Privacy Policy

Information notice in compliance with article 13 of the Regulation (EU) 2016/679 (“GDPR”) Processing of personal data collected from the data subject

In compliance with the provisions of Regulation (EU) 2016/679 (General Data Protection Regulation) please find here information on the processing of your personal data. This policy is not applicable to other websites linked to the Data Controller’s domain and the Data Controller waives all and any responsibility for third-party websites. This policy is provided in compliance with art. 13 of Regulation (EU) 2016/679 and is also inspired by the provisions of Directive 2002/58/EC, as amended by Directive 2009/136/CE, on Cookies as well as on the Provision of the Italian Data Protection Authority on cookies dated 08.05.2014.

Processed personal data: “Personal data”: any  information relating to  an  identified or  identifiable  natural person (‘data  subject’);  an identifiable natural person is  one  who  can  be  identified,  directly or  indirectly,  in  particular by reference to  an identifier such as a name, an identification number, location data, an online identifier or  to one or  more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;  (C26, C27, C30)

Browsing data  

IT systems and software procedures that manage this site, while working, acquire some personal data that are transmitted as a matter of course in the use of Internet communication protocols. Such data include IP addresses or user computer and terminal domain names, URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the answering file, the numerical code showing the status of the server answer (successful, error, etc.) and other parameters concerning the user’s operating system and IT environment.

Data collected from the data subject

The discretionary, explicit and voluntary sending of messages to the contact addresses, as well as the filling in and sending of the forms posted in the Data Controller’s website entails the acquisition of the sender’s contact data for the purpose of addressing the relevant requests and of all the personal data included in the communication.

Login data

When accessing the Platform for the first time, users are requested to create an account, entering their personal data including, without limitation: name, surname, email address, phone number and their profession (e.g., club, agent, player, independent scout, trainer, controller, journalist)

Data concerning children. Children under 16 years of age cannot supply their personal data. The Data Controller will not be in any way responsible for any false statements that may be provided by the minor and, in any case, if Data Controller ascertains the false declaration, it will immediately delete any personal data and any material acquired.  The Data Controller shall guarantee to the holder of legal or parental responsibility the exercise of the data subject’s  rights concerning child’s personal data provided by articles 15 and following of Regulation (EU) 2016/679.

Third party personal data

Information shared in the user’s Wyscout account may also contain data referring to third parties. Wyscout does not collect and process personal information other than those data supplied directly from the users at the time of registration and account creation; however, everything shared through an account is accessible to other Wyscout users who can access the reserved area of the platform and collect and use other users’ contents, which might include personal information on third party data subjects or third parties. It is therefore necessary for the user to inform such third parties and, if necessary, collect their consent to the processing of their data in compliance with the provisions of this policy.

Wyscout shall not be held liable for any unlawful processing of third party data or for the processing of such data by other users.

Personal information concerning payments

Wyscout makes service packages available for purchase through the Platform. Wyscout spa shall collect and process data for invoicing and payment processing purposes in connection with the purchase of service packages made available by Wyscout through the platform.

The account is password-protected. The user is responsible for the security of its password and shall be careful to keep it secret and strictly private.

Specific privacy notices

Specific privacy notices may appear in the site pages in connection with special services or processing of the data provided.

Cookies and other technologies

For additional information on cookies and other technologies used, please refer to the cookies policy shown in the footer of this website.

  1. The DATA CONTROLLER

pursuant to articles 4 and 24 of EU Reg. 679/2016 is Wyscout spa with registered office in Corso Garibaldi, 32/8 16043 Chiavari (GE) ITALY, represented by the sole Director and CEO, who can be contacted by email at privacy@wyscout.com

  1. The DATA PROTECTION OFFICER (DPO)

pursuant to articles 37 – 39 of EU Reg. 679/2016, appointed, can be contacted by email at dpo@wyscout.com

  1. PURPOSE AND LAWFULNESS OF PROCESSING

Personal data shall be processed for the following purposes:

A) website browsing: data necessary for the provision of the web services shall be processed, also with the purpose of obtaining statistical information on the use of said services (most popular pages, number of visitors per time slot or day, geographical areas of origin, etc.) and to monitor the correct operation of the services offered;

– filling in the data collection forms for Wyscout spa services (e.g., registration on the base of profession, free trials, etc.);

– filling in the data collection forms for contacts, applications in the “work with us” area, etc.;

LAWFULNESS: personal data shall be processed in compliance with the lawfulness conditions pursuant to art. 6 of EU Reg. 2016/679:

– for the performance of a contract to which the data subject is party or in order to take steps at the request
of the data subject prior to entering into a contract

–  for  the  purposes  of  the  legitimate interests  pursued by the  controller or  by  a  third  party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for  that purpose may take place (recital 47).

B) for direct marketing based on the user’s account, for the delivery of communications, newsletters and promotional and business information, market research or other product research and direct sales, information material, for the assessment of customer satisfaction, for commercial and advertising material or material concerning events and initiatives, by the Data Controller: by automated means such as e-mail, SMS (Short Message Service) or other, as well as by telephone calls via operator and paper mail.

LAWFULNESS: personal data shall be processed in compliance with the lawfulness conditions pursuant to art. 6 of EU Reg. 2016/679:

– upon prior consent and until data subject’s objection to the processing for marketing purposes; – with reference to the user’s account, for  the  purposes  of  the  legitimate interests  pursued by the  controller or  by  a  third  party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for  that purpose may take place (recital 47).

The Controller sends newsletters and promotional materials through systems that generate reports, in order to compare and improve the outcomes of such communications.  Thanks to such reports, the Data Controller shall be able to know, for instance: the number or readers, the number of opened messages, the number of single clicks and of clicks; the devices and operating systems used to read the communication; details on the activities of individual users; details of sent, delivered and undelivered and of forwarded emails. All these data are used to compare and improve, if necessary, the outcome of the such communications.

C) upon prior consent and until data subject’s objection to the processing for Agile (HUDL) direct marketing activities, by sending advertising/promotional materials, direct sale of new products and services, and/or questionnaires to measure satisfaction – by automated channels via e-mail, fax, MMS (Multimedia Messaging Service) or SMS (Short Message Service) or other, as well as by telephone calls and paper mail (art. 6, lett. a)). The data will be transferred to companies of the Group to which Wyscout belongs operating in the same sector. To obtain the Privacy Policy and to exercise the data subject’s right on the processing of the subject’s personal data by third parties, he/she shall address to the same third party, who will send promotional communications as independent data controller.

D) upon prior consent and until data subject’s objection to the processing for third part direct marketing activities, by sending advertising/promotional materials, direct sale of new products and services, and/or questionnaires to measure satisfaction – by automated channels via e-mail, fax, MMS (Multimedia Messaging Service) or SMS (Short Message Service) or other, as well as by telephone calls and paper mail (art. 6, lett. a)). The data will be transferred to other companies or third parties operating in the same sector. To obtain the Privacy Policy and to exercise the data subject’s

right on the processing of the subject’s personal data by third parties, he/she shall address to the same third party, who will send promotional communications as independent data controller.

  1. DATA RECIPIENTS OR RECIPIENT CATEGORIES

Personal data will be communicated to recipients, who will process the data as processors (art. 28 of EU Reg.  2016/679) and / or as natural persons acting under the authority of the Data Controller and Data Processor (art. 29 of EU Reg.  2016/679), for the purposes listed above in paragraph 3, and to third parties. More specifically, data will be communicated to:

– companies controlled by, controlling or under the joint control of Wyscout or its associated companies; – service providers specifically identified and authorised by Wyscout or other subjects with whom Wyscout executed co-operation agreements with regard to the Platform or the services covered by the platform; – subjects providing management services for the computer system and communication networks (including email); –  firms or Companies within the context of assistance and consultancy relationships; – competent authorities to fulfil legal obligations and/or provisions of public bodies, upon request; – in case the processing is done for administrative or accounting purposes, data can be transferred to business information companies for the assessment of the solvency and payment patterns and/or to debt collection agencies. Subjects belonging to the abovementioned categories shall be appointed Data Processors or shall operate as

independent Data Controllers. The list of designated Data Processors is constantly updated and is available upon request to e-mail dpo@wyscout.com .

  1. DATA TRANSFER TO THIRD COUNTRIES AND/OR INTERNATIONAL ORGANISATIONS AND SAFEGUARDS

A transfer of personal data  to  European Union and non-European Union Countries can occur in order to fulfil any of the connected purposes mentioned above. Data shall be transferred in compliance with article 44 and following of EU Regulation 679/2016, only on the basis of an adequacy decision or subject to appropriate safeguards. Information on the data transfer safeguards can be obtained by writing an email message to dpo@wyscout.com

  1. DATA RETENTION PERIOD OR RELEVANT CRITERIA TO DETERMINE SUCH PERIOD

Data shall be processed automatically and manually, in a manner and with tools that ensure maximum security and confidentiality, by specifically appointed subjects. In compliance with the provisions of art. 5 par. 1 lett. e) of EU Reg. 2016/679, the collected personal data shall be be kept in a form which permits identification of data subjects for a period not exceeding the purposes for which the personal data were collected and subsequently processed.  In particular, Personal Data shall be processed for the minimum necessary period, as detailed in Recital 39 of the Regulation, equal to the duration of any existing contractual relationships, without prejudice to an additional retention period that can be required by law, as also provided for in Recital 65 of the Reg. UE 2016/679.  With regard to processing activities carried out with the data subject’s consent, please remember that said consent can be withdrawn at any time. The retention period is determined on the basis of criteria available for the data subject by writing an e-mail at dpo@wyscout.com

  1. DATA SUBJECTS’ RIGHTS

Data subjects have the right to obtain, where appropriate, access to their personal data as well as rectification or erasure of such data or the restriction of the processing concerning them, and to object to the processing (articles 15 and following of Regulation EU 679/2016).  You can exercise your rights by contacting the DPO by email dpo@wyscout.com address or by writing to the Data Controller’s main offices mentioned above.  You can withdraw your consent at any time, with regard to direct marketing communications, by writing an email at dpo@wyscout.com for automatic direct marketing (e-mail, SMS), with the “cancellation from automated communications” subject line, or using our automatic cancellation systems for emails. In order to stop any traditional direct marketing communication (operator phone calls, paper mail), please write an email to dpo@wyscout.com with the “cancellation from traditional communications” subject line.

You have the right to lodge a complaint with the Data Protection Authority. There is no automated decision-making.

  1. PROVISION OF PERSONAL DATA

You are free to provide personal data in dedicated areas through registration forms. Provision of personal data is optional. Failure to provide personal data for the purposes of paragraph A) of this privacy policy shall entail the impossibility to be provided with the services by the data controller.

Provision of personal data for the purposes of paragraph B) of this privacy policy is optional. Failure to provide such data shall prevent the sending of direct marketing communications as described in paragraph B), but shall not impede the provision of the services described in paragraph A).

The data subject can give consent to the processing of personal data for the purposes of paragraph B) also at the moment of the creation of the account, by ticking the desired option.

  1. AMENDMENTS TO THE PRIVACY POLICY

The data controller reserves the right to amend, update, add or remove parts of this privacy policy at its sole discretion and at any time. The data subject is required to review any changes on a regular basis. In order to facilitate this review, the policy will contain an indication of the date on which the policy was updated.

In any case, Wyscout spa will send you a message anytime there is a substantial change in the Privacy Policy.

Updated on: 25.09.19

***