Who are we?
TRACS, Inc. states that it has implemented policies that comply with the rules of personal data protection enshrined in the European Union General Data Protection Regulation (GDPR), seeking to ensure that the personal data of users of websites under the responsibility of the TRACS, Inc. are not processed without your knowledge, and that all processing of such data is carried out with your consent.
TRACS, Inc. guarantees to:
- Collect, process and store data in a lawful and fair manner, requesting only the information necessary to fulfill the services it provides;
- Store the personal data for the period agreed by the owner and for legal retention;
- Allow the holder of the personal data to consult, change, rectify and delete the information in a totally free way;
- Use security mechanisms that prevent the consultation, alteration or destruction of personal data of the clients by unauthorized individuals or entities.
When you share information with us, for example by registering for an activity, we use this information to provide better services at the activity to you and our partners.
What is personal data?
Personal data is information you provide to TRACS, Inc., and can include names, postal addresses, telephone numbers, email addresses, credit card information and any other information relating to an individual. Personal data is also any information, including sound and image, relating to an identified or identifiable natural person taken during the course of any activity for which you registered.
Who is responsible for
TRACS, Inc. is responsible for the collection and processing of personal data made available by customers and users when registering for activities under its technical direction. TRACS, Inc. will specify clearly what data is collected, the means of data processing and purpose for which data will be used.
What kind of information do we collect?
In the course of the management of activities, TRACS, Inc. collects and processes the personal data necessary for the registration of a customer in said activities, dealing with such data including names, emails, dates of birth, sex, age, nationalities, municipalities of residence and telephone contact information.
When and how is your data collected?
TRACS, Inc. collects data through its websites with the consent of its users and customers. As a rule, personal data is collected when the customer signs up for an athletic activity.
Some personal data is obligatory and, in case of lack or insufficiency of such data, TRACS, Inc. will not be able to make available the product in question. In each case, TRACS, Inc. will inform customers of the mandatory nature of the provision of personal data in question.
Any financial transactions for activities will be processed by Eventbrite, Inc. and/or Race Roster North America Corporation pursuant to their EU-US Privacy Shield Framework and GDPR (see "Is Data Transferred to Third Parties?" below for more information). For domestic events not requiring GDPR compliance, TRACS may use Eventbrite, Inc., Race Roster North America Corporation or RunSignUp, Inc.
In no case will the data collected be used for any purpose other than that for which was given the consent of the data subject.
What is the purpose of processing personal data?
In general, the personal data collected is intended for the management of contractual relations, the provision of contracted services, the adaptation of services to the client's needs and interests, information and marketing actions, as well as the inclusion of the customer in the subscriber lists. When you submit the data, you will be given information on how we will use your data for a specific activity.
How can you access, rectify or oppose the processing of your personal data?
The data subject is guaranteed the right to access, update, rectify or delete their personal data at any time from TRACS, Inc. servers, as well as the right to oppose TRACS, Inc. or limit the use of data provided for marketing purposes, sending information communications or inclusion in lists or information services when submitting the information for an activity. If you have not done so when submitting data, send a written request to TRACS, Inc., 400 Main Street, Suite 2, Waltham, MA 02452 or through the email address firstname.lastname@example.org.
Whenever you use our services, we aim to provide you with access to your personal information. If that information is wrong, we strive to give you ways to update it quickly or to delete it - unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request.
Is data transferred to third parties (third parties or subcontractors)?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information except to trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. Any Personal Data which may be transferred to our client or service providers for any activity shall be done via encrypted services to ensure the protection of your information. We require our third party providers to agree to our data protection provisions in all of our service contracts.
It is usual for TRACS, Inc. in the scope of its activity, to proceed with the data collection process through the engagement of contracted entities. The provision of these services implies that these entities have access to the data transmitted in the registration processes.
TRACS, Inc. takes the precautions to ensure that entities with access to the data are reputable and offer the highest guarantees at this level and therefore the processing of the data provided will be duly safeguarded. All financial transactions related to any activities for TRACS, Inc.'s clients, will be done through Eventbrite, Inc., which complies with the more stringent EU-US Privacy Shield and GDPR regulations. Financial transactions related to any activities for TRACS, Inc.'s clients, will be done through Eventbrite, Inc. and/or Race Roster North America Corporation, which comply with the more stringent EU-US Privacy Shield and GDPR regulations. Other financial transactions for domestic activities for TRACS, Inc.’s clients will be done through RunSignUp, Inc.
For more information, see: https://www.eventbrite.com/support/articles/en_US/Troubleshooting/eu-us-privacy-shield-notice?lg=en_US).
Thus, any entity under contract with TRACS, Inc. that will collect, store, or process personal data on behalf of TRACS, Inc. customers will be required to take the necessary technical and organizational measures to protect personal data against accidental, unlawful destruction, accidental loss, alteration, dissemination or unauthorized access and against any other form of unlawful treatment.
In any case, TRACS, Inc. remains responsible for the personal data made available by its customers and users. Under legal terms, at all times, the customer is able to oppose the communication of data to third parties, namely for marketing purposes.
What information do we share with Third Party service providers?
We do not share personal information with companies, organizations and individuals outside of TRACS, Inc. unless one of the following circumstances applies:
- With your consent we will share personal information with companies, organizations or individuals outside of TRACS, Inc. when we have your consent to do so. We require opt-in consent for the sharing of any personal data.
- For legal reasons we will share personal information with companies, organizations or individuals outside of TRACS, Inc. if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to: a) meet any applicable law, regulation, legal process or enforceable governmental request; b) enforce applicable Terms of Service, including investigation of potential violations; c) detect, prevent, or otherwise address fraud, security or technical issues and d) protect against harm to the rights, property or safety of TRACS, Inc., our users or the public as required or permitted by law.
Security of Personal Data Information
We work hard to protect TRACS, Inc. and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems. We restrict access to personal information to TRACS, Inc. employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
Compliance and cooperation with regulatory authorities