Your privacy is important to us. Therefore, we a have a few fundamental principles:
- we don’t ask you for personal information unless we truly need it.
- we don’t share your personal information with anyone except to comply with the law, develop our products and services and provide you with our products and services, or protect our rights.
- we treat your personal information with the highest regard to privacy and security.
What information about me does Tacx collect and how is it used?
Visiting the Site and setting up a Tacx account
To use the core functionality of the Site and to access any data collected by Tacx, you must first complete the registration form at the Site and agree to our Terms and Conditions to set up a Tacx account. During registration you will be required to provide: personal information such as your name and email address. You can also use your Facebook or Google account to set up a Tacx account. You can then also choose to share some information from these accounts with the Tacx account. You can always choose to remove Tacx from this account to stop sharing this information. Tacx does not knowingly collect information from children under 13 years old. If we or a third party service provider requires a birth date to order a specific product or service, you will not be able to enter a birth date that indicates that you are less than 13 years old. If you opt-in for the Dynamic newsletter during registration, Tacx will use your email address to send you newsletters with updates and news about Tacx. You may remove your name from our email list by updating your profile in the Account section or by emailing firstname.lastname@example.org. We will respond to your request in a reasonable timeframe, and in any event in less than 30 days.
We also collect data if you make a purchase on our Site. This includes your (shipping) address. If you make a purchase on the Site, we may also ask you for your creditcard and billing information. This personal data is solely processed and handled by our payment providers. Tacx uses a creditcard processing company, Adyen, to process your creditcard information as required for your order and to ensure that your transaction is secure. This processing company does not retain, share, store or use your personally identifiable information for any other purposes. Tacx does not have any access to the personal data collected by this creditcard processing company.
Contacting customer service
When you contact our customer service for help, we collect your name and email address and any information you may provide us with. We collect and store this personal data to provide you with customer service and to improve the Tacx Service. You may decide to send Tacx personally identifying information in an e-mail message which might contain information or inquiries about the Tacx Service. Tacx will use this information to identify you as a Tacx member and to respond to the electronic mail. Tacx will only use the information obtained to resolve the issue identified in the e-mail. Tacx never sells e-mail addresses. You may change or request deletion of your personal information by contacting email@example.com. We will respond to your request in a reasonable timeframe, and in any event in less than 30 days.
Data that you request Tacx to share
You can request Tacx to share your information with other parties. You may for example ask Tacx to link your Tacx account to a third party app, such as Facebook, Strava or Google. Information collected by third parties, which may include such aspects as location data or contact details, is governed by their privacy practices. You should exercise caution, and review the privacy statements applicable to the third-party websites and services you use.
Data storage and retention
Your personal data is stored by Tacx on its servers, and on the servers of the database management services Tacx engages, located also in the United States. Tacx retains data for the duration of the user’s relationship with Tacx and otherwise as required under applicable law. Personal data will be kept for no longer than is necessary for the purposes for which your personal data are processed. We will retain your personal data as long as you are a Tacx user or require our services so that we can provide these services to you.
At the moment you cancel your Tacx membership or withdraw your consent for the processing of your personal information, all your personal data received and stored are erased if no longer needed by us. Unless we are required to retain this personal data by law or to comply with our regulatory obligations. In such a case, we will only keep this personal data for as long as necessary. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at firstname.lastname@example.org. We will respond to your request in a reasonable timeframe, and in any event in less than 30 days.
When you visit our Site or Software, we may collect information about the type of device you use, your device’s unique identifier, the IP address of your device, your operating system, the type of internet browser that you use, usage information, diagnostic information, and location information from or about the computers, phones, or other devices on which you install or access our Products or Services. Where available, our Services may use GPS, your IP address, and other technologies to determine a device’s approximate location to allow us to improve our products and Services.
- We use Google Analytics to collect information about Site usage for statistical analysis: Google Analytics uses a collection of cookies to collect Site information and report Site usage in a partly anonymous form.
- We use Google AdWords Remarketing for targeted marketing to users that visit our Site. Google Remarketing cookies allow Tacx advertising to be served once a user leaves our Site and visits any Google Display Network Partner enabled Site. When you visit an eligible site, cookies are referenced by that site to display our advertising based upon the history of sites visited by your browser. We also use these cookies to assess the effectiveness of our advertising through this medium.
You can remove or reject cookies using your browser or device settings, but in some cases doing so may affect your ability to use our products and Services.
If you wish to opt-out from being tracked by Google Analytics on this Site with the effect for the future, please copy and paste the following address in your browser:
We will not associate identifiers from cookies or similar technologies with sensitive identifiers, such as the race, religion, sexual orientation or health of our users.
To learn more about your ability to manage cookies and web beacons, please consult the privacy features in your browser. In addition, to find out more about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
Do Not Track
Tacx will only share your personal information with third parties if:
- Tacx has your consent;
- Tacx deems this necessary to provide you with the Tacx Service. All companies are contractually engaged in providing us with services like the purchase of products and services, email management and payment processing.
- Tacx determines that it is required to do so by law; such as in response to a court order or subpoena;
- Tacx finds that you are in breach of its terms and conditions or any of its policies or usage guidelines for specific Tacx Services;
- it is necessary in Tacx’s opinion to do so to prevent, investigate, detect or prosecute criminal offenses or attacks on the technical integrity of the Site or Tacx’s network;
- it is necessary in Tacx’s opinion to do so to protect the rights, property, or safety of Tacx or its employees, the users of the Tacx Service, or the public; or
- information about you and your use of the Tacx Service may be aggregated with other information collected via the Tacx Service or otherwise used in ways that do not personally identify you or constitute personally identifiable information. This type of aggregated or statistical information may be used by us to improve the quality of the Tacx Service or for other purposes that we may deem appropriate.
Our processing of your personal information will be legitimized as follows:
- Whenever we require your consent for the processing of your personal information such processing will be justified pursuant to Article 6(1) lit. (a) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This article in the GDPR describes when processing can be done lawfully.
- If the processing of your personal data is necessary for the performance of a contract between you and Tacx or for taking any pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b). If this data is not processed, Tacx will not be able to execute the contract with you.
- Where the processing is necessary for us to comply with a legal obligation, we will process your information on basis of GDPR Article 6(1) lit. (c), for example complying in the fields of employment law.
- And where the processing is necessary for the purposes of Tacx’s legitimate interests, such processing will be made in accordance with GDPR Article 6(1) lit. (f), for example to detect fraud.
Transferring personal data from the EU to the US
Information we collect from you may be processed in the United States through our Software (Google Cloud Platform). The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GGDPR. A finding of “adequacy” in short means that the European Commission has decided that this country outside the European Economic Area (“Area”) ensures an adequate level of data protection. We refer, to https://cloud.google.com/security/compliance/eu-data-protection/ for more information on the safeguards that Google has in place for the transfer the Google Cloud Platform.
What can I do to help make sure the security works correctly?
Tacx uses bcrypt algorithms to “hash” passwords of users, Tacx does not store its user’s passwords. “Hashing” is the transformation of a string of characters into a value or key, it is a form of encryption. Tacx also uses SSL. The data traffic to the Software (Cloud) is protected by SSL, this also protects the data traffic between the Apps and the Cloud. SSL is a technique used to encrypt the connection between data traffic between for example a website and a server.
To help ensure that these measures are effective in preventing unauthorized access to your private information, you should be aware of the security features available to you through your browser. You should use a security-enabled browser to submit your credit card information and other personal information at the Site or any other Tacx Service. Please note: If you do not use a SSL-capable browser, you are at risk for having data intercepted. Tacx will not be responsible for any compromise of data that is intercepted due to your use of an unsecured browser.
Most browsers have the ability to notify you if you change between secure and insecure communications, receive invalid site identification information for the site you are communicating with, or send information over an unsecured connection. Tacx recommends that you enable these browser functions to help ensure that your communications are secure. You can also monitor the URL of the site you are visiting (secure URLs begin with https:// rather than the normal http://), along with the security symbol of your browser (an open or closed padlock in Netscape or a broken or complete key in Internet Explorer) to help identify when you are communicating with a secure server. You can also view the details of the security certificate of the site to which you are connected. Tacx encourages you to use this to check the validity of any site you connect to using secure communications.
Tacx uses reasonable physical, technical and administrative measures to safeguard personal information you provide through the Tacx Service or in connection with Tacx’s Products and Services. Please be aware that no data transmission over the internet can be guaranteed to be 100% secure. As a result, Tacx cannot guarantee or warrant the security of any information you transmit on or through the Tacx Service and you do so at your own risk.
Does Tacx offer opt-out or opt-in services?
Yes. If you choose to stop receiving emails from Tacx, please follow the unsubscribe instructions within each email communication or send an email to email@example.com. Tacx will process your opt-out and you will receive an e-mail confirming that you have opted-out and that Tacx have stopped using/collecting your personal data as well as deleted it, if the personal data is no longer required by law. In addition, the confirmation email will provide instructions and a service list on how to further avoid providing Tacx with personal data in connection with any Products or Services that you may attempt to use or where applicable, still be permitted to use after you have opted-out. Tacx will not provide or share any mailing lists or other information about you to another company or service for promotional purposes. Any service related emails (to confirm a purchase, etc.) generally do not offer an option to unsubscribe as they are necessary to provide the service you requested.
The rights of users
If you need to correct, amend or delete submitted information that is inaccurate please contact Tacx at firstname.lastname@example.org. We will respond to your request in a reasonable timeframe, and in any event in less than 30 days. In addition, you may correct, amend or delete submitted information that is inaccurate by visiting “Edit Profile” on the Site or in the App.
Users have the right to withdraw their consent for the processing of personal data or the further processing of personal data by Tacx at any time. A withdrawal should be sent to Tacx at email@example.com. We will respond to your request in a reasonable timeframe, and in any event in less than 30 days.
Users have the right at any time, to know whether their personal data has been stored and can consult Tacx to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. You may also ask us to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. You may withdraw your consent for the processing of personal data or the further processing of personal data by us at any time. Requests should be sent to Tacx at the contact information set out below. Users also have the right to lodge a complaint against Tacx with a supervisory authority.
Users have the right to request to obtain and reuse their personal data for their own purposes across different services. Requests should be sent to Tacx at the contact information set out below.
Data controller and owner: Tacx B.V.,
By writing to us: Rijksstraatweg 52, 2241 Wassenaar, The Netherlands
By email: firstname.lastname@example.org
The Tacx Service allows for direct interaction with external social networks or other external platform that are outside our control. The interaction and information obtained by the Tacx Service are always subject to the user’s privacy settings for each social network. We are not responsible for the security or privacy of any information collected by other websites or other services. Information collected by third parties, which may include such aspects as location data or contact details, is governed by their privacy practices. You should exercise caution, and review the privacy statements applicable to the third-party websites and services you use. The following third parties may be used by the Tacx Service. We have tried to include an overview that is as complete as possible on all third parties, however, we cannot guarantee the truthfulness and completeness of this overview.
Users can sign in to the Cloud using Google, Facebook or a dedicated Tacx Account. Both Google and Facebook accounts are connected via OAuth2 (OAuth2 is an authorization framework that enables applications to obtain limited access to user accounts) web flows of Google and Facebook. Tacx accounts are handled completely by the Tacx Account backend. Users can also connect their Strava account to their Cloud account (this is part of the Software), the connection is also made via an OAuth2 web flow.
Google analytics gathers anonymous user data. In particular, it gathers the following data and provides it (anonymously and aggregated) to Tacx:
- Numbers of users per age group;
- Numbers of male users;
- Numbers of female users;
- Number of users per country;
- Number of users per device;
- Number of users per device operating system version:
- Number of users per users interest group;
- Number of active users;
- Time users spend daily;
- Whether or not users have made a purchase.
Mandrill is used to send emails to specific users. Mandrill contains templates defined by Tacx for several types of email. These are currently two types of email: TCX Export and Password Reset. These templates require the first name of the user and for sending, obviously, the email of the user is required. These data are provided by the Software or account backends. Further data required by these templates is generated by either the account backend or the Software backend. The actual content as it is sent to the user is stored in Mandrill for later reference. In the future, new types of email may require other use of data, logically this data will be provided by the account backend or the Software backend from their storage systems. For sending emails to single users, Tacx uses Mandrill. Some user data is synchronized with Tacx’s MailChimp account for use in the Tacx newsletter.
MailChimp is used for sending newsletters to users, the Software synchronizes with Tacx’ MailChimp account. The Software backend synchronizes, from its data store, the following data with MailChimp: first name, last name, email address, language.
Extensive overview of data that is collected
The following systems may be used by the Software and App for storing user data. We have tried to include an overview that is as complete as possible on all data that is collected and through what settings or Software, however, we cannot guarantee the truthfulness and completeness of this overview.
Various user data is stored in the Tacx Cloud (which is part of the Software). Some of this data is sensitive data. All Tacx applications communicate with, and store their data through, two backend systems:
- The Cloud backend stores user profile information and training data; and
- The Account backend is used to authenticate users through email/password combinations and handles the web flow such as the Tacx.com website and TTX applications.
Both these systems store their persistent data in the Google Cloud data store. The Google Cloud data store stores data in the form of entities, which may have one or more indexed fields.
The Cloud data store contains all user profile data, activity, workout and social data.
Account data store
Account data store is storage of Tacx Account credentials and tokens. It contains data used for user authentication based on email and password, and the OAuth2 flow directed towards the Software (for client apps that enter want to get a token from the Software).
Authorization Code is the code generated when client applications request an authorization code according to the OAuth2 standard.
Client is data for authenticating and authorizing client applications. It contains the following data: (1) Client’s ID, regardless of its validity and; (2) Client’s encrypted secret and prefixes of valid redirect URI (uniform resource identifier) for the OAuth2 web flow.
Cloud data store
Cloud data store is storage of all user profile and training information. It has a search index that duplicates some information.
Cloud File Storage
Cloud File Storage is storage of user profile images. Files in the Cloud File Storage are stored in Protobuf, PNG, or Jpeg format. The PNG and Jpeg files concern profile images uploaded by the user. The following data may be stored in Protobuf files: (1) distances and heights measured in meters; (2) durations measured in seconds; (3) heart rates and cadence measured in Hertz; (4) power measured in Watt; (5) energy measured in Joule and; (6) speed measured in meters per second.
Code Identifier Mapping
Code Identifier Mapping is used to map the code sent when a password reset request is made to the account for password reset.
Email Settings is used to track whether or not the user will receive emails from the Software and which emails to receive. A link is included in each email message that allows the user direct access to its settings without having to log in. The code included in that link is stored in Email Settings Code, which contains the following data for identification: (1) email; (2) expiration data and; (3) user UUID (universally unique identifier).
Email User Id Mapping
Email User Id Mapping maps an email address to a user account.
Payment Notification is used to manage payment through Adyen. Payment Notification tracks notifications sent by Adyen to the Cloud about payments.
Persistent Token stores OAuth2 tokens mapped to user accounts.
Subscription of a user is tracked, which contains the following data: (1) cancel date if canceled; (2) which subscription this is a continuation of; (3) the type of continuation; (3) creation date; (4) end date; (5) reasons for failure if any; (6) the start date of the original subscription; (7) the payment method; (8) the plan and; (9) the start date.
User consists of three fields, namely inactive fields which are once filled in but no longer used, fields for possible future use and fields that are currently in use. For each of these fields, the data collected are categorized as follows:
For a number of fields for possible future use, it contains the following data: (1) address, city, country, postal code and state for billing and delivery purpose and; (2) nickname, phone and website for miscellaneous purpose.
For a number of fields that are currently in use, it contains the following information or data: (1) dates: registration, last modification of profile, possible deregistration; (2) linked accounts: ids for Google, Facebook, Tacx Account; (3) personal information: biography, data of birth, email, first name, last name, location, gender. The latter only if filled in at your Tacx account.
User Credentials contains the user’s email, first name, and encrypted password.
Last updated April 24th, 2019.