- Processing of personal data: the processing of ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). The term ‘processing’ is broad and covers, among other things, data collecting, recording, organizing, storing, updating, modifying, retrieving, consulting, using, distributing or making available in any way, merging, combining, archiving, erasing or eventually destroying the data.
- Controller: a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Processor: the controller can appoint an external subcontractor to process personal data. In such a case, the subcontractor is the ‘processor’. This can be a natural or legal person, a public authority, agency or another body that processes personal data on behalf of the controller.
Bioracer Motion BVBA, with its registered office at 3980 Tessenderlo, Ravenshout Industrial Zone 5.2.50, registered with the CBE (Crossroads Bank for Enterprises) under number 0542.345.905, is the controller of the personal data (hereinafter ‘Bioracer Motion’).
Bioracer Motion processes the following categories of personal data of its customers:
- Personal identification data: data that enables us to identify and contact our customers such as surname, first names, address, telephone number and email address.
- Physical description: data that enables us to offer our bikefitting services such as age, gender, height, weight and body measurements.
- Financial data: invoicing and payment details, including data relating to the assessment of the creditworthiness of customers.
- Electronic identification data: IP addresses and cookies are processed to improve the usability of our online environments.
- Leisure activities: data about the sports or leisure activities of our customers enable us to offer existing or potential customers the appropriate range of products.
- Images or videos: Bioracer Motion may process images and/or videos of customers or sponsored athletes for promotional purposes.
More than one of the above data categories can be combined.
Bioracer Motion does not process special categories of personal data that are prohibited in terms of Article 9 of the GDPR which reveal racial or ethnic origin, membership in interest groups, political opinions, ideological or religious views, health status, or data concerning a natural person’s sex life or sexual orientation. Bioracer Motion does not process genetic or biometric data with the aim of uniquely identifying a natural person.
Bioracer Motion processes personal data for various purposes and will always try to process only data that is necessary in order to achieve specific objectives. The use of personal data is necessary in the following cases:
- In the preparation and execution of a placed order or implementation of a service (agreement).
- To comply with the legal obligations to which Bioracer Motion is subject.
- To represent our legitimate interests, always striving to ensure that these interests do not outweigh the respect for the privacy of personal data.
If the processing of personal data is not needed for any of the above purposes, we will always request explicit permission from the data subject to process the personal data.
Bioracer Motion collects personal data for the following specific purposes:
- To process a request for Bioracer Motion products or services
- People who are interested in the products and services of Bioracer Motion and contact Bioracer Motion (by telephone, email, or through its website) are asked to leave their personal details so that we can contact them in order to make an appointment.
- To continuously improve our products and services
- Feedback from (professional) athletes and customers regarding our products and services provides an important source of data that enables us to improve the usability, functioning and additional features of our software.
- To announce new products and services
- Bioracer Morion may use personal data to inform its customers (either electronically, in writing or by telephone) of new products, discounts, events or new services. Bioracer Motion may also approach individuals, companies and clubs by mail or newsletter even if they are no longer a Bioracer Motion customer. This can be cancelled by unsubscribing to these services (opting-out).
- To retain statistics for internal use
- Bioracer Motion may use personal data to generate internal reports and analysis in order to evaluate our own procedures and operational processes, allowing us to improve our products and service offerings, or to adapt them in accordance with the evolution of the market (trend analysis).
- To conduct research
- At Bioracer Motion we continuously have research projects. Most of them are with the help of university students. To be able to use the most modern techniques like machine learning, we have to use data. This data is mostly the cycling data together with some personal information (inseam length, gender, training level). The personal information can be used to cluster our dataset, while the cycling data is used to determine features for machine learning. You can contact us to delete both your cycling data and personal data. However, this data will only be used for research purposes and will be treated confidentially, by no means will this data ever be published. If research is published in the form of a paper, the data will be made anonymous (i.e. Cyclist X). It is even the case that scientific papers may not contain any confidential information, papers will never contain the names of test persons or the data of which persons where used.
Bioracer Motion does not use automated decision making which may result in legal consequences, or which may similarly significantly affect those involved.
RECIPIENTS AND DATA TRANSFERS
Bioracer Motion does not sell personal data to third parties without permission and does not share personal data with third parties except in the following instances:
- Where necessary for the delivery of our products and services. Bioracer Motion may use third parties for the delivery of products and services, and as a result make its databases available for this purpose. This data will solely be shared for the same purpose as which Bioracer Motion processed it and is limited only to the data needed for carrying out their instructions. Bioracer Motion guarantees that these third parties shall take the appropriate technical and organizational measures needed in order to protect the personal data which they are privy to.
- Subject to legal obligation. Bioracer Motion will share personal data with government authorities, legal services or police services when required to do so by law.
- Permission given. In all other cases, when Bioracer Motion shares personal data with third parties, the data subject will be notified in advance, with an explanation regarding the third party and the purpose. Where required by law, permission will naturally be requested first.
When personal data is processed outside of the European Union, Bioracer Motion will take appropriate contractual or other measures to ensure that this personal data is subject to the same or comparable level of protection as if it were protected within the European Union and in accordance with the GDRP legislation.
For all our websites, we use SquareSpace (https://www.squarespace.com/) with one of the built-in templates.
We enabled the built-in Google Analytics option (https://support.squarespace.com/hc/en-us/articles/205815608). We only use the Google Analytics data internally so we can offer better support to our clients and improve our products. We never make any of the data public or transfer it to a third party.
SquareSpace is GDPR compliant: https://support.squarespace.com/hc/en-us/articles/360000851908-GDPR-and-Squarespace
No personal data is stored or used on the main Bioracer Motion website (https://bioracermotion.com/).
We have a blog section (https://bioracermotion.com/blog) which allows visitors to add comments to the articles we post. The commenting system is part of the SquareSpace system and the comments are stored there. The comments are shown publicly. The comments consist of only data that is entered explicitly by the visitor.
The blog system also allows visitors to like a post. This is also built into the SquareSpace system. Only the number of likes is shown, but a minimal amount of personal data is likely used internally to make sure one person/computer can only like once (see the SquareSpace documentation linked to above).
The main Bioracer Aero site (http://bioraceraero.com/) shows a map with available Bioracer Aero systems around the world. We only show the location and information of clients that explicitly agree to do so.
When contacting us through the contact form on the website (http://bioraceraero.com/en/askinformation), we only convert the message to an email sent to our internal system. We treat the information as any other confidential email conversation. We use the built-in form system of SquareSpace: https://support.squarespace.com/hc/en-us/articles/205814638
The Bioracer Aero site contains a webshop, using the built-in webshop component of SquareSpace (). We enabled both Stripe and PayPal integration (https://support.squarespace.com/hc/en-us/articles/235161188). We treat the information obtained through our webshop with the same confidentiality as client information obtained through direct communication (see the Marketing and Administration sections in this document).
No personal data is stored or used on the main Bioracer Service Center website (http://www.bioracerservicecenter.com/ and http://www.bioracerservicecenter.be/).
When contacting us through the contact form on the website (http://www.bioracerservicecenter.com/#contact-us), we only convert the message to an email sent to our internal system. We treat the information as any other confidential email conversation. We use the built-in form system of SquareSpace: https://support.squarespace.com/hc/en-us/articles/205814638
The cyclist’s personal information will be written down and kept safe in a binder. Your email address will be used to send you details about your bikefit if you opted for a full 3D motion analysis. Your body measurements can be used to determine the first position for the start of the 3D motion analysis or static analysis. Therefore, bikefitting.com will be used, the handling of your personal data is a responsibility of bikefitting.com. The file in the binder will be kept here safely, to determine your optimal position in case you lost your file. You have the right to opt out of this convenience. If the data is in the binder, it can also be used for research purposes. However, your name or personal information will not be published.
The cycling data captured by our 3D Motion Analysis system will be visible for our “master” operators. The purpose is to analyze this data more thorough and to discuss the outcome with colleagues. The cycling data is also an important dataset for the research we conduct at Bioracer Motion. You can opt out of our research data set, and have the right to contact us to delete your data at any time.
In order to protect our software from misuse (making sure software or data is not copied to users that have no license to use it), we use a cloud authentication system. Users have to log on in our software using their personal login details.
We don’t store the passwords so there is no way for us or someone else to view the password. The rest of the required information (email, first and last name) is only displayed in the software when the user is logged on. We do not sell or send the information to a 3rd party or make it public.
This is true for all data of all our software packages: we never sell or send it to a 3rd party or make it publicly available, unless we have explicit consent from the person(s) involved. We can however use data internally if anonymized, and only for statistical or development purposes (making the software better).
Users can opt-in to send usage statistics to our Google Analytics system. Information gathered here is only used for making the software better and for troubleshooting purposes on the user’s request.
When a cyclist or operator wants (some of) their data removed from our system, we will permanently delete it within 48 hours. Note that there is no way to recover the data afterwards.
A list of cyclists is stored associated with each operator, along with recorded motion data. The information (name and email) and data (movement data) is only accessible by the operator, the cyclist itself. It can also be used internally for the sole purpose of making the software better and for troubleshooting or consultancy when explicitly requested by the operator.
We don’t store any Bioracer Aero data on the cloud. We only use logon authentication to prevent misuse of the software.
Contour Fitting data can be uploaded to the cloud when the operator explicitly issues a Contour Fitting license (see below). In that case, the data uploaded is only accessible by the cyclist involved (through the personal information that is mailed directly to the cyclist) and to the development team internally, as a sole purpose to make the software better.
When logged on in the Contour Fitting application, cyclists’ personal cycling pose data is downloaded. The data is only accessible through the personal login details sent directly to the cyclist, or by the developers as a sole purpose of making the software better.
In addition to necessary and functional cookies, Bioracer Motion also uses:
- Performance cookies: these cookies collect data about the use of the website, such as the number of visitors, from which countries these visitors originate, which pages are popular, how much time is spent on the pages and so on.
- Social media cookies: these cookies enable the functionalities of social media such as Facebook, Instagram, Twitter and LinkedIn. For example, this could be a ‘like’ button on the website.
- Advertising cookies: these cookies enable more efficient and personalised advertisements and advertising messages, tailored to the surfing behaviour and demographic data of the user of the website.
Bioracer Motion can also invoke third-party cookies such as from Google Analytics. Users of the website and online store can switch off or remove all installed cookies from their computer or mobile device at any time in their browser.
In order to protect the collected personal data used by Bioracer Motion, and to safeguard the privacy rights of data subjects, Bioracer Motion has implemented a number of technical and organisational measures:
- Bioracer Motion employees are informed how they should handle confidential personal data through periodic awareness campaigns.
- When new projects are started within Bioracer Motion, whereby personal data is processed, one of the assessment criteria is the security and protection of personal data. Privacy concerns are always taken into account.
Bioracer Motion employs various technical measures to protect personal data against unauthorised access, unauthorised use and loss or theft of data, including:
- Securing our systems and databases with a username and password.
- The use of firewalls to shield our systems from external attacks.
- The use of anti-virus and anti-spam software to protect our systems and data against viruses, spyware, spam and the like.
- Shielding data through profiles and rights management so that only specific data is visible to employees who need it to carry out their tasks.
- Keeping all software up-to-date with the latest security updates.
- The use of VPN connections and rights to secure the access to files on our servers.
In the event of a data breach, which may hold adverse consequences for data subjects, Bioracer Motion will go through the legally prescribed procedures and personally inform the data subjects about this within the legally required period.
DATA RETENTION PERIOD
In accordance with the GDPR regulations, Bioracer Motion is not allowed to keep personal data longer than is necessary in order to achieve the predetermined purpose for which the data was collected. This means that the storage period can differ considerably for each purpose.
Personal data processed for customer management are retained for the period necessary to comply with legal requirements. For example, in order to meet accounting and tax obligations, Bioracer Motion is obliged to keep the invoicing data for a maximum of 7 years. Due to legal necessity, certain data such as invoices, complaints and correspondence must be kept for a maximum period of 10 years.
After the applicable storage period(s) have expired, personal data will be deleted or anonymised.
EXERCISING PRIVACY RIGHTS
Individuals whose personal data is processed by Bioracer Motion have a number of rights as set out in the latest regulations in the GDRP.
Right to review
The data subject shall have the right to obtain from Bioracer Motion confirmation as to whether or not personal data concerning him or her are being processed and in those cases, have access to the personal data and the information regarding its processing purposes, including the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, the expected period for which the personal data will be stored, their privacy rights, the right to file a complaint and the existence of automated decision-making. Bioracer Motion shall be obliged to provide a free copy of the personal data undergoing processing in a commonly used electronic form.
Right to rectification
The data subject shall have the right to obtain from Bioracer Motion, without undue delay, the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. Where data has been provided to third parties, this will be disclosed to the data subject and the necessary changes will also be communicated to said third parties.
Right to erasure (‘right to be forgotten’)
In a number of specific cases, the data subject shall have the right to obtain from Bioracer Motion the deletion of personal data concerning him or her and Bioracer Motion shall have the obligation to delete such personal data where one of the following grounds apply:
- The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- The data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
- The data subject objects to the processing and there are no overriding legitimate grounds for the processing;
- The personal data has been processed unlawfully;
- The personal data must be deleted for compliance with a legal obligation or law to which Bioracer Motion is subject;
- The personal data was collected when the person was still underage.
Bioracer Motion is not always obliged to delete personal data, for example, when the data is necessary in respect of instituting legal proceedings.
Right to restriction of processing
Data subjects for whom Bioracer Motion stores data have the right to limit the scope of their processed personal data in the following cases:
- The accuracy of the personal data is contested by the data subject.
- The data subject has objected to the processing of their data and pending the verification whether the legitimate grounds of Bioracer Motion override those of the data subject, the data subject may request that the use of their data be restricted.
- The processing is unlawful, and the data subject opposes the deletion of the personal data and requests the restriction of their use instead.
- Bioracer Motion no longer needs the data, but the data subject requires it for him or herself.
Right to transferability
Data subjects whose data is held by Bioracer Motion have the right to have their personal data that they provided transferred to another processor. This is only possible if the information was provided based on an agreement, or subject to the consent of the person concerned.
Right to object
The persons from whom Bioracer Motion has collected data have the right to object to the processing of their data based on legitimate and justified grounds. Bioracer Motion will stop the processing of the data unless compelling or legal grounds can be shown to the contrary.
Data subjects have the right to oppose, free of charge, any processing of their personal data in terms of direct marketing (opt-out). This can be done without giving any reason and by contacting Customer Services, or by using the contact details below.
Data subjects have the right to file a complaint with the Commission for the Protection of Privacy.
Address: Drukpersstraat 35, 1000 Brussels
Tel: +32 (0)2 274 48 00