Privacy Policy
Racepass Technologies Ltd. and our group of companies (“we”, “us”, “Racepass”) are committed to respecting your privacy and personal data. This Privacy Policy describes how we collect and process your personal data collected through our website (https://www.racepass.com);
By using the Service, you are telling us that you agree to our collection and use of data in accordance with this Privacy Policy. If you don’t agree with anything in this Privacy Policy, then (i) please let us know and (ii) do not request the Service from us. This Privacy Policy also applies if you contact us or we contact you about our Services, whether by telephone, email, text message, post, push notifications or via third party platforms (including websites or social media platforms).
In this Policy the following terms shall have the following meanings:
“Account” means an account required to access and/or use certain areas and features of Our Site;
“Cookie” means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in section 13, below;
“Our Site” means this website, www.racepass.com;
“UK and EU Cookie Law” means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended in 2004, 2011 and 2015; and the General Data Protection Regulation 2018;
“We/Us/Our” means Racepass Technologies Inc (“we”, “our”, “us”). We operate a website at www.racepass.com (the “Site”). We also operate, or may in the future operate, Racepass apps for tablet, mobile and other smart devices (“Apps”). We also use social media channels and other platforms. Our Racepass pages and profiles on such channels and platforms, together with the Site and Apps, are our “Channels”. We are registered as an incorporated C-Corp company in the United States of America with registration number 38-4153696 and our registered office in the state of Delaware is 651 N Broad St, Suite 206, in the city of Middletown, zip code 19709, and county of New Castle. The name of our registered agent at such address is Legalinc Corporate Services, Inc. We are also registered as a limited company in South Africa as Racepass South Africa with Enterprise Number: 2020/679327/07.
This Privacy Policy applies only to your use of Our Site. It does not extend to any websites that are linked to from Our Site (whether We provide those links or whether they are shared by other users). We have no control over how your data is collected, stored or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.
Racepass Technologies Ltd. is the owner of the Services and will be the controller of your personal data provided to, or collected by or for, or processed in connection with our Services.
You control the information you provide to us, and we will always strive to process your information consistently with the purposes for which you’ve engaged us. You may only send us your own personal information or the information of another data subject where you have their consent to do so.
Personally Identifiable Information/Data is information that identifies, describes, is capable of being associated with, or could reasonably be linked with a person. A “person” includes both a natural person and a juristic entity, like a company.
Personally identifiable information does not include:
These are the types of personally identifiable information you provide to us and that we collect:
Identity & contact information: Our Service gives you the ability to register for an account or to create and update a user profile. We collect information that you provide to us in the course of registering for an account or creating or updating a user profile. This information may include, for example, name, postal address, telephone number, e-mail address, and related demographic information about you. Some personal information is required for you to register for the account or to create the profile, and some is optional. If you do not provide information that is required, you may not be able to access some of the Services.
Payment and billing information: When using our paid Services, you will be asked for your billing information, including name and contact information. You might also provide payment card details, which we collect via secure payment processing services. If you do not provide the payment and billing information that is required, you may not be able to use these paid Services.
Navigational and Usage information: Information we collect about your computer/ device and your visits to our website or mobile applications, including your IP address, browser type, geographical location, how long you visit our website and also which pages you visit as well as unique device identifiers and other diagnostic data.
Location Data: We may use and store information about your location if you give us permission to do so. We use this data to provide features of our Service and to improve and customize our Service. You can enable or disable location services when you use our Service at any time, through your device settings, however, this will impact our ability to provide you with some parts of the Service.
Cookies: We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Interactive Data: Our Service may contain interactive functionality that allows you to engage with other users on the Service, to upload images, map data, telemetry data, location data, and other content, participate in surveys, and otherwise to interact with the Service and with other users. If you wish to use any interactive functionality on our Service, you will need to provide us with personal information which we will collect, and failure to provide requested information may result in you not being able to use the interactive functionality.
Advertising & Support: If you email us, call us, or otherwise reach out to us, we’ll gather the information you provide so that we may best answer your questions and provide you the support you deserve. We may also use personally identifiable data to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you provided that if you are a new customer, you have opted-in to receiving these commercial communications. If you are an existing customer, you may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any electronic communication we send. Please be aware that if you opt-out (or do not opt-in, as applicable) of receiving commercial communications from us, you will continue to receive administrative messages from us regarding our Service (like an update to this Privacy Policy).
When you use our Service, some of this information is collected automatically. For example, we automatically collect your browser’s Internet Protocol (IP), your browser type, the nature of the device from which you are visiting the Service (e.g., a personal computer or a mobile device), the identifier for any handheld or mobile device that you may be using, the website that you visited immediately prior to accessing any web-based Service, the actions you take on our Service, and the content, features, and activities that you access and participate in on our Service. We also may collect information regarding your interaction with e-mail messages, such as whether you opened, clicked on, or forwarded a message. If you are a drone pilot or and/or you operate a drone via our Service, we automatically collect, among other information, information identifying the drone, flight path, flight logs, and sensor data.
We may use or process the information you provide to us for the purposes that you agreed to/ indicated when you agreed to provide us with this information. Data processing activities by us include gathering your personally identifiable information, analyzing it, disclosing it in line with this Privacy Policy, and combining it with personally identifiable information. We generally collect and process your personally identifiable information for various purposes, including (but not limited to):
(Please note that you may not request our Services if you are younger than 18 years old or do not have the legal capacity to conclude legally binding contracts.)
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We generally retain your personally identifiable data for as long as you keep an active account with us or we are providing you with a Service. Even if you only elect to use our Services after a year from opening an account, we will generally retain your information and keep your account with us open, unless you tell us to close it. If your account is dormant for a certain period of time, we may notify you of our intention to deactivate your account due to non-use and you can choose whether to keep it open or not.
We also retain certain data in a depersonalized or aggregated form for legitimate business reasons, eg. to train our models and algorithms and to improve our Service or create new Services. We will also retain and use your personally identifiable data to the extent necessary to comply with our legal obligations (for example, to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
When we dispose of personally identifiable information, we aim to use secure means, such as either physically or electronically erasing this information or making it anonymous in a non-recoverable manner. Any personal data provided to our service providers will be retained in accordance with those service providers’ data retention policies, which we make sure are in line with applicable laws.
Your information, including personally identifiable data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.
If you are located outside of South Africa and choose to provide information to us, please note that we transfer the data, including personally identifiable information, to South Africa, the United States of America or other jurisdictions and process it there. Your consent to this Privacy Policy and your provision of such information represents your agreement to that transfer.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personally identifiable information will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
We do not sell or rent your personally identifiable information to others. We may use third-party service providers to help us operate our business and the Services or administer activities on our behalf, such as analyzing the behavior of users on our website. We may share your personally identifiable information with these third parties for those limited purposes. The processing of information on this basis will always be based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures we have set in place.
We may share your personally identifiable information with our affiliates to provide and develop our Services. We may combine information internally across the different Services covered by this Privacy Policy to help improve our Services and help our Services be more relevant and useful to you and others.
We will not sell or rent your data to third parties except as described in this Privacy Policy. We may disclose your data to other companies or people under any of the following circumstances:
Business Transaction
If Racepass is involved in a merger, acquisition, or asset sale, certain personally identifiable information may be transferred. We will provide notice before your personally identifiable information is transferred and becomes subject to a different privacy policy.
Disclosure for law enforcement and legal requirements
We may be required to disclose personally identifiable information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
We may disclose your personally identifiable information in the good faith belief that such action is necessary to:
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time (though this will not affect any processing that has already taken place). Where we are using your information because we or a third party have a legitimate interest to do so, you have the right to object to that use, though in some cases this may mean you may no longer be able to use the Services.
The security of your data is important to us but please remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personally identifiable information, we cannot guarantee its absolute security. We have taken measures to protect your information and that of your staff and customers that you entrust to us. These measures include: (i) encrypting data in transit and data at rest where appropriate; (ii) using trusted access management platforms which allows us to manage employee access to information depending on their roles; (iii) firewalls; (iv) backup and recovery systems.
Breach
In the event of a breach involving the security of your personally identifiable information, we will notify the relevant authority. For South Africa, this will be the Information Regulator (South Africa) or if you are an EEA member- the supervisory authority in the EU, as well as any parties whose personally identifiable information has been accessed or acquired by an unauthorized party.
This notification will be published without undue delay, and at the latest within seventy-two hours after us having become aware of the security breach. The notification will contain the following information:
"Do not track" signals
We do not support Do Not Track ("DNT"). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
Service providers
We may employ third-party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services, or to assist us in analyzing how our Service is used. By using our Service, you consent to these Service Providers having access to your personally identifiable data, to perform these tasks on our behalf. These Service Providers are obligated not to disclose or use this information for any other purpose.
We do not have access to, or control over, the actions of a Service Provider. Each Service Provider uses information that it collects in accordance with its own privacy and security policies.
Analytics
We may use third-party Service Providers to monitor and analyze the use of our Service.
Google analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/
Behavioral remarketing
Racepass uses remarketing services to advertise on third-party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Service.
Google AdWords
Google AdWords remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads
Google also recommends installing the Google Analytics Opt-out Browser Add-on - https://tools.google.com/dlpage/gaoptout - for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/
Twitter
Twitter remarketing service is provided by Twitter Inc.
You can opt-out from Twitter's interest-based ads by following their instructions: https://support.twitter.com/articles/20170405
You can learn more about the privacy practices and policies of Twitter by visiting their Privacy Policy page: https://twitter.com/privacy
Facebook
Facebook remarketing service is provided by Facebook Inc.
You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/516147308587266
To opt-out from Facebook's interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings. For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation
We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors). We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processors we work with are:
Apple Store In-App Payments
Their Privacy Policy can be viewed at https://www.apple.com/legal/privacy/en-ww/
Google Play In-App Payments
Their Privacy Policy can be viewed at https://www.google.com/policies/privacy/
Stripe
Their Privacy Policy can be viewed at https://stripe.com/us/privacy
PayPal Their Privacy Policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full
Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
We subscribe to the principles outlined in POPIA, which governs data processing activities in South Africa. In accordance with POPIA, we ensure that:
Your data protection rights under POPIA
Please note that we may ask you to verify your identity before responding to such requests.
Legal basis for collecting your data under the GDPR
If you are from the European Economic Area (EEA), ARacepass’ legal basis for collecting and using the personally identifiable information described in this Privacy Policy depends on the type of information we collect and the specific context in which we collect it.
Racepass may process your personally identifiable information because:
We need to perform Services for you based on a contract with you; You have given us permission to do so; The processing is in our legitimate interests and it's not overridden by your rights; For payment processing purposes; To comply with the law.
Your data protection rights under general data protection regulation (GDPR)
If you are a resident of the EEA, you have certain data protection rights. Racepass aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personally identifiable information. If you wish to be informed what personally identifiable information we hold about you and if you want it to be removed from our systems, please contact us at the details provided in this Privacy Policy.
In certain circumstances, you have the following data protection rights:
You have the right to complain to a Data Protection Authority about our collection and use of your personally identifiable information. For more information, please contact your local data protection authority in the EEA.
If you request that we delete your account with us, we will do so within a reasonable period of time and will notify you once, but we may need to retain some of your personally identifiable information if necessary to satisfy our legal obligations, or where we reasonably believe that we have a legitimate reason to do so.
If you are a California resident, the California Consumer Privacy Act of 2018 (“CCPA”) provides you with additional rights regarding our use of your personally identifiable information. To learn more about your California privacy rights, visit https://oag.ca.gov/privacy/privacy-laws.
The CCPA requires businesses that meet certain criteria to provide certain information to them. We are not within the scope of the CCPA as of the date of this Privacy Policy (as updated) because we do not buy, receive, sell or share personally identifiable information from more than 50 000 California consumers or devices. However, legal compliance & your security is extremely important to us and that is why we fully describe our practices in this Privacy Policy. Even though we do not fall under the scope of the CCPA at this stage, we confirm that:
Our Service does not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children have provided us with personally identifiable information, please contact us. If we become aware that we have collected personally identifiable information from children without verification of parental consent, we will take immediate steps to remove that information from our systems.
You may opt-out of our service at any time and request the deletion of your personally identifiable information at any point by emailing support@racepass.com.
Please be aware this will result in the deletion of your Racepass account.
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
If you have any questions about this Privacy Policy, please contact us:
By email:
legal@racepass.com
By using the Service, you are telling us that you agree to our collection and use of data in accordance with this Privacy Policy. If you don’t agree with anything in this Privacy Policy, then (i) please let us know and (ii) do not request the Service from us. This Privacy Policy also applies if you contact us or we contact you about our Services, whether by telephone, email, text message, post, push notifications or via third party platforms (including websites or social media platforms).
Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
“Account” means an account required to access and/or use certain areas and features of Our Site;
“Cookie” means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in section 13, below;
“Our Site” means this website, www.racepass.com;
“UK and EU Cookie Law” means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended in 2004, 2011 and 2015; and the General Data Protection Regulation 2018;
“We/Us/Our” means Racepass Technologies Inc (“we”, “our”, “us”). We operate a website at www.racepass.com (the “Site”). We also operate, or may in the future operate, Racepass apps for tablet, mobile and other smart devices (“Apps”). We also use social media channels and other platforms. Our Racepass pages and profiles on such channels and platforms, together with the Site and Apps, are our “Channels”. We are registered as an incorporated C-Corp company in the United States of America with registration number 38-4153696 and our registered office in the state of Delaware is 651 N Broad St, Suite 206, in the city of Middletown, zip code 19709, and county of New Castle. The name of our registered agent at such address is Legalinc Corporate Services, Inc. We are also registered as a limited company in South Africa as Racepass South Africa with Enterprise Number: 2020/679327/07.
Scope – What Does This Policy Cover?
This Privacy Policy applies only to your use of Our Site. It does not extend to any websites that are linked to from Our Site (whether We provide those links or whether they are shared by other users). We have no control over how your data is collected, stored or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.
Data controllers
Racepass Technologies Ltd. is the owner of the Services and will be the controller of your personal data provided to, or collected by or for, or processed in connection with our Services.
Types of data you provide to us
You control the information you provide to us, and we will always strive to process your information consistently with the purposes for which you’ve engaged us. You may only send us your own personal information or the information of another data subject where you have their consent to do so.
Personally Identifiable Information/Data is information that identifies, describes, is capable of being associated with, or could reasonably be linked with a person. A “person” includes both a natural person and a juristic entity, like a company.
Personally identifiable information does not include:
- Information that has been made anonymous so that it does not identify a specific person;
- Permanently de-identified information that does not relate or cannot be traced back to a person specifically; and
- Non-personal aggregated and/or statistical information collected and compiled by us.
These are the types of personally identifiable information you provide to us and that we collect:
Identity & contact information: Our Service gives you the ability to register for an account or to create and update a user profile. We collect information that you provide to us in the course of registering for an account or creating or updating a user profile. This information may include, for example, name, postal address, telephone number, e-mail address, and related demographic information about you. Some personal information is required for you to register for the account or to create the profile, and some is optional. If you do not provide information that is required, you may not be able to access some of the Services.
Payment and billing information: When using our paid Services, you will be asked for your billing information, including name and contact information. You might also provide payment card details, which we collect via secure payment processing services. If you do not provide the payment and billing information that is required, you may not be able to use these paid Services.
Navigational and Usage information: Information we collect about your computer/ device and your visits to our website or mobile applications, including your IP address, browser type, geographical location, how long you visit our website and also which pages you visit as well as unique device identifiers and other diagnostic data.
Location Data: We may use and store information about your location if you give us permission to do so. We use this data to provide features of our Service and to improve and customize our Service. You can enable or disable location services when you use our Service at any time, through your device settings, however, this will impact our ability to provide you with some parts of the Service.
Cookies: We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Interactive Data: Our Service may contain interactive functionality that allows you to engage with other users on the Service, to upload images, map data, telemetry data, location data, and other content, participate in surveys, and otherwise to interact with the Service and with other users. If you wish to use any interactive functionality on our Service, you will need to provide us with personal information which we will collect, and failure to provide requested information may result in you not being able to use the interactive functionality.
Advertising & Support: If you email us, call us, or otherwise reach out to us, we’ll gather the information you provide so that we may best answer your questions and provide you the support you deserve. We may also use personally identifiable data to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you provided that if you are a new customer, you have opted-in to receiving these commercial communications. If you are an existing customer, you may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any electronic communication we send. Please be aware that if you opt-out (or do not opt-in, as applicable) of receiving commercial communications from us, you will continue to receive administrative messages from us regarding our Service (like an update to this Privacy Policy).
When you use our Service, some of this information is collected automatically. For example, we automatically collect your browser’s Internet Protocol (IP), your browser type, the nature of the device from which you are visiting the Service (e.g., a personal computer or a mobile device), the identifier for any handheld or mobile device that you may be using, the website that you visited immediately prior to accessing any web-based Service, the actions you take on our Service, and the content, features, and activities that you access and participate in on our Service. We also may collect information regarding your interaction with e-mail messages, such as whether you opened, clicked on, or forwarded a message. If you are a drone pilot or and/or you operate a drone via our Service, we automatically collect, among other information, information identifying the drone, flight path, flight logs, and sensor data.
How and why we use your information
We may use or process the information you provide to us for the purposes that you agreed to/ indicated when you agreed to provide us with this information. Data processing activities by us include gathering your personally identifiable information, analyzing it, disclosing it in line with this Privacy Policy, and combining it with personally identifiable information. We generally collect and process your personally identifiable information for various purposes, including (but not limited to):
- To provide, operate & maintain our Service;
- To notify you about changes to our Service;
- To address and respond to Service, security, and customer support needs;
- To allow you to participate in interactive features of our Service when you choose to do so;
- To comply with applicable laws and administrative requests, protect our rights, assert and defend against claims;
- To assess the needs of your business to determine and promote other products or services which we believe may be useful to you;
- To gather analysis or other valuable data so that we can improve our Service;
- To conduct research and analysis for business purposes and product development;
- Training purposes;
- To monitor the usage of our Service;
- Provide aggregated reports to third parties (these reports do not contain any information which may identify you);
- To detect, prevent, or otherwise address fraud, security, unlawfulness, or technical issues; or
- To provide you with news, special offers, and general information about other goods, services, and events that we offer that are similar to those that you have already purchased or enquired about (unless you have opted not to receive such information).
(Please note that you may not request our Services if you are younger than 18 years old or do not have the legal capacity to conclude legally binding contracts.)
Retention of data
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We generally retain your personally identifiable data for as long as you keep an active account with us or we are providing you with a Service. Even if you only elect to use our Services after a year from opening an account, we will generally retain your information and keep your account with us open, unless you tell us to close it. If your account is dormant for a certain period of time, we may notify you of our intention to deactivate your account due to non-use and you can choose whether to keep it open or not.
We also retain certain data in a depersonalized or aggregated form for legitimate business reasons, eg. to train our models and algorithms and to improve our Service or create new Services. We will also retain and use your personally identifiable data to the extent necessary to comply with our legal obligations (for example, to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
When we dispose of personally identifiable information, we aim to use secure means, such as either physically or electronically erasing this information or making it anonymous in a non-recoverable manner. Any personal data provided to our service providers will be retained in accordance with those service providers’ data retention policies, which we make sure are in line with applicable laws.
Transfer of data
Your information, including personally identifiable data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.
If you are located outside of South Africa and choose to provide information to us, please note that we transfer the data, including personally identifiable information, to South Africa, the United States of America or other jurisdictions and process it there. Your consent to this Privacy Policy and your provision of such information represents your agreement to that transfer.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personally identifiable information will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
Sharing information
We do not sell or rent your personally identifiable information to others. We may use third-party service providers to help us operate our business and the Services or administer activities on our behalf, such as analyzing the behavior of users on our website. We may share your personally identifiable information with these third parties for those limited purposes. The processing of information on this basis will always be based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures we have set in place.
We may share your personally identifiable information with our affiliates to provide and develop our Services. We may combine information internally across the different Services covered by this Privacy Policy to help improve our Services and help our Services be more relevant and useful to you and others.
We will not sell or rent your data to third parties except as described in this Privacy Policy. We may disclose your data to other companies or people under any of the following circumstances:
- To any applicable event, organizer, or other service provider for each event or activity that you sign up for on the Site to fulfill your booking.
- To events which you attend through the platform for marketing purposes, only if you have explicitly opted into such data-sharing when booking the event(s). A core part of Racpass’ service is enabling new experiences for its members through its event partners. As such our event partners are critical to our ability to serve our users. Our relationship relies on us being able to share our members’ information with our partners so that our business partners can develop and serve their own communities beyond our users attending their studios through the Racepass platform; this allows us to offer our users the chance to experience new opportunities. Our users’ information will only be shared with those events that they choose to book, and where they have opted into sharing their data with third parties. We respect your decision to manage your communications and you can change your preferences at any time by contacting us by email at legal@racepass.com.
- If sharing the information is reasonably necessary to provide a service that you have requested (Our legitimate interests).
- To keep you up to date on the latest product announcements, software updates, special offers, or other information we think you would like to hear about from us where you have given consent for the appropriate type of communication.
- To keep you up to date on special offers, or other information from our business partners where you have given consent for the appropriate type of communication.
- We may sometimes contract with third parties to supply products and services to you on Our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
- We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners and advertisers. Data will only be shared and used within the bounds of the law.
- In certain circumstances We may be legally required to share certain data held by Us, which may include your personal information, for example, where We are involved in legal proceedings, where We are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of Us.
Business Transaction
If Racepass is involved in a merger, acquisition, or asset sale, certain personally identifiable information may be transferred. We will provide notice before your personally identifiable information is transferred and becomes subject to a different privacy policy.
Disclosure for law enforcement and legal requirements
We may be required to disclose personally identifiable information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
We may disclose your personally identifiable information in the good faith belief that such action is necessary to:
- To comply with a legal obligation;
- To protect and defend the rights or property of Racepass;
- To prevent or investigate possible wrongdoing in connection with the Service;
- To protect the personal safety of users of the Service or the public; or
- To protect against legal liability;
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time (though this will not affect any processing that has already taken place). Where we are using your information because we or a third party have a legitimate interest to do so, you have the right to object to that use, though in some cases this may mean you may no longer be able to use the Services.
Security of data
The security of your data is important to us but please remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personally identifiable information, we cannot guarantee its absolute security. We have taken measures to protect your information and that of your staff and customers that you entrust to us. These measures include: (i) encrypting data in transit and data at rest where appropriate; (ii) using trusted access management platforms which allows us to manage employee access to information depending on their roles; (iii) firewalls; (iv) backup and recovery systems.
Breach
In the event of a breach involving the security of your personally identifiable information, we will notify the relevant authority. For South Africa, this will be the Information Regulator (South Africa) or if you are an EEA member- the supervisory authority in the EU, as well as any parties whose personally identifiable information has been accessed or acquired by an unauthorized party.
This notification will be published without undue delay, and at the latest within seventy-two hours after us having become aware of the security breach. The notification will contain the following information:
- A description of the nature of the breach;
- The categories and number of persons affected by the breach;
- A description of the possible consequences of the security compromise;
- A description of the measures taken or proposed to be taken by Racepass to remedy the breach;
- A recommendation of the measures that any affected persons should take in order to mitigate the possible adverse effects of the security compromise;
- The identity of the unauthorized person, if known, who accessed or acquired the personal information; and
- the contact details of the designated representative of Racepass where further information can be obtained.
"Do not track" signals
We do not support Do Not Track ("DNT"). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
Service providers
We may employ third-party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services, or to assist us in analyzing how our Service is used. By using our Service, you consent to these Service Providers having access to your personally identifiable data, to perform these tasks on our behalf. These Service Providers are obligated not to disclose or use this information for any other purpose.
We do not have access to, or control over, the actions of a Service Provider. Each Service Provider uses information that it collects in accordance with its own privacy and security policies.
Analytics
We may use third-party Service Providers to monitor and analyze the use of our Service.
Google analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/
Behavioral remarketing
Racepass uses remarketing services to advertise on third-party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Service.
Google AdWords
Google AdWords remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads
Google also recommends installing the Google Analytics Opt-out Browser Add-on - https://tools.google.com/dlpage/gaoptout - for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/
Twitter remarketing service is provided by Twitter Inc.
You can opt-out from Twitter's interest-based ads by following their instructions: https://support.twitter.com/articles/20170405
You can learn more about the privacy practices and policies of Twitter by visiting their Privacy Policy page: https://twitter.com/privacy
Facebook remarketing service is provided by Facebook Inc.
You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/516147308587266
To opt-out from Facebook's interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings. For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation
Payments
We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors). We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processors we work with are:
Apple Store In-App Payments
Their Privacy Policy can be viewed at https://www.apple.com/legal/privacy/en-ww/
Google Play In-App Payments
Their Privacy Policy can be viewed at https://www.google.com/policies/privacy/
Stripe
Their Privacy Policy can be viewed at https://stripe.com/us/privacy
PayPal Their Privacy Policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full
Links to other sites
Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
Protection of personal information act (POPIA)
We subscribe to the principles outlined in POPIA, which governs data processing activities in South Africa. In accordance with POPIA, we ensure that:
- We only collect, process, and store ('use') your personally identifiable information with your consent as set out in this Privacy Policy, unless legally required to do so, and will only use such information for the lawful purposes for which it is required and we disclose those purposes (see these purposes above).
- We keep a record of your personally identifiable information and the specific purpose for which we have used it.
- We don’t use your personally identifiable information for any purpose other than that which we disclosed to you, unless you give us your express written permission to do so, or unless we are permitted/required to do so, by law.
- We don’t use your data in a way that puts you at risk.
- We provide adequate protection for the personally identifiable information we hold and to stop unauthorized access and use of this information. We will, on an ongoing basis, continue to review our security controls and related processes to ensure that your personally identifiable information remains secure.
Your data protection rights under POPIA
- You have the right to request access to the personally identifiable information we hold about you. To do this, simply contact us at the numbers/addresses provided in this Privacy Policy and specify what information you require.
- You have the right to ask us to update, correct, or delete your personally identifiable information.
- In certain circumstances, you have the right to object to us processing your personally identifiable information. Please contact us and a member of our team will respond to you.
- You have the right to “opt-out” if you no longer want to receive marketing messages from us. To opt-out, please contact us at the details provided in this Privacy Policy and make this request.
- You also have the right to complain to the Information Regulator (South Africa) if you feel we are using your personally identifiable information unlawfully. The Information Regulator can be contacted at inforeg@justice.gov.za.
Please note that we may ask you to verify your identity before responding to such requests.
General data protection regulation (GDPR)
Legal basis for collecting your data under the GDPR
If you are from the European Economic Area (EEA), ARacepass’ legal basis for collecting and using the personally identifiable information described in this Privacy Policy depends on the type of information we collect and the specific context in which we collect it.
Racepass may process your personally identifiable information because:
We need to perform Services for you based on a contract with you; You have given us permission to do so; The processing is in our legitimate interests and it's not overridden by your rights; For payment processing purposes; To comply with the law.
Your data protection rights under general data protection regulation (GDPR)
If you are a resident of the EEA, you have certain data protection rights. Racepass aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personally identifiable information. If you wish to be informed what personally identifiable information we hold about you and if you want it to be removed from our systems, please contact us at the details provided in this Privacy Policy.
In certain circumstances, you have the following data protection rights:
- The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your personally identifiable information directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
- You have the right to have your information rectified if that information is inaccurate or incomplete.
- You have the right to object to our processing of your personally identifiable information.
- You have the right to request that we restrict the processing of your personal information.
- You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
You have the right to complain to a Data Protection Authority about our collection and use of your personally identifiable information. For more information, please contact your local data protection authority in the EEA.
If you request that we delete your account with us, we will do so within a reasonable period of time and will notify you once, but we may need to retain some of your personally identifiable information if necessary to satisfy our legal obligations, or where we reasonably believe that we have a legitimate reason to do so.
California consumers data protection rights (CCPA)
If you are a California resident, the California Consumer Privacy Act of 2018 (“CCPA”) provides you with additional rights regarding our use of your personally identifiable information. To learn more about your California privacy rights, visit https://oag.ca.gov/privacy/privacy-laws.
The CCPA requires businesses that meet certain criteria to provide certain information to them. We are not within the scope of the CCPA as of the date of this Privacy Policy (as updated) because we do not buy, receive, sell or share personally identifiable information from more than 50 000 California consumers or devices. However, legal compliance & your security is extremely important to us and that is why we fully describe our practices in this Privacy Policy. Even though we do not fall under the scope of the CCPA at this stage, we confirm that:
Children's privacy
Our Service does not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children have provided us with personally identifiable information, please contact us. If we become aware that we have collected personally identifiable information from children without verification of parental consent, we will take immediate steps to remove that information from our systems.
Data Deletion
You may opt-out of our service at any time and request the deletion of your personally identifiable information at any point by emailing support@racepass.com.
Please be aware this will result in the deletion of your Racepass account.
Changes to this privacy policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact us
If you have any questions about this Privacy Policy, please contact us:
By email:
legal@racepass.com