Last Updated: June 12, 2019
Athlinks and ChronoTrack including ChronoTrack Systems Corp. and its subsidiaries (collectively, “Athlinks,” “we,” “us,” or “our”) respect your privacy and are committed to protecting your personal information.
By visiting our websites or using any of our products or services, you agree that your personal information will be handled as described in this policy.
In order to sign up to use our Services, there is some Personal Data we obtain that you voluntarily provide to us. This Personal Data may include, but is not limited to, your contact information such as a first and last name, email address, postal address, and phone number; an account password; your date of birth; your gender; your social media account(s) information; your subscription preferences; your photographs, videos, or other content you or we contribute from your participation in events; your payment and billing information; your participation in or donation to a particular charity or charity event; your geo-location; your emergency contact information; your athletic performance in or your training performance for events; and/or information you include in public forums, messages, comments, searches, or queries through the Services.
From time to time, we may run a sweepstakes or contest through our Services, or ask you to complete questionnaires or surveys. We use the information you provide to administer the sweepstakes, contest or survey, to analyze the results, for research purposes, to send you other information or offers we think may be of interest to you, to comply with legal requirements, and for other purposes as described in this Policy.
Some Personal Data we collect automatically as you use our Services. This Personal Data may include, but is not limited to, your internet protocol (“IP”) addresses; your device and browser type; your internet service provider (“ISP”); your operating systems; statistics on your activities through the Services, such as your login frequency or the length of time spent logged in; information about how you came to our Services; advertising metrics and links clicked within the Services; and/or information collected through cookies, web beacons, and other technologies as described below under “7. Cookies, Web Beacons, and Other Technologies”.
We may also collect Personal Data about you from third-party sources such as, though not limited to, event organizers, event timers, and other commercially and publically available sources. For example, if you click through our Services to register for an event, the event organizer may provide us with your name, contact information, age, gender, and race time. The information we receive from third parties may be combined with the information we collect, including personally identifiable information that we collect about you.
You may also be able to choose to link your account with certain third party applications, such as Facebook or Google. When you link your account to one of these third party applications, we will request permission to access your basic information such as your name, profile picture, gender, networks, user ID, list of friends, and any other information you’ve made public on that application. For more information regarding linking your account with third party applications, please see “3.7 Third Party Applications” below.
We may provide features that rely on the use of additional information on your mobile device or require access to certain services through your mobile device that will enhance your experience but are not required to use the Services. Granting us access to this information does not mean you are granting us unlimited access to that information or that we will access specific information without your permission. Some Personal Data from your mobile device, such as your mobile device ID, your operation system, your mobile carrier, and your IP address, are collected automatically when you use our Services. When using our Services through your mobile device, we will request permission to obtain your current location to provide you with location-related services. In the “Settings” function on your phone, you will have the ability to manually permit or preclude us from recording your geolocation information for certain features of the Services.
We may use the Personal Data that we receive or collect about you for purposes such as to register your account for certain Services we provide, to communicate with you about our Services for customer service purposes, to register you for events and provide event start lists and results, to help facilitate your participation in a charity event, to improve our Services by providing personalized experiences, location customization, personalized help and instructions, and for other customer service purposes. We may obtain additional Personal Data about you to keep our records current.
Third parties should note that we may use information we receive or collect regarding users (including without limitation via an event registration page) in accordance with the terms of this Policy. In certain contexts, we collect information on behalf of third parties that is subject to contractual requirements that limit our ability to use and transfer your information in ways that are narrower than those in this Policy. In those limited circumstances, your information is subject to those contractual requirements and not to this Policy, and is subject to enforcement by the applicable third party. If your information is collected on behalf of a third party, it will be evident at the time that you provide such information. This Policy does not cover a third party’s use of your information outside of our Services. You will need to contact that party directly to determine if your information is subject to such limitations on uses and to determine how the third party will make use of your information.
We may use the Personal Data that we receive or collect about you for internal business purposes such as helping us improve the content and functionality of our Services, to better understand our users and how they use our Services, to improve the Services we offer, to develop new features or services, to manage your account, to provide you with customer service, to help improve our security and prevent fraud, to comply with all legal obligations and rights, and to generally manage the Services and our business.
We may use the Personal Data that we receive or collect about you for communications purposes such as to provide you with information you have requested to receive from us in response to your opt-in requests, to send you electronic communications regarding events, news and updates, newsletters, and promotions, to send you promotional or marketing materials via electronic communications, to provide you with offers for third party products and services, and to inform you of new changes or updates to our Services. We may also use your Personal Data for marketing and advertising purposes such as advertising our Services on third party websites and in displaying targeted content and advertisements to you on or off our Services. For further information regarding electronic communications, please see “5.3 Opting Out of Electronic Communications” below.
We consider your trust in us regarding your Personal Data to be an important part of our relationship with you. Therefore, we will not sell your Personal Data to third parties, including third party advertisers. There are some circumstances, however, where we may disclose, transfer, or share your Personal Data with a third party without notice to you, as described below.
When you register for an event through an event page or through a page on our Services, we provide the Personal Data entered on the applicable page to the event organizer. If an event has a charity fundraising component to it, your Personal Data may be provided to that charity as well. An event organizer may appoint a third party, which may or may not be affiliated with the event organizer, to create an event page on its behalf, in which case, that third party may also have access to your Personal Data. By using our Services to register for an event, you agree that Athlinks is not responsible for the actions of these event organizers or third parties they use with regards to your Personal Data. It is important that you review the applicable privacy policies of the event organizers, and if applicable, their appointed third parties, before providing Personal Data or other information in connection with an event.
We may share aggregate or anonymized information about users with third parties for marketing, advertising, research, or similar purposes. For example, if we display advertisements on behalf of a third party, we may share aggregate, demographic information with that third party about the users to whom we displayed the advertisements.
Some our Services allow you to connect your Athlinks account to third party services, like Facebook or RunSignUp for example, through Single Sign On authorization (“SSO”). If you choose to connect your account with a third party application, that third party application may have access to certain Personal Data including, but not limited to, your name, username, email address, location, and age. Connecting your account may also allow a third party application to collect your IP address, which page(s) you are visiting on our Services, and may set a cookie for its feature(s) to function properly. Additionally, that third party application may share some of your Personal Data on its service with Athlinks, and your interactions with it on our Services may be shared with others within your social network. Depending on the application, your ability to adjust your account settings and the sharing of your Personal Data may reside in our Services or within the third party application. Please be aware that your ability to use SSO with third party applications may be impacted and/or prevented by any limitations you set with your Personal Data.
We may disclose your Personal Data if required to do so by law in order to respond to a subpoena or request from law enforcement, a court, or a government agency (including in response to public authorities to meet national security or law enforcement requirements), or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect or defend our rights, interests, or property, or that of third parties, (iii) prevent or investigate possible wrongdoing in connection with our Services, (iv) act in urgent circumstances to protect the personal safety of users of our Services or the public, or (v) protect against legal liability.
We take your security seriously and strive to take reasonable steps to protect your information. No data transmission over the internet or information storage technology can be guaranteed to be 100% secure. The following is a summary of the measures we take to protect the Personal Data you provide us and an explanation of ways we implement these measures. We continue to evaluate and implement enhancements in security technology and practices, however we can only take steps to help reduce the risks of unauthorized access. You can also take steps to protect your information and further minimize the likelihood that a security incident may occur.
We use Secure Socket Layer (“SSL”) encryption when transmitting certain kinds of information, such as payment information or Personal Data. An icon resembling a padlock is displayed in most browsers’ window or address bar during SSL transactions. For example, any time we ask for a credit card number for payment or for verification purposes, it will be SSL encrypted in its transmission to our third party payment gateway, Authorize.net. The information you provide will be stored securely on Authorize.net services. Once you choose to store or enter your credit card number in our Services, it will not be displayed back in entirety for any users. Instead of the entire number, you will only see asterisks and either the first four digits or the last four digits of your number.
We maintain reasonable physical, electronic, and procedural safeguards that comply with federal regulations to protect personal information about you.
We work with vendors and partners to protect the security and privacy of user information. We host our Services on Amazon AWS, who maintains its own procedures and controls to ensure data security. Details can be found at https://aws.amazon.com/security/#overview.
We limit access to personal information about you only to those trained employees who we reasonably believe need to come into contact with that information to provide products and services to you in order to do their jobs.
You may request access to some of your Personal Data being stored by us. As required by applicable law, including the U.S.–EU Privacy Shield Framework, you may contact us to confirm whether we maintain, or process on behalf of a third party, any of your Personal Data.
If your personal information changes, or if you have determined that the Personal Data we collected about you is inaccurate or processed in violation of applicable law, including the U.S.–EU Privacy Shield Principles, you may also request that your Personal Data be corrected, amended, or deleted. Requests for access to your Personal Data and to have it corrected, amended, or deleted should be sent to firstname.lastname@example.org or to the mailing address provided under “Contacting Us”. We will try to meet all requests regarding Personal Data, however, we may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.
If your information has been shared with a third party, as described above, then that third party has received their own copy of your data. If you have been contacted by one of these third parties and wish to correct or request they delete your information, please contact them directly.
You can browse our Services without providing any Personal Data (other than data automatically collected to the extent it is considered Personal Data under applicable laws) or by limiting the Personal Data you provide. If you choose not to provide any Personal Data or limit the Personal Data you provide, you may not be able to use certain functionality of the Services.
Athlinks may send you electronic communications marketing or advertising through the Services themselves or events on the Services. When you use our Services, you have the option of signing up for “Athlinks News and Updates” and “Partner Offers” from us or other third parties. If at any time you would like to stop receiving the information that you have requested to receive from us, you may follow the opt-out instructions contained in any such electronic communication. Additionally, you may also manage your email preferences at any time through your account.
If you opt-out of receiving emails or promotions from us, we may still send you emails about your account or any Services you have requested or received from us, or for other customer services purposes. In addition, you may still receive emails sent by third parties through means other than our Services. If you opt-out of receiving information related to a particular event, you may still receive Athlinks communications or communications from other organizers whose events you have attended, are registered to attend, or who have otherwise obtained your email address. You may have to unsubscribe from multiple emails before you stop receiving all communications related to events for which you registered through our Services.
If you connect a third party application through SSO or sign up for other social media integrations, you may receive social notifications from these additional services or from Athlinks’ Services. You can manage these social notifications by toggling your social settings to private or disconnecting such integration. For more information regarding connection of third party applications, see “3.7 Third Party Applications”.
We may retain your Personal Data as long as you are registered to use our Services. You may close your account by contacting us by email at email@example.com or by mail at the address listed under “13. Contacting Us”. However, please be aware we may retain Personal Data for an additional period as required under applicable laws. After we delete your Personal Data, it may exist on backup or archival media or servers for an additional period of time for legal, tax, or regulatory reasons, or for legitimate and lawful business purposes.
The Children’s Online Privacy Protection Act of 1998 and its rules (“COPPA”) requires us to inform parents and legal guardians about our practices for collecting, using, and disclosing personal information from children under the age of thirteen (13). In some countries, even higher age limits may apply. Athlinks does not intend to collect Personal Data from children under the age of thirteen (13), or the otherwise applicable age limit if different in your country of location. If you are aware of a user under the age of thirteen (13) who has provided Personal Data through our Services, please contact us at firstname.lastname@example.org. Parents and legal guardians may choose to provide information about their children, even if under the age of thirteen (13), for the purposes of event registration on our Services. Please be aware that the results of all events, including name, age, gender, and results time, are made publically available and published online after an event’s completion.
Athlinks is responsible for the processing of personal data it receives under the Privacy Shield Framework, and subsequent transfers to a third party acting as an agent on its behalf. Athlinks complies with the Privacy Shield principles for all onward transfers of personal data from the EU or Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Athlinks is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Athlinks may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you are an EU or Swiss resident and have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim.
Under certain conditions, more fully described on the Privacy Shield website, if you are an EU or Swiss resident, you may invoke binding arbitration when other dispute resolutions have been exhausted.
In an ongoing effort to better understand and serve the users of our Services, we often conduct research on our customer demographics, interests, and behavior based on Personal Data and other information that we have collected. This research may be compiled and analyzed on an aggregate basis and this aggregate information does not identify you personally and we therefore consider and treat this data as Non-Personal Data.
Our Services are not currently configured to respond to browsers’ “Do Not Track” signals because at this time no formal “Do Not Track” standard has been adopted.