Privacy Policy
1. Introduction
This version of this Privacy Policy is effective as of 25 May 2018. On this date, the General Data Protection Regulation (“GDPR”), which protects natural persons in connection with the processing of personal data and concerning the free movement of such data, has come into effect. GDPR also replaces the Belgian Act of 8 December 1992.
On the one hand, GDPR defines a number of rights for natural persons whose personal data is processed, but on the other hand it also imposes specific obligations on organisations and companies that process such personal data.
This Privacy Policy describes how and when we collect, use and share your personal data and information when you use our website, available on tournamentcenter.biz and any subsite or application operated by or on behalf of us (referred to respectively as the “Service(s)” or “Website(s)”).
The terms of this Privacy Policy form part of our Terms and Conditions available on our website.
2. General
By visiting our Website or using our services, filling in and sending a contact form and/or contacting one of our employees, in any way whatsoever, you acknowledge and agree that your personal data will be processed as described in this Privacy Policy.
Nevertheless, you may object at any time to certain processing operations in certain circumstances; see §9 below. Please do not hesitate to contact us if you have any further questions and/or comments regarding this Privacy Policy; see §11 below.
3. Nature of the personal data we process
As part of our services, we have limited the processing of personal data to a strict minimum. The personal data processed by us relates in particular to:
- your surname and first name;
- your e-mail address, to the extent that it contains personal data;
We may also process data relating to your personal interests as provided by you during the registration process or otherwise.
We also collect and process data collected through your use of our Website (browsing). This data may include the date and time of your visit (time stamp), the type of browser you use, your IP address and the pages visited.
In this context, we may also collect data of a non-personal nature, such as browser type or IP address, the operating system you use or the domain name of the website through which you visited our Website. We only use this data to gain further insight into the use our users make of the respective website(s), in order to improve the functionalities and user experience. For this purpose, please see in particular the provisions on the placement and use of cookies in §10 below.
4. Objectives of the processing of personal data
The processing of this personal data by us has several objectives:
- if you expressly authorise us to do so: to send you newsletters or other messages containing commercial offers (by e-mail or at your physical address);
- when you enter into an agreement with us: to identify you in accordance with the applicable legal provisions (surname, first name, physical address, email, etc.);
- in any given circumstance, to authenticate you as a customer/user of our Website;
- if you also provide us with your e-mail address, we will use this personal data to send you information that is necessary in the first instance pursuant to carrying out our agreement(s) with you: the sending of notifications, confirmations, possibly invoices and reminders, etc.
Certain data that may qualify as personal data, such as account number, invoice number, etc., may be generated by us. This data is only processed by us pursuant to carrying out the agreement(s) you have concluded with us.
However, this transfer and provision is limited to strictly necessary processing in the context of our services, including administrative management, provision of information to and by the customer services department, etc.
5. Transfer of your personal data to third parties
In the context of certain of our services, we make use of one or more external service providers, in particular for the hosting and management of our website and any specific functionalities associated with it (e.g. sending newsletters, announcements, making reservations, etc.). The processing of personal data by these third parties is limited to purely technical support.
Apart from such processors, your personal data will only be used by our internal employees who are authorised to do so.
However, we may disclose your personal data to third parties in response to a request for information if we believe that the disclosure is in accordance with any applicable law, regulation or legal process, or as otherwise required by applicable laws, rules, regulations or contractual provisions, or if we believe that your actions are inconsistent with the spirit or language of our user agreements or policies, or to protect the rights, property and safety of us or others.
In the event that the provision of the service in question so requires, or in support of any technical, administrative and/or financial processing, your personal data may be transferred and processed to one or more third parties. We have concluded a separate agreement with these companies, in which the processing of personal data is expressly regulated and the possible exercise of rights of subjects’data is included.
In accordance with the relevant legal provisions, your personal data may also be transferred to government authorities.
6. No transfer of personal data to third parties for promotional purposes
Unless we have obtained your explicit and prior consent, we will not pass on your personal data to third parties for promotional purposes or commercial use by the latter.
7. Technical security measures
We have appropriate technical and operational measures in place to ensure that your personal data is protected against unauthorised access, deletion or alteration. We take reasonable steps to help protect information about you from loss, theft, misuse and unauthorised access, disclosure, alteration and destruction. However, as stated in our Terms and Conditions, you expressly acknowledge and accept that ‒ in general ‒ the transmission of information via the Internet is never completely secure, private or confidential. Therefore, any information sent or received from the Website or by using any of the services provided by us may be intercepted, decrypted, accessed and/or used by third parties, even if technology is used which encrypts such exchange of information.
In any event, we will continue to make every effort necessary to ensure that your personal data is protected in accordance with applicable laws and best practices.
8. Code of conduct for employees
Some of our employees have access to your personal data mentioned above, in which context they are bound by a strict code of conduct. This code of conduct includes, amongst other things:
- an undertaking to respect the confidentiality of personal data to which they have access in the course of their duties;
- the commitment to process personal data only in the performance of their duties;
- compliance with the relevant legal provisions.
9. Right to rectification, object, deletion and restriction of processing
For various services we offer, we give you the opportunity to exercise your right to rectification, object, deletion and/or restriction of processing of personal data.
Right to rectification
If you are a customer or a registered user of the services provided by us, you may amend, update or rectify any personal information you have provided to us in connection with your account and user profile, if and when applicable. To do so, please send us a written request, as provided below.
Automatic Data Deletion
Unless otherwise agreed, all personal information collected by us via the Website or the services provided will automatically be deleted after a period of ten years following the termination of the agreement between you and us. Consequently, your data will only be stored for the legally prescribed period.
Exercise of rights
The exercise of these rights can take place as follows:
- in writing: by sending a registered letter to tournamentcenter BV, Sluis 2 E1 Box 1, B-9810 Eke, setting out which rights you wish to exercise, along with a copy of your identity card (front and back); electronically: by sending a registered letter to info@tournamentcenter.biz, setting out which rights you wish to exercise, along with a scan of your identity card (front and back).
Please keep in mind that exercising one or more of the above rights:
- for a given service, does not necessarily have an impact on your data provided in the context of another service provided by us (e.g. if you have different logins or account numbers). If you also wish to make this change or amendment for one or more other of our services, you will have to repeat this request one or more times;
- can in certain circumstances be totally or partially denied or limited, which refusal will be explained in our answer, to the relevant circumstance with reference to Frequently Asked Questions. By way of example, these reasons may include: the fact that we must retain certain data for a legally defined retention period, if the processing of personal data is essential for
the execution of the contract, etc.); - may in certain circumstances result in the suspension or termination, in whole or in part, of the contractual relationship with regard to the provision of such service.
10. Cookies
We may use information about you to personalise and improve our services and to provide content or features that match user profiles or interests and to monitor and analyse trends, usage and activities related to our services. In doing so, we use a variety of technologies to collect information, including sending cookies to your computer or device.
Cookies are small text files stored in the memory of the device that allow us to improve our services and your user experience, see which pages are popular and record the number of visits to our Website.
We use both functional and analytical cookies.
Functional cookies are essential for the use of our websites, store, amongst other things, user preferences and are not shared with third parties. Analytical cookies help us improve our website by providing us with information about how users interact with our websites, such as the number of visitors to the website, the pages they visit and the time they have spent on the website. These cookies do not collect information that identifies a visitor.
All information collected by these cookies is aggregated and therefore anonymous.
Most Internet browsers allow you to delete cookies from your hard drive, reject cookies or receive a warning before a cookie is installed. Please refer to the instructions or help function of your Internet browser for more details, or visit www.allaboutcookies.com.
Please note that if you choose to block, delete or reject cookies, this may adversely affect the availability and functionality of the Website and the services we provide.
11. Questions and complaints; exercise of rights by the person concerned
If you have any questions about how we process your personal data, if you wish to review, rectify, update or delete your personal data, or if you wish to make a complaint, please contact us at the following email address: info@tournamentcenter.biz. With regard to the exercise of your rights: in order to prevent us from making your personal data available, modifying it, restricting its processing or deleting it as a result of a third party request (and therefore not yourself), we ask you to send us a copy of your identity card (front and back) together with the request ‒ which must be in writing, dated and signed ‒ at the following e-mail address info@tournamentcenter.biz or by letter sent to the address listed above.
In this situation, you can submit a complaint to the Belgian Data Protection Authority, rue de la Presse 35, 1000 Brussels.
12. Amendments to this Privacy Policy
We reserve the right to revise this Privacy Policy from time to time.
In addition to the fact that such amendments are notified on our Website(s), we may, in certain circumstances, send you an additional notification, and/or display a separate notice on the Website or within the user area. In any event, we encourage you to review the most current version of this Privacy Policy when you visit our Website so that you are aware of our processing operations and the ways in which your privacy and personal data is protected.
Privacy Policy for Play! Pokémon Team Challenge
tournamentcenter provides an online event registration and management software system, that is used in connection with trading card and video game tournaments.
This privacy policy describes the treatment of information provided or collected on the sites and applications where this privacy policy is posted, whether on our digital properties or on applications we make available on third-party sites or platforms.
By ticking the “I agree” button on our site, you give your duly consent in agreeing and accepting the terms of this privacy policy.
Please keep in mind that when you provide information to us on a third-party site or platform, the information you provide may be separately collected by the third-party site or platform. tournamentcenter is not responsible for, and will assume no liability, if a business partner or other entity whom you have authorized collects, uses or shares any information about you in violation of its own privacy policy or any applicable laws, rules or regulations.
Our Commitment to you
We follow this privacy policy in accordance with applicable law in the places where we operate. We value and respect your privacy.
We encourage you to read this Privacy Policy carefully.
What personal information do we collect
We may collect, store and use the following kinds of personal information:
- When you visit the Site or Services, we automatically collect certain information about your device and about your visits to, and use of, this website including information about your web browser, mobile device, you unique device identifiers, software and hardware attributes (including the type of operation system you use), your internet provider address, approximate geographical location, browser type and version, referral source, length of visit, page views, website navigation and details also some of the cookies that are installed on you device;
- Personal information that you provide to us for the purpose of registering with us (for example your birthday, e-mail address, your first and last name, your residence,…);
- Information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters;
- Any other information relevant to … (the website) such as participation data and raw penalty data. Similary when you create and/or save your raw decklist data with the services “decklist creator”, we retain this data. Finally, the Services generate and save online pairing data of you
and other participants form each event (the pairing data). For the avoidance of doubt, your Penalty date, decklist data and piring data necessarily includes your personal information, and to the extent that it does, such data will be treated in accordance with this Privacy Policy.
Cookies and Similar Technologies
We use Cookies and similar technologies to enable our systems to recognize your browser/device and to provide certain features. We also collect some Device information and Usage Information using such technologies.
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. A cookie may enable the website owner to track how a visitor navigates through its website and the areas in which they show interest. This is similar to a traffic report: it tracks trends and behaviors, but does not identify individuals. Information gathered may include date and time of visits, pages viewed, time spent at the site, and the website visited just before and just after a visit to our Services. Cookies can be set to expire: (1) on a specified date; (2) after a specific period of time; (3) when a transaction has been completed; or (4) when a user turns off his/her Internet browser. A cookie that is erased from memory when a visitor’s Internet browser closes is called a “session” cookie. Cookies that expire based on a time set by the Web server are called “persistent” cookies. Our Services may use both “session cookies” and “permanent cookies.” Most people do not know that cookies are being placed on their computers when they visit our Service or most websites because browsers are typically set to accept cookies. For more information about cookies, and how to disable cookies, visit www.allaboutcookies.org.
- “Log files” track actions occurring on the Services, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Services. We also collect or receive various Usage Information and Device Information from third party analytics providers, such as Google and Facebook, as well as from other advertising networks. You have a variety of tools available to control the data collected by cookies, web beacons, and similar technologies. For example, you can use controls in your Internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking certain non-strictly necessary cookies. Note that if you disable cookies, there may be parts of our Services that may not function properly.
For what purpose do we use your personal data?
Processing your transaction
The Service Provider collects personal data to be able to process your reservation and to keep you up to date on the event for which you purchased tickets, such as to ensure that the transaction runs smoothly.
Market research
Based on this data, a customer satisfaction survey or market research can also be organised. Of course, you can choose not to participate.
Direct marketing
The data will also be used for direct marketing for similar events in the Service Provider product range.
Profiling
On the one hand, the Service provider uses the combination of the data you provided and your use of its sites to offer you an optimal surfing experience. On the other hand, we use this information to keep you up to date of a customised range of products – after approval – by e-mail.
Transmission to third parties
Sale of personal data and/or personal profiles: As long as you give your explicit permission, your data can be transmitted to our partners, to enable them to provide you with personalised offers – possibly based on your marketing profile – or to be able to conduct market surveys or to further commercialise this data. In this context, your data will also be used to validate, correct or link together data that is already present in these companies’ databases.
With your permission, your data will also be delivered to the organiser of the event for which you purchased tickets. The organiser can use your data for communication relating to the event or to offer other events. You can read more about this in the organiser’s own privacy statement.
Upon the purchase of a ticket with package formula, your data will also be sent to the organiser of the relevant event. After all, to complete the processing of these packages, they must have your data and your order. The organiser cannot use your data for other purposes.
We can share your data with our external service providers to the extent that this is required to enable them to provide their services. In this case, we enter into an agreement with them to ensure conformance with the General Data Protection Regulation (GDPR).
Determining the legality of transactions
Personal data can be used for the prevention or detection of crimes, such as the resale of tickets on the black market, fraud relating to electronic payments, intellectual property violations or other crimes.
Processing job applications
If you apply for a job at The Service Provider your data will be retained for the handling of the application procedure.
Test data for new developments
Personal data can be used to test new software developments on behalf of The Service Provider. In some cases, the data will be exported to a third party, who will take responsibility for the testing of the nieuw developed applications and can only use your data for this purpose. In all cases, the necessary security measures will be taken.
How do we share the information we collect?
We may share your Personal Information with others for the purposes described below:
- We may share your Personal Information whenever you specifically consent to us doing so. While we will seek your consent as needed, upon registration for an Event, you specifically consent to the following uses and disclosure of your Personal Information:
- We need to share your Pairing Data, including your name, player ID, etc., with Event staff and Event participants for purposes of pairing Event participants and during tournament play.
- We need to share your Penalty Data, including your name, player ID, etc., with Event staff, Event organizers, and TPCi, pursuant to our contractual agreements with the Event organizer and/or TPCi. We may also share your Penalty Data with Event organizers who consent to the
disclosure of such information for reporting purposes. - We need to share your Decklist Data and Event results (i.e. TCG Masters Day Two, TCG Seniors Top 8, and Juniors Top 8), including your name, etc., with Event organizers for publication on organizer’s website.
- We may share or disclose your Personal Information where necessary to provide you with the Services and/or associated services, including with trusted third-parties who assist in operating the Services, providing any associated to tournamentcenter services, and otherwise conducting our business.
- We use third parties, such as Stripe, to process payment transactions as part of your Event registration and to facilitate fraud protection. You share your Payment Information directly with these third parties. Stripe and other third-party entities may use your information for
their own purposes, including to service accounts you have with them. Please review their respective privacy notices to understand how they use your information. - We may share your Personal Information, where necessary, with tournamentcenter’s parents, subsidiaries, successors, assigns, licensees, affiliates, or business partners.
- We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
- We may share your Personal Information when doing so is needed to help prevent against fraud or the violation of any applicable law, statute, regulation, ordinance, or treaty.
- We may disclose Personal Information you provide us in connection with the sale, assignment, or other transfer of the business or a portion of the business of the Site, including a corporate merger, consolidation, restructuring, sale of assets, or other corporate change of our company.
Without limiting the foregoing, tournamentcenter currently shares your Personal Information with the following third-parties: Freshdesk; Google Cloud Platform; Sendgrid Stripe; RK9.
Aggregated Data
We may aggregate and/or de-identify any Personal Information, Usage Information or Device Information that you provide or we collect, such that the information no longer identifies any specific individual. We may use, disclose and otherwise process such information for our own legitimate business purposes – including historical and statistical analysis, reports, marketing, and business planning – without restriction. However, if we combine or connect any aggregated data with your personal data so that it can directly or indirectly identify you, we treat this combined data as Personal Information which will be used in accordance with this privacy notice.
Communications
General
When you provide us consent to do so (either upon contacting us through our Services or through our normal marketing communications), we will communicate with you through general marketing communications. You must affirmatively opt-in to receive these communications before you receive them. Currently tournamentcenter does not employ the use of marketing communications, however we may in the future.
Third-party Marketing
We do not share your Personal Information with any company outside the Tournament group (or other third parties listed herein) for marketing purposes.
Your right of access and inspection of your personal data
You have a number of rights relating to the processing of your personal data. To exercise these rights, you must send an e-mail to: info@tournamentcenter.eu . Your request will be processed within one month. If your request cannot be honoured, The Service Provider will inform you of the reason for this.
Right of inspection
You have the right to inspect the data you have provided and to manage your preferences, for example with regard to mailing.
Right of correction or deletion
You have the right to correct inaccurate or incomplete personal data or to have the data deleted. If your data was provided to third parties with your permisison, these third parties will also be asked to implement the requested modifications. You will be informed of that.
Right to be forgotten
You have the right to request ‘to be forgotten’ and to be deleted from the database. In some cases, this request can be refused, for example if the data is required for the implementation of the agreement or due to other legislation (e.g. compliance with fiscal legislation). If your data is made available to third parties, your request to be forgotten will also be forwarded to these third parties. You will be informed of this.
Right of objection
You have the right at all times to object to the processing of your data that will be made based on the legitimate interests of The Service Provider or its combined controllers. You can also object to the processing of your data for direct marketing, including profilering.
You can also do that by using the unsubscribe link at the bottom of the e-mail message sent to you.
Automated decision-making and profiling
You have the right not to be subjected to a fully automated decision-making, unless this is necessary for the implementation of the agreement, is legally permitted or has your explicit permisison. If such a decision arises, you have the right to make your views on the matter known, to challenge this decision or to demand a human intervention from the Service Provider.
During your initial contact with us, you are informed of the use of tracking cookies. These enable us to build profiles based on your use of the website and effective behaviour (purchase history). Based on these profiles, the communication in e-mails and on the web will be personalised. You can object to this by turning off the cookies, either in the website’s cookie settings, or on the browser. You will then only still receive standard newsletters and only see a standard website (without personal recommendations).
Right to data portability
You have the right to have personal data provided transferred to another processor in a structured, common and legible form.
Right to lodge a complaint with supervisory authorities
If you have specific complaints regarding the privacy policy of the Service Provider, you can contact the supervisory authority (Belgian Data Protection Authority).
Retention period of the data
The Service Provider has generally designated the retention period of its client data at 10 years. This period was designated based on practical considerations, such as the user-friendliness for the customer, the relevance of the data that must often be retained for a period of at least 10 years, the accounting obligation to retain the data for a period of 10 years and the technical feasibility.
If you are no longer active for a period of 10 years or have not contact The Service Provider again, you will receive an e-mail with the question of whether we can deactivate your account.
The personal data of sollicitants will, in principle, be deleted at the end of the procedure, unless this relates to functions for which a pool will be established and with the specific knowledge of the applicant. If explicit permission is obtained, it is possible that the data will be retained longer for certain profiles, but never for more than 5 years.
Transmission of data to third-party countries
Data will only be transmitted within the EU through the partners with which the Service Provider works.
Data security
The Service Provider will do everything possible to protect its customers against unauthorised access to or unauthorised modification, publication or destruction of the data in its possession.
To do this, the follow security measures among others will be utilised:
– Technical security measures:
- Internal files will be saved at a location accessible (only) to those individuals that require these files in the context of processing, such as customer service regarding repayments or overpayment/underpayment.
- The internal ticketing applications are equipped with a personalised login and password. When these applicaties are consulted externally, an additional username and paswoord will be required.
- Backups will be made daily and saved at various locations. These backups will be retained for at least 30 days to be able to retrieve the data in the event of loss and to ensure continuity.
- External access to the ticketing applications is always provided by means of a secured URL (https).
- Firewalls protect our internal networks against external access.
- All internal systems are or will be provided with the requisite EndPoint Protection (Antivirus, Antimalware, etc.).
- The passwords of all users will be stored in encrypted form.
- All of the communication between the various ticketing components will be sent over encrypted connections.
- If data is exchanged for testing purposes, certain data will be pseudonymised and anonymised (such as names and e-mail addresses).
– A thoroughly planned internal privacy policy
– The entry into agreements with third parties that have access to the database for the purpose of ensuring conformity with the GDPR.
Changes to the Privacy policy
In the event of changes to the current privacy policy, we will inform you of that by e-mail. The latest version always available for you to consult on the website.
Suspected Violations
If at any time you believe we have not adhered to the policies and principles set forth in this Privacy Policy, please notify us using the contact information provided below. We will make all commercially reasonable efforts to promptly respond to your concerns.
Children’s privacy
We recognize the need to provide further privacy protection with respect to personal information we may collect from children on our site and / or application. The online tournament is age-gated and not available for the use by children younger than 15 years. When we intend to collect personal information from children, we take additional steps to protect children’s privacy, including:
- Notifying parents about our information practices with regard to children;
- In accordance with applicable law, we obtaining consent from parents for the collection of personal information of their children;
- Limiting our collection of personal information from children to no more than is reasonable necessary to participate in an online activity and
- Giving parents the ability to request access tot personal information we have collected from their children and the ability to request that the personal information be changed or deleted.
Contact
The general information for The Service Provider is available on the website. If you have questions or comments relating to our privacy policy, we recommend that you send an e-mail to: info@tournamentcenter.eu This e-mail will be received directly by the The Service Provider DPO team. We will always respond to your question within one month.