RiderHQSIGN IN

GDPR

APR 2018

There's been a lot of talk about the new GDPR regulations which come into force on 25th May, here are some details on GDPR and RiderHQ.

GDPR extends existing UK Data Protection Law and adds some additional requirements. The ICO link and pages provide a good overview.

Under GDPR, RiderHQ are a Data Processor, whereas event organisers and / or group administrators are Data Controllers.

As data processors we make the following undertakings to data controllers:

  1. To provide you with tools and service which allow you to meet your obligations under the GDPR
  2. Not to export your data outside the European Economic Area. (We may store your data in several data centres for availability/disaster recovery reasons, but all will be located within the EEA).
  3. To operate strong security controls for RiderHQ personnel accessing customer data and do not allow the use of data other than for the purpose of supporting you or maintaining our service.
  4. To provide for the export of your data from RiderHQ in a reasonable format (e.g. Spreadsheet / CSV).
  5. To remove your data from RiderHQ within a reasonable time frame upon your request
  6. Not to share your data with third parties without your knowledge or consent other than as required for provision of our service.
  7. To notify you in the event of a breach or compromise of your data

Data Segregation

In RiderHQ we have always segregated information (data collected via entry forms or membership forms) by the organisation on whose behalf the data is collected. The organisation has access to the information, but it is not shared with other organisations or accessible to them.

Tools

We provide the means for both organisations and their customers to view the data they have entered on RiderHQ. We also provide tools which allow editing and correcting information. Finally, we provide the means to delete information held about customers.

One thing to consider as an organiser, is whether you should modify your entry forms and or membership forms to explicitly state how you intend to use customer data and to request permission for any usages for which you need it. Here is some detail on the different lawful bases for processing that might apply. it may be the case that entry form data are necessary in order to run an event safely (for example next of kin information or age and medical information) and therefore you may not require separate permission for this use.

Some of the tools we provide which are relevant to GDPR:

  • Secure storage of data and protected access to data (for example, all data is served over https)
  • Access to edit and correct data for both organisers and customers (organisers can grant permission to edit data directly to customers or switch this off and perform edits themselves)
  • Ability to delete data when no longer needed
  • Ability to edit entry and membership forms to include statements about use of data and to request permission for processing.
  • Ability to amend entry form information (for example to withdraw consent)
  • Ability to filter by answers to these requests in order to restrict processing to just customers who have given consent.
  • Date information about when data were collected and consent given. 

 Contact us if you need more information or have any concerns.