Privacy Policy

Your privacy is of the utmost important to us. We, at Sport Heroes (“SPH”), have a few fundamental principles:

- We don’t ask you for personal information unless we truly need it.
- We don’t share your personal information with anyone except to comply with the law, develop our products and services, or protect our rights.
- We treat your personal information with the highest regard to privacy and security.

Terms which are capitalised in this Privacy Policy (hereinafter the “Policy”) refer to terms asdefined in SPH’s T&Cs.
1. What is Sport Heroes and how does it work?

Sport Heroes offers a digital Service Platform aiming to encourage sport among its Users. The Platform is accessible from SPH Sites and through SPH Applications. These Services are developed by SPH on their own behalf (Running Heroes, Cycling Heroes, Swimming Heroes and United Heroes) or on behalf of third parties (“Partners”).

SPH guarantees continuity of access through all media to the Platform that we offer, both for SPH Sites and for SPH Applications. As such, SH is responsible for processing your Personal Data, its integrity, security and respect for your privacy in accordance with the Applicable Regulations.

Its contacts details are as follows:
Sport Heroes
18/20 rue du Faubourg du Temple
75011 Paris – France
Email: help@sportheroes.com

SPH is committed to respecting your right to privacy and shares your concerns about the security of the data you transmit to us through the SPH Sites, SH Applications and third-party Applications. This Policy sets out the guidelines established by SPH to protect the information you provide to SPH when you visit the Platform.

2. What information does Sport Heroes collect about me and how is it used?

In the context of the provision of Services, SPH is required to collect personal data, within the meaning of Article 4 of the GDPR, concerning Visitors and Users (hereinafter referred to as “Personal Data”) under the conditions detailed below.

In particular, SH may collect the following Personal Data:

- About Visitors:
● Navigation data collected for the purpose of measuring audience and traffic under the conditions detailed in point 4 below regarding Cookies. The legal basis for these processing operations is the fulfilment of the legitimate interests of SPH, without prejudice to the rights guaranteed to Visitor.
● Information constituting Personal Data voluntarily provided by the Visitor in the contact form and allowing them to contact SH in order to respond to their request sand ensure follow-up. The legal basis for the processing operations is the provision of services and responses formulated by Visitor.

- About Users:
● Identification data that is provided by Users when creating their User Accounts, including, in particular, their last name, first name, e-mail address and password for the purpose of creating the account and managing SPH’s relationship with Users, including in the context of evaluations of the Services by Users. The legal basis for the processing is the need to provide the User with the Services related to the use of his/her Account.
● Data which is voluntarily and optionally provided by the User on their User Account, such as gender, date of birth, city and photograph, for the purpose of personalising the Services and Rewards. The legal basis for the processing operations is the fulfilment of SPH's legitimate interests to adapt and measure the modalities of use of its Services by Users, without prejudice to the rights guaranteed to User.
● Data collected via third-party applications if the User chooses to connect them to the Platform, such as GPS and training data and navigation data collected under the conditions set out in point 4 relating to Cookies, in order to provide the Services to Users. The legal basis for the processing operations concerned is the free, informed, unambiguous and retractable consent of User.
● Payment data collected securely by our trusted third parties (Stripe, Njuko) in the context of the unblocking of Paid Challenges by User. The legal basis for the processing is the need to provide User with the Services associated with participation in a Paid Challenges.

None of the data collected by SPH, nor information resulting from data processing, fall within the scope of health data as defined by the GDPR.

SPH may aggregate this data in order to prevent identification of the persons concerned for statistical purposes and use it to improve the quality of its Services.

Finally, GPS data is stored pseudonymized to minimize as much as possible the potential impact on users privacy.

3. How long is data stored by SH?

SPH keeps the Personal Data of Visitors and Users only for as long as is strictly necessary for the fulfilment of the above purposes, subject to compliance with its legal and regulatory obligations. In particular, User Data is deleted immediately after a User Account is closed or after three years of inactivity.

4. What cookies does SPH use?

SPH uses cookies and other tracking technologies on its SPH Sites and Applications. A cookie is a text file placed on your device (e.g. computer, telephone, tablet), via your browser software (hereinafter referred to as “Cookies”).

Like most standard website servers, the Sites use log files built on the basis of Cookies. This includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyse trends, administer the Sites, track Visitors’ movement in the aggregate, and gather broad demographic information for aggregate use. SPH may use your IP address to identify you, to administer the Site and the Applications to assist in diagnosing problems with SPH’s server.

You can find a list of the cookies we use on our Sites and Applications below.

Cookies type:
Who places the cookies?
How can I refuse them?

Technical cookies:
These cookies are strictly necessary to provide access to services via the Sites and Applications and to secure the Sites and Applications.

As these cookies are strictly necessary for the operation of the Sites, you cannot refuse them. You can block or delete them by changing your browser settings, but this may affect your browsing of the Sites.

Analytical cookies:
These cookies help us to better understand how our Sites andApplications are used and help us to improve them

To refuse these cookies, please visit the following links:

5. To whom, and how, does SPH transfer my Personal Data?

5.1. Main data flows
In order to provide Users with the Services and functionalities related to their use of the Services, SPH may transfer or make accessible certain User data, strictly necessary for this purpose, to the following categories of recipients:

5.2. Transfer to third parties
SPH may transfer the data to its service providers. A list of all services providers to which we transfer a subset of data can be found in appendix. In addition, in the context of certain Challenges, and subject to the User’s express consent, SPH may transfer the User’s contact details to partner companies involved in the organisation of theChallenge. This partner company may then, subject to the consent of the User, contact the User again for promotional and advertising purposes.
When the User uses the Services through a Partner Platform: The ownership of the data is shared between SPH and the Partner. It is thIs subject to an exchange of data between SPH and to the aforementioned Partner for the purpose of providing the Services to User..

● The said Partner is likely to share data with other third parties of its choice, provided that.
User has expressly and previously consented to the sharing of his/her data within our Services or on the Partner Platform. In this case, the third party receiving the data remains responsible for processing the data concerned.

User data may be transmitted to Partners so that the latter can, if necessary, manage support requests in connection with the Services.

5.3. Transfers outside the European Union
Personal Data may be processed outside the European Union, in particular for the purpose of automatic backup every 12 hours in servers located in the United States. Sport Heroes will not transfer Personal Data outside of the European Union without implementing appropriate safeguards in accordance with Applicable Regulations as interpreted by the French data protection authority and the EU Court of Justice.

6. What does SPH do to protect the data I transmit to SPH?

The Sites use industry standard Transport Layer Security (TLS) technology to allow for the encryption of personal information such as your name and address. The Sites are also registered with site identification authorities so that your browser can confirm SPH’s identity before any Personal Data is sent.

Finally, the banking data collected by our online sales service providers (Stripe, Njuko) is subject to a level of security appropriate to the risk associated with the processing of these data. SPH only stores an identifier specific to our online sales service providers (Stripe, Njuko) and does no thave unencrypted access to these data.

7. What can I do to help make sure the security works correctly?

To help ensure that these measures are effective in preventing unauthorized access to your private information, we invite you to familiarise yourself with the security features available to you through your browser. You should use a security-enabled browser to submit your personal information at the Sites.
Please note: if you do not use an SSL-capable browser, you are at risk of having data intercepted by unauthorised third parties. SH will not be responsible for any compromise of data that is intercepted due to your use of an unsecured browser. Most browsers have the ability to notify you if you change between secure and insecure communications, receive invalid site identification information for the site you are communicating with, or send information over an unsecured connection. SH recommends that you enable these browser functions to help ensure that your communications are secure. You can also monitor the URL of the site you are visiting (secure URLs begin with https:// rather than the normal http://), along with the security symbol of your browser (a green or red padlock in GoogleChrome for example) to help identify when you are communicating with a secure server. You can also view the details of the security certificate of the site to which you are connected. SPH encourages you to use this to check the validity of any site you connect to using secure communications.

8. Does SPH offer opt-out or opt-in services?

Yes. If you no longer wish to receive emails from SPH, please:
• follow the unsubscribe instructions available in every e-mail; or
• send an email to: help@sportheroes.com

If you do so, SPH will not provide or share its mailing lists or other information about you with any other company or service for promotional purposes.

9. What are my rights?

In accordance with the Applicable Regulations, you have the right to access, rectify, modify, delete (right to forget), limit processing, object to and, where applicable, limit processing and portability (in JSON format) of personal data concerning you at any time and at no cost, subject to the rights and freedoms of third parties and the obligations incumbent on SPH. You also have the right to define directives regarding what should happen to your Personal Data after your death. Where processing is based on consent, the Client may, at any time, notify their withdrawal of that consent, it being specified that any processing carried out prior to the withdrawal remains lawful.
Clients may exercise their rights:
• By sending an email to the following address: help@sportheroes.com; or
• By writing to the postal address: Sport Heroes Group 18/20 rue du Faubourg du Temple, 75011 Paris – France;
• Regarding the rights of rectification, modification and deletion, by configuring or updating their profile in “Edit your profile” from their Sport Heroes User Account.

If you believe that SHG has failed to comply with its legal obligations under the Applicable Regulations, you, or an organisation mandated for this purpose, may file a complaint with the CNIL or the supervisory authority of the European Union Member State in which you are ordinarily resident.

10. Privacy Policy changes

SPH may change this Policy at any time, and you are therefore requested to review it regularly on the SPH Sites and/or SPH Applications you visit or use. In the event of a substantial change in the Policy concerning your rights, SPH will inform you as soon as possible.

11. How to contact SPH?

SPH welcomes your questions and comments. Send us your questions or comments by e-mail to the following address: help@sportheroes.com or contact our Data Protection Officer at the following e-mail address: dpo@sportheroes.com

Appendix : Data map:

1. Users

- First name - public
- Last name/public
- Email / privé
- Gender / private or public if data is deducted from the subscription to certain Challenges
- Birthday / private or public if data isprovided in order to subscribe to certainChallenges
- Motto / public
- Language / public
- Picture / public
- Facebook / private (Id - access token)
- Google / private (Id - access token)
- Lieux / public (Label - City - Country - Time zone - Postcode - Lat. - Lng.)
- Applis / public (Profile id - profile URL - access token)
- Campany / private
- Business unit / private
- Bib number / private
- Phone number/ private
- Postal address / private
- Shoes size/ private
- T-shirt size/ private

2. Activities - public or private (user choice)

- Id
- Provider
- Distance
- Duration
- Climb
- Descent
- Start date
- Waypoints
- Lat.
- Lng.
- Ele
- Time
- Type
- Time zone
- Calories
- Steps
- Active time

List of all third party providers to which we transfer data:

● AWS - Cloud Computing Services
● Algolia – Search service
● Braze – CRM
● MongoDB - Cloud hosted databases
● CloudAMQP - Cloud hosted databases
● Mailjet – Email as a Service
● Typeform – Online form
● Zendesk – Support service
● Adjust – Mobile marketing measurement
● Facebook, Twitter, Instagram and Google (in the context of marketing campaigns for consumer platforms, or after a contact with Sport Heroes on one of those providers website)
● Mixpanel – Product and User Behavioral Analytics for Mobile & Web
● Stream – Feed and Chat as a service