changes in other ways, including by email.
14. Managing Your Information/Opting-Out
You may always opt-out of receiving future email and postal mail marketing and other messages and newsletters from us or request that your information be removed from our Sites or corrected. To make such a request, please contact us at firstname.lastname@example.org.