Last updated: 24/05/2018
All the personal data that we collect about you will have been supplied to us by you (or one of your friends or family member in the case they made a holiday booking for you).
This data is used to identify your personal preferences and match your needs with relevant products and services, assisting in the processing of cycling holiday bookings that you make, and for marketing purposes.
It is SportActive’s policy never to share data with third parties that can identify you as an individual unless it is to fulfil a contractual obligation (such as registration to a cycle sportive, hotel bookings, airport transfer bookings…)
SportActive Contact details for GDPR purposes
You may at any time request access to the personal data held about you and, if incorrect, request rectification by contacting us. We reserve the right to ask you for proof of your identity.
51-55 Carlisle Road, L/Derry, BT48 6JL, N Ireland
Phone: 44 / (0)28 713 659 97
Requests should be made in writing by letter or email. SportActive will respond to your request within maximum 30 days of receipt. This complies with GDPR.
Data we collect and how we use it
The data we collect is always provided by our clients and website visitors: when you download a brochure from our website, when you send in questions from our website using specific forms and during personal e-mail exchanges.
See below the personal data we may collect from our website visitors through existing forms:
- Brochure download form : first & last name, e-mail
- Free guide “24 Tips to improve your cycling skills” : first & last name, e-mail
- Request my Holiday Details: first & last name, e-mail
- Contact us form: first & last name, e-mail, text of the question
- Holiday Booking form : first & last name, e-mail, date of birth, body height if hiring a bike, jersey size, postal address, phone number, passport number (only needed for the registration to a cycle sportive in Spain or, in the rare occasion we book flights for you) ; also data concerning the holiday such as travel dates, room type, flight details etc. which are not considered as personal data
- Testimonial: first & last name, e-mail, region of residence, text of the testimonial
The data is used to reply to your questions or process your holiday booking and fulfil our contractual obligations to you, and for email marketing purposes ; the latter feature priority bookings and ‘early bird’ discounted holidays, tour information, and cycling tips.
Note, SportActive has no access to your sensitive payment data such as your credit card number.
While participating in a SportActive Cycling Holiday we take pictures. These pictures are taken as part of our service to you: ‘Action shots’ of your cycling holiday.
These pictures may also be used for SportActive’s marketing purposes: ‘untagged’ images in marketing emails, brochures, banners and social media use. (See section ‘Legitimate Interest and your Data’)
Your information is held for as long as SportActive needs it, or until you choose for it to be deleted. See section ‘Your Rights’.
If SportActive deems your data is no longer useful, it will be deleted in accordance with GDPR.
Accessing your data and your Rights
Accessing your data
Your data is owned by you and as such you can exercise certain rights under GDPR.
- Right to be informed – You have a right to know what personal information SportActive stores about you, how that data is used, and if SportActive is using the data.
- Right of rectification/ correction
- Right to erasure – You have a right to have your data that is held by SportActive erased.
- Right to restrict processing – If there is an aspect of your data that you do not want SportActive to process, you do have a right to restrict processing unless the data is needed to fulfil a contractual duty.
- Right to object – If there is an aspect of your data that you do not want SportActive to process, you do have a right to object unless the data is needed to fulfil a contractual duty.
- Right to port your data – Under GDPR you can port data held by SportActive to a third party
- Rights related to automated decision data processing - Currently, SportActive does not undertake automated profiling in relation to your data.
The system will assign you to a SportActive Holiday ‘list’ should you download a brochure or request details about a tour automatically. This is used to decide what holidays you may or may not be interested in, and you will receive automated emails from time to time. This includes, cycling training tips, cycling holiday information, and ‘early bird’ discounted booking offers.
Information Commissioner’s Office (ICO)
The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
More information can be found on the ICO website here.
Administration of your data
This section identifies key administrators, i.e. those responsible for processing your data and who has access to it. The following people have access to your data:
- Data Controller: SportActive, Flora Mittermair. Flora oversees the use of data, and is ultimately responsible for its processing. She is also the point of contact for any data request
- Site Security: the site has been developed by XLFormation who is also responsible for the website administration including site security. This encompasses ‘Privacy by design.’
Where your data is stored
Your data is stored on secure servers located in the USA, Ireland, and France. The USA servers comply with GDPR and are part of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
Legitimate Interest and your Data
Under the Legitimate Interest section of GDPR, SportActive has assessed that processing your data in the following ways is in the best interests of both you and SportActive.
- Email Communication
- Picture Use
Picture use provides free ‘action shots’ of you while enjoying a SportActive Cycling Holiday. These pictures are free to download from our website. We also use these pictures in our marketing on our own and third party websites, social media sites such as Facebook, and in our email communications.
We do not digitally tag the pictures or use any unique identifiers that can identify you as an individual when using pictures.
Testimonials provided by you may be published on our website, and third party websites to promote SportActive Cycling Holidays and Training Camps. The information you provide directly may be published and this can include your full name and geographical area.
In accordance with your rights, you can choose to opt out of any aspect of data processing at any time and have your data erased. (See section ‘Your Rights’)
Privacy by Design
- Server hosting for this site is compliant with GDPR. Hosting company OVH has made a full commitment to comply with GDPR and data protection.
- The site uses SSL encryption to prevent identity theft, ensuring the connection between the site and your machine is secure.
- This site does not store your data. After you complete a form the data is send directly to the e-mail of SportActive’s data controller. Once you have cliqued “send” only your e-mail exists.
- The site will present a banner inviting you to accept ‘cookies’ which are blocked by default. The functionality of SportActive’s site depends on your full acceptance of cookies. Functionality applies to forms, ReCaptcha, forward/back buttons, and third party tools used to improve your navigation business such as Google Analtyics. If you chose not to accept cookies much of the site will not work correctly.
- Site administration is a protected and controlled space. This is only accessible by SportActive staff and any unauthorised attempt to access the administrator is blocked. It is only in these instances and in the interests of security that the following are recorded without permission of the user: IP address, user name, password tested, the type of machine used, the browser, date and time, and geographical location. This information is passed on to the authorities if deemed necessary.
- Should an attack be detected by the site's security systems, all security information intercepted during the attack is sent to the technical security person at XLFormation. XLFormation does not handle other personal data from the site SportActive.net except these specific attack logs.XLFormation will inform SportActive of all the measures taken to fight the attacker in these instances: This could involve blocking the attacker's IP, report to an authority, report the site where the attack has been sent from, etc.. XLFormation keeps the logs of all attacks for 3 months maximum as the information becomes obsolete very quickly in this case.
- Every page on the site has the same security measures. If you find your IP address has been blocked without an obvious reason, we recommend you contact SportActive to resolve the matter.