Privacy Policy

1. Introduction

This Privacy Policy explains how RiderRank (“we”, “us”, “our”), operating at riderrank.com, collects, uses, stores, and protects your personal data. It applies to all users of the Platform, including the HQ, Rankings, Missions, Logbook, Intel, and Comms features, regardless of how you access them.

This Policy is issued in compliance with EU Regulation 2016/679 (“GDPR”) and Spanish Organic Law 3/2018 (“LOPDGDD”). It should be read alongside our Terms of Service v1.0 and Cookie Policy v1.0, both available at riderrank.com.

We are committed to handling your personal data with care, transparency, and respect for your rights. If you have any questions about this Policy, please contact us at legal@riderrank.com with the subject line “Data Protection Request”.

2. Data Controller

The data controller responsible for your personal data is:

All data protection correspondence, rights requests, and complaints should be directed to legal@riderrank.com . We will respond within 30 calendar days.

3. Data We Collect

We collect the following categories of personal data, depending on how you use the Platform:

3.1 Identity and Account Data

Username and display name

Profile photograph (if provided)

Email address

Date of account creation

3.2 Usage and Activity Data

Login history and session timestamps

Features accessed (HQ, Rankings, Missions, Logbook, Intel, Comms)

Rankings activity, scores, and Missions completions

Routes viewed, saved, or interacted with

3.3 User-Generated Content

GPX track files and associated route metadata

Route photographs and descriptions

Route chronicles and Logbook entries

Messages sent via the Comms feature

3.4 Geolocation Data

GPS coordinates contained within uploaded GPX files

Route start and end points

We strongly advise all users to trim track start and end points before uploading to avoid inadvertently revealing home addresses, workplaces, or other sensitive locations. RiderRank is not responsible for privacy consequences arising from a user’s failure to anonymise their tracks prior to upload.

Important classification note: GPX files uploaded to RiderRank contain geolocation data relating to motorcycle routes (vehicle trajectory data). They do not constitute data concerning health, physical performance, or any other special category of personal data within the meaning of Article 9 GDPR. RiderRank acknowledges that geolocation data may indirectly reveal personal habits, regular routes, or frequently visited locations. At present, RiderRank does not engage in systematic profiling of user movement.

3.5 Technical Data

IP address

Browser type and version

Device type and operating system

Referring URL and pages visited

Cookie and session identifiers (see Cookie Policy v1.0)

3.6 Communications Data

Emails sent to legal@riderrank.com or info@riderrank.com

Support requests and correspondence

3.7 Store and Transaction Data

When you make a purchase through the RiderRank Store, we collect and process the following additional data:

Full name and delivery address (for fulfilment and shipping)

Order details (product reference, quantity, rank/badge specifications for personalised items)

Transaction identifiers and order history (payment processed by the Store Platform Provider; RiderRank does not store card data)

Platform rank tier at time of order (used to verify eligibility for rank-restricted products)

Transaction data is processed under Article 6(1)(b) GDPR and retained for a minimum of five (5) years in accordance with Spanish tax and invoicing obligations under Ley 58/2003 General Tributaria and Real Decreto 1619/2012. Order data is transmitted to the Store Platform Provider and to the current Fulfilment Partner (producing from Barcelona, Spain). Full details are published at riderrank.com/legal-terms/ .

4. Lawful Basis for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

4.1 Performance of Contract — Art. 6(1)(b)

Processing necessary to provide the Platform services you have requested, including account creation and management, hosting your User Content, enabling Rankings and Missions, and facilitating Comms between users.

4.2 Legitimate Interests — Art. 6(1)(f)

Processing necessary for our legitimate interests, provided these do not override your fundamental rights and freedoms. This includes platform security and fraud prevention, abuse detection and enforcement of our Terms of Service, and defence of legal claims. Note: analytics processing (including Google Analytics) is based exclusively on consent under Section 4.4, not on legitimate interests.

4.3 Legal Obligation — Art. 6(1)(c)

Processing required to comply with applicable law, including responses to valid court orders, regulatory directives, law enforcement requests, and data breach notification obligations under Article 34 GDPR.

4.4 Consent — Art. 6(1)(a)

Processing based on your freely given, specific, informed, and unambiguous consent. This applies to non-essential cookies and optional marketing communications. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.

Geolocation data contained within GPX files is processed on the basis of your consent, given by the act of uploading. You may delete uploaded content at any time via your account settings.

5. How We Use Your Data

We use your personal data for the following purposes:

To create, manage, and maintain your account

To host, display, and make available your User Content to other registered users

To operate the Rankings, Missions, and Logbook systems

To enforce our Terms of Service and investigate potential violations

To detect, prevent, and respond to security incidents, fraud, and abuse

To analyse Platform usage in aggregate and improve our services

To respond to your enquiries, rights requests, and support requests

To send service-related notifications (account changes, Terms updates, breach notifications)

To comply with applicable legal obligations

To process and fulfil Store orders, including transmitting order data to our Fulfilment Partner

To issue invoices and comply with tax and accounting obligations under Spanish and EU law

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects. RiderRank is not legally required to appoint a Data Protection Officer (DPO) under Article 37 GDPR. All data protection enquiries should be directed to legal@riderrank.com with the subject line “Data Protection Request”.

6. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this Policy, in accordance with Article 5(1)(e) GDPR:

Upon account closure or a valid erasure request, we will delete or anonymise your personal data within the periods set out above, unless retention is required by law or necessary for the defence of legal claims.

7. Data Sharing and International Transfers

7.1 Who We Share Data With

We do not sell, rent, or trade your personal data. We may share your data with:

Data processor service providers (cloud hosting, analytics, email delivery, e-commerce) acting under data processing agreements compliant with Article 28 GDPR. This includes the current Store Platform Provider operating shop.riderrank.com and the current Fulfilment Partner. Full details are published at riderrank.com/legal-terms/ .

Competent authorities (courts, regulators, law enforcement) where required by applicable law or a valid legal order

A successor entity in the event of a merger, acquisition, or sale of assets, with advance notice to you

7.2 International Transfers

RiderRank is based in Spain and its main Platform infrastructure is hosted within the EEA. Where the Store Platform Provider or any other third-country recipient is not covered by an EU adequacy decision, transfers are governed by Standard Contractual Clauses (SCCs) under Commission Decision 2021/914. The identity, country of establishment, and applicable transfer mechanism of the current Store Platform Provider are published at riderrank.com/legal-terms/ . The current Fulfilment Partner produces from Barcelona, Spain (EEA) — no international transfer of production data takes place at present.

You may request details of the specific transfer mechanisms applicable to our service providers by contacting legal@riderrank.com .

8. Your Rights Under GDPR

Under Articles 15 to 21 GDPR and the LOPDGDD, you have the following rights in relation to your personal data:

To exercise any of these rights, contact us at legal@riderrank.com with the subject line “Data Protection Request”. We will respond within 30 calendar days. You also have the right to lodge a complaint with the AEPD at aepd.es , or with the supervisory authority in your country of habitual residence.

9. Data Security

RiderRank implements appropriate technical and organisational measures pursuant to Article 32 GDPR to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures are reviewed and updated regularly in line with industry standards.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 GDPR, and notify the AEPD within 72 hours pursuant to Article 33 GDPR.

No transmission over the internet is completely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security of data transmitted to or from the Platform.

10. Minors

The Platform is not directed at, nor intended for use by, persons under the age of 18. We do not knowingly collect personal data from minors. If we become aware that personal data has been collected from a minor without verifiable parental consent, we will take immediate steps to delete such data. If you believe we have inadvertently collected data from a minor, please contact us immediately at legal@riderrank.com .

11. Cookies

The Platform uses strictly necessary cookies and, with your consent, optional analytics and third-party map cookies. Full details of the cookies we use, their purpose, duration, and how to manage your preferences are set out in our Cookie Policy v1.0, available at riderrank.com/cookie-policy-eu/ .

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or our services. When material changes are made, we will update the “Last Updated” date and notify registered users via their registered email address. Where required by law, we will seek fresh consent.

Your continued use of the Platform after the effective date of any updated Privacy Policy constitutes your acknowledgement of the updated Policy. If you do not accept the updated Policy, you must cease using the Platform and may request deletion of your account.

13. Contact

For all data protection matters: