Zwift, Inc. GDPR Privacy Policy
Last Updated: May 31, 2023
This Privacy Policy (“Privacy Policy” or “Policy”) explains how Zwift, Inc. (“Zwift,” or “we,” or “us,” or “our”) as a controller, collects and handles your personal data if:
you are an individual located in the European Economic Area (“EEA”) or the United Kingdom (“UK”); and
you interact with us online, including on our websites and applications in order for us to provide you with our virtual cycling and running experiences and other workout games, including, the App Zwift, the Zwift Companion App and Zwift Power, and other services (the “Services”).
This Policy also describes the rights you may have with respect to the personal data we collect about you.
Types of Personal Data We Collect
We collect the following types of personal data about you:
Account registration information: first and last name; username; date of birth; email address; your country, your home or billing address; height and weight; age; gender. We also collect any information you provide to customize your profile, such as what type of sport you perform (i.e. running, cycling or triathlon), what event you are training towards (i.e. sprint/ Olympic, half distance, full distance or no such event planned), and a profile picture or avatar;
Please note that your profile information, including your username, country, gender, age, height and weight is public, so you should exercise caution in deciding what username to use.
Workout information: route, cadence, power, how long you rode or ran, information such as heart rate if you are using a heart rate monitor, total output and calories burned during your workout, elevation gain; participation or registration in cycling events; race results and cycling performance information (e.g., rankings, ride-related information on Zwift power);
Zwift power information will be available to anyone on the internet, including members and non-members of our Services, and may appear in search engine results.
Chat information: contents of in-app chats and other communications with Zwift users, including giving other users a “Ride On” (like a “thumbs up”), find and follow other users, and organize virtual meet ups;
Commercial information: information regarding the Services with which you engage, participation in Zwift Academy and other events; in-app shopping histories including products ordered or considered. We collect any other information you provide to us, such as information you provide when you sign up for an event, fill out a form, participate in a survey or contest, communicate with us via third party social media sites, or request customer support;
Payment information: where you subscribe to the Services or make a purchase, your method of payment and payment-related information;
Internet or other electronic activity information: when you access our Services, we automatically collect information about you, including:
Log information: the type of browser you use, app version, access times, pages viewed, your IP address and the page you visited before navigating to our Services;
Device information: the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information;
Information collected by Cookies and Other Tracking Technologies: Zwift and its partners may use cookies, clear GIFs (also known as web beacons, web bugs or pixel tags), and other tracking technologies to collect information about you and your interaction with our Services. For more information about the types of cookies we use and our reasons for using them, as well as your choices concerning cookies, please visit our Cookie Policy;
Audio and visual information: recordings of customer service calls for quality assurance purposes; information about screenshots you take;
Social media information: if you create or log into your account through a social media site or ask another fitness service to share information with us, we will have access to certain information from that site or service, such as your name, account information, and friends lists, in accordance with the authorization procedures determined by such social media or fitness site or service;
Special categories of personal data: health-related information such as your heart rate.
Please note that we do not process your personal data on the basis of any automated decision-making including profiling.
Other Sources of Personal Data
If you create or log into your account through a social media site or ask another fitness service to share information with us, we will have access to certain information from that site or service, such as your name, account information, and friends lists, in accordance with the authorization procedures determined by such social media or fitness site or service.
Purposes for Collection of Personal Data
Please see Appendix 1 for details of the purposes for which we process your personal data and the legal basis we rely on for such processing.
Consequences of Not Providing Your Personal Data
Where we require your personal data to comply our legal or contractual requirements, failure to provide this information means we may not be able to provide Services to you.
Disclosure of Your Personal Data
Sharing with Other Zwift Users
Part of the fun of Zwift is connecting with other users around the world. So, when you use our Services, we share information about you with other users. This includes your Account registration information and Workout information. This information is available to other users both while you workout and after, and your workout may be broadcast on a service like Twitch TV or YouTube by Zwift or by other users. In addition, your posts on message boards and in discussion rooms will be visible to Zwift and other Zwift users.
Sharing Outside of Zwift
Our Services may also allow you to share your information outside of Zwift. For instance, you may integrate your Zwift account with third-party fitness apps such as Strava, Fitbit, Garmin, and others. When you integrate with other services in this manner, we will share information in accordance with your interactions and preferences which can be managed through the Companion App. In addition, you may choose to share your profile and workout information with select Zwift partners, for the purposes of results, rankings or racing on the Zwift platform, including with CVR World Cup Rankings and WTRL team time trial. We may also share some personal data and statistical information for the purposes of improving our race results and other related services. When you share information in this way, your information may be publicly available.
We may also share your personal data with the following categories of recipients?
With vendors, consultants, and other service providers who need access to such information to carry out work on our behalf, such as for payment processing, third party payment providers, providing customer service, sending marketing communications, fulfilling subscription services, fulfilling orders and delivering packages, reviewing Chat Information via third parties to ensure it complies with our terms of service, conducting research and analysis, providing cloud computing infrastructure and other technology that helps us offer our Services and carry out our business, and other business functions;
In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements;
If we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property, and safety of Zwift or others; and
In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
How We Keep Your Personal Data Secure
We implement and maintain reasonable security appropriate to the nature of the personal data that we collect, use, retain, transfer or otherwise process. However, there is no perfect security, and reasonable security is a process that involves risk management rather than risk elimination. While we are committed to maintaining a reasonable information security program, no such program can be perfect; in other words, all risk cannot reasonably be eliminated. Data security incidents and breaches can occur due to factors that cannot reasonably be prevented. Accordingly, it cannot be assumed that the occurrence of any given incident or breach results from our failure to implement and maintain reasonable security.
Retention of Your Personal Data
We generally retain the categories of personal data we collect for the length of time necessary to provide our Services and to comply with legal obligations or to protect our legal rights.
We retain your personal data, including information about your use of the Services until you delete your account with us or where we are otherwise required to retain the data to fulfil our legal obligations. We will delete Account Registration Information, Financial Information and Device Information and de-identify Workout Information within 30 days of receipt of your deletion request.
Cookies and similar technologies
[Please see our Cookies Policy for further information about how we use cookies, pixel tags, web beacons and other similar tracking technologies]
International Transfers of Your Personal Data
We may transfer your personal data to our affiliates and other third parties located in countries other than where you are located, including in the U.S. where Zwift, Inc. is located and the websites and apps are hosted. Such transfers will be made in accordance with applicable data protection and privacy laws by putting in place appropriate safeguards where required or appropriate.
Your Choices
Account Information
You may update, correct, or delete information about you at any time by logging into your account or emailing us at privacy@zwift.com. If you wish to delete or deactivate your account, please visit https://zwift.com/delete-account and follow the instructions. Note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time.
Cookies
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services. For more information about cookies and how to disable them, please visit our Cookie Policy.
Promotional Communications
We will obtain your consent to send you promotional emails where required by law. You may opt out of receiving promotional emails from Zwift by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as those about your account or updates to our Services.
Mobile Push Notifications/Alerts
With your consent, we may send promotional and non-promotional push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
Your Data Subject Rights
You have certain data privacy rights which may be subject to limitations and/or restrictions. These rights include the right to:
request access to personal data we hold about you;
the correction of your personal data when incorrect, out-of-date or incomplete;
request that we erase your personal data;
object to us using/holding your personal data;
request that we restrict the processing of your personal data;
withdraw your consent at any time where our processing is based on consent by managing your settings in the Zwift Companion App or contacting us at privacy@zwift.com. Please note that this will not impact the validity of such processing based on consent prior to its withdrawal; and
the portability of your personal data (i.e., ask for a copy of your personal data to be provided to you, or a third party in a digital format).
Where our processing is based on your consent and such consent is withdrawn,.
We will respond to your request in writing or orally if requested, as soon as practicable and in any event not more than within one month after receipt of your request. In exceptional cases, we may extend this period by two months and provide you with reasons. We may request proof of identification to verify your request. To enable us to trace any of your personal data that we may be holding, we may need to request further information from you.
If you would like more details in relation to your rights including how to exercise them, please contact privacy@zwift.com.
If you have a complaint about how we have used your personal data, please contact us in the first instance at privacy@zwift.com and we will endeavour to deal with your request. This is without prejudice to your right to lodge a complaint with a competent data protection authority.
Third Party Links
Our Site may, from time to time, contain links to and from the third party websites, including social sharing features and other integrated tools (such as the Facebook “like” button) which let you share actions you take on our Services with other media. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites or services.
Changes to This Policy
We will review and update this Policy from time to time. If changes are made, we will update the Privacy Policy and reflect the date of such modification in the date above. If the changes are material, you will be notified via email or a notice on our website.
Contact Us
If there are any questions regarding this Privacy Policy you may contact us at privacy@zwift.com.
You can also contact us here:
111 West Ocean Blvd. Suite 1800, Long Beach, CA 90802 USA
EU Data Protection Representative
VeraSafe has been appointed as Zwift's representative in the EU for data protection matters, pursuant to Article 27 of the EU GDPR. If you are located in the EEA, VeraSafe can be contacted in addition to Privacy@zwift.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.
Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
Appendix 1 – Purposes and Legal Basis for Processing
| Category of Personal Data | Purpose of Use | Legal Basis for Processing |
|---|---|---|
| Account registration information; Workout information | To create an account and provide the Services | To manage and perform our contract with you (Article 6(1)(b), GDPR) We have a legitimate interest to properly manage and administer our relationship with you and to ensure that we are as effective and efficient as we can be (Article 6(1)(f), GDPR) |
| Account registration information | To provide you with customer support when using the Services, for example by sending you technical notices, updates, security alerts, and support and administrative messages and to respond to your comments, questions, and customer service requests | To manage and perform our contract with you (Article 6(1)(b), GDPR) We have a legitimate interest to properly manage and administer our relationship with you and to ensure that we are as effective and efficient as we can be (Article 6(1)(f), GDPR) |
| Account registration information; Workout information | To establish rider characterization, create rankings and leader-boards, and calculate league points | To manage and perform our contract with you (Article 6(1)(b), GDPR) We have a legitimate interest to properly manage and administer our relationship with you and to ensure that we are as effective and efficient as we can be (Article 6(1)(f), GDPR) |
| Account registration information, such as your name and email address; Audio and visual information | To communicate with you about products, services, offers, and events offered by Zwift and others, and provide news and information we think will be of interest to you | Before we send you certain types of marketing communications, we will only send those types of communications after receiving your consent. If you wish to stop receiving marketing or market research communications from us, you can unsubscribe via the bottom of the relevant email or contact us using the contact details below (Article 6(1)(a), GDPR) We have a legitimate interest to promote our Services, including to inform you about similar products and/or services that you may be interested in. If you wish to stop receiving marketing communications from us, you can unsubscribe via the bottom of the relevant email or contact us using the contact details below (Article 6(1)(f), GDPR) |
| Internet or other electronic activity information; Workout information | To monitor and analyze trends, usage, and activities to improve the Services and to ensure content from the app is presented in the most effective manner for you and your device. | We have a legitimate interest to properly manage and administer our relationship with you and to ensure that we are effective and efficient as we can be (Article 6(1)(f), GDPR) |
| Internet or other electronic activity information; Workout information; Audio and visual information | To administer the Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, and to personalize and improve the Services and provide advertisements, content, or features that match user profiles or interests | We have a legitimate interest to provide a fully functioning Service to you and improve our products and Services (Article 6(1)(f), GDPR) |
| Account registration information; Workout information; Chat information; Device information | To keep the Zwift platform safe and secure by detecting, investigating, and preventing fraudulent transactions and other illegal activities; to protect the rights of Zwift and others | To comply with our legal obligations (Article 6(1)(c), GDPR) We have a legitimate interest to ensure to safe and secure functioning of the Services and to ensure compliance with any U.S. laws we may be subject to (Article 6(1)(f), GDPR) |
| Account registration information; Commercial information | To facilitate contests, sweepstakes, and promotions and process and deliver entries and rewards | To manage and perform our contract with you (Article 6(1)(b), GDPR) Before we send you certain types of marketing communications, we will request your consent to receive such communications. If you wish to stop receiving marketing or market research communications from us, you can unsubscribe via the bottom of the relevant email or contact us using the contact details below (Article 6(1)(a), GDPR) |
| Account registration information; Workout information; Chat information; Commercial information; Internet or other electronic activity information | To sanction riders if we believe they are cheating or otherwise unfairly altering results and rankings | We have a legitimate interest to ensure to safe and secure functioning of our Services (Article 6(1)(f), GDPR) |
| Account registration information; Commercial information; Payment information | To share your information with third parties as necessary to provide the Services to you | To manage and perform our contract with you (Article 6(1)(b), GDPR) We have a legitimate interest to facilitate your use of our Services, including your engagement with third parties to assist with that use (Article 6(1)(f), GDPR) |
| Account registration information; Workout information; Commercial information; Geolocation information; Chat information; Social media information | Sharing of information with third party apps such as Strava, Fitbit, Garmin and others and third party providers such as Twitch TV or YouTube | Where we receive your consent (Article 6(1)(a), GDPR) |
| Account registration information; Workout information; Chat information; Commercial information | To convert your information into aggregated form for use by us and our partners | [We have a legitimate interest to improve our business and the Services (Article 6(1)(f), GDPR)] |
| All categories outline above | To meet our legal obligations with regards to regulators, government or law enforcement bodies (including anti-money laundering, fraud prevention, tax reporting, securities laws, sanctions compliance or responding to requests for information), and to enforce or exercise our legal rights. | To comply with our legal obligations (Article 6(1)(c), GDPR) We have a legitimate interest to ensure to safe and secure functioning of our website and to ensure compliance with any U.S. laws we may be subject to (Article 6(1)(f), GDPR) |
| All categories outline above | To share personal information with third parties that acquire or are interested in acquiring all or part of our assets or shares, or that succeeds us in carrying on our business | We have a legitimate business interest in managing our business including for legal, personnel, administrative and management purposes (Article 6(1)(f), GDPR) |
| Special categories of personal data | ||
|---|---|---|
| Health-related information such as your heart rate | To provide the fitness tracking Services to you, including monitor and analyze trends, usage, and activities to improve the Services | To manage and perform our contract with you (Article 6(1)(b), GDPR) We have a legitimate interest to properly manage and administer our relationship with you and to ensure that we are as effective and efficient as we can be (Article 6(1)(f), GDPR) Where we receive your consent (Article 6(1)(a), GDPR) |
Please note that you have the right to object to the processing of your personal data where that processing is carried out for our legitimate interest.
