parkrun Privacy Policy

This policy is effective as of 25th September 2018.

At parkrun we are committed to respecting and protecting your online privacy. This includes your right to know what we do with the personal information you share with us. It also guides our policies regarding the management of your data, including how the information is collected, how it is processed, and for what purposes.

It is important to us that we communicate our policies and procedures with you clearly and in a manner that provides clarity to you the parkrunner. As such, this policy covers the following key areas:

  1. Background Information
  2. Why we need your data
  3. Categories of Data
  4. What data we collect
  5. What data we share
  6. How we contact you
  7. How we protect your information
  8. Retention Periods
  9. Automated Decision Making
  10. Your rights to manage your data

1. Background Information

parkrun Global Limited (parkrun Global) is a UK-based charity (Charity Number: 1175062) that ultimately oversees the delivery of parkrun events across the world. Each parkrun country has a relationship with parkrun Global (typically through a licence agreement or subsidiary status) that grants it the right to manage local parkrun events. As part of that relationship, parkrun Global collects, manages, and processes all associated data and is therefore considered the data controller for all parkrun group companies and all parkrun events worldwide.

Our designated Data Protection Officer is Tom Williams (COO, parkrun Global).

Questions about this privacy policy may be submitted to parkrun Global via support.parkrun.com or by post to the address below.

parkrun Global Limited
FAO: Data Protection Officer
Unit 3, Lower Deck
Phoenix Wharf
Twickenham
Middlesex
United Kingdom
TW1 3DY

2. Why We Need Your Data

In order to support our global network of parkrun events it is critical we understand who is participating. There are many reasons for this, from simple stuff like providing participants with information around how and when they have taken part, through to more complex challenges such as measuring the impact of our events on those communities most in need of increasing their physical activity levels and social engagement.

The General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA) require that all information we collect must be done so under a specific lawful basis. There are six clearly-defined lawful bases for processing information, and we categorise the majority of our data processing under three of those: Contract, Legitimate Interests and Consent.

2.1. Contract

When you register for parkrun we need certain information about you to enable us to provide you with the service of walking, running, or volunteering at our events, and to ensure those events are delivered to an appropriate standard, and to allow us to provide you with accurate records of your participation.

This lawful basis also includes any administrative or service-related emails, for example, to confirm that you have registered with us or taken part in one of our events, or to alert you of an update to this Privacy Policy or other policies that are relevant to you. These therefore do not offer an option to unsubscribe as they are necessary to provide the services you requested.

If you do not provide the information required then we will not be able to provide you with records of your participation.

2.2. Legitimate Interests

Outside of your direct participation we also wish to develop the reach and impact of our events and as such have a legitimate interest to process certain information with this aim. This includes things like carrying-out research to further understand who is or isn’t participating in our events (in order to understand our ability to impact those most in need) or capturing and sharing images of our events taking place, helping us to inspire other people to engage in physical activity and redefine what it means to be active.

2.3. Consent

Above and beyond simple participation as a walker, runner, or volunteer, there are a number of ways you can help us to ensure our events positively impact the health and happiness of their local communities, and remain free to participate in.

One of the best ways to support us in this way is by consenting to receive emails regarding things like milestone t-shirts, event profiles, offers, competitions and emails from our partners, training tips, and more. We therefore provide the opportunity at registration, and via your profile, to opt in to these communications. You can opt out at any time.

Due to GDPR requirements for providing consent, we do not process any data on children under the age of 13 if it would require consent as the lawful reason for processing. For this reason, children under the age of 13 do not have the option to opt in to the above emails.

2.4. Other Bases

Although extremely rare, there can be occasions where we are required to process information under one of the other three lawful bases: Legal Obligation, Vital Interest, Public Task.


3. Categories of Data

We utilise the following definitions for the types of data we collect:

3.1. Profile & Identity

parkrun ID, password, participation instances (walking, running, volunteering), date of birth, gender, full name, images, postcode (not used for purposes of contact), marketing preferences, medical/health information, third party linking information.

3.2. Contact

Email address, mobile phone number (SMS results service).

3.3. Technical

IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, records of pages visited and other information about the devices you use to access the site.

3.4. Incident

As part of our continual review of incidents at parkrun events we maintain a record of relevant details.

3.5. Survey

Any data submitted to us as part of research activities.

3.6. Event Imagery

Filming and photography captured at our events.


4. What Data We Collect

There are a number of ways where either you are able to explicitly share data with us or we are able to collect it as a result of your actions:

4.1. At registration

We collect information about you that allows us to support your participation in our events. We use this information to create a profile for you on our database, to which we can connect walking, running, or volunteering instances that in turn track your progress toward various parkrun participation milestones. We also collect information around your activity levels and other relevant personal information that may help us support your participation more appropriately.

4.2. Using your profile

You can update information such as emergency contact details, email address, home event and mobile number in order to receive participation notifications via SMS (in some countries).

4.3. By linking your parkrun account with a third-party account

Such as by connecting your parkrun profile with Strava you can connect services that you use.

4.4. Research Surveys

From time-to-time we send out research surveys that allow us to develop an understanding of parkrun and its participants.

4.5. Partner surveys

Sent out by us, help to support our sponsors and other stakeholders in understanding their level of connection with the parkrun communities they support.

4.6. Incident reports

Compiled by our local volunteer teams in the event of an incident. Relevant data is collected by the volunteers and uploaded directly or via email to our secure online incident reporting system. In some cases staff add to this data through the process of following-up on incidents.

4.7. Cookies

When you visit our websites, cookies will be stored on your computer. Generally, cookies and similar technologies work by assigning to your browser or device a unique number that has no meaning outside of parkrun. We use these technologies to personalise your experience and to assist in delivering content specific to your interests. Additionally, after you’ve entered your parkrun ID and password we save that information so you don’t have to re-enter it repeatedly. Most browsers automatically accept cookies.

Some third-party services we use, such as Google Analytics, may place cookies in your browser. This Privacy Policy covers use of cookies by parkrun only, and not the use of cookies by third parties.

To manage the collection of information through cookies or other equivalent technology you can use the settings on your browser or mobile device.

4.8. Log Files

The collection of information: Every time you connect to parkrun websites your IP (Internet Protocol) address registers on our servers. Your IP address reveals no information other than the number assigned to you. We do not use this technology to obtain any personal data against your knowledge or free will (i.e. automatically recording email addresses of visitors). Nor do we use it for any purpose other than to help us monitor traffic on our website, or (in case of criminal activity or misuse of our information) to cooperate with law enforcement.

4.9. Web Beacons

These are small pieces of code that deliver a graphic image on a web page or in an email for the purpose of transferring data back to us. The information collected via this process will include information such as IP Address, as well as information about how you respond to an email campaign (e.g. at what time the email was opened, which links you click on in the email, etc.).

We may use web beacons on our websites or include them in e-mails that we send to you. We use this information for a variety of purposes, including but not limited to, site traffic reporting, unique visitor counts, advertising, email auditing and reporting, and personalisation.

In some cases we allow our partners to include web beacons in emails served by us on their behalf. In these instances they are only able to collect anonymous data and have no access to personal information.

4.10. Local Volunteer Event Teams

In order to support our local event teams’ requirement to manage their volunteers, process results, and record incidents, we created a dedicated online system, called WebFMS. This enables event teams to carry out their roles with regards the safe and appropriate management of their events, without the need for them to hold or have access to sensitive personal data of their participants. For example, they are able to email their volunteers through WebFMS without being able to see individual email addresses.

It is important to note however that due to the nature of our events, friendships form and as a result event teams are likely to also communicate directly with each other through platforms such as Facebook, WhatsApp, SMS or email.

4.11. Social Media

When you engage with parkrun over social media, it will usually be as a registered user of that social media platform. The use of personal data on social media is governed by your agreement with that platform’s own privacy policy or terms and conditions. parkrun official social media pages are administered by parkrun as a data controller of these pages. These social media platforms may process user personal data to deliver anonymised user statistics to the local administrator of that page or event. We do not use the personal data you have made available on social media outside of that platform, unless you have given us your consent to do so.

4.12. Event Photography and Filming

Photography or filming is likely to take place at our events, is common practice, and helps us to inspire other people to engage in physical activity and to redefine what it means to be active. It also provides a means for historical recording of our events over time. Furthermore, our use of images helps to demonstrate diverse groups of people engaging in and enjoying physical activity both during parkrun events but also as part of the wider community.

We ensure compliance with safeguarding laws and are supported both in-house through our Safeguarding Lead and externally with the support of other experts in the field of safeguarding. All volunteer photographers at parkrun events are registered with parkrun and required to wear a parkrun high-vis vest, further details of our Photography Policy are published here.

In line with the lawful basis of Legitimate Interest individuals have the right to object to this method of data processing by contacting the event team directly, or parkrun head office, and requesting deletion of relevant imagery. At event-level we will also seek, where the event is informed in on the day, not to photograph those individuals who have previously objected.

4.13. Anonymity

In exceptional circumstances, such as for our participants within the custodial system, we allow/require participants to register under a pseudonym. If you have any questions on this process please contact us via support.


5. What Data We Share

5.1. Publicly Available Information

We do not offer privacy settings in relation to your walking, running, or volunteering participation, and as such our websites display your name, age category, gender, age grade, participation locations, and finish times. We do, in some cases, share (under the lawful basis of legitimate interest) this publicly-visible data with third parties such as the UK-based Power of 10 website (who, for example, aggregate results from running events across the UK).

5.2. Third-Party Connections

Across parkrun territories we offer a number of opportunities for our members to connect their parkrun accounts with other accounts in their name. This could be for the purposes of linking to activity tracking platforms, or sending activity data to incentivised wellness programmes. This can only happen at the request of the user, the specific data shared is clearly defined, and the integration can be stopped at any time by the user simply opting out.

5.3. Anonymised Participant Data

Our mission statement is to create a healthier and happier planet and, as a result, much of our internal work centres around understanding the health and wellbeing of our communities. As part of this we have an exclusive global research partnership with the Advanced Wellbeing Research Centre (AWRC), a Department of Health and Social Care funded research centre based in Sheffield, England. Under the lawful basis of Legitimate Interest, we pass anonymised & published participant data to the AWRC who are then able to support health-focused research utilising this data, out of which research articles may be published containing anonymised data. All research on the anonymised data, that is approved by the parkrun Research Board, will have achieved ethical approval through an independent research ethics board.

5.4. Personal Contact Details

We do not share our users’ personal contact details with any third parties. All communications sent to our database on behalf of our partners are sent directly by us and only where you have consented for us to do so.


6. How We Contact You

The large majority of our outgoing communication, to the parkrun community, is via email. Sending an email to you is a form of data processing, and as such may only be carried out under a specific lawful basis.

6.1. Under the Lawful Basis of Fulfilling a Contract

In order to fulfil our obligation to you as a parkrunner, to ensure our events are delivered in a safe and appropriate manner, and to ensure the parkrun organisation is managed appropriately, there are some communications we send to everyone. The following communications fall into this category:

  1. Confirmation you have registered with us.
  2. Updates to key documents, such as this privacy policy.
  3. Confirmation that your participation (walking, running, or volunteering) has been recorded by the local event team.
  4. Notification that you have joined a parkrun milestone club and are eligible to claim any associated items such as t-shirts, wristbands, or certificates.
  5. For those who have volunteered at a parkrun event, a regular national volunteer update.
  6. For those who have signed up to volunteer at a specific parkrun event, emails from that event team relating to that volunteering situation.

6.2. Under the Lawful Basis of Legitimate Interest

There are some occasions where we may contact you as part of our mission to make the world healthier and happier. For example, where we write to people who’ve registered but not participated, with the aim of understanding why and then being able to create a more supportive environment. The following types of communications fall into this category:

  1. Questionnaires aimed at developing our understanding of who is participating.
  2. Emails sign-posting participants to peer-support groups we feel may be suitable based on information you have provided.
  3. Questionnaires for research aimed at understanding the effect of parkrun on global health and wellbeing.
  4. Local event teams directly contacting specific parkrunners using the WebFMS platform.

You have a right to object to receiving these emails, to do that please contact us directly.

6.3. Under the Lawful Basis of Consent

Not only is our mission statement focussed on improving the health and happiness of our communities, but we have also made a commitment that participation in parkrun will be free, forever, for everyone. There are ways in which we rely on parkrunners to achieve both of those ambitions, some of which require us to be able to send certain communications. We therefore offer all parkrunners the chance to opt-in (at registration or via their profile) to receive regular updates from us and our partners.

Consent can be withdrawn at any time but does not apply to processing that happened before the consent was withdrawn.

Individual parkrunners can also opt in to receive local volunteer appeals from the events of their choice. This can be amended at any time.


7. How We Protect Your Information

We work extremely hard to apply appropriate security measures in order to protect your data from being accessed or disclosed without your permission, or lost. We have a relatively small staff team, who are regularly updated on good practice in data handling, all personal data is password protected and only available to those with a specific need for access.

In the event of a data breach we will notify you and any applicable regulator, where legally required to do so.

At local event level we ask our teams to support all participants (walkers, runners, and volunteers) using our secure online platform (WebFMS) and their official email account (which we also maintain control of centrally). As such, the only personal information event teams hold on their participants is an email address if an email has previously been sent to the event email account. All event-team email accounts are password protected.

Whilst we understand that event teams will also hold files that include parkrun ID barcode numbers of specific participants, this is publicly available information. Should a parkrunner request that their data be deleted from our servers, these barcode numbers will no longer be able to identify specific individuals.

Some event teams also use Facebook to communicate with participants, in these cases we retain admin control centrally and are able to control/remove access when required.

7.1. Third Country Data Transfers

On occasion we may use third parties for the purposes of data processing, and these may reside outside of the European Economic Area (EEA). These third parties are selected only if they exist in a territory deemed compliant with relevant legislation (read more) or with regards to third parties based in the US they must be part of the Privacy Shield (read more).


8. Retention Periods

In order to present our data retention periods as simply as possible we have chosen to do so
using our definitions of categories of data defined in section 3 above.

8.1. Profile & Identity Data – In perpetuity

This is in order to create our results tables, maintain historic records of participation, to allow participants to access their participation records, and to allow anyone who is registered with us to participate at any future parkrun event without the requirement to re-register.

8.2. Contact Data – Ten years from most recent participation instance

It is common for people to leave significant time periods between walking, running, or volunteering at our events. It is also common for people to enjoy receiving our communications without participating at our events themselves.

8.3. Technical Data – Three years from point of data collection

In order to provide the best possible service to our users, to support the administration of our systems and processes, and to comply with legal obligations.

8.4. Incident Data – In perpetuity

We retain this data in order to keep a historical record of our incident profile, from which we are able to continually review our operating policies in order to enable the safe and appropriate delivery of our events.

8.5. Survey Data – In perpetuity

This data is used for the purposes of understanding our community in greater detail. Changes over time are of particular interest where comparison of current versus historical data allows us to assess the impact of our events and associated interventions.

8.6. Event Imagery – In perpetuity

Event imagery is predominantly processed under the lawful basis of Legitimate Interest, and may be stored securely by event teams in perpetuity as it represents a historical record of that event. Although extremely rare, there can be occasions where we are required to process information conveyed in photographs under another of the lawful bases, such as Legal Obligation, Vital Interest, Public Task.


9. Automated Decision Making and Profiling

In some situations we make automated decisions based on various types of data that we hold, this also also known as profiling. Examples of where we use this might be to send research surveys to people who have only ever participated once or to market products to specific demographics of people, such as advertising a local running event to parkrunners in that area.

Whilst our automated decision making processes do not have a legal or similarly significant effect on the individuals concerned, you do have the right to object to us applying these processes to your data.

To understand more about automated decision making and profiling please see this section of the ICO website.

10. Your Rights

You have the right to:

10.1. Be informed if your personal data is being used

Where appropriate we endeavour to inform you of this at the point where your data is being collected, however for circumstances where that is not practical or possible please refer to this Privacy Policy.

10.2. Get copies of your data

You are also free, at any time, to request a downloadable copy of all the data we hold on you. This would include details of all your walking, running, and volunteering instances and as such is something we particularly recommend prior to any request for us to delete your data. To do this please contact us via support.

10.3. Have your data corrected

If at any time you feel the data we hold on you is incorrect, and you are unable to change it via your profile, please contact us via support.

10.4. Have your data deleted

Should you wish, at any time, for us to delete your data then please contact us via support and we can enable this process. Please note that this is not something that can be undone and as such we would recommend downloading your historical results (see next section) before doing so.

Although we approach every request for deletion on a case-by-case basis, we do not as a rule remove volunteer data simply on request. This is in order support potential future challenges, enquiries, or investigations where this information may be critical.

10.5. Limit how we use your data

If you are concerned about the accuracy of the data or how it is being used please contact us via support. Where you have previously provided us with consent to use your personal data in a specific way, you can remove your consent at any time (or opt-out) via your parkrun profile page.

10.6. Data portability

Following from point 10.2 (above) we will provide copies of your data in standard machine-readable formats. In such cases, please contact us via support.

10.7. Object to the use of your data

Where we are processing your data under the lawful basis of Legitimate Interest you have the right to raise an objection to that processing. This is not an absolute right to object and we will carry out a balancing test where we assess the reasons for your objection in the context of our legitimate interests.

10.8. Raise a concern

If, at any time, you have a concern as to how we are handling your information then please contact us via support. If you feel that we have not addressed your concerns appropriately you have the right to raise them directly with the ICO (read more).