By accessing and using this Website, you confirm that you have read and fully understood this Policy, that you agree to the collection and the usage of your own and others’ personal data in accordance with the Policy and that you have the authority to provide Science Training with all information submitted by you via the Website and Science Training Platform (“the Platform”), including but not limited to the personal data of third parties.
2. General Principles of the Processing
We collect and process personal data in a transparent manner, to the extent necessary for specified, explicit and legitimate purposes, and do not process it further in a manner incompatible with those purposes. We take care that the data we collect are accurate and, when necessary, updated. We process data in a way that guarantees their security, including their protection against unauthorized or unlawful processing and accidental loss, destruction or degradation, using appropriate technical or organizational measures. We are ready to prove at any moment how we adhere to the above principles. We take the appropriate technical and organizational measures for the security, confidentiality, integrity and availability of the data. We respect your rights under the General Data Protection Regulation (GDPR), to the extent applicable, and other applicable data protection laws and regulations, and we take all reasonable steps to assist our Customers in satisfying requests of the data subjects.
3. Usage of data we collect about you
3.1 When visiting our Website
Science Training is the “Data Controller” of all personal data collected through the Website. This means that Science Training determines the means and the purposes of the processing and is responsible to reply to your requests about the usage of your personal data.
A cookie is a small data file stored at your device’s hard disk for record-keeping purposes, namely it records information about the use and activity on the Website. This information may include, but is not limited to, your Internet Protocol address, browser type, but also user’s web browsing history before visiting the Website, our Website’s search history. Some cookies are “first party cookies”, which means that they are set by us. Cookies set by parties other than us are called “third party cookies”.
Cookies are used for different reasons.
There are the necessary cookies, which are required for technical reasons in order for a website to operate. Some cookies are used to enhance the performance and functionality of a website but are non-essential to their use. However, if you decide not to accept such cookies, certain functionality may become unavailable. Such cookies are called preferences cookies. Some cookies collect information that is used in aggregate form to help a website owner understand how a website is being used. Such cookies are called statistic cookies and they are either first party or third-party cookies. A third party, for example Google stores a Google Analytics cookie in order to be able to differentiate between users and be able to show a website owner how many times people visit a website on average (not individually) and information on what pages they’ve seen, how long the duration was, and so on. Some cookies are used for marketing purposes. These are the “marketing cookies” and are third-party cookies. Third-party cookies are placed by providers (e.g. by Google, Facebook), who a website owner may have engaged to provide advertising services on his/her behalf. If, from the analysis of information collected by third-party cookies, visitors of a webpage are interested in one of the services, then advertising material of our services would be projected on third party websites. To see how data is collected and analyzed by third party cookies, you can visit third parties’ respective websites.
Additionally, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit.
If you wish to receive our Newsletter, for example announcements about new offers and actions of Science Training, you may enter your e-mail address on this Website. Your email address is solely used for the purpose of sending our Newsletter and you are removed from the Newsletter recipient list, once you choose to unsubscribe. You may be removed from this list, easily and without cost, by selecting the “unsubscribe” link within the e-mail content. You can also send an email at ………………
3.1.3 Contact Form
If you wish to communicate with us by using the contact form, you may enter your name, e-mail address, the matter you would like to discuss about with us and write your message in the dedicated space. Such personal data is used solely for the purpose of responding to you, and we keep your data only as long as it is necessary to respond to your request.
3.2 When ordering our Services
We keep the above personal data for the duration of the Subscription Services Agreement and after termination of the agreement for as long as it is required by law for accounting and tax purposes, and in case of a judicial challenge to defend our claims until settlement of the claim or until a final Court opinion has been issued.
3.3 When using our Services
3.3.1 Roles and responsibilities
Science Training is the “Data Processor” for all personal data processed in relation to the provision of the Services under the Subscription Services Agreement. This means that these personal data are collected on the Customer’s/Account Owner’s behalf for his/her own purposes, that Customer/Account Owner is solely responsible for the legality of these purposes and the necessity of the processing to serve these purposes, and that the Customer/Account Owner (e.g. a coach) is the Data Controller of personal data processed, while using the Services. Therefore, the Customer/Account Owner is responsible to satisfy the requests of the data subjects, whose personal data is processed through the Platform, for example the personal data of an athlete. Additionally the Customer/Account Owner is responsible to inform the Users of the Platform, as well as any other person whose personal data is processed by usage of the Platform about the scope, the purpose, the duration and the means of the processing, and to acquire the consent of the data subjects whose personal data is being processed through the Platform. Science Training executes a Data Processing Addendum with the Customer/Account Owner as an integral part of the Subscription Services Agreement, whereby also the security measures implemented by Science Training are described.
3.3.2 Types of personal data processed
While using our Services our Customers and their Authorized Users provide us with following types of personal data:
A) Personal data referring to athletes, e.g. name, age, data of birth, gender, height, weight, health information, data regarding their physical performance and activity, location data, photos, audio, videos, and any other comment a User, e.g. an athlete, may wish to add. Customer/Account Owner is responsible to assign respective, privileged access rights in a strict way, in relation to athletes’ sensitive personal data stored in the Platform. The Platform allows the designation of different access and editing rights to different Users, and Customer is responsible to make use of the design of the Platform to protect personal data privacy.
B) Personal data referring to coaches: name, age, gender, projects and groups they have been assigned with etc.
Customer/Account Owner is solely responsible for the allocation of access rights to Users, as well as for each User’s power to insert or delete personal data. Customer is solely responsible for the User’s abidance by privacy law, data protection law and codes of ethics.
The above personal data are stored in the Platform for the duration of the Subscription Services Agreement. In the meantime, Customer/Account Owner may delete or rectify any personal data or athlete’s profile and assign respective deletion or rectification rights to specific Users. After termination of the Subscription Services Agreement, and in case Customer does not want to renew the subscription, Customer may choose to either have the data stored in the Account deleted or returned to. If Customer chooses to have the content of the Platform data returned to, we can export your data in a …. format. If Customer chooses to have the data deleted, our system deactivates the Account and data is permanently deleted after …. days to accommodate returning Customers during that dormant period, unless, of course you object to such retention. Before permanent deletion of your data you will receive an email reminding you of that. Your data shall be deleted from back-up copies, as well, and Science Training shall inform its Sub-processors of your request to have your data deleted.
Either we collect personal data as Data Controllers or as Data Processors, we take appropriate technical and organizational security measures to protect the integrity, accessibility and confidentiality of personal data. These measures are physical and environmental security measures, as well as IT security measures, including but not limited to the use of updated anti-virus and firewalls, safe protocols, user authentication processes, encryption, data separation, vulnerability and penetration tests etc.
5. Sharing your Data – International Data Transfer
5.1 Sharing of Data with affiliate(s) and associates
We do not share personal data with any third party, unless required to do so by law; in such a case, we shall inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest, e.g. to protect confidentiality of a criminal investigation.
We have made sure, by means of a written contract or assignment that our processors and sub-processors provide at least the same level of data protection as we do, for example they follow reliable technical and organizational security measures.
You may see a full list of our non-affiliate sub-processors, their location and addresses by clicking here.
5.2 Social media
6. Your Rights
We respect your rights as a data subject under the GDPR and under other applicable data protection laws and regulations. Bear in mind that we are entitled to answer to your requests as a data subject, when acting as Data Controllers, if you contact us at this email address: …. When we are acting as Data Processors the Data Controller, our Customer is responsible to address your requests. However, we shall provide any reasonable assistance to the Data Controller for the satisfaction of your rights.
You should know that you, as a data subject, have the following rights under the GDPR.
6.1 Information and Transparency
You have the right to be informed about any processing of your personal data (the purpose, scope, duration and means, as well of data sharing). We adhere to the principle of transparency in processing. For any question regarding this Policy you may contact us at the following email address: ….. We will respond without delay and in any case within one month upon receipt of the request.
You have the right to receive confirmation on whether your personal data are processed and in case this happens, all required information thereof (processing means, goal, records etc.). This enables you to receive a copy of the personal information the data controller holds about you and to check that your data are lawfully processed. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, you may be charged with a reasonable fee, if your request for access is clearly unfounded or excessive. Alternatively, data controller may refuse to comply with the request in such circumstances.
You have the right to require the rectification of incomplete or inaccurate data relating to you without undue delay, as well as to fill in incomplete data, if necessary, for processing.
You have the right to ask for the erasure of personal data concerning you without undue delay. We, if we are the data controllers, shall not proceed to the erasure of the personal data, if the data must be maintained for compliance with a legal obligation or in cases where the processing is required for the establishment, exercise or defense of legal claims.
6.5 Restriction of processing
You have the right to request restriction of processing, if the accuracy of personal data is disputed, for that period of time that allows data controller to verify the accuracy of personal data or based on any other legitimate reason specified in applicable data protection laws. For example, you may ask data controller to suspend the processing of your personal data, if you want data controller to establish its accuracy or the reason for processing it.
6.6 Data Portability
You have the right to receive your personal data in a structured, commonly used and machine-readable format as well as the right to request the direct transmission of personal data to another (controller or processor), if this is technically feasible.
6.7 Right to Object
You may oppose the processing of personal data, which takes place based on a legitimate interest of data controller without your consent. In this case, data controller may no longer process your personal data, unless it demonstrates imperative and legitimate reasons for the processing that override the interests, rights and freedoms of you as a data subject or for the establishment, exercise or defense of legal claims.
6.8 No automated individual decision-making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You have the right to object to such automated individual decision-making.
6.9 Consent Withdrawal
In case you have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once data controller has received notification that you have withdrawn your consent, data controller may no longer process your information for the purpose or purposes you originally agreed to, unless there is another legitimate basis for doing so in law, and data controller notifies you of that.
Our services are not directed to children. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will immediately delete such information. If you become aware that a child has provided us with his/her personal data, please contact us at the contact information below.
6.11 Complaint to a Supervisory Authority
You have the right to lodge a complaint with a Supervisory Authority, i.e. a Data Protection Authority in a European Union Member State, if you consider that the processing of your personal data infringes the GDPR and applicable European or member state data protection laws.
If you have any further questions about this Policy or how we handle your personal data, which are eventually not dealt with here, please get in touch with us by contacting us to this email address: ….. .