The mobile application Sportlito (herein referred to as the ‘App’) respects the privacy of all parties viewing and otherwise making use of the App, (herein referred to as the ‘Users’), and is committed to protecting their privacy. The App may collect and use ‘Personal Data’ (defined hereunder) relating to its Users in order to provide them with the services provided by the App and only for any purpose which has been expressly stated hereunder.
The Controller of data collected and used from Users of the App is Sportlito s.r.o., Žatecká 55/14, Josefov, 110 00 Prague 1, Czech Republic and is responsible for this App.
The Data Controller can be contacted on firstname.lastname@example.org.
Purpose of this Statement
The purpose of this Statement is to:
- set out the type of personal data the Controller will collect from you and how we will use your personal information;
- the basis on which any personal data is processed by the Controller;
- make you aware of how the Controller will handle your personal data;
clarify the Controller’s obligations under the data protection regulations with regards to processing your personal data lawfully and responsibly;
- inform you of your data protection rights.
We process your personal data in an appropriate and lawful manner, in accordance with applicable data protection regulations and the General Data Protection Regulation EU 2016/679 (the “GDPR”) which is in force as of 25 May 2018.
Collection of Personal Data
The application requires the basic personal data of the user to log in, such as the login name (e-mail address) and the password. For basic use of the application, it is necessary to collect user activity.
By registering in the App, the user agrees to the use of this basic data necessary for the functionality of the application. In the event of a later withdrawal of consent at email@example.com, the account will be deactivated, the user will no longer use the App and the data will be deleted within the set limit for data storage.
In case of a user feedback, we collect following data: user id, message, screenshot and device model.
Your Rights as a Data Subject
The Right of Access
Users are entitled to request that the Controller (defined hereafter) provides them with written information on which of their respective Personal Data it has collected and/or used. A request can be made by submitting a request in writing to the Controller (defined hereafter).
The App undertakes to make all reasonable efforts to keep the Personal Data collected updated. However, Users are invited to inform the App of any changes to their Personal Data which is held by the App.
Correction Blocking or Deletion of Data
Users who consider that any of their respective Personal Data is inaccurate, may request the Controller in writing to correct the data. Users also have the right to request the Controller to block or delete their respective Personal Data if it has been processed unlawfully.
Right to object
You may contact us at any time at firstname.lastname@example.org to ask us not to process your Personal Data for marketing purposes e.g. receiving information from us about upcoming events, newsletters and publications and your data will no longer be processed for such purposes.
Right to withdraw consent
You have the right to withdraw your consent to this statement, and the processing practices described herein, at any time by sending an email to email@example.com. This will not affect the lawfulness of processing which we carried out on the basis of such consent before its withdrawal. Withdrawal of consent will result in us having to terminate our services immediately.
Right to rectification
You have the right to obtain rectification of any inaccurate Personal Data about you that we have processed, update any data which is out-of-date and the right to have incomplete Personal Data completed, including by means of a supplementary statement.
Right to erasure
You have the right to obtain the erasure of Personal Data we have concerning you when your personal data is no longer required where:
- you withdraw your consent to us processing your Personal Data;
- your Personal Data no longer needs to be processed; or
- your Personal Data has been unlawfully processed.
Right to Restriction of Processing
You have the right to restrict our processing activities where:
- you consent the accuracy of this Personal Data, for a period enabling us to verify the accuracy of the same Personal Data;
- our processing is deemed unlawful, and you oppose the erasure of your Personal Data and request restriction of its use instead;
we no longer need your Personal Data for the purposes stated herein, but you require it for the establishment, exercising or defending of legal claims;
- you have objected to our processing pending the verification whether the legitimate grounds of our processing activities overrode those pertaining to you.
Right of Data Portability
As from 25 May 2018, you shall have the right to receive your Personal Data in a structured and machine-readable format and transmit this data to another Controller (as defined in the GDPR).
Purposes for the collection and use of Personal Data
The Personal Data collected by the App shall be processed in accordance with the provisions of the Data Protection Act (Chapter 440 of the Laws of Malta) and subsidiary legislation enacted thereunder and solely processed for the purposes of:
- Communicating with the Users;
- Sending Users new password to their respective personal account;
- Providing any advanced services which are possible to configure App to some extent;
- Improving the content offered by the App;
- Providing Users with personalised App content and/or layout.
Legal basis for processing
We shall only process your Personal Data where you have provided your consent or insofar as this is necessary for us to be able to provide the services we offer and/or for the purposes indicated in this statement.
We may also process your Personal Data on the basis of any legitimate interest or in order to comply with any legal obligations at law. This may include the exercise of defense of legal claims or in order to comply with an order of any court, tribunal or authority.
You will receive marketing communication from us through an email address which you provide to us via the application. Within the legitimate interest, we will send you information related to the service to a reasonable extent.
Without your explicit consent, we will not send you marketing messages exceeding the frequency once a month. We will not share your Personal Data with any third party for marketing purposes without your unambiguous consent.
Disclosure of Personal Data to third parties
The Provider does not sell, trade or rent or otherwise disclose Personal Data appertaining to Users to any third party without their prior respective consent. However Personal Data would be disclosed to third parties in the eventuality of a sale of the App. This does not affect the right to use processors in specific areas. For the operation of the application itself, information about users is also processed by the following organizations:
- Amazon Web Services, Inc. (Original Certification Date: 10/21/2016)
- Qest automation s.r.o. (IČO 02232073)
Processors shall comply with the rules defined in Article 28 of the General Data Protection Regulation (Regulation (EU) 2016/679).
The above is without prejudice to any legal obligation incumbent on the App to disclose Users’ Personal Data to third parties.
The above is also without prejudice to disclosures which are absolutely necessary as part of one or more of the Purposes for collecting and using Personal Data. In this case the App shall seek the prior express consent of the Users concerned.
The Provider reserves the right to provide statistics about Users, sales, traffic, and other statistical information relating to the App to third parties, however, without identifying any particular Users.
In order to better administer the App and to collect broad demographic information of Users for aggregate use, the App automatically logs the IP address of all Users and the pages viewed by each User respectively.
Statistical data collection is collected by the App on the basis of a legitimate reason of the administrator and are not assigned to an individual account.
Transfers of Personal Data to Third Countries
The Controller does not transfer any Personal Data outside the European Economic Area and, if it is required to, it will first ensure that there are appropriate safeguards in place to ensure that your Personal Data is adequately protected.
The App and the Controller have adopted various measures, both technical and organisational, to help protect communication against the destruction, loss, misuse and alteration of Personal Data which has been collected and used (including ensuring that any transfers of data are secured) through Secured communication between User's device and Provider's servers “HTTPS”. Additionally, all passwords you set up are stored using BCrypt standard. Notwithstanding these efforts, the Provider cannot guarantee that such an event will not occur.
The period for which Personal Data is kept
The Personal Data is kept only for the time period required to meet the purposes for which it was collected. In case of user account inactivity for one (1) year, all collected user Personal Data will be deleted.