ASL Ltd (“Ångstrom” or “we”) is committed to protecting the security and privacy of data subjects’ (“you” or “your”) personal data when processing the same. Ångstrom endeavours to ensure that any personal data we collect about you will, where relevant, be held and processed in accordance with the European General Data Protection Regulation (“GDPR”) and associated applicable national laws, rules and guidance in force from time to time.
This Privacy Notice demonstrates how we handle the personal data you provide to us, or which we collect about you, in the following ways (your “Data”):
- by you submitting Data to us through our website angstromsports.com or from what we learn about you from your visit to our website;
- as a result of you applying (directly or indirectly through a third party) to be employed by us or to work as a contractor for us;
- by you or a third party (such as your employer) submitting information to us when you complete one of our surveys;
- by you or a third party (such as your employer) submitting Data to us in the course of us providing services to you or a third party (such as your employer);
- by you or a third party (such as your employer) submitting Data to us where we are seeking to obtain goods or services from you or a third party (such as your employer) as a supplier/service provider;
- as a result of us using your Data (whether obtained from you, a third party or the public arena) in connection with our ordinary day to day business activities (which involves the development and provision of sports forecasting and data analytics solutions); and
- as a result of us collecting Data about you from third party sources such stats.nba.com, www.nfl.com, www.mlb.com, or other similar publicly available sources.
- Identity and contact details of the data controller and data protection officer
- This Privacy Notice covers the Data processing activities completed by ASL Ltd which where relevant, will be acting as the sole controller, a controller in common or a joint controller of your Data.
- If you have any queries regarding this policy or complaints about our use of your Data, please contact Head of Corporate Dan Keatings at firstname.lastname@example.org. FAO: Data Protection Officer
- What we use your Data for
- The table in Schedule 1 to this Privacy Notice sets out the categories of your Data that we hold, the purposes for which we may process your Data and the legal basis for the processing.
- We may use any of the following Data belonging to you for direct marketing purposes:
- telephone number(s);
- residential and/or correspondence addresses; and
- email address(es).
- Your Data may be used for the direct marketing of any of our products and services which at present includes the development and provision of sports forecasting and data analytics solutions together with any related services that we may provide from time to time. You may decide whether or not to allow us to use your Data for direct marketing and may opt out of receiving any direct marketing communications from us either at the time at which the communication is received or at any other time by contacting us using the email@example.com email address.
- Your Data has been collected by us on a voluntary basis. If you do not wish for us to process your Data, please contact us using the details set out above. If we are unable to process your Data, we will not be able to involve you in any of our service activities as set out in paragraph 3 above.
- Data security
- We have put in place appropriate security measures to prevent your Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Data to those individuals who have a business need to know.
- We have put in place procedures to deal with any suspected Data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
- Who we share your Data with
- We may on occasion be required to share your Data with the following categories of recipients:
- affiliated entities through which we operate our business;
- third parties who provide services to us or on our behalf. For example, we use third parties such as Amazon Web Services as part of our IT infrastructure and engage with a number of other third parties as part of our wider business. A full list of all our third-party service providers that potentially have access to your Data is available on request;
- other Ångstrom clients and contacts where this is necessary in connection with the performance by us of our usual suite of services; and
- in other cases:
- where we are required to do so by law or enforceable request by a regulatory body;
- where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; or
- if we sell our business, go out of business, or merge with another business.
- International Transfers
In certain circumstances, we may transfer your Data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the GDPR.
- Retention Period
- We will only retain your Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, tax, regulatory or reporting requirements. To determine the appropriate retention period for your Data, we consider the amount, nature, and sensitivity of your Data, the potential risk of harm from unauthorised use or disclosure of your Data, the purposes for which we process your Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
- As a general rule this means that your Data will be stored for a maximum period of 6 years from the date on which our relationship with you ends, after which time it will be put ‘beyond use’ if it is no longer required for the lawful purpose(s) for which it was obtained.
- Your rights in relation to your Data
- Under the GDPR, you have the following rights in relation to how we process your Data:
- right to request access: you may obtain confirmation from us as to whether or not your Data is being processed and the kind of personal data held by us and, where that is the case, you may request access to your Data together with details of our policies and practices in relation to personal data;
- right to rectification and erasure: you have the right to obtain rectification of inaccurate Data we hold concerning you and to obtain the erasure of your Data without undue delay in certain circumstances;
- right to restriction of processing: you may require us to restrict the processing we carry out on your Data in certain circumstances;
- right to data portability: you have the right to receive your Data in a structured, commonly used and machine-readable format;
- right to withdraw consent and object to processing: where you have provided your consent to us processing your Data, you have the right to withdraw your consent at any time. Additionally, where we are relying on legitimate interests to process your Data you have the right to object to such processing. You also have the right to object to direct marketing which uses your Data. This can be done by emailing firstname.lastname@example.org at any time; and
- right to lodge a complaint: under GDPR you may lodge a complaint with any supervisory authority in the EU. The supervisory authority for the United Kingdom is the Information Commissioner’s Office.
- For further information on your rights under GDPR, please see the Information Commissioner’s Office, here.
- Please note that, in circumstances where you are seeking to exercise your rights as a data subject, we may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that your Data is not disclosed to any person who does not have a right to receive it.
- Additional Information
- We do not undertake decision making based on automated processing or profiling of your Data within the meaning of Article 22 of GDPR.
- We obtain certain personal data (including individually and team linked sports performance data) in connection with certain professional athletes from a range of proprietary and publicly available sources. A full list of such sources can be made available to any affected data subject on request.
- We keep our data protection policy (including this Privacy Notice) under constant review and may change it from time to time to reflect our practices or to remain compliant with relevant legislation. We will notify you of any material changes to our Privacy Notice at which point you will be given the option to request that we cease processing your Data.
Categories of data processed, purposes for processing and legal basis
||Categories of data
||Legal basis for processing
Family, lifestyle and social circumstances
Employment, training and education details
Physical or mental health details
Racial or ethnic origin
|Creation of employment relationships
Performance of contract
Responding to queries
|Third party service and product providers
Goods and services provided
Discharging contractual obligations
Goods and services provided
|Performance of contract
Client activities: covers the day to day activities associated with the Ångstrom business which involves the development and provision of sports forecasting and data analytics solutions to business clients including in particular:
- the collection and receipt of performance data for specific athletes and teams;
- the processing of that data using a proprietary algorithm in order to generate sports betting odds linked to a given individual or team;
- sharing raw and processed data both within the Ångstrom business and with third party service providers where this is necessary for such third parties to provide support services to Ångstrom; and
- the provision of individually and team linked betting odds to clients of Ångstrom (bookmakers) for use in their business.
Consent: in the context of the table above, should be construed as follows:
- Website users: consent given by the relevant user clicking on an ‘OK’ button embedded in a pop-up banner on the website covering the processing of Data using cookies; and
- Clients: consent given by clients in Ångstrom’s engagement terms for Ångstrom to process Data provided under such appointment;
Direct marketing: keeping data subjects informed of any activities undertaken by Ångstrom which it believes may be of interest to the data subjects and this may include sending data subjects email and postal marketing from time to time, calling data subjects up or sending them requests to respond to a survey;
Discharging contractual obligations: covers Ångstrom’s activities in connection with the discharge of its obligations under a contract with a third-party supplier or service provider. This will principally cover the processing of any Data provided to and by the counterparty;
Legitimate interests: in the context of the Ångstrom business means the day to day activities that are undertaken to service client work (i.e. the development and provision of sports forecasting and data analytics solutions) together with any associated internal support activities;
Responding to queries: covers the processing of data (name and email address) for the purposes of responding to any questions sent to Ångstrom using the online submission form on the ‘contact us’ section of the Ångstrom website, here. In responding to queries, data subjects’ contact details will be stored and may be shared within the Ångstrom business; and
Surveys: from time to time client details (name and contact details) will be used to send individual data subjects survey requests. Such requests are entirely optional and will contain further details of any processing activities that Ångstrom will undertake in connection with the data provided.
- Preventing fraud
- Direct marketing
- Intragroup transfers for administrative purposes
- Ensuring network and information security
- Reporting possible criminal acts to a competent authority
- Enforcement of legal claims (out of court)
- Whistleblowing and prevention of money laundering
- Physical, IT and network security
- Processing for (market) research purposes
- Processing in order to provide services
- Internal risk management
- Creating employment relationships
- Recordkeeping and disclosure
- General financial and regulatory reporting to authorities