Catapult Group Privacy Policy

Introduction – Who Are We?

Catapult Group International Ltd together with its related bodies corporate (as that term is defined in the Australian Corporations Act 2001 (Cth)) (“we,” “us,” or “our”) respects your privacy and is committed to complying with the privacy principles contained in the applicable privacy laws and regulations for the places where we do business.  

This policy sets out the manner in which we collect, hold, process, use and disclose your personal and sensitive information.

What does “personal information” and “sensitive information” mean?

Personal information is any information about you that identifies you or by which your identity may be reasonably determined. Information about your health is categorised, as sensitive information.

What type of information do we collect or process and what is our basis for collecting or processing that information?

The type of information we collect or process from or about you will depend on how you or your organization interacts with us. Generally, we collect or process the following types of information, along with the corresponding basis for collection:

a) for our Catapult workers, internal contractors, and potential candidates to work for us we collect personal details including name, contact details and information provided to us and collected by us that is relevant and necessary for our engagement with those people and in order to fulfil our obligations.  

b) for athletes who use our Playertek Product (“Playertek”), we collect your account details, payment instructions where relevant, and sports performance data during times when the device is activated including field location, speed and distance covered. Our ability to collect, process, and use this information for the reasons stated in this document is a key part of the functionality of the Playertek product, without it the Playertek product cannot be considered fully functional.  In addition, we will be obtaining your specific consent to use the information in this manner.

c) for athletes whose information is processed in our OpenField and GPsports product, we only collect information from individual athletes as our customers allow it, and those customers determine what information we process from their athletes.  Generally, this information about you is related to your training and gameday performance data including field location, speed, acceleration, distance covered, heart rate and player load.  The information is controlled by our customers/clubs, collected by them through the use of our products, and is processed and used by us as you see below. We use and process the information in this fashion as it is necessary to perform our part of our contracts with our customers/clubs.  In addition, where our customers/clubs have obtained athlete consent for our use and processing of the information in this fashion, that consent also becomes part of our basis for our use and processing of this information.

d) For our Athlete Management System (“AMS”), we only collect information as you and our customers allow it or as you allow through your consent, and those customers determine what information we process from their athletes.  Generally, this information about you is related to your sports performance, health data, wellness data and club related activity information. The information is controlled by our customers/clubs, collected by them through the use of our products, and is processed and used by us as you see below.   We use and process the information in this fashion as it is necessary to perform our part of our contracts with our customers/clubs. In addition, we will be obtaining your specific consent to use the information in this manner.

e) For our customers and their internal (non-athlete) representatives and personnel, we only collect the following information: name and contact details and information related to our professional work with you.   Our legal basis for collection, use, and processing of this information is that we collect, use, and process the information types listed above to perform our legitimate business of maintaining necessary employee, contractor, and applicant information for the operations of our company.  

f)  For our suppliers, consultants and contractors we only collect the following information: name and contact details, account and payments arrangements and information related to and reasonably required for our professional work with you. Our legal basis for collection, use, and processing of this information is that we collect, use, and process the information listed above to perform our legitimate business of maintaining necessary employee, contractor, and applicant information for the operations of our company.

Further details are set out in our Data Processing Addendum HERE (revised 1st May 2018)

How do we collect your personal information?

When you directly use our products or services, you, or someone on your behalf can enter information

about yourself into Catapult software (Playertek, AMS).

When our customers use our OpenField and GPsports products, certain information about you is processed in our software.  

We will always try to collect your personal information directly from you where possible.


Regardless of how your personal information is collected – whether it is directly from you, from your interactions with us or from third parties – we will deal with your personal information in accordance with this policy.

How do we use your information?

Generally, we use your information  for:

Providing and Maintaining the Services That Relate to this Product (Services):

Using the information we collect, we are able to deliver the Services to you and honour our contract with you (in the case of PlayerTek) and our contracts with our customers (in the case of OpenField and AMS).

Examples: For Playertek, we need to use your information to enable you to track your training and gameday activity and to give you customer support and for performance reporting within the Playertek community.

For GPsports and OpenField, we use the information for fulfilling our contractual terms as product and service providers to your club or team, for product development and enhancement and we may use player data for commercial applications and enhancement of other Catapult product data feeds where that use is consistent with our contractual terms.   

For AMS we use the information for fulfilling our contractual terms as product and service providers to your club or team and for product development and enhancement.

Improve and Develop the Services

We use the information we collect to improve the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys; and develop new features and Services.

Communicate with You

We use your information when needed to send you notifications and respond to you when you contact us.  With respect to Playertek, we also use your information to promote new features or products that we think you would be interested in. You can control marketing communications and most Service notifications by using your notification preferences in account settings or via the “Unsubscribe” link in an email.  We use your information to provide customer service or assistance to you or (in the case of OpenField, GPSports and AMS) with our customers about their instances of our products and Services.

Promote Safety and Security

We use the information we collect to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to authenticate users, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.

Internal Business Purposes

We use the information that we collect from our workers, internal contractors, potential candidates, customers and their internal (non-athlete) representatives and personnel, suppliers, consultants, and contractors for our internal business purposes, including (as applicable) to better operate our business and to communicate with customers and prospects.

Will we disclose your personal information to others?

In the case of Playertek, performance data of players in the Playertek community is shared through features in the app which enable comparisons and rankings of player performance.

For GPSports and OpenField, we may disclose the information for fulfilling our contractual terms as product and service providers to your club or team, for product development and enhancement and we may share player data for commercial applications and enhancement of other Catapult product data feeds where that use is consistent with our contractual terms.

In the case of athlete information in AMS we limit disclosures of your information to others within our company with a need to know in order to carry out the utility of our products and Services.    

In the instances of other individuals (such as employees, customer employees, suppliers, etc.) we do not send your information outside of our company for any reason which is not necessary to further run the operations of the company.  We limit these disclosures to those we believe absolutely necessary and limit the scope of such disclosures where feasible.

Sometimes we’ll need to disclose your personal information to other people or entities that we collaborate with to provide our products or services (third parties) for the purposes set out in this policy.

We will do our best to ensure that we do not disclose your personal information to a third party if you have not approved it. Your consent to the disclosure of your personal information may be given expressly, or it may be implied from your interaction with us.

In addition to the reasons above, we will need to disclose your personal information where the law requires us to.

Will we disclose your personal information to people or entities outside of your region?

If your data is processed within our OpenField, AMS and GPSports products, we will not transfer your personal information to any person or organisation outside your region, without your permission. Your information will only be accessible to persons outside your Region as follows:

For our PlayerTek, GPSports, OpenField, and AMS products and Services, we may disclose personal information outside your region for the purposes of customer service and product support and consistent with agreement terms in place, for example Playertek data may be disclosed in different regions as part of the performance reporting within the Playertek community.

For our Catapult workers, internal contractors, and potential candidates, we will generally disclose personal information outside your region for the purposes of personnel evaluation and general business operations.

For our customers and their internal (non-athlete) representatives and personnel, we only allow access of your information outside of your region for reasonable and permitted purposes related to our work with you.

For our suppliers, consultants and contractors we only allow access of your information or transferal of your information outside of your region for reasonable and permitted purposes related to our work with you.

If we do allow access to or transferal of your information to persons outside your region we will take steps designed to ensure that such persons handle your personal information with the same level of protection as set out in this privacy policy and in a manner compliant with applicable laws and regulation.

How do we keep your personal information secure?

We will take all reasonable precautions designed to safeguard personal information that is processed or used by us from loss, misuse, unauthorised access, modification or disclosure.

To ensure that your personal information is secure, we employ several means, including:

We contract reputable data storage service providers in locations that meet with relevant regulatory requirements. Within our organisation we apply our Information Security Policy which includes a range of measures including:  

  • external and internal premises security;
  • the requirement for all employees to enter into a confidentiality agreement;
  • computer firewall protection;
  • restricted access to personal files and information;
  • computer maintenance to prevent unauthorised access;
  • document handling and shredding procedures with respect to personal information;
  • limiting access to your personal information.

What are your rights?

Accessing and Exporting Information. In the case of PlayerTek, By logging into your account, you (or your team manager) can access your personal information.

For all other individuals:  you may access the personal information used, collected or processed by us by contacting privacy@catapultsports.com  

Editing and Deleting Information.  In the case of PlayerTek, your settings let you change and delete your personal information.

For all other individuals:  you may request the editing or deletion of your information by contact us by email at privacy@catapultsports.com

We may also preserve information for legal reasons or to prevent harm.

If you consider use of your information by us is inappropriate you may object to that Information use by emailing us at privacy@catapultsports.com

Further Rights:

  1. If you live in a Designated Country (European Economic Area, United Kingdom, and Switzerland), in certain circumstances, you can object to our processing of your information based on our legitimate interests, including as described in this policy.
  2. You have a general right to object to the use of your information for direct marketing purposes.
  3. Restricting or Limiting Information Use. In addition to the various controls that we offer, if you reside in a Designated Country, you can seek to restrict our processing of your information in certain circumstances. Please note that you can always delete your account at any time.

To exercise your rights under 1-3 above, please contact us by email at privacy@catapultsports.com

If you need further assistance regarding your rights, please contact our Data Protection Officer at privacy@catapultsports.com, and we will consider your request in accordance with applicable laws.

Direct marketing

We may use your personal information, such as your address or contact details, to provide you with information about services that we offer.

If at any time you do not wish to receive any information about these services please feel free to contact us and we will not send you any further material.

We will not transfer or allow access to your personal information to any other entity or person for the purposes of allowing them to market their products or services to you.

Our Policies for Children

We appreciate the importance of taking additional measures to protect children’s privacy.

Persons under the age of 16, or any higher applicable minimum age in the jurisdiction where that person resides, are not permitted to create accounts unless their parent or guardian has consented in accordance with applicable law. If we learn that we have collected the personal information of a child under the relevant minimum age without parental or guardian consent, we will take steps to secure parent or guardian consent or delete the information as soon as possible. Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at privacy@catapultsports.com.

For How Long Do We Store Your Information?

We store information for the duration and in accordance with any applicable contractual term and retain or delete that data as we are required to do under applicable privacy rules.

We may retain de-identified data for research and product and service development.

 

Changes to this privacy policy

We monitor regulations, policies and procedures to ensure that we are up to date with changes in the law and market practices. As a result, we will change this privacy policy from time to time.

How do you access the personal information we store?

Should you wish to access your personal information, contact us by emailing us at privacy@catapultsports.com.

We will respond to all requests as quickly as is reasonably possible (and within any timelines imposed by applicable laws and regulations).  

Complaints about breaches of privacy

If you believe that we have wrongfully disclosed your personal information or have breached this privacy policy, then you may lodge a complaint with us by writing to:

Data Protection Officer

Catapult Group International Ltd

75 High Street
Prahran Vic 3181
Australia

Or by email:
privacy@catapultsports.com

If you are not satisfied with the response you receive from us, you can contact the Federal Privacy Commissioner by phoning 1300 363 992 or writing to:

Director of Complaints
Office of the Federal Privacy Commissioner
GPO Box 5218
Sydney NSW 2001

We will respond to you within 30 days of receiving your complaint outlining: what we have or will do in response to your complaint, or explain why we believe there is no breach of our policy or the law.

Last reviewed 1 May 2018.

ANNEXURE 1: APPLIES TO USERS OF AMS IN THE UNITED STATES OF AMERICA

In the course of performing our contractual obligations and our various corporate functions and activities, Catapult collects some health information from athletes via the AMS. US legislation, Health Insurance Portability and Accountability Act (1996) (‘HIPAA’) introduce a number of rules that businesses must comply with in relation to the collection of protected health information. To the extent that Catapult collects public health information (PHI) of athletes in the USA, it will be mindful of the following requirements of HIPAA (US Activities).

In relation to the collection of PHI through our US Activities, we will be mindful of the principles articulated in the body of this documents. We have processes in place to ensure HIPAA compliance including:

        1. We have safeguards to protect the privacy of health information and set limits on the use and disclosure of this information.
        2. We provide individuals with the ability to access information about their health and request corrections where appropriate.  
        3. We ensure that appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. 
        4. We have appropriate technical and non-technical safeguards to secure electronic PHI.
        5. In the event of a breach of PHI, unless a risk assessment demonstrates that the there is a low probability that the health information has been compromised, we will notify the individual whose information is involved (as soon as possible and within 60 days).  
        6. We have appointed a privacy officer and an incident response team.
        7. Our employees are adequately trained about the use and disclosure of PHI and how to safeguard it appropriately.