In order to ensure the fullest possible compliance with the requirements for the protection of personal data established in the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, p.1) [hereinafter: GDPR], and to enable you to use our services comfortably and safely, we have prepared this information document in which we would like to present you with our privacy policy, and in particular the policy of acquiring, processing, storing, protecting, transferring, securing and deleting personal data obtained from you during the provision of our services.
The data controller and data processor is Playmaker Pro spółka z ograniczoną odpowiedzialnością (limited liability company) with its registered office in Wrocław at ul. Śliczna 43/2, 50-566 Wrocław, registered in the Register of Entrepreneurs of the National Court Register maintained by the District Court for Wrocław-Fabryczna in Wrocław, VI Commercial Division of the National Court Register, under KRS number: 0000813330, NIP: 8992871468, REGON: 384848876 [hereinafter: the Company].
The Company has appointed a Data Protection Officer who can be contacted on matters related to the protection of personal data at the e-mail address: Dennis Gordzielik, phone number: 504 271 466, and by correspondence: ul. Śliczna 43/2, 50-566 Wrocław.
The Company operates a website at: www.playmaker.pro. The Company also has accounts on social media portals such as facebook.com, instagram.com, linkedin.com and twitter.com. However, the Company's activities on the above-mentioned social media portals are ancillary to the activities conducted on the Company's website.
The Company is engaged in providing services consisting in particular of scouting and support in finding trials for football players.
The Company processes personal data based on the provisions of the GDPR and the personal data protection policy prepared on their basis, containing a description of the data protection principles applicable in the Company, as well as detailed attachments (standard procedures or instructions for individual areas of personal data protection).
Personal data is processed in the territory of the Republic of Poland, European Union countries, in particular data processing includes the Company's office premises located at ul. Śliczna 43/2 (50-566 Wrocław). Additionally, the area where personal data is processed includes all laptops and other data carriers located outside the area indicated above.
The Company's Management Board is responsible for implementing, maintaining, supervising and monitoring compliance with the personal data protection policy.
The Company, organizational units responsible for information security and personal data, organizational units processing personal data, and all Company personnel members are responsible for applying the personal data protection policy.
Based on Article 6(1)(b) of the GDPR, the purpose of processing your personal data is to provide services by the Company, as referred to in point II.3 of this Privacy Policy.
The condition for the provision of services by the Company is the voluntary completion and submission to the Company of a completed "Your football/coaching CV" form, in which the User is required to provide personal data such as name, surname, height, weight, date of birth, e-mail address, possibly a phone number or a link redirecting to the User's profile on the social networking site www.facebook.com, which contains other personal data of the User. The Company reserves the right to obtain additional personal data from the User that the Company will need to properly provide services to the User. The Company will immediately inform the User about obtaining additional personal data.
The Company also obtains personal data through the contact form completed by the User, located in the "More - Contact" tab. Personal data obtained in this way includes primarily the User's name, e-mail address, as well as other personal data that will be provided to the Company by the User. The contact form completed by the User is automatically sent to the Company's electronic mailbox.
The processing of personal data referred to in the preceding paragraphs takes place on the basis of consent to the processing of personal data expressed by the User each time, to which the Company is authorized in accordance with Article 6(1)(a) of the GDPR. The User's consent is given by checking the "I consent" box located under the information clause regarding the Company's processing of the User's personal data. By consenting to the processing of personal data by the Company, the User simultaneously agrees to be covered by the provisions contained in this Privacy Policy. The User has the right to withdraw consent to the processing of personal data at any time and request their deletion by the Company.
The Company also automatically obtains such User data as: a) information in server logs - concerning the page request sent by the User, date and time of such request and sending a response, device data (e.g. hardware model), browser type, browser language, operating system type; b) IP address of the User's device - based on which it is possible to determine the location from which the User connects to the network; c) text files (so-called cookies) - sent to the User's device when visiting the website.
The Company also obtains personal data directly or transmitted to the Company via means of distance communication (e.g. via e-mail, messenger on the website or mobile phone), and for purposes that are not directly related to the Company's business activities. In such cases, depending on the method of obtaining personal data, the Company notifies the other party of the information obligation incumbent upon them and immediately obtains consent from such person for the processing of their personal data transmitted to the Company, and also obtains other declarations necessary for lawful processing of personal data.
The Company is not liable for damage caused to the User or another person as a result of providing false personal data to the Company. The same applies to the situation of providing the Company with personal data by a person to whom the personal data does not relate.
Personal data obtained by the Company is stored in a manner that prevents access by unauthorized persons.
Personal data obtained in electronic form is stored on computers or other electronic devices belonging to persons acting on behalf of the Company, its employees or other persons authorized by the Company. Persons storing personal data obtained by the Company on its behalf provide security measures preventing access to stored data by third parties, such as encryption of data carriers, computer encryption, biometric data scanning, using programs ensuring the highest quality of personal data security.
Documents containing personal data in a form other than electronic form are stored at the Company's registered office located at ul. Śliczna 43/2, 50-566 Wrocław, as well as other office premises where the Company conducts its business. Personal data in a form other than electronic is stored in places adapted for this purpose, which prevent access by third parties, using security measures such as primarily rooms constituting archives for storing documentation containing personal data locked with a key, cabinets locked with a key or using a numerical password, etc.
The User's personal data obtained by the Company will be stored for the period necessary for the proper provision of services, but not longer than 10 years. After this period, the User's personal data obtained by the Company will be permanently deleted in a manner preventing access by unauthorized persons. The condition for the Company to continue providing services is to re-provide the User's current data.
Users' personal data will also be deleted by the Company in the following cases: a) after termination of the contract for the provision of services on the website, and after its termination, within the time limits and to the extent resulting from the provisions of the Act of 18 July 2002 on the provision of electronic services (Journal of Laws of 2019, item 123, as amended); b) the User's objection to the processing of personal data, as referred to in Article 21 of the GDPR; c) withdrawal by the User of consent to the processing of personal data by the Company, which is also associated with automatic termination of the service agreement.
The Company immediately informs the User of any incident of breach of their personal data by unauthorized persons.
In the event of determining unauthorized access to the User's personal data, the Company immediately takes necessary actions to secure the User's personal data against further violation, in particular in justified situations, it will inform the appropriate state authorities about the personal data breach incident appropriate to the nature of the breach.
The Company hereby declares that personal data obtained concerning Users may be transferred to appropriate state authorities for the purposes of proceedings conducted by them. The transfer of personal data takes place at the request of the authority conducting proceedings based on the applicable legal basis regulated in separate provisions constituting the basis for the operation of such authority.
Personal data of Users using the services provided by the Company obtained by the Company may also be transferred to entities processing personal data on behalf of the Company, in particular IT service providers, consultancy and audit service providers, providing legal, marketing or accounting and HR services to the Company, to which the User consents. Entities process data based on an agreement with the Company and only in accordance with its instructions.
The transfer of Users' personal data to entities other than those mentioned in the preceding paragraphs may take place only in justified cases based on a specific legal basis and after prior notification to the User whose data is concerned.
The form and method of transferring personal data is adapted by the Company to the nature of the personal data obtained, while ensuring security against unauthorized access by third parties.
The User has the right to access their personal data at any time, which the Company processes for purposes arising from the services it provides.
The User may request the Company to provide information on whether the Company processes their personal data and details of processing in accordance with Article 15 of the GDPR. The Company provides access to the User's personal data by issuing a copy of their data. The template application for providing information on the processing of personal data constitutes Annex No. 1 to this Privacy Policy.
Based on Article 16 of the GDPR, the User has the right at any time to request rectification of their personal data, in particular if their personal data is incorrect. The Company may refuse to rectify personal data unless the User reasonably demonstrates the inaccuracy of the data for which rectification is requested. The template application for rectification of personal data constitutes Annex No. 2 to this Privacy Policy.
At the User's request, the Company immediately deletes personal data obtained from them if: a) the data is not necessary for the purposes for which it was collected, nor processed for other lawful purposes; b) consent to data processing has been withdrawn by the User; c) the User has objected to data processing; d) the data was processed unlawfully; e) the necessity to delete data results from a legal obligation.
The template application for deletion of personal data constitutes Annex No. 3 to this Privacy Policy.
At the User's request, the Company restricts the processing of personal data when: a) the person questions the accuracy of the data - for a period allowing verification of their accuracy; b) the processing is unlawful and the Person objects to the deletion of personal data, requesting instead restriction of their use; c) the Company no longer needs the personal data, but they are needed by the Person to establish, pursue or defend claims; d) the person has objected to processing for reasons related to their particular situation - until it is determined whether legally justified grounds on the part of the Company override the grounds for objection.
The template application for restriction of personal data constitutes Annex No. 4 to this Privacy Policy.
During the restriction of processing, the Company stores the data but does not process it (does not use or transfer it) without the consent of the User whose data is concerned, unless it is necessary to establish, pursue or defend claims or to protect the rights of another natural or legal person, or for important reasons of public interest.
The User has the right to lodge a complaint with the President of the Personal Data Protection Office as the supervisory authority if, in the User's opinion, the processing of personal data by the Company violates the provisions of the GDPR.
The Company immediately notifies the User and each recipient to whom the User's personal data has been transferred in accordance with the provisions of this Privacy Policy about the rectification, deletion or restriction of processing of personal data, unless such notification proves impossible or requires disproportionate effort from the Company.
The Company reserves the right to change the provisions of this Privacy Policy if it is necessary to adapt the Company's policy on personal data protection to applicable law or the need for change results from the Company's justified needs.
The Company undertakes to inform Users about changes to the Privacy Policy provisions if the change directly concerns personal data provided to the Company.
Any questions related to the processing of personal data can be directed to the Company's e-mail address: ………………………. or directly to the Data Protection Officer appointed by the Company, as referred to in point II.2 of this Privacy Policy.
…………………………………
(Company stamp)