Privacy Policy - Europe



Effective Date: December 5, 2024

Introduction

At SportsBox AU Pty Ltd (we, our or SportsBox), we recognize the importance of your privacy and of transparency.

This privacy notice (Privacy Notice) describes how we process your personal data when you interact with our Platform accessible at www.sportsbox.app, admin.sportsbox.app, our iOS and Android Mobile App (the Platform), and the services we provide (together with the provision of the Platform, our Services). We may also have additional privacy notices that apply in specific circumstances.

By using our Services, you expressly acknowledge that we may process your personal data in accordance with this Privacy Notice.

This Privacy Notice is incorporated into and forms an integral part of our terms of use for the Platform (ToU). All capitalized terms not defined in this document have the meaning given to them in the ToU.

Short Version

The following is a summary of (but not a replacement for) this Privacy Notice:

Our role. We, SportsBox AU Pty Ltd, are responsible for the processing, as controller, of your personal data (but only for our own activities and not those of third-party providers) (see section 3);

Data we collect. We collect the information which is provided to us by you. We also collect some information automatically when you interact with the Services (see section 4);

How we use it. We process your personal data in compliance with Australian laws and other data protection laws applicable to us. This means that we will only process your information where we have a legal basis to do so (see sections 5), and only for certain reasons (mainly for providing our Services, operating our Platform, and for the other legitimate purposes indicated in this Privacy Notice) (see section 6);

Control and Access. Your personal data is stored in Australia and/or the Asia-Pacific region. We do not share it with third parties or transfer it abroad unless this is both necessary for the operation of our Services and permitted by applicable laws. This may for instance be the case when we use service providers or must interact with third parties to conduct our professional activities, and in particular with the organizations that host the sports facilities and with our partners that supply the equipment available for rental at the facilities. (see sections 7 and 8);

Retention. We do not store your personal data for longer than necessary for us to fulfill the purposes set out in this Privacy Notice (see section 9);

Security. We apply security measures and strive to protect your personal data. However, no IT infrastructure is completely secure, and we cannot guarantee that ours is (see section 10);

Your rights. You may contact us at support@sportsbox.app to exercise your rights pertaining to your personal data (see sections 12 and 13)

Who is Responsible for the Processing of Your Personal Data

SportsBox AU Pty Ltd, LEVEL 1 268-270 ROSSLYN STREET, WEST MELBOURNE, Australia, is responsible for the processing, as controller, of your personal data. You will find our contact details below in section 13.

However, some of the processing activities set out in this Privacy Notice are undertaken by our group entities, which will then act as data controller. The exact split differs between group entities and over time. We can confirm which processing activities are undertaken by which entity, on request.

This Privacy Notice only applies to data processing undertaken by or on behalf of us. Whilst we may provide links to third party websites, contents, or services, we are not responsible for their policies in relation to personal data. In such circumstances, the collection and use of your personal data are governed by the privacy policy of those third-party providers, which you should carefully review to learn more about their personal data processing practices.

How We Collect Your Personal Data

We collect personal data directly from you when you:

  • Create an account on our Platform

  • Use our Services to book or rent sports equipment

  • Contact us for support or inquiries

  • Subscribe to our newsletter or marketing communications

  • Provide feedback or reviews

  • Make payments for our Services

We also collect personal data automatically through your use of our Platform, including:

  • Technical data about your device and internet connection

  • Usage data about how you interact with our Services

  • Location data when you use our mobile application

It is only mandatory that you complete the data fields identified as such. If one or more mandatory data fields are not completed, we will not be able to provide access to our Services. You are not required to complete the optional data fields in order to access our Services. These fields may be completed at any time through your account settings.

You may define certain authorizations relating to the automatic collection of your personal data when you configure your device or your internet browser according to available functionalities.

How We Use Your Data

We process your personal data in compliance with applicable law, in particular Australian data protection laws and, to the extent they apply to us, other data protection legislations, such as the EU General Data Protection Regulation (GDPR) or its equivalent in the United Kingdom, manually or automatically using computer tools.

This means that we will only process your information for certain reasons (see Section 7) where we have a legal basis to do so.

Additional Information on the "legal basis"

Here is what each of these legal bases is:

Contractual Necessity: the processing is necessary to fulfil our contractual obligations to you or to take pre-contractual steps at your request. This is particularly the case when processing your personal data is strictly required to provide you with the Services. When the GDPR applies, Contractual Necessity is based on Article 6(1)(b) GDPR.

Legitimate Interest: the processing is necessary for the fulfilment of our legitimate interests, and only to the extent that your interests or fundamental rights and freedoms do not require us to refrain from processing. When the GDPR applies, Legitimate Interest is based on Article 6(1)(f) GDPR.

Consent: we have obtained your prior consent in a clear and unambiguous manner. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal. When the GDPR applies, Consent is based on Article 6(1)(a) GDPR.

Legal Obligation: the processing is necessary to comply with our legal or regulatory obligations. When the GDPR applies, Legal Obligation is based on Article 6(1)(c) GDPR.

What about sensitive data?

In addition, we will only process your Sensitive Data if we have obtained your explicit consent for one or more specified purposes, or if we can rely on another lawful justification in accordance with applicable data protection laws.

Additional Information on profiling and automated decisions

We may process your personal data to create a profile about you and provide you with more relevant information and services (profiling), for instance to show you more relevant information based on prior interactions with our Services.

We, however, do not make decisions exclusively on the basis of an automated processing which have legal effects on the data subjects or affect them significantly (automated individual decision).

You may have the right to object to such activities, in accordance with applicable data protection laws (see section 12 below for additional information on your rights).

Why We Use Your Data

We process your personal data for the following reasons:

To provide our Services and operate the Platform.

We mainly process your personal data to provide the Platform and the Services, including for creating and maintaining your user account, processing your bookings and payments, and providing you with the requested information and Services.

Legal basis: Contractual Necessity, Legitimate Interests

For our legitimate business interests related to the provision of the Services

We may also process your personal data for our legitimate business operations related to providing our Services, which include:

  • Ensuring that our Services are provided in an efficient and secure way (e.g. through internal analysis of the Services' stability and security, updates and troubleshooting)

  • Protecting the security of our IT systems, architecture and networks

  • Benefiting from cost-effective services (e.g. we may opt to use certain services offered by suppliers rather than undertaking the activity ourselves)

  • Improving and developing the Services (including monitoring the use of our Services, and for statistical purposes)

  • Achieving our corporate goals

Legal basis: Legitimate Interest

To send you our newsletter and other advertising information.

If you subscribe to our newsletter, we will use your contact details (name and email address) to provide you with our newsletter. You may unsubscribe from the newsletter service at any time, in which case your contact details will be deleted.

Legal basis: Consent

We also process the time of registration and your opt-in confirmation to demonstrate compliance. We also analyze your use of our newsletter, e.g. whether you have opened it or clicked on certain links, and process this data to optimize and improve our newsletter.

Independently from your subscription to our newsletter, we may contact you by email to inform you about our activities if you have previously subscribed for the use of our Services, if you have not objected to the corresponding use of your email address. You can object to the use of your email address for this purpose at any time by contacting us (see contact detail in section 13).

Legal basis: Legitimate Interest

To comply with legal obligations

We may further process your personal data if we have a legal obligation to do so or for other legitimate interests. This will for instance be the case if we need to disclose certain information to public authorities or retain such information for tax or accounting purposes, or for the establishment, exercise or defense of legal claims.

The personal data that we process for this purpose are those that we collected for one of the purposes indicated elsewhere in this section 6. We retain the personal data for the duration of the legal obligation imposed on us.

The Circumstances in Which We Share Your Personal Data with Third Parties

We will only share your personal data with third parties if this is necessary for the operation of our Services, if there is a legal obligation or permission to do so, or if there is another valid reason to do so.

Additional Information

Our service providers. We may share your personal data with third parties in connection with the operation of the Services and with subcontractors such as IT service providers, cloud service providers, database providers, automated marketing solutions providers and consultants, including Amazon Web Services (cloud/storage provider), Google Analytics (data analytics tool).

Our partners. We may share your personal data with the sports facilities that host our equipment and with our partners that supply the equipment available for rental at the facilities if this is necessary for the proper management of our services.

Legal obligation. We may also disclose your personal data where we have a legitimate interest in doing so, for example:

  • To respond to a request from a judicial authority or in accordance with a legal obligation

  • To bring or defend against a claim or lawsuit

  • In the context of restructuring, in particular if we transfer our assets to another company

International Transfers

We store your personal data on servers located in Australia and/or the Asia-Pacific region. We may also store a copy of your personal data near to the geographic location where you are in order to provide you with a better service.

In principle, we do not transfer your personal data to other countries or make it available there. However, in certain circumstances, in particular in connection with the operations of our subcontractors, your personal data may be made available to recipients located abroad (e.g. Amazon Web Services, Google). In such cases, we will ensure that suitable safeguards are in place, in accordance with applicable data protection laws.

If you transmit information and data to us, you are expressly deemed to consent to such data transfers.

You may request additional information in this regard and obtain a copy of the relevant safeguards upon request by sending a request to the contact address indicated in section 13 below.

How Long We Store Your Personal Data

Your personal data will not be stored longer than necessary. We will erase or anonymize your personal data as soon as it is no longer necessary for us to fulfil the purposes set out in section 6 of this Privacy Notice. This period varies, depending on the type of data concerned and the applicable legal requirements. More information on each type of processing can be found in section 6 above.

Your account information is retained for as long as your account is active. If you delete your user account, your account information will be deleted or anonymized within 30 days after such event, unless data must be retained for a valid reason (such as evidentiary or tax purposes).

In view of the legal obligations incumbent upon us, certain information relating in particular to the contractual relationship must be retained for at least 7 years in accordance with Australian law.

Security

We are committed to the security of your personal data, and have in place physical, administrative and technical measures designed to keep secure your personal data and to prevent unauthorized access to it. We use two-factor authentication whenever possible. We restrict access to your personal data to those persons who need to know it for the purpose described in this Privacy Notice.

Although we take appropriate steps to protect your personal data, no IT infrastructure is completely secure. Therefore, we cannot guarantee that data you provide to us is safe and protected from all unauthorized third-party access and theft. We waive any liability in this respect.

The internet is a global environment. As a result, by sending information to us electronically, such data may be transferred internationally over the internet depending upon your location. Internet is not a secure environment and this Privacy Notice applies to our use of your personal data once it is under our control only. Given the inherent nature of the internet, all internet transmissions are done at your own risk.

If we have reasonable reasons to believe that your personal data have been acquired by an unauthorized person, and applicable law requires notification, we will promptly notify you of the breach by email (if we have it) and/or by any other channel of communication (including by posting a notice on the Platform).

How We Use Cookies or Other Analytical Tools

Cookies are small files of letters and numbers downloaded on to your computer when you access certain websites. In general, cookies allow a website to recognize a user's computer. They may be used to monitor and analyze how users interact with a website or other service, to improve it and its functionalities, and/or customize it depending on users' interactions. For more information on cookies, please visit the website http://www.allaboutcookies.org.

We do not use cookies in relation to the Platform.

Your Rights With Regard to the Processing of Your Personal Data

You have the right to access your personal data we process and may request that they be removed, updated, or rectified.

Unless otherwise provided by law, you have the right to know whether we are processing your personal data. You may contact us to know the content of such personal data, to verify its accuracy, and to the extent permitted by law, to request that it be supplemented, updated, rectified or erased. You also have the right to ask us to cease any specific processing of personal data that may have been obtained or processed in breach of applicable law, and you have the right to object to any processing of personal data for legitimate reasons.

By accessing your user account (if you have one), you can review, update, correct or delete the personal data available within your user account.

If you request us to delete your personal data from our systems, we will do so unless we need to retain your data for legal or other legitimate reasons. Please note that any information that we have copied may remain in back-up storage for some period of time after your deletion request.

Where we rely on your consent to process your personal data, we will seek your freely given and specific consent by providing you with informed and unambiguous indications relating to your personal data. You may revoke at any time such consent (without such withdrawal affecting the lawfulness of processing made prior to).

The above does not restrict any other rights you might have pursuant to applicable data protection legislation under certain circumstances.

Additional Information

In particular, if the GDPR applies to the processing of your personal data you have the following rights under the GDPR if the respective requirements are met:

  • Right of access (Art. 15 GDPR) – you have the right to access and ask us for copies of your personal data.

  • Right to rectification (Art. 16 GDPR) – you have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

  • Right to erasure (Art. 17 GDPR) – you have the right to ask us to erase your personal data in certain circumstances.

  • Right to restriction of processing (Art. 18 GDPR) – you have the right to ask us to restrict the processing of your personal data in certain circumstances.

  • Right to data portability (Art. 20 GDPR) – you have the right to ask that we transfer in a structured, commonly used and machine-readable format the personal data you gave us to another organization, or to you, in certain circumstances.

  • Right to object to processing (Art. 21 GDPR) – you have the right to object to the processing of your personal data which is based on our legitimate interests, in certain circumstances. In such case, we will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or where the processing is necessary for the establishment, exercise or defense of legal claims.

As a rule, you are not required to pay any charge for exercising your rights and we will respond to your request within one month.

You have the right to lodge a complaint with the competent authority.

If you are not satisfied with the way in which we process your personal data, you may lodge a complaint with the Australian Information Commissioner or the competent data protection supervisory authority in your jurisdiction, in addition to the rights described above.

Although this is not required, we recommend that you contact us first, as we might be able to respond to your request directly.

Contact Us

If you believe your personal data has been used in a way that is not consistent with this Privacy Notice, or if you have any questions or comments regarding the collection or processing of your personal data, please contact us at support@sportsbox.app.

You can also reach us at:

SportsBox AU Pty Ltd
LEVEL 1 268-270 ROSSLYN STREET
WEST MELBOURNE, Australia
Email: support@sportsbox.app

Updates to this Privacy Notice

This Privacy Notice may be subject to amendments. Any changes or additions to the processing of personal data as described in this Privacy Notice affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you (including by email and/or via the Platform, e.g. banners, pop-ups or other notification mechanisms). If you do not agree to the changes made, you must stop accessing and/or using the impacted Services.

Last updated: December 5, 2024