We take the safety and integrity of your data very seriously indeed. Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
When we use personal data we are regulated by the Information Commissioner under the General Data Protection Regulation EU 2016/679 as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 (UK GDPR) and the Data Protection Act 2018 (together, Data Protection Legislation). We are accountable as Controller of that personal data for the purposes of Data Protection legislation.
Any information relating to an identified or identifiable natural person.
Personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; personal data concerning health, sex life or sexual orientation.
In the course of your interaction with us and your use of our resources, either as an individual cyclist or as a registered cycling club in the UK, we will collect from you the following personal data :
● If you are a cyclist, your name, your email address, your date of birth, your IP data; information revealing your gender, your ethnicity, your religious affiliation, your sexual orientation and whether you have any disability;
● If you are a registered cycling club, the name of your key contact individual.
This personal data is required to enable us to provide our resources and make them available to you.
If we are not provided with the personal data we ask for, it may delay or prevent us from providing
the information which you are seeking.
We collect your personal data directly when you register with us and create your profile and subsequently when you leave your reviews or otherwise interact with us via our website.
Under Data Protection Legislation, we can only use personal data if we have a legal basis for doing so. These are mandated by the legislation and include:
• your consent;
• to comply with our legal and regulatory obligations; or
• for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use personal data, so long as this is not overridden by the data subject’s own rights and freedoms. In the case of both cyclists and cycling clubs our legal bases for processing will be your consent and our legitimate interest. When we process any special category personal data which you might provide us, we will do so on the condition that we have your express consent, which you give us at the time that you enter such special category personal data in your profile. We will use the data provided to implement new platform features, track various diversity and inclusion trends across disciplines and regions, and push cycling clubs to begin sharing diversity data and make changes to their practices in response to the insights we provide.
We will always treat your personal data with the utmost respect and never sell it to other organisations for marketing purposes.
We only share personal data with our external providers in order to enable us to provide our services to you, such as our server providers and cloud computing service providers. We only allow our external providers to handle personal data if we are satisfied they take all appropriate measures to protect all personal data and only on our written instructions. We may very occasionally disclose and exchange information with cycling clubs in order to encourage changes in their practices, but it will only be aggregated and anonymised data. In addition, some personal data of cyclists may be shared as part of a research project with a UK University, but again it will be anonymised.
Personal data is kept securely in a password protected environment. Where we engage cloud-based service providers, it is on the basis of a written Data Processing Agreement and we conduct due diligence on the location of the servers on which our data is stored. Many of our suppliers store data on servers which may be located outside the United Kingdom. For more information, including on how we safeguard personal data if it is transferred outside the UK or the EU, see below: ‘Transferring personal data out of the UK.
The privacy and the security of personal data is our utmost priority, and we recognise our obligation to keep it secure and private.
We have put in place industry-standard security practices to prevent personal data from being accidentally lost or used or accessed unlawfully including access restriction or control. We limit access to any personal data to our employees and contractors with a genuine business need to access it and subject them to strict obligations of confidence.
We will retain the personal data of cyclists and of the nominated contact individuals of cycling clubs only for as long as the user account and profile remains active on our web site. When it is no longer necessary to retain personal data, we will delete it.
Some of our third party providers may store our data on servers which may be located outside the UK.
These transfers are subject to special rules and safeguards under European and UK data protection
law with which we fully comply. For more information regarding these rules, please contact
Restriction of processing
The right to object:
—at any time to personal data being processed for direct marketing
—in certain other situations to our continued processing of
personal data, e.g. processing carried out for the purpose of our legitimate interests.
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation. To exercise any of those rights, please contact us —see below: ‘How to contact us’.
We hope that we can resolve any query or concern raised about our use of personal information. The UK GDPR also gives the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.