Privacy Policy

Welcome to Sportlyzer! We offer software service to Clubs, Athletes and Parents. While doing so, we seek to keep personal information private and secure. Within this policy you’ll find our rules for the protection of your personal data, which is stored on Sportlyzer.

1. Introduction

Sportlyzer is a Service held by a legal person Sportlyzer OÜ, who processes Personal data on behalf of its Users.

Users can reach Sportlyzer OÜ via support_at_sportlyzer.com or from the feature “Contact and Support” in www.sportlyzer.com.

The legal address of Sportlyzer OÜ is Narva mnt 9, Tartu, Estonia.

2. Definitions

  • Personal Data - any information relating to an identified or identifiable natural person
  • User – A person (including you) using Sportlyzer’s service (who may have different roles, which are described in point 3 of Terms of Service)
  • Club – A sports club or a team using Sportlyzer’s service. The club is organized by staff members (managers and/or coaches).
  • Service – Sportlyzer software used by Users and Clubs and located in the web and mobile apps of Sportlyzer, including but not limited to sportlyzer.com, Coach Diary App, Player App, Parent App, Pro Player App.
  • User account – Personal user account that provides access to Sportlyzer Service and through which the User identifies himself. Players entered by the Club who do not identify themselves with a password are not considered as user accounts.
  • GDPR - European Union’s General Data Protection Regulation (Regulation (EU) 2016/679)

3. The purposes and legal basis for the processing

The legal basis for processing of personal data is to provide the Service in accordance with Sportlyzer’s Terms of Service. Sportlyzer may also process data upon User’s freely given, specific, informed and unambiguous consent, asking for it as appropriate. User has the right to withdraw consent at any time by deleting such data from the Service.

4. Categories of Personal Data concerned

Depending on the User type, the categories of personal data submitted to Sportlyzer may vary.

  • Name and email address are required for all Users in order to access the Service.
  • Other information, e.g. User’s personal information, health data, contacts, attendance data, etc. is optional and can be stored by:
    • Clubs (coaches and managers) who should have independent agreements with the Users to do that;
    • Users themselves who store it for their own benefit.

5. Recipients of Personal Data

If a User has a linked account with a Club in Sportlyzer, User’s Personal Data is provided to Coaches and Managers of that Club. A User should have an agreement with the Club to handle such information. Other Users cannot see Users’ Personal Data, except the list of Users who are also participating in particular training and data shared by the User to their friends in the Service. More detailed information about different User roles and their rights can be found in point 3 of Terms of Service.

Sportlyzer may review and analyze anonymous data User enters about workouts, exercise, and anything they choose to track, without a written consent, and use it for further developments of the Service and to publish it for scientific purposes.

Except as described in this Privacy Policy, Sportlyzer will not intentionally disclose (personal) data that is stored in the Service to any other third parties without User’s freely given, specific, informed and unambiguous consent. Sportlyzer may disclose information to third parties if a User gives consent for doing so, as well as in the following circumstances:

  • Sportlyzer uses sub-processors, when necessary, to offer Service to the Users, including but not limited to support, server and messaging service providers. In addition, Sportlyzer uses customer relations management software (CRM) to offer better support to Clubs, get a better overview of them and to activate them faster. The third parties needed to offer the Service are mostly located in Europe. Sportlyzer has evaluated that all the other data processors also offer sufficient data protection. Third parties are only sent the minimum required amount of data.
  • Sportlyzer may disclose Personal Data or other information if required to do so by law.

6. The storage period

  • Where Sportlyzer no longer needs to store Personal Data for the purposes set out in this Privacy Policy, all Personal Data will be deleted from Sportlyzer’s servers after account has been inactive (the account has no been logged into) for 12 months. This only affects User accounts that are not associated with any club, and inactive club manager accounts in inactive club.
  • Server service provider backs up data once a day and those copies are kept for 2 weeks. Sportlyzer also retains Personal Data to comply with legal obligations (i.e. billing information is retained for a period of 7 years in accordance with the Estonian accounting and taxation laws), resolve disputes and enforce agreements. Sportlyzer makes backups once a week and these are kept for 6 months.

7. The rights of the data subject

  • Users have the right to access their Personal Data stored in Sportlyzer any time, by logging into their account or accessing it from the mobile apps. Users have the right to correct or update their account information any time by accessing their account. Users have the right to require erasure of their account/data in Sportlyzer. To delete an account, User can contact Sportlyzer by sending an email/message as set forth in point 1 of this Privacy Policy and Sportlyzer will delete all data concerning User’s account. Sportlyzer deletes the account (including Personal Data) within 30 days after receiving the request. If User’s account is linked with a Club, User should ask their Club to delete their data.
  • Users have the right to object to the processing of their Personal Data by sending Sportlyzer an email as set forth in point 1 of this Privacy Policy with their objection. Users also have the right to restrict processing of the data whilst complaints (for example, about accuracy) are resolved, or if the processing is unlawful, but the User objects to erasure. Further instructions and activities rely upon the specific request. Accounts are mainly linked with a Club and the processing is often required by the Club to provide their services.
  • Users have the right to export their data from Sportlyzer. They can export most of their data themselves. For any other requests User should contact Sportlyzer by email as set forth in point 1 of this Privacy Policy. Sportlyzer exports data in structured, commonly used and machine-readable format (i.e. in CSV or Excel, or if possible, in XML). Sportlyzer exports data within 30 days after receiving the request.

8. Data security

Sportlyzer maintains appropriate administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in Sportlyzer’s possession. This includes, for example, password protection, resilience of processing systems, backing up Personal Data and https connection with encryption. Please note that Sportlyzer cannot guarantee full security for unauthorized entry or use of User’s account password or User’s software or hardware failure. If User believes that their personal data has been compromised, they should contact Sportlyzer immediately as set forth in point 1 of this Privacy Policy.

9. The right to lodge a complaint with a supervisory authority

If User finds that his/her rights have been violated, User has the right to submit a claim to Estonian Data Protection Inspectorate (e-mail: info@aki.ee or phone +372 627 4135) or other supervisory authority in Member State User’s habitual residence, place of work or place of the alleged infringement or court.

10. Processing of children’s data

Users under the age of 16 need to provide parental consent to use the Service. If someone under 16 has provided personal information to the Service without parental consent, reasonable efforts are used to restrict processing of such information in the Service until parental consent is attained.

11. Communication in relation to data breaches

In case of a Personal Data breach, Sportlyzer will without undue delay, and where feasible, notify the Users and authorities in accordance with applicable law.

12. Emails from Sportlyzer

Sportlyzer informs that occasional emails are sent about important events in the Service or related to it. Emails are sent to the email address User has submitted to the Service. Sportlyzer does not use User emails for sending third-party advertisements.

13. Cookies

Sportlyzer uses third-party analytics tools (mainly Google Analytics) which helps to measure traffic and usage trends on Sportlyzer’s website. These tools collect analytics information from Users so that it cannot be reasonably used to identify any particular individual User.

For additional website usage data, Sportlyzer also uses two types of cookies - session ID cookie and language cookie. They will not be shared with any other organization.

Session ID cookie is a unique number that is assigned to a User upon webpage visit and allows to identify when a User returns to the webpage. Session ID is stored for 2 days, after which it is automatically deleted.

Language cookie is used for presetting User’s language preference while using the website. Language cookie is stored for 28 days, after which it is automatically deleted.

14. Data Controller and Data Processor

  • Sportlyzer highlights that Sportlyzer does not own, control or direct the use of any of the Personal Data stored or processed by a User via the Service. Only Users are entitled to access, retrieve and direct the use of such data.
  • Sportlyzer is largely unaware of what Personal Data is actually being stored or made available by a User to the Service. Sportlyzer does not directly access such data except as authorized by the User or if necessary to provide Services to the Users.
  • Sportlyzer does not collect or determine the use of any Personal Data or the purposes for which Personal Data is collected, therefore Sportlyzer cannot be considered data controller in terms of the GDPR and does not have the associated responsibilities under the GDPR.
  • Sportlyzer should be considered as a processor on behalf of its Users and Clubs.
  • The Clubs and Users are the data controllers under the GDPR, meaning that the Clubs and Users control the manner such Personal Data is collected and used as well as the determination of the purposes and means of the processing of such Personal Data.
  • Sportlyzer is not responsible for the content of the Personal Data contained or other information stored on its (or its subcontractors’) servers nor is Sportlyzer responsible for the manner in which the User processes such information.

15. Updates to this policy

If Sportlyzer makes any changes to this policy, Users are sent an email in advance. User is also notified of the changes through a notification on the website or in our mobile app.

Last update 31.10.2022.

Need help? Contact us now