We are VeloViewer Limited (referred to as we, us and our in this Privacy Policy), a company incorporated in England and Wales with company registration number 09153903 and whose registered office address is Unit 33, Century Business Centre, Century Business Park, Manvers, Rotherham, South Yorkshire, S63 5DA, United Kingdom.
The information set out in this Privacy Policy is provided to individuals whose personal data we process (you or your) as data controller, in compliance with our obligations under the Data Protection Act 2018 and the UK GDPR (as defined in the Data Protection, Privacy and Electronic Communications Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations SI 2019/419) (GDPR).
This Privacy Policy includes:
- Data controller details
- How we collect your information
- Information we collect and purpose for processing
- Sharing your information
- International transfers
- Retention of personal data
- Your rights in respect of your personal data
- Automatic decision making
- Security
- Cookies
- Changes to this Privacy Policy
- When you are located outside of the UK
- Data controller details
- We are the data controller in relation to the processing of the personal information that you provide to us.
- Where your personal information is provided to us via the Strava app or website (strava.com) we are joint controllers with Strava in relation to the processing of such personal information.
- You can contact us by email at veloviewer@gmail.com (please include “Personal Data Request” in your subject heading to ensure it receives the correct attention).
- How we collect your information
- Generally, the information we hold about you comes from the way that you engage with us, for example by doing any of the following:
- through engaging with us via our website (Site);
- providing us with information in the course of subscribing with us (if you are a client or visitor of our Site);
- providing us with information in the course of performing a contract we have in place with you or your business;
- through your personal information being provided to us by Strava on your behalf;
- contacting us offline, for example by telephone, SMS, email or by post; and
- interacting with us using social media.
- We may also obtain information from publicly available sources, including public databases, registers and records.
- Generally, the information we hold about you comes from the way that you engage with us, for example by doing any of the following:
- Information we collect and purpose for processing
- The types of personal data that we may collect, use, store and transfer about you will depend on the relationship we have with you (i.e. whether you are a customer or a visitor of our Site or a member receiving our services). We have set out below the types of information collected together with the purpose and legal grounds for processing.
Personal data Relationship We may use your information for the following purposes, based on the following legal grounds: Contact information (name, email address and Strava account details) - Customers, members, subscribers/potential customers, members, subscribers
- Members of our Site
- Customers, members, subscribers connecting via Strava
- If it is necessary for the performance of our contract or for the purposes of entering into a contract: for the purpose of registering your account with us; for the purpose of providing services to you pursuant to any agreement between us.
- If it is in our legitimate business interests to do so: for internal record keeping for administration purposes, to communicate with you regarding our service and fees (e.g. re any changes to our Site or services); for dealing with any complaints or issues raised by you; for insight purposes (e.g. to analyse market trends and demographics, and develop the service which we offer to you or other individuals in the future) and for notifying you once your membership has expired.
- Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other relevant legal or regulatory requirements.
Payment information (such as transaction history) - Customers/subscribers to our services
- If it is necessary for the performance of our contract: for the purpose of receiving payments from you via PayPal.
- If it is in our legitimate business interests to do so: for internal record keeping for administration purposes and retaining evidence of payment transactions.
- Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other relevant legal or regulatory requirements.
Technical and device information/ social networks - All visitors of our Site (including customers and subscribers)
- If it is in our legitimate interests to do so: we may use certain technical log data (such as your IP address) for research or statistical purposes; to analyse user traffic and for ensuring the proper administration of our Site; for analytics and insight purposes e.g. to monitor market trends and demographics and to improve the user experience within our Site; and to ensure that content from our Site is presented in the most effective manner for you and for your device from which you access our Site and/or the services we offer through the Site.
Special category personal data / Health data - Customers/subscribers to our services once they connect their Strava account
- If it is necessary for the performance of our contract or for the purposes of entering into a contract: for the purpose of providing our services to you pursuant to any agreement between us and to enable you to experience the full functionality of our services.
- When we have your explicit consent to do so: we may process your health data when you have consented to such data being processed and shared by Strava with third parties. The only health data we process is received directly from Strava if you have consented.
- Health data we process may include height, weight, age, gender, heart rate and power but any such data we process will be collected by Strava initially.
Cookies (and other web-tracking technology) - All visitors of our Site
- If it is in our legitimate interests to do so: We only use essential “cookies” which are implemented via our Site for the effective operation of our Site.
- Please refer to the Cookies section at paragraph 10 for more information about the type of cookies used and how we use cookies/tracking technologies within our Site.
- We only collect Special Categories of Personal Data about you in the form of health data which is collected by Strava and shared with us. We do not collect any other Special Categories of Personal Data (including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
- International transfers
We will not transfer personal data relating to you to a country which is outside the UK or EEA unless:- the country or recipient is covered by an adequacy decision of the UK government under GDPR Article 45;
- appropriate safeguards have been put in place which meet the requirements of GDPR Article 46 (for example using the approved International Data Transfer Agreement for transfers of personal data outside the UK); or
- one of the derogations for specific situations under GDPR Article 49 is applicable to the transfer. These include (in summary):
- the transfer is necessary to perform, or to form, a contract to which we are a party:
- with you; or
- with a third party where the contract is in your interests;
- the transfer is necessary for the establishment, exercise or defence of legal claims;
- you have provided your explicit consent to the transfer; or
- the transfer is of a limited nature, and is necessary for the purpose of our compelling legitimate interests.
- the transfer is necessary to perform, or to form, a contract to which we are a party:
- Retention of personal data
- We have systems in place to periodically review and delete data that is no longer being used by us for the purposes set out in this Privacy Policy. Unless we are required or permitted by law to hold on to your data for a specific retention period, we will only hold your personal information within our systems for a period of 10 years since your last interaction with us or until you unsubscribe for our services or request for your data to be deleted in accordance with paragraph 6.3.
- Where we no longer need your personal information, we will dispose of it in a secure manner.
- In some circumstances you can ask us to delete your data: see your legal rights at paragraph 7 below for further information. If you are a member and unsubscribe from the membership you have the option to delete all your data when you unsubscribe, although in any event your data will be automatically deleted once you unsubscribe. If you are a current subscriber to our services, you also have the ability to erase all of your data stored on our servers which has been collected via Strava by clicking the link (https://veloviewer.com/update). Please note that the deletions envisaged by this paragraph 6.3 will not delete payment and transaction information that we have collected as we are required to retain such information for accounting and tax purposes, which will be retained until it is no longer required to be held by us for such purposes or by law or following 10 years.
- In some circumstances we will anonymise and/or aggregate your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use that information indefinitely without further notice to you.
- Your rights in respect of your personal data
- You have certain rights under existing data protection laws, including the right to (upon written request) access a copy of the personal data of yours that we are processing. In accordance with the Data Protection Act 2018 and the GDPR:
- you have the following rights:
- right to access: the right to request certain information about you, access to and copies of the personal information about you that we are holding
(please note that you are entitled to request one copy of the personal information that we hold about you at no cost, but for any further copies, we reserve the right to charge a reasonable fee based on administration costs); and - right to rectification: the right to have your personal information rectified if it is inaccurate or incomplete; and
- right to access: the right to request certain information about you, access to and copies of the personal information about you that we are holding
- in certain circumstances, you will also have the following rights:
- right to erasure/“right to be forgotten”: the right to withdraw your consent to our processing of the data (if the legal basis for processing is based on your consent) and the right to request that we delete or erase your personal information from our systems (however, this will not apply if we are required to hold on to the information for compliance with any legal obligation, for tax or accounting purposes, or if we require the information to establish or defend any legal claim);
- right to restriction of use of your information: the right to stop us from using your personal information or limit the way in which we can use it;
- right to data portability: the right to request that we return any information you have provided in a structured, commonly used and machine-readable format, or that we send it directly to another company, where technically feasible;
and - right to object: the right to object to our use of your personal information including where we use it for our legitimate interests or for marketing purposes.
- Please note that, if you withdraw your consent to the use of your personal information for purposes set out in this Privacy Policy, we may not be able to provide you with access to all or certain parts of our Site.
- If you consider our use of your personal information to be unlawful, you have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office. Please see further information on their website: ico.org.uk.
- you have the following rights:
- You have certain rights under existing data protection laws, including the right to (upon written request) access a copy of the personal data of yours that we are processing. In accordance with the Data Protection Act 2018 and the GDPR:
- Automatic decision making
We do not make decisions based solely on automated data processing, including profiling. - Security
- We keep your information protected by taking appropriate technical and organisational measures to guard against unauthorised or unlawful processing, accidental loss, destruction or damage. For example:
- where appropriate, data is encrypted when transiting on our system or stored on our databases;
- all hardware used by us is stored in secured datacentres behind firewalls;
- we have implemented safeguards in relation to access and confidentiality in order to protect the information held within our systems, including restricting access to information by password and/or secure key; and
- restrictions are in place as to what information can be accessed via any location.
- We will do our best to protect your personal information, but we cannot guarantee the security of your information. It is important that all details of any username, password and/or other identification information created to access our Site (including via Strava when connecting your account) are kept confidential by you and should not be disclosed to or shared with anyone.
- We keep your information protected by taking appropriate technical and organisational measures to guard against unauthorised or unlawful processing, accidental loss, destruction or damage. For example:
- Changes to this Privacy Policy
We may amend this Privacy Policy from time to time, for example to keep it up to date, to implement minor technical adjustments and improvements or to comply with legal requirements. We will always inform you on our Site when we update this Privacy Policy, so please read it when you visit the Site (the “last updated” reference tells you when we last updated our Privacy Policy). - When you are located outside of the UK
- Your access to the Site or use or receipt of the services that we offer to you may be subject to other data protection laws and you must comply with all applicable laws and regulations (whether of the country in which you reside or from which you access the Site, receive the services, or otherwise). We will not be liable or responsible if you break any such law or regulation.
- We make no representation that the Site or our services are appropriate or available for use or receipt outside of the United Kingdom. If you access the Site or receive our services from any jurisdiction outside of the United Kingdom, you do so out of your own volition.
Last updated on 27 June 2024