Last Updated: 21/02/2020
If you are an Organiser that is subject to the EU General Data Protection Regulation (2016/EC/879) or “GDPR”), or an equivalent legislation, which includes any amending or replacement legislation (“Applicable Data Protection Laws” then this Data Processing Addendum (“DPA”) applies. These include Organisers that due to the judications in which they reside or operate require Tournament Finder to process Personal Data on their behalf as part of the Organiser’s use of the Services.
In this DPA references to “we”, “us”, “our” and “Tournament Finder” means Tournament Finder Limited whereas references to “you” means the Organiser.
NOTE: To learn more about Tournament Finder’s Legal Terms, take a look here.
Overview.
All services agreements between you and us including but not limited to the Tournament Finder Terms of Service (the “Agreement”) incorporate the terms of this DPA.
Over all other agreements this DPA will take precedence except where the Organiser and Tournament Finder have individually negotiated an agreement that meet the Applicable Data Protection Laws in full, then those negotiated terms will control.
There are few a terms that ascribed meanings in their Applicable Data Protection Laws, including “Data Controller”, “Data Subject”, “Data Processor”, “Processing” and “Personal Data”, these terms will have the same meanings in this document unless otherwise assigned. Additionally, for sake of clarity we you like to highlight and assign the following definitions:
“Data Security Breach” this means a breach the Services security that leads to the accidental or unlawful destruction, alteration, unauthorised disclosure, loss of, or unauthorised access to, Personal Data that is stored, transmitted, or otherwise Processed; and
“Technical and Organisational Security Measures” means the measures in security that are appropriate for the type of Personal Data being Processed that Tournament Finder may implement against unauthorised or unlawful Processing as well as against the accidental loss, damage, destruction, alteration or disclosure.
1.1 for purposes Applicable to Data Protection Laws and when using Tournament Finder the Organiser is the Data Controller of the Personal Data of the Consumers that register for their Tournament. The Organiser agrees to Process the Personal Data of the Consumers registering for their Tournament in accordance with Organiser’s obligations under Applicable Data Protection Laws.
1.2 Where Personal Data of the Consumers is Processed on behalf of the Organiser By the Tournament Finder Services, we are the Data Processor while the Organiser is the Data Controller.
Tournament Finder may also act as a Data Controller when Processing Consumers Data. This occurs when the Consumer use the Services beyond those that relate directly to the Organiser’s tournament, such as to conduct research to improve our Services.
Section 2 of this DPA will apply when Tournament Finder Processes Personal Data on behalf of the Organiser as a Data Processor. Conversely, Tournament Finder’s Processes is not Subject to this DPA when we are acting as a Data Controller of the Consumers’ Personal data.
2.1 Tournament Finder may Process Personal Data on behalf of Organiser, when this is the case Tournament Finder shall:
2.1.1 Unless required to do otherwise by applicable law We will only Process Personal Data on the documented instructions of Organiser. Unless otherwise prohibited by law, Tournament Finder shall inform Organiser of the legal requirement before Processing Personal Data other than in accordance with Organiser’s instructions. If we discover an instruction that in our opinion is in breach of Applicable Data Protection Laws, Tournament Finder will notify Organiser. Organiser hereby instructs Tournament Finder, and Tournament Finder hereby agrees, to Process Personal Data as necessary to perform Tournament Finder ‘s obligations under the Agreement and for no other purpose;
2.1.2 Protect Personal data by having in place the necessary Technical and Organisational Security Measures;
2.1.3 in the event of a Data Security Breach notify Organiser without any undue delay as well as provide assistance and co-operation to Organiser to comply with its obligations as a Data Controller with regards to the data breach notification requirements;
2.1.4 Ensure binding obligations of confidentiality with respect to Personal Data are required for and subjected on all personnel;
2.1.5 Ensure that all Sub-processors that have access to Personal Data also follow the rules outlined by GDPR and have this outlined in their Terms of Services or similar terms documentation and remain fully liable to Organiser for any failure by a sub-processor to fulfil its obligations in relation to the Personal Data;
2.1.6. under Application Data Protection Laws, provide the reasonable level of assistance to Organiser in responding to any rights requests, including complaints, or communications that have been received from an individual who is subject to Personal Data Processed by Tournament Finder or a data protection authority.
Organiser hereby instructs and authorises Tournament Finder to delete or anonymise the Consumer’s Personal Data on Organiser’s behalf in the event that a Consumer submits a Personal Data deletion request;
2.1.7 Upon Organiser’s written request, Tournament Finder will make available to Organiser all information that in its sole discretion considers reasonably necessary to demonstrate its compliance with the obligations set out in this Section 2, and to allow for and co-operate with any audits.
Any on-site audits shall only be permitted if: (i) reasonable advance notice to Tournament Finder has been given; (ii) appropriate confidentiality undertakings have been made; and (iii) at least three (3) years has past since the previous request and then only in order to evaluate a specific suspected deficiency after Tournament Finder is satisfied that all other reasonable means to complete the evaluation have been exhausted and;
2.1.8 at the Organiser’s election, tournament finder will return, delete, or destroy the Personal Data and copies thereof (unless applicable law requires the storage of such personal Data) except when Tournament Finder is the Data Controller of the Personal Data in question.
2.2 Tournament Finder has listed its current sub-processors on its website. Organise hereby consents to the sub-processors listed on our website on the Effective Data of this DPA, and additionally those listed on our site on the effective date of the Agreement (“Current Sub-Processors”) to process Personal Data on Tournament Finders behalf.
2.3 Should Tournament Finder appoint additional and/ or replacement sub-processors it will give notice to Organiser via our website, since our website will be the sole means of communication on this matter, it is Organiser’s responsibility to regularly check the website for any such changes. Organiser will have the opportunity to object to any such changes that take place after the Effective Data of the Agreement in accordance with the terms outlined in the following section of this DPA. Note termination rights available in the following section are for cases where there are objections to Replacement Sub-Processors appointed after the Effective Date of this DPA, they do not apply to any Current Sub-Processors.
2.4 any objections to the appointment of Replacement Sub-Processors shall be raised by Organiser within ten (10) days of Tournament Finder posting the changes of the Tournament Finder website. Objections of Organiser shall be sent to [email protected] with the subject line ‘Sub-Processor Objection’.
Providing the objection of Organiser includes sufficient detail (failure to provide, in our sole opinion, sufficient supporting detail will result in the objection being deemed invalid) to support its objection and the objection concerns the ability of Tournament Finder to comply with its data protection obligations under this DPA while using the Replacement Sub-Processor, Tournament Finder will then use what its sole discretion believes is reasonable efforts to review and respond to Organiser’s objection within thirty (30) days of receiving the objection.
If Tournament Finder it is sole discretion, determines that it cannot reasonably accommodate the objection of Organiser then Tournament Finder will provide notice after which Organiser may choose to terminate the Agreement in writing as outlined in method for termination in the Terms of Service. Should Organiser choose to terminate their contact due to objection to Sub-Processors then the Date of Termination will be the date that Tournament Finder receives the request for termination correspondence. Organiser will owe all outstanding debts and payments that it has incurred up to and including the Date of Termination.