Intheteam, is a platform owned and managed by Net Solving Limited, 14 Barclay Road, Croydon, England, CR0 1JN, a company registered in England and Wales with company number 04557857, registered with the UK’s Information Commissioner’s Office (ICO) as Data Controller Registration Number Z7611341.
We take your Data Protection seriously and in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Data Protection Act 2018 (DPA), we have reviewed our policies, processes and security procedures to ensure compliance with these regulations.
This privacy notice is to inform you, our clients, of the types of data we process about you, the reasons for processing your data, the lawful basis for processing and your rights under the data protection regulations.
We act as Data Controller for the personal contact details you provide us when you register your team for an account on our website. This may be the people within your club who administer your club’s website using intheteam.com.
These administrators may also provide details to PayPal in order to pay for our website services.
We act as Data Processors for any data that your club administrators, members, users or any individual related to your club, enter, process and store data on our website. As a club, you are responsible for managing this data in line with the requirements of the data protection regulations.
If you have any questions about your data or how we handle it, please contact us on firstname.lastname@example.org.
Data Protection Principles
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
- a) processing is fair, lawful and transparent
- b) data is collected for specific, explicit, and legitimate purposes
- c) data collected is adequate, relevant and limited to what is necessary for the purposes of processing
- d) data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
- e) data is not kept for longer than is necessary for its given purpose
- f) data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
- g) we comply with the relevant GDPR procedures for any international transfers of personal data
Types of Data Held
Intheteam is a platform where you, our Clients and your club administrators, member or any other individuals linked to your club can store personal data, which may additionally include photographs, medical information or any other information your club chooses to capture on our website.
Record of Processing Activities
We keep a list of our processing activities when we act as a data processor up to date and these can be provided on request by contacting us on email@example.com.
Data we process as a data controller is:
- Personal contact details for the administrator/s of your club account – name, phone number, address. This data is processed in order to administer your contract with us.
- From time to time, we may need to send you information about service availability. This data is processed as our legitimate business interest.
Special Category Personal Data
It is possible that your club may collect and store data referred to as special category personal data under the data protection regulations. Your club will be acting as a Data Controller when this data is collected and processed and Net Solving has no responsibility for the type and quantity of data you process.
- Sensitive personal data includes data such as: medical information, ethnicity and sexual orientation
- Child data includes any information about children under the age of 13 or 16 depending on which type of information is being collected
As a club, you are responsible for ensuring this data is processed lawfully and in compliance with the data protection regulations.
Newsletters / Marketing
We do not send newsletters or capture data for marketing purposes.
Who We Share Your Data With
We have a data processing agreement in place with a website hosting company where our databases are managed and your club data is stored. This hosting company has implemented security tools including: intrusion detection systems; strong network security and audit controls; privileged user access control systems and regular vulnerability assessment and security testing. Their staff also have a duty of confidentiality of your data.
When you pay for our services, our website directs you to Paypal in order to process your payment. In this activity, Paypal operate as the Data Contoller for your bank and contact details. Net Solving is not a party to this activity. Paypal is PCI DSS compliant.
We may share your data (the data we process as a Data Controller) with third parties as part of a Company sale or restructure.
There are other reasons when we may be required to share your club data to comply with a legal obligation upon us.
- If we are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation or request.
- In order to:
- Enforce or apply the Terms and Conditions or to investigate potential breaches; or
- Protect the rights, property or safety of our customers or others.
- This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
If you are involved in a legal dispute, we may share certain Personal Data in response to a court order, legal demand or other lawful process.
- The Police: we may share sensitive personal data if asked to do so by the police in certain limited circumstances
- National Security: we may share, if required, your Personal Data with UK Government officials for national security reasons (as permitted by the GDPR).
We do not rent or sell your Personal Data to anyone.
Notices, Amendments and Updates:
We reserve the right to make any revised policy effective for Personal Data we already have about you as well as any information we receive in the future.
We will post a copy of the updated Policy on our Platform and Website prior to any change becoming effective.
To the extent that you do provide us with personal Information, you may update, correct or delete by yourself your account information by logging into your Account.
Transfers of Personal Data
We do not transfer your data with bodies outside of the European Economic Area. If in the future, we are required to do so, we will ensure appropriate measures in place are in place to ensure that your data is transferred securely and that the bodies who receive the data that we have transferred process it in a way required by EU and UK data protection laws.
Protecting Your Data
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse.
As part of our ongoing compliance with GDPR, we have implemented processes to protect your data and will continue to monitor the effectiveness of these processes.
Information on how we protect your data can be provided on request.
If you have any questions about the security of your personal information, you can contact us at firstname.lastname@example.org
Links to Other Websites
We do not insert links to other websites from our platform. If your club chooses to add links to other sites from your club site, it is your responsibility to inform your users about these links.
Automated Decision Making
Automated decision-making means making decisions about you using no human involvement e.g. using computerised algorithms or programmes.
We do not undertake any automated decisions with your data.
You have the following rights, with some restrictions, in relation to the personal data we hold on you as a data controller:
- the right to be informed about the data we hold on you and what we do with it
- the right of access to the data we hold on you
- the right for any inaccuracies in the data we hold on you to be corrected (rectified)
- the right to have data deleted in certain circumstances (erasure)
- the right to restrict the processing of the data
- the right to transfer the data we hold on you to another party (portability)
- the right to object to the inclusion of any information;
- the right to regulate any automated decision-making and profiling of personal data.
You have the right to access your Personal Data. You also may update, correct or delete by yourself your account information by logging into your Account.
Any of your club members are entitled to access their Personal Data and your club is responsible for managing this request. Where necessary we will support your club in access requests where required.
We will make every attempt to ensure you are satisfied with our handling of your data queries or requests. However, you have the right to complain to the Information Commissioners Office (ICO) if you are not satisfied with our handling of your requests about the protection of your data.
Follow the link below to report a concern to the ICO.
Last updated: December 2019