Privacy Policy
At paceUP!, our goal is to support our members fitness journeys by providing the best possible experience. To be able to offer our services, we need to process personal data. Your privacy is important to us and we do the best possible to protect your personal data and privacy.
We process your personal data when you use our app or websites. The processing of your personal data takes place in compliance with applicable local data privacy laws, e.g. the EU General Data Protection Regulation (“GDPR“).
In this policy (“Privacy Policy”) we want to inform you about the nature, scope and purposes of the collection and processing of your personal data.
If you do not agree to this policy, please do not use any of our services. Our services are intended for members and you that would like to register information around your training and recreational competitions to compare your achievements with other peers and friends. If you register as a member and user of our services, you agree to the Privacy Policy and all revisions thereof.
The latest version of our Privacy Policy will be available to you at www.paceup.se/privacy-policy. Please read our privacy policy before using our services.
DATA CONTROLLER
Data Controller & Data Protection Officer
The Data Controller of paceUP! is UP! international AB, Ljustret 9, 193 41 Sigtuna, Sweden
In case you have any questions regarding the processing of your personal data, you can contact our Data Protection Officer via email privacy@paceup.se.
WHICH DATA WE COLLECT AND PROCESS
paceUP! processes certain data, including personal data that you as a member make available to us when using our services, for example by using our app, and that our 3rd party data processors provide to us.
Personal Data Categories
The following categories of personal data might be collected directly or indirectly from you:
Identity – used to verify your identity
Name (first, last), e-mail address, profile picture, unique user ID, and information passed along to us via your Facebook or Apple account wen used during account creation.
Identity – used to perform our service
Date of birth and gender
Contact – used to get in contact with you
e-mail address any other communication channel you have used to contact us, e.g. phone number, shipping and billing address, Messenger ID, social media handle.
Location – used to perform our service and for security measurements
APP: Provided residential location, GPS locations
Websites: IP address
Size – used to perform our service
Height and weight
Activity – used to perform our service
Your fitness data, this includes, but not limited to, workout start and end times, activity type, duration, pace, distance, calories, heart rate, location data and paceUP! Points.
Payment – used to process your payments
Duration of your paceUP! Membership subscription, price, currency, VAT and payment provider. We do not store any credit card information in our systems, we store a payment ID number that is given out by the respective payment provider and can be allocated to you.
Purchase – used to personalize our marketing and offering
Your paceUP! purchase history and product reviews.
Social Media – used to personalize our marketing and offering
Information acquired through your interaction with paceUP! on our social media channels such as Facebook, Instagram, LinedIn, including any social media information that is publicly available such as your social media handles, social media interactions and public postings, your “Likes” and other reactions, your social media connections, your photos that are public, or those you send to us by mentioning us or following our social media posts by using “handles” or “hashtags”. We obtain this information from the social media network directly or indirectly through contracted 3rd party Data Processors.
paceUP! website visit – used to enhance the user experience when visiting our websites and network security
Your browsing history is collected by cookies, tags, and pixels. This includes, but not limited to, IP address, date and time of the visit, how long you remained on our website, any referral URL, the pages visited on our site, and your browser type.
Registration via Facebook or Apple
If you register your paceUP! account via social login, we will receive the following information:
Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA, “Facebook”:
First and last name, email address, date of birth, gender, profile picture;
Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA; “Apple”:
Email address.
Import Fitness Activity Information from Connected Accounts
We offer an automatic import of your fitness activity information from Garmin, You have to explicitly agree to connect your account from Garmin to your paceUP! account in order to import your activity data.
Service Use
Google Analytics
On our website, we have integrated Google Analytics, a web analytics service of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, “Google”. Web analytics is the collection, gathering, and analysis of data about the user interaction.
Although Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. For the web analytics through Google Analytics we use the application “_gat. _anonymizeIP”. By means of this application the IP address of the Internet connection of the user is anonymized by Google when accessing our website.
We use this data to understand the visitors of of website better and to optimize our website. Google Analytics provides online reports to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Google Analytics uses cookies. Disabling cookies on your internet browser will stop Google Analytics from tracking any part of your visit to our website. See our Cookie Policy for more information on cookies and how to opt-out of them.
Firebase & Google Analytics for Mobile
We use Google’s Firebase for our app on iOS and Android. User data is transmitted in an anonymized form to Google. Our Apps use identification for mobile devices, including the Google Advertising ID (“GAID”) and the ID for Advertising for iOS (“IDFA”), as well as technologies similar to cookies for the use execution of the Analytics for mobile service.
We use Firebase to analyze and constantly improve the performance of our app. Through the statistics we are able to identify software problems and improve our services quality. The basis for the processing of data are our legitimate interests.
App Event Tracking
When you are using our app, we will collect certain event information (e.g. creating a paceUP! account, starting a sport activity, logging an activity) and send them to our servers. This allows us to analyze and constantly improve our service performance and understand any identified service problems.
Cookies
Our websites use ‘cookies’ – small text files that are placed on your computer, mobile device and/or stored by the browser. The basis for the processing of data via cookies are our legitimate interests. For more information on the cookies we use, which, if any, personal data they collect, and how to disable them, please see our Cookie Policy.
WHY WE PROCESS DATA
Performing the Service
paceUP! process your data to be able to provide you with a smooth user experience while using our app and services, including to authenticate your account access; track and display your health and fitness activities, show your training statistics and calculating your paceUP! Points.
Member Support
Our Member Support access your data to respond to your requests, investigate, and resolve complaints and service issues.
Business Needs
We process data to monitor, analyze, and improve the use of our service, as well as protect the security or integrity of the service, and their performance and functionality.
When you use the app with your Corporate membership, paceUP! use push notifications in the app to communicate information about your membership, including promotional activities or offers.
Marketing General
We process Data to deliver personalized email newsletters, including marketing messages from paceUP! as a member of paceUP!. We use the email marketing platform of The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, ”Mailchimp”.
When opening the emails we are able to assess your user behavior with the help of so-called web beacons. The information created by this is then linked to your email address. This enables us to create to personalize our marketing email messages. We collect data on when you “Click on” our emails, or which links you click. We store and use your data for the purpose of email marketing. You can revoke your consent to the marketing emails at any time, by clicking the link at the end of the email. We store the tracking information as long as you are subscribed to our marketing emails.
Targeted ads
paceUP! use third-party advertising platforms, such as (but not limited to) Facebook, Google, LinkedIn to show you ads that are targeted at you, based on your behavior and browsing pattern, at specific times and locations of these platforms to increase the efficiency of our advertising campaigns. We use third-party targeting solutions such as Facebook Audience (but not limited to) to help us at targeting our campaigns and messages for our customers. Your personal data is shared with the third-party advertising platforms, and they will attempt to match your profile in their database to determine the optimal time and place (e.g. the page you are browsing) to show users an advertisement from us. We also analyze the information to understand the impact of our campaigns. If you don’t accept that we use and share your personal data for this purpose, we will exclude your data, but you might still see paceUP! advertisements on other platforms at random.
Compliance and Enforcement
We process your data to comply with our obligations and in compliance with all applicable laws and regulations.
We process your data, if we think it’s necessary for security purposes or to investigate possible fraud or other violations of our Terms & Conditions or this Privacy Policy and/or attempts to harm our members or visitors.
SHARING OF PERSONAL DATA
We will share data with third parties in the following situations:
- if this is necessary, for the purposes,
- due to a request from a national authority,
- due to a court ruling,
- if required by law,
- if necessary to investigate and defend ourselves against any third-party claims or allegations,
- to exercise or protect the rights and safety of paceUP!, our members, personnel,
- if you have (explicitly) consented beforehand.
We attempt to notify you about legal demands for your data when we think it is appropriate, unless prohibited by law or court order, or when the request is an emergency. We may dispute such demands when we believe that the requests are lack proper authority.
Profile
We distinguish between “private profiles” and “public profiles” where all profiles are private by default and only become public on your request. As long as your profile is a “private profile” other users will see your first name, last name, profile picture, country of residence. This is necessary to enable others to find you in our products. Moreover all users will see your paceUP! Points and the summary view of your recorded activities.
When your profile is a “private profile” other users can send you a request to become a Friend. Once you accept this Friend request, all information, which according to your privacy settings, you share with Friends, will become visible for those members. You will see all your friends activities and ranking as part of your Friends Group.
Leaderboard/Activity Feed
If you record an activity, you will automatically join a Leaderboard of accumulated seasonal paceUP! Points. We have the Top 100 Leaderboard which is visible to all members and the leagues Leaderboard which is visible to the members of that Leaderboard. This means, once you start recording activities, you will be part of a Leaderboard.
Challenges
Challenges are competitions within a defined timeframe and/or a specific goal. There are different challenges available for members to join. Some of these challenges are private, organized by corporate organizations for their employees. If you are part of a challenge you can compare your ranking with all members who are part of the same challenge group. First name, last name, profile picture, paceUP! Points and recorded activities are visible to all members within the same challenge group.
Groups
Every paceUP! Member can create groups and can invite other Members to join that group. Within a group you can interact with other members and compare your ranking with all users. First name, last name, profile picture, paceUP! Points and recorded activities are visible to all members within the group.
Our third party data processors
We use a number of third parties to provide and improve our services (e.g. maintenance, analysis, audit, payments, fraud detection, marketing and development) These service providers have limited but necessary access and personal data may also be processed by these companies and/or by their respective employees on our behalf. We use processors such as Google, Facebook, Amazon Web Services, Inc., HubSpot, Inc. All these third parties have been carefully chosen and all of them comply with the required legislations.
We remain liable to you for their performance of obligations. We will take steps to ensure that these third parties will only process personal data in accordance with our instructions, take appropriate security measures to protect your personal data, commit themselves and their employees to confidentiality, provide assistance to us in the discharge of our obligations to you and report all data breaches to us without undue delay.
DATA SELLING
We do never sell any of your personal data to third parties.
HOW LONG WE STORE DATA
We maintain your data as long as you have an account with us and are using our services. If you are a user and you stop using our services, without requesting to delete your data, we will keep it for 18 months after your last registered training activity. Accounts with no registered training activities will be deleted after 6 months.
If you decide to delete your account, all data will be deleted, with the exception of any information made public by you, like comments on other registered users’ sport activities. This information will be anonymized.
A deletion request does not affect data, if the storage is legally necessary, for example for accounting purposes.
WHICH RIGHTS YOU HAVE
To exercise your rights, please send a request via email or via mail. The details can be found under CONTACT.
Revocation of Consent
You can revoke your consent for future data processing at any time. However, this might imply that you can’t use our services any longer.
Right of Access
You have the right to obtain (i) confirmation as to whether or not your data is being processed by us and, if so, (ii) more specific information on the data. The more specific information concerns, among other things, processing purposes, categories of data, potential recipients, or the duration of storage.
Right to Rectification
In case the data processed by us is not correct, you have the right to obtain the rectification of inaccurate data concerning you. We will rectify these and inform you of this rectification. Please note that you can update much of your information in the profile settings of our app and it is not technically possible for us to rectify all kinds of data in our service.
Right to Erasure
You have the right to delete data we store about you. Should you decide to do so, please contact us via the email address. We will send you an email in order to confirm the deletion.
Right to Restriction of Processing
You have the right to obtain a restriction of processing of your data from us. A restriction might imply that we are not able to offer our services any longer to you as a member of paceUP!.
Right to Data Portability
You have the right to receive a copy of your data in a structured, commonly used and machine-readable format and transmit those data to another controller without hindrance from us.
Right to Object
You have the right to object at any time to the processing of data for which our legitimate interests are the legal basis or to processing of data for direct marketing purposes.
Right to File a Complaint
You have the right to file a complaint with your local supervisory authority, if you think that the processing of data infringes applicable law.
FURTHER IMPORTANT INFORMATION
Automated Decision Making and Profiling
Data protection laws regulate that we are only allowed to use automated Decision Making and Profiling, if a lawful basis to carry out profiling and/or automated decision-making exists.
We use Automated Decision Making and Profiling to secure the performance of our activity tracking service.
The lawful base of the usage of this type of decision-making derives from the individual’s explicit consent and the necessity for the performance of our service.
Security Measures
The Data Privacy of our members is important to us and we are committed to protect your data and implement appropriate technical and organizational security measures to protect it against any unauthorized or unlawful processing and against any accidental loss, destruction, or damage. Those security measures are constantly revised to comply with the latest technological developments.
On our websites, we have integrated security measurements to secure the best experience for our users. The security service we use is provided by Wordfence, a service of Defiant Inc. No data is transferred to Wordfence.
Wordfence stores information in our database when it detects a brute-force login attempt. Brute-force login attempts are repetitive login or “forgot password” failures produced by users. Only information about the computer’s IP address related to the brute-force attempts are stored in the database. Wordfence does not store any user related data in our database while a visitor uses the standard services provided by our website.
This data is currently stored in an identifiable fashion; a limitation of the content management system that this website is build on (WordPress). Pseudonymisation, meaning that the personal data can no longer be attributed to a specific user without the use of additional, separately stored information (key), is a requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to implement it on our website as soon as we are able to.
We use this information to analyze potential security threats and take actions to eliminate any security threats that will impact the safe use of our website and experience of our users.
Wordfence makes use of cookies. If you deactivates the setting of cookies in the Internet browser used, not all functions enabled by Wordfence may be entirely usable, but will not negatively impact the security of our website.
About our servers
Our services is hosted by AWS within a European data centre located in Ireland. All traffic (transferral of files) is delivered encrypted and over HTTPS.
CHANGES TO THE PRIVACY POLICY
We review and update this privacy policy periodically inline with legislation or industry developments by posting the updated version of the Privacy Policy on our website. We encourage you to visit occasionally to stay informed about how we use your personal information. We will notify you when we make significant changes that you must be aware of.
Latest update: 10/01/2021 Storage of Data updated.
CONTACT
UP! International AB
Ljustret 9
193 41 Sigtuna
, Sweden
privacy@paceup.se
