Data and payment security
26virtual collects and stores all personal and payment data that are processed in systems secured with SSL/TSL-encrypted communication.
26virtual’s processing of personal data is subject to the provisions contained in the General Data Protection Regulation.
26virtual processes personal data for the purpose of enabling 26virtual to enable 26virtual events to supply the participant with the purchased registration in its entirety, including delivery of participant information (printed and digital), issue of running number (either by collection or dispatch) and delivery of the participant’s results (e.g. time and place) on one or more of the following platforms: printed results lists, printed diplomas, websites, smartphone apps, e-mail and SMS.
Personal data collected by 26virtual are not disclosed to third parties unless such disclosure has been actively accepted by the participant as part of the data options in the registration form for 26virtual events.
Personal data processed by 26virtual may include (but are not limited to):
- Distance (for results list and participant information)
- Nationality (for results list and language of communication)
- First name and surname (for results list, participant information and issue of running number)
- Gender (for results list, age group calculation)
- Date of birth (for results list, age group calculation)
- Club and/or team (for results list and participant information)
- Previous results or expected time (for allocation to correct starting group)
- Address, postcode, city and country (for participant information and issue of running number)
- Product choices: e.g. T-shirt size, charity donations, transport, hotel etc.
- Permission choices: e.g. newsletter, third-party offers etc.
26virtual is entitled to use personal data for statistical purposes and technical purposes in order to simplify the user experience and identity-recognise users on the internal 26virtual platform.
Storage and hosting of personal data
Personal data processed by 26virtual are stored in the 26virtual cloud hosted by Amazon’s EC2 platform located in Ireland (EU).
Presentation and deletion of personal data
A registered participant’s personal data are presented on participant and results lists. This will usually include (but not be limited to):
- First name and surname
- Age and age group (gender and age range)
- Starting group and running number
- Club and/or team
- Times (start time, split times and finish time)
- Place (overall, gender and age group)
- Status (not started, started, completed, not completed or disqualified)
The personal data presented on participant and results lists are saved on a continuous basis without the option to delete with reference to the exemptions for social, historical and statistical data contained in the Danish Act on Processing of Personal Data.
Images and video
26virtual manages events where the participant is offered image and video recordings of e.g. participants reaching the finish line and split times to participants, recording and hosting of images and/or video material. This material is available on the same terms as the presentation of results data as described in the previous section. 26virtual reserves the right to remove image and/or video material without notice if such images and/or video do not comply with standard ethical guidelines for what may be shown in public.
Technical and organisational security measures
26virtual is responsible for taking the required technical and organisational measures to ensure a suitable level of security. Such measures are implemented with due regard to the current technical level, implementation costs and the nature, scope, composition and purpose of the processing and the risks of varying likelihood and seriousness of the rights and freedoms of physical persons. 26virtual takes the categories of personal data into consideration when determining these measures.
26virtual implements the required guarantees for the implementation of suitable technical and organisational measures in such a way that the processing of personal data meets the requirements pursuant to applicable legislation on the protection of personal data.
26virtual ensures that employees who process personal data have undertaken to observe confidentiality or are subject to suitable statutory confidentiality.
26virtual ensures that access to the personal data is limited to those employees for whom it is necessary to process the personal data in order to fulfil the delivery obligations to the participant according to this document.
26virtual ensures that those employees who process the personal data for the participant solely process such data according to this document.
Breach of security
26virtual is under obligation to inform participants without undue delay of any breach of personal data security that may potentially lead to accidental or illegal destruction, loss, change, unauthorised disclosure or access to personal data processed for the participant.
26virtual must further assist the participant in ensuring compliance with the participant?s obligations to (i) document all breaches of personal data security, (ii) report any breaches of personal data security to the competent regulatory authority/authorities and (iii) inform the registrants of such breaches of personal data security.
Assistance and documentation for compliance with obligations
26virtual must at the participant’s request provide the participant with sufficient information to enable the participant to verify that the requirements contained in applicable data protection legislation are being complied with. 26virtual must further give permission for and assist in any audits, including inspections, that may be performed by an auditor authorised to perform such audits by the participant.
26virtual must without delay inform the participant if 26virtual believes that a request according to the above contravenes applicable data protection legislation.
26virtual must assist the participant as necessary and as may be deemed reasonable by meeting the participant?s obligations in the processing of personal data according to applicable data protection legislation within the scope of this document, including:
- Responding to requests from registrants on the exercise of their rights
- Impact analyses
- Preliminary regulatory authority hearings
Data processing outside the scope of this agreement
26virtual may process personal data outside the scope of this document in cases where this is required by EU law or national law to which 26virtual is subject. In the processing of personal data outside this agreement, 26virtual must inform the participant of the reason for such processing. In such instance, 26virtual must, however, to the extent that this is legal, first inform the participant of such order and, to the extent that this is possible, give the participant the opportunity to object.
Questions and support
All questions about practical issues relating to 26virtual must be sent to firstname.lastname@example.org