Bringing you up to date with GDPR Compliance, necessary for businesses wishing to operate in the European Union.
TYFO SPORTS has made every effort to provide a detailed overview of GDPR compliance and how it supports TYFO SPORTS business to operate within the confines of this regulation, especially when it comes to customer data and its verification through TYFO SPORTS. The following compliance guide only reflects the practices, procedures and upgrades introduced in the internal working of TYFO SPORTS to make its services GDPR complaint. Individuals who still have concerns over TYFO SPORTS's GDPR compliance are advised to engage the services of a legal counsel to have a better understanding of GDPR compliance and the liabilities that come along with it.
GDPR came into effect on 25th May 2018, and TYFO SPORTS has wasted no time to make its services fully compliant with the EU’s User Data and Protection guidelines. TYFO SPORTS have adopted an approach of data process control to better protect the interests of not only TYFO SPORTS's clients but their customers as well.
Here is a summary of GDPR sections that are applicable for the customers and users of TYFO SPORTS services.
GDPR needs the websites and online businesses to intimate users that they are using cookies. The language of this intimation is also desired by GDPR to be easily understandable for an average user. Consent is required from the user before they are tracked because of these cookies. We have updated our cookies policy in this regard as well.
GDPR only allows collection of user data for a legal reason. TYFO SPORTS only collects data for verification purposes as per the legal agreement signed by TYFO SPORTS and its customers. This data will be limited to verification of the credentials, identity or any other related verification that was required by our customers to be provided as per the legal agreement.
GDPR requires businesses and websites to forget and delete the user data when requested by the user TYFO SPORTS has taken steps to provide full control to the end-users about their data that they have submitted for identity verification.
Here is our Plan for GDPR Compliance
The GDPR legislation was formed to harmonise data privacy laws across Europe. Empowering all EU citizen’s data privacy in the process, and to reshape how organizations approach data privacy in a secure and transparent manner.
At TYFO SPORTS, major efforts have been made to assist our users, businesses and our clients, by helping them to understand what GDPR means for their businesses and to assist them in establishing a compliant process of their own. Considering that aspect, we have made improvements to our TYFO SPORTS platform to ensure that we stand at par with the GDPR measures.
TYFO SPORTS has prepared a Plan for you to understand, how GDPR operates behind the scenes, when a customer interacts using our service.
Here is the Process:
Let us say that Patrick is an owner of a local service business and lives in Letterkenny, Ireland. for GDPR purposes Patrick is referred to as the Data Subject.
TYFO SPORTS acts as the service provider acting and the owner of Patrick's data, and for GDPR purposes is known the Controller.
TYFO SPORTS's partner company XYZ Ltd is hosting Patrick's data and for the purposes of GDPR is known as the Processor.
Here is how Patrick might interact with TYFO SPORTS:
Patrick provides his contact information potentially including sensitive data to TYFO SPORTS via an online form on TYFO SPORTS.com
Patrick is requested to confirm if he agrees to his contact data being used for the sole purpose for access and usage of TYFO SPORTS services
If Patrick does not agree then his data will not be submitted for storage and hosting. Assuming Patrick agrees then the data from the online form will be stored with the Processor.
For verification purposes TYFO SPORTS, the Controller, will utilise third party organisations such as email auto-responders and single sign on authentication companies.
Based on whether verification was successful or not, Patrick will either receive a relevant promotion, a service delivery or a service support.
All the above stated steps gather user data from the Data Subject on behalf of the Controller that is passed on to the Processor.
User Data Uploads
User Data means any data, content, code, video, images or other materials of any type that Data Subject uploads, submits or otherwise transmits to or through TYFO SPORTS's services. The Data Subject will retain all rights, title and interest in and to User Data in the form provided to TYFO SPORTS. TYFO SPORTS stores data on industry secured servers, and are monitored. The Data Subject having granted the processing rights of the User Data, XYZ Ltd, the Processor, is automatically granted a non-exclusive, worldwide, royalty-free right to;
(a) collect, use, copy, store, and transmit User Data, in each case solely to the extent necessary to provide the applicable Services to the Data Subject
(b) The Data Subject hereby grants to XYZ Ltd, the Processor all necessary rights to use, reproduce, modify, create derivative works from, distribute, perform, transmit and display the Data Subject Information solely to the extent necessary to provide the Services which will include the right for TYFO SPORTS to grant equivalent rights to its service providers that perform services that form part of or are otherwise used to perform the Services.
Access to Data
The Services may include access to certain areas of the TYFO SPORTS back-office environment. Where security concerns are not an issue, the Data Subject may be able to access and download (either manually or via API) their personal data. This facility maybe subject to security audits by XYZ Ltd, the Processor, and may be revoked at any point in time in accordance with the audit parameters.
You may instruct us to provide you with any personal information we hold about you; and provision of such information will be subject to:
The payment of a fee (currently fixed at Euro 10) and
The supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).
We may withhold personal information that you request to the extent permitted by law.
You may instruct us at any time not to process your personal information for marketing purposes.
In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
We will use your personal data for the purposes of automated decision-making in relation to a payment verification process, and the marketing on any unique service promotions. This may include the storing of your residence address, name, date of birth, credit/debit card number, passport details and driving license details.
This automated decision-making will involve checking the information provided by you and matching that with any identity document information previously submitted by you to TYFO SPORTS.
The significance and possible consequences of this automated decision-making are to verify your identity and authenticity of your documents, based on which your chosen process will proceed further.
Users Individual Rights Request
The GDPR enhances the rights of individuals in several ways.
Access and Privileges
The Data Subject can request access to the personal data that has been shared with TYFO SPORTS about him or herself. Personal data is anything identifiable, like the full name and email address. If access is requested, XYZ Ltd (as the Processor) needs to provide a copy of the data, in most cases in a machine-readable format (e.g. CSV or XLS).
The Data Subject can also request to see and verify the lawfulness of processing.
The Data Subject can seek access to their data by asking TYFO SPORTS of what they require at email@example.com. We at TYFO SPORTS believe we have a legal and moral obligation to facilitate any manner of an individual rights request.
TYFO SPORTS enables you to grant any access request by easily exporting user records into a machine-readable format.
In the manner same as accessing information, the Data Subject can request TYFO SPORTS to modify any personal data, if it is inaccurate, incomplete or requires any sort of modification or amendment.
The GDPR requires that XYZ Ltd the Processor, be able to accommodate modification requests, as and when required.
Under GDPR, the Data Subject has the right to request that TYFO SPORTS delete all personal data it has collected from the Data Subject. This can be done by sending the request to firstname.lastname@example.org.
On receipt of this request the Processor is required to permanently remove a Data Subject from their database, including verification results, all personal information, saved images/video, form submission data and credit card data. The Data Protection Officer, at XYZ Ltd, the Processor, in most cases will respond back within a 30-day period.
In many cases, the right to deletion is not absolute, and can depend on the context of the request, so it does not always apply.