Privacy and GDPR

Read more about our privacy policy and GDPR compliance

Michael Park avatar
Written by Michael Park
Updated this week

Big Team Challenge takes your and your participants' privacy seriously. We are registered with the Information Commissioner's Office, GDPR compliant and use data centres within the United Kingdom and European Economic Area (EEA). We may transfer your data outside of the UK and EEA for sub-processing but only to our trusted partners as described in our privacy policy.

As standard, the only personal information we collect about your participants is their name and email. Additionally, you can request that we collect other information which will be available to you in downloadable spreadsheets from your private admin area.

You can read our full privacy policy here.

You can also find our Data Protection Addendum here.

Big Team Challenge is a software-as-a-service provider. To ensure we provide a consistent service to all of our clients, we cannot agree to sign customers’ DPAs or make individual or specific changes to our DPA, Terms and Conditions or Privacy Policy documents. We are a small team without a dedicated legal advisor on staff, and any changes to the standard documents would require legal advice and discussion that would be time and cost prohibitive for our team.

Privacy Consent

When participants register to take part in your challenge, they are required to confirm consent to the privacy policy at The checkbox text is “I consent to the use of my data according to the Privacy Policy”. This is consent is displayed to the user when logged in and there is a delete account option for any users who wish to exercise their right to be forgotten and/or revoke consent:


Our cookie usage is referenced in the privacy policy. We do not show a specific consent popup for cookies as we only use essential cookies (for login and session), functional cookies (for our Intercom live chat) and Google Analytics for anonymous performance monitoring. Some cookies may be blocked using browser settings and plugins, while the essential session cookie is required for the website to function properly.


We have an invitation by email system which allows registered team admins to invite other users by their email address. Since we do not have full consent for the invited user, we do not store a human-readable version of their e-mail address, and we do not process or share this information for any other purpose. Invitation links automatically expire and will only be sent once per team invite. All invitation emails to non-registered users include a global unsubscribe link, allowing them to reject all future invite emails from your challenge.

Fitbit and Garmin

Users may connect to their Fitbit and Garmin device from either our mobile apps or the challenge website. This is done through an industry standard OAuth login integration, and users are shown a consent screen with the respective service on connecting:

We store a unique identifier for the user on the third party service and an authentication token to allow our background sync to work. Only daily step data is fetched / provided and we do not process or store any other health or personal data from the third party. Users may revoke consent and disconnect the app either on Big Team Challenge or via the third party, at which point we delete the identifier and token if there are no other challenges connected to the same account.

Did this answer your question?