Data Processing Agreement (DPA)

Last updated October 2022

TeamSportz processes data about our users, teams, clubs, academies and sport prorammes. In accordance with GDPR, TeamSportz acts as both data controller and data processor, depending on which services you use.

DPA for TeamSportz Play App

If you use the TeamSportz Play App, TeamSportz is the data controller and is responsible for complying with GDPR and for helping registered users to exercise their rights. As we are not a data processor separate from the data controller when using the app, there will be no need for a data processing agreement. TeamSportz complies with GDPR and our own privacy policy when processing data for users of the TeamSportz Play App.

DPA for TeamSportz Platform

In this case, the club is the data controller (data controller), and TeamSportz operates as the data processor (data processor). According to GDPR art. 28 no. 3, data processing in this way shall be subject to a data processing agreement.

Find bellow our standard data processing agreement (DPA) which is an integral part of our terms of service for TeamSportz Platform. The data processing agreement that regulates the club's relationship with TeamSportz can be found below:

DATA PROCESSOR AGREEMENT FOR TEAMSPORTZ’S PLATFORM SOLUTION

This data processor agreement (the “Data Processor Agreement”) is an appendix to the terms of service (the “Terms of Service”) that regulate the use of TeamSportz Platform AS’ (“TeamSportz”) platform solution (the “Service”). The parties to the Data Processor Agreement are TeamSportz and the Club, or Academy, Sport Organisation that is registered as a user of the Service (the “Club”) on TeamSportz's platform, and thus has accepted the Terms of Service. Words and concepts that are otherwise undefined shall have the same meaning as the Personal Data Act, cf. Article 4 of the Data Protection Regulation.

1. PROCESSING OF PERSONAL DATA

When the Club uses the Service, TeamSportz becomes the data processor for the Club and will be processing its personal data. The Club is the data controller. TeamSportz shall only process personal data in accordance with the Club’s documented instructions, unless otherwise provided by law. Annex 1 contains the Club’s instructions.

2. ASSISTANCE TO THE DATA CONTROLLER

2.1 General

TeanSportz shall help the Club meet its obligations under prevailing privacy legislation.

2.2 Requests from third parties

If the data subject, public authorities or others request information from TeamSportz regarding the processing of personal data pursuant to this Data Processor Agreement, TeamSportz shall refer the request to the Club. TeamSportz shall not, except as previously instructed by the Club, transfer or otherwise disclose personal data – or other information related to the processing of personal data – to a third party. If TeamSportz is obligated by law to distribute personal data being processed by TeamSportz on behalf of the Club, TeamSportz must immediately notify the Club.

2.3 Making information available

TeamSportz shall provide to the Club all information and assistance needed to demonstrate that the obligations pursuant to this Data Processor Agreement and privacy laws are being complied with. TeamSportz shall contribute to and make revisions possible, including inspections. Any revisions and inspections will be carried out at the Club’s request, but no more than once per year.

2.4 Correction, deletion and return

By using its access to the Service, the Club can correct and delete personal data and other information that is no longer being processed. Upon termination of the Data Processor Agreement and within three – 3-months of expiry of the Data Processor Agreement, TeamSportz will, based on the Club’s instruction, delete or return all personal data it has processed on behalf of the Club. The solution’s data export function will execute such return. This applies unless retainage of the personal data is required by law.

3. SUBCONTRACTING

The Club agrees to TeamSportz’s use of subcontractors. On its website, TeamSportz shall maintain a list of subcontractors, and this list shall reflect any subcontractor changes and serve as notification of the same. Therefore, the Club is encouraged to check the list frequently. The Club may object to subcontractor changes, and in such case, it must notify TeamSportz within fourteen – 14–days after the change was published. If the Club disapproves of the change, TeamSportz may terminate the agreement governing the Service, effective upon implementation of the change. TeamSportz shall ensure that authorised subcontractors enter into written agreements that impose upon them the same obligations with regard to the protection of personal data as those set out in this Data Processor Agreement.

3. SUBCONTRACTING

The Club agrees to TeamSportz’s use of subcontractors. On its website, TeamSportz shall maintain a list of subcontractors, and this list shall reflect any subcontractor changes and serve as notification of the same. Therefore, the Club is encouraged to check the list frequently. The Club may object to subcontractor changes, and in such case, it must notify TeamSportz within fourteen – 14–days after the change was published. If the Club disapproves of the change, TeamSportz may terminate the agreement governing the Service, effective upon implementation of the change. TeamSportz shall ensure that authorised subcontractors enter into written agreements that impose upon them the same obligations with regard to the protection of personal data as those set out in this Data Processor Agreement.

4. TRANSFER TO THIRD COUNTRIES

The Club agrees that TeamSportz may transfer personal data to third countries identified in the subcontractor list on TeamSportz’s web page, cf. clause 3.
Notification of any changes will also be published there. If the Club withdraws its agreement for transfer of personal data to one or more third countries or disapproves of a change, the Club must notify TeamSportz within fourteen – 14 – days at the latest. If ceasing the transfer is impossible, due to technical or other issues, TeamSportz may terminate the agreement for use of the Service, effective as of the expiry of the notification deadline mentioned above. TeamSportz confirms that the applicable privacy law terms for transfers to third countries are fulfilled for all transfers of personal data to third countries, normally by using the EU standard contract for transfers to data processors in third countries.

5. INFORMATION SECURITY AND CONFIDENTIALITY

5.1 General

TeamSportz shall be obliged to implement and document appropriate technical and organisational measures to protect personal data being processed. TeamSportz shall comply with the Club’s and any prevailing written requirements or policies related to data security.

5.2 Duty to maintain adequate levels of security

TeamSportz shall maintain a sufficient level of security for the processing of personal data, taking the risk of the processing into consideration. TeamSportz shall protect personal data from destruction, modification, unauthorised disclosure or unauthorised access.

5.3 Logging and internal control

TeamSportz shall maintain a log of all categories of processing activities that are carried out on behalf of the Club. TeamSportz shall prepare and keep current a description of technical, organisational and physical measures it undertakes to maintain security and comply with applicable data protection laws, hereunder its security organisation, procedures and risk assessments. The documentation shall be made available to the Club.

5.4 Confidentiality

TeamSportz shall not, without the Club’s prior written approval, disclose or otherwise make personal data processed pursuant to this Data Processing Agreement available to third parties, except for subcontractors who are engaged in accordance with the Data Processor Agreement. TeamSportz shall ensure that only persons who need access to personal data in order to provide the Service to the Club may access such data and that they have committed themselves to a duty of confidentiality.The above-mentioned duty of confidentiality survives the termination of this Data Processor Agreement.

6. PERSONAL DATA BREACH PROCEDURES

In case of a personal data breach, TeamSportz will assist the Club in complying with the Club’s obligations, including the obligation to notify of the personal data breach. Without undue delay, TeamSportz shall notify the Club in writing as soon as it becomes aware of such breach. The notification shall:

  • describe the type of personal data breach, including, if possible, the categories and approximate number of data subjects and personal data records that are affected;
  • include the name and contact information of the person who can be contacted for more information;
  • describe the likely consequences of the personal data breach;
  • describe the measures taken or proposed by TeamSportz to deal with the personal data breach, including, if appropriate, measures to reduce potentially adverse impacts.

7. DURATION OF THE AGREEMENT

The Data Processing Agreement remains in force as long as the Club and TeamSportz have a valid agreement for the use of the Service. Regardless of the termination provisions, the Club can, if TeamSportz violates prevailing privacy laws, the Data Processor Agreement or instructions given in or pursuant to this Data Processor Agreement, instruct TeamSportz and any subcontractors to stop the processing of the personal data with immediate effect.

8. LIABILITY

The parties’ responsibilities and limitations on liability are set out in the Terms.

9. NOTICES AND OTHER ANNOUNCEMENTS

Security breach notifications and other announcements pursuant to the Data Processing Agreement shall be sent to the other party’s contact as provided in connection with registration of the Club as a user of the Service.

10. CHOICE OF LAW AND JURISDICTION

A Data Processor Agreement governed by UK law must comply with the UK GDPR and the Data Protection Act 2018, specifically adhering to Article 28 requirements. It ensures the processor acts only on controller instructions, secures personal data, and dictates handling of breaches, sub-processors, and data deletion upon termination, typically within the jurisdiction of England and Wales.

TERMS

Data controller
The Club as defined in the Terms

Purpose
The data controller’s purpose for processing the personal data is:Manage the Club’s activities, including internal Club communications, member registry management, management of member accounts and other payments, external member communications.

Categories of data
The personal data that will be processed includes the following categories:
- Personal contact information such as name, home address, mobile phone number and email address.
- Age, date of birth and any other information that the Club registers on the data subjects (e.g., the jersey number, jersey size, position, whether the player is injured or not.)
- Guardian relations between data subjects.
- If the data subject has provided a valid certificate of good conduct.
- Information on payment demands sent out and their status (paid, not paid, due date, etc.)
- Communications between the Club and the data subjects.

Data subject categories
The data controller’s members, staff and volunteers, members’ guardians

Processing operations/activities
Collection and retention of personal data in the member registry
Transmittal of personal data in internal communications
Collection and storage of personal data in connection with collection/payment of fees

Retention period/deletion
Personal data that is being processed must be deleted according to the following guidelines:To be deleted within three – 3 – months after termination of the agreement or at the request of the data controller

Company
CoachesClubs & LeaguesPlayersPress & AwardsCustomer Stories
Quick Link
CareersBlogAbout UsContact UsTerms & ConditionsPrivacy PolicyAnti-Bribery and Corruption PolicyGDPR & Data Policy
Featured In
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
© 2024 TeamSportz Group Ltd. All rights reserved
Website by A+M Studio