Cycle Together Limited – Privacy Notice
We take the safety and integrity of your data very seriously indeed. Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
When we use personal data we are regulated by the Information Commissioner under the General Data Protection Regulation EU 2016/679 as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 (UK GDPR) and the Data Protection Act 2018 (together, Data Protection Legislation). We are accountable as Controller of that personal data for the purposes of Data Protection legislation.
We, us, our
It would be helpful to start by explaining some key terms used in this policy:
Cycle Together Limited, a limited company incorporated in England and Wales under registered number 13577019 with registered office at 63 Bermondsey Street, London, United Kingdom, SE1 3XF.
Any information relating to an identified or identifiable natural person.
Personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; personal data concerning health, sex life or sexual orientation.
Personal data we collect
In the course of your interaction with us and your use of our resources, either as an individual cyclist or as a registered cycling club in the UK, we will collect from you the following personal data :
● If you are a cyclist, your name, your email address, your date of birth, your IP data; information revealing your gender, your ethnicity, your religious affiliation, your sexual orientation and whether you have any disability;
● If you are a registered cycling club, the name of your key contact individual.
This personal data is required to enable us to provide our resources and make them available to you.
If we are not provided with the personal data we ask for, it may delay or prevent us from providing
the information which you are seeking.
How personal data is collected
We collect your personal data directly when you register with us and create your profile and subsequently when you leave your reviews or otherwise interact with us via our website.
How and why we use personal data
Under Data Protection Legislation, we can only use personal data if we have a legal basis for doing so. These are mandated by the legislation and include:
• your consent;
• to comply with our legal and regulatory obligations; or
• for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use personal data, so long as this is not overridden by the data subject’s own rights and freedoms. In the case of both cyclists and cycling clubs our legal bases for processing will be your consent and our legitimate interest. When we process any special category personal data which you might provide us, we will do so on the condition that we have your express consent, which you give us at the time that you enter such special category personal data in your profile. We will use the data provided to implement new platform features, track various diversity and inclusion trends across disciplines and regions, and push cycling clubs to begin sharing diversity data and make changes to their practices in response to the insights we provide.
We will always treat your personal data with the utmost respect and never sell it to other organisations for marketing purposes.
Who we share personal data with
We only share personal data with our external providers in order to enable us to provide our services to you, such as our server providers and cloud computing service providers. We only allow our external providers to handle personal data if we are satisfied they take all appropriate measures to protect all personal data and only on our written instructions. We may very occasionally disclose and exchange information with cycling clubs in order to encourage changes in their practices, but it will only be aggregated and anonymised data. In addition, some personal data of cyclists may be shared as part of a research project with a UK University, but again it will be anonymised.
Where personal data is held
Personal data is kept securely in a password protected environment. Where we engage cloud-based service providers, it is on the basis of a written Data Processing Agreement and we conduct due diligence on the location of the servers on which our data is stored. Many of our suppliers store data on servers which may be located outside the United Kingdom. For more information, including on how we safeguard personal data if it is transferred outside the UK or the EU, see below: ‘Transferring personal data out of the UK.
Keeping personal data secure
The privacy and the security of personal data is our utmost priority, and we recognise our obligation to keep it secure and private.
We have put in place industry-standard security practices to prevent personal data from being accidentally lost or used or accessed unlawfully including access restriction or control. We limit access to any personal data to our employees and contractors with a genuine business need to access it and subject them to strict obligations of confidence.
How long personal data will be kept
We will retain the personal data of cyclists and of the nominated contact individuals of cycling clubs only for as long as the user account and profile remains active on our web site. When it is no longer necessary to retain personal data, we will delete it.
Transferring personal data out of the UK
Some of our third party providers may store our data on servers which may be located outside the UK.
These transfers are subject to special rules and safeguards under European and UK data protection
law with which we fully comply. For more information regarding these rules, please contact
All data subjects have the following rights, which can be exercised free of charge:
To be forgotten
Restriction of processing
The right to be provided with a copy of personal data held on a data subject
The right to require us to correct any mistakes in a data subject’s personal data
The right to require us to delete personal data—in certain situations
The right to require us to restrict processing of certain personal
data—in certain circumstances, e.g. if the accuracy of the data is contested
The right to receive the personal data provided to us, in a
structured, commonly used and machine-readable format and/or
transmit that data to a third party—in certain situations
The right to object:
—at any time to personal data being processed for direct marketing
—in certain other situations to our continued processing of
personal data, e.g. processing carried out for the purpose of our legitimate interests.
Not to be subject to
To withdraw consent
The right not to be subject to a decision based solely on automated
processing (including profiling) that produces legal effects
concerning a data subject
The right to withdraw consent as a legal basis for processing, at any time
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation. To exercise any of those rights, please contact us —see below: ‘How to contact us’.
How to complain
We hope that we can resolve any query or concern raised about our use of personal information. The UK GDPR also gives the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
How to contact us
We can be contacted by email.
For all data subject rights, please contact [email protected]
Our contact details are shown below:
Our contact details
Cycle Together Limited
63 Bermondsey Street, London SE1 3XF
Email: [email protected]