Date of Issue: 1 March 2021
Our daily business as a sports federation necessarily involves the processing of personal data. However, rest assured that the protection of your personal data is important to us. This is why we endeavour to adhere as much as possible to the principle of data economy before starting any data processing, i.e. to process as little personal data as possible.This privacy policy informs you about our use of personal data and about your related rights.As we process personal data in different contexts, this privacy policy contains a general part applying to all of our processing of personal data (section A. below) before setting out specifics with respect to personal data processed in the context of our website (section B. below), athletes(section C. below), applicants for jobs (section D. below) and employees (section E. below).
A. GENERAL PART
1. Introduction
This privacy policy serves to fulfil the requirements of the General European Data ProtectionRegulation (GDPR) and applicable national law. The GDPR is applicable whenever data is processed related to citizens from a member state of the EU or by a controller inside the EU.
2. Definitions
2.1. "Personal data“ and “data subject”
The term “personal data” means all data that relate to an identified or identifiable natural person. Such person is referred to as the “data subject”. A person can be identified as far as he or she can be identified directly or indirectly (e.g. by assignment to his name, an online identifier, tophysiological characteristics etc.).
2.2. „Processing“
The term “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.3. „Controller“
The term „controller“ refers to the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by EU or EU Member State law, the controller or the specific criteria for its nomination may be provided forby EU or EU Member State law. Pursuant there to, we, the International Wheelchair Basketball Federation (IWBF) c/o Fédération Internationale de Basketball 5 Route Suisse1295 Mies Switzerland are the responsible controller regarding the processing of your personal data. Our data protection officer is Mr. Robin Römer. You can contact him at the following email address: data.protection@iwbf.org
2.4. „Processor“
The term “processor” refers to a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller. If we use processors who process data following our instructions and for the purposes we have specified, we will inform you accordingly.
2.5. „Recipient“
The term “recipient” means a natural or legal person, public authority, agency or another body, to which personal data are disclosed, whether it is a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with European EU or Member State law shall not be regarded as recipients; the processing of such data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
2.6. „Third party“
The term “third party” means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
2.7. „Consent“
A “consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2.8. „Data concerning health“
The term “data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
3. Data Subject Rights – Your Rights
Although this privacy policy contains sub-sections for specific contexts of data processing (see section B. through E. below), you have the same rights in all contexts in which we process your personal data. These rights are explained below in more detail. You also have the possibility to contact us at any time if you have any questions about the scope of your rights. You can find our contact details above in section 2.3. Moreover, you can contact our data protection officerat any time. When we process your personal data, you have the following rights:
3.1. Right to Information and Access (Article 12, 15 GDPR)
You have the right to ask at any time whether and which of your personal data is processed byus. Furthermore, you have the right to request access to the personal data that we hold of you.
3.2. Right to Rectification and Erasure (Article 16, 17 GDPR)
You have the right to request a correction of your personal data at any time, for example if it is incorrect or incomplete. You also have the right to request that we erase your personal data, for example if it is no longer required for the original purpose of processing, if it has been incorrectly processed, or if you have revoked your consent to data processing or objected data processing. If statutory obligations conflict with your right to erasure, we will block your personal data and only keep it for the purpose of statutory storage.
3.3. Right to Restriction of Processing (Article 18 GDPR)
You have the right to request that the processing of your personal data shall be restricted, for example if data has been incorrectly processed. We will inform you of any correction, deletion or restriction of the processing of your personal data.
3.4. Right to Data Portability (Article 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, machine readable format, and the right that we transmit your personal data to another controller.
3.5. Right to Withdraw Consent
You have the right to withdraw at any time any consent that you may have granted to the processing of your personal data.
3.6. Right to Object (Article 21 GDPR)
As far as your particular situation so justifies, you have the right to object to the processing of your personal data at any time, insofar as this processing is based on Article 6 para. 1 lit. e and f GDPR. In case of your objection, we will no longer process your personal data, unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend our legal claims.
3.7. Right to Complain
You have the right to lodge a complaint with the supervisory authority responsible for you. This can be the supervisory authority located in the EU Member State in which you are staying, in which you live or in which the provisions of the GDPR may have been violated.
4. Changes to this Privacy Policy
This privacy policy is subject to change in order to adapt new legal requirements or react to changed circumstances. We will notify you immediately about any changes to our privacy policy. Such notification may be effected electronically, e.g. by posting it on our website.5. Data Transfer to Third CountriesThe data processing described in this privacy policy can lead to data transfers to third countries outside the scope of application of the GDPR. For those cases, we would like to inform you that the EU Commission has prepared standard contractual clauses or declared adequacy decisions, which can both ensure that the processing of your personal data in third countries will be dealt with the same level of protection as in the EU. In the absence of standard contract clauses or adequacy decisions, the processing of your personal data will be based on your freec onsent and can lead to a data protection level lower than applicable in the EU (Article 49GDPR).
We will inform you about any particular data transfer to third countries and ask for your consent.B. DATA PROCESSED IN THE CONTEXT OF OUR WEBSITEThe following is a full description of our information gathering and dissemination practices forwww.iwbf.org (“the website”) and the IWBF newsletter. It sets out how we collect and process any personal data that you provide to us by visiting our website or registering for our newsletter.
1. Categories of Data Processed and Why We Process It
When you visit our website, your web browser automatically transmits data to us. These datainclude the following:(i) Type and version of your browser(ii) Operating system used(iii) Referrer URL(iv) Host name of the accessing computer(v) Time of the server request(vi) IP-Address(vii) Date of the server request(viii) Name of the file requested(ix) Website from which a file was requested at a certain time(x) Status of the access (e.g. data has been transferred, data does not exist)We use your personal data to ensure the security and functionality of our website and to analyseyour user behaviour, both of which are in our legitimate interest according to Article 6 para 1lit. f GDPR and enable us to optimize the use of our website.
2. Contact Forms
You have the option of communicating with us by using the contact form on our website. In order to be able to use it, we need your e-mail address to respond to your request. We also need your name to be able to address you. The two blank spaces in which you must enter your name and email address are marked as mandatory fields. The other blank spaces do not have such an identification. The legal basis for this data processing is your voluntarily given consent in accordance with Article 6 para 1 lit. a GDPR, subsidiarily our legitimate interest according toArticle 6 para 1 lit. f GDPR in being able to respond to your communication. Your information will be stored for no longer than a month for customer service purposes. The information submitted through the contact form is not used for marketing purposes.
3. Newsletter
You have the opportunity to register for our newsletter via our website. We only need your email address to be able to send our newsletter to you. Only after successful completion of a double opt-in process you will receive our newsletter. A double-opt-in process requires in a first step your consent for receiving the newsletter and in a second step the verification of a link sent to you via e-mail to confirm that you registered for the newsletter yourself. At any time, you have the right to view your declaration of consent or to unsubscribe from the newsletter.Corresponding links are implemented in every newsletter. If you unsubscribe from our newsletter, we will immediately delete your contact details from our newsletter distribution list.The legal basis for this processing of your personal data is your voluntarily given consent according to Article 6 para 1 lit. a GDPR.
Your personal data is primarily used to send you the newsletter and to be able to prove your given consent to receiving the newsletter. In addition, we also evaluate user behaviour when sending out newsletters. In this respect, we process and save the time of the retrieval of the newsletter, the opening of links, your IP address, your browser type and your operating system. For this purpose, we use so-called web beacons, i.e. short code characters. The data is only collected in pseudonymized form, i.e. we can not establish a personal relation or reference to you. We use the data to create statistics to improve our offers and services. The legal basis for this kind of newsletter tracking is also your voluntarily given consent according to Article 6 para 1 lit. a GDPR. You can avoid this kind of tracking if you have deactivated the display of images by default in your e-mail program.
In this case, however, the newsletter will not be displayed fully and you may not be able to use all of its features.The service provider for sending our newsletter is Mail chimp (you can consult their privacy policy here: https://mailchimp.com/legal/privacy/).
This may result in the transmission of data to a so-called third country outside the EU. For this refer to the separate section “Data transfer to third countries” (see section A.5 above).
4. Cookies & Web Analytics Services
When using our website, your interaction is tracked using cookies and web analytical services to improve our website and adapt it to new developments. Cookies are small files that are stored on your hard drive. The storage of cookies enables easier navigation and a higher degree of user-friendliness of our website.When you visit our website for the first time, we will inform you immediately of all cookies we use and the purpose of using them. At the same time, we will also ask you for your consent to the use of cookies. You will have the possibility to choose between different cookie settings, e.g. between cookies necessary to use the website or cookies used for marketing purposes.
You also have the option to use our website without cookies, but this may limit its functionality. Most web browser are set to accept cookies. You can change this for the current or any future sessions in the settings of your web browser. The legal basis for processing your personal data via cookies is your voluntarily given consent according to Article 6 para 1 lit. a GDPR. a) Google AnalyticsFor the purpose of statistical analysis and optimisation of our website, we use Google Analytics, a web analysis service from Google Inc. (“Google”). The provider of this service is GoogleInc., 1600 Amphitheatre Parkway Mountain View, CA 94043 USA.
Google will use the information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage.According to Google, requests regarding data protection should be addressed to Google
Ireland Limited, Barrow Street, Gordon House, Dublin 4, Ireland.
Google Analytics uses its own cookies to analyse your use of the website. The information following from this analysis is usually transferred to Google servers in the USA and stored there. In order to prevent the personalization of this data, your IP address is anonymized by shortening it. Therefore, we cannot determine to which user an IP address can be assigned. Only in exceptional cases, the full IP address is transmitted to a Google Server in the USA and will be anonymized there.Google is not allowed to merge the IP address transmitted by your browser as part of GoogleAnalytics with any personal data. That said, you can also prevent Google from storing cookies by changing your cookie settings in your web browser as described in the “Cookies” section of this data protection declaration. We would like to remind you that in this case, you might not be able to use all functions of our website.
This applies also if you withdraw your consent towards Google to set cookies, which you can do by installing a plug-in available for your browser. You can find the plug-in under “Downloads” if you follow this link:
http://tools.google.com/dlpage/gaoptout?hl=de
You can also prevent the placing of cookies by Google by using the following link. If you use this link, a so-called “Opt-Out-Cookie” will be placed on your hard drive and prevents the future placement of cookies by Google.
https://tools.google.com/dlpage/gaoptout?hl=de
The usage of Google Analytics might lead to a data transmission to the USA. For this kind of data transfer to so-called third countries, we refer to the section “Data transfer to third countries” (see section A.5 above)