Last updated: 4 September 2020
When we talk about the “Services” in this Policy, we are referring to the use of software applications and platforms made available online to customers for the purpose of tracking physical training and historical injury profiles of athletes.
MDM Systems, S.L. Labs Limited, an Irish registered company, is the service provider for all customers located within Europe, the Middle East and Africa (collectively, “EMEA”) and is the data controller of the personal data of EMEA-based customers. MDM Systems, S.L., a US company, provides the Services to customers located outside EMEA (such as those in the United States, Australia, New Zealand and Asia) and is the company responsible for the personal data of non-EMEA based customers.
What Information Does MDM Systems, S.L. Collect and Receive?
MDM Systems, S.L. may collect, store and analyze information (including personal data and sensitive personal data such as health related data) about individuals (such as athletes) whose personal data is processed by MDM Systems, S.L. during the provision of the Services to its customers (“Customer Data”). This information is controlled by MDM Systems, S.L.’s customers and is processed by MDM Systems, S.L. in accordance with the agreement for Services (“Customer Agreement”). To the extent that MDM Systems, S.L. collects, stores and analyses Customer Data, MDM Systems, S.L. does so on behalf of its customers and is a “data processor” only.
If Customer Data includes your personal data or you are using the Services by invitation of a MDM Systems, S.L. customer, whether that customer is your employer, team, another organization, or an individual, MDM Systems, S.L. collects, stores, and analyses your personal data on behalf of its customer. That customer will determine its own policies regarding the treatment of Customer Data which may apply to your use of the Services. Please check with the customer about the policies it has in place.
To provide the Service MDM Systems, S.L. also collects the following categories of data (collectively referred to as “MDM Systems, S.L. Data”) which it processes in order to provide the Services to its customers:
Account and billing information: To create an MDM Systems, S.L. account and to access the Services, customers must provide MDM Systems, S.L. with names, usernames, passwords and contact information. In addition, customers may provide billing information including bank account details to complete transactions in relation to our Services.
Services usage information: When a customer interacts with the Services, usage information is created and may include details of administrative, technical and support communications with us.
Potential employees: If you apply for a job with MDM Systems, S.L., we will receive the personal data you provide to us such as your name, address, contact information, education details and professional experience.
Customer Lead Generation Data: From time to time we may source lists of potential customers from trusted partners which may contain certain personal data.
How Does MDM Systems, S.L. Use the Information it Collects and Receives?
Customer Data will be used by MDM Systems, S.L. in accordance with customer’s instructions, including any applicable terms in the Customer Agreement, and as required by applicable law.
MDM Systems, S.L. uses MDM Systems, S.L. Data that it controls:
To provide, update, and improve our Services: This includes use of MDM Systems, S.L. Data to support delivery of the Services under a Customer Agreement, prevent or address service errors, security or technical issues, analyse and monitor usage, trends and other activities. We also use de-personalised and aggregated data generated by our customers’ use of our Services to better understand how customers are using the Services in order to improve them. This processing of MDM Systems, S.L. Data is required as a matter of contractual necessity and is also necessary for our legitimate interests which are described in more detail below.
To send emails and other communications: If you contact us, we may use your contact information to respond. We may also send service, technical and administrative emails and messages. We may also contact customers to inform them about changes in our Services, our service offerings, and important service related notices, such as security and fraud notices. These emails and messages are considered part of the Services and customers may not opt-out of them. In addition, we occasionally send emails about new product features, events or other news about MDM Systems, S.L.. These are marketing messages you can opt out of at any time. This processing of MDM Systems, S.L. Data is required as a matter of contractual necessity and is also necessary for our legitimate interests which are described in more detail below.
For billing and account management: We use account and billing information to administer accounts and keep track of billing and payments. This processing of MDM Systems, S.L. Data is required as a matter of contractual necessity and may also be required to enable us to comply with our legal obligations.
For investigating fraud and abuse: We work hard to keep the Services secure and to prevent abuse and fraud. Such processing will be in our legitimate interests of keeping the Service safe and secure.
For research: We use anonymised and aggregated data for business purposes such as performing research on specific subject-areas as well as statistical analysis and machine-learning, market analysis and producing reports. This Policy is not intended to place any limits on what MDM Systems, S.L. does with data that is anonymised and aggregated so the data is no longer associated with and can no longer be linked to an identifiable customer of the Services, or athlete whose data we have been provided with by a customer.
To screen potential new employees: We use the personal data you provide to us in a job application as part of our recruitment process.
How Does MDM Systems, S.L. Share the Information It Collects?
MDM Systems, S.L. may share information described in this Policy from time to time under certain circumstances, so we can offer you the best service possible, to run our business, or to comply with legal and regulatory obligations and to comply with any legal requests. Such sharing will also be necessary for the purposes of our legitimate interests described below.
Third Party Service Providers and other partners: MDM Systems, S.L. may provide MDM Systems, S.L. Data to vendors, service providers, and other partners including affiliates in our corporate group who help provide the Services and who will use this information only in accordance with instructions from MDM Systems, S.L. or restrictions imposed by MDM Systems, S.L.. Further information on the third parties who receive this data is available at http://www.soccersystempro.com/sub-processors.
Legal Compliance: MDM Systems, S.L. may share information in order to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
Changes to Business Structure: In the event MDM Systems, S.L. is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of MDM Systems, S.L.’s assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence). Such sharing will also be necessary for the purposes of our legitimate interests of pursuing the best arrangements for MDM Systems, S.L., its customers and staff.
Fraud and Illegal Activity: MDM Systems, S.L. may share MDM Systems, S.L. Data to enforce our rights, prevent fraud and for safety and to protect the Services and its customers. This is in order to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or other criminal activities. Such sharing may be required by law or may be necessary for the purposes of our legitimate interests described below.
To the extent that MDM Systems, S.L.’s processing of MDM Systems, S.L. Data is subject to the EU General Data Protection Regulation, we rely on a number of legal bases to collect and use information for purposes described in this Policy, including:
Where we rely on legitimate interest to process MDM Systems, S.L. Data, the legitimate interest we rely on are (i) to create, provide and maintain innovative Services; (ii) to secure our Services; (iii) to carry out direct marketing; and (iv) to recruit talented individuals.
MDM Systems, S.L. takes security seriously. We take various physical, administrative, and technological steps to store and transmit data securely. For example, all personal data is held on dedicated and encrypted servers and behind secure firewall(s). In addition to technological security measures, MDM Systems, S.L. places access controls on its employees, contractors, and other partners. Our employees are subject to strict contractual confidentiality obligations that are consistent with this Policy, and may be disciplined or terminated if they fail to meet these obligations. Despite these measures, MDM Systems, S.L. cannot guarantee that the information described in this Policy will be completely secure.
We only store MDM Systems, S.L. Data for as long as is necessary to provide our Service under the Customer Agreement or to comply with our legal and regulatory obligations. This means certain transaction data will be held for 7 years from the termination of the Customer Agreement. We may also retain certain MDM Systems, S.L. Data after an account has closed if retention is reasonably necessary to resolve disputes, prevent fraud or abuse, or enforce this Policy and our agreements with customers. Personal data relating to potential employees who are unsuccessful in securing a position of employment with MDM Systems, S.L. will not be held for any more than 12 months.
In order to provide the Services, MDM Systems, S.L. Data may be transferred internationally to our U.S.-based affiliate company or third party service providers who are located outside the European Economic Area (“EEA”). These data transfers are necessary to provide the Service and we use standard contractual clauses approved by the European Commission, and may rely on a European Commission adequacy decision about certain countries, as applicable, for data transfers from the EEA to other countries, such as New Zealand. You can request a copy of our standard contractual clauses by contacting us at firstname.lastname@example.org.
MDM Systems, S.L. no longer rely on the EU-US Privacy Shield Framework for EU-US transfers given the European Court of Justice decision on 16 July 2020,
If you are habitually resident in EMEA and your personal data is processed by us in MDM Systems, S.L. Data Limited, then you have certain statutory rights in relation to your data. Subject to exemptions provided by law you can request access to your personal data as well as seek to rectify, erase, restrict, port and object to MDM Systems, S.L. processing your personal data (including in particular a right to object where MDM Systems, S.L. relies on legitimate interests to justify its processing of your personal data). Where you have provided MDM Systems, S.L. with consent, you can revoke this consent at any time.
You can also access your personal information comprised in the MDM Systems, S.L. Data or exercise any of your rights described above by sending us a request at email@example.com. After we verify your identity, we will provide you with a copy of this personal information in a machine readable format where required by law.
Without prejudice to any other rights you also have the right to file a complaint against MDM Systems, S.L. Labs Limited with your local supervisory authority, and also with the Irish Data Protection Commissioner by contacting them at https://www.aepd.es/es
We may revise this Policy from time to time. The most current version will apply to us. We will provide notice of any changes on the website and by contacting our customers.
If you have any questions about MDM Systems, S.L.’s Policy or practices and if you are habitually resident in EMEA and wish to exercise any of your statutory rights please contact our Data Protection Officer at firstname.lastname@example.org or at the address below:
MDM Systems, S.L.
C/ Lizarreta, 21
If you have any questions about MDM Systems, S.L.’s Policy or practices and if you are based outside EMEA, please contact MDM Systems, S.L. at email@example.com or at the address below:
MDM Systems, S.L.
C/ Lizarreta, 21