NOTICE TO INDIVIDUALS UNDER ARTICLE 13 OF THE GENERAL DATA PROTECTION REGULATION (GDPR) REGARDING THE PROCESSING OF PERSONAL DATA
We work with your personal data in accordance with binding regulations, fairly, safely and transparently. We are aware of our responsibility of handling the personal data you have entrusted to us. Therefore, with this notice we are providing the key information regarding personal data processing, our obligations and your rights in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 of 27. 4. 2016, hereinafter also: GDPR or Regulation).
- About the Controller
The controller of personal data when using the BBS mobile application is the company Ball Back System d.o.o., Rabelčja vas 43, Ptuj, Slovenia. For all questions, we are available by or e-mail firstname.lastname@example.org.
- Types of personal data and purpose of their processing
|Types of personal data||Purpose of processing|
|1. Identification data:
1.3. E-mail address
1.4. Date of birth
1.5. Profile picture
1.7. Primary tennis hand
|We process this data for the purpose of:
● allowing you to create a user profile,
● setting up a training program for you,
● contacting you with notices regarding your user account
● letting you know about any new or existing functionalities of the BBS mobile application,
● suggestions of tennis trainings based on personal data
|2. Use of application data:
2.1. Unique ID
|We process this data for the purpose of:
● Tracking analytics of the BBS mobile application and the BBS website
The list of personal data under each data type is not exhaustive and may change over the course of your user/contract relationship.
- Data protection officer
The controller has no appointed data protection officer, since its core activities do not consist of processing operations, which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale.
- Basis for the processing of personal data
We process your personal data on the basis, as defined by the GDPR:
Consent is a clear affirmative act, which means that the data subject has voluntarily, specifically, knowingly and unambiguously given his or her consent to the processing of personal data concerning him or her, such as in writing, including by electronic means, or by spoken statement.
Based on your consent, we primarily process your contact information for the purpose of advertising and other marketing campaigns.
Performance of a contract
The performance of the contract, as the purpose of data processing, means the processing of data in cases where such data processing is necessary for the exercise of rights and obligations arising from your user relationship / contract.
Fulfillment of legal obligations applicable to the operator
Processing of your data based on legal obligations is carried out when the controller performs obligations as imposed on him by the applicable legislation.
Processing of your data based on our legitimate interests is only carried out where such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. In cases where we process your data on this basis, we shall inform you about our legitimate interests in detail and about your right to refuse data processing, based on our legitimate interests.
- Users and categories of users of personal data
The controller of personal data using the BBS mobile application is the company Ball Back System d.o.o., Rabelčja vas 43, Ptuj, Slovenia.
Contractual processors are our contractual partners who assist us in the implementation and provision of our services and can process data on behalf of the controller. When processing is carried out on our behalf, we only work with processors who provide sufficient guarantees to carry out appropriate technical and organizational measures in such a way that the processing meets the requirements of the GDPR and ensures the protection of the data subject’s rights.
List of contractual processors:
- Google Cloud Platform
- Facebook for Developers
- Hetzner Database hosting
- Google Ads
In certain cases and based on applicable laws, the controller may be obliged to provide your personal data to the supervisory authorities:
- Market Inspectorate of the Republic of Slovenia,
- Information Commissioner of the Republic of Slovenia,
Other state bodies
Upon request and on the appropriate legal basis, the controller may also forward your data to other state authorities, such as courts and similar.
- How long we keep the data
We will process your data for as long as is necessary to exercise our obligations and your rights arising from your user relationship / contract, and if obtained with your consent, until revoked.
- Your rights
You have the following rights under these rules and the GDPR:
Request access to your personal information
You have the right to obtain from the controller confirmation as to whether or not personal data concerning yourself is being processed, and, where that is the case, access to the personal data and other information under article 15 GDPR;
Request for rectification of personal data we hold about you
It allows you to correct any incomplete or inaccurate information we hold about you, although we may need to verify the accuracy of the new information you provide to us;
Request for erasure of your personal data
It allows you to require us to delete or remove personal information if there is no reason to continue processing it. You also have the right to ask us to delete or remove your personal data when you have successfully exercised your right to object (see below), when we may have processed your data illegally or if we are required by local law to delete your personal data;
Objection to processing your personal data
You can enforce in cases where we rely on a legitimate interest (or the interest of a third party) and you are in a situation where you oppose processing on that basis, as you believe it affects your fundamental rights and freedoms. You also have the right to object to the processing of your data for marketing purposes. In some cases, we may demonstrate that we have reasonable and legitimate reasons for processing your data that outweigh your rights. If you object to the processing of certain data, we may not be able to provide our services and we may most likely need to terminate your account;
Request to limit the processing of your personal data
You may request us to suspend the processing of your personal data in the following cases: (a) if you wish us to establish the accuracy of the data; (b) if the use of the data is illegal but you do not wish to delete it; (c) where you want us to process the data, even if we no longer need it, for the purpose of establishing, enforcing or defending legal claims; or (d) you have objected to our use of the data, but we need to verify that we have priority legitimate reasons for using it. Please note that any request regarding the restriction on the processing of your data means that we may not be able to perform the contract we have or are attempting to enter into with you. In this case, we may need to cancel your use of our services, but we will notify you in advance;
Request to transfer your personal information to you or a third party
We will provide you with your personal data in a structured, frequently used, machine-readable form, which you can then transfer to an appropriate third party. Please note that this right only applies to automatic information that you initially provided with your consent to the processing of data or where we have processed data for the purpose of performing a contract with you;
Revocation of consent to data processing at any time
Withdrawal of consent shall not affect the lawfulness of the processing carried out beforehand. If you withdraw your consent, we may not be able to provide some of our services to you. In this case, we will advise you when you withdraw your consent;
Right of appeal
You also have the right to file a complaint with the supervisory authority where we are located or where an alleged breach of your privacy has occurred. You can complain to the Information Commissioner of the Republic of Slovenia (https://www.ip-rs.si), Dunajska cesta 22, 1000 Ljubljana, e-mail: email@example.com, telephone: 012309730.
The right to be informed about personal data breaches
If there is a likelihood that a personal data breach will pose a significant risk to the rights and freedoms of individuals, they have the right to be notified without undue delay of such personal data breach, unless the applicable rules provide for an exception.
You will not have to pay a fee to access your personal information (or to exercise any other right). However, we may charge a reasonable fee if your request is apparently unreasonable, repetitive, or excessive. In these circumstances, we may also refuse to comply with your request.
We may need to request specific information from you to help us verify your identity and secure your right to access your personal information (or to exercise any other right). This is a security measure to prevent unauthorized persons from accessing your personal data. To expedite our response, we can contact you and ask for additional information.
We try to respond to all legal requests within one month. Occasionally, it may take more than a month, especially if your request is extensive or if you have made multiple requests. In this case, we will notify you.
- Transfers of personal data to a third country or international organization
We do not transfer your personal data to third countries or international organizations. All personal data is processed within the European Union, where the same minimum standards of protection and security of personal data apply.
- Provision of personal data and consequences
If we are required by law or under a contract we have with you to collect personal information and you do not provide it to us upon request, we may not be able to enforce the contract we hold or attempt to enter into with you. In this case, we may need to cancel your use of our services, but we will notify you in advance.
- Profiling, automated decision making
When processing your personal data, the controller may also design profiles and use automated decision-making that has legal effects on you. An example of this type of profiling and automated decision-making can be the creation of profiles for the purpose of direct marketing, but only with your explicit consent.
The operator does not offer his services to minors. If we find that we have inadvertently obtained and processed data from minors, we will delete this data immediately, unless we find that their processing is necessary for proceedings before supervisory or other state authorities, or to protect our interests. If you are a parent or legal representative of a minor whose personal data we process, you can address requests regarding your rights in connection with the processing of such personal data to firstname.lastname@example.org.
Ball back systems d.o.o., 18.04.2021