|The EU General Data Protection Regulation (“GDPR”) strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed. PlayerMaker (“PM”) has taken steps to comply with all aspects of the GDPR, which covers the privacy of data subjects, the security of their data, and their control of their data. PM may update this White Paper from time to time to reflect our ongoing compliance effort. Organizations that use PM must accept our Data Processing Agreement if required by law.|
1 Security and privacy of customer data
PM treats the security and privacy of customer data as its highest priority. Some of the policies we enforce include mandatory SSL connections, real-time encryption/decryption of all personal data in our database, and further encryption for all offsite/cold storage backups.
PM's normal (regular) data processing activities for EU/EEA users all occur within the EU/EEA, with all databases, servers, and backups located in EU/EEA data centers. When necessary, data may be transferred to a third country if permissible - that is if the third country has been deemed by the EU Commission to ensure an appropriate level of protection, the recipient of the data guarantees an acceptable level of data protection in accordance with EU standard contractual clauses for the transmission of personal data, or there are other safeguards in place that permit such a transfer.
Owners of teams (or whoever else is the data controller) who would like to delete a team, its players and all associated data are able to send an email to firstname.lastname@example.org and ask for a deletion to be performed. Once there are no more teams/players in an owner's account, they can ask to "Delete my account" using email@example.com. Players who would like to update or remove their personal data from PM should contact their team (the data controller). Please note the following data will not be available following a player/team deletion: player name, player game position, player weight, player height, player picture, player club, player team, player age, player gender, player gait data, player ball touches data, club address, club picture, team event time (Training/drill/match/phase). To ensure historical reports remain accurate, PM gives administrators the ability to anonymize a player's profile following an act of deletion. Anonymizing a player’s profile erases a player’s first and last name and thus disconnects all player’s data with its identity. The remaining data can not be associated with the player’s specific identity.
All users (administrators, coaches, analysts, players) can send a “Data Export Request” to firstname.lastname@example.org to compile and download all the data that is associated with their username.
If an individual would like to enquire as to whether PM is processing their personal data, then they can request a report of the processing activities by sending an email to email@example.com.
If an individual would like to restrict or object to the processing of their personal data, they can make a request by sending an email to firstname.lastname@example.org. Once the individual's email address is verified our team will process the claim in accordance with applicable law. If an individual would like to remove previous objections to the processing of their personal data, they can make a request by sending an email to email@example.com. Once the individual's email address is verified, the processing will be permitted.
In the unlikely event that personal data is stolen, PM will notify all data controllers and data subjects that are affected without undue delay by email.