At rowsandall.com we take your privacy very seriously. In order to provide access to the service we must collect and store some personal information about you.
Children under 16 years of age are not permitted to access the services provided by rowsandall.com. By agreeing to this privacy policy you are also agreeing that you are 16 years of age or older.
What is collected? Rowsandall.com may collect and use the following kinds of information:
Basic profile information is collected from you when you create your account including your full name and email address. As you use the site, information about the users, workouts, charts and other resources you interact with will also be stored and linked to your profile information.
Explicitly, the following information is collected:
The data protection officer for rowsandall.com is Sander Roosendaal and he may be contacted at support@rowsandall.com.
Some actions on the site result in an individual email sent to you.
We will rarely use mass email to communicate to all our users. These cases are limited to substantial changes in terms and conditions and other announcements impacting the terms on which you use the site. We will it is important to get these messages to you. If you do not with to receive such emails, you can indicate so in the user settings ("Get Important Emails" under "Account Information").
Other site related communication (new features, outages, bugs, price changes) are communicated through announcements on the website, through Twitter, Facebook and our blog posts.
If you have previously consented to allow rowsandall.com to store and process your personal data in accordance with this privacy policy, and you wish to withdraw your content, you can do one of the following:
All the data mentioned in the previous section are stored in files and in a database, hosted on our hosting provider's servers. Our hosting provider is creating backups of those data. The database backups are retained for 7 days. File backups are retained for 30 days. However, the file names or content do not contain any links to the users. The link to the file is stored under the user data in the database, so once a database entry is removed, there is no way to link a file with data to a particular user.
When a user requests deletion of the data, his account and all data linked to his account are removed from the database and the files are deleted. This includes all data mentioned in the previous section. In backups, database entries will be removed after 7 days and files after 30 days.
Data deletion can be initiated by the user through the button on the user settings page.
The site uses SSL to encrypt data transferred between the server and the client (web browsers, mobile apps, third party sites). Any forms are secured from Cross Site Request Forgery (CSRF) using Django's CSRF middleware.
We have a double defense against reading or editing of personal data. First, we ensure that all "protected" views are only visible to logged-in users. Only logged-in users have buttons leading to the private parts of the site. As a second step, protecting against guessing of URL, before serving data from the database, we check explicitly that the data is owned by the user in question, redirecting unauthorized requests to a "Permission Denied" page. Private data is collected through POST requests to prevent them from being visible in URL data.
rowsandall.com will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
In case of loss, misuse or alteration of your personal information, we will inform you without undue delay and take measures to prevent further misuse. In particular, we will deactivate your account, which will not delete the data but make them inaccessible even for people who obtained the password (including yourself). We will await your instructions. If no instructions are received within 7 days of contacting you, your account and all your data will be removed.
Only the data owner and the site administrator can edit and/or delete the data. Per our data policy, the site administrator will not alter or delete any data owned by users, unless requested so. As data are not stored on servers that are physically owner by us, or by our hosting provider, but we use rented server space, we are technically sharing the information to agents or sub-contractors.
Where rowsandall.com discloses your personal information to its agents or sub-contractors for these purposes, the agent or sub-contractor in question will be obligated to use that personal information in accordance with the terms of this privacy statement. Our hosting provider is based in the European Union and is bound by the same GDPR regulation as we are.
In addition to the disclosures reasonably necessary for the purposes identified elsewhere above, rowsandall.com may disclose your personal information to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights.
Workout data and charts based on workout data can be shared to anyone by sharing the URL. Workouts have an option to be set to "private", in which case the data are not visible to anyone except the owner. The site is not searchable for data other than your own data, so there is no way for other people to track your workouts, unless you share them.
Cross-border data transfers. Information that rowsandall.com collects may be stored and processed in and transferred between any of the countries in which rowsandall.com operates to enable the use of the information in accordance with this privacy policy. In addition, personal information that you submit for publication on the website will be published on the internet and may be available around the world. You agree to such cross-border transfers of personal information.
We use PayPal and Braintree (a PayPal service) to process payments. Your payment information, such as credit card information, is not stored on our servers, but is stored in a secure vault at our payment processors PayPal and Braintree, and processed and controlled by them.
On rowsandall.com, users with the paid "Coach" plan can establish teams or groups and invite other users to become part of the team or group. The purpose of a team or group is to share workout and training plan data between the coach and the team or group members. In terms of sharing behavior, there are two types of teams or groups:
By accepting an "invitation" to become a member of a team or group, or by requesting to become part of a team or group, you agree to automatically share all your workout data (including workouts done prior to becoming a member of the team or group) to the team or group manager (coach) and, depending to the team or group policy, to other members of the team or group. When you leave a team or group, all your workout data will immediately become invisible to those who had access to it during your team or group membership, including workouts that cover the period of time when you were member of the team or group. As a member of a team or group, you may grant the team or group manager permission to edit workout data on your behalf, including the creation of charts and cross workout analysis. This includes permission to edit your heart rate and power settings, as well as functional threshold information and the account information accessible on your settings page under the header "Account Information". The team or group manager is not able to access or change your passwords, team or group memberships, favorite charts, export settings, workflow layout, or secret tokens. Also, the team or group manager is not able to download all your data, nor can he deactivate or delete your account.
Each team or group member is bound by this privacy policy and the GDPR regulation of the European Union regarding the personal data of other team or group members that he has access to. By accepting an invitation to a team or group, the new member agrees to limit the use of these data strictly to the allowed use according to this privacy policy and the GDPR.
Team Or Group managers can access requests of users to be added to one of their teams or groups. He can request or receive permission to edit an athlete's data and run analysis on an athlete's behalf as described above. By requesting or receiving these permissions, the manager accepts the responsibilities and duties associated with access to personal data of the new team or group member. He is bound by this privacy policy and the GDPR regulation of the European Union regarding the personal data that he has access to.
In case that a team or group manager wants to change the sharing behavior of one of his teams or groups from "Coach Only" to "All Members", he has to inform all impacted team or group members in due time. He shall give team or group members a minimum of three days to decide whether they agree with the new sharing policy, and collect the consent of the team or group members with the new sharing policy. The team or group manager must remove team or group members who did not give their active consent to the new policy from his team or group. If a team or group member has not responded within 7 days of being notified, the team or group manager will understand this as "no consent" and remove the team or group member.
When notified of a change in team or group sharing behavior by the team or group manager, the team or group member has to decide whether he agrees. In case of disagreement, he shall revoke his team or group membership within less than 7 days of being notified.
This site offers functionality to synchronize your data with other fitness sites. By clicking on the share or connect button (link, or equivalent) you agree to share information between rowsandall.com and the other website. Rowsandall.com is not responsible for the privacy policies or practices of any third party. Sharing the data to third party sites is at your own risk and you should ensure that the third party has suitable GDPR compliant measures in place.
If a user is not active on the site for 12 months, we will make deactivate the account. After 18 months, the account is deleted.
The data will be retained for the duration of the owner's membership, or 18 months after the user's last activity on the site.
Through the "download your data" link on the user settings page, each user can download all workout data. Stroke data can be downloaded through links in the downloaded workout data file.
Your personal data are shown on the user settings page. Send an email to support@rowsandall.com if you wish to obtain a full record of all the personal data relating to you that has been collected in accordance with this privacy policy.