LAST UPDATED: May 23, 2018
Bank of America N.A. (“the bank,” “we”) collects personal data from participants for the Bank of America Chicago Marathon (the “Chicago Marathon”) offline and through the website operated by us from which you are accessing this Privacy Notice: https://www.chicagomarathon.com/ (the “Website” and together with the Marathon, the “Services”). Participants can include event participants, volunteers, staff, and other event partners. This Privacy Notice explains how we collect, use, share and protect that Personal Data.
The bank works with Chicago Event Management (CEM), as an agency, to produce the Chicago Marathon. CEM develops, manages and produces the Chicago Marathon.
Personal Data We Collect
We collect Personal Data (information that identifies or relates to an identifiable individual), which may include:
- Postal address
- Email address
- Phone number
- Date of birth
- Account and payment information
- Qualification details (including times and events) and
- Whether an individual wishes to participate in any disability designated events.
How We Collect Personal Data
You provide us with your Personal Data when you sign up for a newsletter or register to participate in the Marathon.
Uses of Personal Data
We use Personal Data to facilitate your Chicago Marathon registration and participation, and ensure that all participants in the event have a safe and enjoyable experience. This data may be used for the following business purposes including:
- providing the functionality of the Services and fulfilling your requests including to;
- provide notifications concerning the Chicago Marathon;
- provide the Services’ functionality to you, such as arranging access to your registered account, and providing you with related customer service, responding to your requests and inquiries;
- complete your registrations, and provide you with related customer service;
- send administrative information to you, such as changes to our terms, conditions and policies;
- answer frequently asked questions, to ensure you have Chicago Marathon materials (including race bib, participant guide, results book, any ancillary purchases made at the time or registration, and digital coupons);
- enhance your experience of the event;
- track and record your event results; and
- ensure the health and safety of all participants.
We will engage in these activities to manage our contractual relationship with you and/or to comply with our legal obligations. In addition, the Chicago Marathon and its partners have a legitimate interest in using the data to ensure a safe event for all.
We may also use your Personal Data to send marketing communications such as by sending you newsletters. We will engage in this activity with your consent or where we have a legitimate interest.
We may also use your Personal Data to accomplish our business purposes, such as for:
- data analysis, for example, to improve the efficiency of our Services;
- audits, to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements;
- fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft;
- developing new events;
- enhancing, improving, or modifying our current products and services;
- identifying usage trends, for example, understanding which parts of our Services are of most interest to users;
- determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users; and
- operating and expanding our business activities, for example, understanding which parts of our Services are of most interest to our users so we can focus our energies on meeting our users’ interests.
We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.
Disclosure of Personal Data
We may disclose Personal Data to:
- Our third party service providers to facilitate services they provide to us. These services can include providers of services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services; and third party payment processors. When required by applicable law, we will enter into contractual agreements with such providers; and
- Event vendors, organizers, volunteers, contractors, sponsors and vendors to facilitate the Chicago Marathon. When required by applicable law, we will enter into contractual agreements with such providers. Certain of these parties may receive Personal Data in the course of providing their services or as a component of their sponsorship agreement
Other Uses and Disclosures
We may also use and disclose Personal Data as we believe to be necessary or appropriate to do so:
- to comply with applicable law including treaties or agreements with or between foreign or domestic governments (including in relation to tax reporting laws), which may include laws outside the country you are located in;
- to respond to requests from public and government authorities, which may include authorities outside your country;
- ·to cooperate with law enforcement, governmental, regulatory, or other similar agencies or authorities to which we or our affiliates are subject or submit;
- to courts, litigation counterparties and others, pursuant to subpoena or other court order or process or otherwise as reasonably necessary, including in the context of litigation, arbitration and similar proceedings to enforce our terms and conditions, and as reasonably necessary to prepare for or conduct any litigation, arbitration and/or similar proceedings; and
- to enforce our terms and conditions and protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
In addition, we may use, disclose or transfer Personal Data to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquiring entity and its advisors.
We do not collect medical or health data at the time of registration. Participants may, however, tell us that they would like to participate in the Athletes with Disabilities program. This information is used only to the extent necessary to facilitate any disability accommodations.
In the event a participant seeks medical attention during an event, personnel at medical aid stations may collect and store individually identifiable medical information during this encounter.
“Other Information” is any information that does not reveal a person’s specific identity or does not directly relate to an identifiable individual, such as:
- Browser and device information;
- App usage data;
- Information collected through cookies, pixel tags and other technologies;
- Demographic information and other information provided by you that does not reveal a person’s specific identity;
- Information that has been aggregated in a manner that it no longer reveals a person’s specific identity; and
- Survey responses and similar information which reveals views and preferences, but which does not reveal a person’s specific identity.
If we are required to treat Other Information as Personal Data under applicable law, then we may use and disclose it for the purposes for which we use and disclose Personal Data as detailed in this Privacy Notice.
Collection of Other Information
We and our service providers may collect Other Information in a variety of ways, including:
- Through a browser or device: Certain information is collected by most browsers or automatically through devices, such as a Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) being used. We use this information to ensure that the Services function properly;
- Using cookies: Cookies are pieces of information stored directly on the computer being used. Cookies allow us to collect information such as browser type, time spent on the Services, pages visited, language preferences, and other anonymous traffic data. We and our service providers use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize the user’s experience. We also gather statistical information about use of the Services in order to continually improve their design and functionality, understand how they are used and assist us with resolving questions regarding them. We do not currently respond to browser do-not-track signals;
- Most browsers allow individuals to automatically decline cookies or be given the choice of declining or accepting a particular cookie (or cookies) from a particular website. Please refer to http://www.allaboutcookies.org/manage-cookies/index.html for more information. Declining cookies may cause certain parts of the Services to cease working;
- Using pixel tags and other similar technologies: Pixel tags (also known as web beacons and clear GIFs) may be used to, among other things, track the actions of users of the Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Services and response rates; and
Uses and Disclosures of Other Information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Data. If we do, we will treat the combined information as Personal Data as long as it is combined.
We seek to use reasonable organizational, technical and administrative measures to protect Personal Data within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure please immediately notify us in accordance with the “Contacting Us” section below.
We will retain Personal Data for as long as it is needed or permitted in light of the purposes for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
We do not solicit individuals under the age of sixteen (16) to register for the Chicago Marathon, and we do not knowingly collect Personal Data from individuals under 16. We require parental consent for the processing of personal data for individuals under sixteen.
Jurisdiction and Cross-Border Transfer
Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers, including the United States, and by using the Services you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies or regulatory agencies in those countries may be entitled to access Personal Data.
Additional Information Regarding the EEA
Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as the standard contractual clauses adopted by the European Commission to protect your Personal Data. You may obtain a copy of these measures by following this link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en]
We may seek your consent to send communications regarding future races and events and marketing communications from sponsors. We will ask you to opt in to receiving these communications, which may be revoked by you at any time.
We give you choices regarding our use and disclosure of your Personal Data for marketing purposes.
You may opt-out from:
- Receiving electronic communications from us: If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by clicking the unsubscribe link located at the bottom of each email message; an
- ·Our sharing of your Personal Data with unaffiliated third parties, such as sponsors, for their direct marketing purposes: If you would prefer that we discontinue sharing your Personal Data on a going-forward basis with unaffiliated third parties for their direct marketing purposes, you may opt-out of this sharing by: contacting firstname.lastname@example.org or, in the case of text messages, texting “STOP”.
We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.
How You Can Access, Change or Suppress your Personal Data
If you would like to request to review, correct, update, suppress, restrict or delete persona data that you have previously provided to us, object to the processing of Personal Data, or if you would like to request to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent this right of portability is provided to you by applicable law), you may contact us as described in the “Contact Us” section below. We will respond consistent with applicable law.
In your request, please make clear what Personal Data you would like to have changed, whether you would like to have the Personal Data suppressed from our database or otherwise let us know which of the above limitations you would like to put on our use of the Personal Data. For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.
Updates to this Privacy Notice
We may change this Privacy Notice from time to time. The “LAST UPDATED” legend at the top of the Privacy Notice indicates when it was last revised. Any changes will become effective when we post the revised Privacy Notice. Continued use of the Website signifies acceptance of the revised Privacy Notice.
If you have any questions regarding this Privacy Notice or the Bank of America Chicago Marathon, please e-mail us at email@example.com or call 312.904.9800 during regular business hours.
Bank of America Chicago Marathon
135 South LaSalle Street, Suite 1160
Chicago, IL 60603
Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.
Additional Information for the European Economic Area (EEA)
You may contact our EU Data Protection Officer at BAML.EUDPO@baml.com
Individuals may also file a complaint with a supervisory authority in the EEA competent for their relevant country or region. A list of data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.