raceXplus Kft Privacy Statement

Introduction

RaceXplus Kft informs its customers and registrants of its entry system about its data management practices and the legal remedies of users. We undertake to manage personal data in accordance with the legislations in force at any time, in particular those listed below:

• Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), in abbreviated form GDPR: General Data Protection Regulation;
• Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information.

Controller’s data:

Name: raceXplus Kft

Seat: H-1037 Budapest, Haránt köz 3/A

Company registration number: 01-09-374023

Tax number: 28790697-2-41, HU28790697

Email address: hello@racexplus.eu

Phone number: (+36) 50 113 4940

Website: www.racexplus.eu

We treat personal data confidentially and take all security, technical and organizational measures that ensure the security of personal data.

If you have any questions which are unclear based on this privacy statement, please contact us using the contact details provided above! We endeavor to respond as quickly as possible, but if it takes more time to answer your question properly, we will do so within a maximum of 15 days.

You can request information on the management of your personal data at any time in writing (by email or letter sent to our postal address) or orally (by phone). Please note that in the event of contacting us by phone, if your claim in connection with data management justifies it (e.g. you request the deletion of your data), we will need to identify you in order to determine if you are eligible for the request before we fulfill it. If the identification is not possible, we can only provide general information in connection with the data management. We therefore propose to indicate your question or claim preferably in writing.

Complaint management and further enforcement options

We do everything in our power to ensure that personal data is managed in accordance with the law. If you feel that we did not comply therewith or you have any question in connection therewith, please let us know using the contact details provided above!

In the event of breach of your rights to the protection of your personal data, for further legal remedies – if the Data Controller does not terminate the infringing behavior despite your indication – you can apply to the National Authority for Data Protection and Freedom of Information at the following contact details:

Postal address: H-1534 Budapest Pf.:834

Address: H-1125 Budapest Szilágyi Erzsébet fasor 22/C.

Phone number: 06-1/391-1400

Fax: 36-1/391-1410

Email address: ugyfelszolgalat@naih.hu

Website: www.naih.hu

Legal basis of data management

By entering our instant challenges, purchasing and ordering our products, subscribing to our newsletters, you enter into a contract with us to perform the specified services and to purchase products.

For data required to execute the contract, the legal basis of managing personal data is the execution of the contract. The completion of these data is mandatory during the registration in the online entry system. The management of data, the completion of which is not mandatory, is based on your consent.

In addition to the general data management consent, we ask for special consent for the sending of marketing emails and messages sent from applications operated by raceXplus. This consent can be withdrawn anytime independently of any other data. Withdrawal does not hinder the participation in instant challenges.

Data managed on the website and in our mobile application

The public content of our website is open to public – without providing personal data –, it is not related to registration or login. Participants can submit the results achieved in our instant challenges only through the mobile application provided by us, the condition of which is a registration and entry on the website.  In connection with the visit and use of the website and the mobile application, we manage the data listed below for the purpose and for the time stated in this brief, furthermore, we ensure the enforcement of your data management rights as follows:

Management of cookies

What is a cookie?

A cookie is a text file stored in your device (computer, smartphone) which you use to access the internet when you open and use our website, which typically contains information about the connection between the web server and your device or the operation of the website (e.g. session ID, which is a unique string of letters, numbers, and other punctuation; the date when you opened or visited the website, etc.), and the content of which is read back occasionally by the web server while you are browsing our website or when you revisit it later. By the content of the cookie, the website (server) is able to improve the user experience and implement the services provided on the website. For example, when you purchase in our webstore, the webstore can usually make difference between purchases and manage the ongoing purchases (e.g. the current contents of your cart) by using these cookies. If your internet connection is lost during the purchase, the website knows based on the previously stored cookie what product you have added to your cart, which product you were looking for, and if the connection is restored, you can continue shopping where you left off.

Purpose of data management

Identifying the users visiting our website, differentiating them from each other, as well as identifying the current session of the users, storing the data provided during it, preventing data loss.

Scope of data managed

Cookies used in our website are so-called functional cookies that support the operation of the website and store the date of the website visit, the session ID and other information in connection with the session that can be interpreted by the program code of the website (numbers and strings). The information stored in functional cookies shall not be transferred to a third party.

Duration of data management

Some of the functional cookies used on our website expire as soon as you leave the website or close our page in your browser. Some additional functional cookies have a longer lifespan (180 days), but the content of these cookies can only be accessed by our website if you revisit our website from the same device and have not deleted these cookies in the meantime.

Enforcement

Most internet browser programs automatically allow the use of cookies. However, you can change, disable and delete cookies at any time. You can access, learn about and view the content of the cookies stored on your device at any time. It is possible to manage, disable, or delete cookies in settings of widespread internet browsers, typically in a submenu Security, Privacy, or Privacy Settings as cookie. Please note that if you disable or reject the use of cookies, the use of certain functions on the website will change or will not be available to you when using a website. For more information on cookie management, see the help of the given program or the following links by clicking on the name of the program: Internet Explorer, Chrome, Mozilla Firefox, Edge.

Google Analytics service

We use Google Analytics to analyze and measure the views, view data and performance of our website. The information collected from the website is automatically transmitted to Google, but it does not (and cannot!) contain any personal data. The collected and transmitted information are statistical data suitable for identification of visitors of the Website, but not suitable for distinguish sessions. For more information on data management of Google Analytics, click here.

Purpose of data management

To distinguish visitors visiting the website from their sessions in order to measure the website performance and to provide statistics on its use.

Scope of data managed

Google Analytics uses cookies to measure website performance and to provide statistics on its use, which contain information that can be interpreted by the service (unique strings of letters, numbers, and other punctuations).

Duration of data management

The validity of cookies used by Google Analytics can be different. There are cookies that expire when you close the site in your internet browser, and there are some, the validity of which are even shorter (1 minute) or maybe significantly longer (e.g. 24 hours or for example 2 years). However, the content cookies valid for a longer period can only be accessed by our website – and the Google Analytics service therethrough – if you revisit our website from the same device and have not deleted these cookies in the meantime.

Enforcement

If you do not want Google Analytics to collect data about your visit to the website, you have the opportunity disable it by installing and using a program designed for this purpose. For more information about the browser plug-in disabling Google Analytics data collection, click here and you can download and install the same. You can also disable cookies used by Google Analytics, along with any additional cookies. You can access, learn about and view the content of the cookies stored on your device anytime.

Facebook pixel

Facebook Pixel is a code that allows the website owner to display customized offers and advertisements on the Facebook interface using the Facebook marketing service. By using this remarketing tracking code, Facebook is able to effectively display advertisements targeting interested visitors (target audience), in addition, it is also able to provide statistical data on website visitors to the website owner. For the operation, Facebook Pixel uses cookies as well. For more information on Facebook data management and cookie management and Facebook Pixel, click here: https://www.facebook.com/about/privacy and https://www.facebook.com/policies/cookies/

Purpose of data management

To distinguish visitors visiting the website from their sessions in order to display customized offers and advertisements on their Facebook site.

Scope of data managed

Cookies used by Facebook Pixel contain information (unique strings of letters, numbers, and other punctuations) that can be interpreted by the service.

Duration of data management

Cookies used by Facebook Pixel are usually valid for 90-120 minutes. The content cookies can only be accessed by our website – and the Google Analytics service therethrough – if you revisit our website from the same device and have not deleted these cookies in the meantime.

Enforcement

You can also disable cookies used by Facebook Pixel, along with any additional cookies. You can access, learn about and view the content of the cookies stored on your device anytime.

Purpose and duration of the website and mobile application

General purpose of data management by raceXplus Kft

• identifying and registering our clients to record entries;
• implementing instant challenges organized by us;
• informing our clients and providing our marketing activity;
• keeping financial accounts;
• compiling statistics and analyzes;
• when providing a discounted entry opportunity, determining the group of persons entitled to the discount and assigning discounts to the customers concerned;
• improving our services continuously, preparing new events.

In the future, our customers in our database can enter our instant challenges or download their discounts anytime, therefore their identification may be required indefinitely. Based on the purpose limitation principle, data provided by you and the values ​​calculated therefrom (e.g. time and length of the completion of the challenge) and the data related to the organization of the challenges (e.g. start number) are recorded by us and stored until your withdrawal, i.e. we delete the same only upon your special request. However, during the review every three years, we may delete data of such customers who have not had a new entry for several years.

We record financial transaction data (date, amount, currency, item paid, transaction ID and shipping address). In the online entry system, credit card payments are made on Paylike’s safe payment interface, where our customers enter the data directly to the bank, therefore no data related to the bank card will be in the possession of raceXplus Kft, furthermore, we do not manage such data.

Personal information provided for technical assistance or request in connection with the operation will be processed for different periods of time depending on the nature of the contact. After providing necessary information, we will not store it, unless there is a legally enforceable claim in the object of the ad hoc contact, in which case we can keep it for a maximum of 3 years in order to justify it.

In some cases, we request additional form information from our clients through the mobile application or website for development and testing purposes. The data provided here will be received by our staff, and we delete the data after the analysis.

In case of application of a partner, your data will be processed until the withdrawal of your consent, unless you enter into a contractual relationship with our company. In order to ensure tax self-audit, time limits for keeping the contract and financial documents (e.g. invoices) are not more than 8 years. After that, the documents will be deleted, scrapped and destroyed.

In the case of customers who only subscribe to our newsletter but do not register in the registration system and do not enter an instant challenge, only their name and email address and the date of subscription will be stored by us.

Basic data managed:

• database identifier (start number) which is automatically generated;
• full name, title;
• date of birth;
• permanent/mailing address;
• citizenship;
• phone number;
• email address;
• user name;
• encrypted password;
• distance and time results (based on manual or GPS data);
• date, length and time of GPS sections;
• sports watch brand (optional data, used for statistical and marketing purposes);
• request for information materials, emails about upcoming competitions, opportunities;
• contribution to marketing targeting;
• data of purchase: sport category, challenge name, date of purchase;
• last billing name and address (generated automatically when someone requests an invoice through our online system; this is for the convenience of our customers in order not to type it every time);
• preferred language for communication;
• when making an online card payment, the transaction ID required for financial controls and problem solving;
• competition time, category, split times;
• entry fee paid, type of discount, payment method and date;
• other remarks (e.g. renaming, clarification of problematic payment, etc.) relating to the administration.

Location-based services

You can submit the results achieved in our virtual sports challenges only through the raceXplus application. We collect and process location information when you sign up for and use the app services. We do not track your device location while you are not using raceXplus, but in order to provide raceXplus’s core services, it is necessary for us to track your device location while you use raceXplus. Your location data measured via the GPS system in the application are not stored, the data is used to calculate the distance. If you would like to stop the device location tracking, you may do so at any time by adjusting your device settings.

We use the information we collect and receive to provide the services, including providing you with the ability to:

• Record your activities and analyze your performance. For example, to calculate the distance and status of your virtual challenge.

The following messages are part of our service and will be sent to our registered customers regardless of marketing consent:

Email and push message services

We send an email to all our customers

• about the successful registration in the online entry system;
• about the successful purchase (entry);
• in the event of initiating password change;
• about information relating to the instant challenge;
• about the status of the challenge per sections;
• in the event of full performance, about the status and actions to be taken;
• administration for the purpose of data reconciliation, if necessary.

Mobile application push message service

• to communicate the intermediate results of certain instant challenges;
• in the event of full performance, about the actions to be taken;
• in the event of exceptional occurrences (e.g. maintenance).

Postal message service

• to send once the coin and any accessories and a brochure (congratulatory letter) after completing the challenge.

Details of our marketing activity

In the course of our marketing activity, sportXplus Kft

• performs statistical analyzes in order to improve its services and establish its actions;
• forms target audience from its clientele, who may be interested in a particular service or special offer, or for whom it announces special offers;
• sends newsletters and advertisements by email and mobile push message;
• can use photos and videos of participants taking part in instant challenges if customers send them and clearly identify (e.g. hashtag, add, mark, etc.) raceXplus or its event therein;

We only send emails and newsletters for promotional purposes to those who give their consent. This consent can be revoked at any time, for example by the unsubscribe function at the bottom of all our newsletters.

Enforcement

You can request information on the management of your data at any time by using our contact details above. You can also request correction of your data at any time if, for example, you find that you have entered it incorrectly or that we have recorded it incorrectly or incompletely. You can also request the deletion of your data, and if there is no legislative obstacle thereto, we will comply with your request immediately (otherwise we will inform you of the reason of refusal of the deletion).

Who has access to the data?

Within the company, only those employees are entitled to have access to the data provided by you, who perform tasks related to entry and purchase, perform maintenance, analysis, aggregation, evaluation of the data and who are responsible for informing customers before and after instant challenges. The following employees fall within the scope mentioned above:

• data recorders;
• administrator and database manager;
• financial personnel;
• marketing.

In addition to our employees, our contracted partners involved in data processing related to the performance of the service are entitled to have access to the specific personal data provided during the order, as well as administrative bodies (e.g. the National Tax and Customs Administration) acting on the basis of the legal framework applicable.

Data management and external service providers within the European Union

In order to perform its activity, raceXplus Kft uses the following data processors and external service providers:

Under its mandate, our contractual partner providing accounting services performs data management for our company. In so doing, as a Data Processor, it also manages the content of financial documents (invoices) and the data qualifying as personal data contained therein.

Qualitas System Kft (H-1141, Budapest Vezseny utca 4-6/B. ép. I.em.5.)

Under its mandate, our contractual partner providing invoicing services performs data management for our company. In so doing, as a Data Processor, it also manages the data necessary for the content of financial documents (invoices).

KBOSS.hu Kft (H-1031 Budapest, Záhony utca 7)

Under its mandate, our contractual partner providing banking services performs data management for our company. In so doing, as a Data Processor, it also manages the content of financial documents and the data qualifying as personal data contained therein.

OTP Bank Nyrt (H-1051 Budapest, Nádor utca 16)

Under its mandate, our contractual partner providing financial transaction services performs data management for our company. In so doing, as a Data Processor, it also manages the content of financial documents and the data qualifying as personal data contained therein.

Paylike ApS (P. O. Pedersensvej 14, Aarhus, Denmark)

Under its mandate, our contractual partner providing postal delivery services performs data management for our company. In so doing, as a Data Processor, it also manages the content of financial documents and the data qualifying as personal data contained therein.

Csomagküldő.hu Kft (H-1031 Budapest, Vizimolnár utca 10. 6/54)

Under its mandate, our contractual partner providing online newsletter services performs data management for our company. In so doing, as a Data Processor, it also manages email addresses, name and language preferences of subscribed persons and data qualifying as personal data contained therein.

MailerLite (J. Basanavičiaus 15, LT-03108 Vilnius, Lithuania)

Under its mandate, our contractual partner mediating customer support services performs data management for our company. In so doing, as a Data Processor, it also manages the content of customer relationship data and the data qualifying as personal data contained therein.

Fiverr Germany GmbH (Westendstrasse 28, 60325 Frankfurt am Main, Germany)

IT support of the operation of our website is provided by our contractual service provider partners.  The data managed on the website is stored in the territory of the European Union.

SiteGround Spain S.L. (Calle de Prim 19, 28004 Madrid, Spain)

Technical operator of our websites and mobile applications is

30km.hu Kft (H-2462 Martonvásár, Fehérvári út 73.)

Data management and external service providers outside the European Union

In order to perform its activity, raceXplus Kft uses the following external service providers:

Facebook, Inc. (1 Hacker Way, Menlo Park, CA 94025, USA)

Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

Keith Torculas (66 Phase 3 Area D Payatas B Quezon City Philippines)

Apple Inc. (One Apple Park Way, Cupertino, California, 95014, USA)

Security of data management

In order to ensure the security of the personal data managed by us, we take all technical and organizational measures necessary to protect the data against accidental deletion (destruction), unauthorized use or modification. By use of system of entitlement, access to the data managed in our IT systems is only allowed to our employees and our partners contracted for data management tasks. With the above, we ensure that the managed data cannot be accessed, disclosed, forwarded, modified or deleted by unauthorized persons.

Data protection of persons under the age of 16

Personal data of a person under the age of 16 can be managed only with the consent of the adult exercising parental supervision over him or her. RaceXplus Kft has no authority to verify the entitlement of the consenting person or the content of its statement, therefore the person concerned or the person exercising parental supervision over it guarantees that the consent complies with the law. In the absence of a consent, we do not collect the personal data of the person concerned under the age of 16.

Data transmission

We do not forward your personal data to those who do not have the right to know them, we only transfer them to third parties if you have given your prior consent. Exception is made where the transmission of data is mandatory for us by law, for example, we transmit the data – indicated on the invoices – on the content of financial documents related to the performance of contracts or services to the National Tax and Customs Administration, and we are obliged to give the data necessary for the purposes of the request for the official request of a competent body (e.g. police, prosecution, court, etc.) in any official examination. Your specific consent is not required therefor as this is our task defined by law.

Deletion of data

Under legislation, our Users can anytime request the deletion of their personal data from our database. In the case of an ongoing challenge, it is possible to withdraw before the end of the challenge, in which case access to the mobile application and reception of medals or other accessories will be revoked and the entry fee will be refunded.

Even after the withdrawal of the consent, we may store the data needed to fulfill our legal obligation and to enforce our vital interests. Our legal obligations include compliance with financial controls, which requires payment data stored in a database. We have a legitimate interest in maintaining the integrity of the database. In this context, for technical reasons (due to the structure of the databases), we cannot delete data that is closely related to other data (e.g. a foreign key). It is our legal obligation, our legitimate interest and our obligation to third parties, to preserve backups so that the database can be reconstructed in the event of damage. Data cannot be deleted from backups, only from the live database. Backups can only be accessed by an administrator and will only be used for reconstruction in the event of a breakdown. In addition, we have a legitimate interest in deriving statistical data from our database, for example the number of registrants and views of the website and application.

According to this, we can only completely delete the data provided by the customer during registration from those who have never entered any of our challenges or have not purchased any products or services from us, i.e. only signed up.

If you had your data deleted, you can enter again our challenges later, but we will not be able to consider your previous entries. Therefore, your previous results will not be displayed in your results.

Review and availability of the Privacy Statement

The data controller reserves the right to modify its privacy statement if necessary. This can happen in cases where the range of services expands, the technical system changes or it is made mandatory by law. However, such a modification should not imply a different management of personal data from the original purpose. The Privacy Statement in force at any time is made publicly available on the website, here.