Preliminary: for the purposes of this privacy policy, the following expressions shall have the following meaning:
BasketIQ Software: colud SaaS (Software as a Service) solution for the sports management of basketball teams with different functionalities.
BasketIQ or the Supplier (indistinctly): company that holds all the rights over the BasketIQ Software and whose data are stated below. Client or User: natural or legal person that develops an activity related to the basketball sport activity, and that contracts with BasketIQ for purposes related to his/her commercial activity, business, according to what is foreseen in the contracting conditions.
The party responsible for the processing of the personal data of the User and of the natural persons who provide their data through the Website, is the trading company BasketIQ Deporte Inteligente, S.L., with registered office at c/ Creta 67 - 28, Gran Alacant, 03130, Santa Pola (Alicante), with NIF B10825560 and duly registered in the Companies Register of Alicante in volume 4.491 , folio 12, section 8, page A-180797. Hereinafter, "BasketIQ" or the "Supplier" indistinctly. You can contact BasketIQ directly and effectively, in relation to the present privacy policy, by sending an email to the email address contact@basketiqapp.com.
BasketIQ, as Data Controller, insofar as it decides how and for what purpose the data are processed, will process the following data:
For the contracting of the services as User, we will request the name and surname, membership number, postal address and telephone number, as well as, in the case of remunerated services, the data relating to the means of payment used.
if you contact BasketIQ to request information, your name, e-mail address and telephone number may be requested.
If you contact BasketIQ to request a demo of the BasketIQ Software, you will have to provide us with the name of the club, the contact person, the position you hold in the club, e-mail and telephone number so that we can contact you in order to schedule a demo.
If you have contracted as a User, the services of BasketIQ Software, for the sports management of your team or club, BasketIQ has, in accordance with the provisions of the data protection regulations, the consideration of Data Processor, since it may have access to personal data for which you are directly responsible in order to provide you with the contracted service following your instructions.
In this case, you will be the Data Controller of this data, as you decide how and for what purpose the data of your staff members or players of your team/s are processed.
For this reason, the conditions of contracting the BasketIQ Software service include the clauses relating to the relationship of the User (Data Controller of the data of the members of his/her staff or of his/her players) with BasketIQ as Data Processor, which are detailed below.
The data processing will consist of providing the service consisting of the licence to use the BasketIQ Software object of the contracting conditions accepted electronically or subscribed to by the User.
The authorised processing operations will be those strictly necessary to achieve the purpose of the order, including, if necessary, the collection, recording, structuring, modification, conservation, extraction, extraction, consultation, communication by transmission, dissemination, interconnection, collation, limitation, deletion and destruction of data.
The User, as the Controller, guarantees that the data provided to the Supplier have been obtained lawfully and that they are adequate, relevant and limited to the purposes of the processing.
The User shall provide the Provider with all the information necessary to carry out the contracted services.
The User warns the Provider that, if he/she determines the purposes and means of the processing on his/her own, he/she will be considered the data controller and will be subject to compliance with the provisions of the applicable regulations in force as such.
The Supplier, as Data Processor, undertakes to respect all the obligations that may correspond to it as such in accordance with the provisions of current legislation and any other provision or regulation that may also be applicable to it.
The Data Processor shall not assign, apply or use the data to which it has access for any purpose other than that for which it was commissioned or which entails a breach of these conditions.
The Processor shall make available to the Controller the information necessary to demonstrate compliance with the terms of engagement, allowing the inspections and audits necessary to evaluate the processing.
The Supplier guarantees that the personnel authorised to carry out the processing have expressly undertaken in writing to respect the confidentiality of the data or that they are subject to a legal obligation of confidentiality of a statutory nature.
The Provider shall take measures to ensure that any person acting under its authority who has access to personal data may only process them on the instructions of the User or is obliged to do so under applicable law.
The Supplier guarantees that the personnel authorised to carry out the processing have received the necessary training to ensure that the protection of personal data will not be put at risk.
The Supplier represents that it is up to date with regard to the obligations arising from the data protection regulations, especially with regard to the implementation of the security measures for the different categories of data and processing set out in Article 32 of the GDPR, where applicable.
The Provider guarantees that such security measures will be properly implemented and will cooperate with the User to ensure compliance.
The User shall carry out an analysis of the possible risks arising from the processing to determine the appropriate security measures to guarantee the security of the processed information and the rights of the data subjects and, if it determines that risks exist, shall send the Provider a report with the impact assessment so that it can proceed with the implementation of appropriate measures to prevent or mitigate them.
The Provider, for its part, shall analyse the possible risks and other circumstances that may have an impact on security that are attributable to it, and shall inform the User, if any, in order to assess their impact.
Security breaches of which the Provider becomes aware must be notified, without undue delay and within a maximum of 24 hours, to the User for his/her knowledge and implementation of measures to remedy and mitigate the effects caused. Notification is not required where it is unlikely to result in a risk to the rights and freedoms of natural persons.
The notification of a security breach shall contain, as a minimum, the following information:
- Description of the nature of the security breach.
- Categories and approximate number of data subjects affected.
- Categories and approximate number of data records affected.
- possible consequences
- Measures taken or proposed to be taken to remedy or mitigate the impact.
- Contact details where further information can be obtained (Data Protection Officer, Security Officer, etc.).
- When the security breach has occurred under the responsibility of the Provider, the User may oblige the Provider to notify the Supervisory Authority and, if necessary, to communicate it to the affected data subjects.
The Supplier may not communicate the data to other recipients, unless it has obtained prior authorisation in writing or through the Software to share such data with other users of the Software with whom it collaborates.
The transmission of data to Public Authorities in the exercise of their public functions is not considered data communications, and therefore the User's authorisation is not required if such transmissions are necessary to achieve the purpose of the assignment.
The User expressly authorises the Supplier to carry out data transfers to third countries or international organisations not established in the EU, but exclusively for the provision of the contracted services and only to territories that have an adequate level of data protection, by means of the corresponding Adequacy Decision issued by the European Commission.
The User expressly and generally authorises the Supplier to subcontract to a third party (sub-processor) the performance of any data processing entrusted to it by reason of the services contracted. The Supplier, in the event of using a sub-processor to carry out certain processing activities on behalf of the User, shall impose on the sub-processor, by signing the relevant processing contract, the same obligations as those stipulated herein, and in particular, the provision of sufficient guarantees of the implementation of appropriate technical and organisational measures so that the processing is in compliance with the provisions of the GDPR. Should the sub-processor fail to comply with its data protection obligations, the Supplier shall remain fully liable to the Processing User for compliance with the sub-processor's obligations.
The Provider shall, wherever possible and taking into account the nature of the processing, create the necessary technical and organisational conditions to assist the User in his/her obligation to respond to requests for data subject rights.
In the event that the Provider receives a request for the exercise of such rights, it shall inform the User immediately and in no case later than the working day following receipt of the request, together with any other information that may be relevant to resolving the request.
When the data are processed exclusively with the Provider's systems, it shall resolve, on behalf of the User, and within the established period, the requests received for the exercise of the data subject's rights in relation to the data subject of the order, without prejudice to informing the User in accordance with the provisions of the previous paragraph; namely, the rights of access, rectification, erasure and portability of data and those of limitation or opposition to processing, and, if applicable, not to be subject to automated individualised decisions.
Pursuant to article 82 of the RGPD, the Provider shall be liable to the User for any damages caused to data subjects or third parties, including administrative sanctions, arising from judicial or extrajudicial claims or sanctioning procedures by the Control Authority, which are a consequence of non-compliance with the instructions assumed in this document.
Once the provision of the contracted service has ended, the Provider shall certify, at the User's choice, the deletion or return of all personal data and existing copies.
The deletion of data will not proceed when its conservation is required by a legal obligation, in which case the Provider will proceed to the custody of the same, blocking the data and limiting its processing insofar as responsibilities may arise from its relationship with the User.
The Supplier shall maintain the duty of secrecy and confidentiality of the data even after the end of the contractual relationship.
The purposes of the processing of your personal data as a "Data Subject", understood as a natural person who provides information to BasketIQ as Data Controller that identifies you or makes you identifiable, as well as the legal basis that legitimises such processing, are listed below.
We collect your data as a User to enable the provision of the contracted service and for the sending of notifications related to the service, as well as to manage the invoicing and payment of the service.
We may also process your personal data to send commercial communications about BasketIQ's services, if you have not objected to it, both at the time of collecting your data and at any subsequent time.
We remind you that you have the right to object to the sending of commercial communications at any time.
The legal basis for the processing of your data for the provision of the service, management of invoicing, payment and sending of notifications about the service is the execution of a contract or pre-contract to which you are a party as a data subject.
The legal basis for sending commercial communications about BasketIQ services, if you have contracted any of our services, is the legitimate interest of BasketIQ for direct marketing purposes.
In case you request information through any of the means that BasketIQ makes available to you or to carry out a demo of BasketIQ Software (chat, forms, etc.), identifying data such as your name, telephone number and/or e-mail address will be collected, with the purpose of attending your request, on the basis of BasketIQ's legitimate interest.
We will send you commercial communications, as long as you have subscribed to the Newsletter or in any other way, you have consented to such purpose in an informed, free, unequivocal and specific manner on the legal basis of the provision of such consent, and by means of a clear affirmative action, such as the ticking of a box or checkbox.
The personal data provided will be kept for as long as there is a mutual interest in maintaining the purpose of the processing and for the period of time for which liabilities may arise from the services provided to the Data Subject (6 years for accounting books, invoices, etc., according to art. 30 of the Commercial Code; 5 years for exercising personal actions without special time limit according to art. 1.964 Civil Code; 4 years for tax obligations according to arts. 66 et seq. of the General Tax Law, etc.).
When it is no longer necessary for such purposes, it shall be deleted with appropriate security measures to ensure the pseudonymisation of the data or its total destruction.
A recipient is any natural or legal person, public authority, service or other body to whom personal data is communicated, whether or not it is a third party.
Your data will not be communicated to any other third party outside BasketIQ, unless there is a legal obligation or you have expressly authorised it.
There are data processors, understood as entities that process the personal data under BasketIQ's responsibility, following its instructions, as service providers necessary for the provision of the service requested by the Interested Party, with whom BasketIQ has signed a contract of data processing assignment in accordance with the provisions of the applicable regulations on data protection.
International data transfers involve a flow of personal data from Spanish territory to recipients established in countries outside the European Economic Area (the countries of the European Union plus Liechtenstein, Iceland and Norway).
BasketIQ does not carry out international data transfers in the processing.
You are entitled as a Data Subject to exercise the following rights that the data protection regulations recognise you, in accordance with the provisions thereof:
- Right to revoke at any time the consent given for the processing of such data, when the basis of legitimacy of the processing is based on that consent.
- Right of ACCESS to the personal data processed by BasketIQ.
- Right to request the RECTIFICATION of inaccurate data processed by BasketIQ.
- Right to request the DELETION of the data, when, among other reasons, the data are no longer necessary for the purposes for which they were collected by BasketIQ.
- In certain circumstances, the LIMITATION OF THE TREATMENT of the data may be requested, in which case BasketIQ will only keep them for the exercise or defence of claims.
- In certain circumstances and for reasons related to your particular situation as a data subject, you may exercise your right to OPPOSE the processing of the data. In this case, BasketIQ will stop processing the data, except for compelling legitimate reasons, or the exercise or defence of possible claims.
- In certain circumstances and for reasons related to your particular situation as a Data Subject, you may request the right to the PORTABILITY of the data. This is a complementary right to the right of access, as it allows you to obtain the data provided to BasketIQ in a structured, commonly used and machine-readable format, which may be transmitted directly to another entity upon request of the Data Subject.
You will be able to exercise such rights by any means that leaves a record of its sending and receipt, clearly expressing your will in such sense and enclosing a copy of your ID card and/or any other documentation accrediting your identity, by writing to the e-mail or postal address indicated above. Furthermore, in the event that you consider that any of your data protection rights have been infringed, you are entitled to file a complaint with the Spanish Data Protection Agency (AEPD), located at C/ Jorge Juan, 6, 28001-Madrid https://www.aepd.es/ or through the electronic headquarters of the AEPD: https://sedeagpd.gob.es/sede-electronica-web/.
With the aim of safeguarding the security of the personal data of the Interested Parties, it is hereby informed that BasketIQ has adopted all the technical and organisational measures necessary to guarantee the security of the personal data supplied.
All this to avoid its alteration, loss and/or unauthorised processing or access, as required by law, although absolute security does not exist.
We also inform you that the data of the Interested Parties will be treated with the utmost care and confidentiality by all personnel involved in any of the phases of the processing.
In order to keep the Stakeholder's personal data up to date, the Stakeholder has the possibility of modifying or rectifying the same through its user profile or by contacting BasketIQ.
At present, BasketIQ does not use data storage and recovery devices (cookies) in the users' devices that are not of a technical nature for the sole purpose of carrying out the transmission of a communication through an electronic communications network or, to the extent that it is strictly necessary, for the provision of the BasketIQ Software service expressly requested by the interested party.
In the event that BasketIQ is going to use in the future such data storage and retrieval devices, clear and complete information shall be provided about them and the consent of the Interested Party shall be obtained by means of the use of the appropriate parameters of the Website.
BasketIQ may modify at any time the privacy policy determined herein, being duly published as it appears here. The validity of the aforementioned privacy policy will depend on its exposure and will be in force until it is modified by another duly published.
