Controller and contact detail
Data Protection Officer and contact detail
Representative of the Controller in the European Union (Article 27, GDPR) and contact detail
Purpose of processing, Legal Basis, Personal Data and Retention Period
Processing modalities
Data Sharing
Data processing locations
Data Subjects’ rights
Complaints
Amendments
Privacy Policy - RSportz Platform
[Last update: 28.02.2023]
What is this document? Pursuant to art. 13 European Reg. n. 679/2016 ( “General Data Protection Regulation” or “GDPR” ) and in compliance with the principles contained therein, RSportz, Inc. intends to inform each user (the “User” ) about the processing of personal data happening on its platform (the “Platform” ).
Controller and contact detail
RSportz, Inc. (hereinafter “Controller”, pursuant to art. 4(7) GDPR)
with registered offices in 8 Toboggan Ridge Rd, Saddle River, NJ 07458 USA
+1 (800) 258-0755
info@rsportz.com
Data Protection Officer and contact detail
The Controller has provided for the formal appointment of a Data Protection Officer, whom you may contact at any time by writing to the following address: dpo@rsportz.com.
Representative of the Controller in the European Union (Article 27, GDPR) and contact detail
The Controller has provided for the formal appointment of a Representative in the European Union, pursuant to art. 27 GDPR, whom you may contact at any time by writing to the following address:
Tomas Vesely
representative.eu@rsportz.com
Purpose of processing, Legal Basis, Personal Data and Retention Period
The Controller processes Personal Data for the following purposes, as specified here in below. The table also shows the legal basis which justifies the processing and the period of data retention:
| Purpose | Personal Data | Legal Basis | Data retention |
|---|---|---|---|
| A. Creation and management of a personal User profile. |
✓ Anagraphic information
✓ Contact details ✓ User’s image |
Execution of contractual and pre-contractual measures [Art. 6, 1, lett. b) GDPR] | Until the User deletes his/her personal profile from the Platform. |
| B. Management of User’s medical information (e.g. medical certifications, etc.) |
✓ Anagraphic information
✓ Contact details ✓ Medical information |
Consent [Art. 9, 2, lett. a) GDPR] | Until the withdrawal of consent and until the User deletes his/her personal profile. |
| C. Contact and customer support. |
✓ Anagraphic information
✓ Contact details |
Execution of contractual and pre-contractual measures [Art. 6, 1, lett. b) GDPR] | For the period necessary for the response. |
| D. Allow the Controller to accomplish all formalities required by law. |
✓ Anagraphic information
✓ Contact details |
Legal obligation [Art. 6, 1, lett. c) GDPR] | Until the expiry of the data retention period, as provided by the applicable law. |
| E. Improve the Platform by analyzing how Users navigate and/or use the Website. | ✓ Platform usage data | Legitimate interest [Art. 6, 1, lett. f) GDPR] | Not applicable (aggregate or anonymous data). |
| F. Detecting or preventing fraudulent activity and exercising the Controller's rights in Court. |
✓ Anagraphic information
✓ Contact details ✓ Professional information |
Legitimate interest [Art. 6, 1, lett. f) GDPR] | 10 years. |
In case the User prefers not to communicate mandatory and/or necessary data for the fulfillment of certain purposes, Rsportz reserves the right to not provide the service through its platform.
The use of the Platform may require the processing of personal data of third parties sent by you to the Controller. Compared to these assumptions, you act as an independent controller, assuming all the obligations and responsibilities of the law. In this sense, you grant the most extensive indemnity with respect to any dispute, claim, request for compensation for damage caused by processing, etc. that may be received by the Controller from third parties whose personal data have been processed in violation of the law on the protection of personal data applicable. In any case, if you provide or otherwise process personal data of third parties in the use of the Platform, you warrant as of now - assuming all related responsibility - that this particular case of processing is based on a suitable legal basis under Articles 6 and/or 9 of the GDPR that legitimizes the processing of information.
Users can ask for an explanation of the legal basis of each processing at any time.
Processing modalities
The processing of Personal Data will take place through automated and/or manual tools in order to ensure proper security measures to prevent access, disclosure, loss, incorrect, illegal or unauthorized use of data.
Data Sharing
Your Personal Data may be shared with the following subjects, on a need-to-know basis and in accordance with Applicable Privacy Laws: (i) Internet service providers and platforms used by the Controller as organization tools, channels of communication and/or promotion; (ii) People or Organizations involved in the activities such as Local organizations & Clubs, Sports Federations, International Organizations; (iii) to private and public health bodies for insurance, labor, social security, welfare purposes, for the control in a broad sense of the sporting fitness of the Company's members in accordance with federal regulations and for anti-doping requirements (e.g. communications to Anti-Doping Agencies and relevant organizations, both nationally and internationally); (iv) police, judicial authority or other public entity for the fulfilment of a legal obligation.
These subjects act as autonomous data controllers or data processors. In the latter case, the Controller has signed a contract pursuant to Art. 28 GDPR (Data Protection Agreement or “DPA”).
Personal data will be processed by internal staff specifically authorized under Article 29 of the GDPR. The names of all authorized personnel are available under request to the Data Controller, at info@rsportz.com.
Data processing locations
Personal data are processed at the headquarters of the Controller, as well as in the servers that host the Platform. The Data Controller ensures that when using cloud providers established outside the EEA, the processing of personal data by these recipients is carried out in accordance with applicable law.
Transfers shall be carried out by means of appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission or other safeguards provided for in the GDPR.
Data Subjects’ rights
The User may exercise all the rights provided for by Articles 15-21 of EU Reg. no. 679/2016, at any time and without unjustified limitations, by contacting the Data Controller at
dpo@rsportz.com.
Requests shall be filed free of charge and processed by the Controller within 30 days. Specifically, the User can:
- Obtain from the controller confirmation as to whether or not personal data are being processed (Art.15);
- Obtain from the controller the rectification of inaccurate personal data (Art. 16);
- Obtain from the controller the erasure of personal data (Art. 17);
- Obtain from the controller restriction of processing (Art. 18);
- Have the right to receive the personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (Art. 20);
- Have the right to object (Art. 21);
Complaints
In any case, Users are always entitled to lodge a complaint with the competent supervisory authority, under Art. 77 of the Regulation, if they believe that the Controller’s processing of their Personal Data is in violation of the applicable law.
Amendments
The Controller reserves the right to amend and update the Privacy Policy as a result of any further new or revised provisions of any national and EU laws and regulations on personal data protection.