Introduction
Our privacy policy explains the information we collect and how we use it.
Twenty Peaks is headquartered in Israel and our services are provided to you by Twenty Peaks
Ltd. If you are a resident of the European Economic Area (“EEA”), Twenty Peaks Ltd. is the
controller of your personal data for the purposes of General Data Protection Regulation (GDPR).
Twenty peaks Ltd.
13 Oded Street
Ramat Gan, 5222307
Israel
info@twentypeaks.com
Information Twenty Peaks Collects
Twenty Peaks collects information about you, including information that directly or indirectly
identifies you, if you choose to share it with Twenty Peaks. We receive this information when
you open an account, enroll to one of our editions, provide information necessary for the
purpose of shipping items to you, such as your address, and when you connect your Twenty Peaks
account to third party services to automatically upload your activities with them to the Twenty
Peaks platform. Twenty Peaks also collects information about how you use the services.
Account, Profile, Activity, and Use Information
We collect basic account information such as your name, email address, date of birth, gender,
username and password that helps secure and provide you with access to our services.
Profile, activity and use information is collected about you when you choose to upload a
picture, join an edition or upload activity (including date, time and geo-location information
as well as your speed).
We use your contact information so we can respond to your support requests and possibly deliver
items to you as part of your enrollment to one or more editions.
Location Information
We collect and process location information arriving from third party services you use to
register and track your activities only upon your consent by you actively connecting such third
party services to your Twenty Peaks account. We do not track your location directly at any time.
Content You Share
We gather information from the photos and comments you share on the platform.
Connected Devices and Apps
Twenty Peaks collects information from devices and apps you connect to Twenty Peaks. For
example, you may connect your Garmin cycling computer or Strava account to Twenty Peaks and
information from these devices and services will be passed along to Twenty Peaks.
Payment Information
When you make a payment on Twenty Peaks, you may provide payment information such as your
payment card or other payment details. We use Payment Card Industry compliant third-party
payment services and we do not store your credit card information.
Contacts Information
Twenty Peaks does not collect nor store your contacts information.
Technical Information and Log Files
We collect information from your browser, computer, or mobile device, which provide us with
technical information when you access or use the services. This technical information includes
device and network information, cookies, log files and analytics information.
How Twenty Peaks Uses Information
Twenty Peaks uses the information we collect and receive to operate the services and to
customize your experience. For example, with your consent we use your activities recorded by
third party services to verify the climbs that you have ridden and give you credit for them on
Twenty Peaks. Part of the information you provide in your profile, such as your name, photo and
age will show up on the Twenty Peaks website for example, on a certain climb page that you have
performed or on the standings page (individual or club).
We also use the information we collect to process payments, provide support related to the
services and to communicate with you (including to send marketing) where you have opted in to
receive such messages.
We also use the information we collect to analyze, develop and improve the services. To do this,
Twenty Peaks may use third-party analytics providers to gain insights into how our services are
used and to help us improve the services.
We may also use the information we collect to market and promote the services, activities on
Twenty Peaks, and other commercial products or services. This includes customizing your Twenty
Peaks experience. For example, we may tell you about new in-season challenges that involve
climbs close to you or show you sponsored content related to cycling.
Aggregate Information
We do not sell your personal information. Twenty Peaks may aggregate the information you and
others make available in connection with the services and post it publicly or share it with
third parties. Examples of the type of information we may aggregate include information about
equipment, usage, demographics, routes and performance. Twenty Peaks may use, sell, license, and
share this aggregated information with third parties for research, business or other purposes
such as to help our partners understand more about athletes, including the people who use their
products and services.
Personal Information
In addition to sharing aggregated data about our members as described above, we may also share
personal information only to the extent needed to run our business and provide the services as
detailed below, and where required for legal purposes.
Service Providers
We may share your information with third parties who provide services to Twenty Peaks such as
supporting, improving, promoting and securing the services, processing payments, or fulfilling
orders. These service providers only have access to the information necessary to perform these
limited functions on our behalf and are required to protect and secure your information. We may
also engage service providers to collect information about your use of the services over time on
our behalf so that we or they may promote Twenty Peaks or display information that may be
relevant to your interests on Twenty Peaks or other websites or services.
Publicly Available Information
When you join the Twenty Peaks community, your profile and your activities are set to be
viewable by everyone by default. Your name and other profile information is viewable by other
Twenty Peaks members and the public, subject to your privacy controls. For example, your name
and photo may show up on a climb page if you have ridden that specific climb.
Affiliates and Acquirors of our Business or Assets
We may share your information with affiliates under common control with us, who are required to
comply with the terms of this Privacy Policy with regard to your information. If Twenty Peaks
becomes involved in a business combination, securities offering, bankruptcy, reorganization,
dissolution or other similar transaction, we may share or transfer your information in
connection with such a transaction.
Legal Requirements
We may preserve and share your information with third parties, including law enforcement, public
or governmental agencies, or private litigants, within or outside your country of residence, if
we determine that such disclosure is allowed by the law or reasonably necessary to comply with
the law, including to respond to court orders, warrants, subpoenas, or other legal or regulatory
process. We may also retain, preserve or disclose your information if we determine that this is
reasonably necessary or appropriate to prevent any person from death or serious bodily injury,
to address issues of national security or other issues of public importance, to prevent or
detect violations of our Terms of Service or fraud or abuse of Twenty Peaks or its members, or
to protect our operations or our property or other legal rights, including by disclosure to our
legal counsel and other consultants and third parties in connection with actual or potential
litigation.
How We Protect Information
We take several measures to safeguard the collection, transmission and storage of the data we
collect. We employ reasonable protections for your information that are appropriate to its
sensitivity. The services use industry standard Secure Sockets Layer (SSL) technology to allow
for the encryption of personal information. Twenty Peaks engages providers that are industry
leaders in online security to strengthen the security of our services. The services are
registered with site identification authorities so that your browser can confirm Twenty Peaks’s
identity before any personal information is sent. In addition, Twenty Peaks’s secure servers
protect this information using advanced firewall technology.
Managing Your Settings
Privacy Controls
Twenty Peaks offers several settings to help you manage your privacy and share your activities.
These privacy controls are located in your private area page.
Adjust Email Preferences
You can choose to opt in or out from receiving certain emails and notifications by indicating
your preference in your private area on the Twenty peaks website. You may also unsubscribe by
following the instructions contained at the bottom of each email. Any administrative or
service-related emails (to confirm a purchase, or an update to this Privacy Policy or our Terms
of service, etc.) do not offer an option to unsubscribe as they are necessary to provide the
services you requested.
Updating Account Information
You may correct, amend or update profile or account information at any time by adjusting that
information in your account settings. If you need further assistance correcting inaccurate
information, please contact Twenty Peaks at info@twentypeaks.com. Twenty Peaks will generally
respond to your request within 10-14 business days.
Deleting Information and Accounts
You can delete your account at any time. To request that your account is deleted, select this
option in your private area.
After you make a deletion request, we permanently and irreversibly delete your personal data
from our systems, including backups. Once deleted, your data, including your account, activities
and place on individual or club standings cannot be reinstated. Following your deletion of your
account, it may take up to 90 days to delete your personal information and system logs from our
systems. Additionally, we may retain certain or all information to comply with the law and take
other actions permitted by law.
Note that content you have shared with others, such as photos, or that others have copied may
also remain visible after you have deleted your account or deleted specific information from
your own profile. Your public profile may be displayed in search engine results until the search
engine refreshes its cache.
Your Legal Rights in the EEA
If you are habitually located in the EEA, you have the right to access, rectify, download or
erase your information, as well as the right to restrict and object to certain processing of
your information.
Learn more.
Our Legal Bases
Twenty Peaks relies on a number of legal bases to collect, use, share, and otherwise process the
information we have about you for the purposes described in this Privacy Policy, including:
• as necessary to provide the services and fulfill our obligations pursuant to the Terms of
Service. For example, we cannot provide the services unless we collect and use your location
information;
• where you have consented to the processing;
• where necessary to comply with a legal obligation, a court order, or to exercise and
defend legal claims;
• to protect your vital interests, or those of others, such as in the case of emergencies;
and
• where necessary for the purposes of Twenty Peaks’s or a third party’s legitimate
interests, such as our interests in protecting our members, our partners’ interests in
collaborating with our members, and our commercial interests in ensuring the sustainability of
the services.
Transfers
The services are operated from the United States. If you are located outside of the United
States and choose to use the services or provide information to us, you acknowledge and
understand that your information will be transferred, processed and stored in the United States,
as it is necessary to provide the services and perform the Terms of Service. United States
privacy laws may not be as protective as those in your jurisdiction.
Retention of Information
We retain information as long as it is necessary to provide the services to you and others,
subject to any legal obligations to further retain such information. Information associated with
your account will generally be kept until it is no longer necessary to provide the services or
until your account is deleted. In addition, you can delete some items of information (e.g.,
profile information) and you can hide activities from view on the services without deleting your
account. Following your deletion of your account, it may take up to 90 days to fully delete your
personal information and system logs from our systems. Additionally, we may retain information
where deletion requests are made to comply with the law, prevent fraud, collect fees, resolve
disputes, troubleshoot problems, assist with investigations, enforce the Terms of Service and
take other actions permitted by law. The information we retain will be handled in accordance
with this Privacy Policy.
Information connected to you that is no longer necessary and relevant to provide our services
may be de-identified or aggregated with other non-personal data to provide insights which are
commercially valuable to Twenty Peaks, such as statistics of the use of the services as
discussed above.
Privacy Policy Information
Twenty Peaks reserves the right to modify this Privacy Policy at any time. Please review it
occasionally. If Twenty Peaks makes changes to this Privacy Policy, the updated Privacy Policy
will be posted in a timely manner and, if we make material changes, we will provide a prominent
notice by email. If you object to any of the changes to this Privacy Policy, you should stop
using the services and delete your account.
©2020 Twenty Peaks