We generally obtain your personal data directly from you but may also collect personal data about you from publicly accessible open sources.
Personal data is any data that can directly or indirectly identify you, e.g. your first name and last name, address, email or user behaviour.
We may provide you with additional information privacy notices where we believe that it is appropriate to do so. Such additional notices supplement this Policy and should be read in conjunction with it.
1. Visiting our Website
If you only visit our website for information purposes, i.e. you do not provide any personal data in any form to us, we only collect the personal data that your browser transfers to our web server. When you visit our website we collect in particular the following data which we need in order to make it technically possible to display our website and ensure its stability and security (the legal basis for this is Art. 6(1)(f) of the GDPR):
- IP address
- Date and time of query
- Time zone difference with regard to universal time – Greenwich Mean Time (GMT)
- Query content (specific page)
- Access status/HTTP status code
- Volume of data transferred
- Website from which the query is made
- Browser (e.g. Google Chrome)
- Operating system and interface (e.g. Windows 10) and
- language and version of browser software.
2.1 Session Cookies
Session cookies (transient cookies) save the “session identifier” which is used to assign various queries from your browser to the joint session. Your computer can then be recognised next time you visit our website. Session cookies are deleted when you log out or close your browser.
2.2 Persistent Cookies
Persistent cookies are automatically deleted after a specified time, which varies from cookie to cookie. You can delete cookies at any time in your browser security settings. We use persistent cookies only for the purpose of analysis (see Section 3 – Google Analytics).
You can adjust your browser settings as you wish and – for example – refuse to accept third-party cookies or all cookies. Please note that this could mean you will not be able to make optimum use of all the functions of this website.
3. Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). The cookies used by Google Analytics enable us to analyse the way you use our website. This allows us to evaluate user behaviour on our website and use the statistics we gather to make our offer more attractive. Article 6(1)(f) of the GDPR forms the legal basis for the use of Google Analytics.
During the process of IP anonymisation (anonymizeIp) that we activated, Google first cuts off the end of each IP address collected in the European Union. This means that any data collected about you that could identify you is immediately barred and the personal data deleted.
IP addresses transmitted from your device for Google Analytics purposes will not be associated with any other data held by Google. You can prevent the collection and processing of the information generated by the Google cookie by deactivating storage of cookies in your browser or device settings.
In addition, you can stop Google collecting and processing data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing a browser plug-in available at the following link. The current link is: http://tools.google.com/dlpage/gaoptout?hl=pl
As an alternative to the browser plug-in, or in browsers on mobile devices, you can stop data collection by Google Analytics at any time by clicking on the following link. This will enable a setting blocking the cookie that will prevent your data being collected on future visits to this website.
4. Using Services through the Website and Application
We also gather your personal data, if you divulge them to us yourself in connection with using the services we provide through the website and Application
(hereinafter the “Services”), including:
- the service of operating the student account (hereinafter the “Student Account Service”).
If you do not supply, at our request, the personal data we need, we may not be able to provide our Services or to continue providing our Services.
The detailed principles of providing Services, including the Student Account Service, are set out in the Website and Application Rules published in a downloadable mode on the website under the tab Regulations hereinafter the “Terms”).
4.1 Student Account Service
Obtaining access to the Student Account Service requires creating a student account (hereinafter the “Student Account”). To create an account, the consent of a parent holding full parental authority or legal guardian, authorised to take decisions alone regarding your proprietary and personal interests (hereafter the “Guardian”), is required.
Creating a Student Account takes place via a registration form made available on the website or through the Application, where you will be asked to provide the data required to create and operate the account:
- first name and last name
- date of birth
- Guardian’s email.
Creating a Student Account and using a Student Account through the Application requires your Guardian to give consent to the processing of your personal data related to physical activity (e.g. number of steps) which will be obtained from sports applications installed on your mobile device and also – through the Application – from Apple Health and Google Fit and also requires their consent for passing on such data to organisers of Competitions, within the meaning adopted in the Terms (hereinafter the “Competition” or “Competitions”), in order to carry out the Competitions, which will only take place if justified by the Competition terms and if the School to which you assigned your Student Account takes part in such Competition.
In order to facilitate the operation of the Student Account you may be asked to provide additional data, thereby consenting to their processing. Such data may be erased at any time. Provision of data marked as mandatory is required in order to create and operate the Student Account and failure to provide such data makes it impossible to create and operate the Student Account.
Authorisation of the Student Account created using the website and Application and giving consent to the processing of your personal data related to physical activity and to passing such data on to Competition organisers for the purpose of carrying out Competitions takes place by indicating your Guardian’s email during registration and then by your Guardian clicking the link sent to their email address. As you use the Student Account through the Application, we also collect data related to your activity in the Application including:
- the number of points you scored
- the place you achieved in rankings
- prizes awarded to you
- user category assigned to you
- badges awarded to you.
If you use the Services, including the Student Account Service, through the website or Application, we process your personal data and your Guardian’s personal data for the purpose of providing services related to maintaining and operating the Student Account – the legal basis for such processing is its necessity for the performance of the contract (Art. 6(1)(b) of the GDPR); the legal basis for processing data provided additionally that do fall within the scope required for the functioning of the Application, is consent (Art. 6(1)(a) of the GDPR).
5. Processing of Personal Data for Contact Purposes
When you contact us in writing, by email or by other means, we collect the information you provide to us, such as your first name, last name, email address, date of birth, phone number, personal statement and possible attachments, so we can process your application or query (the legal basis for this is Art. 6(1) point (b) or (f) of the GDPR).
If you fail to provide the personal data that we require, upon our request, we may not be able to answer your queries.
6. Ensuring the security of Services
We can use your personal data to ensure the security of Services and content offered by us. The legal basis for data processing is Art. 6(1)(c) of the GDPR (compliance with a legal obligation) or Art. 6(1)(f) of the GDPR (legitimate interest of Pho3nix i.e. ensuring Users’ security).
7. Processing of Personal Data for Marketing Purposes
We may use your personal data for carrying out statistical measurements, improving Services and tailoring them to your needs and convenience as well as for marketing our own services and products, including data analysis and profiling for marketing purposes, and also to maintain and develop our relationship with you, to pursue certain business development initiatives, send you publications and marketing communications and invite you to events (the legal basis for this is Art. 6(1)(f) of the GDPR).
You can control the information you receive through our marketing communications by using the corresponding option at the bottom of our emails. If you no longer wish to receive emails relating to our Services or events, you can unsubscribe at any time by using the option at the bottom of the email or by contacting us via email.
8. Personalisation and Content Customisation
We may process your personal data for the purposes of personalising and customising content displayed through the site, this may consist in:
- showing films and other content, tailored to your age group, through the Student Account.
We use profiling in certain cases for the purpose of content personalisation and customisation activities. This means that we evaluate selected factors concerning natural persons using automatic data processing in order to analyse their behaviour or establish a forecast for future behaviour (the legal basis for this is Art. 6(1)(f) of the GDPR).
9. Links to Other Websites
We may publish links to other sites on certain pages of our website or make it possible to share content using “share buttons”. Please note that this Policy does not concern other websites and personal data processing on such other websites. Please visit those sites directly in order to find data protection information.
10. Making Your Personal Data Available
If this is required for processing your query or providing the Service, your personal data may also be passed on to third parties such as IT providers, technology partners, partners organizing Competitions and Challenges, website host, third parties who operate our website or Application or cooperate with us in carrying out statistical measurements and ensuring security of Services, their improvement and adjustment to your needs and convenience, affiliates, vendors or other third party service providers operating on our behalf who may be domiciled in Switzerland, the EU or non-EU countries. It is also possible that we will engage third-party service providers to deal with your query (e.g. to send out information material). The third-party service providers we use are carefully selected and instructed by us, and are bound by our rules, and only process your personal data in accordance with this Policy (including the purposes set out herein) and applicable privacy and data protection regulations. Beyond this we do not transfer any personal data to third parties.
Further, we may share your personal data with third persons where:
- you have consented to us doing so (where necessary) or the organisation that you work for has obtained your consent for us to do so (where necessary)
- we are under a legal, statutory or professional obligation to do so (for example, to comply with anti-money laundering or sanctions requirements) or
- it is necessary in connection with court proceedings or in order to exercise or defend rights.
In case your personal data is transferred outside of your country of domicile, we will take all appropriate and necessary measures to guarantee an adequate level of data protection in accordance with applicable privacy and data protection regulations.
If data are transferred to a country that has not been recognised by the European Commission as ensuring an adequate level of personal data protection (such as Switzerland and the UK for example), we assure that the transfer will be effected with appropriate safeguards in compliance with GDPR provisions on the basis of the Standard Contractual Clauses adopted by the European Commission.
Entities with which Pho3nix cooperates on the territory of the country of your domicile may be distinct controllers of your personal data. Third parties carry out actions related to promoting the activity of Pho3nix, including, among others, organising Competitions. Pho3nix and third parties share your personal data with each other, if this is necessary for the purposes pursued, on the basis of Art. 6(1)(f) of the GDPR (i.e. for undertaking cooperation in the scope of the organised events). Information concerning processing under this Policy remain valid in the case of data processing by such third parties.
Please find below a list of third parties with which Pho3nix cooperates in each country and their contact details:
|Poland||Klub Sportowy Tri Tour with its seat in Poznan, ul. Smardzewska 21/4, 60-161 Poznan, Polska, registered in the records of students’ sports clubs and sports clubs operating in the form of associations whose statutes do not provide for economic activity kept by the President of the City of Poznan under item ST 292, NIP 9721247020;||firstname.lastname@example.org|
|Switzerland||Nicola Spirig Stiftung|
Bachtobel 9, 8184 Bachenbülach
|Australia||Mana Group Oceania Pty Ltd (ACN 647 966 176)||email@example.com|
The controllers of personal data of Competition participants are Pho3nix and the Competition organiser indicated in the Competition Rules.
The personal data of Competition participants are processed for purposes connected with organising and carrying out the Competition, promoting the Competition as well as presenting the prize and examining possible complaints.
The detailed principles concerning the organisation of Competitions are set out in the Rules of each Competition which are published on the Portal.
12. Data Storage Period
Unless specified otherwise, your personal data will be erased or blocked as soon as the reason for which they were stored ceases to apply. They may be stored for a longer period if this is required by regulations we are subject to, if further storage is necessary for the protection of legitimate interests or if you have expressed your consent for such further storage. Your personal data are also blocked or erased upon expiry of their statutory storage period unless it is still necessary to store personal data in order to enter into or perform a contract.
13. Your Rights
In your contacts with us, you have the following rights with respect to your personal data:
- right to information
- right to correct and erase data
- right to restriction of data processing
- right to object to data processing
- right to data portability.
We may refuse to exercise your rights, if we are permitted or obliged to do so under binding provisions concerning data privacy or protection or other provisions. In such a case we will provide the reasons for our decision in compliance with legal requirements.
If you wish to use these rights, please contact us in writing or send an email.
You also have the right to file a complaint with the competent data protection authority, if you consider that our processing of your personal data is not compliant with binding provisions on data privacy and protection in your country of residence.
Please find below a list of data protection authorities competent for your domicile:
– Switzerland: Federal Data Protection and Information Commissioner
– Poland: Personal Data Protection Office
– United Kingdom: [·]
– Australia: Office of the Australian Information Commissioner (www.oaic.gov.au)
If you gave your consent to the collection, processing and transfer of your personal data for a specific purpose you have the right to withdraw your consent for that specific data processing at any time. Upon obtaining notice of withdrawal of consent we will cease to process your data for the purpose or purposes to which you initially gave consent, unless we have another justified basis to lawfully do so.
We carry out risk analysis on a current basis in order to ensure that personal data are processed by us in a secure manner – ensuring primarily that only authorised persons have access to such data and only in the scope necessary in view of the tasks they perform. We make every effort to ensure that all operations on personal data are registered and performed only by authorised employees and collaborators.
If you have questions or doubts concerning data protection please contact us by email using the dedicated address for your country of domicile:
– Switzerland: firstname.lastname@example.org
– Poland: email@example.com
– United Kingdom: firstname.lastname@example.org
– Australia: email@example.com
– Spain: firstname.lastname@example.org
You can also write to our postal address: Pho3nix Foundation, c/o Iatesta AG, Via Somplaz 1, CH-7500 St. Moritz, Switzerland.
16. Provisions Specific for Your Domicile
We present below the provisions that apply to you, if your domicile is in the country where the given provision applies:
|country||additional or modified provision|
Our Policy is periodically updated.
Any changes that we may introduce to this Policy in the future will be published on this website. Check the site regularly to find out about any updates or changes to our Policy.