Przejdź do treści

Information ObligationGDPR

Concise, understandable and transparent summary of information about personal data processing

The following information constitutes a concise, understandable and transparent summary of information contained in the Privacy Policy regarding the Data Controller, the purpose and method of processing personal data and your rights in connection with this processing, in the form required to fulfill the GDPR information obligation. Details regarding the method of processing and entities participating in this process are available in the indicated policy.

Whereas:
  • a) Admin and Service Provider are parties to the Main Agreement,
  • b) Admin acts as the controller of personal data of persons entered into the website https://team-mate.pro/en by Admin,
  • c) in connection with the performance of the Main Agreement, there is a need for the Service Provider to process personal data transferred to it by Admin,

The Parties - in accordance with Article 28 of the Regulation - have decided to conclude this Agreement.

For the purposes of this Agreement, the following definitions are adopted:

  • 1) Admin – a person who concludes the Main Agreement with the Service Provider;
  • 2) Client – a user whose data entered into the website https://team-mate.pro/en is controlled by Admin. Clients include in particular: Coach, Player, Parent, Fan according to the meanings assigned by the Terms and Conditions;
  • 3) Terms and Conditions – Terms and Conditions for the provision of services by electronic means by Service Providers for the website https://team-mate.pro/en;
  • 4) Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
  • 5) Parties – Service Provider and Admin;
  • 6) Agreement – this data processing agreement;
  • 7) Main Agreement – an agreement under which the Service Provider undertakes to provide services to Admin by electronic means, in accordance with the terms and conditions of the website https://team-mate.pro/en;
  • 8) Service Provider – TEAM MATE PRO sp. z o. o. with its registered office in Podłopień, registered office address: Podłopień 136, 34-650 Tymbark, registered in the Register of Entrepreneurs by the District Court for Kraków - Śródmieście in Kraków, 12th Commercial Division of the National Court Register under KRS number: 0001164424, Tax ID: 7372251653, REGON: 541289148.

§ 1 Subject of the Agreement

1.

Admin entrusts the Service Provider with the processing of personal data necessary for the implementation of the Main Agreement, on the terms and for the purpose specified in this Agreement.

2.

The Service Provider undertakes to process the personal data entrusted to it in accordance with this Agreement, the Regulation and other generally applicable legal provisions so that the processing protects the rights of the persons whose data it concerns, in particular the right to the protection of personal data. Personal data will be stored in the collection "Client Data".

3.

The Service Provider undertakes to apply security measures that meet the requirements of the Regulation.

§ 2 Nature and purpose of data processing

1.

The Service Provider will process the entrusted data using IT systems, and if necessary, also paper documentation. Processing may be performed with the frequency required as part of the performance of obligations arising from the Main Agreement, using technologies available to the Service Provider.

2.

Processing may include such operations as: recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing or destroying personal data, subject to limitations introduced in the Agreement and according to the needs arising from the purposes of processing.

3.

Personal data entrusted by Admin will be processed by the Service Provider for the proper performance of the Main Agreement.

§ 3 Duration of the Agreement and personal data processing

1.

This Agreement is valid from the date of its conclusion for an indefinite period, but no longer than the period of validity of the Main Agreement. The period of validity of the Agreement is also the duration of data processing by the Service Provider, within the meaning of Article 28 of the Regulation.

2.

Either Party may terminate this Agreement with a 14-day notice period. Termination of the Agreement by a Party is equivalent to termination by it of the Main Agreement. However, the previous sentence does not apply in a situation where further provision of services by electronic means to Admin under the Main Agreement will not involve the processing on its behalf of any personal data by the Service Provider and the Main Agreement can be further performed in accordance with the Regulation (Admin's use of the so-called Admin Account without the ability to store personal data of other persons and with actual deletion of such data).

§ 4 Type of processed data and categories of persons whose data concerns

1.

The Service Provider will process data entrusted under the Agreement and the Main Agreement:

  • a) ordinary data in the form of:
    • i. first and last names,
    • ii. date of birth,
    • iii. PESEL number,
    • iv. telephone number,
    • v. e-mail address,
    • vi. first and last names of parents,
    • vii. information on payments made to Admin,
    • viii. information on the history of participation in activities, games,
    • ix. other data voluntarily provided to Admin by its Clients;
  • b) data of special categories in the form of:
    • i. health information (including injuries, diseases, convalescence status),
    • ii. special behavioral characteristics, possessed skills
    • iii. facial image,
    • iv. other data voluntarily provided to Admin by its Clients.

2.

The Service Provider will process personal data entrusted under the Agreement and the Main Agreement of:

  • i. Admin's Clients,
  • ii. Admin's Employees and persons with whom Admin cooperates on the basis of civil law contracts.

§ 5 Obligations and rights of Admin

1.

Admin declares that it processes personal data entrusted under the Agreement in accordance with applicable legal provisions, in particular in accordance with the Regulation.

2.

Admin undertakes to cooperate with the Service Provider in the scope of personal data entrusted to it for processing, including providing the Service Provider at its request with necessary information for the performance of the Agreement in accordance with applicable legal provisions, including the Regulation.

3.

Admin has the right to request from the Service Provider information necessary to demonstrate compliance with the obligations specified in the Agreement and the Regulation.

4.

Admin has the right to conduct an audit in the scope of the Service Provider's performance of obligations referred to in this Agreement. In particular, Admin may conduct an inspection or authorize an external auditor to do so. The audit should be conducted in a manner that does not hinder the Service Provider's business operations. The Parties will establish the date of the audit in writing or by e-mail with an appropriate, at least 7-day advance notice. The inspection will be conducted in accordance with applicable legal provisions.

§ 6 Obligations of the Service Provider

1.

The Service Provider undertakes to:

  • a) process data only on documented instructions from Admin – which also applies to the transfer of personal data to a third country or international organization – unless such obligation is imposed on it by European Union law or Polish law; in such case, before starting processing, the Service Provider informs Admin of this legal obligation, unless such law prohibits providing such information due to an important public interest; Admin under this agreement instructs the Service Provider to process all personal data transferred to it in accordance with the Agreement and the Main Agreement, for the purpose of implementing the Main Agreement; The Parties agree that each transfer of personal data as part of performance of obligations arising from the Main Agreement also constitutes Admin's instruction to process data by the Service Provider, unless Admin decides otherwise;
  • b) ensure that persons authorized by the Service Provider to process personal data commit themselves to maintaining confidentiality or are subject to statutory obligation to maintain confidentiality;
  • c) take all measures required under Article 32 of the Regulation (security of processing);
  • d) comply with the sub-processing conditions referred to in § 7 of the Agreement;
  • e) assist - as far as possible, taking into account the nature of processing - Admin through appropriate technical and organizational measures to fulfill the obligation to respond to requests from the data subject in the scope of exercising their rights specified in Chapter III of the Regulation (rights of the data subject);
  • f) assist - taking into account the nature of processing and information available to the Service Provider - in fulfilling by Admin the obligations specified in Articles 32–36 of the Regulation (personal data security and data protection impact assessment and prior consultation);
  • g) after the end of the provision of services related to processing, depending on Admin's decision - delete or return to it all personal data and delete all their existing copies, unless European Union law or Polish law requires storage of personal data;
  • h) make available to Admin all information necessary to demonstrate compliance with obligations specified in Article 28 of the Regulation and enable Admin or an auditor authorized by Admin to conduct audits, including inspections, and contribute to them. In connection with the obligation specified in the first sentence, the Service Provider immediately informs Admin if in its opinion the instruction given to it constitutes a violation of the Regulation or other provisions of the Union or Polish law on data protection.

2.

In connection with the obligation specified in paragraph 1 letter b) the Service Provider will allow access to personal data processing only to persons who:

  • a) have been authorized to process personal data, on the basis of a written authorization issued to them by the Service Provider;
  • b) have made a declaration of confidentiality with respect to the personal data entrusted to them.

3.

The Service Provider undertakes to:

  • a) exercise due diligence in processing entrusted personal data;
  • b) process personal data transferred to it by Admin in a manner securing them against disclosure to unauthorized persons;
  • c) ensure appropriate technical and organizational measures ensuring an adequate level of security corresponding to the risk associated with processing personal data referred to in Article 32 of the Regulation (security of processing);

4.

The Service Provider, upon discovering a personal data breach, without undue delay reports it to Admin.

§ 7 Sub-processing

1.

The Service Provider will not use the services of another processing entity without prior specific or general written consent from Admin. In case of general written consent, the Service Provider informs Admin of any intended changes concerning the addition or replacement of other processing entities, thereby giving Admin the opportunity to object to such changes.

2.

In case the Service Provider obtains consent referred to in paragraph 1, it may entrust personal data covered by this Agreement for further processing only for the purpose of proper performance of the Main Agreement.

3.

If for the performance on behalf of Admin of specific processing activities the Service Provider will use the services of another processing entity, it undertakes to impose on this entity the same data protection obligations as contained in the Agreement, in particular the obligation to provide sufficient guarantees of implementation of appropriate technical and organizational measures so that processing meets the requirements of the Regulation. If this other processing entity fails to fulfill its data protection obligations, full responsibility to Admin for fulfilling the obligations of this other processing entity rests with the Service Provider.

§ 8 Register of processing activities

The Service Provider is obliged to maintain a register of all categories of processing activities carried out on behalf of Admin.

§ 9 Principles of confidentiality

1.

The Service Provider undertakes to maintain confidentiality of all information, data, materials, documents and personal data received from Admin and from persons cooperating with it, as well as data obtained in any other way, intended or accidental, in oral, written or electronic form (hereinafter: "confidentialdata").

2.

The Service Provider declares that in connection with the obligation to maintain confidentiality of confidential data, they will not be used, disclosed or made available without Admin's written consent for any purpose other than the performance of the Agreement, unless the need to disclose the information held results from the Agreement or applicable provisions, including the Regulation.

3.

The Parties undertake to make every effort to ensure that means of communication used to receive, transmit and store confidential data guarantee security of confidential data, in particular personal data entrusted for processing, against access by third parties unauthorized to become familiar with their content.

§ 10 Addresses of the Parties

1.

The Parties declare that the residence and registered office addresses provided when establishing the Agreement are appropriate for delivery of correspondence requiring written form and undertake to notify the other Party in writing of each change of these details. In case of neglect of this obligation, correspondence sent to the last indicated address is considered properly delivered.

2.

The Parties declare that the e-mail addresses provided in this Agreement are appropriate for delivery of electronic correspondence and undertake to notify the other Party in writing of each change of these details. In case of neglect of this obligation, correspondence sent to the last indicated address is considered properly delivered.

§ 11 Final provisions

1.

The Agreement is concluded on the day Admin expresses acceptance of its content and consent to its conclusion via the IT system.

2.

Any changes and additions to this Agreement require documentary form under penalty of nullity.

3.

If any provision of the Agreement is or becomes invalid or ineffective for any reason, this does not affect the validity and effectiveness of the remaining provisions. In such a case, the Parties will replace the invalid or ineffective provisions with such that in an economic sense most closely corresponds to their original intention. Accordingly, the obligation referred to in the first sentence also applies to a situation where during the performance of this Agreement a gap arises in it requiring completion.

4.

The Agreement has been prepared in accordance with Polish law and is subject to Polish law. In matters not regulated, the provisions of Polish law and the Regulation will apply.

5.

Disputes that may arise in connection with the conclusion or as a result of the performance of this Agreement are subject to the jurisdiction of Polish courts and will be resolved by the court with jurisdiction over the Service Provider's registered office indicated in the petition of the Agreement.