MapRun - Managing Personal Information (PI)
MapRun’s primary purpose is to allow Orienteering Clubs to run orienteering events using GPS-based punching of controls, with results (and runners tracks) being automatically published to a website.
The Personal Information (PI) held in MapRun is:
After a user has participated in an Event, MapRun will also store the following information:
Privacy Details:
2. If point 1 above does not preclude the use of MapRun in the particular circumstances, then the matter of the controls over the access to and storage of PI are relevant:
The PI mentioned above is stored in the MapRun App in the user’s phone:
PI is transmitted to the MapRun Server when a result is "uploaded":
The user can also import/export PI to/from Garmin Connect and Strava:
PI is stored on the MapRun Server:
Personal Information in underlying System Services:
Communications based on PI:
Syndication of User Data:
Live Tracking:
Privacy Policy and Terms of Use:
Access to Personal Information by MapRun Administrators:
Requests to Remove Personal Information:
- Requests to delete personal information from the system are to be sent to [email protected]
Guidance for Use of MapRun in Schools
To maximise the protection of the privacy of student PI, and to maintain confidentiality of their activities (if desired):
Version: Updated 29 Oct 2021
The Personal Information (PI) held in MapRun is:
- First name and Surname - to show in the results list
- Email address - to allow emailing of individual results and details of the next event
- Postal code - for statistics
- Year of Birth (NOT date of birth) - to put participants in age bands
- Gender - to put participants into M/F categories
- Phone number (optional) - useful to allow organisers to contact participants who are are late returning to the finish
- Club/Team (optional) - to allow participants to associate themselves with a club or to run as a team.
After a user has participated in an Event, MapRun will also store the following information:
- An Orienteering result in the Event (total time and time between control points), and
- A GPS-track for the person's route taken during the event.
- If "Live Tracking" is switched on for the particular event, and the person has not turned this off for themselves individually, the MapRun Administrator for the event will have restricted access to a near-real-time display of the person's location whilst participating in the event. Live Tracking is a specialist feature that is rarely activated.
Privacy Details:
- The fundamental purpose of MapRun is to track a user’s location and upload and publish their name, result in an event, and the track they ran. In some cases this may be inconsistent with an individual’s situation/circumstances.
- For example the guardian of a child at school, may not want the fact that the child is at that school, or has been in a particular location (historically), to be disclosed.
- In such cases:
- Events could be set to not auto-upload results
- None of the fields in “User Details” in MapRun are validated against any reference source. Accordingly, aliases, anonymised data, or random values can be used to avoid providing PI.
- Additionally a “School Mode” is proposed which would result in any results that are uploaded being anonymised (and no PI being stored anywhere except on the phone itself). Organisers would set “School Mode” for an event during the event setup process.
2. If point 1 above does not preclude the use of MapRun in the particular circumstances, then the matter of the controls over the access to and storage of PI are relevant:
The PI mentioned above is stored in the MapRun App in the user’s phone:
- PI is stored within the private storage of the Android/iOS MapRun App
- There is no password to login to the MapRun App, so anyone who can access the the user's device (and can unlock it, if it is locked) could examine (and alter) the PI within MapRun.
- This is typical of smartphone Apps and it is considered to be the user’s responsibility to manage access to their device.
PI is transmitted to the MapRun Server when a result is "uploaded":
- HTTPS (TLS 1.3) is used for end-to-end encryption of this transmission.
The user can also import/export PI to/from Garmin Connect and Strava:
- A user using MapRun on their Garmin watch can import an “activity” from their watch to MapRun on their phone (after authenticating in Garmin Connect). This transfer is encrypted.
- A user can export their track to Strava (after authenticating in Strava). This transfer is encrypted.
PI is stored on the MapRun Server:
- The MapRun servers (and associated backups and development tools) are hosted by Amazon Web Services (in multiple “zones” within their Asia Pacific (Sydney) “Region”).
- The service is hosted on AWS ec2 Linux instances. These instances are patched to the latest patch state from AWS.
- The service is hosted in a Virtual Private Cloud (VPC), with defined Security Policies (AWS Security Group with defined inbound and outbound rules), behind an Application Load Balancer (ALB) which restricts/directs internet traffic to the relevant services.
- MapRun Administrator accounts are created by the system owner, upon request. Administrators login to an Administrator Console with a username and a password. They have access to only events that are within certain folders to which their account has been given access. Administrator activity is logged. HTTPS is used.
- The MapRun website (www.maprunners.com.au) contains general informal about MapRun. It also provides a link to the results for Events. This website is hosted by Weebly (https website) and uses Weebly's in-built mechanism for user confirmation of the use of cookies.
Personal Information in underlying System Services:
- MapRun runs on Android and iOS. Google and Apple have control of these operating systems. They may have enabled access to user information on these systems for their diagnostic, statistical or other purposes.
- Google and Apple track the usage of Apps. This usage is available in Consoles that are secured to the owner/developers of Apps. These systems could potentially include PI, but generally only show data in aggregate.
- MapRun uses Google Firebase services in the MapRun App for crash reporting (and in cases where real-time tracking is enabled, also its Cloud Firestore service). PI may be included in crash logs and tracking records. This information is secured using Google access control facilities.
- Google Firebase (Hosting) is also used to host the MapRun Console used by MapRun Administrators to manage MapRun Events. PI will be visible to MapRun Administrators when managing results.
Communications based on PI:
- MapRun Administrators are provided with tools to send mail-merge emails to lists of participants in events. The data available to Administrators is the PI mentioned above as well as results and track information from historic events.
Syndication of User Data:
- MapRun does not create a persistent unique ID for each runner (and no link is made to any social media identity or similar). MapRun identifies uses in a minimalist way, that is, simply by the firstname and surname provided via the App.
- MapRun does not include advertising nor does it use an Advertising Identifier (IDFA).
- MapRun does not share usage info with other Apps (except to the extent that the user explicitly connects with Garmin Connect and/or Strava).
Live Tracking:
- MapRun includes a facility to allow live tracking of participants, for safety and progress-tracking purposes. This needs to be explicitly enabled by the Administrator of an Event.
- The real-time location of participants is only visible in the “MapRunView” App. This App is NOT generally available via the App Stores, and is limited to users who have a MapRun Administrator account and who have their access explicitly enabled by the system owner.
- The default setting is that Live Tracking is turned off for all types of Events.. Even if the Event is set to have live tracking, each user can over-ride this on their phone.
Privacy Policy and Terms of Use:
- All users of MapRun are required to agree to the User Agreement & Privacy Policy
Access to Personal Information by MapRun Administrators:
- Statistics reports are available to Event Administrators.
- Administrators can edit and delete result information.
- Administrators can export MapRun results to Orienteering club/state/national results systems (eg Eventor in Australia).
Requests to Remove Personal Information:
- Requests to delete personal information from the system are to be sent to [email protected]
Guidance for Use of MapRun in Schools
To maximise the protection of the privacy of student PI, and to maintain confidentiality of their activities (if desired):
- The MapRun Administrator should consider having students use anonymised names and email addresses
- This will mean that a results table and tracks can still be published, so results can be easily compared and analysed, but without disclosing PI.
- Use “School Mode” if it is available to automatically anonymise personal information.
- Alternatively, turn-off auto-upload and instruct students NOT to manually upload their results. (but in this case, no combined results table will be available).
- If anonymised names are not used:
- Consider NOT enabling Live Tracking (unless the benefits of the support it provides in finding a lost participant outweighs other concerns).
Version: Updated 29 Oct 2021