ThrottleTrack LogoThrottleTrack

GDPR Compliance

Information about your rights under the General Data Protection Regulation

Last Updated: April 5, 2025

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy that applies to all individuals within the European Union and the European Economic Area. It also addresses the transfer of personal data outside these areas.

At ThrottleTrack, we are committed to ensuring that your personal data is protected and processed in accordance with the GDPR. This page explains how we comply with the GDPR and outlines your rights under this regulation.

2. Data Controller Information

ThrottleTrack is the data controller for personal data collected through our motorcycle ride tracking mobile application and website. As the data controller, we determine the purposes and means of processing your personal data.

You can contact our Data Protection Officer at:

[email protected]

3. Legal Basis for Processing

Under the GDPR, we must have a legal basis for processing your personal data. We process your personal data on the following legal grounds:

3.1 Consent

We process certain data based on your explicit consent, such as when you opt-in to receive marketing communications or when you choose to share your ride data with friends or the community.

3.2 Contractual Necessity

We process data necessary to fulfill our contractual obligations to you, such as providing the core functionality of the ThrottleTrack app, processing payments for subscriptions to paid plans, and maintaining your account.

3.3 Legitimate Interests

We process certain data based on our legitimate interests, such as improving our motorcycle ride tracking services, ensuring security, preventing fraud, and marketing our services to existing customers. We always balance our interests against your rights and interests.

3.4 Legal Obligation

We may process your data to comply with legal obligations, such as tax laws or in response to legal proceedings.

4. Your Rights Under GDPR

The GDPR provides you with several rights regarding your personal data. These rights include:

4.1 Right to Access

You have the right to request a copy of the personal data we hold about you, including ride tracking data, route plans, and account information, as well as information about how we process it.

4.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you, including your rider profile and motorcycle details.

4.3 Right to Erasure (Right to be Forgotten)

You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected. This includes your ride history, route plans, and profile information.

4.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

4.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit this data to another controller. This is particularly relevant for your ride data and routes that you've created with ThrottleTrack.

4.6 Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including when we process your data for direct marketing purposes or based on legitimate interests.

4.7 Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.

5. How to Exercise Your Rights

To exercise any of your rights under the GDPR, please contact us at [email protected]. We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

If we decide not to take action on your request, we will inform you of the reasons for not taking action and of your right to lodge a complaint with a supervisory authority.

6. Data Transfers Outside the EEA

We may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure that appropriate safeguards are in place to protect your data, such as:

  • Transferring to countries that have been deemed to provide an adequate level of protection by the European Commission
  • Using specific contracts approved by the European Commission that give personal data the same protection it has in Europe
  • Transferring data to US-based providers that are part of approved privacy frameworks

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Different types of personal data may be retained for different periods based on the purpose of processing:

  • Account information: Retained for the duration of your account plus a limited period after account closure
  • Ride data and routes: Retained as long as your account is active (limited rides for Free Plan users, unlimited for paid plan users)
  • Payment information: Retained in accordance with applicable financial regulations
  • Communications: Retained for a reasonable period after your last interaction with us

For more information on our specific retention periods, please contact our Data Protection Officer.

8. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) when implementing new technologies or processing activities that are likely to result in a high risk to your rights and freedoms. These assessments help us identify and minimize data protection risks in our motorcycle ride tracking application.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of the breach.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly, unless we have implemented appropriate technical and organizational protection measures or other measures that render the personal data unintelligible.

10. Contact and Complaints

If you have any questions about our GDPR compliance or if you believe that we have not complied with our obligations under the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU member state where you reside.

However, we encourage you to contact us first so that we can try to resolve your concern directly. Please contact our Data Protection Officer at [email protected].