IPC Sport Data Management System
Home » IPC SDMS Privacy Policy
IPC SDMS Privacy Policy

1 DATA PROTECTION STATEMENT IPC

Data Protection Statement (valid from: 23 May 2018)

1.1 INTRODUCTION

Regardless of whether you are a customer, prospective customer, applicant or visitor to our website: We, IPC (hereinafter: "IPC", "we") take the protection of your personal data very important. But, what does this mean in concrete terms?

Below we provide you with an insight into what personal data we collect from you and in what form we process it. Furthermore, you will receive an overview of the rights you are entitled to according to the applicable data protection law. In addition, should you have any questions, we will provide you with a contact person.

1.1.1 WHO ARE WE?

The International Paralympic Committee (IPC) is the global governing body of the Paralympic Movement. Its purpose is to organise the Summer and Winter Paralympic Games, and act as the International Federation for ten sports, supervising and co-ordinating World Championships and other competitions.

Within the meaning of the applicable data protection laws, as Controller,

IPC
Adenauerallee 212-214
53113 Bonn, Germany
E-mail: info@paralympic.org
Phone: +49-228-2097-200
Fax: +49-228-2097-209

We take all measures required by applicable data protection laws to ensure the protection of your personal data.

If you have any questions regarding this data protection statement, please contact our Data Protection Officer (DPO).

Clemens Dorner
2B Advice GmbH
Joseph Schumpeter Allee 25
53227 Bonn, Germany
E-mail: ipc@2b-advice.com
Phone: +49 (228) 926165 120

1.2 SCOPE OF THE DATA PROTECTION DECLARATION

With the processing of personal data the legislator means activities such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

Personal data is all the information that relates to an identified or identifiable natural person.

This data protection statement concerns the personal data of customers, interested parties, applicants or visitors.

This data protection statement applies to our service https://db.ipc-services.org/sdms.

1.3 WHICH PERSONAL DATA DO WE PROCESS?

The IPC Sport Data Management System (SDMS) is a tool to store and process the data of athletes and competition partners that intend to participate in or have actually competed in any IPC recognised competition in any of the nine IPC sports since 2008, or held historical world, regional or Paralympic Games records at SDMS launch date on 1 January 2009. In addition, SDMS stores information about the IPC sport officials such as classifiers, technical officials and referees.

Authenticated users of the National Paralympic Committees (NPCs) register and update their athletes in SDMS; data of officials can be reviewed and corrected by themselves.

We process the following types of personal data

  • personal identifiable information (PII)
    • for athletes: e.g. first and last name, e-mail address (optional), demographic data including age, gender, nationality and passport data
    • for officials: e.g. first and last name, e-mail address, phone numbers, demographic data including age, gender, location, passport data
    • for authenticated SDMS users: first name, last name, and e-mail address
  • data on your behaviour online (only applicable to active SDMS users)
    • IP address, but only when actively attempting to log-in with username, timestamps on data set creation and changes
  • financial data
    • for NPCs or national sport federations: invoice recipients (postal address) and VAT numbers
  • historical data
    • for athletes: e.g. name/NPC changes, classification history, results and records achieved at IPC recognised competitions
    • for officials: e.g. IPC education history, attendance and performance at Para sport competitions
    • for authenticated SDMS users: login history

1.3.1 SPECIAL CATEGORIES OF DATA

For the purpose of classification and participation at IPC sanctioned and approved competitions, SDMS stores medical information of the athletes if provided by the athlete and their NPC or National Sport Federation, respectively. Other sensitive data and special categories according to Art. 9 of the GDPR such as information on religious or trade union membership are not collected at all.

1.3.2 PERSONAL DATA OF MINORS

Personal data of minors are collected only if they wish to compete or have competed in any IPC recognised competition (see §1.3). They are registered by their NPCs like all other athletes and competition partners.

1.3.3 USE OF COOKIES

Cookies are files that are placed on your computer by our website or customer portals when you visit the site. These files store information that makes your use of this site more efficient.

On this platform, cookies are only used to register a session while visiting SDMS and is used to identify your authorisation after you successfully authenticated yourself to access the protected area of SDMS. These sessions, and subsequently the temporarily created cookie, become invalid when you logout, close your browser, and are inactive for a pre-determined time period.

1.4 WHAT DO WE PROCESS YOUR PERSONAL DATA FOR - AND ON WHAT LEGAL BASIS?

1.4.1 ATHLETE CLASSIFICATION

Medical information of athletes are processed to enable their classification. First, athletes must fulfil certain eligibility criteria according to the IPC Classification Code to be accepted as Para athletes. Second, if the first condition is met, athletes are categorised into various classes that enable a fair competition between athletes of similar impairment. Both steps are only possible if the physical circumstances of the athlete are known to the classifiers. Consequently, only a limited group of people have access to this medical information and the results of the classification assessments, that is the responsible NPC or national sport federation, and the World Para Sport federation in charge for this athlete based on the sport the athlete would like to compete in.
Athletes (and their competition partners) should sign the IPC Athlete Eligibility Agreement giving consent to provide their personal data for the purposes of classification and participation at IPC competitions.

Classifiers, as one part of the group personal data is collected for, are in charge to perform this assessment. In order to ensure that the classifiers have the required level of education and background, their information is stored. Classifiers and all other types of Para sport officials sign an Engagement Agreement giving their consent to provide their personal data for the purpose of fulfilling their obligation in the respective role.

1.4.2 ORGANISATION OF PARA SPORT EVENTS AND THE PARALYMPIC GAMES

The personal information of athletes and competition partners is required to prepare Para sport event like Para sport World Championships or even the Paralympic Games. That includes the identification of the athlete and the outcome of the classification to prepare the competition schedules and start lists, and finally run the competitions for the benefit of the athletes.

Technical officials are requested to provide feedback on their attendance at the IPC sanctioned events to run the competition. In order to ensure that these officials have the required level of education and background, their information is stored. Technical officials sign an Engagement Agreement giving their consent to provide their personal data for the purpose of fulfilling their obligation in the respective role

1.4.3 ATHLETE NATIONALITY

Nationality information (nationality and passport data) are collected to prove the nationality of an athlete in order to fulfil the IPC Athlete Nationality Policy (see §3.1 of the IPC Handbook).

1.4.4 INVOICING

SDMS generates invoices for IPC licences, competition approvals, and participation entry fees to fulfil the contract with our customers. In order to generate these invoices, SDMS users (NPCs and/or national sport federations) are requested to provide an invoice recipient (postal address) and, if the country is member of the European Union (EU), the VAT if existent required from tax legislation.

1.4.5 PARA SPORTS HISTORY AND LEGACY OF THE PARALYMPIC MOVEMENT

Athletes results are not only stored to validate the qualification of athletes for the next upcoming major event (e.g. Paralympic Games), but the IPC also has the obligation to store the history of Para sports as global governing body of the Paralympic Movement. Furthermore, historical results and classification data are stored for the purpose of analysis that massively supports the improvements and growth of the Paralympic Movement and the Para sports.

1.4.6 MEASURES TO SERVE YOUR PROTECTION

Among others, we use your personal data in the following cases on the basis of our legitimate interests:

  • We analyse your data to protect you or your company from fraudulent activities. This may happen, for example, if you have been the victim of identity theft or if unauthorised people have otherwise gained access to your user account;
  • Our IT support works closely with you in case of technical problems to improve the reliability of our web applications. In this context, we also evaluate logs of page accesses, actions performed, etc;
  • To be able to guarantee IT security;

in order to able to record and prove facts in the event of possible legal disputes.

1.5 WHERE WE TRANSMIT DATA AND WHY

1.5.1 USE OF DATA WITHIN THE IPC

Within the IPC, only those entities have access to the personal information of athletes and Para sport officials in order to fulfil their duties in organising classification and Para sport competitions, and continuously improving the business of the IPC and the IPC sports.

1.5.2 USE OF DATA OUTSIDE THE IPC

Athlete data are sent to event organisers when the athlete explicitly (through their NPC or national sport federation) wants to compete at the IPC sanctioned competition. In general, only athletes with a valid IPC licence can compete at these competitions, and those athletes gave their consent to use their personal data for the organisation and performance of Para sport competitions.

We respect the protection of your personal data and we pass on information about you only if required by law, if you have given your consent or to fulfil contractual obligations. In some cases, this may result in personal information having to be transferred to countries outside the EU or the EEA, where an adequate level of data security may not be provided.

For the following recipients, for example, there is a legal obligation to pass on your personal data:

  • Public authorities or supervisory authorities, e.g. tax authorities, customs authorities;
  • Judicial and law enforcement authorities, e.g. police, courts, public prosecutors;
  • Lawyers or notaries, e.g. in legal disputes;
  • Chartered Accountant/ Auditors.

In order to fulfil our contractual obligations and to handle all financial matters, we cooperate with banks and financial service providers.

Our own service providers

In order to make our operations more efficient, we use the services of external service providers who may receive personal data from you for the purposes described, including IT service providers, printing and telecommunications service providers, debt collection, consulting or sales companies.

Important: We pay close attention to your personal data!

In order to ensure that the service providers comply with the same data protection standards as in our company, we have concluded appropriate contracts for order processing. These contracts regulate, among other things:

  • that third parties only have access to the data they need to carry out the tasks assigned to them;
  • that the service providers only grant access to your data to employees who have explicitly committed themselves to comply with data protection regulations;
  • that the service providers comply with technical and organisational measures that guarantee data security and data protection;
  • what happens to the data when the business relationship between the service provider and us is terminated.

For service providers based outside the European Economic Area (EEA), we take special security measures (e.g. by using special contractual clauses) to ensure that the data is treated with the same level of caution that is exercised in the EEA. We regularly check all our service providers for compliance with our specifications.

Very important: Under no circumstances do we sell your personal data to third parties!

1.5.3 USE OF DATA WITHIN IPC, WORLD PARA SPORTS AND INTERNATIONAL AFFILIATES

In order to provide you with the best possible service, we occasionally exchange data within the IPC, WORLD PARA SPORTS and International Affiliates. We guarantee that the applicable data protection regulations are observed and that your personal data is adequately protected at all times.

For this reason, we have taken appropriate measures to ensure compliance with data protection within the IPC Group:

We have concluded appropriate contracts with the individual subsidiaries to ensure that personal data shared within the Group remains protected at all times.

In accordance with these contracts and applicable data protection laws, we transfer personal data to our production and sales subsidiaries only for the purposes stated in this data protection statement. In doing so, we support our subsidiaries both in their operations and in their compliance with the technical and organisational measures that we also use at the parent company to guarantee the security of your personal data. If possible, we protect your data by using pseudonymisation or anonymisation measures. If subsidiaries are located outside the EEA, we take appropriate measures to ensure that the personal data processed there is just as protected as within the EEA.

1.6 ARE YOU OBLIGED TO PROVIDE US WITH PERSONAL DATA?

In the context of the business relationship between you and IPC, we require from you the following categories of personal data:

  • all necessary data for the establishment and implementation of a business relationship;
  • data required for the fulfilment of contractual obligations;
  • data that we are legally obliged to collect.

Without these data it is not possible for us to enter into or execute contracts with you.

1.7 DELETION PERIODS

In accordance with the applicable data protection regulations, we do not store your personal data longer than we need for the purposes of the respective processing. If the data is no longer required for the fulfilment of contractual or legal obligations, it will be regularly deleted by us, unless its temporary storage is still necessary. There may be the following reasons for further storage:

  • Obligations under commercial and tax law to retain data must be observed: The periods for storage, primarily in accordance with the provisions of the German Commercial Code and the Fiscal Code, are up to 10 years.
  • To obtain evidence in the event of legal disputes within the framework of statutory limitation periods: in civil law, statutory limitation periods may be up to 30 years, with the regular limitation period occurring after three years.

1.8 YOUR RIGHTS

Within the scope of processing your personal data, you also have certain rights. More detailed information can be found in the corresponding provisions of the General Data Protection Regulation (Articles 15 to 21).

1.8.1 RIGHT TO ACCESS AND CORRECTION

You have the right to obtain information from us on which of your personal data we process. If this information is not (no longer) correct, you can ask us to correct the data, or, if it is incomplete, to complete it. If we have passed on your data to third parties, we will inform the relevant third parties in the event of a corresponding legal situation.

1.8.2 RIGHT TO DELETION

You can request the immediate deletion of your personal data under the following circumstances:

  • When your personal information is no longer needed for the purposes for which it was collected;
  • If you have revoked your consent and there is no other legal basis for data processing;
  • If you object to the processing and there are no overriding legitimate reasons for data processing;
  • If your data is processed unlawfully;
  • If your personal data must be deleted in order to comply with legal obligations.

Please note that before deleting your data we must check whether there is not a legitimate reason for processing your personal data.

1.8.3 RIGHT TO RESTRICTION OF PROCESSING ("RIGHT TO BLOCK")

You may request us to restrict the processing of your personal data for one of the following reasons:

  • If you dispute the accuracy of the data until we have had the opportunity to verify the accuracy of the data;
  • If the data is processed unlawfully, but instead of being deleted, you merely request the restriction of the use of personal data;
  • If we no longer need the personal data for the purposes of processing, but you still need them to assert, exercise or defend in the course of legal claims;
  • If you have filed an objection against the processing and it is not yet clear whether your legitimate interests outweigh ours.

1.8.4 RIGHT TO OBJECT

1.8.4.1 RIGHT TO OBJECT IN INDIVIDUAL CASES

If the processing is carried out in the public interest or on the basis of a balance of interests, you have the right to object to the processing for reasons arising from your particular situation. In the event of an objection, we will not process your personal data further, unless we can prove compelling reasons for processing your data, which outweigh your interests, rights and freedoms, or because your personal data serve to assert, exercise or defend legal claims. The objection shall not preclude the legality of the processing carried out up to the time of the objection.

1.8.4.2 OBJECT AGAINST THE USE OF DATA FOR ADVERTISING PURPOSES

In cases where your personal information is used for advertising purposes, you can object to this form of processing at any time. We will no longer process your personal information for these purposes.

The objection can be made form-free and should be addressed to:

IPC
Adenauerallee 212-214
53113 Bonn, Germany
E-mail: ipc.media@paralympic.org
Phone: +49-228-2097-200
Fax: +49-228-2097-209

1.8.5 RIGHT TO DATA PORTABILITY

Upon requests, you have the right to receive personal data that you have given us for processing in a transferable and machine-readable format.

1.8.6 RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY (ART. 77 GDPR)

We try to process your requests and claims as quickly as possible in order to protect your rights appropriately. Depending on the frequency of enquiries, however, it may take up to 30 days before we can provide you with further information about your request. If it should take longer, we will inform you promptly of the reasons for the delay and discuss the further process with you.

In some cases, we may not or cannot give you any information. If legally permissible, we will inform you of the reason for refusing to disclose the information.

However, should you not be satisfied with our answer and responses or should you be of the opinion that we are violating the current data protection law, you are free to file a complaint with our Data Protection Officer as well as the relevant supervisory authority. The supervisory authority responsible for us is:

Landesbeauftragte fur Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI)
Kavalleriestrasse 2-4
40213 Dusseldorf, Germany
Phone: +49 211 38424-0
Fax: +49 211 38424-10

2 VERSION

This Data Protection Statement is valid as of 23 May 2018. Registered customers will be informed about changes in the Data Protection Statement.