Privacy Policy
ABOUT US
- We are Performa Sports Ltd a company registered in Northern Ireland, with registered office at 87 Drumnacanvy Road, Portadown, Co Armagh, BT63 5LY, and registered number: NI604529 (we, us, our).
- We are a team of sports people focused on evolving the role, speed, and simplicity of mobile and cloud technology as a game-changer for performance analysis and coaching. We specialise in the integration of analysis within the coaching process for athlete development using our Performa Sports application and integrated cloud analytics platform (such platform, Performa). The provision of Performa, our Services.
ABOUT THIS NOTICE
- In order to provide our Services, we may need to process Personal Data from time to time (that is information about someone who can be identified from the data). This Personal Data may be about you or other people. This notice explains how we will use the Personal Data we hold.
- This notice only deals with our use of Personal Data. If you use Performa to upload Personal Data, it may be accessible to other users. People who may access Personal Data uploaded on to Performa are not bound by this privacy notice.
- We might need to change this privacy notice from time to time. We will publish our privacy notice on our website (available at www.performasports.com) and do our best to update you directly if we think the changes might affect you. Please do keep an eye on our notice before sending us any Personal Data.
- All of the defined terms in this notice are explained in paragraph 14 below. If you have any questions about this notice, feel free to send us an email to dpo@performasports.com
WHO DO WE HOLD PERSONAL DATA ABOUT?
- We hold Personal Data about the following groups of people (Data Subjects):
- Customers: that is businesses (in each case including key contact data) which enter into a contract for services with us;
- Prospective Customer: that is any businesses which we think might be interested in our Services (including any Prospective Customer which has engaged in a free trial), but which have not entered into a contract with us (including their key contacts);
- Permitted Users: that is anyone designated by our Customer to access and use Performa under the Customer licence. This might be coaches, schools, boards, committees (Administrative User) or a member of a sports team (Team User); or
- Academic Partners: that is parties (or their key contacts) with whom we may share (anonymised) aggregate data collected from a Permitted User’s use of Performa.
ARE WE A CONTROLLER OR A PROCESSOR?
- We are a Controller in respect of the Personal Data that we hold about Customers, Prospective Customers and Academic Partners as well as any usage data which we collect from or about Permitted Users (since we collect this to make sure Performa is being used in accordance with our terms of use).
- We are a Processor in respect of the personal data that our Clients’ provide us with relating to Permitted Users (which is likely to be identity, contact details, relationship with the Client and usage rights). We will only use this data in accordance with our Client’s instructions to provide access to Performa.
WHERE DO WE COLLECT PERSONAL DATA FROM?
- We might collect Personal Data in the following ways:
- Information an individual provides us with directly: For Customers and Prospective Customers this is likely to include:
- Identity data of their key contacts
- Information about their business, workforce and needs
- Information about their requests, disputes, complaints or feedback
- Information about their marketing preferences
- Payment details
- Transaction data about services they have purchased
- Any information which they or their staff provide us with when they contact us, whether by post, email or telephone
- Identity, contact and login details
- Email, photographs, videos (and any other content uploaded on to Performa)
- Information about their sports participation record
- Information about their requests, disputes, complaints or feedback
- Information about their marketing preferences
- Any information which they provide us with when they contact us, whether by post, email or telephone
- Identity data of their key contacts
- Information about their business, workforce and needs
- Information about their requests, disputes, complaints or feedback
- Information about their marketing preferences
- Any information which they provide us with when they contact us, whether by post, email or telephone
- Information which we collect from users of our website and/or Performa. This is likely to include:
- Usage data about how a website visitor uses our website
- Traffic data: which might include information about websites, ads or links clicked on by our the user before, during or after visiting our website
- Technical data: which might include information about the device used by the user to access our website
- We may also collect, use and share Aggregated Data from use of Performa Aggregated Data may be derived from Personal Data but will be aggregated so that it cannot be used to identify an individual, it is not Personal Data
- Information which we might collect from third parties. This is likely to include:
- We will receive details (including names, contact details, job description and/or usage rights) about Permitted Users from our Customers.
- Our sales team might carry out some research (by looking at business websites and other public registers or social media sites) to identify Prospective Customers.
- We may handle Special Categories of Personal Data if a user uploads details about their height and weight. Any such data would be handled by us as a processor. Special Categories of Personal Data includes details about an individual's race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data.
- We recognise that some of the data (including Special Categories data) uploaded by Permitted Users may include data relating to children under the age of 13. It is the responsibility of the party uploading the data to ensure that proper consent has been obtained.
HOW WILL WE USE THE PERSONAL DATA WE HOLD AND WHAT IS OUR LAWFUL BASIS FOR DOING SO?
- We may use Personal Data relating to our Clients and Prospective Clients for the processing activities set out in the table below.
PURPOSE/ACTIVITY DESCRIPTION LAWFUL BASIS To provide our services To facilitate the set-up of the relevant profiles and manage payment. Necessary for the performance of the contract for the provision of our services or taking steps necessary to enter into a contract. To manage our relationship with you To notify you of updates to our services or software or updates to our privacy notice Necessary for the performance of the contract for the provision of our services or taking steps necessary to enter into a contract. Administration and Dispute Resolution We may also need to process Personal Data about you to meet our internal administration requirements and for matters such as dispute resolution. Legitimate Interest Marketing From time to time we might contact you by telephone, email or in-app messaging about updates to our services, new features or functions or new products we are bringing out. Our marketing may be tailored on the basis of what we think your interests are. We will always include the right to opt out in any such correspondence. Legitimate Interest
Consent - We may use Personal Data relating to our Permitted Usersfor the processing activities set out in the table below.
PURPOSE/ACTIVITY DESCRIPTION LAWFUL BASIS To provide our services to customer Facilitating the set-up of the relevant profiles and manage payment. In this case we are acting as a processor in accordance with the instructions of our Customer. To ensure our terms of use are adhered to We may monitor use of Performa to ensure that it is being used in accordance with the licence granted. Legitimate Interests To manage our relationship with you To notify you of updates to our services or software or updates to our privacy notice Legitimate Interest Administration and Dispute Resolution We may also need to process Personal Data about you to meet our internal administration requirements and for matters such as dispute resolution. Legitimate Interest Marketing From time to time we might contact you by telephone, email or in-app messaging about updates to our services, new features or functions or new products we are bringing out. Our marketing may be tailored on the basis of what we think your interests are. We will always include the right to opt out in any such correspondence. Consent - We will only use Personal Data relating to Academic Users for the purposes agreed between us. If we enter into a contract you, our lawful basis shall be necessary for the performance of the contract or to take steps to enter into the same.
WILL WE DISCLOSE PERSONAL DATA TO ANYONE ELSE?
- We may disclose Personal Data to our employees and third parties who are contracted to help us provide our Services. Any such third parties will be acting as processors on our behalf and will be contractually bound only to use the data in accordance with our instructions and to implement adequate security measures. We currently use processors for the following tasks:
- Host service provider
- Email provider
- Marketing platform
- Payment provider.
- We may share Personal Data with third parties (which will also be acting as controllers in respect of that Personal Data) with the following parties:
- LAWFUL REQUIREMENTS OR LEGAL CLAIMS: If we are under a legal duty to do so or if it is required to enforce or apply our contracts or to protect the operation of our website, or the rights, property or safety of us or others.
- SALE OF BUSINESS: If we sell, transfer or merge parts of our business or our assets. If a change happens to our business, then the new owners will only be entitled to use Personal Data in accordance with the provisions set out in this privacy notice.
- PERMITTED USERS: To the extent that we are acting as processors in respect of Personal Data relating to Permitted Users, we will share such data with the relevant Customer.
WHAT SECURITY PROCEDURES DO WE HAVE IN PLACE?
- It is our policy to ensure that all Personal Data held by us is handled correctly and appropriately according to the nature of the information, the risk associated with mishandling the data, including the damage that could be caused to an individual as a result of loss, corruption and/or accidental disclosure of any such data, and in accordance with any applicable legal requirements.
- Security measures
- We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.
- We have confidentiality contracts with employees and contractors.
- We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal customer information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.
- We use Stripe to process all our payments. Stripe is certified as a PCI Level 1 Service Provider, and Stripe exceeds the most stringent industry standards for security. Click here to learn more about the technical details of Stripe’s secure infrastructure.
WHERE DO WE STORE THE PERSONAL DATA WE COLLECT?
- We only use servers in the EU. Our current host servers are provided by Heroku, whose servers are based in Ireland.
- If you are based outside the EEA and would like further information about where we hold your data, please contact us by email: dpo@performasport.com
FOR HOW LONG DO WE STORE PERSONAL DATA?
- Our retention policy in respect of the Personal Data we hold is as follows:
- we may store data related to transactions for up to 7 years to ensure that we have sufficient records from an accounting and tax perspective. Any such data retained for a longer period will be anonymised so that an individual cannot be identified;
- we may archive Customer Data and Prospective Customer Data relating to negotiations, contracts agreed, payments made, disputes raised and usage data relating to Permitted Users to 6 years to protect ourselves in the event of a dispute arising between you and us. Any such data retained for a longer period will be anonymised so that an individual cannot be identified;
- we may store aggregate data without limitation (on the basis that no individual can be identified from the data).
- For lapsed or past customers who continue to be inactive for a period of 12-months their accounts will auto-delete removing all data from our database.
- We will return to our Customer, or delete any data which we hold as a processor, relating to Permitted Users, to our Customer at the end of our contract.
WHAT RIGHTS DOES A DATA SUBJECT HAVE ABOUT THE PERSONAL DATA WE COLLECT AND HOLD?
- Data Subjects have the following rights in respect of Personal Data relating to them which can be enforced against whoever is the Controller.
- Right to be informed: the right to be informed about what Personal Data the Controller collects and stores about you and how it’s used.
- Right of access: the right to request a copy of the Personal Data held, as well as confirmation of:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients to whom the personal data has/will be disclosed;
- for how long it will be stored; and
- if data wasn't collected directly from the Data Subject, information about the source.
- Right of rectification: the right to require the Controller to correct any Personal Data held about the Data Subject which is inaccurate or incomplete.
- Right to be forgotten: in certain circumstances, the right to have the Personal Data held about the Data Subject erased from the Controller’s records.
- Right to restriction of processing: the right to request the Controller to restrict the processing carried out in respect of Personal Data relating to the Data Subject. You might want to do this, for instance, if you think the data held by the Controller is inaccurate and you would like to restrict processing the data has been reviewed and updated if necessary.
- Right of portability: the right to have the Personal Data held by the Controller about the Data Subject transferred to another organisation, to the extent it was provided in a structured, commonly used and machine-readable format.
- Right to object to direct marketing: the right to object where processing is carried out for direct marketing purposes (including profiling in connection with that purpose).
- Right to object to automated processing: the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects (or other similar significant effects) on the Data Subject.
- If you want to avail of any of these rights, you should contact us immediately at dpo@performasport.com. If we are not the Controller, we will need to transfer your request to the Controller – but we will only do so with your consent. If you do contact us with a request, we will also need evidence that you are who you say you are to ensure compliance with data protection legislation.
WHAT HAPPENS IF YOU NO LONGER WANT US TO PROCESS PERSONAL DATA ABOUT YOU
- If we are holding Personal Data about you as a Processor, we will need to transfer your request to the Controller who has engaged us to provide our Services – that will be the Customer.
- If we are holding Personal Data about you as a Controller, we will comply with your request unless we have reasons for lawfully retaining data about you.
- If we are holding Personal Data about you and using that data for marketing purposes or for any other activities based on your consent, you may notify us at any time that you no longer want us to process Personal Data about you for particular purposes or for any purposes whatsoever and we will stop processing your Personal Data for that purpose. This will not affect your ability to receive our Services.
WHO DO YOU COMPLAIN TO IF YOU’RE NOT HAPPY WITH HOW YOU PROCESS PERSONAL DATA ABOUT YOU?
- If you have any questions or concerns about how we are using Personal Data about you, please contact our Data Protection Officer immediately at our registered address (see paragraph 1.1 above) or by email to dpo@performasports.com. If we are processing Personal Data about you on behalf of the Customer, we will need to pass your complaint to the Customer – we will only do so with your consent.
- If you wish to make a complaint about how we have handled Personal Data about you, you may lodge a complaint with the Information Commissioner’s Office by following this link: https://ico.org.uk/concerns/.
WHAT DO ALL OF THE DEFINED TERMS IN THIS PRIVACY NOTICE MEAN?
-
Throughout this notice you’ll see a lot of defined terms (which you can recognise because they’re capitalised). Where possible, we’ve tried to define them as we go, but we thought it might be useful to have a glossary at the end for you. Anywhere in this notice you see the following terms, they’ll have the following meanings:
Controller is a legal term set out in the General Data Protection Regulation (GDPR), it means the party responsible for deciding what Personal Data to collect and how to use it;
Data Subject means the individual who can be identified from the Personal Data;
Personal Data means data which can be used to identify a living individual. This could be a name and address or it could be a number of details which when taken together make it possible to work out who the information is about. It also includes information about the identifiable individual;
Processor is another legal term set out in the GDPR, it means the party who has agreed to process Personal Data on behalf of the Controller; and
Special Categories of Personal Data means details about an individual’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data.