TERMS OF SERVICE
-
SCOPE
- These general terms of service (hereinafter referred to as the “Terms of Service“) govern your access to and use of the Handball platform and any related service provided through it by Handball.ai ÖU (“Handball.ai“, “We“, “Our“, or “Us“).
- Hereinafter, Handball.ai and the Customer mutually recognise each other as having sufficient legal capacity to be bound by these Terms of Service.
- If the Customer is an entity, the individual accessing or using the Platform or Services on behalf of that entity represents and warrants that they have the authority to bind the entity to these Terms of Service.
- Both the Terms of Service (including the Annex) and any special conditions that may be agreed between the Parties (the “Special Conditions“), together with the Privacy Policy, shall together be deemed to be the agreement between the Parties (the “Agreement”). In the event of any inconsistency between the Special Conditions and these Terms of Service, the Special Conditions shall prevail.
- By accessing or using Our Platform and Services, You agree to be bound by these Terms of Service.
-
DEFINITIONS
- In this Terms of Service, apart from other terms in capital that may be included in other sections:
- “Customer” (also, “You”, “Your” or “Yours”), refers to any individual or entity accessing or using Our Platform.
- “Authorised Users” refers to any of the individuals authorized by the Customer to access and use the Platform or any Service on behalf of the Customer.
- “Platform” refers to the website, mobile application, and any other digital interfaces or tools provided by Handball.ai for accessing the Services.
- “Services” refers to the access to and use of the Platform and any related services provided by Handball.ai.
- “Party” or “Parties” refers to the Customer and Handball.ai collectively or individually, as the context requires.
- “Confidential Information” refers to any non-public or proprietary information disclosed by one Party (“Disclosing Party“) to the other Party (“Receiving Party“), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances surrounding its disclosure. Confidential Information may include, but is not limited to, trade secrets, business plans, financial information, technical data, customer lists, marketing strategies, product designs and any other information deemed as confidential.
-
CONDITIONS OF ACCESS AND USE OF THE PLATFORM
- License. Subject to compliance with this Agreement, Handball.ai grants the Customer a non-exclusive, non-transferable, non-sublicensable, worldwide, limited licence to access and use the Handball.ai Services, including the Platform, for Customer’s internal business purposes and limited to the terms of the Agreement, which the Customer agrees to strictly comply with. This licence is granted only for the duration of the Agreement and is subject to payment of the relevant fees.
- Access and Authentication. Customer must use the login details to access the Services. The Customer is responsible for maintaining the confidentiality of its login details and agrees to notify Handball.ai immediately of any unauthorised or suspicious use of its account.
- Restrictions on Use. Customer shall not, and shall ensure that Authorised Users do not, do any of the following, including attempting or asking third parties to do the same: (a) interfere with or disrupt the Services or the Platform or attempt to gain access to any systems or networks connected to the same (other than as necessary to access and use the Services), including but not limited to hacking, phishing, spamming, or introducing malware.; (b) copy, modify or distribute any portion of the Services or the Platform, including any content or materials provided through the Service; (c) sell, assign, rent, lease or otherwise provide access to the Services to any third party (including a parent, subsidiary or affiliate) other than Authorised Users; (d) transfer any of your rights under the Agreement to any third party without Handball. ai’s express written consent; (e) assign any of your rights under the Agreement to any third party without Handball.ai’s express written consent; (f) use the Services to create derivative works based on the Services or the Platform or content provided through them; or (g) use the Services for any purpose other than as permitted by the Agreement without Handball.ai’s express written consent; (h) disassemble, decompile or reverse engineer the Services or the Platform or any feature thereof, or take any action that involves attempting to access the source code of the Platform (or the underlying ideas, algorithms, structure or organisation of the object code used in the Services or the Platform), except to the extent expressly permitted by applicable law; (i) access or use the Services for the purpose of creating a competitive product or service or copying the functionality or user interface of the Services; and (j) use the Services for any unlawful or unauthorized purpose, or infringing upon the rights of others.
- Compliance with Laws. You agree to comply with all applicable laws, regulations, and third-party agreements when using the Services.
- Enforcement. Handball.ai has the right to investigate violations of these restrictions and may consult and cooperate with law enforcement authorities to prosecute users who violate the law. Customer authorises Handball.ai, as well as the companies or specialised firms it has commissioned and authorised, to carry out audits of the use of the Services in order to check compliance with this Agreement.
-
OBLIGATIONS OF THE CUSTOMER
- Authorised Users and administrators. Handball.ai will designate an administrator for the Customer’s account, and the Customer will designate the rest of Authorised Users. The Authorised Users shall be identified directly in the Platform (in the tabs provided for this purpose). This information must be accurate, complete and up to date. Handball.ai assumes no responsibility for any inconvenience, loss or damage that may result from the Customer’s failure to update the information in its account.
- Compliance. Customer shall be liable for the acts and omissions of Authorised Users as if they were its own acts and omissions. The Customer shall ensure that all Authorised Users comply with the provisions of this Agreement. The Customer will immediately notify Handball.ai of any suspected or alleged breach of the Agreement and will co-operate with Handball.ai in relation to (a) the investigation by Handball.ai of any suspected or alleged breach of the Agreement; and (b) any action taken by Handball.ai to enforce the provisions of the Agreement. Handball.ai may suspend or terminate an Authorised User’s access to the Services if Handball.ai believes that the Authorised User is in breach of the Agreement and Handball.ai shall give due notice to the Customer.
- Telecommunications and Internet Services. The Customer acknowledges and agrees that use of the Services is dependent upon access to telecommunications and Internet services. Customer shall be solely responsible for the acquisition and maintenance of all Internet and telecommunications services and any other hardware and/or Platform necessary to access and use the Services. Handball.ai shall not be liable for loss or corruption of data, lost communications, or any other loss or damage of any nature whatsoever arising from such Internet and telecommunications services.
-
FEES AND PAYMENT
- Fee. Customer agrees to pay all fees and charges incurred in connection with the use of the Services as set forth in the pricing plan selected during the contracting process, as well as any additional services contracted.
- Payment method. Payment for the Services shall be made through credit or debit card via the Stripe platform, a third-party payment processor. By providing Your credit or debit card information during the contracting process, You authorize Handball.ai to charge Your card for the agreed-upon periodic fees and any additional charges related to the Services. These periodic payments will occur automatically using the provided credit or debit card, unless You provide alternative payment arrangements agreed upon by both Parties.
- Invoice Delivery. Invoices may be delivered to the Customer electronically via email. In any case, You can request the invoice by email to [email protected].
- Fee Changes. Handball.ai reserves the right to change its fees and pricing plans for the Services upon providing reasonable notice to the Customer. Continued use of the Services after such notice constitutes acceptance of the new fees.
- Refunds: Fees paid for the Services are non-refundable, except as required by applicable law or as otherwise specified in this Agreement.
- Taxes. Customer shall be responsible for the payment of any applicable taxes, including but not limited to value-added tax (VAT), or any other similar taxes imposed by relevant authorities, arising from the provision of the Services under this Agreement. Applicable taxes will be included in the fees and charges billed to the Customer for the Services provided under this Agreement. If the Customer believes it is eligible for any tax exemptions or reductions, it shall provide necessary documentation to Handball.ai to support such claims.
- Suspension for Non-Payment: Handball.ai reserves the right to suspend or terminate access to the Services for non-payment of fees related to the Services. This suspension may result in temporary interruption of access to the Services until all outstanding fees are settled.
-
INTELLECTUAL AND INDUSTRIAL PROPERTY
- Services. All intellectual property rights and any other proprietary rights related to the Services, including but not limited to the Platform, algorithms, designs, layouts, texts, graphics, logos, trademarks, button icons, images, audio clips, videos, other media content, analysis, statistics, data compilations, and any other content provided through the Services by Handball.ai, shall remain the sole property of Handball.ai or its licensors.
- Customer Data. Customer may provide certain data, information, or content (“Customer Data“) to Handball.ai while using the Services, including video footages. Customer retains ownership of all Customer Data. However, by providing Customer Data, Customer grants Handball.ai a non-exclusive, worldwide, royalty-free license to use, modify, reproduce, distribute, analyse (and create derivative works based on the Customer Data) and display the Customer Data for the purpose of providing the Services.
- Generated Data. Any derivative works based on the Customer Data (data generated or derived from the analysis of Customer Data using the Services), including but not limited to match statistics, performance metrics or insights, or trends, shall be owned exclusively by Handball.ai (“Generated Data”). Consequently, the Customer hereby grants Handball.ai a perpetual, irrevocable, royalty-free license to use, modify, reproduce, and distribute any Generated Data for any purpose, including but not limited to improving the Handball.ai’s Services, conducting research, developing new products, or for commercial purposes. In any case, the Customer may request Handball.ai to delete the Generated Data.
- Customer Data Responsibility. Customer shall be solely responsible for the accuracy, completeness, legality and reliability of the Customer Data and warrants that the Customer Data does not and will not violate any third-party rights of any kind, including without limitation intellectual property and privacy rights. Customer understands and agrees that any loss or damage of any kind occurring as a result of a breach of this provision by Customer or any of its Authorised Users is the sole responsibility of Customer.
- Use of Customer Marks. Handball.ai is authorised to use the Customer’s trade name and trademarks (“Customer’s Marks“) for advertising purposes in connection with the promotion of the Services provided by Handball.ai. Such use shall be made in a respectful manner, without altering the Customer Marks or harming the reputation of the Customer. The Customer reserves the right to revoke this authorisation at any time by written notice to the Supplier.
- Feedback. If Customer provides Handball.ai with suggestions and ideas for modifications or improvements to the Services (“Feedback“), Customer assigns and agrees to assign to Handball.ai all right, title and interest in and to the Feedback, including all intellectual property rights related thereto. Accordingly, Handball.ai is entitled to use any Feedback in any manner and for any purpose without requiring Customer’s permission or compensation in exchange for such use.
-
DATA PROTECTION
- The data relating to any identified or identifiable person which is included in the Customer Data to which Handball.ai may have access pursuant to the Agreement will be processed in accordance with the Data Processing Agreement (“DPA”) attached as ANNEX I.
- The personal data of the Customer, its legal representatives (if any), as well as those of the Authorised Users or other persons responsible for the supervision or execution of the Agreement, will be collected and processed in accordance with the Privacy Policy.
7.3. In respect of the Generated Data, the Customer hereby warrants and represents that it has obtained all necessary authorisations and consents from the end users of the personal data contained in the Generated Data to: (i) process such data for the purposes set out in this Agreement, namely the compilation of statistics, performance reports and metrics; (ii) transfer such Generated Data and the data contained therein to Handball.ai for the purposes stated in Handball.ai’s Privacy Policy.
7.4. The Customer shall promptly notify Handball.ai of any requests for suppression or rectification of data by the data subjects and shall provide Handball.ai with all necessary assistance and information to fulfill such requests in a timely manner.
7.5. The Customer shall indemnify and hold harmless Handball.ai from any claims, losses, or liabilities arising out of the Customer’s failure to obtain such authorizations or permissions.
-
CONFIDENTIALITY
- Use of Confidential Information. Each Party acknowledges that in the performance of this Agreement, it may have access to or receive Confidential Information from the Disclosing Party. The use of Confidential Information shall be limited solely to the purpose of this Agreement, and any other use requires prior written consent from the Disclosing Party.
- Protection of the Confidential Information. Each Party agrees to take all reasonable steps to ensure the confidentiality of the Disclosing Party’s Confidential Information and not to disclose or distribute it to third parties. Both Parties shall maintain the confidentiality of the Confidential Information of the other Party with the same degree of care as it uses to protect its own similarly important Confidential Information. Furthermore, the Receiving Party shall ensure that all agents or subcontractors who have access to the Disclosing Party’s Confidential Information are bound by written confidentiality obligations consistent with those set forth in this Agreement.
- Disclosure of Confidential Information. However, Confidential Information may be disclosed when required by law or legal process. In such cases, the Receiving Party shall promptly notify the Disclosing Party of the request for Confidential Information, allowing the Disclosing Party to exercise any right it may have to challenge or limit the disclosure of such Confidential Information.
-
AVAILABILITY; TECHNICAL SUPPORT AND MAINTENANCE.
- Availability. Handball.ai will use commercially reasonable efforts to ensure that the Services are available to Customer twenty-four (24) hours a day, seven (7) days a week, except for scheduled maintenance, upgrades, or outages beyond Handball.ai’s control. Handball.ai will provide advance notice of scheduled maintenance whenever possible.
- Technical Support and Maintenance. Handball.ai will provide technical support to Customer, which may include assistance with Platform issues, bug fixes, and general guidance on the use of the Services. Customer may contact Handball.ai’s technical support team through the channels specified in Section 17.1. Handball.ai will respond to technical support inquiries as soon as possible. However, response times may vary depending on the nature and severity of the issue.
- Backup. Handball.ai will regularly perform backups of Customer Data as part of its standard operating procedures. However, Customer acknowledges that Handball.ai cannot guarantee the integrity of backups and therefore, it is the responsibility of Customer to maintain backups of its Customer Data. In the event of loss or corruption of Customer Data, Handball.ai shall use commercially reasonable efforts to restore lost or damaged Customer Data from the last copy maintained by Handball.ai.
- MODIFICATIONS AND SUSPENSION OF THE SERVICE.
- Modification or Suspension. Handball.ai reserves the right to modify or discontinue the Services, or any part thereof, at any time with or without notice. Handball.ai shall not be liable to Customer or any third party for any modification, suspension or discontinuance of the Services. In the event of suspension or discontinuation of the Services, and unless this is due to a legal requirement or imperative, the Customer shall be entitled to a pro rata refund of the portion of the fees paid in advance corresponding to the unused Services, calculated from the effective date of suspension or discontinuation of the Services. If Handball.ai suspends a Service, it shall, as far as possible, notify the Customer in advance and provide the Customer with the relevant information.
- WARRANTIES
- Service Warranty. Handball.ai warrants that the Services will be performed in a professional and workmanlike manner consistent with industry standards.
- Disclaimer. Except for the express warranties set forth herein, Handball.ai makes no other warranties, express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose and non-infringement or non-infringement of any intellectual property rights or equivalents under the laws of any jurisdiction.
- Use of the Services. Handball.ai makes no warranty regarding the results that may be obtained from the use of the Services. Customer acknowledges that the use of the Services is at its own risk and that Handball.ai shall not be responsible for any consequences arising from such use.
- Remedies. In the event of a breach of warranty, Customer’s sole and exclusive remedy shall be the correction of the non-conforming Services by Handball.ai, or if Handball.ai is unable to correct such non-conformity, the refund of any fees paid by Customer for the non-conforming Services.
-
MODIFICATION, DURATION AND TERMINATION OF THE AGREEMENT
- Term. This Agreement shall commence on date the Customer contracts a subscription plan for the provision of the Services and continue in full force and effect until terminated by the Customer or Handball.ai at Handball.ai’s sole discretion.
- Termination by Customer: The Services provided under this Agreement are subject to the contracted subscription plan. The Agreement may be terminated by the Customer at any time through the Platform, such termination to take effect at the end of the current billing period. The Customer shall have access to and may continue using the Services until the end of the billing period. No refunds will be provided for any unused portion of fees paid in advance for the Services.
- Termination for cause. Either Party may terminate this Agreement immediately upon written notice through the Platform to the other Party if the other Party materially breaches any provision of this Agreement and fails to cure such breach within ten (10) days after receiving written notice thereof, provided that such breach is capable of being cured. In the case of a breach with respect to Customer’s payment obligations the cure period shall be five (5) business days.
- Effects of termination. Upon effective termination of the Agreement for any reason: (i) Customer’s access to the Services will cease immediately; (ii) Customer shall remain responsible for any fees or expenses owed to Handball.ai for the Services provided up to the effective date of termination; (iii) Parties shall promptly return or destroy any Confidential Information in its possession or control; (iv) the provisions of this Agreement that by their nature should survive termination, including but not limited to confidentiality, indemnification, and limitation of liability, shall remain in effect.
-
LIMITATION OF LIABILITY
- Exclusion of indirect damages: To the maximum extent permitted by applicable law, handball.ai will not be liable for any indirect or consequential damages (i.e. loss of income, data, profits, revenue or business), whether incurred directly or indirectly, arising out of or in connection with this agreement.
- Limitation of damages: In no event shall the aggregate liability of Handball.ai arising out of or related to this agreement exceed the total amount paid by customer to Handball.ai for the services during the twelve (12) month period immediately preceding the event giving rise to the liability.
- Applicable law disclaimer: The laws of certain jurisdictions may not allow the exclusion or limitation of liability. Accordingly, some of the above limitations may not apply to customer. In such jurisdictions, Handball.ai’s liability shall be limited to the greatest extent permitted by law.
- Force Majeure. Neither Party shall be liable for any failure or delay in the performance of its obligations hereunder (except for payment of amounts due) caused by conditions beyond the reasonable control of the Performing Party, including, without limitation, denial of service attacks, malware and malicious attacks, major telecommunications outages, power outages, strikes, shortages, riots, insurrections, fires, floods, storms, explosions, war, terrorism, labour conditions, earthquakes and any material shortages (each a “Force Majeure Event“). In the event of the occurrence of a Force Majeure Event, the defaulting Party shall be excused from performance of the obligations affected by such Force Majeure Event for so long as such Force Majeure Event continues and shall use commercially reasonable efforts to resume performance.
-
INDEMNIFICATION
- Indemnification by Customer. Customer shall defend, indemnify and hold harmless Handball.ai, its directors and employees, from and against any and all claims, liabilities, damages, losses, costs, expenses, and fees (including reasonable attorneys’ fees), arising out of or related to: (a) Customer’s breach of any representation, warranty, or obligation under this Agreement; (b) Customer’s misuse of the Services or violation of any applicable law, regulation, or third-party rights; (c) any content or materials provided or uploaded by Customer to the Platform, including but not limited to Customer Data; and (d) any dispute or litigation between Customer and any third party.
- Indemnification by Handball.ai. Handball.ai shall defend, indemnify and hold harmless Handball.ai, its directors and employees, from and against any and all claims, liabilities, damages, losses, costs, expenses, and fees (including reasonable attorneys’ fees), arising out of or related to Handball.ai’s breach of any representation, warranty, or obligation under this Agreement.
- Indemnification Procedure. In the event of a claim for which either Party (the “Indemnifying Party”) is obligated to indemnify the other (the “Indemnified Party”) hereunder, the Indemnifying Party shall promptly notify the Indemnified Party in writing of such claim. Both Parties shall cooperate with each other in all reasonable respects in connection with the defence of any third-party claim. The Indemnifying Party shall not settle any claim without the Indemnified Party’s prior written consent, which shall not be unreasonably withheld.
-
MISCELLANEOUS
- Changes to the Terms of Service. Handball.ai reserves the right to modify and update these Terms of Service at its sole discretion during the term of the Agreement. Any changes to the Terms of Service shall be notified to the Customer in writing at least thirty (30) days in advance. The Customer shall have the right to terminate the Agreement as soon as such changes become effective, unless such changes are required by law or do not materially affect Customer’s rights or obligations under this Agreement. In such cases, the Customer shall be entitled to a pro rata refund of the portion of the price paid in advance corresponding to the unused Services, calculated as of the effective date of termination of the Agreement.
- Waiver. In the event that either Party waives a breach of any provision of the Agreement, it shall not be deemed to waive any prior or subsequent breach of the same or any other provision of the Agreement.
- Notices. Notices to the Customer arising out of or in connection with this Agreement shall be in writing and may be placed on the Platform itself or sent to the relevant address (including email) specified by the Customer on the Platform or to the Customer’s registered offices. All notices to Handball.ai and all questions, queries or complaints regarding the Services must be made in writing and sent (a) by email to the account administrator designated by Handball.ai on the Platform or (b) by registered mail to the postal address indicated on Section 1.1. Notices shall be deemed given (a) when delivered personally, (b) upon receipt of confirmation if sent by email, or (c) three (3) days after being deposited in the mail, postage prepaid, if sent by certified or registered mail.
- Severability. In the event that any provision of the Agreement is held to be invalid or unenforceable, the remaining provisions of the Agreement shall remain in full force and effect and shall continue to apply.
- Relationship between the Parties. Nothing in this Agreement shall be construed to create any partnership, joint venture or agency relationship between the Parties. Neither Party shall have the power to bind the other or to incur obligations on behalf of the other without the prior written consent of the other Party.
- Assignment. The Parties may not assign or transfer the Agreement, in whole or in part, without the written consent of the other Party, except in the case of a Change of Control (as defined below). Any attempted assignment or transfer in violation of this clause shall be null and void. “Change of Control” means, with respect to a Party: (a) the direct or indirect acquisition of (i) a majority of the voting rights of such Party or (ii) all or substantially all of the assets of such Party, by another entity in a single or multiple transactions; or (b) the merger of such Party with another entity. Notwithstanding the foregoing restrictions, this Agreement shall inure to the benefit of the successors and permitted assigns of the Parties.
- Entire Agreement. The Agreement, constitute the complete and sole agreement between the Parties relating to their subject matter and supersede all prior agreements or contracts, written or oral, relating to the subject matter of the Agreement.
- Headings. The headings and titles used in the Agreement are for reference purposes only and shall not affect the meaning or interpretation of the Agreement.
-
APPLICABLE LAW AND JURISDICTION.
- This Agreement shall be governed by and construed in accordance with the laws of Estonia.
- In the event of any discrepancy or dispute that may arise in connection to the Agreement, the Parties shall attempt to resolve by mutual agreement any disagreement. If an extrajudicial solution to such discrepancies or disputes is not possible, the Parties expressly submit, renouncing any other jurisdiction, to the Courts and Tribunals of the City of Tallinn, to settle in them any issues that may arise from the interpretation and execution of this Agreement.
-
CONTACT
- For all inquiries, support requests, or communications related to the Services provided under this Agreement, please contact Handball.ai at the following addresses:
- Postal Address: Harju Maakond, Narva mnt 5, 10117 Tallinn, Estonia.
- Contact Form: https://handball.ai/contact-us/
- E-mail: [email protected]
ANNEX I. DATA PROCESSING AGREEMENT
This Data Processing Agreement (the “Data Processing Agreement“) forms part of the main Agreement between Handball.ai and the Customer, as defined in the Terms of Service. For the purposes of this Data Processing Agreement, Handball.ai is hereinafter referred to as the “Data Processor” or the “Processor” and the Customer is hereinafter referred to as the “Data Controller” or the “Controller”.
Unless otherwise specified in this Data Processing Agreement, the terms defined in the Agreement shall have the same meaning in this Data Processing Agreement. In addition, specific terms used in this Data Processing Agreement shall have the same meaning as set out in Regulation (EU) 2016/679 of the Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (the “GDPR“).
In this regard, the processing of personal data by Handball.ai, as Data Processor, shall be governed by the provisions of Article 28 of the GDPR, and by the following:
CLAUSES
- Object.
In order to perform the Services under the Agreement, the Data Processor may have access to personal data under the responsibility of the Data Controller.
The types of personal data covered by this Data Processing Agreement and the characteristics of the data processing to be carried out by the Data Processor on behalf of the Controller are specified in Schedule I.
- Duration.
This Data Processing Agreement is ancillary to the Agreement and shall enter into force at the same time and its duration is linked to the duration of the Agreement.
- Obligations of the Data Controller.
The Data Controller shall be responsible for the following tasks, in addition to fulfilling the obligations assigned to them under this Data Processing Agreement:
- a) Give the Data Processor the necessary instructions to carry out the processing;
- b) Respond, in cooperation with the Processor, to the rights of the data subjects, such as the rights of access, rectification, erasure, objection, restriction of processing, data portability and the right not to be subject to automated individual decisions;
(c) Carry out, where appropriate, an assessment of the impact on the protection of personal data of the processing operations to be carried out by the Processor;
- d) Ensuring, before and during the processing, that the Processor complies with the applicable data protection laws;
- e) Supervise the processing, including carrying out inspections and audits;
- Duty to inform and legal grounds
The Controller warrants that it has complied with the duty to provide necessary information to data subjects, as required by Articles 13 and 14 of the GDPR, where applicable.
Furthermore, the Controller guarantees that data processed as a result of Service provision adheres to GDPR obligations. This encompasses, notably, the necessity of a legal basis to legitimize processing, as outlined in Article 6 of the GDPR.
- Obligations of the Data Controller.
The Data Processor represents and warrants that:
- It will process and use the personal data to which it has access only according to the instructions of the Data Controller, and in accordance with the purposes regulated in the Agreement. Under no circumstances will it use this data for its own purposes.
This Agreement contains the initial instructions of the Data Controller. The Parties agree that the Controller may communicate any changes to its initial instructions to the Processor by written notice to the Processor and that the Processor shall abide by such instructions. If the Processor considers that compliance with a particular instruction from the Controller could lead to a breach of data protection regulations, the Processor shall immediately notify the Controller thereof.
- If applicable, it will keep, in writing, a record of all categories of processing activities carried out on behalf of the Controller, containing all the information provided for in Art. 30 GDPR.
- It will not communicate the personal data to third parties except with the express authorization of the Data Controller, and in the legally admissible cases. The Processor may communicate the personal data to other processors of the same Controller, in accordance with the instructions of the latter. In this case, the Controller shall identify, in advance and in writing, the entity to which the data are to be communicated, the data to be communicated and the security measures to be applied in order to proceed with the communication. If the Processor is to transfer personal data to a third country or to an international organisation, it shall inform the Controller of this legal requirement in advance, unless such law prohibits it for important reasons of public interest.
- It will provide the Controller with the information necessary to evidence compliance with the obligations set out in this Data Processing Agreement.
- It will provide such assistance as may be required by the Controller for audits or inspections, carried out by the Controller or by another auditor authorised by the Controller. Audits shall be limited to once a year, except in justified cases where additional audits may be necessary to ensure compliance with regulatory requirements or address significant concerns raised by the Controller. The Processor shall be notified in advance of any scheduled audit or inspection.
- It will ensure that the persons authorized to process personal data have undertaken, expressly and in writing, to comply with the established security measures and to respect the confidentiality of the data. Compliance with this obligation must be documented by the Data Processor and, at the request of the Data Controller, made available to the Data Controller.
- It shall appoint a Data Protection Officer (“DPO“) or, if the appointment of a DPO is not mandatory under applicable data protection regulations, an individual responsible for data protection matters. The contact details of this individual, if appointed, is included in the Privacy Policy.
- It will reasonably collaborate in the fulfilment of the Data Controller’s obligations, and will offer reasonable support to the Controller, where appropriate and as requested by the Controller, in carrying out (i) impact assessments relating to the personal data to which it has access; (ii) prior consultations with the supervisory authority.
- Destination of the Data.
Upon termination of the provision of the Services, the Processor will delete or return the personal data to which it has had access as instructed by the Data Controller or as technically possible, unless otherwise required by law. The Processor may retain a copy of the data when legally required to do so.
- Notification of data security breaches.
The Data Processor shall promptly notify the Controller, without undue delay, and in any event no later than 24 hours, of any suspected or confirmed data protection incident related to the personal data shared under the Agreement. This includes notifying the Controller of any processing that may be deemed unlawful or unauthorized, any loss, destruction, or damage to data, and any incident considered to be a breach of data security. Such notification shall be accompanied by all relevant information necessary for documenting and communicating the incident to relevant authorities or affected data subjects.
Notification is not required if a breach of security is unlikely to pose a risk to the rights and freedoms of natural persons.
Furthermore, the Processor shall reasonably assist the Controller in fulfilling notification obligations under the GDPR, particularly under Articles 33 and 34, and any other applicable present or future regulation modifying or supplementing such obligations.
- Data subjects rights
The Data Processor shall provide the Controller with reasonable information and/or documentation requested to respond to requests for the exercise of rights that the Controller may receive from data subjects whose data are processed under the Agreement. Such information shall be provided within reasonable periods of time and, in any case, sufficiently in advance to enable the Controller to comply with legally applicable deadlines for responding to the exercise of these rights.
Additionally, when data subjects exercise their rights of access, rectification, erasure, objection, limitation of processing, data portability, and the right not to be subject to automated individual decisions, directly to the Data Processor, the Processor shall promptly notify the Controller. This notification must be made with undue delay to ensure it is addressed within the established legal deadlines, and in no event later than the working day following receipt of the request. The notification shall include any relevant information for its resolution and shall be submitted to the Controller without delay.
- Security
The Data Processor shall implement mechanisms to:
- Ensure the continued confidentiality, integrity, availability and resilience of processing systems and services.
- Restore availability and access to personal data quickly, in the event of a physical or technical incident.
- Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to ensure the security of the processing.
- Pseudonymise and encrypt personal data, where appropriate.
Specifically, the Processor shall implement the measures outlined in Schedule B of this Data Processing Agreement.
However, in the event that the Controller, requires the adoption of different security measures from those agreed upon in this Data Processing Agreement, or if such measures are mandated by any future regulation, and such changes significantly impact the costs associated with providing the Services, the Processor and the Controller shall collaborate to establish suitable contractual measures to address the impact of such changes on the Service pricing.
- Subcontracting
The Controller hereby grants the Processor a general authorization to engage subcontractors, referred to as “Sub-processors“. Schedule C lists already authorised Sub-processors.
For the engagement of additional Sub-processors, the Data Processor must provide written notification to the Data Controller, clearly and unequivocally identifying the Sub-processor, including its identification and contact details. Subcontracting may proceed if the Data Controller does not raise objections within thirty (30) days.
Sub-processors, also designated as data processors, are required to adhere to the obligations outlined in this document and comply with instructions issued by the Data Controller. The Processor is responsible for governing the new relationship, ensuring that the new Sub-processor adheres to the same conditions (instructions, obligations, and security measures) and meets the same formal requirements regarding the proper processing of Personal Data and safeguarding data subjects’ rights.
In the event of non-compliance by the Sub-processors, the Processor remains fully accountable to the Controller for meeting obligations.
- International data transfers
The Processor shall only carry out international transfers of personal data to which it has access and which are the responsibility of the Controller, subject to the necessary safeguards and provided that they are duly regulated in accordance with Articles 45, 46 or 47 of the GDPR.
Schedule A – Data Processing
The processing shall consist of: The provision of the Services in accordance with the Agreement.
Description of Data Processing:
The Data Processor shall process personal data on behalf of the Data Controller for the purpose of providing the contracted services as outlined in the main agreement. This processing shall include, but is not limited to, storage, analysis, and modification of personal data.
Personal Data:
The personal data processed under this Agreement may include:
- Players information (such as name, age, position, jersey number)
- Performance metrics (such as speed, endurance, agility)
- Match statistics (e.g., goals scored, assists, etc.), match footage analysis, referee decisions.
- Video footage or images capturing player performances during matches or training sessions;
- Any other information provided by the Data Controller necessary for analysing and tracking performance.
Data Subjects:
- Players, coaches, and other staff members associated with the sports team.
- Opposing team members and officials captured in video footage or images.
- Any other individuals whose personal data is provided to the Data Processor by the Data Controller for processing in connection with the Agreement.
Schedule B – Security measures implemented by the Processor.
Scope of security measures |
Description of the implementation of the measures by the Processor |
Access Control |
The accesses are kept completely manual, with the purpose of exercising control over who has access to each account and avoid security problems. Likewise, the account administrator can control who has access to the account. |
Data Backup and Recovery |
A daily backup of all the information contained in the database is performed. This backup is stored in our storage providers (see Schedule C). |
Incident Response |
In case of incidents with the platform, the client can contact us by email at [email protected]. |
Employee Training and Awareness |
All the people who are part of Handball.ai or provide their services for it, have the appropriate training in security and data protection. |
Confidentiality agreement |
At Handball.ai we take the confidentiality of information very seriously. Therefore, all those persons and third parties who have access to confidential information, have signed an NDA that they will not be able to use any element or information of the platform for their own benefit.
|
Schedule C – Sub-processors
NAME |
LOCATION |
SERVICE |
Contabo GmbH |
UE |
Storage |
OVH SAS |
UE |
Storage |
|
UE / US |
Storage and Email provider |
Koalendar |
France |
Calendar Management |
MailRelay |
Spain |
Email Marketing |
Stripe |
US |
Payment platform |