Athletic User terms and conditions
Further to the terms and conditions of use of the website, by having an Athletic user account you have accepted and read the following obligations.
Data Protection Legislation
This is defined as the UK Data Protection Legislation and (for so long as and to the extent that the law of the European Union has legal effect in the UK) the General Data Protection Regulation ((EU) 2016/679) and any other directly applicable European Union regulation relating to privacy.
“Controller”, “Processor”, “Data Subject”, “Personal Data” and “Personal Data Breach” shall have the meaning given in the Data Protection Legislation.
PROCESSING BY THE ATHLETIC USER
1. SCOPE
The athletic user shall only process Personal Data in order to help recruit and/or enroll as student-athlete to their program and/or university/college.
2. PURPOSE OF THE PROCESSING
The athletic user shall process the Personal Data in order to assist in the recruitment and/or enrolment of student-athletes in their program or university/college.
3. DURATION OF THE PROCESSING
The athletic user shall continue to process the Personal Data of the Data Subjects unless there is a breach of the website T&C’s or the account has been deactivated due to inactivity.
4. TYPES OF PERSONAL DATA
- Please see our Privacy Policy – Identity Data and Contact Data
5. CATEGORIES OF DATA SUBJECT
- Student-athletes
- Perspective student-athletes
6. WARRANTIES AND OBLIGATIONS:
6.1 The athletic user by using this website shall and warrants:
(a) to ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
(b) to assist us through appropriate technical and organisational measures in the fulfilment of our obligation to respond to requests for the exercising of Data Subjects’ rights laid down in the Data Protection Legislation;
(c) to assist us in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to the athletic user;
(d) at our discretion, delete or return all the Personal Data to us after the end of the provision of services relating to the Processing, and delete existing copies except to the extent that the Data Protection Legislation or any other applicable law require otherwise.
6.2 The athletic user shall make available to us all information necessary to demonstrate compliance with its obligations under the Data Protection Legislation and allow for and contribute to audits, including inspections, conducted by us or an auditor mandated by the us, at the expense of the athletic user.
6.3 The athletic user undertakes to implement appropriate technical and organisational measures to ensure that the Processing of the Personal Data will meet the requirements of the Data Protection Legislation and protect the rights of the Data Subjects.
6.4 The athletic users will provide the relevant assurances at the request of the Controller (RightTrack) as soon as reasonably and at their own cost that they are GDPR compliant.
6.5 The athletic user shall not transfer any Personal to any third party without the prior written consent from us and then only if there is a lawful basis for such transfer under the Data Protection Legislation.
6.6 The athletic user shall not engage a processor, or another joint controller without the prior specific or general written authorisation from us.
6.7 In the case of general written authorisation, the athletic user shall inform us timeously of any intended changes concerning the addition of a processor or another joint controller, and we shall have the absolute right at its discretion to veto such engagement without having to give reasons therefor.
6.8 Furthermore, the athletic user shall, in relation to any Personal Data processed in connection with use of this website:
(a) keep the Personal Data confidential;
(b) comply with our reasonable instructions with respect to processing Personal Data;
(c) assist us in responding to any data subject access request and to ensure compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, privacy impact assessments and consultations with supervisory authorities or regulators;
(d) notify the us without undue delay on becoming aware of a Personal Data breach or communication which relates to us compliance with the Data Protection Legislation;
(e) at the written request from us to delete or return Personal Data and any copies thereof to us on ceasing to be an athletic user unless required by the Data Protection Legislation to store the Personal Data;
(f) maintain complete and accurate records and information to demonstrate compliance with these terms;
6.9 Taking into account the state of art, the cost of implementation, the nature, scope, context, and purposes of processing and the risk of varying likelihood and severity for the rights and freedoms of natural persons, the athletic shall user implement appropriate technical or organisational measures, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures. Such measures may include, where appropriate:
(a) the pseudonymisation and encryption of Personal Data;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of its systems and services;
(c) the ability to ensure the availability of and access to to Personal Data can be restored in a timely manner after an incident in the event of a physical or technical incident; and
(d) implement regular testing, assessing procedures in order to evaluate the effectiveness of the technical and organisational measures to ensure the ongoing security of Processing
7. DATA BREACH
7.1 In the event of a Data Breach occurring, the athletic user shall:
(a) notify us thereof as soon as is reasonably practicable in the circumstances;
(b) Furnish to us with as much information as possible regarding the nature of the Data Breach including where possible, the categories and approximate number of Data Subjects concerned and the categories and approximate number of personal data records concerned; and
(c) take all appropriate technical and organisational measures to limit the impact of the Data Breach and prevent it from reoccurring.
7.2 Where the Data Breach is attributable to the fault of the athletic user and it is clear that we have been fined by the supervisory authority as a result of the fault in part or in whole of the athletic user, then the athletic shall pay to us the total fine.
7.3 The athletic user shall have personal liability for and shall indemnify us for any loss, liability, costs (including legal costs), damages, or expenses resulting from any breach by the athletic or any party engaged by the athletic user of the Data Protection Legislation, and shall maintain in force full and comprehensive Insurance Policies.