Introduction

Our privacy policy explains the information we collect and how we use it. Twenty Peaks is headquartered in Israel and our services are provided to you by Twenty Peaks. If you are a resident of the European Economic Area (“EEA”), Twenty Peaks is the controller of your personal data for the purposes of General Data Protection Regulation (GDPR).
Twenty peaks
Kerem Ben Shemen
7311100
Israel
info@twentypeaks.com


Information Twenty Peaks Collects

Twenty Peaks collects information about you, including information that directly or indirectly identifies you, if you choose to share it with Twenty Peaks. We receive this information when you open an account, enroll to one of our editions, provide information necessary for the purpose of shipping items to you, such as your address, and when you connect your Twenty Peaks account to third party services to automatically upload your activities with them to the Twenty Peaks platform. Twenty Peaks also collects information about how you use the services.

Account, Profile, Activity, and Use Information

We collect basic account information such as your name, email address, date of birth, gender, username and password that helps secure and provide you with access to our services. Profile, activity and use information is collected about you when you choose to upload a picture, join an edition or upload activity (including date, time and geo-location information as well as your speed). We use your contact information so we can respond to your support requests and possibly deliver items to you as part of your enrollment to one or more editions.

Location Information

We collect and process location information arriving from third party services you use to register and track your activities only upon your consent by you actively connecting such third party services to your Twenty Peaks account. We do not track your location directly at any time.

Content You Share

We gather information from the photos and comments you share on the platform.

Connected Devices and Apps

Twenty Peaks collects information from devices and apps you connect to Twenty Peaks. For example, you may connect your Garmin cycling computer or Strava account to Twenty Peaks and information from these devices and services will be passed along to Twenty Peaks.

Payment Information

When you make a payment on Twenty Peaks, you may provide payment information such as your payment card or other payment details. We use Payment Card Industry compliant third-party payment services and we do not have access to nor we store your credit card information.

Contacts Information

Twenty Peaks does not collect nor store your contacts information.

Technical Information and Log Files

We collect information from your browser, computer, or mobile device, which provide us with technical information when you access or use the services. This technical information includes device and network information, cookies, log files and analytics information.

How Twenty Peaks Uses Information

Twenty Peaks uses the information we collect and receive to operate the services and to customize your experience. For example, with your consent we use your activities recorded by third party services to verify the climbs that you have ridden and give you credit for them on Twenty Peaks. Part of the information you provide in your profile, such as your name, photo and age will show up on the Twenty Peaks website for example, on a certain climb page that you have performed or on the standings page (individual or club).
We also use the information we collect to process payments, provide support related to the services and to communicate with you (including to send marketing material) where you have opted in to receive such messages.
We also use the information we collect to analyze, develop and improve the services. To do this, Twenty Peaks may use third-party analytics providers to gain insights into how our services are used and to help us improve the services.
We may also use the information we collect to market and promote the services, activities on Twenty Peaks, and other commercial products or services. This includes customizing your Twenty Peaks experience. For example, we may tell you about new in-season challenges that involve climbs close to you or show you sponsored content related to cycling.

Aggregate Information

We do not sell your personal information. Twenty Peaks may aggregate the information you and others make available in connection with the services and post it publicly or share it with third parties. Examples of the type of information we may aggregate include information about equipment, usage, demographics, routes and performance. Twenty Peaks may use, sell, license, and share this aggregated information with third parties for research, business or other purposes such as to help our partners understand more about athletes, including the people who use their products and services.

Personal Information

In addition to sharing aggregated data about our members as described above, we may also share personal information only to the extent needed to run our business and provide the services as detailed below, and where required for legal purposes.

Service Providers

We may share your information with third parties who provide services to Twenty Peaks such as supporting, improving, promoting and securing the services, processing payments, or fulfilling orders. These service providers only have access to the information necessary to perform these limited functions on our behalf and are required to protect and secure your information. We may also engage service providers to collect information about your use of the services over time on our behalf so that we or they may promote Twenty Peaks or display information that may be relevant to your interests on Twenty Peaks or other websites or services.

Publicly Available Information

When you join the Twenty Peaks community, your profile and your activities are set to be viewable by everyone by default. Your name and other profile information is viewable by other Twenty Peaks members and the public, subject to your privacy controls. For example, your name and photo may show up on a climb page if you have ridden that specific climb.

Affiliates and Acquirors of our Business or Assets

We may share your information with affiliates under common control with us, who are required to comply with the terms of this Privacy Policy with regard to your information. If Twenty Peaks becomes involved in a business combination, securities offering, bankruptcy, reorganization, dissolution or other similar transaction, we may share or transfer your information in connection with such a transaction.

Legal Requirements

We may preserve and share your information with third parties, including law enforcement, public or governmental agencies, or private litigants, within or outside your country of residence, if we determine that such disclosure is allowed by the law or reasonably necessary to comply with the law, including to respond to court orders, warrants, subpoenas, or other legal or regulatory process. We may also retain, preserve or disclose your information if we determine that this is reasonably necessary or appropriate to prevent any person from death or serious bodily injury, to address issues of national security or other issues of public importance, to prevent or detect violations of our Terms of Service or fraud or abuse of Twenty Peaks or its members, or to protect our operations or our property or other legal rights, including by disclosure to our legal counsel and other consultants and third parties in connection with actual or potential litigation.

How We Protect Information

We take several measures to safeguard the collection, transmission and storage of the data we collect. We employ reasonable protections for your information that are appropriate to its sensitivity. The services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of personal information. Twenty Peaks engages providers that are industry leaders in online security to strengthen the security of our services. The services are registered with site identification authorities so that your browser can confirm Twenty Peaks’s identity before any personal information is sent. In addition, Twenty Peaks’s secure servers protect this information using advanced firewall technology.


Managing Your Settings

Privacy Controls

Twenty Peaks offers several settings to help you manage your privacy and share your activities. These privacy controls are located in your private area page.

Adjust Email Preferences

You can choose to opt in or out from receiving certain emails and notifications by indicating your preference in your private area on the Twenty peaks website. You may also unsubscribe by following the instructions contained at the bottom of each email. Any administrative or service-related emails (to confirm a purchase, or an update to this Privacy Policy or our Terms of service, etc.) do not offer an option to unsubscribe as they are necessary to provide the services you requested.

Updating Account Information

You may correct, amend or update profile or account information at any time by adjusting that information in your account settings. If you need further assistance correcting inaccurate information, please contact Twenty Peaks at info@twentypeaks.com. Twenty Peaks will generally respond to your request within 10-14 business days.

Deleting Information and Accounts

You can delete your account at any time. To request that your account is deleted, select this option in your private area.
After you make a deletion request, we permanently and irreversibly delete your personal data from our systems, including backups. Once deleted, your data, including your account, activities and place on individual or club standings cannot be reinstated. Following your deletion of your account, it may take up to 90 days to delete your personal information and system logs from our systems. Additionally, we may retain certain or all information to comply with the law and take other actions permitted by law.
Note that content you have shared with others, such as photos, or that others have copied may also remain visible after you have deleted your account or deleted specific information from your own profile. Your public profile may be displayed in search engine results until the search engine refreshes its cache.

Your Legal Rights in the EEA

If you are habitually located in the EEA, you have the right to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. Learn more.

Our Legal Bases

Twenty Peaks relies on a number of legal bases to collect, use, share, and otherwise process the information we have about you for the purposes described in this Privacy Policy, including:
• as necessary to provide the services and fulfill our obligations pursuant to the Terms of Service. For example, we cannot provide the services unless we collect and use your location information;
• where you have consented to the processing;
• where necessary to comply with a legal obligation, a court order, or to exercise and defend legal claims;
• to protect your vital interests, or those of others, such as in the case of emergencies; and
• where necessary for the purposes of Twenty Peaks’s or a third party’s legitimate interests, such as our interests in protecting our members, our partners’ interests in collaborating with our members, and our commercial interests in ensuring the sustainability of the services.

Transfers

The services are operated from the United States. If you are located outside of the United States and choose to use the services or provide information to us, you acknowledge and understand that your information will be transferred, processed and stored in the United States, as it is necessary to provide the services and perform the Terms of Service. United States privacy laws may not be as protective as those in your jurisdiction.

Retention of Information

We retain information as long as it is necessary to provide the services to you and others, subject to any legal obligations to further retain such information. Information associated with your account will generally be kept until it is no longer necessary to provide the services or until your account is deleted. In addition, you can delete some items of information (e.g., profile information) and you can hide activities from view on the services without deleting your account. Following your deletion of your account, it may take up to 90 days to fully delete your personal information and system logs from our systems. Additionally, we may retain information where deletion requests are made to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce the Terms of Service and take other actions permitted by law. The information we retain will be handled in accordance with this Privacy Policy.
Information connected to you that is no longer necessary and relevant to provide our services may be de-identified or aggregated with other non-personal data to provide insights which are commercially valuable to Twenty Peaks, such as statistics of the use of the services as discussed above.

Privacy Policy Information

Twenty Peaks reserves the right to modify this Privacy Policy at any time. Please review it occasionally. If Twenty Peaks makes changes to this Privacy Policy, the updated Privacy Policy will be posted in a timely manner and, if we make material changes, we will provide a prominent notice by email. If you object to any of the changes to this Privacy Policy, you should stop using the services and delete your account.
©2020 Twenty Peaks