Privacy Policy

Privacy Policy of Worldloppet Ski Federation

of 25th May 2018

This Privacy Policy describes how, why and which personal data is processed by Worldloppet Ski Federation as data controller under this policy (hereinafter: “Worldloppet” or the “Controller”). Worldloppet has committed to treating the company’s customers’ personal data, respecting all their rights. Based on this, the company has developed the main principles of data processing policy regarding the collection, use, disclosure, transfer and storage of customer data. A data subject is a natural person about whom Worldloppet has information, or the information that can be used to identify a natural person. Data subjects are, for example, customers, collaborators, and employees as natural persons whose personal data Worldloppet has received.

Principles

Our goal is to provide responsible processing of personal data, which is based on best practice, bearing in mind that the company is always ready to demonstrate the compliance of the processing of personal data with the purposes set. Worldloppet´s all processes, instructions, operations and activities related to processing personal data are based on the following principles: Legality. The processing of data subjects’ personal information will be carried out in accordance with applicable laws or regulations, in particular with reference to the EU general data protection regulation 2016/679 (hereinafter: the “Regulation”) for the protection of natural persons in relation to the processing of personal data, and to the national legislation implementing the Regulation as well to the measures taken by the national supervisory authority. In case of processing personal data, there is a legal basis for this, for example a consent, or it is necessary for the performance of a task carried out in the public interest.
  • Fairness. The processing of personal data is fair, requiring, first of all, that the data subject has sufficient information on how their personal data are processed.
  • Transparency. The processing of personal data is transparent to the data subject.
  • Purposefulness. Personal data is collected for precisely and clearly defined and legitimate purposes and will not be processed later in a way that does not conform to these purposes. Worldloppet services have therefore follow the proportionality and necessity principles, in such a manner as to reduce the collection and use of user identification data of data subjects to the minimum, while at the same time preventing processing whenever the use of anonymous data or any other arrangements allow to achieve the intended purpose.
  • Correctness. The personal data are correct and, if necessary, updated, and all reasonable steps will be taken to delete or correct the personal data which are incorrect from the point of view of the purpose for processing personal data.
  • Principle of restricted storage – personal data shall be stored in a form that allows data subjects to be identified only for as long as it is necessary to fulfil the purpose for which the personal data is processed.
  • Reliability and confidentiality. Processing of personal data is carried out in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by using reasonable technical or organizational measures.

Data collected & purposes of use:

  • Personal data of employees, President and Board Members: name, date of birth, address, bank account details, phone, e-mail. Data is held during the fulfilment of duties and 8 years after agreement is finished for fulfilment of accounting laws of Estonian Republic. Data is kept in the computer and folders of CEO.
  • Data of member organizations: name of organizing body of OC, address, phone, e-mail, website address, names of contact persons. This data is held and updated constantly until membership is active and 8 years after membership is finished for fulfilment of accounting laws of Estonian Republic. Data is kept in the computers of Worldloppet and used only by employees of Worldloppet.
  • Personal data of Worldoppet passport owners (name, date of births, sex, address, phone, e-mail). Worldloppet passports owners’ data is collected when purchasing the passport via online shop worldloppetstore.com or at every member race office. Member race send list of sold Worldloppet passports with passport owners data once a year to Worldloppet office. Every member race has data of only those Worldloppet passport owners, who have purchased passport at their office.
Personal data of Worldoppet passport owners is kept in online database until organization exists as these passports does not have an expiration date. It is necessary to collect stated data to avoid duplicate passport owners. E-mail addresses are also used for contacting purposes and sending out passport owner’s newsletter until person unsubscribes form newsletter. All data collected is also necessary for fulfilment of organization objectives – nomination of Worldloppet Masters. Data of passport owners is not public, is not given out for any third party. , and is kept in server rented from Juniper Solutions based in Predazzo, Italy. In this respect, Worldloppet has engaged Juniper Solutions based in Predazzo, Italy (whose services have certification for compliance with ISO 27001 standard) as subcontractor, thus ensuring confidentiality, integrity, availability and resilience of IT systems and services through which data are processed and stored. Passport owners´ data is duplicated on paper files, kept in Worldoppet office in Tartu, Estonia.
  • E-mail addresses of the subscribers of an email newsletter are collected via sendsmaily.com platform upon subscription and kept until person unsubscribes form newsletter.
  • Personal data of e-shop worldloppetstore.com customers (name, address, phone, e-mail). Data of e-shop customers is collected via WordPress platform woocommerce and kept up to one year from last order. The data processors does not have access to client confidential bank and payment card requisitions. WordPress as subcontractor, thus ensuring confidentiality, integrity, availability and resilience of IT systems and services through which data are processed and stored.
  • Race results of skiers who have participated in WL member races (name, sex, data of birth, nationality). Race results of the skiers are provided by member organizations on the basis of mutual agreement and kept forever as a matter of public interest. Consent for process personal data related to results is provided by data subject at the time of the registration to a race. All data collected is necessary for fulfilment of organization objectives – nomination of Worldloppet Masters. Racer data is not given out for third parties. In this respect, Worldloppet has engaged Juniper Solutions based in Predazzo, Italy as subcontractor, thus ensuring confidentiality, integrity, availability and resilience of IT systems and services through which data are processed and stored. For years 1979-2011 race results are kept in paper files in Worldoppet office in Tartu, Estonia. Data of race results starting from 2001 is available publicly on website worldloppet.com.
  • Personal data of users of the website worldloppet.com and all pages belonging to it are collected by pixels. This data includes IP addresses, proxy servers, devices, location, browser types, pages and files used on our website, searches, operating systems and system configurations, dates and times associated with the website visit.
  • Personal data (name, e-mail address) resulting from normal communication between the data subject and Worldloppet office; is kept in virtual mailbox rented from Microsoft Office and is not public.
  • Personal data made clearly public by the data subject (e.g. in social media) is not stored by Worldloppet and is public.
  • Social media features. Worldloppet websites may use social media features, such as the Facebook- and/or Instagram-like button. For person may be given an option by such a Social Media features to post information about person´s activities on a website to a personal profile page that is provided by a third-party social media network in order to share with others within his/her network.
These features are hosted by the respective social media network or directly on our website. To the extent these features are hosted by the respective social media networks, the latter may receive information that the user has visited our website from his/her IP address. If the user is logged into his/her social media account, it is possible that the respective social media network can link the user`s visit of our websites with his/her social media profile. When interacting with us in social media, such as following Worldloppet or share our content on Facebook and Instagram or other sites, we may receive information from those social networks including person´s profile information, picture, user ID associated with social media account, friends list, and any other information person has permitted at social network to share with third parties. The information we receive is dependent upon each person´s privacy settings.
  • Public and/or freely available data recordings of sport events. Worldloppet also act as an aggregator of results from competitive and non-competitive sports events. To this end, the Controller may process personal information acquired from lists, public directories (including but not limited to rankings and results from sports events organised by business partners and/or affiliates) or that is freely available to the general public.

Data processing rules

All personal data are processed mainly using electronic instruments and methods; nevertheless this does not exclude the use of paper files. These data will be stored in such a manner to allow identification of the data subjects only for the time strictly necessary to accomplish the purposes for which the data were collected in the first place and, in any case, within the terms of the law. Every person has the right to:
  • request and obtain information as to whether or not personal data concerning them are held and being processed by Worldloppet,
  • check his/her personal data,
  • request access to the personal data,
  • request corrections to the personal data,
  • request limiting of the personal data,
  • request and obtain erasure of their personal data where the information and the data are not necessary – or no longer necessary – in relation to the purposes referred to above or on other legal grounds,
  • request the transfer of personal data,
  • request an evaluation by a supervisory authority.
These requests may be submitted by sending an email to info@worldloppet.com. Any request by e-mail must be submitted together with a copy of an identification document so that the person’s identity can be verified. The person has the right to turn to Data Protection Inspectorate or to court if he/she finds that his/her personal data has been misused. Contact info for the Data Protection Inspectorate can be found from http://www.aki.ee/en It is understood that data subject´s personal data may be communicated to third parties such as law enforcement authorities or other public administrations whenever this is permitted by law or required by orders or measures issued by a competent authority. These subjects will process such data as independent data controllers. The data protection specialist changes and/or erases the personal data after the person has been identified and if it is not in conflict with fulfilment of organization objectives. It may occur that after deletion of personal data, it is not possible for person to use services provided by Worldloppet and/or become a Worldloppet Master.

Third party websites

The Controller does not exercise control over websites and services run by third parties that may be linked from the www.worldloppet.com  nor supervises them with regard to contents and data processing policies thereof. Therefore, Worldloppet is under no circumstances liable for the processing of data carried out through or in connection with such third party websites. We therefore encourage you to carefully read the terms of use and the privacy policy of the portals you visit. Worldloppet provides links to third party websites and services for the sole purpose of facilitating user navigation. You acknowledge that the inclusion of such hypertext links does not imply nor is intended to provide any kind of recommendation or endorsement of the linked websites and that Worldloppet makes no warranties with respect to the contents, goods and services provided through them.

Cookie

When visiting the www.worldloppet.com and www.worldloppetstore.com pages, small strings of texts called cookies are placed on every computer by the Controller or third parties, to ensure normal website functions and allow the Controller to offer an improved user browsing experience. For further information please refer to www.worldloppet.com and www.worldloppetstore.com Cookie Policy.

Amendments

The Controller may amend or update all or part of this document at any time, also where amendments are made to laws or regulations governing the protection of personal data.