Last updated: 17 January 2023

This page sets out our privacy policy, including how we collect and process data received from you on our website and mobile apps.
This privacy policy references the EU GDPR (190/2018). For the avoidance of doubt, this relates to the RO version of the EU General Data Protection Regulation 2016/679, concerning the protection of natural persons with regards to the processing of personal data.
We have made every effort to keep our policy clear, open and simple - please read carefully to understand our practices and policies regarding your personal data.

Who controls and processes your data

The Corporate Challenges website, iOS and Android apps (collectively “Step Challenge”) are a commercial product and service operated by Wellington Consulting S.R.L., a company incorporated in România with company registration number RO34646201, J40/7158/2015. Wellington Consulting S.R.L. processes your data on behalf of our customer, the controller.
Our contact details are:

• Website Address: https://corporatechallenges.ro.
• Company Name: Wellington Consulting S.R.L.
• Registered Address: Str. Traian Vasile Nr. 67, camera 1, etaj 2, ap 3, sector 1, Bucharest, România
• Our Data Protection Officer can be contacted at privacy@corporatechallenges.ro

 

What we may collect

We may collect and process the following data about you through our website and mobile apps:

• Information you put into forms and input fields.
• A record of any correspondence between us.
• Details of transactions you carry out through our site, as an organiser.
• Information about your device (e.g. your IP address, web browser, operating system) for system administration, debugging and aggregate reporting. We take the privacy and security of your data seriously, and we are bound under EU GDPR to ensure that your personal data is processed lawfully, fairly and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following core bases applies:
• You have given consent to the processing of your personal data for one or more specific purposes;
• Processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
• Processing is necessary for compliance with a legal obligation to which we are subject;
• Processing is necessary to protect the vital interests of you or of another person;
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
• Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our payment processors, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data. Our legitimate interests are mainly to provide the service to you and our customers.
• We are processing the data as processor on behalf of your challenge organiser, being the controller (in such case it would be the latter’s responsibility to have one of the appropriate lawful bases as listed above).

Invites

We have an invitation by email system which allows registered team leaders to invite you by your email address. We do not store a human-readable version of your email address if it is used for an invitation, and we do not process or share this information for any other purpose. Invitation links automatically expire and you will only be sent one email per team invite. All invitation emails to non-registered users include a global unsubscribe link, allowing you to reject all future invite emails from the organisation's challenge.

Google Fit

Our Android app gives you the option to connect with the Google Fit health-tracking platform. We use this to collect and process your step count data, but we will only collect this data while we have your permission to do so. This feature can be disabled by you at any time and we will only attempt to collect new data while the app is running. Our use of the information received from Google Fit will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
 
 

Cookies

Our website uses cookies or similar technology to collect information about your access to the site. Cookies are pieces of information that include a unique reference code that a website transfers to your device to store and sometimes track information about you.
A few of the cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to the site and will last for longer. 
You can prevent the setting of cookies by adjusting the settings on your browser. Please note however, that by blocking or deleting cookies you may not be able to take full advantage of the site.
Our cookies will be used for:
Essential session management

• Creating a specific log-in session for a user of the site in order that the site remembers that a user is logged in and that their page requests are delivered in an effective, secure and consistent manner;
• Recognising when a user of the site has visited before allowing us to identify the number of unique users we receive to the site and make sure we have enough capacity for the number of users that we get;
• Recognising if a visitor to the site is registered with us in any way;
• Logging information from your computer including the existence of cookies, your IP address and information about your browser program in order to allow us to diagnose problems, administer and track your usage of our site.

Functionality

• Customising elements of the promotional layout and/or content of the pages of the site;
• Displaying our live chat and help widget and your conversation history with us;
• Determining whether to show current service issues or incidents.

 
Performance and measurement

• Collecting statistical information about how our users use the site so that we can improve the site and learn which parts are most popular to users.

How we use the data we collect

We use information about you to:

• Present site content effectively to you.
• Carry out our service with your challenge organiser.
• Facilitate communications between your challenge organiser and you (e.g. so you can receive challenge information and updates).
• Invite you to join a team on behalf of a registered user.
• Contact you about errors, bugs or system issues or if the challenge organiser, our customer, has asked us to contact you.
• Allow your challenge organiser to send you updates via email/notifications during the challenge (unless you unsubscribe).

If you don't want to be contacted with updates, please tick the relevant box that you will find within your settings.
In addition, if you don’t want us to use your personal data for any of the other reasons set out in this section and policy, you can let us know at any time by contacting us at privacy@corporatechallenges.ro, and we may delete your data from our systems. However, you acknowledge this will limit our ability to provide our services to you, both now and in the future.
In some cases, the collection of personal data may be a statutory or contractual requirement, and we will be limited in the services we can provide you if you don’t provide your personal data in these cases.
Your personal information, including name, email address and all other profile information, will be passed to the data controller / challenge organiser (i.e. the organisation, business or group which purchased the licence for your use of Corporate Challenges) . We are not liable for the organiser’s use of your data outside of our system, and you should contact them if you have any concerns about their use of your data.

Where we store your data

We store your collected data on servers within the România and European Economic Area (EEA). Your data will not be transferred and processed outside of the RO and EEA to countries which are not governed by data protection. We make every reasonable effort to keep your data secure. In addition, we adopt appropriate safeguards to require that your data will remain protected and your rights are upheld.
We only keep your personal data for as long as we need to in order to use it as described above, and/or for as long as we have your permission to keep it.
In respect of users on Corporate Challenges, it is our policy to retain user data in our systems until termination of our agreement with the challenge organisation to which the user relates. After termination, we then delete – or at least render anonymous – that user data. We may delete such user data sooner upon request.

When we disclose your information

We disclose your data and personal information in the following cases:

• If our company is purchased, we will disclose your information to the buyer.
• We disclose and present your information to the challenge organiser - i.e. the organisation, business or group which purchased the licence for your use of Corporate Challenges.
• We can disclose if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights.
• We can exchange information with others to protect against fraud or criminal activity.

We also contract trusted third parties to supply certain services in order for us to provide Corporate Challenges to you. These may include payment processing, search index tools, reporting, email delivery providers and our accounting software. In some cases, third parties may require access to some or all of your data and personal information. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data is handled safely, securely and in accordance with your rights, our obligations and the obligations of the third party under EU GDPR and any applicable data protection laws.
Third parties we use which may have access to some of your information include:

• Data Storage, Hosting + Backups: H88 Web Hosting S.R.L.
• Email Delivery: Sendinblue (Sendinblue.com)

Your rights

You can ask us not to use your data for communications or marketing. You can do this by ticking the relevant boxes on our forms, or by contacting us at any time at privacy@corporatechallenges.ro.
Under the EU GDPR, you have the right to:

• Request access to, deletion of or correction of, your personal data held by us at no cost to you;
• Request that your personal data be transferred to another person (data portability);
• Be informed of what data processing is taking place;
• Restrict processing;
• Object to processing of your personal data; and
• Complain to the relevant supervisory authority.

To enforce any of the foregoing rights or if you have any other questions about our site or this Privacy Policy, please contact us at privacy@corporatechallenges.ro.

Links to other sites

Please note that our terms and conditions and our policies will not apply to other websites that you visit via a link from our site, nor to websites who link to our service. We have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.