ASF Ltd (“Ångstrom” or “we”) is committed to protecting the security and privacy of data subjects’ (“you” or “your”) personal data when processing the same. Ångstrom endeavours to ensure that any personal data we collect about you will, where relevant, be held and processed in accordance with the European General Data Protection Regulation (“GDPR”) and associated applicable national laws, rules and guidance in force from time to time.
This Privacy Notice demonstrates how we handle the personal data you provide to us, or which we collect about you, in the following ways (your “Data”):
(a) by you submitting Data to us through our website www.angstromsports.com or from what we learn about you from your visit to our website;
(b) as a result of you applying (directly or indirectly through a third party) to be employed by us or to work as a contractor for us;
(c) by you or a third party (such as your employer) submitting information to us when you complete one of our surveys;
(d) by you or a third party (such as your employer) submitting Data to us in the course of us providing services to you or a third party (such as your employer);
(e) by you or a third party (such as your employer) submitting Data to us where we are seeking to obtain goods or services from you or a third party (such as your employer) as a supplier/service provider;
(f) as a result of us using your Data (whether obtained from you, a third party or the public arena) in connection with our ordinary day to day business activities (which involves the development and provision of sports forecasting and data analytics solutions); and
(g) as a result of us collecting Data about you from third party sources such www.stats.nba.com, www.nfl.com, www.mlb.com, or other similar publicly available sources.
3. Identity and contact details of the data controller and data protection officer
3.1. This Privacy Notice covers the Data processing activities completed by ASF Ltd which where relevant, will be acting as the sole controller, a controller in common or a joint controller of your Data.
3.2. If you have any queries regarding this policy or complaints about our use of your Data, please contact email@example.com FAO: Data Protection Officer
4. What we use your Data for
4.1. The table in Schedule 1 to this Privacy Notice sets out the categories of your Data that we hold, the purposes for which we may process your Data and the legal basis for the processing.
4.2. We may use any of the following Data belonging to you for direct marketing purposes:
(b) telephone number(s);
(c) residential and/or correspondence addresses; and
(d) email address(es).
4.3. Your Data may be used for the direct marketing of any of our products and services which at present includes the development and provision of sports forecasting and data analytics solutions together with any related services that we may provide from time to time. You may decide whether or not to allow us to use your Data for direct marketing and may opt out of receiving any direct marketing communications from us either at the time at which the communication is received or at any other time by contacting us using the firstname.lastname@example.org email address.
4.4. Your Data has been collected by us on a voluntary basis. If you do not wish for us to process your Data, please contact us using the details set out above. If we are unable to process your Data, we will not be able to involve you in any of our service activities as set out in paragraph 4.3 above.
5. Data security
5.1. We have put in place appropriate security measures to prevent your Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Data to those individuals who have a business need to know.
5.2. We have put in place procedures to deal with any suspected Data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
6. Who we share your Data with
6.1. We may on occasion be required to share your Data with the following categories of recipients:
(a) affiliated entities through which we operate our business;
(b) third parties who provide services to us or on our behalf. For example, we use third parties such as Amazon Web Services as part of our IT infrastructure and engage with a number of other third parties as part of our wider business. A full list of all our third-party service providers that potentially have access to your Data is available on request;
(c) other Ångstrom clients and contacts where this is necessary in connection with the performance by us of our usual suite of services; and
(d) in other cases:
(i) where we are required to do so by law or enforceable request by a regulatory body;
(ii) where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; or
(iii) if we sell our business, go out of business, or merge with another business.
7. International Transfers
In certain circumstances, we may transfer your Data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the GDPR.
8. Retention Period
8.1. We will only retain your Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, tax, regulatory or reporting requirements. To determine the appropriate retention period for your Data, we consider the amount, nature, and sensitivity of your Data, the potential risk of harm from unauthorised use or disclosure of your Data, the purposes for which we process your Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
8.2. As a general rule this means that your Data will be stored for a maximum period of 6 years from the date on which our relationship with you ends, after which time it will be put ‘beyond use’ if it is no longer required for the lawful purpose(s) for which it was obtained.
9. Your rights in relation to your Data
9.1. Under the GDPR, you have the following rights in relation to how we process your Data:
(a) right to request access: you may obtain confirmation from us as to whether or not your Data is being processed and the kind of personal data held by us and, where that is the case, you may request access to your Data together with details of our policies and practices in relation to personal data;
(b) right to rectification and erasure: you have the right to obtain rectification of inaccurate Data we hold concerning you and to obtain the erasure of your Data without undue delay in certain circumstances;
(c) right to restriction of processing: you may require us to restrict the processing we carry out on your Data in certain circumstances;
(d) right to data portability: you have the right to receive your Data in a structured, commonly used and machine-readable format;
(e) right to withdraw consent and object to processing: where you have provided your consent to us processing your Data, you have the right to withdraw your consent at any time. Additionally, where we are relying on legitimate interests to process your Data you have the right to object to such processing. You also have the right to object to direct marketing which uses your Data. This can be done by emailing email@example.com at any time; and
(f) right to lodge a complaint: under GDPR you may lodge a complaint with any supervisory authority in the EU. The supervisory authority for the United Kingdom is the Information Commissioner’s Office.
9.2. For further information on your rights under GDPR, please see the Information Commissioner’s Office, here.
9.3. Please note that, in circumstances where you are seeking to exercise your rights as a data subject, we may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that your Data is not disclosed to any person who does not have a right to receive it.
10. Additional Information
10.1. We do not undertake decision making based on automated processing or profiling of your Data within the meaning of Article 22 of GDPR.
10.2. We obtain certain personal data (including individually and team linked sports performance data) in connection with certain professional athletes from a range of proprietary and publicly available sources. A full list of such sources can be made available to any affected data subject on request.
10.3. We keep our data protection policy (including this Privacy Notice) under constant review and may change it from time to time to reflect our practices or to remain compliant with relevant legislation. We will notify you of any material changes to our Privacy Notice at which point you will be given the option to request that we cease processing your Data.