- Personal data refers to any information relating to an identified or identifiable natural person (“data subject”), where this identification can be made directly or indirectly, by means of identifiers such as your name, identification number, email address, phone number, online identifiers such as cookies in some circumstances, your location, your genetic, economic, cultural or social identity or other information that is specific to you.
- As a data controller, we commit ourselves to protecting the privacy of our website visitors and users of our products and services with respect to the processing of your personal data.
- Where we collect and process your personal data, we will limit the collection and retention to what is adequate, relevant and necessary for our purposes and it will be kept in a form which allows for your identification no longer than necessary for the purpose for which we process your personal data. We refer to this as data minimisation.
- Where we store your personal data for longer periods for statistical purposes, as permitted, we will use appropriate safeguards. Applicable law defines ‘statistical purpose’ as any collection of personal data, where the result of processing is for aggregate data, so the personal data we collect from you is anonymized or pseudonymized. For example, the processing of your personal data may be for the business-related process of counting users, products, sales and various metrics. We also share statistical data that has been anonymized and aggregated geographically and so, cannot be used to identify individuals, with third parties for trend analytics.
- Our policy provides you with the legal bases for the collection of your personal data, lets you know how long personal data is stored and the reasons why, and how in some circumstances, they are necessary to retain.
- Some of the legal bases we rely on are contractual and service necessity, consent, legitimate interests and compliance with legal obligations.
Disclosing Your Personal Data to Third Parties.
Disclosure to third parties: We are required to disclose your personal data to unrelated third
parties in limited circumstances:
- where necessary to satisfy a legitimate government request or order;
- in compliance with a legal requirement by a court of law or in the public interest;
- in response to a third-party subpoena, if we believe on the advice of our attorneys that we are required to respond;
- if we obtain your permission; or
- if necessary to defend ourselves or our users (for example, in a lawsuit).
- We reserve the right to store and use the information collected by our software. We may publish or share that information with third parties that are not part of the UAB ,,Top Sport”, but we will only ever do so after anonymizing the data.
- Disclosure to third parties: We are required to disclose your personal data to unrelated third parties in limited circumstances:
Storage, Retention, and Deletion of Your Personal Data.
- Storage of Information. We store information that we collect on our servers or on the servers of our subsidiaries, affiliates, contractors, representatives, contractors, agents who are working on our behalf. The data on our servers can only be accessed from our physical premises, or via an encrypted virtual private network (“VPN”). Access is limited to authorised personnel only, and company networks are password protected, and subject to additional policies and procedures for security.
- Access by our contractors. We or our contractors, subsidiaries, affiliates, representatives, agents who are working on our behalf undertake regular maintenance of your personal data. All third parties must agree to observe the privacy of our users, and to protect the confidentiality of their personal information. This means your personal data cannot be shared with others, and there must be no direct marketing by the third parties.
- For each type of data, we set retention timeframes based on the reason for its collection and processing. Some data you can delete whenever you like, and some data is deleted automatically as soon as we do not need it for our legitimate business or legal purposes. We do not delete data that we need for our legitimate or legal purposes, even upon request, until the purposes expire. We also take steps to anonymize certain data within set time periods. For example, we strive to anonymize IP Addresses by substituting city and country after some period.
- When the data is deleted, we remove it from our servers or retain it only in anonymized form.
The following describes why we hold onto different types of data for different periods of time.
- We keep your data for the life of your account, if it’s necessary for the service (such as for billing, support, communication) or if it helps us understand how users interact with our features and how we can improve our services.
- If you registered an account with us, we will keep data in your account until you choose to delete the account, or we will delete unnecessary information after your last active action made in the account after 4 years. The period can be limited to the 2 years if no action was ever made in your account from the first day of your account activation .
- If you subscribe to a recurring newsletter, we will keep your information to continue to fulfil your subscription request. In the case of the the Support Portal, or news and blogs, your account data is kept active until you delete it.
We have business and legal requirements that require we retain certain personal data, for
specific purposes, for an extended period of time. For example, when our authorized partner
processes a payment for you, or when you make a payment, your data will be retained for as long
as required for tax or accounting purposes. Reasons we might retain some data for longer periods
of time include:
- Security, fraud & abuse prevention
- Financial record-keeping
- Complying with legal or regulatory obligations, including for investigations, enforcement, or when legally actionable
- Direct communication with you and our authorized partners, such as for service activation, billing, support, and marketing.
- Safeguards for protection of personal information We maintain administrative, technical, and physical safeguards for the protection of your personal data.
- Administrative safeguards. Access to the personal data of our users is limited to authorized personnel who have a legitimate need to know based on their job descriptions, for example, employees who provide technical support to end users, or who service user accounts. In the case of third-party contractors who process personal information on our behalf, similar requirements are imposed. These third parties are contractually bound by confidentiality clauses, even when they leave. Where an individual employee no longer requires access, that individual's credentials are revoked.
- Technical safeguards. We store your personal information in our database using the protections described above. We use high-quality antivirus and anti-malware software,firewall and regularly update our virus definitions. Third parties who we hire to provide services and who have access to our users' data are required to implement privacy and security practices that we deem adequate.
- Physical safeguards. Access to user information in our database by Internet is not permitted except using an encrypted virtual private network (VPN). Otherwise, access is limited to our physical premises. Physical removal of personal data from our location is forbidden. Third-party contractors who process personal data on our behalf agree to provide reasonable physical safeguards.
- Proportionality. We strive to collect no more personal data from you than is required by the purpose for which we collect it. This, in turn, helps reduce the total risk of harm should data loss or a breach in security occur: the less data we collect, the smaller the overall risk.
- Notification in the event of breach. In the unlikely event of a breach in the security of personal data, we will notify all users who are actually or potentially affected. We may tailor the method of notice depending on the circumstances. Where the only contact information that we have for you is an email address, then the notification will necessarily be by email. We reserve the right to delay notification if we are asked to do so by law enforcement or other authorities, or if we believe that giving notice immediately will increase the risk of harm to our user body overall.
Residents of the Russian Federations
- We collect and process personal data on the territory of the Russian Federation in strict compliance with the applicable laws of the Russian Federation. We collect and process personal data (including sharing it with third parties) only upon the consent of the respective individuals, unless otherwise is provided for by the laws of the Russian Federation. You will be asked to grant your consent by ticking the respective box / or clicking “I accept” button or through similar mechanism prior to having access to the site, and/or when submitting or sharing the personal data we may request. We collect and use your personal data only in the context of the purposes indicated in the consent to processing of personal data.
- We (directly or through third party contractors specifically authorized by us) collect, record, systematize, accumulate, store, actualize (update and amend), extract personal data of the Russian Federation citizens with the use of databases located on the territory of the Russian Federation, except as otherwise permitted by Russian data protection legislation. We may process personal data of Russian citizens using databases located outside of the Russian Federation subject to compliance with Russian data protection legislation.
- We undertake all the actions necessary to ensure security of your personal data. You are legally entitled to receive information related to processing your personal data. To exercise this right, you have to submit a request by e-mail at: firstname.lastname@example.org with the headline “PRIVACY REQUEST” in the message line.
- You have the right to revoke the consent at any time by sending us an e-mail at: email@example.com with the headline “PRIVACY REQUEST” in the message line. Once we receive the revocation notice from you we will stop processing and destroy your personal data, except as necessary to provision the contract or service to you. However, please note once you have revoked your consent, we may not be able to provide to you the products and services you request, and may not be able to ensure proper work of our products.
- We do not transfer your personal data to the countries that under Russian law are not deemed to provide adequate protection to the individuals’ rights in the area of data privacy.
- We do not offer, sell or otherwise make available our products or services that have access to, collect and process (or allow us to do the same) personal data of third parties in the Russian Federation without the consent of such third parties.
- If any provisions of this Policy contradict the provisions of this section, the provisions of this section shall prevail.
Your California Privacy Rights.
- Under California Civil Code § 1798.83, we are required to disclose to consumers the following information upon written request: (1) the categories of personal information that we have disclosed to third parties within the prior year, if that information was subsequently used for marketing purposes; and (2) the names and addresses of all such third parties to whom such the personal information was disclosed. California residents seeking additional information on this requirement or our privacy practices in general may write to us at firstname.lastname@example.org with the headline “PRIVACY REQUEST” in the message line.
- Residents of the Russian Federations
- Where the changes are major, we will notify you by email if you have an Top Sport account or through posts on our website.
What we use in mobile app(s)
- Firebase Analytics SDK. It is a service that helps us understand our users and how they use apps including information about interactions with the user's mobile applications. Firebase uses identifiers for advertising on mobile applications (for example, Android Advertising ID and Identifier for Advertisers for iOS - IDFA), and we will collect the AAID and IDFA for these above-mentioned purposes. Users who wish to opt-out of the AAID and IDFA advertisement tracking can do so through device advertising settings for mobile apps within your device and users who wish to avoid tracking by Firebase can opt-out in application settings. Data which collected will be transmitted to and stored by Google on servers globally. You can find more information here: https://firebase.google.com/support/privacy/
- Fabric SDK. To improve the stability of mobile applications, we use crash reporting services to collect information about the devices that you use and your use of our applications (for example the timestamp of when you launched the application and when the crash occurred) which enables us to diagnose and resolve problems. This allows us to deliver to you stable, functioning services and improve our applications in the future. The data collected does not contain any information and improve our applications in the future. The data collected does not contain any information which can personally identify you. The data will be transmitted to and stored by Google (Firebase Crash Reporting and Fabric Crashlytics) on servers globally. You can find more information here: https://firebase.google.com/support/privacy/ ; https://policies.google.com/privacy
- Google Our apps use Google Analytics to allow us to understand how our users use and interact with our products and how to improve our products. Where our apps use Google Analytics for Apps or the Google Analytics for Firebase SDKs, Google Analytics collects an app-instance identifier — a randomly generated number that identifies a unique installation of an app. Whenever a user resets their Advertising Identifier (Advertising ID on Android, and ID for Advertisers on iOS), the app-instance identifier is also reset. Where our apps have implemented Google Analytics with other Google Advertising products, like AdWords, additional advertising identifiers may be collected. Google Analytics also collects Internet Protocol (IP) addresses to provide and protect the security of the service, and to give us a sense of which country, state, or city in the world our users come from (also known as "IP geolocation"). We do implement measures and best practices in order to avoid sending personal data when collecting Analytics Data such as: Safeguarding our data, IP Anonymization, IP masking, data retention, user deletion and access management. You can get more information here: https://support.google.com/analytics/answer/6004245 ; https://policies.google.com/privacy
- Contacting Us Please send all Your inquires related to the Data Privacy to email@example.com with headline “PRIVACY”