Legal

PRIVACY
POLICY

Last updated: April 04, 2026

1. Introduction

Run Mongolia ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website and services, including event registration and payment processing. This policy applies to all visitors and users worldwide.

2. Data We Collect

Account Information

Name, email address, password (encrypted), nationality, date of birth, location, and bio when you create an account or update your profile.

Event Registration Data

Race category selections, bib numbers, registration timestamps, finish times, and race results.

Payment Information

Payment gateway, transaction identifiers, and payment status. We do not store credit card numbers or bank account details directly — payments are processed through third-party gateways (QPay and Golomt Bank).

Contact Form Data

Name, email address, subject, and message body when you submit the contact form.

Technical Data

IP address, browser user agent, and activity logs (e.g., login, registration, payment events) for security and service improvement purposes.

3. How We Use Your Data

  • To create and manage your account
  • To process event registrations and payments
  • To publish race results and leaderboards (name, nationality, bib number, and finish time)
  • To send transactional emails (registration confirmations, payment receipts, password resets)
  • To respond to your contact form inquiries
  • To maintain security and prevent fraud (IP logging, rate limiting)
  • To improve our services through aggregated, anonymized usage analytics

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar data protection laws, we process your data under the following legal bases:

  • Consent — when you create an account and agree to this Privacy Policy
  • Contract performance — to fulfill event registrations and process payments
  • Legitimate interests — for security logging, fraud prevention, and service improvement
  • Legal obligation — to comply with applicable laws and regulations

5. Cookies

We use the following cookies:

Cookie Purpose Duration
session_id Keeps you signed in (authentication) Persistent (until sign out)
_run_mongolia_session Rails session (CSRF protection, flash messages) Browser session
cookie_consent Remembers your cookie preference 1 year

We do not use third-party analytics or advertising cookies. All cookies listed above are strictly necessary for the operation of our service.

6. Data Sharing & Third Parties

We share your data only with the following third parties, as necessary to provide our services:

  • QPay and Golomt Bank — for payment processing
  • Fly.io — for application hosting
  • Cloud storage providers — for file uploads (e.g., route maps)

We do not sell, rent, or trade your personal data to any third party.

7. International Data Transfers

Our servers are hosted by Fly.io and data may be stored in regions outside your country of residence. If you are located in the EEA or UK, your data may be transferred to and processed in countries that may not provide the same level of data protection. We rely on appropriate safeguards, including standard contractual clauses where applicable, to ensure your data is protected.

8. Data Retention

  • Account data — retained until you delete your account
  • Event registration and payment records — retained for 7 years for legal and accounting purposes
  • Activity logs (IP address, user agent) — automatically anonymized after 90 days
  • Session records — automatically purged after 90 days of inactivity
  • Contact messages — retained for 2 years

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate or incomplete data via your profile settings
  • Erasure — delete your account and associated data
  • Portability — export your data in a machine-readable format (JSON)
  • Restriction — request we limit processing of your data
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — at any time, without affecting prior processing

You can exercise your right to access and export your data, update your profile, and delete your account from your profile settings. For other requests, contact us at [email protected].

10. Children's Privacy

Our services are intended for users aged 18 and older. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us and we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates the most recent revision.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Run Mongolia

Ulaanbaatar, Mongolia

[email protected]

We use essential cookies to keep you signed in and protect your account. No tracking or advertising cookies are used. See our Privacy Policy for details.