PrinciplesOur goal is to provide responsible processing of personal data, which is based on best practice, bearing in mind that the company is always ready to demonstrate the compliance of the processing of personal data with the purposes set. Worldloppet´s all processes, instructions, operations and activities related to processing personal data are based on the following principles: Legality. The processing of data subjects’ personal information will be carried out in accordance with applicable laws or regulations, in particular with reference to the EU general data protection regulation 2016/679 (hereinafter: the “Regulation”) for the protection of natural persons in relation to the processing of personal data, and to the national legislation implementing the Regulation as well to the measures taken by the national supervisory authority. In case of processing personal data, there is a legal basis for this, for example a consent, or it is necessary for the performance of a task carried out in the public interest.
- Fairness. The processing of personal data is fair, requiring, first of all, that the data subject has sufficient information on how their personal data are processed.
- Transparency. The processing of personal data is transparent to the data subject.
- Purposefulness. Personal data is collected for precisely and clearly defined and legitimate purposes and will not be processed later in a way that does not conform to these purposes. Worldloppet services have therefore follow the proportionality and necessity principles, in such a manner as to reduce the collection and use of user identification data of data subjects to the minimum, while at the same time preventing processing whenever the use of anonymous data or any other arrangements allow to achieve the intended purpose.
- Correctness. The personal data are correct and, if necessary, updated, and all reasonable steps will be taken to delete or correct the personal data which are incorrect from the point of view of the purpose for processing personal data.
- Principle of restricted storage – personal data shall be stored in a form that allows data subjects to be identified only for as long as it is necessary to fulfil the purpose for which the personal data is processed.
- Reliability and confidentiality. Processing of personal data is carried out in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by using reasonable technical or organizational measures.
Data collected & purposes of use:
- Personal data of employees, President and Board Members: name, date of birth, address, bank account details, phone, e-mail. Data is held during the fulfilment of duties and 8 years after agreement is finished for fulfilment of accounting laws of Estonian Republic. Data is kept in the computer and folders of CEO.
- Data of member organizations: name of organizing body of OC, address, phone, e-mail, website address, names of contact persons. This data is held and updated constantly until membership is active and 8 years after membership is finished for fulfilment of accounting laws of Estonian Republic. Data is kept in the computers of Worldloppet and used only by employees of Worldloppet.
- Personal data of Worldoppet passport owners (name, date of births, sex, address, phone, e-mail). Worldloppet passports owners’ data is collected when purchasing the passport via online shop worldloppetstore.com or at every member race office. Member race send list of sold Worldloppet passports with passport owners data once a year to Worldloppet office. Every member race has data of only those Worldloppet passport owners, who have purchased passport at their office.
- E-mail addresses of the subscribers of an email newsletter are collected via sendsmaily.com platform upon subscription and kept until person unsubscribes form newsletter.
- Personal data of e-shop worldloppetstore.com customers (name, address, phone, e-mail). Data of e-shop customers is collected via WordPress platform woocommerce and kept up to one year from last order. The data processors does not have access to client confidential bank and payment card requisitions. WordPress as subcontractor, thus ensuring confidentiality, integrity, availability and resilience of IT systems and services through which data are processed and stored.
- Race results of skiers who have participated in WL member races (name, sex, data of birth, nationality). Race results of the skiers are provided by member organizations on the basis of mutual agreement and kept forever as a matter of public interest. Consent for process personal data related to results is provided by data subject at the time of the registration to a race. All data collected is necessary for fulfilment of organization objectives – nomination of Worldloppet Masters. Racer data is not given out for third parties. In this respect, Worldloppet has engaged Juniper Solutions based in Predazzo, Italy as subcontractor, thus ensuring confidentiality, integrity, availability and resilience of IT systems and services through which data are processed and stored. For years 1979-2011 race results are kept in paper files in Worldoppet office in Tartu, Estonia. Data of race results starting from 2001 is available publicly on website worldloppet.com.
- Personal data of users of the website worldloppet.com and all pages belonging to it are collected by pixels. This data includes IP addresses, proxy servers, devices, location, browser types, pages and files used on our website, searches, operating systems and system configurations, dates and times associated with the website visit.
- Personal data (name, e-mail address) resulting from normal communication between the data subject and Worldloppet office; is kept in virtual mailbox rented from Microsoft Office and is not public.
- Personal data made clearly public by the data subject (e.g. in social media) is not stored by Worldloppet and is public.
- Social media features. Worldloppet websites may use social media features, such as the Facebook- and/or Instagram-like button. For person may be given an option by such a Social Media features to post information about person´s activities on a website to a personal profile page that is provided by a third-party social media network in order to share with others within his/her network.
- Public and/or freely available data recordings of sport events. Worldloppet also act as an aggregator of results from competitive and non-competitive sports events. To this end, the Controller may process personal information acquired from lists, public directories (including but not limited to rankings and results from sports events organised by business partners and/or affiliates) or that is freely available to the general public.
Data processing rulesAll personal data are processed mainly using electronic instruments and methods; nevertheless this does not exclude the use of paper files. These data will be stored in such a manner to allow identification of the data subjects only for the time strictly necessary to accomplish the purposes for which the data were collected in the first place and, in any case, within the terms of the law. Every person has the right to:
- request and obtain information as to whether or not personal data concerning them are held and being processed by Worldloppet,
- check his/her personal data,
- request access to the personal data,
- request corrections to the personal data,
- request limiting of the personal data,
- request and obtain erasure of their personal data where the information and the data are not necessary – or no longer necessary – in relation to the purposes referred to above or on other legal grounds,
- request the transfer of personal data,
- request an evaluation by a supervisory authority.