Privacy Policy
Last updated: 4 June 2026
Draft · review with legal counsel before publishing
This text is a starting point with placeholder data (tax ID, address, contact). Replace with real data and have a lawyer review it before treating it as legally valid.
This Privacy Policy describes how Push Rider processes the personal data you provide through the website pushrider.com and associated services, in compliance with Regulation (EU) 2016/679 General Data Protection Regulation (GDPR) and Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD, the Spanish implementing law).
1. Data controller
- Controller:
- [LEGAL NAME — PLACEHOLDER]
- Tax ID:
- [XX-00000000-X — PLACEHOLDER]
- Registered address:
- [STREET, NUMBER, POST CODE, CITY, PROVINCE — PLACEHOLDER]
- Email:
- privacidad@pushrider.com
- Data Protection Officer:
- [NAME / EMAIL — PLACEHOLDER, REQUIRED ONLY WHERE APPLICABLE]
2. Data we collect
2.1. Visit data
Anonymous technical information about the device, browser and pages visited. Some of this data is obtained through analytical cookies (see Cookie Policy).
2.2. Application form data (/en/apply/)
When you fill in the programme application form, we process the following data:
- Identifying data: first name, surname, date of birth, occupation.
- Contact data: email, phone number.
- Sports data: FTP, weekly training hours, years of experience, target race and free message.
2.3. Data as a programme client
If your application is approved and the service is formalised, additional sports tracking data (training sessions, weekly diets, conversations with the coach) and contractual and billing data will be generated or processed.
3. Purposes and legal basis
We process your data for the following purposes:
- Handling your information request or programme application. Legal basis: application of pre-contractual measures at the data subject's request (Art. 6.1.b GDPR).
- Provision of the contracted service: sports tracking, delivery of plans and communication with the coach. Legal basis: performance of a contract (Art. 6.1.b GDPR).
- Compliance with legal obligations: invoicing, accounting, response to administrative or judicial requests. Legal basis: compliance with a legal obligation (Art. 6.1.c GDPR).
- Sending informational communications: operational emails related to your account or programme. Legal basis: performance of the contract.
- Sending commercial communications: only if you have given your explicit consent (Art. 6.1.a GDPR).
- Statistical analysis of website usage: via analytical cookies, subject to your consent (Art. 6.1.a GDPR).
4. Retention periods
- Unsuccessful applications: 12 months from the last communication.
- Contractual and billing data: for the duration of the contract and the legally required periods after its termination (minimum 6 years for commercial and tax purposes).
- Data for commercial communications: until you withdraw your consent.
- Analytical data: 14 months (default Google Analytics 4 configuration).
5. Recipients and data processors
To provide the service, we work with technology providers who act as data processors under contract. The main ones are:
- Cloud infrastructure provider: Hetzner Online GmbH (Germany, EU).
- Transactional email: Resend, Inc. (United States, under standard contractual clauses).
- Analytics: Google LLC (Google Analytics, United States, under standard contractual clauses). Only if you have given consent.
We do not transfer data to third parties other than those described above, except where legally required.
6. International transfers
Some of our providers are based outside the European Economic Area (specifically in the United States). In these cases we ensure an adequate level of protection through standard contractual clauses approved by the European Commission and, where applicable, certifications under the EU-US Data Privacy Framework.
7. Your rights
As a data subject you may exercise the following rights at any time:
- Access to your personal data.
- Rectification of inaccurate or incomplete data.
- Erasure when the data is no longer necessary.
- Objection to and restriction of processing.
- Data portability for data you have provided to us.
- Withdrawal of consent at any time (without affecting the lawfulness of prior processing).
To exercise any of these rights you can write to privacidad@pushrider.com, stating the right you wish to exercise and enclosing a copy of a document proving your identity.
If you consider that the processing of your data does not comply with applicable law, you may lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.
8. Security measures
We apply appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including encryption in transit (TLS), role-based access control, encrypted backups and data minimisation.
9. Changes to this policy
This Policy may be updated to reflect legislative, technical or operational changes. The current version will always be the one published on this site, with its "last updated" date shown at the top of the document.