ATHLETE APP

Privacy Policy

1.       DATA CONTROLLER

 

Croatia Athletic Care and Development Center

University of Zagreb, Faculty of Kinesiology

Horvaćanski zavoj 15

10000 Zagreb, Republic of Croatia

 

Phone: +385 (1) 3658 666

Telefaks: +385(1) 3634 146

E-mail: dekanat@kif.unizg.hr

Web: http://www.kif.unizg.hr

 

OIB: 25329931628

 

 

2.       DATA PROTECTION OFFICER

Croatia Athletic Care and Development Centre

 

If you will have further questions about the protection of
personal data or wish to exercise any of your rights in the protection of
personal data, please contact us on following contact:

 

Data Protection Officer, Igor Barlek, CIPP/E-mail: bi@biconsult.hr

 

 

 

 

 

3.       PURPOSE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

We process your personal data in fulfilment of our legal
obligations in the sense of Article 6, paragraph 1, point (c) of the General
Regulation for the purpose of:

• responding to a request to exercise the right to
access information.

 

We process your personal data based on consent in the sense
of Article 6, paragraph 1, point (a) of the General Regulation, for the purpose
of:

·
improving dual career (DC) supporting services for elite athletes

·
monitoring of athletes and all elements of their sports and
educational/professional development

·
comparison of results before and after using services through CAIS

In addition, there are several purposes for processing:

 

·
Providing education, support and additional services of the Centre:

Keeping records on student-athletes’ personal, study and
athletic background; registering study and athletic results; issuing
student-athlete status; concluding contracts with student-athletes; formulating
policy on dual career ‘elite sport and education’ matters; developing and
writing policy and management reports; being able to provide advice, guidance,
and counselling; settling disputes, etc.

·
Performing academic research:

The researchers affiliated with WE_CARE project gather,
analyse, and manage significant quantities of data, necessary for the
advancement of dual career in each Member State- Croatia, Serbia, Slovenia.
Many of the activities carried out by researchers involve processing personal
data, but in anonymized and statistical form.

·
Valorisation and communication

Attracting prospective student-athletes; concluding and
fulfilling contracts with other educational institutions; managing and
improving our services and promoting the results of WE_CARE project.

4.       PERSONAL DATA WE PROCESS

Categories of personal data processed by CAIS software:

·
Name

·
Address

·
Place of Birth

·
Telephone number

·
Date of Birth

·
Gender

·
Email-address

·
Information regarding study
background, study programme, and study performances

·
Information regarding
athletic background, athletic level, athletic performances and athletic
programme

·
Personal data about parents
and coaches

·
Information regarding user
interaction (e.g. IP address, cookies)

·
Images (photos)

·
Health data of athlete – injuries

·
Data gathered in the context
of providing healthcare services

·
Professional
development/status – profession, working status

·
Data gathered in the context
of counselling sessions

·
Data gathered in the context
of improving our services

·
Data gathered in the context
of academic research

 

5.       YOUR RIGHTS REGARDING PERSONAL DATA PROCESSING

To exercise your rights, you can contact us in writing
or by e-mail using our contact information listed in the section 2.

 

As the Data subject you have the following rights in
relation to the processing of his personal data:

·
The Right to Information: The
right to information allows individuals (data subjects) to know what personal
data is collected about them, why, who is collecting data, how long it will be
kept, how they can file a complaint, and with whom will they share the data.

 

·
The Right of Access: You
have the right to access your personal data that we process about you and you
can request detailed information, in particular, about the purpose of their
processing, about the type/categories of personal data that are processed,
including insight into your personal data, about recipients or categories of
recipients, and about the intended period in which personal data will be
stored. Access to personal data can be limited only in cases prescribed by
Union law or our national legislation, i.e. when such a limitation respects the
essence of the fundamental rights and freedoms of others.

 

  • The
    Right to Erasure

    („the right to be forgotten“): you have the right to request the Data
    Controller to delete your personal data. The Data Controller has the
    obligation to delete personal data without delay. It can happen in case:
    • personal data are no longer necessary for the
      purposes for which they were collected or otherwise processed,
    • Data subject withdraws consent on which the
      processing is based, and there is no other legal basis for processing,
    • Data subject objects to the processing, and
      legitimate reasons for exercising the right to erasure outweigh the legitimate
      interest of the Data Controller for processing and/or storing personal
      data,
    • personal data is illegally processed or if
      personal data must be deleted in order to comply with the legal
      obligations of the Data Controller.

* Exceptions related to the
exercise of the aforementioned right are provided for in Article 17, Paragraph
3 of the General Regulation:

 

The aforementioned rights are not applicable
to the extent that processing is necessary:

·
in
order to exercise the right to freedom of expression and information;

·
to
comply with a legal obligation requiring processing under Union law or the law
of a Member State to which the data controller is subject, or for the
performance of a task in the public interest or in the exercise of official
authority of the data controller;

·
for
the purposes of archiving in the public interest, for the purposes of
scientific or historical research or for statistical purposes in accordance
with Article 89, paragraph 1, to the extent that it is likely that the right
from paragraph 1 can prevent or seriously threaten the achievement of the goals
of that processing; or in order to establish, realize or defend legal claims.

 

  • The
    Right to Rectification
    :
    You have the right to request the correction or addition of personal data
    if your data is not correct, complete and up-to-date. To do this, send
    your request to us in writing. Please note that in the request it is necessary
    to specify what is not accurate, complete or up-to-date and in what sense
    the above should be corrected. In addition, please submit the necessary
    documentation in support of your allegations.

 

  • The
    Right to Data Portability
    : You have the right to receive a printout of your
    personal data and pass it on to another data controller.

 

  • The
    Right to Restriction of Processing:
    You have the right to request a restriction on
    the processing of personal data in case:

o   you dispute the accuracy of the data

o   if the processing is illegal, and you object
to their deletion

o   if the data controller no longer needs the
personal data, but you have requested it in order to establish, exercise or
defend legal claims

o   if you objected to the processing of your
personal data.

 

·
The Right
to Object
: If we process your data for the purposes
of performing tasks of public interest or in the exercise of our official
powers, or when processing them we refer to our legitimate interests, you can
file a complaint against such processing.

 

·
The Right
to Avoid Automated Decision-Making:
You have the right not to be subject to automated
decision-making if it is producing a legal effect that significantly affects you.

 

6.       PROVISION OF DATA TO THIRD PARTIES

We may forward your personal
data for use by providers of IT and communication solutions and services who
act as processors. We have entered into contracts with the aforementioned
processors in which the treatment of personal data is prescribed in detail, therefore
they are not able to process your personal data without our order and pass them
on to third parties.

Additional 3rd
parties that might have access to your data are partner Centres in project as
this is international scientific project where statistical data are compared
and used to improve sports activities, prevent injuries and improve educational
status of participants. Your data are used as statistical data without
disclosing full personal details of any sportsman in particular.

In certain circumstances, we
have a legal obligation to forward your personal data, and the processing of
personal data may include the international transfer of the same. The legal
obligation may arise from national regulations or from EU regulations.

Your personal data will not
be passed on to third parties for marketing purposes.

 

7.       PERSONAL DATA SECURITY

We collect and process
personal data in a way that ensures adequate security and confidentiality in
their processing and enables effective application of data protection
principles, reduction of the amount of data, scope of their processing, storage
period and their availability.

 We take all appropriate technical and
organizational security measures to prevent accidental or illegal destruction,
loss, alteration, unauthorized use, disclosure, insight or access to data.

Everyone involved in
processing activities of the data controller undertake to keep personal data by
signing a confidentiality statement.

 

The data categorized as sensitive data according
to the General Data Protection Regulation (for example, health data) is
specially protected and additional data protection measures have been taken.
The data entered by the user is visible only to the user, and depending on the
service provided to him through the application, it will also be visible to the
service provider as well as Admins of Centres. For each additional access to
your personal data, you will be asked for your express consent to share
personal data. Likewise, your personal data will be used to create overall
statistical inputs for scientific research.

 

8.       PERSONAL DATA RETENTION PERIOD

We process your personal data
until the purpose of personal data processing is fulfilled. After the end of
the purpose for which they were collected, we no longer use your personal data,
and they remain in our storage system, and we keep them as long as we are
obliged by the legal regulations on the preservation of archival material.

 

9.
SOCIAL NETWORKS

If you are a member of various social networks such as Facebook,
Twitter, Instagram, LinkedIn and the like, you should be familiar with the
tools that these sites provide and choosing how to share personal information
on social network profiles.

In addition, depending on your choices regarding settings on various
social networks, certain personal data may be shared with broad public via
social media profiles
, such as information about your sport status, sport results and
similar. Making those data public will be only when we have way to have your
explicit consent, if applicable.

 

10.
MINORS

WE_CARE project avoids communicating in any sense with children and/or minors.
If there is contact and/or data collection and processing, all contact and
communication with children and minors is carried out in a way that
communicates, talks, negotiates and contracts exclusively with the parent /
guardian. The contract, consent, and any other legally binding document is
signed exclusively by the parent/guardian.

 

11.   CONTACT INFORMATION

If you have questions
regarding the processing of your personal data, you can contact us at one of
the contacts listed in section 1. and 2.

 

12.   PRIVACY POLICY CHANGES

We regularly update the privacy policy so that it is
accurate and up-to-date, and we reserve the right to change its content if we
deem it necessary. You will be informed about all changes and additions in a
timely manner through our website in accordance with the principle of
transparency.