Warsaw Running Club

Privacy Policy

Warsaw Running Club

Last Updated: August 7, 2025

Welcome to the Warsaw Running Club website ("we," "us," or "our"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit or use our website. We are committed to safeguarding your privacy and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) as implemented in Poland (RODO), the Polish Personal Data Protection Act, and other relevant regulations.

Warsaw Running Club is an informal, unregistered group offering free participation in running events followed by optional coffee meetups. We do not conduct commercial activities, process payments, or generate revenue. For any questions regarding this Privacy Policy, please contact us at contact@warsawrunningclub.pl.

1. Data We Collect

We collect the following personal data from users of our website:

  • Name: Your first name or full name (optional, provided during registration).
  • Username: Required to create a unique public identity.
  • Instagram Username: Optional, for social visibility.
  • Profile Photo: Optional, used for profile display.
  • Email Address: To enable account registration, login, and communication.
  • Password: Encrypted and inaccessible to us, used for secure account authentication.
  • Event Registration Information: Details of your participation in specific runs (e.g., sign-up or cancellation status).
  • Chat Messages: Content of private messages exchanged via our chat feature.
  • Friends List: Social graph based on user interactions (e.g., added friends).
  • Consent Preferences: Acceptance of this Privacy Policy and Terms of Service, optional consent for marketing communications or cookies.
  • Usage Data: IP address, browser type, device information, pages visited, and interaction with the website, collected via Google Pixel, Facebook Pixel, and CookieYes.

We do not process payment data, as participation in our events is free, and any coffee purchases are handled directly with partnered cafés.

2. How We Collect Your Data

We collect your personal data in the following ways:

  • Directly from you when you register, update your profile, or communicate with us.
  • Automatically through cookies, tracking technologies, and usage analytics.

We use a cookie consent banner to obtain your permission for non-essential cookies and tracking technologies.

3. Purpose and Legal Basis for Processing Your Data

We process your personal data for the following purposes:

  • Account Management and Event Registration: To create and manage your account and facilitate run participation (Art. 6(1)(b) GDPR).
  • Profile and Social Features: To enable public profile creation, view other profiles, manage friend connections, and use chat (Art. 6(1)(b) GDPR; Art. 6(1)(f) GDPR for optional social interactions).
  • Communication: To respond to inquiries and provide updates about runs (Art. 6(1)(b) GDPR; Art. 6(1)(f) GDPR).
  • Marketing: To send you updates or promotions about Warsaw Running Club activities, only with your explicit consent (Art. 6(1)(a) GDPR).
  • Website Analytics and Improvement: To analyze usage trends and enhance our website via Google Pixel and Facebook Pixel, subject to your consent (Art. 6(1)(a) GDPR; Art. 6(1)(f) GDPR).
  • Cookie Management: To manage cookie preferences and ensure legal compliance via CookieYes (Art. 6(1)(c) GDPR).

4. Cookies and Tracking Technologies

We use the following cookies and tracking technologies:

  • Necessary Cookies: Essential for website functionality (e.g., session management), managed by CookieYes. No consent required (Art. 6(1)(b) GDPR).
  • Analytics Cookies: Google Pixel collects usage data with your consent (Art. 6(1)(a) GDPR).
  • Marketing Cookies: Facebook Pixel tracks interactions for insights, with your consent (Art. 6(1)(a) GDPR).

Cookie preferences can be managed at any time via the CookieYes banner. See our Cookie List in the banner for more details.

5. How We Store and Process Your Data

Your personal data is stored and processed using the following services:

  • Firebase (Google Cloud Platform): For hosting, authentication, database storage (Firestore, Storage), media storage (profile photos), messaging (chat), and general backend functionality. Data may be stored in the EEA or transferred to the US under appropriate safeguards (e.g., SCCs).
  • Zoho Mail: For email communication. Compliant with GDPR via EU data centers or SCCs.
  • Google Pixel: For website analytics, processed globally with anonymization and consent.
  • Facebook Pixel: For marketing insights, processed by Meta in compliance with GDPR.
  • CookieYes: For cookie consent management, hosted in the EEA with GDPR-compliant security.

6. Data Retention

We retain your personal data as follows:

  • Account Data: Until you delete your account; then removed within 30 days, unless required to retain longer.
  • Chat Messages and Friends List: Retained while your account is active or until deletion; subject to request-based removal.
  • Usage Data: Retained up to 26 months (Google Pixel) or per Meta's policy (Facebook Pixel), unless you withdraw consent earlier.
  • Consent Records: Stored for up to 5 years to demonstrate GDPR compliance.

7. Sharing Your Data

We share your personal data only with:

  • Firebase (Google): Our primary data processor for backend and hosting services.
  • Zoho Mail: For email support.
  • Google: For analytics (Google Pixel).
  • Meta (Facebook): For marketing analytics.
  • CookieYes: For cookie preference management.
  • Legal Authorities: When required by law or to protect our rights.

We do not sell your personal data or share it with third parties for their own marketing purposes.

8. Your Rights

You have the following rights under GDPR/RODO:

  • Access: Obtain a copy of your data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Delete your account and associated data.
  • Restriction: Limit processing in certain circumstances.
  • Objection: Object to processing based on legitimate interest.
  • Data Portability: Request your data in a machine-readable format.
  • Withdraw Consent: Revoke your consent at any time (e.g., for cookies or marketing).

You can manage your data and preferences directly in your account settings or by contacting us at contact@warsawrunningclub.pl. We will respond within one month, free of charge, unless the request is complex or repetitive.

9. International Data Transfers

Data processed by Google (Firebase, Google Pixel) and Meta (Facebook Pixel) may be transferred outside the EEA. We ensure compliance through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • EU-US Data Privacy Framework, if applicable.
  • Additional Safeguards, such as data anonimization and encryption.

10. Contact Us

For questions or concerns about this Privacy Policy or your data rights, please contact us at:

E-mail: contact@warsawrunningclub.pl

We do not currently have a designated Data Protection Officer (DPO), as our informal club does not meet the threshold requiring one under GDPR. However, we are committed to protecting your privacy and responding promptly.

11. Complaints

You have the right to lodge a complaint with a supervisory authority. In Poland:

  • Urząd Ochrony Danych Osobowych (UODO)
  • Address: ul. Stawki 2, 00-193 Warsaw, Poland
  • Website: www.uodo.gov.pl
  • Phone: +48 606 950 000

You may also contact the supervisory authority in your country of residence or where the alleged infringement occurred.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal obligations. Updates will be posted on our website with a revised "Last Updated" date. Where changes are material, we will notify you in advance via email or website banner.

Thank you for trusting Warsaw Running Club with your data. We're here to ensure your experience is safe and enjoyable!