Information pursuant to EU Regulation 2016/679 ("GDPR")
Introduction
The Data Protection is important for Data Project (referred to as “we”, “us” or “our” in this policy) and we take our responsibility regarding the security of the personal information very seriously. Data Project is the provider of the service Global Information System (GIS) which consists of: Data Warehouse, Web forms included in Web Competition Manager, Microsites, Applications and APIs to communicate with Clients App like e-Scoresheet, Data Volley, Click&Scout, TV, Organization Data Warehouse and so on. The system includes the technology and provides all the tools to accomplish the requirements of GDPR. The data used and stored in the system are added and managed by the Federation, League or Confederation (referred to as “Organization” in this policy), who is the owner of data. Data Project doesn’t transfer, sell or share information to third parties without being authorized by Organization. Data Project and Organization shall each process all personal data (as defined in Art 4 of the GDPR Regulations) in respect of the Services in accordance with GDPR requirements.
Data Controller
The Organization is the Data Controller of data stored in the GIS. Please contact the Organization for further information about its Privacy Policy.
What personal data are collected
Personal data means any information which allows us to identify a person, such as name and contact details.
In the system, we’re managing two different kinds of data:
- Personal information relating the Sport Competitions (Volleyball, Beach Volleyball, Basketball, etc) like:
- Name, gender, date of birth, Nationality, Federation of Origin, Phone Number, Picture;
- History as a Team / Organization Member;
- Statistics regarding players or coaches;
- Function in the competition / Organization (Player, Coach, Official, Referee, Media Person, etc.);
- Documents to enable a person to take part to a competition, like Transfers, Medical Certificates.
- Personal information which allows us to be in touch with a person, during and after a Sport Event:
- Addresses, email addresses, phone numbers;
- Relationship with a Club, National Federation, Confederation.
What do we use personal data for, why and for how long
Personal data may be used for the following purposes:
- To allow to a person taking part to a competition: for players, coaches, official members, it’s required that the Organization gets the most part of the personal information listed in the point 1 above;
- To give the possibility to the Organization to be in touch with a person;
- To send reminders to a person about next matches, when needed.
The Organization will only process personal data where it has a legal basis to do so. The legal basis will depend on the reasons the Organization has collected and need to use personal data for.
The Organization will not retain data for longer than is necessary to fulfil the purpose it is being processed for. To determine the appropriate retention period, the Organization considers the amount, nature and sensitivity of the personal data, the purposes for which it process it and whether it can achieve those purposes through other means.
When the Organization no longer needs personal data, it has to securely delete or destroy it. The Organization will also consider if and how it can minimise over time the personal data that uses. The database structure anonymizes personal data so that it can no longer be associated with a person or identify him/her.
Security of personal data
We follow strict security procedures in the storage and disclosure of personal data, and to protect it against accidental loss, destruction or damage. The most sensitive part of the personal data we have is encrypted in our database, in order to have an additional protection on it. When it’s needed to share it with our software used on the court, it’s protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information, so that they can be securely transferred over the Internet.
We may disclose information to third parties for the purposes set out in this Privacy Policy. This could be done through some APIs developed for this purpose. These APIs are protected by an authentication system. The Organization decides who can access to these APIs or personal data and about the appropriate technical and operational security measures in place to protect personal data, in line with EU law on data protection rules.
Personal Area
All data collected in the system will be processed in line with this Privacy Policy. From the Personal Area, a person can see all the personal data the Organization collected about him/her and be able to ask for rectifications or erasure of his/her data. These operations will be managed by the Organization who will receive the request from the person through the online system. The personal area is available only to registered users.
When the use of personal data is based on a consent, a person has the option to withdraw the consent to the processing and delete personal data at any time by clicking on the “delete” buttons provided in the personal area.
We keep the personal information related to a person until the account is active. A person may delete the personal account by clicking on the “delete” button provided in the Settings of his/her account.
Cookies and site tracking
The Web Competition Manager and Web Microsite site uses cookies to enable us to improve our service to the user and to provide certain features that the user may find useful.
Cookies are small text files that are transferred to the user computer's hard drive through the web browser. A cookie contains contact information and information to allow us to identify the computer when the user explores our site for the purpose of keeping his/her preselections. Most Web browsers automatically accept cookies, but, if the user wishes, can changes these browser settings by accepting, rejecting and deleting cookies. The "help" portion of the toolbar on most browsers will suggest how to prevent from accepting new cookies, how to have the browser notify when receive a new cookie, or how to disable cookies altogether. If the user chooses to change these settings, may find that certain functions and features will not work as intended. The cookies we use do not detect any information stored on the computers.
For more information about cookies and how to stop cookies being installed visit the following website:
www.allaboutcookies.org
Data Protection Rights
Under certain circumstances, by law the person has the right to:
- Request information about him/her whether we hold personal information and, if so, what that information is and why we are holding/using it.
- Request access to his/her personal information (commonly known as a "data subject access request"). This enables to receive a copy of the personal information we hold about it and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about him/her. This enables to have any incomplete or inaccurate information we hold about he/she corrected. The person can exercise this right from the Personal Area, where a button is provided for this purpose.
- Request erasure of his/her personal information. This enables the person to ask us to delete or remove personal information where there is no good reason for us continuing to process it. The person also has the right to ask us to delete or remove his/her personal information where he/she has exercised his/her right to object to processing (see below). A person can exercise this right from the Personal Area, where a button is provided for this purpose.
- Object to processing of personal information where we are relying on a legitimate interest (or those of a third party) and there is something about particular situation which makes a person wants to object to processing on this ground. A person also has the right to object where we are processing his/her personal information for direct marketing purposes.
- Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using personal information or profiling.
- Request the restriction of processing of personal information. This enables a person to ask us to suspend the processing of personal information about him/her, for example if he/she wants us to establish its accuracy or the reason for processing it.
- Request transfer of personal information in an electronic and structured form to the person or to another party (commonly known as a right to “data portability”). This enables the person to take his/her data from us in an electronically useable format (.xls) and to be able to transfer his/her data to another party in an electronically useable format. If the person wants to exercise this right, please be in touch with the Organization for that data.
- Withdraw consent. In the limited circumstances where a person may have provided his/her consent to the collection, processing and transfer of personal information for a specific purpose, he/she has the right to withdraw his consent for that specific processing at any time. Once we have received notification that he/she has withdrawn the consent, we will no longer process the information for the purpose or purposes a person originally agreed to, unless we have another legitimate basis for doing so in law.
If a person wants to exercise any of these rights, then log into his/her Personal Area (obtain a user account from the Organization) and fill the request in the provided text box.
A person has not to pay a fee to access his/her personal information (or to exercise any of the other rights). However, we or the Organization may charge a reasonable fee if the request for access is clearly unfounded or excessive. Alternatively, we or the Organization may refuse to comply with the request in such circumstances.
We or the Organization may need to request specific information from a person to help us confirm his/her identity and ensure his/her rights to access to the information (or to exercise any other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.