FIVB and Volleyballworld Data Protection Information (“Data Protection Information”)


The Fédération Internationale de Volleyball (“FIVB”), Château Les Tourelles, Edouard-Sandoz 2-4, 1006 Lausanne, Switzerland and VW Volleyball World SA, with registered office in Lausanne, Switzerland, and registered with the commercial register of the canton of Vaud under no. CHE-334.506.517, (“Volleyballworld”) (FIVB and Volleyballworld are hereinafter jointly referred to: “we” or “us”) are the joint responsible authorities and joint data controllers (in the meaning of sec. 4 para. 7, 26 GDPR) of the data processed and collected from our stakeholders, mainly via www.FIVB.org, www.FIVB.com and the Volleyballworld-websites www.welcome.volleyballworld.tv, www.volleyball.world (hereinafter the "Websites") as well as applications (apps) and further digital and analogue services conducted by FIVB and/or Volleyballworld at the current stage and in the future (hereinafter jointly “Platforms”). Volleyballworld is a majority owned affiliate of FIVB and together with FIVB has access to the personal data collected by FIVB and vice versa. We are committed to protect your Personal data and ensure your security when you use our Websites, Platforms and services or when you get in contact with us otherwise complying with GDRP requirements and best practice standards (“Data Protection Requirements”). We strive to be transparent about the processing of your Personal data on the Platforms.

Please read the following to learn more about our joint data processing activities and the ways in which we use your information on the Platforms. If you have any question on the processing of your data by us on basis, please refer to data.privacy@volleyball.world.

DEFINITION SECTION:

General Definitions:

a) Best practice: Means commercial or professional procedures and/or methods and/or techniques that has been generally accepted as superior, correct or most effective to any alternatives because it produces results that are superior to those achieved by other means or because it has become a standard way of doing things, e.g., a standard way of complying with legal (GDPR) or ethical requirements and are used to maintain quality as an alternative to mandatory legislated standards (GDPR) and can be based on self-assessment or benchmarking.

b) Consent: Means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal data relating to him or her (see sec. 4 para. 11 GDPR).

c) Controller: Means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law (see sec. 4 para. 7 GDPR).

d) Data concerning health: Means Personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status (see sec. 4 para. 15 GDPR).

e) Filing system: Means any structured set of Personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis (see sec. 4 para. 6 GDPR).

f) General Data Protection Regulation: Means the General Data Protection Regulation (EU) 2016/697 (“GDPR”) is a regulation "Regulation (European Union)") in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA) put into effect on May 25, 2018. It also addresses the transfer of Personal data outside the EU and EEA areas. GDPR imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The GDPR's primary aim is to give control to individuals over their Personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

g) Personal data: Means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (see sec. 4 para. 1 GDPR).

h) Processing: Means any operation or set of operations which is performed on Personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (see sec. 4 para. 2 GDPR).

i) Processor: Means a natural or legal person, public authority, agency or other body which processes Personal data on behalf of the controller (see sec. 4 para. 8 GDPR).

j) Profiling: Means any form of automated processing of Personal data consisting of the use of Personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements (see sec. 4 para. 4 GDPR).

k) Pseudonymisation: Means the processing of Personal data in such a manner that the Personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal data are not attributed to an identified or identifiable natural person (see sec. 4 para. 5 GDPR).

l) Recipient: Means a natural or legal person, public authority, agency or another body, to which the Personal data are disclosed, whether a third party or not. However, public authorities which may receive Personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing (see sec. 4 para. 9 GDPR).

m) Restriction of processing: Means the marking of stored Personal data with the aim of limiting their processing in the future (see sec. 4 para. 3 GDPR).

n) Third party: Means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process Personal data (see sec. 4 para. 10 GDPR).

Categories:

These are the categories of Personal data we collect directly or indirectly from you on the Platforms:

a) Behavioural and Profile information: Including your spending behaviour segmented by spending channel (OTT, e-commerce, ticketing, etc.), your attendance data at our events, your browsing behaviour, your browsing preferences, your shopping preferences, social media interactions with us, and any other intelligence we have about you. We use it to know you better as a consumer, so we can send you marketing messages containing only products and services that we think you might be interested in depending on our legitimation stated below.

b) Contact information: Including your address, phone number, e-mail address, social media handle, any other communication channel you have used to contact us for more information. We use it to contact you for different reasons depending on the purposes stated below.

c) Device information: Including information about your device or browser that give us an idea about your browsing behaviour or device usage. Your device information is collected by our app, and your browser information is collected by our cookies, tags, and pixels. This is often required for network security purposes. This includes, but not limited to: IP address, date and time of the visit, how long you remained on our website, the referral URL (if you came to our site via a different site or an advertisement), the pages visited on our site, your browser type, device type, versions, operating system.

d) Identity information: Including name (first, last, initials), Date of Birth, e-mail address, nickname, password, social media identifiers and information passed along to us via your social media account(s). We use it to verify your identity.

e) Location information: Including your residential location, current log-in location, IP address, GPS location (if you wish to share us, for example through your mobile device settings), or the specific website you have visited that might give us clues about where you are. We use it to help you find what you are looking for at your current location depending on our legitimation stated below.

f) Purchase information: Including your payment information (credit card number), payment risk profile (provided to us by our payment risk solution), shopping cart (your ordered items), delivery details, shipping and billing address, customer order number, purchase history with us, transaction ID, and any other information related to your purchase. We use it to complete your order on our Websites and Platforms or other selling platforms.

g) Preference information: Including preferred language, log-in location, Wishlist items, preferred shipping address, browsing preferences, our correspondence with you, your product reviews. We use it to give you convenience when you visit and/or shop on our Websites and Platforms depending on our legitimation stated below.

h) Social Media information: Including information obtained through your interaction with us on various social media channels such as Facebook, Instagram, Google, etc., including: any social media information that is publicly available such as your social media handles, social media interactions and public postings, your “Likes” and other reactions, your social media connections, your photos that are public, or those you send to us by mentioning us or following our social media posts by using “handles” or “hashtags”. We obtain this information from the social media network (e.g. Facebook, Snapchat, Instagram, etc.) directly or indirectly through third-party agencies we have agreements with.

Further specific data not mentioned within the definitions above are set out explicitly below, when applicable. In addition, we collect publicly available data via research partners (such as Kantor, GumGum, Horizm) and may use such data also for the purposes as outlined in this Data Protection Information.

General information on our data processing

1. Websites, Platform and Apps users

a) Operation and Security

Data Categories
Processing purposes
Categories of Recipients
Deletion
Legal Basis
Device information; Identity information (anomyzed)
Running the sites/apps; fix bugs; make sure you always see the site the way we intended; monitor compliance with our Terms and Conditions; screen all traffic, analyse data that is received by our servers; identify cyber-attacks.
IT Department and Administrators; see also under 9.
4 weeks after visit of platform
Legitimate interest (sec. 6 para. 1 sentence 1 lit. f GDPR)

b) Business operational analytics

Data Categories
Processing Purposes
Categories of Recipients
Deletion
Legal Basis
- Device information - Identity information - Location information - Behavioural and Profile information - Social media information
We need to understand how we do with respect to our business operations. This is in the interest of the development of volleyball, our employees, and our sponsors and partners. For this purpose, we need to analyse different categories of information to understand the popularity of FIVB Events and products, what worked and what did not work in terms of our marketing and advertising campaigns, our product designs and distribution strategy, our website design and overall user experience, so we can establish, implement, and evaluate our business strategy. This includes analysing data to understand how users browse our Websites and Platforms, use the apps and generally interact regarding our services to improve our user experience design to make sure you will continue to interact with us on our sites and apps. For this purpose, we use different analytics tools and services of data analytics solution providers (see section 9).
IT Department, Digital Department, Media Rights and Business Department, Administrators; Business Consulting Service Providers; Data Analytics Solution Providers; IT Cloud Solution Providers; see also under 9.
We retain user data until you withdraw your consent. The anonymized data of our Data Analytics Solution Providers is deleted as follows, Users have the ability to actively opt-in or reject the manual select check-box.
Consent (sec. 6 para. 1 sentence 1 lit. a GDPR) (via check box in the cookie banner)

c) User experience (registered Website and app users/account holders including OTT-Channel)

Data Categories
Processing Purposes
Categories of Recipients
Deletion
Legal Basis
- Device information - Contact information - Identity information - Location information - Behavioural and Profile information - Social Media information (if made available to us) - Preference information
We send you direct marketing messages, offerings related to our services or pop-ups that we think you would be interested in (“personalised”) to the email address/account you provide to us during your sign-in to our Websites and Platforms. To send you “personalised” messages, we observe your online (and sometimes, where applicable, offline) behaviour including but not limited to content viewed, viewing habits, content interactions, and analyse your behaviour using analytics to best estimate what products and FIVB Events, what teams, players, clubs, leagues you might be interested in, and you can benefit from. We use different analytics tools and services of data analytics solution providers (see section 9) to understand what your behaviour means in terms of your like and dislike, and to understand the impact (success rates) of the messages delivered to you. Direct marketing activities are covered by the legitimate interests of us to promote own events and products of us and the FIVB Family (e.g. national federations and confederations) as well as promotional information about our partners and sponsors. Your interests do not outweigh our interests as we do not use any data of a special category. Such use of your data coincides with your reasonable expectations as long as our marketing activities only relate to the world of volleyball and related products and seek to deliver value to all our stakeholders.
IT Department, Digital Department, Media Rights and Business Department, Administrators; our partners and sponsors; prospective buyers and investors; Email Marketing Service Providers; Advertising Agency Partners; Data Analytics Solution Providers; IT Cloud Solution Providers; see also under 9.
We retain user data as long as you do not object to us processing your Data for marketing purposes or until you withdraw your consent, including sending of marketing messages or until you delete your account.
Consent (sec. 6 para. 1 sentence 1 lit. a GDPR) (via check box in the cookie banner and the user registration sign-in section) Legitimate interest (sec. 6 para. 1 sentence 1 lit. f GDPR)

d) Targeted messages on third-party platforms

Data Categories
Processing Purposes
Categories of Recipients
Deletion
Legal Basis
- Device information - Contact information - Identity information - Location information - Behavioural and Profile information - Social Media information (if made available to us) - Preference information
We use Third-party advertising platforms, such as Facebook, Google, YouTube, Instagram, etc. to send you messages that are targeted at you, based on your behaviour and browsing pattern, at specific times and locations of these platforms to increase the efficiency of our advertising campaigns. We use Third-party solutions such as Google Audience and Facebook Custom Audience to help us do a better job at targeting our campaigns and messages for our consumers. Your Personal data is shared with the Third-party advertising platforms, and they will attempt to match your profile in their database to determine the optimal time and place (the page you are browsing) to show you an advertisement for FIVB Events and our products and partner products.
IT Department, Digital Department, Media Rights and Business Department, Administrators; Advertising Agency Partners; Social Media Platforms; Targeted Marketing Service Providers; IT Cloud Solution Providers; see also under 9.
We retain user data as long as you do not withdraw your consent.
Consent (sec. 6 para. 1 sentence 1 lit. a GDPR) (via check box in the cookie banner and the user registration sign-in section)

e) Account managing

Data Categories
Processing Purposes
Categories of Recipients
Deletion
Legal Basis
- Device information - Contact information - Identity information - Location information - Purchase information - Preference information
When you hold an account on our Websites and Platforms, we must be able to maintain and administer your activities, e.g. the purchase of streaming licences. In this context, we i.e. have to verify your identity and your legitimation, we have to communicate with you and ensure your smooth usage of your account.
IT Department, Digital Department, Media Rights and Business Department, Administrators; our sponsors and partners; Data Analytics Solution Providers; IT Cloud Solution Providers; see also under 9.
10 years after the end of the legal relationship with us.
Performance of contract (sec. 6 para. 1 sentence 1 lit. b GDPR)

f) Service Development on market research basis

Data Categories
Processing Purposes
Categories of Recipients
Deletion
Legal Basis
Depending on the project and the data you provided to us in this context: - Device information - Identity information - Location information - Behavioural and Profile information - Social Media information - Data concerning health
We conduct analysis to research improve our services by asking you to participate in contests, promotions, sweepstakes, surveys or live voting features, asking you for feedback or asking other service providers to conduct market research for us.
IT Department, Digital Department, Media Rights and Business Department, Administrators; our sponsors and partners; prospective buyers and investors; Business Consulting Service Providers; Data Analytics Solution Providers; IT Cloud Solution Providers; see also under 9.
Duration of the project or until you withdraw your consent.
Consent (sec. 6 para. 1 sentence 1 lit. a GDPR) By participating in any review or survey, you agree to such use of your data. Regarding Data concerning health an explicit consent will be required from you.

g) User-generated content acquisition from social media

Data Categories
Processing Purposes
Categories of Recipients
Deletion
Legal Basis
Depending on the project and the data you provided to us in this context: - Device information - Identity information - Location information - Behavioural and Profile information - Social Media information
We invite you to provide your social-media related data such as images, postings, videos to us via social media platforms by following specific instructions such as using specific hashtags or following certain campaigns. We will be using the data you provide for our campaign communications.
IT Department, Digital Department, Media Rights and Business Department, Administrators; our sponsors and partners; Advertising Agency Partners; Social Media Platforms; Data Analytics Solution Providers; IT Cloud Solution Providers; see also under 9.
Duration of the project or until you withdraw your consent.
Consent (sec. 6 para. 1 sentence 1 lit. a GDPR) by providing the data to us in connection with our terms and conditions.

h) Subscription to Newsletters, Updates and similar communications

Data Categories
Processing Purposes
Categories of Recipients
Deletion
Legal Basis
- Identity information - Contact information - Behavioural and Profile information
We invite you to subscribe to email updates, newsletters or other subscriptions and features made available on our Websites and Platforms from time to time and analyse whether the information provided is of interest of our subscribers.
IT Department, Digital Department, Media Rights and Business Department, Administrators. Advertising Agency Partners; Data Analytics Solution Providers; see also under 9.
Until you unsubscribe from the respective communication tool.
Consent (sec. 6 para. 1 sentence 1 lit. a GDPR).

2. E-Commerce and Ticketing Platform (see also I.1.b))

Data Categories

Processing purposes

Categories of Recipients

Deletion

Legal Basis

  • Identity information
  • Contact information
  • Location information
  • Purchase information
  • Behavioural and Profile information

Allowing us to perform the contract with you if you want to place an order at our e-commerce-platforms or if you buy a ticket on our Ticketing Platform.

Using the Purchase information also to analyse the interest and awareness level and the popularity of our products and events.

IT Department, Digital Department, Media Rights and Business Department, Administrators; our sponsors and partners; shipping and logistic partners; see also under 9.

10 years after the end of the legal relationship with us.

Performance of contract (sec. 6 para. 1 sentence 1 lit. b GDPR)

Legitimate interests (sec. 6 para. 1 sentence 1 lit. f GDPR).

3. Games and Fantasy Games

Data Categories

Processing purposes

Categories of Recipients

Deletion

Legal Basis

  • Device information
  • Identity information
  • Purchase information
  • Location information
  • Behavioural and Profile information

We invite you to open, download and/or engage with any form of Games or Fantasy Game available as mobile Apps on VBW digital platforms, to share your user data, interactions, activities, other related Gamification data via social media platforms by following specific instructions such as hashtags or in game prompts and sharing capabilities.

IT Department, Digital Department, Media Rights and Business Department, Administrators; our sponsors and partners; Advertising Agency Partners; Social Media Platforms; Data Analytics Solution Providers; IT Cloud Solution Providers; see also under 9.

10 years after the end of the legal relationship with us.

Performance of contract (sec. 6 para. 1 sentence 1 lit. b GDPR)

Consent (sec. 6 para. 1 sentence 1 lit. a GDPR).

Legitimate interests (sec. 6 para. 1 sentence 1 lit. f GDPR).

4. Athletes’ data

Data Categories

Processing purposes

Categories of Recipients

Deletion

Legal Basis

  • Identity information
  • Contact information
  • Social Media information
  • Website
  • Bank account
  • Height, weight
  • Languages
  • Hobbies
  • Education
  • Competition-related information (including images and videos produced at competitions)
  • Data concerning health Anti-Doping data

Identification of and communication with the athlete; assessing the eligibility; transfer of prize money; information of the audience; conducting disciplinary proceedings; assessing the athlete’s physical readiness for taking part in FIVB Events and avoiding accidents; fight against doping maintaining fairness in the sport. Use of identity information on digital products related to Platforms and FIVB and Volleyballworld competitions.

IT Department, Digital Department, Media Rights and Business Department, Administrators.

Event organisers, Confederations and National Federations.

The information on Data concerning health is only shared with the FIVB medical department.

Anti-Doping data may be shared and disclosed (i) in accordance with the FIVB Anti-Doping Rules and (ii) the World Anti-Doping Code International Standard for the Protection of Privacy and Personal Information (ISPPPI), which is the mandatory International Standard developed as part of the World Anti-Doping Program (the ISPPPI, as amended from time to time, is accessible on ). Such data is transferred by way of Pseudonymization.

See also under 9.

10 years after the end of the legal relationship with us.

Data related to the athlete’s sporting performances/ achievements and his or her activity as an FIVB athlete will be stored for an unlimited time for historical purposes.

Performance of the legal relationship entered into with the athlete (sec. 6 para. 1 sentence 1 lit. b GDPR); our legitimate interests (sec. 6 para. 1 sentence 1 lit. f GDPR); Consent of the athlete (sec. 6 para. 1 sentence 1 lit. a GDPR) (regarding the Data concerning health and Anti-Doping data).

In certain limited circumstances, due to the fundamental importance of doping free sports, we must have the ability to process Anti-Doping data in the absence of the athlete’s formal consent. These exceptions are necessary to avoid situations in which an athlete refuses to grant or withdraws his or her consent in order to obstruct anti-doping proceedings. Therefore, unless prohibited by the applicable law, our processing of special categories may be required even in the absence of specific consent, if necessary to (i) enable us to commence or pursue investigations related to suspected anti-doping rule violations, (ii) conduct or participate in proceedings related to suspected anti-doping rule violations, or (iii) establish, exercise or defend against legal claims relating to us, the athlete or both.

5. Officials’, coaches’ and medical staff data

Data Categories

Processing purposes

Categories of Recipients

Deletion

Legal Basis

  • Identity information
  • Contact information
  • Competition-related information (including images and videos produced at competitions)
  • Bank account

Identification of and communication with the individuals; reimbursement of expenses; conducting disciplinary proceedings; Use of identity information on digital products related to Platforms and FIVB and Volleyballworld competitions.

IT Department, Digital Department, Media Rights and Business Department, Administrators.

Event organisers, Confederations and National Federations.

See also under 9.

10 years after the end of the legal relationship with us.

Data related to the performance/achievements of a coach will be stored for an unlimited time for historical purposes.

Performance of the legal relationship entered into with the individual (sec. 6 para. 1 sentence 1 lit. b GDPR); our legitimate interests (sec. 6 para. 1 sentence 1 lit. f GDPR).

6. Referees’ data

Data Categories

Processing purposes

Categories of Recipients

Deletion

Legal Basis

  • Identity information
  • Contact information
  • Bank account
  • Data concerning health

Identification of and communication with the individuals; reimbursement of expenses; conducting disciplinary proceedings; assessing the referee’s physical readiness for taking part in FIVB Events and avoiding accidents. Use of identity information on digital products related to Platforms and FIVB and Volleyballworld competitions.

IT Department, Digital Department, Media Rights and Business Department, Administrators.

Event organisers, Confederations and National Federations.

The Data concerning health is only shared with the FIVB medical department.

See also under 9.

10 years after the end of the legal relationship with us.

Data related to the performance/achievements of a coach will be stored for an unlimited time for historical purposes.

Performance of the legal relationship entered into with the referee (sec. 6 para. 1 sentence 1 lit. b GDPR); our legitimate interests (sec. 6 para. 1 sentence 1 lit. f GDPR); consent of the referee (sec. 6 para. 1 sentence 1 lit. a GDPR) (regarding the Data concerning health).

7. Journalists’ and media staff data

Data Categories

Processing purposes

Categories of Recipients

Deletion

Legal Basis

  • Identity information
  • Contact information
  • AIPS ID (international press recognition)

Identification of and communication with the individuals; assessing the authorization/accreditation.

IT Department, Digital Department, Media Rights and Business Department, Administrators.

Event organisers, Confederations and National Federations.

See also under 9.

10 years after the end of the legal relationship with us.

Performance of the legal relationship entered into with the individual (sec. 6 para. 1 sentence 1 lit. b GDPR); our legitimate interests (sec. 6 para. 1 sentence 1 lit. f GDPR).

8. Cookies, pixels, tags and similar technologies

Click here for our Cookie Policy [https://en.volleyballworld.com/cookie-policy]

9. Additional information on our current data recipients (depending on the data category and processing activity, see I. above)

Click here to see the full list of VBW providers.

II. General information on the sharing and the transfer of Personal data

We do not sell, rent, or lease any individual’s Personal data to anyone other than described above. We use Pseudonymization of your Personal data whenever it strikes well the balance between our processing purposes and the goal of data minimization. In addition to the processing and sharing of Personal data as described under I. above, we process or disclose your Personal Data to third parties if

- you gave explicit consent

- this is required for the performance/settlement of a contractual relationship with you

- this is required to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding interest in not disclosing your data); or

- we are obliged to do so pursuant to the applicable law, including by subpoenas, warrants, or other orders issued by courts or other state authorities

Our servers are located in Lausanne, Switzerland. Your data may be stored and used elsewhere depending on the location of affiliates, business partners, and other entities who are permitted to access such data under the terms of this Data Protection Information. We only transfer your Personal data to third countries outside the EU/EEA, if at least one of the following conditions is met:

(i) in the respective state, according to the European Commission, an adequate level of data protection is ensured,

(ii) Standard Contractual Clauses (SCC) are in place with the respective partner,

(iii) you have consented to such transfer after having been informed of the possible risks of such transfer due to the absence of an adequacy decision or other appropriate safeguards,

(iv) the transfer is necessary for the performance of services or the implementation of precontractual measures taken at your request as set out in this Data Protection Regulation,

(v) the transfer is necessary for the performance of a contract, or

(vi) one of the other conditions stipulated in Article 49 para. 1 GDPR applies.

III. Your rights

In the following we inform you about your rights in connection with our data processing in accordance with the GDPR which shall apply irrespective of your country of residency. Should the data protection legislation applicable to you provide you with a higher level of rights related to our data processing activities, you may additionally exercise such rights towards us.

  • Your right to access information (see sec. 15 GDPR)

You are entitled to see the information held about you, including the source and the recipients of your data and the purpose of its processing. If you wish to do this, please contact us under data.privacy@volleyball.world. We may require you to provide verification of your identity and to pay an administration fee to provide a copy of the information we hold. Please note that in certain circumstances we may withhold access to your information where we have the right to do so under current data protection legislation.

  • Your right to rectification/erasure of your data (see sec. 16 GDPR)

You have the right to obtain from us without undue delay the rectification of inaccurate data concerning you.

  • Your right to erasure of your data / “right to be forgotten” (see sec. 17 GDPR)

You have the right to obtain from us the erasure of data concerning you without undue delay and we shall have the obligation to erase your data without undue delay.

  • Your right to restrict the processing (see sec. 18 GDPR)

You have a right to obtain from the us a restriction of processing.

  • Your right to data portability (see sec. 20 GDPR)

In cases where the data has been provided based on your consent or on a contract and the data processing is carried out by automated means, you have the right to receive from us the data held about you in a structured, commonly used and machine-readable format and you have the right to transmit this data to another controller without hindrance from us.

  • Your right to object (see sec. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of your data.

  • Your right to withdraw your consent

Where the processing of your data is based on your consent, you have the right to withdraw consent at any time by informing us under the above-mentioned e-mail-address. This, however, does not affect the lawfulness of processing based on your consent before the withdrawal.

  • Your right to lodge a complaint (see sec. 77 GDPR)

You may at any time lodge a complaint with a supervisory authority, in particular in the state where you are habitually resident. The competent supervisory authority for Switzerland is the Federal Data Protection and Information Commissioner ().

For the execution of and further information about your rights please contact us under data.privacy@volleyball.world.

IV. Links

Our Websites, Platforms, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others including members of our groups, our partner networks or advertisers and/or social networks as offered to you and supported by your browser. The Personal data that you provide through those other websites is not subject to this Data Protection Information and the treatment of your Personal data by the operators of such websites is not our responsibility. If you follow a link to any of these websites, please note that the operators of those websites may have their own privacy policies which set out how your information is collected and processed by them. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of entities through which you choose to share.

V. Minors

We do not focus our data processing activities on minors. If you are a minor under the age of sixteen (see sec. 8 para. 1 GDPR), please read this Data Protection Information carefully in the company of your legal guardians and provide your personal information only if your legal guardians have given consent thereto.

VI. Security

We have implemented reasonable technical and organisational measures designed to secure your data from accidental loss and from unauthorised access, use, alteration or disclosure. However, the internet is an open system and we cannot guarantee that unauthorised third parties will never be able to defeat those measures or use your personal information for improper purposes.

VII. Changes

This Data Protection Information may be amended from time to time. If we amend it, we will place an updated version on our Websites/Platforms. Regularly reviewing this page ensures that you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties. If we make any substantial changes in the way we use your personal information we will notify you by posting a prominent announcement on the Websites/Platforms or directly inform you (e.g. via e-mail).

Version: March 2021

II. General information on the sharing and the transfer of Personal data

We do not sell, rent, or lease any individual’s Personal data to anyone other than described above. We use Pseudonymization of your Personal data whenever it strikes well the balance between our processing purposes and the goal of data minimization. In addition to the processing and sharing of Personal data as described under I. above, we process or disclose your Personal Data to third parties if

- you gave explicit consent

- this is required for the performance/settlement of a contractual relationship with you

- this is required to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding interest in not disclosing your data); or

- we are obliged to do so pursuant to the applicable law, including by subpoenas, warrants, or other orders issued by courts or other state authorities

Our servers are located in Lausanne, Switzerland. Your data may be stored and used elsewhere depending on the location of affiliates, business partners, and other entities who are permitted to access such data under the terms of this Data Protection Information. We only transfer your Personal data to third countries outside the EU/EEA, if at least one of the following conditions is met:

(i) in the respective state, according to the European Commission, an adequate level of data protection is ensured,

(ii) Standard Contractual Clauses (SCC) are in place with the respective partner,

(iii) you have consented to such transfer after having been informed of the possible risks of such transfer due to the absence of an adequacy decision or other appropriate safeguards,

(iv) the transfer is necessary for the performance of services or the implementation of precontractual measures taken at your request as set out in this Data Protection Regulation,

(v) the transfer is necessary for the performance of a contract, or

(vi) one of the other conditions stipulated in Article 49 para. 1 GDPR applies.

III. Your rights

In the following we inform you about your rights in connection with our data processing in accordance with the GDPR which shall apply irrespective of your country of residency. Should the data protection legislation applicable to you provide you with a higher level of rights related to our data processing activities, you may additionally exercise such rights towards us.

  • Your right to access information (see sec. 15 GDPR)

You are entitled to see the information held about you, including the source and the recipients of your data and the purpose of its processing. If you wish to do this, please contact us under https://en.volleyballworld.com/cookie-policy. We may require you to provide verification of your identity and to pay an administration fee to provide a copy of the information we hold. Please note that in certain circumstances we may withhold access to your information where we have the right to do so under current data protection legislation.

  • Your right to rectification/erasure of your data (see sec. 16 GDPR)

You have the right to obtain from us without undue delay the rectification of inaccurate data concerning you.

  • Your right to erasure of your data / “right to be forgotten” (see sec. 17 GDPR)

You have the right to obtain from us the erasure of data concerning you without undue delay and we shall have the obligation to erase your data without undue delay.

  • Your right to restrict the processing (see sec. 18 GDPR)

You have a right to obtain from the us a restriction of processing.

  • Your right to data portability (see sec. 20 GDPR)

In cases where the data has been provided based on your consent or on a contract and the data processing is carried out by automated means, you have the right to receive from us the data held about you in a structured, commonly used and machine-readable format and you have the right to transmit this data to another controller without hindrance from us.

  • Your right to object (see sec. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of your data.

  • Your right to withdraw your consent

Where the processing of your data is based on your consent, you have the right to withdraw consent at any time by informing us under the above-mentioned e-mail-address. This, however, does not affect the lawfulness of processing based on your consent before the withdrawal.

  • Your right to lodge a complaint (see sec. 77 GDPR)

You may at any time lodge a complaint with a supervisory authority, in particular in the state where you are habitually resident. The competent supervisory authority for Switzerland is the Federal Data Protection and Information Commissioner ().

For the execution of and further information about your rights please contact us under data.privacy@volleyball.world

.IV. Links

Our Websites, Platforms, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others including members of our groups, our partner networks or advertisers and/or social networks as offered to you and supported by your browser. The Personal data that you provide through those other websites is not subject to this Data Protection Information and the treatment of your Personal data by the operators of such websites is not our responsibility. If you follow a link to any of these websites, please note that the operators of those websites may have their own privacy policies which set out how your information is collected and processed by them. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of entities through which you choose to share.

V. Minors

We do not focus our data processing activities on minors. If you are a minor under the age of sixteen (see sec. 8 para. 1 GDPR), please read this Data Protection Information carefully in the company of your legal guardians and provide your personal information only if your legal guardians have given consent thereto.

VI. Security

We have implemented reasonable technical and organisational measures designed to secure your data from accidental loss and from unauthorised access, use, alteration or disclosure. However, the internet is an open system and we cannot guarantee that unauthorised third parties will never be able to defeat those measures or use your personal information for improper purposes.

VII. Changes

This Data Protection Information may be amended from time to time. If we amend it, we will place an updated version on our Websites/Platforms. Regularly reviewing this page ensures that you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties. If we make any substantial changes in the way we use your personal information we will notify you by posting a prominent announcement on the Websites/Platforms or directly inform you (e.g. via e-mail).

Version: March 2021