PRIVACY POLICY


At SPORTTRIBE LTD (“SPORTTRIBE”) we understand that your privacy is important to you and that you care about how your personal data is used. We will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the applicable local legislation, the Data Protection Legislation, and the Privacy and Electronic Communications (“EC Directive”) Regulations 2003 and the- EU Regulation No. 2016/679 the General Data Protection Regulation (collectively “GDPR”). This Privacy Notice sets out the basis on which we may collect, use, or otherwise process personal data via our website https://checkmat.cy/  (“Website”), downloadable software, mobile applications, desktop applications, content, features, timetables, schedules, function and/or via any other services provided by us, (mainly acting as a Brazilian Jiu Jitsu school), if such services are provided and on which a link to this Privacy Notice is displayed, and/or all other communication with you through written or oral means, such as email, chat or phone (collectively the “Services”) when you use our Services and the choices you have associated with that personal data. Kindly be informed that SPORTTRIBE LTD is the exclusive legal owner of the commercial rights to the name CHECKMAT JIU JITSU' including all associated uses and applications within the scope of business and branding activities with registration number EE60711a.

Please note that this Privacy Notice is addressed to our prospective, current, and former clients or third-party contractors. If you are, were, or may be a potential, current and former employee or third-party contractor your personal data will be used in accordance with a separate privacy notice.

We use your personal data to provide and improve our Services. Accepting this Privacy Notice is deemed to occur upon your first use of our Website and any of the Services.

 

1.    WHO WE ARE

SPORTTRIBE, a limited by shares company, incorporated and registered in the Republic of Cyprus under company registration number ΗΕ463648 and has our main business office at 74 Pafou, 3051 Limassol, Cyprus (hereinafter “SPORTTRIBE”) is the Controller and responsible for the personal data you disclose to us to make use of our Services.

We have offices and entities located in Cyprus, when we mention “SPORTTRIBE”, “Company”, “we” or “us” in this Privacy Notice we are referring to the relevant company responsible for collecting and/or processing your personal data when you use the Services. SPORTTRIBE respects your privacy and is committed to protecting your data, which it collects and/or has access to.

 2.    DATA COLLECTIONS AND PROCESSING

We may collect, process, store, and transfer different kinds of personal data about you for various purposes in order to be able to provide and improve our Service to you. Depending upon your use of the Service we may collect some or all the personal data set out below as follows. Please also see the Cookies Section for more information about our use of Cookies and similar technologies.

  • Identity Data includes first name, last name, patronymic (if available), date of birth gender, passport, ID, Driver’s number, and copy of photo.
  • As part of our registration process, we may collect personal data about your children, including their names, age, height, sex, and medical information, to deliver Jiu-Jitsu training in a professional and safe manner. This information will be provided by you through signed consent forms during the registration process for our school. Contact Data includes billing address, email address, and telephone numbers.
  • Financial Data includes bank account and payment card details
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting, and location, browser plug-in type and versions, operating system and platform, and other technologies on the devices you use to access the Website and use of cookies stored on your device.
  • Usage Data includes information about how you use the Website, products and Services, and IP history.
  • Data in KYC (Know your customer) includes identity document information, including copies of recently dated Utility Bills, Identity Cards, Passports, and/or Driver’s License, Tax Identification Numbers (TIN).
  • Location Data includes details on your actual location when interacting with our Website (for example, a set of parameters that determine regional settings of your interface, namely residency country, time zone, and the interface language).
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Audio Data includes full voice recordings of calls that you receive from us or make to us.
  • Aggregated Data includes statistical or demographic data for any purpose. Such data can be derived from your data but may not be considered personal data in law as it will not directly or indirectly reveal your identity. An example of such Aggregated Data could be that we aggregate your Usage Data to calculate the percentage of users accessing a specific website feature and/or services/product preference. Notwithstanding the above, if the Company combines Aggregate Data with data in a way that the result can in any way identify the data subject, the Company shall treat such combined data as data which will be treated as per the provisions herein contained.

(the above collectively referred to as “personal data”)


Our Website is not intended for individuals under the age of 18, and we do not knowingly collect personal data from children through the website. However, our Brazilian Jiu-Jitsu school services are available to individuals under 18, and we may receive and process information about your children, such as their personal data, strictly to provide our training services as described in this Privacy Policy.

 3.    PROCESSING OF YOUR DATA

Processing of your personal data is carried out by SPORTTRIBE following the principles of lawfulness, fairness, transparency and always adhering to the intended purpose of data processing, the principle of data minimization, accuracy, limited data storage, data integrity, confidentiality, and accountability. SPORTTRIBE may process your personal data for any of the following reasons or as per the registrations forms provided and signed by you during the registration process to our Jiu Jitsu school:

  • To perform its contract with you and or your children,
  • To perform compliance checks, such as verification of your identity, and helping to detect fraudulent or malicious activity on our website or services,
  • To maintain our accounts and records,
  • To manage our business needs, such as monitoring, analyzing, and improving the services and the Website’s performance and functionality,
  • To comply with all applicable laws and regulations; and/or
  • to safeguard our legitimate interests and your interests and fundamental rights do not override those interests.
  • to tailor and personalize our marketing communications based on your attributes.
  • We process your personal data to send direct marketing of our Services to you, always within the boundaries of our legitimate interests. For example, we might use your personal data to send you newsletters, push messages, and calls to keep you in touch with our new features and new developments of the current products/services we offer, news and events, and the efficient provision of the full scope of our Services. We will also use your data to send you marketing information regarding our services that we believe may be of interest to you via email or otherwise. This processing is necessary for our legitimate interests (to provide effective and personalized customer services to you and to update you in relation to the Services that are available to you. If you don't want to receive any marketing newsletters or transmit your data to third parties for marketing purposes, nor to receive notifications for updates, you can contact us using the CONTACT DETAILS BELOW.

    4.        DATA RETENTION

We will not keep your personal data for any longer than is necessary considering the reason(s) for which it was first collected in accordance with this Privacy Notice. To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting and other requirements.

To comply with the applicable legal, regulatory, tax, and accounting requirements we keep your personal data for a minimum period of 7 years from the date our business relationship is terminated. We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate business purposes, such as responding to queries or complaints, fighting fraud and financial crime, and responding to requests from regulators.
At the expiration of the personal data retention period, the personal data is erased by irreversible destruction and we also inform all third parties, to whom the personal data was transferred, regarding such erasure and request the implementation of similar actions on their part.

 5.    DATA SECURITY

We protect your personal data by adhering to industry standard regulations on data protection by categorizing them into data types (e.g. technical, personal data, cookie data, etc) while applying relevant protection processes and due diligence procedures. Therefore, we apply appropriate technical and organizational controls to protect your data, including secure computer systems adopting least privilege access in order to prevent unauthorized access, disclosure, modification, or destruction of personal data.

Protection of your personal data in our infrastructure. We make it a priority to develop Services that are secure "by default". The "default" security of our Services means that every new service and features are designed with strict security requirements in mind before we even begin development. This is the key to guaranteed protection and privacy of all personal data that our Services handle and store, once the service or new feature is released.

 

SPORTTRIBE is always vigilant about the Security of the personal data stored in our infrastructure. Because of that, we locate all our equipment used for your personal data processing in secure personal data centers. Network access to this equipment is isolated from the Internet. We use network segmentation for the isolation of Services that need different levels of security from each other. In addition, we restrict logical access to the personal data of our employees on "need-to-know" basis. So, only personnel, who really require access to the personal data for the purpose of providing you with our best Service, will have access to it.


Threats protection:

 

SPORTTRIBE is highly knowledgeable about modern threats to personal data security and privacy, and we are well prepared to combat them. All events that occur in our infrastructure are continuously monitored, analyzed, and responded to, which allows us to ensure proper protection of your personal data, keeping it safe from threats, vulnerabilities, and the effects of malware.


In the event of a failure that affects the accessibility of your personal data, we have personal data backup and recovery procedures in place that will us help to restore your personal data in a short time. To further guarantee the quick recovery we use high availability mode enabled for most critical databases which allows us to minimize downtime.

 

Employee awareness of data security:


Our employees will handle your personal data in order to provide you with first-class Service. To guarantee the security and confidentiality of your personal data, we monitor all employees’ actions with access to your personal data in our systems and grant access strictly on a "need to know" basis: only employees who need access will receive it. We hold regular training sessions to make sure that each employee understands the principles that SPORTTRIBE follows to achieve robust data security and privacy.
If you choose not to give your personal data.


In the context of our business relationship, we may need to collect data by law, or under the terms of a contract we have with you. Without this data, we are, in principle, not in a position to close or execute a contract with you. If you choose not to give us this data, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform the Services.

 6.    DATA COLLECTIONS

We use different methods to collect data from and about you including through:


Direct Interactions. You will provide us with your Identity, Contact, and Financial Data online through the Website and/or by completing and filling out online forms and/or by corresponding with us by email or otherwise.


We are required to collect the above data in order to that we are able to

(i)                  provide our services efficiently,

(ii)                to comply with our ongoing legal and regulatory obligations, including, inter alia, (a) to prevent fraud and money laundering acts and/or (b) to conduct the assessment of suitability and appropriateness test.


If you fail to provide the data when requested we may not be able to perform the contract we have or trying to enter into with you (for example, to provide you with our Services). In this case, we may have to cancel a Service you have with us but we will notify you if this is the case at the time.


The data we hold about you must be accurate and current. Please keep us informed if your data changes during your relationship with us.


Automated Technologies or Interactions. When using our Services, your device automatically transmits to us its technical characteristics. Locale (a set of parameters that determine regional settings of your interface, namely, residence country, time zone and the interface language) is used for the purpose of providing you with the best possible service within our Website.


Using the information about an IP address, cookies files, information about the browser and operating system used, the date and time of access to the site, and the requested page addresses allows us to provide you with the optimal operation on our web application, mobile and/or desktop versions of our application and monitor your behavior for the purpose of improving the efficiency and usability of our Services.


We use web analytics tools to track the performance of our website and marketing source of users by cookies in order to optimize our marketing costs and provide users with a better experience.
You may at any time request that we refrain from any such transmissions (to the degree this is possible and subject to any of our legal obligations) by sending your request to the DPO using our details in the OUR CONTACT DETAILS below using the registered email address you disclosed and registered with us. We will address your request within 30 business days.

 7.    COOKIES

Please see our Cookies Policy for further details.


8. HOW MIGHT WE SHARE YOUR PERSONAL DATA

We may disclose data that concerns you only if (i) we are legally required to do so; (ii) if required when you expressly order us to process a transaction or any other service and (iii) it is required for the provision of our Services under our contractual relationship and/or (iv) protection of our legitimate interests, in accordance with the provisions of the GDPR and applicable local legislation as amended from time to time.

We may share your personal data in the following circumstances, the following are examples of where and how your information may be transferred, but please note this is not an exhaustive list and that due to ongoing changes in our IT and operational infrastructure this may change at any time:

·         We may share your data between the SPORTTRIBE on a confidential basis to provide you with our Services.

·         We may have to share your personal data with third-party service providers, processing data on our behalf, who help us with our business operations. When your personal data is shared with a third party, we will take the necessary steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law. We ensure that our contracts with those third parties contain the appropriate GDPR model clauses and that all our third parties are also compliant with the GDPR, this affords your data the same protection away from our organization, as it does within it. Your personal data is shared with third-party organizations/entities including but not limited to:


A. Service Providers. We may share your personal data with our trusted third-party service providers, who, on our behalf, operate, maintain, and/or support our IT systems and IT infrastructure, our websites, manage our payment solutions, perform statistical analysis, marketing, and advertising purposes, sending newsletters, provide customer support and perform other important services for us. We will store and process your data following industry best practices and security.


B. Regulator and state authorities. The Company will make such disclosure only if required to be disclosed by the Company by applicable law, regulation, or court order and to the minimum required extent.


C. Other disclosures. In addition to where you have consented to a disclosure of the data or where disclosure is necessary to achieve the purpose(s) for which, it was collected, data may also be disclosed in special situations, where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities, or otherwise where necessary for the establishment, exercise or defense of legal claims. Where reasonably possible, management shall ensure that third parties collecting, storing, or processing personal information on behalf of the Company have:

  • Signed agreements to protect personal information consistent with this Privacy Notice and information security practices or implemented measures as prescribed by GDPR;
  • Signed non-disclosure agreements or confidentiality agreements which include privacy clauses in the contract; and/or
  • Established procedures to meet the terms of their agreement with a third party to protect personal data.

D. International Transfers. We process data within the EEA and countries deemed by the European Union as having adequate safeguards for protecting personal data. These countries are recognized by the EU as having suitable safeguards for the rights and freedoms of individuals and recourse processes by which data subjects can exercise their rights.

Should there be a business need to transfer or process your data to company(ies) and/or third parties might imply a transfer of your data to third countries, countries, or regions which do not offer the same level of protection as the laws of your country (for example GDPR) (so-called Third Countries) we will ensure that they are subject to appropriate security measures and safeguards as deemed appropriate under GDPR and other relevant national and international data protection laws or that we otherwise comply with the requirements and standards under Regulation 2016/679 for transferring Personal Data abroad. This may include entering into the appropriate contractual agreements to regulate any such transfers and safeguard any personal information transferred to them. A transfer to a company and/or a third party based in a Third Country would only take place where one of the following applies:

  • The individual has given consent to the transfer of information
  • The transfer is necessary for the performance of a contract between the individual and the Company, or the implementation of pre-contractual measures taken in response to the individual’s request.
  • The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between SPORTTRIBE and a third party.
  • The transfer is necessary or legally required on important public interest grounds or for the establishment, exercise, or defense of legal claims.
  • The transfer is required by law.
  • The transfer is necessary to protect the vital interests of the individual.
  • The transfer is made under a data transfer agreement.
  • The transfer is otherwise legitimized by applicable law.

 

Remedial action shall be taken in response to the misuse or unauthorized disclosure of personal information by a third party collecting, storing, or processing personal information on behalf of SPORTTRIBE. If you want to obtain further information on any data transfers mentioned above please contact us using the registered email address you disclosed to us through the points of contact listed in the Section OUR CONTACT DETAILS.

9.    YOUR RIGHTS

Under certain circumstances, in accordance with GDPR and the applicable local legislation as amended from time to time you have rights, which we will always work to uphold. Some of the rights are rather complex and include exemptions, thus we strongly advise you to contact us (at the contact details listed in the section OUR CONTACT DETAILS below) and/or seek guidance from the regulatory authorities for a full explanation of these rights. You can find a summary of your rights below in this section:

  • The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.
  • The right to access the personal data we hold about you. Upon request and verification of your identity, we will send you a copy of the personal data we hold about you.
  • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. It is important that your personal data is kept accurate and up to date. If any of the personal data we hold about you changes, please keep us informed if we have that data.
  • The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. We may not always be able to comply with your request of erasure for specific legal reasons, for which you will be notified. Please note that retention requirements supersede any right to erasure requests under the data protection laws.
  • The right to restrict (i.e. prevent) the processing of your personal data. Please note that any requests in relation of the processing of your data means that we may not be able to provide you with the service, in which case you will be notified.
  • The right to object us in using your personal data for a particular purpose or purposes.
  • The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
  • The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
  • Rights relating to automated decision-making and profiling. We do not use your personal data in this way.