Check the workflow of personal data

[napo]

Describe the workflow of the data (registration, login, data collected, gamification) to identify potential problems of GDRP. After the decription contact @kolkata97 to be faster to have the solutions.

[silviarss]

After checking the data flow, I could see that the log-in data are completely outsourced to third parties (Auth0, Google, OpenStreetmapconnection). Each of these has its own data management rules, which we can refer to in the BikingImprover day rules. From what I have been able to understand, FBK's Gamification Engine only retains the ranking data and the user name. Is this a problem? In addition, I have seen that there is a whole section made public in which there are the regulations of the events organised by FBK (here). Not knowing much about data privacy, I would like to ask @kolkata97 to check if what I have said is correct or if there are further problems.

[kolkata97]

Dear Silvia, I have briefly reviewed the privacy policy proposed by FBK: we could definitely use it in this case. The only thing to keep in mind is that the user has to be made aware of the rules applying to his/her data, therefore you should find a way either to share the privacy policy directly with the users or to provide the link to the policy. To sum up, the privacy policy is fine for your case and we can work on the wording to present it to the user ones you have the registration form/landing page for the event.