Whaka100 Mountain Bike Marathon® & the Whaka100 Shop is owned by Nduro Events.
This policy outlines how and why we collect, hold, disclose and use the personal information of participants, volunteers and media at all of our events. By "NDuro Events" we mean the following events or services:
- Whaka100 Mountain Bike Marathon®
- Whaka100 Shop®
- Volcanic Epic MTB Stage Race ®
- Winter Forest Festival
- Highlander MTB
- Ride Calendar
What is personal information?
In this policy, "personal information" means the same as it does in the Privacy Act 2020. In general terms, this includes any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion.
What personal information do we collect and hold?
We collect information about you and your interactions with us, for example, when you register for an event (as a participant or volunteer), purchase merchandise online shop process, contact our customer enquiry centre or otherwise visit our website.
The information we collect from you may include your identity and contact details, your history of purchases, your use of our products and services, and details of enquiries or complaints you make. If you are an athlete at an event the information we collect from you may also include your relevant medical history and race results. We may collect information about how you access, use and interact with the event website. We do this by using a range of tools such as analytics cookies.
This information may include:
- The location from which you have come to the site and the pages you have visited; and
- Technical data such as IP address, the types of devices you are using to access the website, device attributes, browser type, language and operating system.
A cookie is a small text file that is placed on a device when it is browsing a website to enable the host of the website to store information about use of the website by that device.
- We may use persistent cookies (which remain on your computer even after you close your browser) to store information that may speed up your use of our website for any of your future visits to the website.
- We may also use session cookies (which no longer remain after you end your browsing session) to help manage the display and presentation of information on the website.
Why do we collect, hold and use your personal information?
We collect, hold and use your personal information so that we can:
- Provide you with products and services, and manage our relationship with you
- Contact you, for example, to respond to your queries or complaints, or if we need to tell you something important about our products or services
- Meet our legal obligations and assist government and authorities
- Identify and tell you about other products or services that we think may be of interest to you.
If you do not provide us with your personal information, you may not be able to register or participate in an event, we may not be able to provide you with our services, communicate with you or respond to your enquiries.
How do we collect your personal information?
We will collect your personal information directly from you whenever you interact with us.
We may also collect information from third parties such as our social media platforms and our third party providers and their affiliates: (Register Now, entry Portal), (Chronosoft, event health and safety software), (Photos4Sale, athlete photo services) and any medical or timing service providers for an event.
How do we store and hold personal information?
We store most information about you in computer systems and databases operated by either us or our external service providers. Some information about you is recorded in paper files that we store securely. We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure.
These processes and systems include:
- the use of identity and access management technologies to control access to systems on which information is processed and stored;
- requiring all employees to comply with internal information security policies and keep information secure;
- requiring all employees to complete training about information security; and
- monitoring and regularly reviewing our practice against our own policies and against industry best practice.
We will also take reasonable steps to remove the personal information once we no longer require it for the purposes for which it was collected or for any secondary purpose permitted under the New Zealand Privacy Act.
Who do we disclose your personal information to, and why?
We may disclose personal information to external service providers so that they may perform services for us or on our behalf.
We may also disclose your personal information to others outside our group of companies where:
- we are required or authorised by law to do so;
- you may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances; or
- we are otherwise permitted to disclose the information under the New Zealand Privacy Act
If the ownership or control of all or part of our business changes, we may transfer your personal information to the new owner.
Do we disclose personal information to overseas recipients?
We may disclose your personal information to recipients which are located outside New Zealand. Those recipients are likely to be located in Australia.
Do we use your personal information for marketing?
We will use your personal information to offer you products and services we believe may interest you, but we will not do so if you tell us not too. These products and services may be offered by us, our related companies, our other business partners or our service providers. Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.
Access to and correction of your personal information
You may access or request correction of the personal information that we hold about you by contacting us. Our contact details are set out below. Any such request may require identity verification to ensure the security of your personal information. There are some circumstances in which we are not required to give you access to your personal information. There is no charge for requesting access to your personal information but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material). We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up to date and complete.
Your rights under the EU GDPR if you are located in the European Union
Under the European Union (EU) General Data Protection Regulation (GDPR), as a data subject you have the right to:
- access your data;
- have your data deleted or corrected where it is inaccurate;
- object to your data being processed and to restrict processing;
- withdraw consent to having your data processed;
- have your data provided in a standard format so that it can be transferred elsewhere; and
- not be subject to a decision based solely on automated processing.
Data Subject Rights
We have processes in place to deal with Data Subject Rights requests. Our actions and responsibilities will depend on whether we are the controller or processer of the personal data at issue. Depending on our role as either a controller or processor, the process for enabling Data Subject Rights may differ, and are always subject to applicable law. Please refer to our contact details in this policy if you would like to make a Data Subject Rights request or have a specific need for assistance with a Data Subject Rights request.
If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us. We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation. If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Privacy Commissioner https://privacy.org.nz for guidance on alternative courses of action which may be available.
Changes to this policy
From time to time, we may change our policy on how we handle personal information or the types of personal information which we hold. Any changes to our policy will be published on our website. You may obtain a copy of our current policy from our website or by contacting us.