Privacy Policy – Challengr

1. Our policy in brief

Challengr (Sodifin NV, trading name Challengr) attaches great importance to the protection of personal data. We process personal data securely, transparently, and lawfully in accordance with the General Data Protection Regulation (GDPR). This statement explains which personal data we collect, how we use it, and what rights users have.

2. Who is Challengr?

Data Controller:

Challengr acts as the data controller for all data processed to operate the platform and application. The client/organization using the platform may act as a joint controller or an independent controller for the processing of personal data of its employees or collaborators. These arrangements are laid down in a separate Data Processing Agreement (DPA).

3. Data we collect

We collect and process various categories of personal data, depending on how the Challengr platform is used:

• Identification and contact data: name, first name, e-mail address, phone number, department, location, and language.
• Account data: username, password (encrypted), and login history.
• Activity data: participation in events and challenges, posted photos, comments, and received Coins.
• Photos and media content: photos uploaded by users, including date, time, and possible metadata.
• Technical data: device type, browser, IP address, and cookies (as described in our Cookie Policy).

Sensitive or health-related data are only processed when the user has explicitly given consent, for example when connecting third-party sports apps or participating in specific sports challenges.

4. Why we process your data

We process personal data for the following purposes:

• To operate the Challengr platform and manage user accounts.
• To enable participation in events, challenges, and internal communications.
• To allow sharing of photos within the organization and (optionally) activation on social media.
• To allocate Coins according to the organization’s settings.
• To send recap e-mails, event reminders, and other functional notifications.
• To improve user experience and platform performance.

Data is never sold to third parties. We only process what is necessary to deliver our services. Processing is based on Article 6 GDPR: performance of the contract, legitimate interest (internal communication), or user consent (when linking external apps).

5. Integration with third-party applications

Users may voluntarily connect external applications to their Challengr account, such as Apple Health, Google Fit, Garmin Connect, Strava, Fitbit, or Polar Flow. This happens only after explicit consent by the user. Consent can be withdrawn at any time via the app or device settings. Challengr has no control over these external services and refers to their respective privacy policies.

6. Location data

Challengr processes a user’s location data only during the tracking of activities for which the user has explicitly granted permission — either to the Challengr activity-tracking tool or an externally linked tracker. The user decides whether GPS coordinates and/or timing of activities are publicly visible in the app. Users can switch their uploaded activities to Incognito mode at any time.

7. User data during events

An organization’s Admin may export or share participant lists with third parties (such as event organizers or partners) for the execution of an event. The Admin determines which data is shared. Challengr is not a party to this process and bears no responsibility for the accuracy or further use of these data by third parties.

8. Photos and social media

Photos uploaded by users within the Challengr platform may be used by their organization’s Admin for company-related communications such as newsletters, slideshows, or public social media posts. Challengr itself does not use these photos for its own promotion, except for images that were publicly shared by the company or the user. When sharing externally on social media, a shareable file is generated (possibly including the company logo or event name) and shared through the app chosen by the user. Challengr has no access to or interaction with the social media platform itself.

9. E-mail communication

Users receive functional e-mails related to their use of the platform. These include onboarding messages, event participation confirmations, reminders, meeting requests, recap e-mails with photos, and communication activated by the Admin (e.g. blog posts or announcements). The frequency of these e-mails depends on the workspace settings and the user’s personal app preferences.

10. Data retention

Challengr retains personal data only as long as necessary to provide its services or comply with legal obligations. When an account is deleted or a contract ends, data is anonymized or deleted within a reasonable period, unless retention is required by law.

11. Data security

We apply both technical and organizational measures to protect personal data from loss, misuse, unauthorized access, or disclosure. Our servers are located in the European Union (Brussels Interxion 1 – Zone 1.3) and are subject to strict security standards, including TLS 1.3 encryption, firewalls, access control, and an Incident Response Plan. A full overview of all subprocessors and their security measures is available in our Security & Privacy Overview.

12. Rechten van betrokkenen

Users have the right at any time to:

• access their personal data;
• correct inaccurate data;
• have their data erased (“right to be forgotten”);
• restrict or object to specific processing activities;
• receive their data in a portable format (“data portability”);
• withdraw consent where processing is based on consent.

Requests can be sent to info@challengr.be. We process all requests within the legal timeframe of 30 days.

13. Complaints and supervision

If a user believes that their data is being processed unlawfully, they may contact our Data Protection Officer (DPO) at bart@challengr.be or info@challengr.be.

Every data subject also has the right to lodge a complaint with the Belgian Data Protection Authority (GBA):

14. Changes to this policy

Challengr reserves the right to modify this Privacy Policy at any time. Significant changes will be communicated via e-mail or a notification within the platform. The latest version is always available at www.surplusmarketing.be/challengr/privacy/.