GDPR och personuppgifter
GDPR is the EU's new data protection law, which will enter into force on May 25, 2018. It contains rules to protect the individual's personal data and integrity.
The law applies to all who handle personal data, whether you are a company, association, organization, authority or private person. It applies in the EU and in the ESS, but also to non-EU countries whose customers are in the EU.
It is the cup (organizer) who is Person Responsible . Cupmate is a technology vendor but is not responsible for the content but is considered Personal Data Wizard .
This means that the Cup (organizer) must establish a privacy policy and then clearly follow it. The cup (organizer) needs to keep track of what information is collected via Cupmate (these are described in the Terms). When the the collected personal data is no longer needed, the Cup (organizer) must remove these.
From May 25, 2018, the Cup (organizer) can activate and add its own privacy policy. If/when the cup does that, another input field appears in the application form that the team must approve the policy before signing up.
For teams already registered, they will be able to accept the terms when logged in to their team account. Cupmate recommends that the cup sends information about this to the registered teams.
One (1) year after the cup's last day, personal data from teams and referees will be automatically deleted by Cupmate. Four (4) weeks after the cup's last day, personal data from players will be automatically deleted by Cupmate. The cup (the organizer) can manually delete personal information earlier than that if required. What fields are involved you can see in the Terms.
If the cup has added its own input fields that are filled in when the teams/players/referees sign up, that information will also be deleted.
Read more about: GDPR (Eu)