-
Personal data controller
Deloitte Runify 2026 organising committee acts as the Personal Data Controller responsible for the collection and processing of Participants’ Personal Data in connection with the organisation and management of the event.
Official contact information:
Email: info@deloitterunify.id
WhatsApp: +62 858-1338-1354
-
Scope of this policy
This policy governs the collection, use, storage, disclosure, processing, and protection of Participants’ Personal Data obtained through:
- The official Deloitte Runify 2026 website
- Online and offline registration processes
- Race Pack Collection
- Timing and race result recording systems
- Event documentation activities
- Direct communications with participants
By registering for and/or participating in the event, participants are deemed to have read, understood, and agreed to this policy.
-
Types of personal data collected
The organising committee may collect and process the following personal data:
-
Identity information
- Full name as stated on the Employee ID
- Employee ID number
- Place and date of birth
- Gender
- Nationality
-
Contact Information
- Deloitte email address
- Phone/WhatsApp number
- Residential address
- Emergency contact
-
Registration and competition data
- BIB number
- Race category (5K / 10K)
- Timing chip data
- Gun time and official time
- Finisher or disqualification status
- Cut-Off Time (COT) records
-
Limited health information
- Declaration of fitness and good health during registration
- Certain medical information voluntarily provided by participants (e.g., inhaler use)
-
Documentation and media
- Photographs
- Videos
- Audio recordings
- Testimonials
-
Technical and digital data
- IP address
- Cookie data
- Website access logs
-
Purposes of data processing
Participants’ personal data is processed for the following purposes:
- Identity verification and participant validation
- Issuance of BIB numbers and timing chips
- Race management and official timing records
- Publication of race results through official websites and platforms
- Determination of winners and prize distribution
- Event documentation and publication through print, electronic, digital, and social media channels
- Technical race information
- Audit, security, and fraud prevention purposes
- Management of claims, complaints, or incidents during the event
- Promotional and marketing communications, where participant consent has been provided
All processing activities are carried out in a lawful, limited, and proportionate manner based on the operational requirements of the event.
-
Legal basis for processing
Personal Data is processed based on one or more of the following legal grounds:
- Participant consent
- Performance of a contract (Terms & Conditions)
- Compliance with legal obligations
- The legitimate interests of the organising committee, provided such interests do not override the rights and freedoms of participants
-
Data disclosure and sharing
Personal Data may be shared with:
- Official timing system providers
- Jersey, BIB, and race pack suppliers
- Event sponsors and partners
- Documentation and media vendors
- Hospitals or medical personnel in emergency situations
- IT system and website service providers
- Government authorities where required by law
All third parties receiving personal data are required to maintain confidentiality and implement appropriate data protection measures in accordance with applicable regulations.
-
Publication of participant names and race results
Participants understand and agree that the following information may be publicly disclosed through the official website and/or race result publication platforms:
- Full name
- BIB number
- Race category
- Race timing results (Gun time and official time)
- Finisher status
Such publication forms part of the transparency and integrity of the competition and shall not be considered a violation of privacy.
-
Documentation and intellectual property rights
By participating in the event, participants:
- Authorise the organising committee to capture photographs and/or videos during the event;
- Consent to the use of such documentation for promotional, publication, and communication purposes without time limitation;
- Acknowledge that all documentation produced during the event shall be the property of the Organising Committee; and
- Waive any right to financial compensation arising from the use of such documentation.
-
Data retention and storage
Personal data will be retained:
- Throughout the event period;
- For as long as necessary to fulfill administrative, operational, and legal requirements; and
- In accordance with applicable laws and regulations.
Upon completion of the event, personal data will be securely deleted or destroyed.
-
Data security
The organising committee implements reasonable technical and organisational safeguards, including:
- Restricted-access database systems
- Password protection and encryption measures
- Internal access controls
- Confidentiality agreements with vendors and service providers
However, participants acknowledge that data transmission over the internet carries inherent security risks.
-
Participants’ rights as data subjects
In accordance with applicable laws and regulations, participants have the right to:
- Obtain information regarding the processing of their personal data;
- Access and obtain copies of their personal data;
- Correct or update their personal data;
- Withdraw consent at any time;
- Object to certain processing activities;
- Request deletion of their personal data, subject to applicable legal obligations.
Requests may be submitted through the organising committee’s official email address.
-
Personal data breach
In the event of a personal data breach, the organising committee will:
- Notify affected participants no later than 3 x 24 hours after becoming aware of the breach;
- Explain the types of data affected; and
- Provide information regarding mitigation measures undertaken.
-
Cross-border data Transfers
Where personal data is transferred outside Indonesia (including through the use of international servers), the organising committee will ensure that:
- An equivalent level of data protection is maintained; or
- Appropriate and legally binding data protection agreements are in place.
-
Consent to be contacted
By participating in Deloitte Runify 2026, participants consent to being contacted by the organising committee or appointed third parties through:
- Email
- Telephone
- WhatsApp
- SMS
- Direct Messages
For purposes including event-related communications, technical information, prize distribution, and other matters related to the event.
-
Changes to this policy
The organising committee reserves the right to amend or update this policy at any time to accommodate operational requirements and regulatory developments. The latest version of the policy will be made available on the official event website.