Last updated: October 15, 2023
This privacy policy is effective from August 20, 2023
As a company, we are committed to protecting your privacy as our Customer and user (hereinafter referred to as “User”, “Client”, “You”, or “Your”) and we take our responsibility regarding the security of your Personal Data (defined below) very seriously. We will be clear and transparent about the Personal Data we are collecting and what we with that Personal Data.
This Privacy Policy describes the types of Personal Data we collect and process from individuals - subjects of Personal Data on the website https://www.Sportmaster.mt, on the Sportmaster™ mobile application, social media pages, all of which are part of the Sportmaster™ program provided by Boban Efremovski.
1. General Information about the Personal Data Controller
Boban Efremovski, residing at Salina Flats FL 4, Triq Il Qawra, San Pawl Il Bahar, sole trader with VAT Registration number 3020-5724, trading under the name,
Sportmaster, is the “Personal Data Controller,” i.e., the company responsible for all Personal Data that is collected and used through the website www.sportmaster.mt, and the Sportmaster™ mobile application for the putposes of data privacy laws, principles and regulations which may apply to you.
Sportmaster processes Personal Data obtained from natural persons. To be a trustworthy controller of Personal Data, we pay special attention to the protection of Personal Data in every segment of business processes through the implementation of international and national standards for Personal Data protection.
Sportmaster is committed to ensuring the protection of Your Personal Data in accordance with the guidelines and standards of the relevant European regulatory framework for Personal Data protection 2016/679 (“GDPR”) and the Data Protection Act, Chapter 586 of the Laws of Malta (“Act”), and any other relevant data protection legislation.
Headquarters of the Controller: Triq Il Qawra, San Pawl Il Bahar, Malta
You can contact our office for matters related to Personal Data protection at the email address:
[email protected], or at the phone number: +356 7776 9616.
2. Principles relating to processing of Personal Data
The employees and engaged persons who process Personal Data in Sportmaster are obliged to respect the principles of Personal Data protection, namely:
Lawful, fair, and transparent processing of Personal Data
Personal Data is collected and processed exclusively for purposes defined in relevant laws, for the use of services provided by Sportmaster to its clients and for billing of rendered services, based on consent obtained for processing Personal Data from the user for purposes stated in the same (e.g., Direct Marketing) as well as when there is a legitimate interest.
Limitation on the purpose of processing Personal Data
Sportmaster processes Personal Data only for purposes that are necessary to fulfill legal obligations, fulfill rights and obligations from the concluded contract, collect its claims, and process for purposes for which the user has given prior consent. If Sportmaster has a legitimate interest in processing Personal Data for other purposes, such processing will be subject to analysis and assessment of the impact of such processing on the privacy of users.
Limitation on the scope of Personal Data
The processing of Personal Data is limited only to those data that are necessary to fulfill the purpose of processing. If there is a need to process additional data, Sportmaster will inform the user as the subject of Personal Data about the submission of additional data and where necessary, will request their consent for such additional processing.
Accuracy of Personal Data
Providing true, accurate, and complete data, as well as timely notification of changes to Personal Data, is a legal and contractual obligation of users and is a necessary condition for establishing a subscriber relationship as well as for fulfilling the rights and obligations arising from the subscriber contract. Sportmaster has a legal obligation to keep accurate records of its users and for this purpose implements reasonable measures to confirm accuracy, correct and/or delete inaccurate or incomplete Personal Data. In addition to the measures taken by Sportmaster each user has the right to request correction, modification, or deletion of their Personal Data in an easy and simple manner as established in point 7 of this Policy.
Limitation on the duration of processing Personal Data
Personal Data obtained from users during registration on the electronic portal www.sportmaster.mt by a certain person (individual user) Sportmaster keeps in accordance with the deadlines defined in relevant law, and after the expiration of these deadlines or after fulfilling the purpose of processing, Personal Data is deleted from the record system.
Integrity and confidentiality of Personal Data
Sportmaster takes appropriate technical and organizational measures to protect Personal Data from unauthorized access, illegal disclosure, alteration, or destruction of data. Access to Personal Data is limited to persons who are authorized to process Personal Data according to the description of their job tasks.
Accountability
Sportmaster according to the principle of accountability established in the General Data Protection Regulation 2016/679 (“GDPR”) and the Data Protection Act, Chapter 586 of the Laws of Malta (“Act”), maintains records and evidence that all necessary measures are taken to implement the above principles in practice, i.e., that it meets the legal requirements for the protection of Personal Data.
3. Categories of Personal Data subject to processing
Sportmaster may ask for and collect, store, and process your Personal Data (either through direct use of the website, or when you contact us in any way, in order to provide you with the services and products that you choose to use. We may also collect your data from you automatically when you visit our website – for more information, please read the section “Cookie Policy” at the following link: ……
"Personal Data" has the meaning defined by legal regulation, the General Data Protection Regulation 2016/679 (“GDPR”) and the Data Protection Act, Chapter 586 of the Laws of Malta, and includes any information or opinions related to you, which enable us to identify you, such as name and surname, phone number, name of your profile, address of residence and for receiving mail, details of the monthly packages you have paid, details of used facilities from the Sportmaster™ program, and information about your access to our website. In particular, we may (directly or indirectly) collect the following categories of Personal Data:
- Name and surname, email information (these are mandatory data that we ask for during registration and establishment of a user profile on the website ("User Profile");
- Other data such as place of residence, date of birth, and contact phone number;
- Data on the place of employment, i.e., the company/organization/institution where the data subject is employed, which employer has concluded a contract with Sportmaster for the use of Sportmaster™ services.
- Data on used daily visits to facilities, fitness, and sports activities chosen by you for use on our platform or generated through scanning QR codes on the Sportmaster™ mobile application.
- Information that you voluntarily share with us about your personal preferences or requests such as suggestions for new facilities to join our platform, requests for offers for companies, requests for partnership offers, etc., sent through the forms available on the website.
- Information that you voluntarily share with us through free text fields, such as, for example, rating and giving feedback on your personal experience on the platform, surveys, etc.
- Information about which month the user made an order and successful payment;
- Communication with us directly via email, chat services, calls, or social media.
- Internet and network data depending on your consents. For example, browser identifiers, cookies, information about your interaction with the website and interaction with the Sportmaster™ application.
Important Note:
Sportmaster does not collect and process Special categories of Personal Data which merit higher protection.
Sportmaster does not perform collection, storage, or processing of data related to the duration of the visit to the partner facility, nor any detailed data regarding the visit to sports facilities. This also applies to any other personal information that the subject of personal responsibility voluntarily transfers to the partner facility.
4. Purposes for processing Personal Data and the legal basis for processing Personal Data:
We process your Personal Data to:
- Provide access to the Sportmaster™ program and use our products and services, including:
- Establishing and setting up your user profile,
- Providing services through the Sportmaster™ platform and customer support,
- Processing orders that you select on the platform, including communicating with us about your orders,
- Processing information for our accounting records.
- Sending information about changes in our services or for other promotional purposes. With your explicit consent according to the Personal Data protection legislation, we will use your Personal Data to inform you and give recommendations we believe are in your interest, before, during, and after interaction with us, including marketing and news related to our products and services, events, and other promotions. You can withdraw your consent, which you have given for such communication and notifications, at any time.
- Communication with customers. We may use your data to manage our relationship with you as our customer and to improve our services and enhance your experience with us (for example, to respond to your requests when you contact us). From time to time, we may also conduct customer surveys to measure their satisfaction with our Platform and the services and products we offer.
- Administrative and legal purposes. We use your Personal Data to operate our primary business activity, maintain and develop our platform through the website www.sportmaster.mt, and the Sportmaster™ web application, or for dispute resolution needs.
- Protection and prevention of fraud and legal purposes. Sportmaster processes Personal Data of customers to confirm identity and to protect itself and its customers from harm, prevent fraud or other illegal activities related to misuse of Personal Data, misuse of Sportmaster™ services, or the user's customer profile.
- We may also share your Personal Data with competent authorities in accordance with legal requirements or if necessary or permitted under applicable Personal Data protection legislation.
- Other purposes. We may obtain other Personal Data from you, and where this is done, you will receive explicit notification at the time of collection and your consent will be requested, unless otherwise permitted under applicable Personal Data protection laws.
We will process your Personal Data only when we have a legal basis to do so, which depends on the reasons for which we have collected and need to use your Personal Data. In most cases, we will need to process your Personal Data to be able to fulfill your requests when making orders for products and services and enabling access to services on your user profiles on the Platform.
Our processing of your Personal Data for the above purposes is done in accordance with the following legal bases:
- Processing is necessary to provide our services on the platform
- To comply with a legal obligation
- Our legitimate interest in conducting business improvements
- When you have consented to the use of your Personal Data (for example, for marketing and promotions)
- When you have publicly disclosed such information
5. How do we store your Personal Data and transfer Personal Data?
Encryption and security
Sportmaster has implemented appropriate technical and organizational measures to protect Personal Data from unauthorized access, unauthorized disclosure, or potential misuse, and uses high-level protection services such as CloudFlare. Our employees are trained to work in accordance with legal provisions for Personal Data protection and internal acts for Personal Data protection and are obliged to respect them.
We use the PHP BCRYPT function for encrypting passwords that users enter through registration forms.
Every person who has access to your Personal Data is obliged to protect the confidentiality of the data and to act according to the instructions of the data controller in accordance with applicable Personal Data protection laws.
Only persons authorized by Sportmaster have the right to access your Personal Data, to the extent necessary to perform their work tasks.
Every authorized person who has access to your Personal Data signs a declaration committing to the secrecy and protection of Personal Data during their processing.
Disclosure of data to third parties for use
Personal Data may be disclosed only to competent authorities, as well as to third-party processors authorized by the Controller and under conditions and to the extent permitted by the Law on Personal Data Protection.
Transfer of Personal Data to foreign countries
Sportmaster does not transfer Personal Data to third countries or international organizations.
6. How long do we keep your Personal Data?
We store your Personal Data for periods prescribed by law and our internal acts, for as long as necessary to fulfill the respective purposes for which they were obtained.
To determine the appropriate retention period, we consider the nature and sensitivity of the Personal Data, the purposes for which we process them, and whether we can achieve those purposes through other means.
We also consider the period for which we may need to retain Personal Data to fulfill our legal obligations, or to deal with complaints and legal matters, and to protect our rights in case of legal disputes.
This means that we will keep your Personal Data as long as your user account is active. However, after closing your user account, we may retain a limited part of your Personal Data so that we can maintain a continuous relationship with you if and when we are in contact with you again, and to adhere to our legal obligations.
7. What are your rights?
Under EU and local laws, you have certain rights regarding your personal data, including:
Transparency
You have the right to be informed whether we hold information about you and if so, what that information is and why we keep/use it.
Right of access
You can request access to your Personal Data (known as a “data subject access request”). This allows you to receive a copy of the Personal Data we hold about you and to check its accuracy and the legality of processing.
Right to rectification of inaccurate or incomplete Personal Data
You have the right to request correction of the Personal Data we hold about you. This allows you to have any incomplete or inaccurate information corrected.
Right to erasure of Personal Data
Upon request of the data subject, we will delete the data if the purpose for which they were processed has been fulfilled; if you have withdrawn your consent for processing; if the data were processed unlawfully; if you object to the processing or to comply with a legal obligation to delete the data when there is no legal basis for processing. After completing the process and completely deleting the data at the controller, the user's subscription relationship and the use of Sportmaster™'s services will no longer be possible.
Right to restriction of processing
The subject has the right to request that we limit the processing of Personal Data: if you dispute the accuracy of the Personal Data, during the period while we confirm their accuracy; if you consider that the processing is unlawful, but oppose the deletion or if the data are needed for the establishment of legal claims.
Right to data portability
You have the right to receive your Personal Data in a structured, commonly used, machine-readable format, or to request that we transfer those data to another controller.
Right to object to the processing of Personal Data
The data subject has the right to withdraw consent at any time and stop processing Personal Data based on consent.
Right to withdraw consent
The giving and withdrawal of consents by an individual user to receive notifications and/or promotional messages to improve services can be done as follows:
- At any time after receiving an email message from Sportmaster, the user can withdraw their consent by selecting the unsubscribe option available on each email message
- By submitting an appropriate request sent to the email address [email protected]
Your right to lodge a complaint with the IDPC
All data protection complaints must be lodged with the Information and Data Protection Commissioner in Malta, as the data protections supervisory authority.
Please note that none of these rights are absolute and without exceptions and must be balanced with our own legal interests and obligations.
To exercise any of your rights, you can contact us following the details found at the bottom of this page.
To process your request, we would require proof of identity to ensure that personal data is not disclosed to any person who has no right to receive it.
Sportmaster will provide you with information on the actions taken based on your requests without unnecessary delay and in accordance with the deadlines set in the relevant data protection legislation.
8. Information about your payments
The Sportmaster™ program available throught the Sportmaster™ application and the website www.sportmaster.mt, offers users the opportunity to pay their monthly subscription, which allows access to services for the current month with a credit or debit card (Visa and MasterCard) that has a three-digit security code. In this case, transaction processing goes through a payment gateway - International card system (Casys). The data you enter when paying with your payment card are not stored or transmitted through our servers. Transactions are processed through the payment processing system of the bank we cooperate with, APS Bank - which is certified by VISA and MasterCard for transaction processing. At the moment you make the payment and enter the data, they are processed through the bank's HTTPS security protocol using Secure Socket Layer (SSL) technology and we do not see the data from your payment card, the only information we store is the transaction number and the amount paid.
Sportmaster does not store users' payment card data but only has access through the bank's system to part of the data such as – Name and surname of the payment cardholder, the amount paid, and the payment status.
9. Authorizations
For the Sportmaster™ application to function on your device and for you to be able to use the services of the Sportmaster™ program, it needs access to various functions and data on the device. For this purpose, you need to grant certain consents and authorizations for that information.
The authorizations are programmed differently by different manufacturers. Individual authorizations, for example, can be combined into categories of authorizations, and you may give consent only for the category of authorization as a whole.
Remember that if you refuse consent for one or more authorizations, you will not have access to the full range of functions offered by our application.
If you have granted authorizations, we will use them only to the extent described below:
Location Information
The application requests access to information about your current location to successfully scan the QR code at the partner facility, allowing you to access services after successful verification. Additionally, Sportmaster uses this information only at the moment when the “Scan” option is selected to provide services at partner facilities.
Internet Communication
The application requires access to the Internet via a Wi-Fi network or mobile data network for real-time updates related to your use of the provided services.
Camera
The application mandatorily requires access to the camera to scan QR codes to enable the use of services at partner facilities. Permission to use the camera is requested only the first time the user tries to scan the QR code at a partner facility. Only data about the partner facility where the subject has chosen a service or selected a recreational sports activity are transmitted to the servers of Sportmaster.
10. Cookies
Cookies are small text files (files) that are stored on your computer or other device (mobile phone, tablet, etc.) by the websites you visit on the Internet. The web browser sends these cookies back to the website on each of your visits and helps us save information about your activities or user preferences, all in order to provide personalized and optimized content on the website and to display the browsing history on the same. For more information about the cookies we use, please see our Cookie Policy, at the following link:
https://sportmaster.mt/cookie-policy
11. Children
Users must be of legal age according to the legal regulations in the country where they live and must not be younger than 16 years old. Individuals are not allowed to register for a user account on the website without confirming that they are 16 years of age or older. If we suspect the age of any user, we will contact them to confirm their age.
12. The Office of the Information and Data Protection Commissioner
The Office of the Information and Data Protection Commissioner (“IDPC”) is the national supervisory authority responsible for monitoring and enforcing the provisions of the GDPR and the Data Protection Act.
If you consider that the processing of personal data relating to you infringes the GDPR, you have the right to lodge a complaint with the IDPC against the controller involved and the case will be investigated accordingly. The Office of the Information and Data Protection Commissioner as the competent authority for supervising the legality of the activities undertaken during the processing of Personal Data on the territory of Malta.
It’s important to know that all these rights can be exercised directly with the data controller Sportmaster.
Moreover the controller shall provide a response within one month from receipt of a communication, according to Article 12 GDPR. In the event that the controller fails to respond or if otherwise you are not satisfied with the reply, you may lodge a complaint through the online form:
https://idpc.org.mt/raise-a-concern/
Sportmaster as a controller could extend the time to respond if the request is complex or when receiving several requests from the individual. In such cases, the controller must still reply within one month of receiving their request and explain why the extension is necessary.
Where Sportmaster has reasonable doubts concerning the identity of the data subject exercising his or her rights under the GDPR, it may request the provision of additonal information necessary to confirm the identity of the data subject.
13. How to contact us
If you want to receive feedback and have questions, concerns, or want to exercise your rights related to your Personal Data, please contact the Sportmaster team at the following e-mail address:
[email protected]
If we receive a complaint from you about the way we process your Personal Data, we will review the content of the complaint and within a reasonable period will decide how to resolve the disputed issue. We aim to resolve any disputes in a timely manner, after which we will contact you within a reasonable period.
In accordance with Article 41 of the Law on Personal Data Protection, Sportmaster has appointed a Personal Data protection officer, a person authorized to act in activities and procedures related to the processing and protection of Personal Data. You can contact our officer only for matters related to Personal Data protection at the email address:
[email protected] or at the phone number: +356 7776 9616.
14. Publishing and changing this Privacy Policy
Sportmaster may revise and update this Privacy Policy at any time in its sole discretion by posting an updated Privacy Policy on the Platform. All such changes to the Privacy policy are effective immediately when posted on the website and apply to all access to and use of the program thereafter.
The current version of the Privacy Policy will always be published and publicly available on the website of Sportmaster –
www.sportmaster.mt