Welcome to Sportlyzer! We offer software service to Clubs, Athletes and Parents. While doing so, we seek to keep personal information private and secure. Within this policy you’ll find our rules for the protection of your personal data, which is stored on Sportlyzer.
Sportlyzer is a Service held by a legal person Sportlyzer OÜ, who processes Personal data on behalf of its Users.
Users can reach Sportlyzer OÜ via support_at_sportlyzer.com or from the feature “Contact and Support” in www.sportlyzer.com.
The legal address of Sportlyzer OÜ is Narva mnt 9, Tartu, Estonia.
- Personal Data - any information relating to an identified or identifiable natural person
- User – A person (including you) using Sportlyzer’s service (who may have different roles, which are described in point 3 of Terms of Service)
- Club – A sports club or a team using Sportlyzer’s service. The club is organized by staff members (managers and/or coaches).
- Service – Sportlyzer software used by Users and Clubs and located in the web and mobile apps of Sportlyzer, including but not limited to sportlyzer.com, Coach Diary App, Player App, Parent App, Pro Player App.
- User account – Personal user account that provides access to Sportlyzer Service and through which the User identifies himself. Players entered by the Club who do not identify themselves with a password are not considered as user accounts.
- GDPR - European Union’s General Data Protection Regulation (Regulation (EU) 2016/679)
3. The purposes and legal basis for the processing
The legal basis for processing of personal data is to provide the Service in accordance with Sportlyzer’s Terms of Service. Sportlyzer may also process data upon User’s freely given, specific, informed and unambiguous consent, asking for it as appropriate. User has the right to withdraw consent at any time by deleting such data from the Service.
4. Categories of Personal Data concerned
Depending on the User type, the categories of personal data submitted to Sportlyzer may vary.
- Name and email address are required for all Users in order to access the Service.
- Other information, e.g. User’s personal information, health data, contacts, attendance data, etc. is optional and can be stored by:
- Clubs (coaches and managers) who should have independent agreements with the Users to do that;
- Users themselves who store it for their own benefit.
5. Recipients of Personal Data
If a User has a linked account with a Club in Sportlyzer, User’s Personal Data is provided to Coaches and Managers of that Club. A User should have an agreement with the Club to handle such information. Other Users cannot see Users’ Personal Data, except the list of Users who are also participating in particular training and data shared by the User to their friends in the Service. More detailed information about different User roles and their rights can be found in point 3 of Terms of Service.
Sportlyzer may review and analyze anonymous data User enters about workouts, exercise, and anything they choose to track, without a written consent, and use it for further developments of the Service and to publish it for scientific purposes.
- Sportlyzer uses sub-processors, when necessary, to offer Service to the Users, including but not limited to support, server and messaging service providers. In addition, Sportlyzer uses customer relations management software (CRM) to offer better support to Clubs, get a better overview of them and to activate them faster. The third parties needed to offer the Service are mostly located in Europe. Sportlyzer has evaluated that all the other data processors also offer sufficient data protection. Third parties are only sent the minimum required amount of data.
- Sportlyzer may disclose Personal Data or other information if required to do so by law.
6. The storage period
- Server service provider backs up data once a day and those copies are kept for 2 weeks. Sportlyzer also retains Personal Data to comply with legal obligations (i.e. billing information is retained for a period of 7 years in accordance with the Estonian accounting and taxation laws), resolve disputes and enforce agreements. Sportlyzer makes backups once a week and these are kept for 6 months.
7. The rights of the data subject
8. Data security
9. The right to lodge a complaint with a supervisory authority
If User finds that his/her rights have been violated, User has the right to submit a claim to Estonian Data Protection Inspectorate (e-mail: firstname.lastname@example.org or phone +372 627 4135) or other supervisory authority in Member State User’s habitual residence, place of work or place of the alleged infringement or court.
10. Processing of children’s data
Users under the age of 16 need to provide parental consent to use the Service. If someone under 16 has provided personal information to the Service without parental consent, reasonable efforts are used to restrict processing of such information in the Service until parental consent is attained.
11. Communication in relation to data breaches
In case of a Personal Data breach, Sportlyzer will without undue delay, and where feasible, notify the Users and authorities in accordance with applicable law.
12. Emails from Sportlyzer
Sportlyzer informs that occasional emails are sent about important events in the Service or related to it. Emails are sent to the email address User has submitted to the Service. Sportlyzer does not use User emails for sending third-party advertisements.
Sportlyzer uses third-party analytics tools (mainly Google Analytics) which helps to measure traffic and usage trends on Sportlyzer’s website. These tools collect analytics information from Users so that it cannot be reasonably used to identify any particular individual User.
For additional website usage data, Sportlyzer also uses two types of cookies - session ID cookie and language cookie. They will not be shared with any other organization.
Session ID cookie is a unique number that is assigned to a User upon webpage visit and allows to identify when a User returns to the webpage. Session ID is stored for 2 days, after which it is automatically deleted.
Language cookie is used for presetting User’s language preference while using the website. Language cookie is stored for 28 days, after which it is automatically deleted.
14. Data Controller and Data Processor
- Sportlyzer highlights that Sportlyzer does not own, control or direct the use of any of the Personal Data stored or processed by a User via the Service. Only Users are entitled to access, retrieve and direct the use of such data.
- Sportlyzer is largely unaware of what Personal Data is actually being stored or made available by a User to the Service. Sportlyzer does not directly access such data except as authorized by the User or if necessary to provide Services to the Users.
- Sportlyzer does not collect or determine the use of any Personal Data or the purposes for which Personal Data is collected, therefore Sportlyzer cannot be considered data controller in terms of the GDPR and does not have the associated responsibilities under the GDPR.
- Sportlyzer should be considered as a processor on behalf of its Users and Clubs.
- The Clubs and Users are the data controllers under the GDPR, meaning that the Clubs and Users control the manner such Personal Data is collected and used as well as the determination of the purposes and means of the processing of such Personal Data.
- Sportlyzer is not responsible for the content of the Personal Data contained or other information stored on its (or its subcontractors’) servers nor is Sportlyzer responsible for the manner in which the User processes such information.
15. Updates to this policy
If Sportlyzer makes any changes to this policy, Users are sent an email in advance. User is also notified of the changes through a notification on the website or in our mobile app.
Last update 31.10.2022.