Sportity App - Admin Console Privacy Policy
Last Updated: 01.07.2023
This Privacy Policy describes how Sportity OÜ (“we,” “us,” or “our”) collects, uses, and shares information when you use the admin console of our mobile application Sportity App (the “App”). By using the admin console, you agree to the collection and use of your information as described in this Privacy Policy.
1. Information We Collect
1.1. Transmission or Connection Data
When you use the App, we may collect your IP address, a unique user identifier (UID), and, when required or provided voluntarily, your email address. The IP address is collected for essential web server functionality, helping us understand your general location and diagnose technical issues. The UID allows us to identify your device to deliver the requested content and improve the App’s functionality. The email address is collected only when necessary, such as when creating an account.
1.2. Account Information
When you register for an account on the admin console, we may collect personal information such as your name, email address, username, and password. This information is necessary to create and manage your account, authenticate your identity, and ensure the security of the admin console.
1.3. Payment Information
If you choose to subscribe to paid plans or make purchases through the admin console, we may collect payment information such as your credit card details, billing address, and other relevant information necessary to process your payments securely. We do not store or retain complete payment card details on our servers. Instead, we rely on a trusted third-party payment processor, Stripe, to handle payment transactions securely.
1.4. User Activity and Preferences
When you use the admin console, we may collect information about your activities, interactions, and preferences within the console. This may include actions such as uploading documents, managing settings, changing passwords, and accessing specific features. We use this information to enhance your user experience, provide personalized services, and improve the functionality of the admin console.
2. User of Informatrion
2.1 Account Management
We use the information collected to manage your account, provide access to the admin console, authenticate your identity, and process your requests and transactions. This includes enabling you to manage your paid plans, upload documents, update settings, and perform other administrative tasks.
2.2 Communication
We may use your email address or other contact information provided to communicate with you regarding your account, respond to your inquiries, provide important updates or notifications related to the admin console, and inform you about changes to our services. These communications are essential for the proper functioning of the admin console and the services you have subscribed to and cannot be opted out.
2.3 Service Improvement
We may use the information collected to analyze user behavior, monitor usage patterns, and gain insights to improve the functionality, features, and performance of the admin console. This helps us provide a better user experience and develop new services and features based on user needs.
2.4 Legal Compliance
We may use and disclose your information as required by applicable laws, regulations, or legal processes, or to protect our rights, property, or safety, or the rights, property, or safety of others.
3. Data Sharing and Disclosure
3.1 Third-Party Service Providers
We may engage third-party service providers to perform various functions necessary to operate the admin console and fulfill our obligations. These service providers will have access to your information solely to perform services on our behalf and are obligated not to disclose or use it for any other purpose.
3.2 Payment Processing
For payment transactions, we rely on a trusted third-party payment processor, Stripe. When you make a payment through the admin console, your payment information is securely transmitted to Stripe for processing. Please review Stripe’s privacy policy to understand how they collect, use, and protect your payment information.
3.3 Aggregated or Anonymized Data
We may aggregate or anonymize your information to create statistical or analytical insights. These insights will not identify you personally and may be shared with third parties for various purposes, including but not limited to research and improving our services.
4. Data Security
We implement industry best practices and appropriate technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, or destruction. We prioritize the security of your information and have implemented robust measures to safeguard it. However, please note that no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee its absolute security.
4.1. Data Encryption
We use encryption techniques to protect your information both at rest and during transit. This ensures that sensitive data is securely stored and transmitted.
4.2. Infrastructure Compliance
Our infrastructure is configured in compliance with industry-standard frameworks such as CIS (Center for Internet Security) and STIG (Security Technical Implementation Guide). This ensures that our systems adhere to recognized security best practices.
4.3. OWASP Compliance
Our web applications are developed with OWASP (Open Web Application Security Project) guidelines in mind. By following OWASP best practices, we strive to build secure and resilient
4.4. Partner Compliance
Our partners are ISO (International Organization for Standardization) and NIST (National Institute of Standards and Technology) compliant. They adhere to stringent security standards and protocols to protect your information when performing services on our behalf.
5. Data Retention
We will retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When your information is no longer needed, we will securely delete or anonymize it.
6. Your Rights
You may have certain rights regarding your information, such as the right to access, update, or delete the information we hold about you. If you wish to exercise any of these rights or have any questions or concerns regarding this Privacy Policy, please contact us using the contact information provided at the end of this document.
6.1. Right to Access
You have the right to request access to the personal information we hold about you. Upon receiving such a request, we will provide you with a copy of the information within a reasonable timeframe, free of charge, unless the request is excessive or unfounded.
6.2. Right to Rectification
If you believe that the personal information we hold about you is inaccurate, incomplete, or outdated, you have the right to request its rectification or correction. We will promptly review and update the information to ensure its accuracy.
6.3. Right to Erasure (Right to be Forgotten)
In certain circumstances, you have the right to request the erasure of your personal information. This includes situations where the information is no longer necessary for the purposes for which it was collected, you withdraw your consent, or the processing is based on legitimate interests and there are no overriding legitimate grounds for its retention.
6.4. Right to Restriction of Processing
You have the right to request the restriction of processing of your personal information in specific circumstances. This may include situations where you contest the accuracy of the data, the processing is unlawful, or you require the data for legal claims.
6.5. Right to Data Portability
Subject to certain conditions, you have the right to receive the personal information we hold about you in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another data controller without hindrance from us.
6.6. Right to Object
You have the right to object to the processing of your personal information when it is based on legitimate interests or for direct marketing purposes. We will carefully consider your objection and cease processing your information unless we have compelling legitimate grounds or if the processing is necessary for the establishment, exercise, or defense of legal claims.
6.7. Right to Withdraw Consent
If we rely on your consent as the legal basis for processing your personal information, you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
6.8. Right to Lodge a Complaint
If you believe that we have infringed upon your privacy rights or violated applicable data protection laws, you have the right to lodge a complaint with the relevant supervisory authority.
To exercise your rights or if you have any questions or concerns regarding the processing of your personal information, please contact us using the contact information provided at the end of this document.
7. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be posted on the App, and the effective date will be indicated at the top of the page. We encourage you to review this Privacy Policy periodically for any changes.
8. Contacting Us
If there are any questions regarding this privacy policy, you may contact us using the information below.
Service Provider:
Sportity OÜ (LLC.)
EE Reg. Code: 12775930
EE VAT ID: EE102177336
Kalda tn 38
Tabasalu, Harjumaa 76911
Estonia
[email protected]
www.sportity.com
Data Protection Officer (DPO)
Mr. Margus Hernits
[email protected]