Racefully Privacy Policy

(5 June 2016)


Here at Racefully we strive to be straightforward and open about our business practices and to act with integrity at all times. This is especially the case with respect to how we manage and use your personal data.

This privacy policy therefore aims to clearly and transparently set out how we handle your data and protect it, and how we use it. If you have any questions about our privacy practices or anything else we do, please email us at privacy@raceful.ly

Who we are

"Racefully" is the brand we trade under and a registered trade mark of Project X Ltd. The Racefully mobile app (our 'app'), our websites at raceful.ly and runselfi.es (our 'websites'), our blog at blog.raceful.ly (our 'blog') and our pages on Facebook, LinkedIn, Twitter and Instagram (our 'social media pages') are all operated by us, Project X Ltd.

So, when this Privacy Policy refers to 'we', 'us', or 'our', we mean Project X Ltd.

Application of this Privacy Policy

This Privacy Policy applies to all information that you provide or that we collect through:

your use of our app, websites, blog and social media pages (our 'Services'), and

any communications between you and us using our Services or other means, such as over the phone or by email.

This Privacy Policy forms part of the contract between us under our Terms of Service.

Your Consent

By registering for or using our Services, you are consenting to our use of the personal data we collect from you in accordance with this Privacy Policy.

Information we collect

We collect information, including information from which you are personally identifiable ('personal data'), when you choose to provide it to us and through your use of our Services.

Information you provide

We collect personal data that you provide when you: register for our Services, create a Racefully user profile, connect any of your social media accounts to our Services, connect any third party health or fitness apps, software, wearables or other devices ('trackers') to our Services, contact us with inquiries, comments or feedback, make payment for any Services that we provide on a paid-for basis, provide information through our Services about yourself (for example, in relation to your fitness goals or achievements), upload or post messages, photos or other information through our Services, or participate in any surveys or competitions that we may run.

Please note that it is possible for you to connect certain of the Services to your email and social media accounts, such as Gmail and Facebook ('third party services'). If you have consented to allow any of your third party service providers to provide personal data or other information to us, then we may collect that data or information. This information may include your name, profile picture, gender, user ID, email address, your country, your language, your time zone, the organizations and links on your profile page, the names and profile pictures of your social networking site “friends” and, if you decide that you wish to invite them to join Racefully, their contact details, so we can arrange for them to receive your invitation, together with any other information you have included in your social networking site profile. We may use that information to supplement the information we have about you and/or to provide and improve our Services.

We hope you have also seen and enjoyed our blog (blog.raceful.ly) and our social content sharing site, runselfi.es. Both our blog and runselfi.es are managed by us but we use Media Temple to host our blog and runselfi.es, and RebelMouse to manage runselfi.es. You should be aware that if you post messages, photos or other information on our blog or on runselfi.es, your personal data may also be collected or used by Media Temple and/or RebelMouse, in accordance with their privacy policies, which can be found at https://mediatemple.net/legal/privacy-policy/ and https://blog.rebelmouse.com/privacy-policy/ . Please read these policies to make sure you are comfortable with them before posting any personal information on either site. You should also note that any information which you post may be accessed at any time by other people and businesses and could be used by them for their own purposes. In short, you should only post information on publicly available sites like our blog and runselfi.es if you are happy for it to be in the public domain.

Information collected through your use of the Services

We also collect personal data automatically through your use of the Services. For example, when you download and run our app, we will be provided with a unique ID that identifies your device to our Services. In addition, in order to provide the Services, we collect information on where you are, how far you have gone, and how long you have been exercising. If you have connected trackers to our services, we will also automatically collect the data that they make available.

Fitness-related data

We currently collect only very limited data directly through our app relating in any way to your fitness, and only if you choose to provide such data. Specifically, we collect information about your weight, if you choose to set a weight-related goal on the app. We do not directly collect any other physical or fitness-related data unless you decide to include it in the free-form text entry section provided when you set other goals on the app or in any other content that you choose to post though our Services. We are however able to infer information about your fitness from our understanding of how often you exercise, the terrain and topology of where you exercise and the prevailing environmental conditions, how far you go, your pace, and, if you have provided this information, your weight. In addition, if you have connected any other fitness tracker(s) to our Services, we will collect the information provided to us by the tracker(s). As trackers become more sophisticated, it is likely that they will provide a more detailed and broader range of information, but currently many devices already monitor the number of steps you take, your cadence and your heart rate. If you have configured your tracker(s) to provide this information to us, we may use it to supplement our understanding of your fitness and to provide and improve the Services for you.

Location data

When you use our Services, we may collect your location data. In particular, to make our app as useful as possible to you, we need to track your real-time geographic location as precisely as possible. Depending on the Services you use, as well as the availability of GPS, mobile and wifi services where you are, we may therefore collect: (1) IP-based location data derived from your IP address, (2) coarse, network-based geo-location data based on the proximity of network towers or the location of WiFi networks, (3) fine geo-location data based on coordinates obtained from your mobile device's GPS. Your fine, GPS-based geo-location will not be accessed without your specific consent. We also will not share your GPS geo-location data without your consent. Except as otherwise specifically set out in this Privacy Policy, we will only share your GPS geo-location data: (1) with other users of our Services whom you have selected to share this information with (for example, so you can each see where you are running), and (2) with our third party service providers, but only for purposes of providing the Services, and (3) in all other circumstances, with other third parties, but only on an anonymised, aggregated basis, so that no individual user can be identified.

Non-identifiable data

When you use our Services, we may receive or collect information about the services and devices you are using. We cannot specifically identify you personally from this information. This information may include the IP address of the device you are using to access the Services, browser type, operating system, the referring/exit web page, pages visited, location, date/time stamp, numbers of clicks, your mobile carrier, device information (including mobile phone and/or fitness device and application IDs), search terms, and cookie or other tracking information ('Non-identifiable data'). We may store this data ourselves or it may be included in databases owned and managed by our service providers. In addition, we use Google Analytics as a method of tracking site statistics and user behaviour using the Services. We use Non-identifiable data and the information provided by Google Analytics to better understand our users, their preferences and how they use our Services, and to provide and improve our Services for our users.

How will we use your information?

We will use your personal data in accordance with applicable law and this Privacy Policy. In particular, we will use your personal data to enable you to use the Services, to monitor and understand your use of the Services, to ensure that access to and use of the Services are kept secure, and to improve the content and functionality of the Services. In addition, if you provide personal data for a certain reason, we may use it in connection with the reason for which it was provided. (For example, if you contact us with a service enquiry or support request, we will use the personal data you provide to respond to you). We may also use your personal data to contact you by email, text or other messaging services and tell you about new features, products or services that we believe may be of interest to you ('promotional communications'). If you wish to opt-out of receiving promotional emails or messages, please click the “unsubscribe” link at the foot of the message. Please note however that while you are using our Services, we may need to send you other communications relating to the security and functioning of the Services and your account ('service-related communications'). Unless you terminate your arrangements with us and cease using the Services, you will not be able to opt out of receiving service-related communications.

How will your information be shared?

This section describes how your personal data may be shared on our Services and with third parties.

Information sharing in our services

Our Services are intrinsically social, and therefore when you provide us with certain personal data it may be shared with other users of the Services, as well as to other social networks where you have chosen to do this. For example, if you invite a friend to join Racefully on Facebook using the Services, the content you choose to share with them on Facebook will be accessible on the Facebook platform.

When you download the app, you will be invited to create a user profile. You will need to provide your name (or nickname) and an email address, and will also be able to upload a profile picture, record and upload a short audio name tag so that other users know what you're called, and share your goals if you wish. If you sign in using a social network, we will automatically use your social network profile picture, name and email in your Racefully user profile. By default, this information will not be shared with other users, except as follows:

If you use runselfie.es or our blog to post images or other content, your user name and time of posting will be shared with anyone using this service. Please always ensure that if you post images of other people, or content relating to them, or from which they may be identified, you have their permission.

Privacy controls

We have designed our app to give you control over how your data is shared on the app. Please select 'Settings' and then 'Privacy settings' to access these controls. You can use them to determine whether your profile, goals, run summaries, and location and fitness levels are viewable only by you, by your friends on the app, or publicly with all users of the app. Because Racefully is an inherently social app, by default, your profile picture, name/nickname and broad location (city / state level only) will be shared on the Services. Otherwise, friends would potentially be unable to find you on the app. However, you can use the app's privacy controls to limit the sharing of this data just to existing friends or to no one, and by default, none of your other data settings are set to public. However, to get the most out of the social aspects of the app, you may wish to use the app's privacy controls to change some or all of these settings to public. The choice is entirely yours.

Information sharing with third parties

In addition to the sharing of personal data on the Services, we may share your personal data directly with third parties, as described in this Privacy Policy. Circumstances in which we may share your personal data with third parties without further notice to you include:

Use of service providers

We use service providers to perform certain services for us. For example, we currently or may in the future use service providers to host our websites and databases, manage user communications and provide user support, provide website and data analytics services, provide fraud protection and / credit risk information, and process payments. When we hire a service provider to provide such services, we may need to share access or provide them with certain personal data. However, we only do this to the extent necessary to enable them to perform their services effectively for us and require them to keep all such data secure. More information on the service providers we use is set out in the “International transfers” section below.

Legal requirements

We may also disclose your personal data if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with our legal obligations, (b) protect other users or the public, (c) protect and defend our rights and property or the safety of our employees or others, (d) ensure your compliance with our Terms & Conditions and this Privacy Policy, and (e) protect against legal liability.

Business transfers and other events

In the course of our operations, we may buy, sell or otherwise dispose of certain businesses or assets. In the event of a sale, merger, reorganization or winding up we may transfer personal data to the party acquiring or taking over some or all of our business or assets. We will only make such transfer on the understanding that the party to whom the personal data is transferred will continue to abide by applicable data protection laws and comply with the terms of this Privacy Policy.

We will not share, rent, sell or transfer your personal data to any third party except as described in this Privacy Policy.

International transfers

In order to provide the Services, we need to share certain information, including personal data, with service providers located outside the EU where data protection standards may be less rigorous. These service providers and the services they provide include: Facebook and Google (to enable user authentication on sign-on to the app), Localytics (to track usage of our app), Crashlytics (to help us diagnose technical issues), Firebase (to enable live racing), Branch (to send friend requests), Mailchimp to manage our user email database and send communications to you, Zendesk (for customer support), Typeform (for surveys), Shortstack (for promotions) and Google Analytics (to better understand how our blog and websites are used). Each of these providers are contractually bound to keep your data secure and only to use if for the purposes of enabling us to provide the Services and, in the case of Facebook and Google, in accordance with the privacy policies or notices they have shared with you in relation to your use of their services.

Aggregated personal data

We may aggregate information about you with information collected from other users of our Services or from third parties and analyse it to better understand our users' demographics, interests and behaviours. We may also anonymise and aggregate this information and share it with our affiliates, agents and business partners. Such anonymised and aggregated information will not identify you personally.

Cookies and other tracking technologies

When you use our websites and certain other Services we may place cookies or other tracking technologies on your device.

Cookies

Cookies are small data files stored on your computer, mobile phone or other device ('device'). Like other websites and services that you use, we and our service providers place cookies on your device to enable us to recognise you when you use our Services, make our Services easier or faster to use (for example, our Services may set a cookie on your browser that saves you from needing to enter your password more than once when using one of our websites), enable specific features for your use, monitor and understand your use of our Services; and to support or enable security features and protect you, others and us. In addition, we and our third party analytics providers may place cookies on your device to enable us to better understand how our Services are used and to develop and improve them. Our third party analytics providers are set out immediately below, along with links to their privacy policies: Google Analytics, Localytics and Branch. As part of providing their services, these service providers may collect and store anonymous information such as time of visit, pages visited, time spent on each page of the website, IP address, and type of operating system used. Please read their privacy policies to ensure that you are comfortable with the manner in which they use cookies.

You can disable cookies delivered via an internet browser or set your browser to alert you when cookies are being sent to your device; however, disabling cookies may affect your ability to use certain Services or simply stop them from working. We therefore recommend that you keep cookies turned on when using our Services. For more information about cookies and how to refuse them, click here.

Exclusions

We believe there is a material difference between personal data that we collect automatically through your use of the Services or you provide to us in the reasonable expectation that it will be kept secure and confidential (for example, your user name and password and credit card information) and information that you provide with the intention that it should be publicly available on any of the Services, or which you send to us on an unsolicited basis. We shall therefore be entitled to reproduce, use, share and distribute any content that you post on any of our Services that are publicly available (for example, runselfi.es and our social media pages), or send to us on an unsolicitied basis (for example, new service or product ideas) without attribution or payment of compensation to you.

We cannot and will not be responsible for how any users or third parties use any personal data that you choose to make publicly available on the Services. Please therefore always carefully consider what you post publicly and ensure it is appropriate before doing so.

Children

We do not knowingly seek or collect personal data from people under the age of thirteen. If you are under thirteen, please do not use the Services. If you are the parent or guardian of a child under the age of thirteen and have reason to believe they have provided personal data to us, please contact us at privacy@raceful.ly. We may need to request certain information from you to verify your identity. Where we are satisfied that we have been provided personal data by a child under thirteen and you are entitled to ask us as their parent or guardian to delete such data, we will use all reasonable endeavours to do so.

Links to other websites and services

Our websites and other Services may link to or frame third party websites or services. This Privacy Policy does not apply to how those third parties may collect or use your data. Please refer to the privacy policies of those third parties before using their websites or services or providing personal data to them.

Security

We are legally obliged to take appropriate technical and organisational measures against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, that data. The steps we take include ensuring that technical and organizational procedures and physical security measures are implemented, kept up to date and maintained to protect against unauthorised access to systems on which we store personal data and the unauthorised or accidental loss or disclosure of that data. Specifically, all our data is transmitted using SSL (secure sockets layer technology) and stored securely on Amazon’s AWS cloud. However, the internet, email and other communications services are not fully secure or error free. You should therefore take special care when deciding whether to share personal data with us or anyone else using these services.

We restrict access to your personal data to our personnel and service providers who need access to it to manage, provide or develop the Services or otherwise use it in accordance with this Privacy Policy. We require all such persons to keep your personal data confidential and access it only for the purposes set out in this Privacy Policy.

To further protect access to your personal data, you need to set a username and password to be able to access your Racefully account. Please keep these details secure, and change your password regularly to reduce the risk of unauthorised access. You should also take care to limit access to your computer and other internet-connected devices and ensure you have logged out when you have finished using your account. Since you control use of your username and password and access to your devices, we cannot be responsible for any activities that take place using your account.

Data integrity

We use your personal data only for the purposes for which it was collected and as set out in this Privacy Policy or any other service-specific notice provided to you. We take steps where we can to ensure that the personal data that we collect is accurate, complete and up to date, but we need your help to ensure that the data you provide is correct and current. Please check your profile and other information on the Services to ensure that it is.

Access to your information

You can access your information and correct or update it through the Services.

If you have any questions about how to do this or about the data we hold about you, please contact us at privacy@raceful.ly. We may need to request certain information from you to verify your identity before we disclose any personal data to you. Please note that we are unable to share data of any other user with you except if they have chosen to share it through the Services with you.

You may choose to cease using the Services and delete your profile at any time. If you delete your profile, other people will not be able to see it. Please note, however, that any other data that you have provided or which we have collected through the Services will be retained and if you made it publicly available, it will remain publicly accessible.

Changes to this Privacy Policy

As we develop our business and Services, we may need to update this Privacy Policy from time to time. Please check it regularly to make sure you understand it and are comfortable with it, particularly before providing any personal data. If you use the Services after any changes or revisions to this Privacy Policy this will be treated as your acceptance of those changes and/or revisions.


Contact us

If you have any other comments or questions, please contact us at privacy@raceful.ly and we will do our best to respond promptly and helpfully.