US PRIVACY

US Privacy Policy

Updated: August 2023

1. INTRODUCTION

This Privacy Policy (“Privacy Policy”) relates to (i) the Guardians of the Ball software application or any related software application (“Apps”) and (ii) the website https://www.GuardiansoftheBall.com and/or any sub-website and/or associated domains (and/or sub-domains) of https://www.GuardiansoftheBall.com(the “Site”), (iii) the Marketplace, (iv) the owner of the Site and (v) the services provided by it and its subsidiaries, whether direct or indirect, including but not limited to Guardians of the Ball Limited (hereinafter collectively referred to as “We”, “Us”, “Our”, “Ourselves” and/or “Guardians of the Ball Limited.”).

“You”, “Your” and “User” refer to an identified or identifiable natural person being the User of the Site, Apps and/or client (or prospective client) of any of Our services.

This Privacy Policy provides detailed, layered information as to how and why We process Personal Data (via the Site, any of Our Apps, or otherwise) as well as detailed information about Your various rights. We are committed to protecting Your privacy and handling your information in an open and transparent manner.

We strongly encourage You to read this Privacy Policy with care. Please contact Us for any clarification You may need. We would be happy to provide You with any information You may need.

2. CONTENTS OF THIS PRIVACY POLICY

1. Introduction
2. Contents of this Privacy Policy
3. Applicable Laws
4. What is personal data?
5. Personal data we collect about you
6. How and why we collect personal data
7. What we use your personal data for (purpose of processing)
8. Region Specific Disclosures
9. Special note on consent
10. Accuracy of personal data
11. Direct marketing
12. Transfers to third countries
13. Internet communications
14. Authorized disclosures
15. Sharing of personal data with other categories of recipients
16. Security measures
17. Retention periods
18. Processing for research and statistical reasons
19. Links to third-party sources
20. Cookies
21. Minors
22. Your rights under the data protection laws
23. Guardians of the Ball Limited.– company details
24. Updates

3. APPLICABLE LAWS

As an entity established in Malta, the main privacy laws that are applicable to us in so far as You are concerned, are the following:

Federal Law Privacy Policy Requirements:

• The Gramm-Leach-Bliley Act
• State Privacy Policy Requirements
• California Consumer Privacy Act (CCPA)
• Any successor legislation to the CCPA

All the above is referred to collectively as the “Data Protection Laws”

4. WHAT IS PERSONAL DATA

“PERSONAL DATA” means any information that identifies You as an individual or that relates to an identifiable individual.

Whenever it is not possible or feasible for Us to make use of anonymous and/or anonymized data (in a manner that does not identify any Users of the Site, Apps or customers of Our services), We are nevertheless committed to protecting Your privacy and the security of Your Personal Data at all times. We collect Personal Data in various ways, digitally via the Site or the Apps (either when you choose to provide Us with certain data or in some cases automatically, or from third parties).

5. PERSONAL DATA WE COLLECT ABOUT YOU

We collect various categories of Personal Data from you, namely:

CATEGORY OF PERSONAL DATA

DESCRIPTION

Contact Details

Full legal name, email address, residential address and mobile/phone number.

Location

IP address of the computer connected to the internet, location data through the mobile phone and Apps used and GPS data.

National Identifier

A number or code attributed to You by a government to identify who you are, such as a passport number or national identity number (including nationality).

Usage date

Details about how and when you use Our services (our Site and/or Apps)

Documentary Data

Details about You that are stored in documents in different formats, or copies of them.

This includes passports, identity cards and utility bills that confirm Your identity and prove the residential address; as well as any other additional documentation as deemed necessary by Our compliance team

Special types of data

Data Protection Laws treat some types of personal information as special, which We will only collect and use if the law allows Us to do so. Such data consist of:

• Political connections
• Criminal convictions and offences

6. HOW AND WHY WE COLLECT PERSONAL DATA

As a general rule, We do not collect any Personal Data, that is, information that identifies You as an individual other than that which You choose to provide to Us such as the data (including Contact Details) You provide when registering with our Site or Apps, when contacting Us with enquiries relating to Our services, when subscribing to any service offered by Us or via Our Site or Apps, such as any newsletters as may be issued by Us from time to time or even when subscribing to any offers We (and/or Our affiliates and/or corporate partners) may offer from time to time.

However, we may also collect personal data from other sources, including data companies, publicly accessible databases, joint marketing partners, social media platform and other third parties. We may also receive Personal Data about You from third parties when We need to confirm Your contact details. Should this be the case, We will take all measures as required by law to further inform You about the source of such Personal Data as well as the categories of Personal Data We collect and process. There are certain instances at law where We are specifically forbidden from disclosing to You such activity (for example, when carrying out due diligence for anti-money laundering purposes).

For information about the Personal Data that We may collect automatically via the Site or Apps, please see the Cookies section below. Unless otherwise specified and subject to various controls, as a general rule, We only collect Personal Data (from You or elsewhere) that We:

• Need to be able to provide You with the services You request from Us;
• Are legally required to collect/use and to keep for a predetermined period of time
• Believe to be necessary for Our legitimate business interests

A detailed description of the reasons why We process specific categories of personal data as well as the corresponding legal ground(s) for doing so, please see the ‘What We Use Your Personal Data For (Purpose of Processing)’ below.

7. WHAT WE USE YOUR PERSONAL DATA FOR (PURPOSE OF PROCESSING)

The Data Protection Laws permit Us to use personal data only if We have a proper reason to do so. Data Protection Laws state that we must have one or more of these reasons:

• To render the services, You have contracted to
• When it is Our legal duty
• When it is in Our legitimate interest – this refers to when We have a business or commercial reason to use Your personal data. If We rely on our legitimate interest, We will tell you what that is
• When You consent to it

Below is a description of what We use Your Personal Data for and the corresponding legal ground(s) we rely on for doing so.

Please note that where We rely on Your consent, this can be withdrawn at will.

• For the purposes of setting up an account on our system, categories of personal data We collect include contact details, documentary data, national identifiers and special category (particularly political connections) data. The legal basis for processing such data is based on contractual necessity, legitimate interest to ensure We have an accurate account and legal duty for due diligence purposes.
• For the purposes of managing our relationship with You, categories of personal data we collect are mainly contact details for purposes of contractual necessity and compliance with legal obligations.
• For the purposes of establishing and investigating any suspicious behavior to protect our business from any risk, fraud or other illegal activities (such as money laundering or terrorist financing) categories of personal data we collect are mainly documentary data and contact details. The legal basis to collect this data is based on our compliance with legal obligations and legitimate interest in detection and prevention of fraud or other illegal activities.
• For the purposes of subscribing to a newsletter or mailing list We mainly collect contact details based on your consent.
• For the purposes of evaluating your queries and/or requests you send Us to use/receive any of Our services (including customer support services) We mainly collect contract details based on contractual necessity and legitimate interest to be able to attend to Your queries.
• For the purposes of maintaining and updating the user accounts records on Our system we will be required to collect contact details based on contractual necessity and legitimate interest to ensure We have an accurate user account record.
• For the purposes of continuing to manage our relationships with You We will be required to collect contact details based on contractual necessity and compliance with legal obligations.
• For the purposes of complying with legal and regulatory obligations including the detection and prevention of any financial crime We will be required to collect documentary data, special types of data, national identifiers and locational data based on our legal obligations.
• For the purposes of providing you with our services, especially those provided via the App including location services We will be required to collect contact details and tracking data based on our contractual necessity.
• For the purposes of developing and managing Our brands, products and services We will be required to collect contact details based on legitimate interest to develop Our products and services.
• For the purposes of internal data analysis, We will be required to collect contact details and tracking data based on contractual necessity.

Should We need to process Your data for a new purpose in the future, which is entirely unrelated to the above, We will inform You of such processing in advance and You may exercise Your applicable rights (as explained below) in relation to such processing.

Finally, do note that without certain Personal Data relating to You, We may not be in the position to provide some or all of the services You expect from Us or even to guarantee the full functionality of Our Site and/or App.

8. Region Specific Disclosures

We may choose or be required by law to provide different or additional disclosures relating to the processing of personal information about residents of certain countries, regions or states. Please refer below for disclosures that may be applicable to you:

• California. If you are a resident of the State of California in the United States, we comply withCalifornia Consumer Privacy Act of 2018 (“CCPA”) specific privacy disclosures.
• Nevada. If you are a resident of the State of Nevada, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt-out of future sales of certain covered information that a website operator has collected or will collect. To submit such a request, please contact us at GuardiansoftheBall.com with the subject line “Nevada opt-out

9. SPECIAL NOTE ON CONSENT

In those limited cases, We will process Your Personal Data based on Your consent, which We will obtain from You in a clear and manifest manner. In such cases where You provide Us with Your consent, You shall have the right to withdraw Your consent at any time and this, in the same manner as You shall have provided it to Us unless an alternative option is provided by Us.

Should You exercise Your right to withdraw Your consent at any time (by writing to Us at the physical or email address below), We will determine whether at that stage an alternative legal basis exists for processing Your Personal Data (for example, based on a legal obligation to which We are subject) where We would be legally authorized (or even obliged) to process Your Personal Data without needing Your consent and if so, notify You accordingly.

When We ask for such Personal Data, You may always decline, however, should You decline to provide Us with necessary data that We require to provide requested services, We may not necessarily be able to provide You with such service (such as location services), especially if consent is the only legal ground that is available to Us.

Just to clarify, consent is not the only ground that permits Us to process Your Personal Data. In the above Section 7, We pointed out the various grounds that We rely on when processing Your Personal Data for specific purposes.

10. ACCURACY OF PERSONAL DATA

All reasonable efforts are made to keep any Personal Data We may hold about You up-to-date and as accurate as possible. You can check the information that We hold about You at any time by contacting Us in the manner explained below. If You find any inaccuracies, We will correct them and where required, delete them as necessary. Please see below for a detailed list of Your legal rights in terms of any applicable Data Protection Laws.

11. DIRECT MARKETING

We only send mail messages, emails and other communications relating to marketing where We are authorized to do so at law. In most cases, We rely on your consent to do so (especially where we use electronic communications). If, at any time, You no longer wish to receive direct marketing communications from Us please let Us know by contacting Us at the details below or update Your preference on any of Our Site(s) or Apps.

In the case of direct marketing sent by electronic communications (where We are legally authorized to do so) You shall be given an easy way of opting out (or unsubscribing) from any such communications.

Please note that even if You withdraw any consent You may have given Us or if You object to receiving such direct marketing material from Us (in those cases where We do not need Your consent), from time to time We may still need to send You certain important communications from which You cannot opt out.

12. TRANSFERS TO THIRD COUNTRIES

As a general principle, for those accessing the Sites or using the Apps with a United States IP address, the Personal Data We process about You (collected via any of our Sites or Apps or otherwise) will be stored and processed within the United States of America. You are welcome to contact Us for more information regarding the adequate safeguards we have in place in relation to any data transfers.

13. INTERNET COMMUNICATIONS

You will be aware that data sent via the Internet may be transmitted across international borders even where sender and receiver of information are in the same country. We cannot be held responsible for anything done or omitted to be done by You or any third party in connection with any Personal Data prior to Our receiving it is including but not limited to any transfers of Personal Data from You to Us via a country having a lower level of data protection than that in place in the United States, and this, by any technological means whatsoever.

Moreover, We shall accept no responsibility or liability whatsoever for the security of Your data while in transit through the internet unless Our responsibility results explicitly from a law having effect in the United States.

14. AUTHORIZED DISCLOSURES

Without prejudice to anything contained in this Privacy Policy and in the interest of full transparency, We reserve the right to disclose (and otherwise process) any relevant Personal Data relating to You which We may be processing (including in certain cases relevant IP addresses) to authorized third parties in or outside the United States if such disclosures are allowed under the Data Protection Laws (whether or not You have provided Your consent) including but not limited to the following instances:

• For preventing, detecting or suppressing fraud (for example, if You provide false or deceptive information about Yourself or attempt to pose as someone else, we may disclose any information We may have about You in Our possession to assist any type of investigation into Your actions);

In the event of Guardians of the Ball Ltd.

• or any of its subsidiaries being involved in a merger, sale, restructure, acquisition, joint venture, assignment or transfer (of business, shares, assets or otherwise);
• To protect and defend Our rights (including the right to property), safety, or to those of Our affiliates, of Users of Our Site or even You own;
• To protect against abuse, misuse or unauthorized use of Our Site or App;
• For any purpose that may be necessary for the performance of any agreement You may have entered into with Us (including the request for provision of services by third parties) or to take steps at Your request prior to entering a contract;
• To comply with any legal obligations such as may arise by way of response to any Court subpoena or order or similar official request for Personal Data; or
• As may otherwise be specifically allowed or required by or under any applicable law (for example, under anti-money laundering legislation).

15. SHARING OF PERSONAL DATA WITH OTHER CATEGORIES OF RECIPIENTS

Relevant data will also be disclosed or shared as appropriate (and in all cases in line with the Data Protection Laws) to/with members and staff of Guardians of the Ball Ltd. and/or sub-contractors established within the United States if pertinent to any of the purposes listed in this Privacy Policy (including to/with Our services providers who facilitate the functionality of our Site and App and/or any service You may require).

Any such authorized disclosures will be done in accordance with the Data Protection Laws (for example all Our processors are contractually bound by the requirements in the said Data Protection Laws, including a strict obligation to keep any information they receive confidential and to ensure that their employees/personnel are also bound by similar obligations).

Your Personal Data will also be shared with our business partners, particularly the sports teams whose branded goods and services You have specifically opted to use, buy or interact through our Site and/or App. However, your Personal Data will never be processed by such third parties for their marketing purposes (unless You give Your consent thereto).

The third parties who We may disclose to and/or share Your Personal Data with are, at the date of this Privacy Policy, the following:

• Cloud Service Provider for the hosting of data under state-of-the-art security protocols and our exclusive control.
• IT Service Providers for the maintenance and support of our IT systems/Site(s) with restricted access and under strict controls.
• Customer Support Software Providers for the provision of a customer support software to provide our users with a high-level customer support with restricted access and our strict controls.
• Marketing and Customer Retention Management Tools for the provision of marketing email communications send outs under our strict control and management.
• Public Authorities for compliance with legal obligations and only after verifications are made into necessity of disclosure.
• Our independent financial and legal advisors for the provision of legal and financial support to Guardians of the Ball Ltd. and affiliated entities
• Business partners with whom we have a co-operation or partnership agreement to facilitate and improve the services and goods referred to you, including the tailoring of such services and goods, if deemed appropriate.
• Advertising partners and social media platforms for marketing purposes to send adverts to You because You may be interested in our services or to send our adverts to people who have a similar profile to You, utilizing for example Facebook’s ‘Custom Audience’ or ‘Google Ads’

16. SECURITY MEASURES

The Personal Data which We may hold (and/or transfer to any affiliates/partners/subcontractors as the case may be) will be held securely in accordance with Our internal security policy and the applicable law.

We use reasonable efforts to safeguard the confidentiality of any and/or all Personal Data that We may process relating to you and regularly review and enhance Our technical, physical and managerial procedures so as to ensure that Your Personal Data is protected from:

• Unauthorized access
• Improper use or disclosure
• Unauthorized modification
• Unlawful destruction or accidental loss

We have implemented security policies, rules and technical and organizational measures to protect the Personal Data that We may have under our control. All our members, staff and data processors (including specific subcontractors and cloud service providers established within the United States), who may have access to and are associated with the processing of Personal Data, are further obliged (under contract) to respect the confidentiality of Our Users’ or clients’ Personal Data as well as other obligations as imposed by the Data Protection Laws.

Despite all the above, We cannot guarantee that a data transmission or a storage system can ever be 100% secure. Authorized third parties, and external/third-party service providers, with permitted access to your Personal Data (as explained in this Privacy Policy) are specifically required to apply appropriate technical and organizational security measures that may be necessary to safeguard the Personal Data being processed from unauthorized or accidental disclosure, loss or destruction and from any unlawful forms of processing.

As stated above, the said service providers are also bound by several other obligations in line with the Data Protection Laws

17. RETENTION PERIODS

We will retain Your Personal Data only for as long as is necessary (taking into consideration the purpose for which it was originally obtained). The criteria We use to determine what is ‘necessary’ depends on the Personal Data in question and the specific relationship We have with you (including its duration).

Our standard practice is to determine whether there is/are any specific US law(s) (for example tax or corporate laws) permitting or even obliging Us to keep certain Personal Data for a certain period of time (in which case We will keep the Personal Data for the maximum period indicated by any such law).

We would also have to determine whether there are any laws and/or contractual provisions that may be invoked against Us by You and/or third parties and if so, what the prescriptive periods for such actions are (this is usually five (5) years). In the latter case, we will keep any relevant Personal Data that We may need to defend Ourselves against any claim(s), challenge(s) or other such action(s) by You and/or third parties for such time as is necessary.

We will retain your Personal Data on Our systems for the longest of the following periods:

• If You are a customer or user of Our services
• Any retention period that is required by applicable law
• The end of the period in which litigation or investigations might arise in respect of Our products or services

Where Your Personal Data is no longer required by Us, we will either securely delete or anonymize the Personal Data in question.

18. PROCESSING FOR RESEARCH AND STATISTICAL REASONS

Research and statistics using User or client information is only carried out so that We may understand Our Users’ and/or clients’ needs and to develop and improve Our services/activities. In any case, We will always ensure to obtain any consent We may legally require from You beforehand. As in all other cases, we will also ensure to implement all appropriate safeguards as may be necessary.

19. LINKS TO THIRD-PARTY SOURCES

Links that We may provide to third-party websites are clearly marked and We are not in any way whatsoever responsible for (nor can We be deemed to endorse in any way) the content of such websites (including any applicable privacy policies or data processing operations of any kind). We suggest that You should view the privacy policies of any such third-party websites.

20. COOKIES

When You visit Our site, or use our App, We will collect certain categories of Personal Data automatically using cookies and similar technologies. For more detailed information including what cookies are and how and why We process such data in this manner (including the difference between ‘essential’ and ‘non-essential’ cookies) please read Our Detailed Cookies Policy.

21. MINORS

Our Site, App and services are not intended to be used by any person under the age of sixteen (18) and therefore We will never intentionally collect any Personal Data from such persons. If You are under the age of consent, please consult and get Your parent’s or legal guardian’s permission to use the site, App and any of Our other services. We shall consider that any Personal Data of any persons under the age of sixteen (18) received by Us, shall be sent with the proper authority from the holder of parental responsibility over the child and that the sender can demonstrate such authority at any time, upon Our request.

22. YOUR RIGHTS UNDER THE DATA PROTECTION LAWS

Before addressing any request, you make with Us, we may first need to verify Your identity.

As explained in the Retention Periods section above, we may need to keep certain Personal Data for compliance with Our legal retention obligations but also to complete transactions that You requested prior to the change or deletion that You requested.

Under certain circumstances, by law You have the right to:

• Be informed in a clear, transparent and easily understandable way about how We use Your Personal Data and about your rights.
• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about You and to check that We are lawfully processing it.
• Request rectification of the Personal Data that we hold about you. This enables You to have any incomplete or inaccurate information We hold about You corrected.
• Request erasure of Your Personal Data. This enables You to ask Us to delete or remove personal information where there is no good reason for Us continuing to process it (for instance, we may need to continue using your Personal Data to comply with Our regulatory and legal obligations).
• Object to the processing of Your Personal Data where We are relying on a legitimate interest (or those of a third party) and there is something that makes You want to object to Us using Your Personal Data and we do not have a legitimate basis for doing so, which overrides Your rights, interests and freedoms (for instance, We may need it to defend a legal case). You also have the right to object when We are processing your personal information for direct marketing purposes.
• Request the restriction of processing of Your Personal Data. This enables You to ask us to suspend the processing of Personal Data about You, for example if You want Us to establish its accuracy or the reason for processing it.
• Request the transfer of Your Personal Data to another party where you provided it to Us and we are using it based on your consent, or to carry out a contract with You, and We process it using automated means.
• Withdraw consent. In the limited circumstances where We are relying on Your consent (as opposed to the other legal grounds set out above) to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw Your consent for that specific processing at any time. Once We have received notification that You have withdrawn Your consent, We will no longer process your Personal Data for the purpose or purposes You originally agreed to, unless we have a legitimate interest in doing so or We are bound by regulatory requirements to continue doing so for a defined period of time.
• Lodge a complaint. If You think that We are using Your information in a way which breaches Data Protection Laws, You have the right to lodge a complaint with the appropriate Data Protection Supervisory Authority, if you are in the United States, you can refer to the Office of Consumer Privacy at https://www.usa.gov/privacy and if a resident of California this will be the State of California Attorney General’s Office which may be accessed by clicking the link https://oag.ca.gov/contact/consumer-complaint-against-business-or-company. We kindly ask that You please attempt to resolve any issues You may have with Us first.

WHAT WE MAY REQUIRE FROM YOU

We may need to request specific information from You to help us understand the nature of Your complaint or request, to confirm Your identity and ensure Your right to access the information (or to exercise any of Your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Should your requests in exercising your abovementioned rights be manifestly unfounded or excessive, in particular because of their repetitive nature, We reserve the right to charge You a reasonable fee which shall be determined at Our sole discretion, taking into account the administrative costs incurred by us to provide the information or communication or taking the action requested by You. We shall communicate to you in advance the fee amount that will be charged in the given circumstances.

HOW QUICKLY WILL WE RESPOND TO YOUR REQUEST?

In all cases, we will try to act on your requests as soon as reasonably possible, within a maximum of one month of receipt of the request, which period may be extended by two (2) more months where necessary, considering the complexity and number of the requests. We shall inform You of any such extension within one (1) month of receipt of the request, together with the reasons for the delay.

23. Guardians of the Ball Limited**. – COMPANY DETAILS**

Guardians of the Ball Limited, a company registered in Malta is the data controller responsible for processing Your Personal Data that takes place via the Site, our App or in the manner explained above.

If you have any questions/comments about privacy or should You wish to exercise any of Your individual rights, please contact Us by sending an email to the following address: [email protected] with the subject “PRIVACY REQUEST” or by writing to:

DATA PROTECTION OFFICER

Guardians of the Ball Limited.

14404 NW 87th PL, Miami Lakes FL 33018.

24. UPDATES

We reserve the right to unilaterally modify this Privacy Policy at any time, particularly if statutory obligations so mandate or the interest of our users’ security so requires. To let You know when we make changes to this Privacy Policy, We will amend the revision date at the top of this page. The modified Privacy Policy will apply from such revision date. We will not officially notify you about such changes, and it is therefore in Your own interest to check this Privacy Policy page from time to time to familiarize yourself with any changes.

GLOBAL PRIVACY POLICY

THIS GLOBAL PRIVACY POLICY DOES NOT APPLY TO TURKISH RESIDENTS. THE ‘TURKISH PRIVACY POLICY’ INDICATED HEREUNDER APPLIES TO TURKISH RESIDENTS

1. INTRODUCTION

This Privacy Notice (” Privacy Notice”) relates to (i) the Guardians of the Ball software application or any related software application whether used on a mobile device or on a computer (” Apps”) and (ii) the website https://www.GuardiansoftheBall.com and/or any sub-website and/or associated domains (and/or sub-domains) of https://www.GuardiansoftheBall.com (the ” Site”), (iii) the owner of the Site and (iv) the services provided by Mediarex Enterprises Limited and its subsidiaries, whether direct or indirect, including but not limited to Guardians of the Ball Services Limited (hereinafter collectively referred to as ” We”, ” Us”, ” Our”, ” Ourselves”, ” Guardians of the Ball”).

” You”, ” Your” and ” User” refer to an identified or identifiable natural person being the User of the Site, Apps and/or client (or prospective client) of any of Our services.

This Privacy Notice provides detailed, layered information as to how and why We process Personal Data (via the Site, any of Our Apps, or otherwise) as well as detailed information about Your rights under the General Data Protection Regulation (the GDPR, EU 2016/679). We are committed to protecting Your privacy and handling your information in an open and transparent manner.

We strongly encourage You to read this Privacy Notice with care. Please contact Us for any clarification You may need. We would be happy to provide You with any information You may need.

2. CONTENTS OF THIS PRIVACY NOTICE

1. Introduction
2. Contents of this Privacy Notice
3. Applicable Laws
4. Who are we?
5. What is personal data?
6. Personal data we collect about you
7. How and why, we collect personal data
8. Basis and purpose for processing your personal data
9. Special note on consent
10. Accuracy of personal data
11. Direct marketing
12. Transfers to third countries
13. Internet communications
14. Authorized disclosures
15. Sharing of personal data with other categories of recipients
16. Security measures
17. Retention periods
18. Processing for research and statistical reasons
19. Links to third-party sources
20. Cookies
21. Minors
22. Your rights under the data protection laws
23. What we may require from you
24. How quickly will respond to your request
25. Updates

3. APPLICABLE LAWS

As an entity established in Malta (EU), the main privacy laws that are applicable to Us in so far as You are concerned, are the following:

• The Maltese Data Protection Act (Chapter 586 of the Laws of Malta) as well as the various subsidiary legislation issued under the same – the ‘DPA’ as may be amended or replaced from time to time;
• The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC ( General Data Protection Regulation ) – the ” GDPR” as may be amended or replaced from time to time; and
• Any successor legislation to the DPA and/or the GDPR.
• • And any other applicable data protection laws the Guardians of the Ball Ltd may be subject to.

All the above is referred to collectively as the ” Data Protection Laws”.

4. WHO ARE WE

We are Guardians of the Ball Limited, a company registered in Malta with company registration number C105281 and whose registered address is 152 Number 9 Naxxar Road, San Gwann, SG9130, Malta. We are the data controller responsible for processing Your Personal Data that takes place via the Site, our App or in the manner explained above.

If you have any questions/comments about privacy or should You wish to exercise any of Your individual rights, please contact Us by sending an email to the following address: [email protected] with the subject “PRIVACY REQUEST” or by writing to:

DATA PROTECTION OFFICER

Guardians of the Ball Ltd.

152 Number 9 Naxxar Road, San Gwann, SG9130, Malta

5. WHAT IS PERSONAL DATA

” PERSONAL DATA” means any information that identifies You as an individual or that relates to an identifiable individual.

Whenever it is not possible or feasible for Us to make use of anonymous and/or anonymized data (in a manner that does not identify any Users of the Site, Apps or customers of Our services), We are nevertheless committed to protecting Your privacy and the security of Your Personal Data at all times. We collect Personal Data in various ways, digitally via the Site or the Apps (either when you choose to provide Us with certain data or in some cases automatically, or from third parties).

6. PERSONAL DATA WE COLLECT ABOUT YOU

We may collect various categories of personal data, including:

Purpose For Processing	Category of Personal Data /Description	Legal Basis
To register You as a User; to identify You and verify You when You access your Account. to ensure We have accurate details about You	Contact Details:Full legal name, email address, residential address, mobile number, date of birth, nationality.	Performance of Contract, Legitimate Interest
If you voluntarily upload Your photograph.To perform our KYC checks).	Photograph: Optional, to complete your user profile. Mandatory for the verifying your identity in the KYC process.	Consent (Optional) Legal Obligation (for KYC purposes)
To identify the jurisdiction You are in; to detect and prevent fraud.	Location Data: IP address of the computer connected to the internet, location data through your mobile phone and Apps used and GPS data.	Performance of Contract; Legitimate Interest
To identify You as a User; To perform our KYC checks.	National Identifier: A number or code attributed to you by a government to identify who you are, such as a passport number or national identity number (including nationality).	Performance of Contract, Legal Obligation
To process and manage payment transactions.	Payment Data : Your payment details, to purchase $CHZ; elements of Your transactions.	Performance of Contract, Legal Obligation
To improve Our Services, and improve Your experience with Our services.	Usage Data: Details about how and when you use Our services (our Site and/or Apps).	Legitimate Interest
To perform our Due Diligence checks.	Know Your Customer Data: Details about You that are stored in documents in different formats, or copies of them.This includes: · passports, · identity cards and · utility bills that confirm Your identity and or other prove proof of the residential address; · Source of income document (payslip, invoice…)· as well as any other additional documentation as deemed necessary by Our compliance team.	Legal Obligation
Special Types of Data	Data Protection Laws treat some types of personal information as special, which We will only collect and use if the law allows Us to do so. Such data consist of:· Political connections;· Criminal convictions and offences	Legal Obligation
To redeem Your event tickets	Mobile Number, Email Address, Username, First Name, Surname, Date of Birth, Nationality, Proof of ID document, Payments Data (Amount / Status of Payment / $CHZ Amount / Payment Reference ID / Payment Type), Selfie, Data of Your +1 You submit to Us: Mobile Number, Email Address, First Name, Surname, Date of Birth, Nationality, Proof of ID document.	Performance of Contract, Legal Obligation
To Send You Marketing Communications or call You to offer some Services Communications	Name, Surname, Email Address, mobile number, preferences.	Consent

We may share some of these data with Our Business Partners for the purpose of providing You with some services. Before We do so, We will always inform You as part of Our contractual obligations towards You, the User. Failure to do so will prevent Us from providing some of these services to You. Marketing purposes from Business Partners will request Your consent.

7. HOW AND WHY WE COLLECT PERSONAL DATA

As a general rule, We do not collect any Personal Data, that is, information that identifies You as an individual other than that which You choose to provide to Us such as the data (including Contact Details) You provide when registering with our Site or Apps, when contacting Us with enquiries relating to Our services, when subscribing to any service offered by Us or via Our Site or Apps, such as any newsletters as may be issued by Us from time to time or even when subscribing to any offers We (and/or Our affiliates and/or corporate partners) may offer from time to time.

However, we may also collect personal data from other sources, including data companies, publicly accessible databases, joint marketing partners, social media platform and other third parties. We may also receive Personal Data about You from third parties when We need to confirm Your contact details. Should this be the case, We will take all measures as required by law to further inform You about the source of such Personal Data as well as the categories of Personal Data We collect and process. There are certain instances at law where We are specifically forbidden from disclosing to You such activity (for example, when carrying out due diligence for anti-money laundering purposes).

For information about the Personal Data that We may collect automatically via the Site or Apps, please see the Cookies section below.

Unless otherwise specified and subject to various controls, as a general rule, We only collect Personal Data (from You or elsewhere) that We:

• Need to be able to provide You with the services You request from Us
• Are legally required to collect/use and to keep for a predetermined period of time
• Believe to be necessary for Our legitimate business interests

To provide our services, and for the purpose of preventing illegitimate use of Our services, we carry out profiling of our customers and their activities using automated processes. However, any decisions taken based on these profiles and information are taken by natural persons.

A detailed description of the reasons why we process specific categories of personal data as well as the corresponding legal ground(s) for doing so, please see the ‘What We Use Your Personal Data For (Purpose of Processing)’ below.

If You wish to visit our Careers page, You will be redirected to the Chiliz.com website, owned by one of Our Group entities.

8. BASIS AND PURPOSE FOR PROCESSING YOUR PERSONAL DATA

8.1 BASIS FOR PROCESSING YOUR PERSONAL DATA

Data Protection Laws permit us to use personal data only if We have a proper reason to do so. GDPR states that we must have one or more of these reasons:

• To render the services You have contracted to
• When it is Our legal duty
• When it is in Our legitimate interest – this refers to when We have a business or commercial reason to use Your personal data. If We rely on our legitimate interest, We will tell you what that is
• When You consent to it: Please note that where we rely on Your consent, this can be withdrawn at any time and at no cost.

Below under 8.2 We provide a description of what We use Your personal Data for and the corresponding legal ground(s) we rely on for doing so.

8.2 PURPOSE FOR PROCESSING YOUR PERSONAL DATA

We may process Your Personal Data for one or several of the following purposes:

• For the purposes of setting up an account on our system, categories of personal data we collect include contact details, KYC data, national identifiers and special category (particularly political connections) data. The legal basis for processing such data is based on contractual necessity, legitimate interest to ensure we have an accurate account and legal duty for due diligence purposes.

• For the purposes of managing our relationship with you, making our Apps available to You and providing You with Our Services including inviting You to sport and fan engagement events categories of personal data we collect are mainly contact details for purposes of contractual necessity and compliance with legal obligations. Also, location services we will be required to collect contact details and tracking data based on our contractual necessity.

• For the purposes of evaluating your queries and/or requests you send us to use/receive any of our services (including customer support services) we mainly collect contact details based on contractual necessity and legitimate interest to be able to attend to your queries.

• For the purposes of establishing and investigating any suspicious behaviour in order to protect our business from any risk, fraud or other illegal activities (such as money laundering or terrorist financing) and to comply with legal and regulatory obligations including the detection and prevention of any financial crime categories of personal data we collect are mainly documentary data, collect documentary data, special types of data, national identifiers locational data and contact details. The legal basis to collect such data is based on our compliance with legal obligations and legitimate interest in detection and prevention of fraud or other illegal activities.

• For the purposes of complying with legal and regulatory obligations including the detection and prevention of any financial crime we will be required to collect documentary data, special types of data, national identifiers and locational data based on our legal obligations.

• For the purposes of subscribing to and sending You our newsletter or mailing list we collect contact details based on Your consent.

• For the purposes of maintaining and updating the user accounts records on our system we will be required to collect contact details based on contractual necessity and legitimate interest to ensure we have an accurate user account record.

• For the purposes of continuing to manage our relationships with you we will be required to collect contact details based on contractual necessity and compliance with legal obligations.

• For the purposes of developing and managing our brands, products and services we will collect contact details based on legitimate interest to develop our products and services.

• For the purposes of internal data analysis, we will be required to collect contact details and tracking data based on contractual necessity.

• For the purpose of allowing you to participate in contests and to allow you to redeem your prize; for this purpose, we may need to share your personal data with our Partners. We will always inform you before doing so.

Should We need to process Your data for a new purpose in the future, which is entirely unrelated to the above, We will inform You of such processing in advance and You may exercise Your applicable rights (as explained below) in relation to such processing.

Finally, do note that without certain Personal Data relating to You, We may not be in the position to provide some or all of the services You expect from Us or even to guarantee the full functionality of Our Site and/or App.

9. SPECIAL NOTE ON CONSENT

In those limited cases, We will process Your Personal Data on the basis of Your consent, which We will obtain from You in a clear and manifest manner on the Apps. In such cases where You provide Us with Your consent, You shall have the right to withdraw Your consent at any time and at no cost and this, in the same manner as You shall have provided it to Us unless an alternative option is provided by Us.

Should You exercise Your right to withdraw Your consent at any time (by writing to Us at the physical or email address in section 4), We will determine whether at that stage an alternative legal basis exists for processing Your Personal Data (for example, on the basis of a legal obligation to which We are subject) where We would be legally authorized (or even obliged) to process Your Personal Data without needing Your consent and if so, notify You accordingly.

When We ask Your consent to process Your Personal Data for a specific purpose, You remain free to decline, however, should You decline to provide Us with necessary data that We require to provide requested services, We may not necessarily be able to provide You with such service (such as location services, invitation to sport events), especially if consent is the only legal ground that is available to Us.

Just to clarify, consent is not the only ground that permits Us to process Your Personal Data. In the above Section 8, We pointed out the various grounds that We rely on when processing Your Personal Data for specific purposes.

10. ACCURACY OF PERSONAL DATA

All reasonable efforts are made to keep any Personal Data We may hold about You up-to-date and as accurate as possible. You can check the information that We hold about You at any time by contacting Us in the manner explained below. If You find any inaccuracies, We will correct them and where required, delete them as necessary. Please see below for a detailed list of Your legal rights in terms of any applicable Data Protection Laws.

11. DIRECT MARKETING

We only send mail messages, emails and other communications (including call and other messaging application) relating to our Services that You use (e.g. to invite You to events) and marketing on our behalf as well as on the behalf of our partners where We are authorized to do so at law. In most cases We rely on Your consent to do so (especially where We use electronic communications). If, at any time, You no longer wish to receive direct marketing communications from Us please let Us know by contacting us at Support@Guardians of the Ball.com.

In the case of direct marketing sent by electronic communications (where We are legally authorized to do so) You shall be given an easy way of opting out (or unsubscribing) from any such communications.

Please note that even if You withdraw any consent You may have given Us or if You object to receiving such direct marketing material from Us (in those cases where We do not need Your consent), from time to time We may still need to send You certain important communications from which You cannot opt out.

12. TRANSFERS TO THIRD COUNTRIES

As a general principle, the Personal Data We process about You (collected via any of our Sites or Apps or otherwise) will be stored and processed within the European Union (EU)/European Economic Area (EEA) or any other non-EEA country deemed by the European Commission to offer an adequate level of protection.

In some cases, it may be necessary for Us to transfer Your Personal Data to a non-EEA country not considered by the European Commission to offer an adequate level of protection. In such cases, apart from all appropriate safeguards that We implement, in any case, to protect Your Personal Data, We have put in place additional adequate measures. For example, We will ensure that the recipient is bound by the EU Standard Contractual Clauses (the EU Model Clauses) designed to protect Your Personal Data as though it were an intra-EEA transfer, and provide technical and organizational measures as may be required to safeguard Your Personal Data. You are welcome to contact Us for more information regarding the adequate safeguards we have in place in relation to such data transfers.

13. INTERNET COMMUNICATIONS

You will be aware that data sent via the Internet may be transmitted across international borders even where sender and receiver of information are located in the same country. We cannot be held responsible for anything done or omitted to be done by You or any third party in connection with any Personal Data prior to Our receiving it including but not limited to any transfers of Personal Data from You to Us via a country having a lower level of data protection than that in place in the European Union, and this, by any technological means whatsoever.

Moreover, We shall accept no responsibility or liability whatsoever for the security of Your data while in transit through the internet unless Our responsibility results explicitly from a law having effect in Malta.

14. AUTHORISED DISCLOSURES

Without prejudice to anything contained in this Privacy Notice and in the interest of full transparency, We reserve the right to disclose (and otherwise process) any relevant Personal Data relating to You which We may be processing (including in certain cases relevant IP addresses) to authorized third parties in or outside the EU/EEA if such disclosures are allowed under the Data Protection Laws (whether or not You have provided Your consent) including but not limited to the following instances:

• For the purpose of preventing, detecting or suppressing fraud, combating anti money laundering and the financing of terrorism (for example, if You provide false or deceptive information about Yourself or attempt to pose as someone else, We may disclose any information We may have about You in Our possession so as to assist any type of investigation into Your actions);
• In the event of the Guardians of the Ball Ltd or any of its subsidiaries being involved in a merger, sale, restructure, acquisition, joint venture, assignment or transfer (of business, shares, assets or otherwise). In such case, we will attempt to inform you of it, as well as of the identity of the new Data Controller either by directly contacting you, by placing public notices on our website and potentially by using other appropriate media;
• To protect and defend Our rights (including the right to property), safety, or to those of Our affiliates, of Users of Our Site or even You own;
• To protect against abuse, misuse or unauthorize use of Our Site or App;
• For any purpose that may be necessary for the performance of any agreement You may have entered into with Us (including the request for provision of services by third parties) or in order to take steps at Your request prior to entering into a contract this may include, for instance, sharing Your personal data with our Partners, to allow you to participate in contexts and to allow you to redeem your prize;
• To comply with any legal obligations such as may arise by way of response to any order of a judicial body (subpoena or otherwise), to cooperate with the request of a state body or regulatory authority or order or similar official request for Personal Data; or
• As may otherwise be specifically allowed or required by or under any applicable law.

15. SHARING OF PERSONAL DATA WITH OTHER CATEGORIES OF RECIPIENTS

We may share Your personal data with Our Group entities in order to provide You with the services requested and for internal administrative purposes. We may also share Your personal data with external service providers, for the purpose of providing You with the service You requested. In all cases, we will only share your Data on a “need-to-know” basis to fulfil the purposes defined above.

We encourage You to read the third parties’ Privacy Notices to understand their privacy practices.

15.1 PROCESSING OF YOUR DATA WITH THIRD PARTY TO OFFER YOUR OUR SERVICES

Relevant data will also be disclosed or shared as appropriate (and in all cases in line with the Data Protection Laws) to/with members and staff of Guardians of the Ball Ltd, to/with other affiliated entities of Guardians of the Ball Ltd and/or sub-contractors established within the European Union if pertinent to any of the purposes listed in this Privacy Notice (including to/with Our services providers who facilitate the functionality of our Site and App and/or any service You may require).

Any such authorized disclosures will be done in accordance with the Data Protection Laws (for example all Our processors are contractually bound by the requirements in the said Data Protection Laws, including a strict obligation to keep any information they receive confidential and to ensure that their employees/personnel are also bound by similar obligations). The said service providers are also bound by a number of other obligations (in -particular, Article 28 of the GDPR).

15.2 TRANSFER OF YOUR DATA WITH THIRD PARTY TO EXTEND OUR SERVICES AND FOR MARKETING REASONS BY THIRD PARTIES

Your Personal Data will also be shared with our business partners, particularly the sports teams whose branded goods (e.g. merchandise) and services (e.g. ticket sport events and admission to stadium to attend sport events) You have specifically opted to use, buy or interact through our Site and/or App.

However, your Personal Data will never be processed by such third parties for their marketing purposes unless You give Your consent thereto. Upon Your consent collected on Our Apps, the third parties who We may disclose to and/or share Your Personal Data with are, at the date of this Privacy Notice, the following:

• Cloud Service Provider for the hosting of data under state-of-the-art security protocols and our exclusive control.
• IT Service Providers for the maintenance and support of our IT systems/Site(s) with restricted access and under strict controls.
• Customer Support Software Providers for the provision of a customer support software in order to provide our users with a high-level customer support with restricted access and our strict controls.
• Marketing and Customer Retention Management Tools for the provision of marketing email communications send outs under our strict control and management.
• Public Authorities for compliance with legal obligations and only after verifications are made into necessity of disclosure.
• Our independent financial and legal advisors for the provision of legal and financial support to Guardians of the Ball Ltd and affiliated entities.
• Business Partners with whom we have a co-operation or partnership agreement to facilitate and improve the services and goods referred to you, including the tailoring of such services and goods, if deemed appropriate.
• Advertising partners and social media platforms for marketing purposes to send adverts to You because You may be interested in Our services or to send Our adverts to people who have a similar profile to You, utilizing for example Facebook’s ‘Custom Audience’ or ‘Google Ads’.

16. SECURITY MEASURES

The Personal Data which We may hold (and/or transfer to any affiliates/partners/subcontractors as the case may be) will be held securely in accordance with Our internal security policy and the applicable law.

We use reasonable efforts to safeguard the confidentiality of any and/or all Personal Data that We may process relating to You and regularly review and enhance Our technical, physical and managerial procedures so as to ensure that Your Personal Data is protected from:

• Unauthorized access
• Improper use or disclosure
• Unauthorized modification
• Unlawful destruction or accidental loss

We have implemented security policies, rules and technical and organizational measures to protect the Personal Data that We may have under Our control. All our members, staff and data processors (including specific subcontractors and cloud service providers established within the European Union), who may have access to and are associated with the processing of Personal Data, are further obliged (under contract) to respect the confidentiality of Our Users’ or clients’ Personal Data as well as other obligations as imposed by the Data Protection Laws.

Despite all the above, We cannot guarantee that a data transmission or a storage system can ever be 100% secure. Authorized third parties, and external/third-party service providers, with permitted access to Your Personal Data (as explained in this Privacy Notice) are specifically required to apply appropriate technical and organizational security measures that may be necessary to safeguard the Personal Data being processed from unauthorized or accidental disclosure, loss or destruction and from any unlawful forms of processing.

As stated above, the said service providers are also bound by a number of other obligations in line with the Data Protection Laws (particularly, Article 28 of the GDPR).

17. RETENTION PERIODS

Under EU Data Protection Laws, We will retain Your Personal Data only for as long as is necessary (taking into consideration the purpose for which it was originally obtained). The criteria We use to determine what is ‘necessary’ depends on the particular Personal Data in question and the specific relationship We have with You (including its duration).

Our standard practice is to determine whether there is/are any specific EU and/or Maltese law(s) (for example tax or corporate laws) permitting or even obliging Us to keep certain Personal Data for a certain period of time (in which case We will keep the Personal Data for the maximum period indicated by any such law).

We would also have to determine whether there are any laws and/or contractual provisions that may be invoked against Us by You and/or third parties and if so, what the prescriptive periods for such actions are (this is usually five (5) years). In the latter case, We will keep any relevant Personal Data that We may need to defend Ourselves against any claim(s), challenge(s) or other such action(s) by You and/or third parties for such time as is necessary.

We will retain your Personal Data on Our systems for the longest of the following periods:

• As long as You are a customer or user of Our services
• Any retention period that is required by applicable law
• The end of the period in which litigation or investigations might arise in respect of Our products or services

Where Your Personal Data is no longer required by Us, We will either securely delete or anonymize the Personal Data in question.

18. PROCESSING FOR RESEARCH AND STATISTICAL REASONS

Research and statistics using User or client information is only carried out so that We may understand Our Users’ and/or clients’ needs and to develop and improve Our services/activities. In any case, We will always ensure to obtain any consent We may legally require from You beforehand. As in all other cases, We will also ensure to implement all appropriate safeguards as may be necessary.

19. LINKS TO THIRD-PARTY SOURCES

Links that We may provide to third-party websites are clearly marked and We are not in any way whatsoever responsible for (nor can We be deemed to endorse in any way) the content of such websites (including any applicable privacy policies or data processing operations of any kind). We suggest that You should the privacy policies of any such third-party websites.

20. COOKIES

When You visit Our site or use our App, We will collect certain categories of Personal Data automatically through the use of cookies and similar technologies.

For more detailed information including what cookies are and how and why We process such data in this manner (including the difference between ‘essential’ and ‘non-essential’ cookies) please read Our detailed Cookies Notice: https://www.Guardians of the Ball.com/cookies-policy/

Our Website/App may also feature social media widgets. These social media features are either hosted by a third party or directly on our website. When using these widgets, or our respective pages on these provider’s platforms, we encourage you to read and make reference to their respective privacy notices.

21. MINORS

Our Site, App and services are not intended to be used by any person under the age of eighteen (18) and therefore We will never intentionally collect or process any Personal Data from such minor persons. If You are under the age of consent, please consult and get Your parent’s or legal guardian’s permission to use the site, App and any of Our other services.

We shall consider that any Personal Data of any persons under the age of sixteen (16) received by Us, shall be sent with the proper authority from the holder of parental responsibility over the child and that the sender can demonstrate such authority at any time, upon Our request.

22. YOUR RIGHTS UNDER THE DATA PROTECTION LAWS

Before addressing any request You make with Us, We may first need to verify Your identity.

As explained in the Retention Periods section above, We may need to keep certain Personal Data for compliance with Our legal retention obligations but also to complete transactions that You requested prior to the change or deletion that You requested. ** **

If You are in the EU/EEA, under certain circumstances, by law You have the right to:

• Be informed in a clear, transparent and easily understandable way about how We use Your Personal Data and about your rights.

• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about You and to check that We are lawfully processing it.

• Request rectification of the Personal Data that we hold about you. This enables You to have any incomplete or inaccurate information We hold about You corrected.

• Request erasure of Your Personal Data. This enables You to ask Us to delete or remove personal information where there is no good reason for Us continuing to process it (for instance, we may need to continue using your Personal Data to comply with Our regulatory and legal obligations).

• Object to the processing of Your Personal Data where We are relying on a legitimate interest (or those of a third party) and there is something that makes You want to object to Us using Your Personal Data and we do not have a legitimate basis for doing so, which overrides Your rights, interests and freedoms (for instance, We may need it to defend a legal case). You also have the right to object when We are processing your personal information for direct marketing purposes.

• Request the restriction of processing of Your Personal Data. This enables You to ask us to suspend the processing of Personal Data about You, for example if You want Us to establish its accuracy or the reason for processing it.

• Request the transfer of Your Personal Data to another party where you provided it to Us and We are using it based on your consent, or to carry out a contract with You, and we process it using automated means.

• Withdraw consent. In the limited circumstances where We are relying on Your consent (as opposed to the other legal grounds set out above) to the collection, processing and transfer of your Personal Data for a specific purpose, You have the right to withdraw Your consent for that specific processing at any time and at no cost. Once we have received notification that You have withdrawn Your consent, We will no longer process Your Personal Data for the purpose or purposes You originally agreed to, unless We have a legitimate interest in doing so or We are bound by regulatory requirements to continue doing so for a defined period of time.

• Lodge a complaint. If You think that We are using Your information in a way which breaches Data Protection Laws, You have the right to lodge a complaint with the appropriate Data Protection Supervisory Authority, if you are in Malta, this will be the Office of the Information and Data Protection Commissioner (‘IDPC’) which may be accessed by clicking this link www.idpc.org.mt. You can find a list of Supervisory Authorities here.

• We kindly ask that You please attempt to resolve any issues You may have with Us first.

If You are not in the EU/EEA, please contact Us at dataprotection@Guardians of the Ball.com to find out more about data protection requirements of the jurisdiction You are in.

23. WHAT WE MAY REQUIRE FROM YOU

We may need to request specific information from You to help us understand the nature of Your complaint or request, to confirm Your identity and ensure Your right to access the information (or to exercise any of Your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Should your requests in exercising your abovementioned rights be manifestly unfounded or excessive, in particular because of their repetitive nature, We reserve the right to charge You a reasonable fee which shall be determined at Our sole discretion, taking into account the administrative costs incurred by us to provide the information or communication or taking the action requested by You. We shall communicate to you in advance the fee amount that will be charged in the given circumstances.

24. HOW QUICKLY WILL WE RESPOND TO YOUR REQUEST?

In all cases, We will try to act on your requests as soon as reasonably possible, within a maximum of one month of receipt of the request (which period may be extended by two (2) more months where necessary), taking into account the complexity and number of the requests. We shall inform You of any such extension within one (1) month of receipt of the request, together with the reasons for the delay.If You are not in the EU/EEA, domestic laws of the jurisdiction You are in may specify a different timeframe. If You wish to receive further information, please contact Us at dataprotection@Guardians of the Ball.com.

25. UPDATES

We reserve the right to unilaterally modify this Privacy Notice at any time, particularly if statutory obligations so mandate or the interest of our users’ security so requires. To let You know when we make changes to this Privacy Notice, We will amend the revision date at the top of this page. The modified Privacy Notice will apply from such revision date. We will not officially notify you about such changes, and it is therefore in Your own interest to check this Privacy Notice page from time to time so as to familiarize yourself with any changes, unless the changes are substantial, in which case We will notify You of the changes and offer you the chance to preview these changes and decide whether you wish to remain our customer prior to these changes coming into effect.

TURKISH PRIVACY POLICY

THIS TURKISH PRIVACY POLICY APPLIES SOLELY TO TURKISH RESIDENTS.

1. INTRODUCTION

This Privacy Policy (“Privacy Policy”) relates to (i) the Guardians of the Ball software application or any related software application (“Apps”) and (ii) the website https://www.GuardiansoftheBall.com and/or any sub-website and/or associated domains (and/or sub-domains) of https://www.GuardiansoftheBall.com (the “Site”), (iii) the owner of the Site and (iv) the services provided by Guardians of the Ball Limited and its subsidiaries, whether direct or indirect, including but not limited to Guardians of the Ball Services Limited or Guardians of the Ball Sports Management, Technology and Gaming A.S.(hereinafter collectively referred to as “We”, “Us”, “Our”, “Ourselves” and/or “GOB”).

“You”, “Your” and “User” refer to an identified or identifiable natural person being the User of the Site, Apps and/or client (or prospective client) of any of Our services.

This Privacy Policy provides detailed, layered information as to how and why We process Personal Data (via the Site, any of Our Apps, or otherwise) as well as detailed information about Your various rights. We are committed to protecting Your privacy and handling your information in an open and transparent manner.

We strongly encourage You to read this Privacy Policy with care. Please contact Us for any clarification You may need. We would be happy to provide You with any information You may need.

2. CONTENTS OF THIS PRIVACY POLICY

1. Introduction

2. Contents of this Privacy Policy

3. Applicable Laws

4. What is personal data?

5. Personal data we collect about you

6. How and why we collect personal data

7. What we use your personal data for (purpose of processing)

8. Special note on consent

9. Accuracy of personal data

10. Direct marketing

11. Transfers to third countries

12. Internet communications

13. Authorized disclosures

14. Sharing of personal data with other categories of recipients

15. Security measures

16. Retention periods

17. Processing for research and statistical reasons

18. Links to third-party sources

19. Cookies

20. Minors

21. Your rights under the data protection laws

22. Guardians of the Ball Services Limited – company details

23. Updates

3. APPLICABLE LAWS

As an entity established in Malta (EU), the main privacy laws that are applicable to Us in so far as You are concerned, are the following:

• The Maltese Data Protection Act (Chapter 586 of the Laws of Malta) as well as the various subsidiary legislation issued under the same – the ‘DPA’ as may be amended or replaced from time to time;
• The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – the “GDPR” as may be amended or replaced from time to time; and
• Any successor legislation to the DPA and/or the GDPR.
• The Law on Protection of Personal Data w. no. 6698 (“KVKK”) and secondary legislations

(Our data controller representative in Turkey is Özdağıstanli Ekici Attorney Partnership. Özdağıstanli Ekici Attorney Partnership’s authority is only limited with the authorities provided under the Regulation on Data Controllers Registry. Please send an e-mail to Guardians of the [email protected] in order to contact our data controller representative in Turkey.

All the above is referred to collectively as the “Data Protection Laws”

4. WHAT IS PERSONAL DATA?

“PERSONAL DATA” means any information that identifies You as an individual or that relates to an identifiable individual.

Whenever it is not possible or feasible for Us to make use of anonymous and/or anonymized data (in a manner that does not identify any Users of the Site, Apps or customers of Our services), We are nevertheless committed to protecting Your privacy and the security of Your Personal Data at all times. We collect Personal Data in various ways, digitally via the Site or the Apps (either when you choose to provide Us with certain data or in some cases automatically, or from third parties).

5. PERSONAL DATA WE COLLECT ABOUT YOU

We collect various categories of Personal Data from you, namely:

CATEGORY OF PERSONAL DATA

DESCRIPTION

Contact Details

Full legal name, email address, residential address and mobile/phone number.

Locational

IP address of the computer connected to the internet, location data through the mobile phone and Apps used and GPS data.

National Identifier

A number or code attributed to you by a government to identify who you are, such as a passport number or national identity number (including nationality).

Usage date

Details about how and when you use Our services (our Site and/or Apps)

Documentary Data

Details about You that are stored in documents in different formats, or copies of them.

This includes passports, identity cards and utility bills that confirm Your identity and prove the residential address; as well as any other additional documentation as deemed necessary by Our compliance team

Special types of data

Data Protection Laws treat some types of personal information as special, which We will only collect and use if the law allows Us to do so. Such data consist of:

• Political connections
• Criminal convictions and offences

6. HOW AND WHY WE COLLECT PERSONAL DATA

As a general rule, We do not collect any Personal Data, that is, information that identifies You as an individual other than that which You choose to provide to Us such as the data (including Contact Details) You provide when registering with our Site or Apps, when contacting Us with enquiries relating to Our services, when subscribing to any service offered by Us or via Our Site or Apps, such as any newsletters as may be issued by Us from time to time or even when subscribing to any offers We (and/or Our affiliates and/or corporate partners) may offer from time to time.

However, we may also collect personal data from other sources, including data companies, publicly accessible databases, joint marketing partners, social media platform and other third parties. We may also receive Personal Data about You from third parties when We need to confirm Your contact details. Should this be the case, We will take all measures as required by law to further inform You about the source of such Personal Data as well as the categories of Personal Data We collect and process. There are certain instances at law where We are specifically forbidden from disclosing to You such activity (for example, when carrying out due diligence for anti-money laundering purposes).

For information about the Personal Data that We may collect automatically via the Site or Apps, please see the Cookies section below.

Unless otherwise specified and subject to various controls, as a general rule, We only collect Personal Data (from You or elsewhere) that We:

• Need to be able to provide You with the services You request from Us;
• Are legally required to collect/use and to keep for a predetermined period of time
• Believe to be necessary for Our legitimate business interests

A detailed description of the reasons why we process specific categories of personal data as well as the corresponding legal ground(s) for doing so, please see the ‘What We Use Your Personal Data For (Purpose of Processing)’ below.

7. WHAT WE USE YOUR PERSONAL DATA FOR (PURPOSE OF PROCESSING)

The Data Protection Laws permit us to use personal data only if We have a proper reason to do so. KVKK states that we must have one or more of these reasons:

• When it is necessary to render the services You have contracted to (KVKK Art. 5/1-c)
• When it is Our legal duty (KVKK Art. 5/1-ç)
• When it is in Our legitimate interest – this refers to when We have a business or commercial reason to use Your personal data. If We rely on our legitimate interest, We will tell you what that is (KVKK Art. 5/1-ç)
• When You provide explicit consent to it (KVKK Art. 5/1)

Below is a description of what We use Your personal Data for and the corresponding legal ground(s) we rely on for doing so.

Please note that where we rely on Your explicit consent, this can be withdrawn at will.

• For the purposes of setting up an account on our system, categories of personal data we collect include contact details, documentary data, national identifiers and special category (particularly political connections) data. The legal basis for processing such data is based on contractual necessity, legitimate interest to ensure we have an accurate account and legal duty for due diligence purposes.

• For the purposes of managing our relationship with you, categories of personal data we collect are mainly contact details for purposes of contractual necessity and compliance with legal obligations.

• For the purposes of establishing and investigating any suspicious behavior in order to protect our business from any risk, fraud or other illegal activities (such as money laundering or terrorist financing) categories of personal data we collect are mainly documentary data and contact details. The legal basis to collect this data is based on our compliance with legal obligations and legitimate interest in detection and prevention of fraud or other illegal activities.

• For the purposes of subscribing to a newsletter or mailing list we mainly collect contact details based on your explicit consent.

• For the purposes of evaluating your queries and/or requests you send us to use/receive any of our services (including customer support services) we mainly collect contract details based on contractual necessity and legitimate interest to be able to attend to your queries.

• For the purposes of maintaining and updating the user accounts records on our system we will be required to collect contact details based on contractual necessity and legitimate interest to ensure we have an accurate user account record.

• For the purposes of continuing to manage our relationships with you we will be required to collect contact details based on contractual necessity and compliance with legal obligations.

• For the purposes of complying with legal and regulatory obligations including the detection and prevention of any financial crime we will be required to collect documentary data, special types of data, national identifiers and locational data based on our legal obligations.

• For the purposes of providing you with our services, especially those provided via the App including location services we will be required to collect contact details and tracking data based on our contractual necessity.

• For the purposes of developing and managing our brands, products and services we will be required to collect contact details based on legitimate interest to develop our products and services.

• For the purposes of internal data analysis, we will be required to collect contact details and tracking data based on contractual necessity.

Should We need to process Your data for a new purpose in the future, which is entirely unrelated to the above, We will inform You of such processing in advance and You may exercise Your applicable rights (as explained below) in relation to such processing.

Finally, do note that without certain Personal Data relating to You, We may not be in the position to provide some or all of the services You expect from Us or even to guarantee the full functionality of Our Site and/or App.

8. SPECIAL NOTE ON EXPLICIT CONSENT

In those limited cases, We will process Your Personal Data on the basis of Your explicit consent, which We will obtain from You in a clear and manifest manner. In such cases where You provide Us with Your explicit consent, You shall have the right to withdraw Your explicit consent at any time and this, in the same manner as You shall have provided it to Us unless an alternative option is provided by Us.

Just to clarify, explicit consent is not the only ground that permits Us to process Your Personal Data. In the above Section 7, We pointed out the various grounds that We rely on when processing Your Personal Data for specific purposes.

9. ACCURACY OF PERSONAL DATA

All reasonable efforts are made to keep any Personal Data We may hold about You up-to-date and as accurate as possible. You can check the information that We hold about You at any time by contacting Us in the manner explained below. If You find any inaccuracies, We will correct them and where required, delete them as necessary. Please see below for a detailed list of Your legal rights in terms of any applicable Data Protection Laws.

10. DIRECT MARKETING

We only send mail messages, emails and other communications relating to marketing where We have Your consent to do so (especially where We use electronic communications). If, at any time, You no longer wish to receive direct marketing communications from Us please let Us know by contacting Us at the details below or update Your preference on any of Our Site(s) or Apps.

In the case of direct marketing sent by electronic communications (where We are legally authorized to do so) You shall be given an easy way of opting out (or unsubscribing) from any such communications.

Please note that even if You withdraw any consent You may have given Us or if You object to receiving such direct marketing material from Us (in those cases where We do not need Your consent), from time to time We may still need to send You certain important communications from which You cannot opt out.

11. TRANSFERS TO THIRD COUNTRIES

As a general principle, the Personal Data We process about You (collected via any of our Sites or Apps or otherwise) will be stored and processed within the European Union (EU)/European Economic Area (EEA) or any other non-EEA country deemed by the European Commission to offer an adequate level of protection.

In some cases, it may be necessary for Us to transfer Your Personal Data to a non-EEA country not considered by the European Commission to offer an adequate level of protection. In such cases, apart from all appropriate safeguards that We implement, in any case, to protect Your Personal Data, We have put in place additional adequate measures. For example, We will ensure that the recipient is bound by the EU Standard Contractual Clauses (the EU Model Clauses) designed to protect Your Personal Data as though it were an intra-EEA transfer. You are welcome to contact Us for more information regarding the adequate safeguards we have in place in relation to such data transfers.

12. INTERNET COMMUNICATIONS

You will be aware that data sent via the Internet may be transmitted across international borders even where sender and receiver of information are located in the same country. We cannot be held responsible for anything done or omitted to be done by You or any third party in connection with any Personal Data prior to Our receiving it including but not limited to any transfers of Personal Data from You to Us via a country having a lower level of data protection than that in place in the European Union, and this, by any technological means whatsoever.

Moreover, We shall accept no responsibility or liability whatsoever for the security of Your data while in transit through the internet unless Our responsibility results explicitly from a law having effect in Malta.

13. AUTHORISED DISCLOSURES

Without prejudice to anything contained in this Privacy Policy and in the interest of full transparency, We reserve the right to disclose (and otherwise process) any relevant Personal Data relating to You which We may be processing (including in certain cases relevant IP addresses) to authorized third parties in or outside the EU/EEA if such disclosures are allowed under the Data Protection Laws (whether or not You have provided Your consent) including but not limited to the following instances:

(a) For the purpose of preventing, detecting or suppressing fraud (for example, if You provide false or deceptive information about Yourself or attempt to pose as someone else, We may disclose any information We may have about You in Our possession so as to assist any type of investigation into Your actions);

(b) In the event of Guardians of the Ball Ltd or any of its subsidiaries being involved in a merger, sale, restructure, acquisition, joint venture, assignment or transfer (of business, shares, assets or otherwise);

(c) To protect and defend Our rights (including the right to property), safety, or to those of Our affiliates, of Users of Our Site or even You own;

(d) To protect against abuse, misuse or unauthorize use of Our Site or App;

(e) For any purpose that may be necessary for the performance of any agreement You may have entered into with Us (including the request for provision of services by third parties) or in order to take steps at Your request prior to entering into a contract;

(f) To comply with any legal obligations such as may arise by way of response to any Court subpoena or order or similar official request for Personal Data; or

(g) As may otherwise be specifically allowed or required by or under any applicable law (for example, under anti-money laundering legislation).

14. SHARING OF PERSONAL DATA WITH OTHER CATEGORIES OF RECIPIENTS

Relevant data will also be disclosed or shared as appropriate (and in all cases in line with the Data Protection Laws) to/with members and staff of Guardians of the Ball Ltd, to/with other affiliated entities of Guardians of the Ball Ltd and/or sub-contractors established within the European Union if pertinent to any of the purposes listed in this Privacy Policy (including to/with Our services providers who facilitate the functionality of our Site and App and/or any service You may require).

Any such authorized disclosures will be done in accordance with the Data Protection Laws (for example all Our processors are contractually bound by the requirements in the said Data Protection Laws, including a strict obligation to keep any information they receive confidential and to ensure that their employees/personnel are also bound by similar obligations). The said service providers are also bound by a number of other obligations

Your Personal Data will also be shared with our business partners, particularly the sports teams whose branded goods and services You have specifically opted to use, buy or interact through our Site and/or App. However, your Personal Data will never be processed by such third parties for their marketing purposes (unless You give Your opt-in consent thereto).

The third parties who We may disclose to and/or share Your Personal Data with are, at the date of this Privacy Policy, the following:

• Cloud Service Provider for the hosting of data under state-of-the-art security protocols and our exclusive control.
• IT Service Providers for the maintenance and support of our IT systems/Site(s) with restricted access and under strict controls.
• Customer Support Software Providers for the provision of a customer support software in order to provide our users with a high-level customer support with restricted access and our strict controls.
• Marketing and Customer Retention Management Tools for the provision of marketing email communications sendouts under our strict control and management.
• Public Authorities for compliance with legal obligations and only after verifications are made into necessity of disclosure.
• Our independent financial and legal advisors for the provision of legal and financial support to Guardians of the Ball Ltd and affiliated entities
• Business partners with whom we have a co-operation or partnership agreement to facilitate and improve the services and goods referred to you, including the tailoring of such services and goods, if deemed appropriate.
• Advertising partners and social media platforms for marketing purposes to send adverts to You because You may be interested in Our services or to send Our adverts to people who have a similar profile to You, utilizing for example Facebook’s ‘Custom Audience’ or ‘Google Ads’ tools.

15. SECURITY MEASURES

The Personal Data which We may hold (and/or transfer to any affiliates/partners/subcontractors as the case may be) will be held securely in accordance with Our internal security policy and the applicable law.

We use reasonable efforts to safeguard the confidentiality of any and/or all Personal Data that We may process relating to You and regularly review and enhance Our technical, physical and managerial procedures so as to ensure that Your Personal Data is protected from:

• Unauthorized access
• Improper use or disclosure
• Unauthorized modification
• Unlawful destruction or accidental loss

We have implemented security policies, rules and technical and organizational measures to protect the Personal Data that We may have under Our control. All our members, staff and data processors (including specific subcontractors and cloud service providers established within the European Union), who may have access to and are associated with the processing of Personal Data, are further obliged (under contract) to respect the confidentiality of Our Users’ or clients’ Personal Data as well as other obligations as imposed by the Data Protection Laws.

Despite all the above, We cannot guarantee that a data transmission or a storage system can ever be 100% secure. Authorized third parties, and external/third-party service providers, with permitted access to Your Personal Data (as explained in this Privacy Policy) are specifically required to apply appropriate technical and organizational security measures that may be necessary to safeguard the Personal Data being processed from unauthorized or accidental disclosure, loss or destruction and from any unlawful forms of processing.

As stated above, the said service providers are also bound by a number of other obligations in line with the Data Protection Laws.

16. RETENTION PERIODS

We will retain Your Personal Data only for as long as is necessary (taking into consideration the purpose for which it was originally obtained). The criteria We use to determine what is ‘necessary’ depends on the particular Personal Data in question and the specific relationship We have with You (including its duration).

Our standard practice is to determine whether there is/are any specific EU and/or Maltese and/or applicable law(s) (for example tax or corporate laws) permitting or even obliging Us to keep certain Personal Data for a certain period of time (in which case We will keep the Personal Data for the maximum period indicated by any such law).

We would also have to determine whether there are any laws and/or contractual provisions that may be invoked against Us by You and/or third parties and if so, what the prescriptive periods for such actions are (this is usually ten (10) years). In the latter case, We will keep any relevant Personal Data that We may need to defend Ourselves against any claim(s), challenge(s) or other such action(s) by You and/or third parties for such time as is necessary.

We will retain your Personal Data on Our systems for the longest of the following periods:

• As long as You are a customer or user of Our services
• Any retention period that is required by applicable law
• The end of the period in which litigation or investigations might arise in respect of Our products or services

Where Your Personal Data is no longer required by Us, We will either securely delete or anonymize the Personal Data in question.

17. PROCESSING FOR RESEARCH AND STATISTICAL REASONS

Research and statistics using User or client information is only carried out so that We may understand Our Users’ and/or clients’ needs and to develop and improve Our services/activities. In any case, We will always ensure to obtain any explicit consent We may legally require from You beforehand. As in all other cases, We will also ensure to implement all appropriate safeguards as may be necessary.

18. LINKS TO THIRD-PARTY SOURCES

Links that We may provide to third-party websites are clearly marked and We are not in any way whatsoever responsible for (nor can We be deemed to endorse in any way) the content of such websites (including any applicable privacy policies or data processing operations of any kind). We suggest that You should the privacy policies of any such third-party websites.

19. COOKIES

When You visit Our site or use our App, We will collect certain categories of Personal Data automatically through the use of cookies and similar technologies.

For more detailed information including what cookies are and how and why We process such data in this manner (including the difference between ‘essential’ and ‘non-essential’ cookies) please read Our detailed Cookies Policy.

20. MINORS

Our Site, App and services are not intended to be used by any person under the age of eighteen (18) and therefore We will never intentionally collect any Personal Data from such persons. If You are under the age of consent, please consult and get Your parent’s or legal guardian’s permission to use the site, App and any of Our other services.

We shall consider that any Personal Data of any persons under the age of eighteen (18) received by Us, shall be sent with the proper authority from the holder of parental responsibility over the child and that the sender can demonstrate such authority at any time, upon Our request.

21. YOUR RIGHTS UNDER THE DATA PROTECTION LAWS

Before addressing any request You make with Us, We may first need to verify Your identity.

As explained in the Retention Periods section above, We may need to keep certain Personal Data for compliance with Our legal retention obligations but also to complete transactions that You requested prior to the change or deletion that You requested.

According to the Article 11 of the KVKK, under certain circumstances, You have the right to:

• Be informed in a clear, transparent and easily understandable way about how We use Your Personal Data and about your rights.
• Request access to your personal information about whether your personal data is processed or not. (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data and to learn/check that We are lawfully processing it, if we hold information about You. Also, you have the right to know the third parties to whom personal data is transferred locally or abroad,
• Request rectification of the Personal Data that we hold about you. This enables You to have any incomplete or inaccurate information We hold about You corrected. Also, you have the right to request third parties to whom the personal data have been transferred, to be informed about this request.
• Request erasure of Your Personal Data. This enables You to ask Us to delete or destroy personal information where there is no good reason for Us continuing to process it (for instance, we may need to continue using your Personal Data to comply with Our regulatory and legal obligations). Also, you have the right to request the third parties to whom the personal data was transferred, to be informed about the process.
• Object to the processing of Your Personal Data where We are relying on a legitimate interest (or those of a third party) and there is something that makes You want to object to Us using Your Personal Data and we do not have a legitimate basis for doing so, which overrides Your rights, interests and freedoms (for instance, We may need it to defend a legal case). Also, you have the right to object to the results about you based on processing of your personal data. exclusively by automatic means. You also have the right to object when We are processing your personal information for direct marketing purposes.
• Request the restriction of processing of Your Personal Data. This enables You to ask us to suspend the processing of Personal Data about You, for example if You want Us to establish its accuracy or the reason for processing it.
• Request the transfer of Your Personal Data to another party where you provided it to Us and We are using it based on your explicit consent, or to carry out a contract with You, and we process it using automated means.
• Compensation – you have the right to request compensation for the damage arising from the unlawful processing of his personal data.
• Withdraw explicit consent. In the limited circumstances where We are relying on Your explicit consent (as opposed to the other legal grounds set out above) to the collection, processing and transfer of your Personal Data for a specific purpose, You have the right to withdraw Your explicit consent for that specific processing at any time. Once we have received notification that You have withdrawn Your explicit consent, We will no longer process Your Personal Data for the purpose or purposes You originally agreed to, unless We have a legitimate interest in doing so or We are bound by regulatory requirements to continue doing so for a defined period of time.
• Lodge a complaint. If You think that We are using Your information in a way which breaches Data Protection Laws, You have the right to lodge a complaint with the appropriate Data Protection Supervisory Authority. We kindly ask that You please attempt to resolve any issues You may have with Us first.

Please contact our Data Controller Representative in Turkey as indicated in COMPANY DETAILS if you wish to exercise any of your rights, or if you have any enquiries or complaints regarding the processing of your Personal Information.

We may need to request specific information from You to help us understand the nature of Your complaint or request, to confirm Your identity and ensure Your right to access the information (or to exercise any of Your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

In all cases, We will try to act on your requests as soon as reasonably possible, within a maximum of thirty (30) days of receipt of the request, taking into account the complexity and number of the requests.

22. GUARDIANS OF THE BALL LIMITED – COMPANY DETAILS

We are Guardians of the Ball Limited, a company registered in Malta with company registration number C105281 and whose registered address is 152 Number 9 Naxxar Road, San Gwann, SG9130, Malta. We are the data controller responsible for processing Your Personal Data that takes place via the Site, our App or in the manner explained above.

If you have any questions/comments about privacy or should You wish to exercise any of Your individual rights, please contact Us by sending an email to the following address: 152 Number 9 Naxxar Road, San Gwann, SG9130, Malta

23. UPDATES

We reserve the right to unilaterally modify this Privacy Policy at any time, particularly if statutory obligations so mandate or the interest of our users’ security so requires. To let You know when we make changes to this Privacy Policy, We will amend the revision date at the top of this page. The modified Privacy Policy will apply from such revision date. We will not officially notify you about such changes, and it is therefore in Your own interest to check this Privacy Policy page from time to time so as to familiarize yourself with any changes.