World Aquatics Events App Privacy Policy

Last Updated: 22.01.2024

This Privacy Policy describes how Sportity OÜ (“we,” “us,” or “our”) collects, uses, and shares information when you use our mobile application World Aquatics Events Insider App (the “App”). Using the App, you agree to collect and use your information as described in this Privacy Policy.

1. Information We Collect

1.1 Transmission or Connection Data
When you use the App, we may collect your IP address, a unique user identifier (UID), and, when required or provided voluntarily, your email address. The IP address is gathered for essential web server functionality, helping us understand your general location and diagnosing technical issues. The UID allows us to identify your device to deliver the requested content and improve the App’s functionality. The email address is collected only when necessary, such as creating an account or subscribing to a personalised feed in the Channel.

1.2 Usage Data

We may automatically collect certain information about your App usage, including but not limited to your device type, operating system, unique device identifiers, mobile network information, and browsing activity. This information helps us improve the App’s features, analyse trends, and administer the App.

2. Use of Information
2.1 Provide and Improve the App
We may use the information collected to provide and maintain the App, improve its features and functionality, and personalise your user experience. This includes delivering content, processing your requests, and optimising the App based on usage patterns.
2.2 Communication
We may use your IP address, UID, and email address to communicate with you, respond to your inquiries, provide updates, alerts, and notifications related to the App, and, when permitted, send you marketing communications. These communications are essential for the proper functioning of the App and cannot be opted out.
2.3 Legal Compliance
We may use and disclose your information as required by applicable laws, regulations, or legal processes or to protect our rights, property, or safety, or the rights, property, or safety of others.

3. Data Sharing and Disclosure
3.1 Third-Party Service Providers
We may engage third-party service providers to perform various functions necessary to operate the App and fulfil our obligations. These service providers will have access to your information solely to fulfil services on our behalf and are obligated not to disclose or use it for any other purpose.
3.2 Aggregated or Anonymized Data
We may aggregate or anonymise your information to create statistical or analytical insights. These insights will not identify you personally and may be shared with third parties for various purposes, including but not limited to research and improving our services.
3.3 the World Aquatics
We allow the App owner (The World Aquatics) to publish general or targeted information to the app users. The World Aquatics (WA) can access personalised user records through a nickname (generated by the WA) or email in personalised data publications. The consent for such processing is being collected by the WA or the Event Organizing Committee on behalf of the WA.

4. Data Security
4.1 Data Encryption
We use encryption techniques to protect your information at rest and during transit. This ensures that sensitive data is securely stored and transmitted.
4.2 Infrastructure Compliance
Our infrastructure is configured in compliance with industry-standard frameworks such as CIS (Center for Internet Security) and STIG (Security Technical Implementation Guide). This ensures that our systems adhere to recognised security best practices.
4.3 OWASP Compliance
Our web applications are developed with OWASP (Open Web Application Security Project) guidelines in mind. By following OWASP’s best practices, we strive to build secure and resilient web applications.
4.4 Partner Compliance
Our partners comply with relative ISO (International Organization for Standardization) and NIST (National Institute of Standards and Technology). They adhere to stringent security standards and protocols to protect your information when performing services on our behalf.

5. Data Retention
We will retain your information for as long as necessary to fulfil the purposes outlined in this Privacy Policy unless a more extended retention period is required or permitted by law. When your information is no longer needed, we will securely delete or anonymise it.

6. Your Rights
6.1 Right to Access
You have the right to request access to the personal information we hold about you. Upon receiving such a request, we will provide you with a copy of the information within a reasonable timeframe, free of charge, unless the request is excessive or unfounded.
6.2 Right to Rectification
If you believe that the personal information we hold about you is inaccurate, incomplete, or outdated, you can request its rectification or correction. We will promptly review and update the information to ensure its accuracy.
6.3 Right to Erasure (Right to be Forgotten)
In certain circumstances, you have the right to request the erasure of your personal information. This includes situations where the information is no longer necessary for the purposes for which it was collected, you withdraw your consent, or the processing is based on legitimate interests. There are no overriding legitimate grounds for its retention.
6.4 Right to Restriction of Processing
You have the right to request the restriction of processing of your personal information in specific circumstances. This may include situations where you contest the accuracy of the data, the processing is unlawful, or you require the data for legal claims.
6.5 Right to Data Portability
Subject to certain conditions, you can receive the personal information we hold about you in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another data controller without hindrance from us.
6.6 Right to Object
You have the right to object to processing your personal information when it is based on legitimate interests or for direct marketing purposes. We will carefully consider your objection and cease processing your information unless we have compelling legitimate grounds or if the processing is necessary to establish, exercise, or defend legal claims.
6.7 Right to Withdraw Consent
If we rely on your consent as the legal basis for processing your personal information, you can withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal.
6.8 Right to Lodge a Complaint
You can complain to the relevant supervisory authority if you believe we have infringed upon your privacy rights or violated applicable data protection laws.
To exercise your rights or have any questions or concerns regarding processing your personal information, please get in touch with us using the contact information provided at the end of this document.

7. International Data Transfers
We may transfer your information to countries other than where you reside. This includes countries that may not have data protection laws equivalent to those in your country. In such cases, we will ensure that adequate safeguards are in place to protect your information as described in this Privacy Policy.

8. Children’s Privacy
The App is not intended for use by individuals under the age of 18. We do not knowingly collect or solicit personal information from individuals under 18. If you know that a child has provided us with personal information, please get in touch with us immediately, and we will take appropriate steps to remove such information.

9. Changes to this Privacy Policy
We may update this Privacy Policy from time to time in response to changes in the law, technological advancements or to accommodate changes in our business practices. We encourage you to review this Privacy Policy periodically to stay informed about our practices.

10. Contact Information
If you have any questions regarding this privacy policy, please get in touch with us using the information below.


Service Provider:
Sportity OÜ (LLC.)
EE Reg. Code: 12775930
EE VAT ID: EE102177336
Kalda tn 38
76911 Tabasalu, Harjumaa
Estonia
[email protected]
www.sportity.com


Data Protection Officer (DPO)
Mr. Margus Hernits
[email protected]



Supervising Authority:
Republic of Estonia
Data Protection Inspectorate
39 Tatari St.
10134 Tallinn
Estonia
[email protected]
www.aki.ee



World Aquatics
Chemin de Bellevue 24a/24b
1005 Lausanne
Switzerland
[email protected]
www.worldaquatics.com