1. INTRODUCTION – WHO ARE WE?
2. HOW TO CONTACT US?
Sending a registered letter with return receipt to the registered offices of the Controller: Via Pietro Paleocapa 6, 20121 – Milan, Italy;
Sending an e-mail to the address email@example.com.
3. WHAT DO WE DO? – PROCESSING PURPOSES
The User, once the App is downloaded or through the navigation of the Webapp, can register and connect it to the technological shin guard owned by Soccerment (hereinafter referred to as the “Device”) using Bluetooth technology.
The Device allows the User to collect a series of information related to their sports performance, in order to statistically map the relevant session and make it available on the Applications (hereinafter, the “Service”). In connection with the activities that may be carried out through the App, the Controller collects personal data relating to the Users.
The Controller informs that the App or Webapp, as well as the Services offered by the Controller, can be independently used and accessed by individuals who have reached at least the age of fourteen.
Additionally, the Controller collects personal data regarding individuals under the age of 14 only with the prior authorization of at least one of the two individuals exercising parental responsibility, who guarantees, at the same time, that the other individual exercising parental responsibility also approves and accepts the data processing activities carried out by the Controller.
If the Controller becomes aware that an individual under the age of 14 is present on the Applications without the authorization of the individuals exercising parental responsibility, the Controller will promptly delete all personal data collected and associated with such individual.
The personal data of the Users will be processed lawfully by the Controller for the following processing purposes:
A. Contractual obligations, user requests processing, and service provision: to enable the navigation of the App or to make use of the Service; to fulfill specific user requests.
The personal data and information collected by the Controller for registration on the App, the provision of the Service, and the direct collection from the Device via Bluetooth technology include: name, surname, email address, date of birth, gender, country, height, weight, image, geographical location through GPS detection, statistical data related to the number of kilometres (Km) covered during the match and/or training session, the user's average and maximum speed, number of ball touches, as well as any information and/or motor action inherent to the context of the football discipline that makes the user identifiable or able to be identified.
The Controller acknowledges that no data related to heart rate and/or exertion level or measurement of the user's cardiac activity are collected through the Applications, thus making any connected or related information unavailable. Furthermore, the Controller does not collect, or process data related to calorie consumption, monitoring of vital parameters, and/or the user's health status.
The user's personal data will be used by the Controller exclusively for the purpose of verifying the user's identity (including email address validation), thereby avoiding potential fraud or abuse, contacting the user solely for service-related reasons (e.g., sending communications regarding any updates to the Device or Applications), or addressing specific requests.
By default, the User’s profile is set to “private”. If the User wishes, by using the specific functionality available in the App, the User can set his/her profile as “public” in order to make available his/her profile information to other users of the App (such as, other Users, teams, talent scout, etc.). Similarly and at any time, the User can change his/her visibility settings, and set the profile as “private”.
B. Administrative and accounting purposes:or to carry out activities of an organizational, administrative, financial, and accounting nature, such as internal organizational activities and activities necessary for the fulfilment of contractual and pre-contractual obligations;
C. Legal obligations, or to fulfil obligations provided by the law, an authority, a regulation or European legislation.
The provision of personal data for the processing purposes indicated above is optional but necessary, since failure to provide such data will make it impossible for the User to access the App and to use the Service. The personal data that are necessary to achieve the processing purposes described in this paragraph 3 are indicated as mandatory within the appropriate registration form.
4. LEGAL BASIS
Supply of the service, User’s requests and supplying the Service (as described in paragraph 3, letter a) above): the legal basis is Article 6, paragraph 1, letter b) of the Regulation, since the processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the User prior to entering into a contract.
Administrative and accounting purposes (as described in paragraph 3, letter b) above): the legal basis is Article 6(1)(b) of the Regulation, as the processing is necessary for the performance of a contract and/or the implementation of pre-contractual measures at the request of the User.
Legal obligations (as described in paragraph 3, letter b) above): the legal basis is Article 6, paragraph 1, letter c) of the Regulation, since the processing is necessary for compliance with a legal obligation to which the controller is subject.
5. PROCESSING METHODS AND DATA RETENTION PERIOD
The Controller will process the personal data of Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.
The personal data of the Users will be retained for the time strictly necessary to carry out the main purposes explained in paragraph 3 above or, in any case, as necessary for the protection in civil law of the interests of both the Users and the Controller.
In any case, any retention periods required by laws or regulations are preserved.
6. TRANSMISSION AND DISSEMINATION OF DATA
The User’s personal data may be transferred outside the European Union and, in this case, the Controller will ensure that the transfer is carried out in accordance with the Applicable Law and, in particular, in accordance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to appropriate safeguards) of the Regulation.
The employees and/or collaborators of the Controller who are in charge of carrying out App maintenance may become aware of the personal data of the Users. These subjects, who have been instructed by the Controller accordingly to article 29 of the Regulation, will process the User's data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Law. If the User sets his/her profile on the App as “public”, the related information may become visible to other users of the App (such as other Users, teams, talent scouts, etc.).
The personal data of the Users may also be disclosed to third parties who may process personal data on behalf of the Controller as “Data Processors”, such as, for example, IT and logistic service providers functional to the operation of the App, outsourcing or cloud computing service providers, professionals and consultants.
Users have the right to obtain a list of any data processors appointed by the Controller, making a request to the Controller in the manner indicated in paragraph 7 below.
7. RIGHTS OF THE DATA SUBJECTS
Users may exercise their rights granted by the Applicable Law by contacting the Controller as follows:
Sending a registered letter with return receipt to the registered offices of the Controller: Via Pietro Paleocapa 6, 20121 – Milan, Italy Sending a registered letter with return receipt to the registered offices of the Controller: Via Pietro Paleocapa 6, 20121 - Milano;
Sending an e-mail to the address firstname.lastname@example.org.
Pursuant to the Applicable Law, Users have:
the right to withdraw consent at any time, if the processing is based on their consent;
the right of access to personal data;
(where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format), the right to restriction of processing of personal data, the right to rectification and the right to erasure (“right to be forgotten”);
the right to object:
in whole or in part, for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of collection;
in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
if they consider that the processing of their personal data is in breach of the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State in which they have their habitual residence, in the Member State in which they work or in the Member State in which the alleged breach has occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, located in Piazza Venezia n. 11, 00187 – Rome (http://www.garanteprivacy.it/).