- PlayerData Limited (SC571960) (“PlayerData”, “we”, “our” and “us”) takes the issue of security and data protection seriously and adheres the Data Protection Act 2018, the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and any other applicable data protection laws.
- We are data controller of any personal data that you provide us, or we are provided with from a third party and that we may use for our own purposes, in accordance with this policy.
- We are data processor of any personal data your club/team has asked us to process within the scope of the contract we hold with them as data controllers.
- Here you can find out how our website works, what data we collect from you through our website and technology, how we use it, conditions where we may disclose this data to others, and how we keep it secure.
- Any questions relating to this policy and our privacy practices should be sent to firstname.lastname@example.org.
- It is important that you read this policy together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you so that you were fully aware of how and why we are using your information. This policy supplements the other notices and is not intended to override them.
2. HOW WE COLLECT INFORMATION FROM YOU AND WHAT INFORMATION WE COLLECT
- We may collect your personal information in the following ways:
i. by us providing our analytics services to you and / or your associated club and, in doing so, you wearing our technology which transmits personal information about you to us;
ii. from your sports club;
iii. you may give us information about you via our website, or by corresponding with us by e-mail, telephone or in person. This includes information you provide when reporting a problem with our website or technology, or when you correspond with us for any purpose; and
iv. by visiting our website we may automatically collect technical information which may form personal information.
- We may collect the following personal information about you:
i. personal contact details such as your name, telephone number, postal address and e-mail address;
ii. data of birth;
iv. health information (a special category of personal data under the GDPR) as provided by our technology including but not limited to heart rate, respiration rate and limb positional data;
v. locational data using GPS and / or external satellite reference sensors; and
vi. technical information including your IP address, browser type and clicks on our website from your use of our website (for further information see our section on cookies below).
- We may also collect and hold photographs and video footage for marketing purposes. This will be done through your sports club and be subject to consent. If you have given us your consent to use your image in this way, you are entitled to withdraw your consent at any time. Should you wish to exercise this right, please contact email@example.com.
3. WHY WE NEED THIS INFORMATION ABOUT YOU
- We collect and process personal information held about you in accordance with the following legal bases:
i. the processing is for our legitimate interests or those of a third party; and/or
ii. we have your explicit consent to do so (see section 3 below); and/or
iii. to enable us to perform a contract for products or services with you or your team / club
- We need your information and use the information we collect about you:
i. to enable us to supply you, and your club, with the products and services requested;
ii. to help our understanding of how our website and technology is used and to improve our website and technology to ensure that content is presented and technology functions in the most effective manner;
iii. to collect information that will help us develop and improve our services;
iv. to be able to respond to your query;
v. for marketing and social media purposes; and
vi. for all other purposes consistent with the proper performance of our operations
- To collect, process and transfer to your club your personal information relating to your health, we require your explicit consent. We will seek your consent to process this information before we collect and process it and will keep a record of this consent. You have the right to withdraw your consent to us processing personal data about your health at any time by emailing to firstname.lastname@example.org. Please be aware that if we do not have your consent to process your health data, our ability to provide our services to you may be limited.
- We will only use your personal information for the purposes for which we collected it as detailed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so, or we will seek your consent if required.
- Unless you are notified otherwise, we will not use profiling, or automated decision making in any form, to make important decisions that will affect you.
- Cookies are small text files, placed on your hard disk by a web page server. They are uniquely assigned to you, and can only be read by a web server in the domain that issued the Cookie to you.
- We use encrypted information gathered from Cookies to improve your online experience.
- We use per session Cookies which are deleted after a set period of time. Each cookie is stored for only as long as required. More specifically we use the following Cookies which carry out the functions described:
i. _hjAbsoluteSessionInProgress This is a HotJar cookie used to detect the first pageview session of a user.
ii. _hjTLDTest This is another HotJar cookie that determines the most generic cookie path to be used to share cookies across subdomains where applicable.
iii. _gat_UA- This is a pattern type cookie set by Google Analytics in order to measure performance and limit the amount of data recorded by Google on high traffic websites.
iv. _ga This is another performance cookie which is used to distinguish unique users by assigning a randomly generated number to identify them. This automatically expires after 2 years.
v. _hjIncludeInPageviewSample This is a HotJar cookie used to determine whether the visitor is included in the data sampling on the site.
vi. _hjid This HotJar cookie is used to persist the random user ID, unique to that site on the browser. This is so that behaviour in subsequent visits is attributed to the same user ID.
vii. Facebook targeting cookies are used to collect data on the interests of viewers.
viii. _fbp This Facebook targeting cookie is used to deliver a series of advertising products from third party advertisers.
ix. _gat_gtag_xxxxx These are Google Analytics cookies used to determine how you got to the site, how long you stayed and how many times you have visited.
x. _gid This performance cookie is used to store and update a unique value fr each page visited.
xi. fr This targeting cookie is used to target advertising with browser and user unique ID combinations.
- If you wish to restrict or block the cookies which are set by our website, or indeed any other website, you can do this through your browser settings. If you chose to restrict or block any cookies, this will result in certain features of the website not being provided, including not being able to log in to the application, and accordingly you will not be able to take full advantage of the website’s features.
5. DATA SECURITY
Please be aware that the transmission of information via the internet is not always completely secure. Although we will do our best to protect your personal data, we cannot guarantee the complete security of your data transmitted to us electronically; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to restrict unauthorised access.
6. SHARING OF YOUR INFORMATION
1. The information you provide to us will be treated by us as confidential. We may disclose your information to third parties who act for us for the purposes set out in this notice or for purposes approved by you, including those parties which provided us with hosting, storage and email services. Third parties we use include;
- Facebook & Facebook Analytics
- Google Cloud Platform
- Google Analytics
- Firebase Analytics
- Server Central
- Amazon Web Services
- Packet Cloud
- Digital Ocean
2. We will transfer your personal data to your club and, as detailed above, we require your consent to transfer your health data.
7. TRANSFERS OUTSIDE THE UK
- We may transfer your personal data outside of the UK if necessary for the purposes detailed in this policy, namely to third parties as described above if they are based outside the UK [or to your team / club if they are based outside of the UK].
- Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented where required:
i. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission (Please click here for further information); and
ii. Where we use certain service providers based outside of the UK in a third country which has not been deemed to provide an adequate level of protection as set out above, we will put in place appropriate safeguards which may include specific contracts approved by the European Commission which give personal data the same protection it has in Europe (Please click here for further information).
Please contact us at email@example.com if you’d like further information about how we may share your data to countries outside of the UK and what additional measures and appropriate safeguards we put in place.
8. HOW LONG WE WILL KEEP YOUR INFORMATION
- We review our data retention periods regularly and will only hold your personal data for as long as is necessary for the relevant activity, or as required by law (we may be legally required to hold some types of information).
- Where we have a contract with you under which we are required to provide products or services to you, we will retain your personal data for the duration of our contract with you and for one year afterwards
- We determine the retention period with reference to volume, nature and sensitivity of the data and any associated risk to you from unauthorised disclosure of your personal data.
- We may retain data in anonymised form for longer periods for research and development purposes.
- Retention periods:
i. Data required to fulfil our obligations under a contract – for the duration of the contract plus one year afterwards.
ii. Data required for legitimate business interest – we may retain data in anonymised format for longer periods for research and development purposes. All other forms of personal data will be held for as long as necessary to fulfil the purpose it was collected for.
9. YOUR RIGHTS
- Under certain circumstances, by law you have the right to:
i. request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
ii. request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
iii. request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
iv. object to the processing of your personal information where we are relying on a legitimate interest (or a legitimate interest of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;
v. request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
vi. withdraw your consent to our processing of your personal data where we rely on your consent as our legal basis to do so; and
vii. request the transfer of your personal information to another party.
- If you wish to discuss or exercise any of these rights, please contact firstname.lastname@example.org.
- You also have the right to complain to the Information Commissioner’s Office in relation to our use of your information. The ICO’s address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. The helpline number is: 0303 123 1113.