This privacy notice describes how TMB Group S.r.l., as Data Controller, collects, uses and protects the personal data of users who access and use the Stridemates platform (the “Platform”).
TMB Group S.r.l., with registered office in Palma Campania (NA), Italy, at via Nuova Nola n. 273, can be contacted at hello@tmb-group.it.
Data we collect
Use of the Platform involves the processing of personal data necessary to enable registration, event participation, account management and the delivery of the related services.
In particular, we process identification and contact data such as first name, last name, email address and phone number, as well as additional data needed to properly manage events and the legal aspects related to them, including date and place of birth, residential address, tax code and the digitally signed liability waivers. We also process technical data related to use of the Platform and, with your consent, geolocation data used to suggest nearby events.
Payments
Payment data is not processed directly by Stridemates. It is handled by a specialised external provider, Stripe Inc., which operates in compliance with its own terms and applicable payment security regulations. Stridemates does not store and does not have access to the full payment instrument details.
Purposes of the processing
Personal data is processed to deliver the services requested by the user, including account creation and management, event registration, ticket and identifier generation, and the collection and storage of liability waivers. Data may also be used to send operational communications and event-related notifications, in accordance with applicable law and, where required, with your consent.
Data sharing between Runners and Founders
A core aspect of the Platform is the sharing of data between Runners and Founders. When a user signs up to an event or interacts with a Club, the necessary personal data is made available to the relevant Founder, so that they can manage event organisation, participant safety and related obligations. In this context, Founders act as independent Data Controllers with respect to the data they receive through the Platform, taking full responsibility for its use in compliance with Regulation (EU) 2016/679.
TMB Group S.r.l. and Founders do not act as joint controllers under art. 26 GDPR, as each party independently determines the purposes and means of processing for its own activities. Stridemates only provides the technological infrastructure that enables data exchange and event management, without intervening on the Founders’ processing purposes. Should specific cases require a different setup, separate agreements between the parties will govern the respective roles and responsibilities under applicable law.
Third-party providers
Personal data may also be processed by third-party providers that support the operation of the Platform, including hosting, authentication, database and push notification services, as well as payment services. These providers act as Data Processors or independent Data Controllers, depending on the case, and are bound by appropriate contractual obligations and security measures compliant with the GDPR.
Data retention
Data is retained for the time necessary to achieve the purposes for which it was collected and, in any case, for the period required by applicable law or necessary to protect the rights of the Controller and other parties involved. Account data is retained until the user deletes the account, while data related to events and liability waivers may be retained for longer periods where required by legal obligations or evidentiary needs.
Your rights
You can exercise at any time the rights granted by articles 15 and following of the GDPR, including the rights of access, rectification, erasure, restriction, objection and portability, as well as the right to withdraw consent where given. Requests can be sent to hello@tmb-group.it.
You can also directly manage some preferences related to data processing, such as geolocation and push notifications, through your device settings.
Security
Stridemates adopts adequate technical and organisational measures to safeguard personal data against unauthorised access, loss or improper disclosure, in compliance with the principles of integrity and confidentiality set out in European law.
Updates
This privacy notice may be updated from time to time to reflect changes to the services offered or to applicable law. Users will be notified of any material changes through the Platform.