Data Processing Agreement

We are Pllinx Ltd and when, as a data controller, we process your personal information on your behalf in your use of our App or Portal, we will comply with the following terms:

1.1 Records: We will keep records to demonstrate our compliance with the requirements in this clause.
1.2 Security: Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we will implement and maintain appropriate technical and organisational measures to ensure the security of all personal data against unauthorised or unlawful processing or accidental loss, destruction or damage.
1.3 Data transfer outside of the EEA: We will only transfer personal data outside the EEA where we have complied with our obligations under Applicable Data Protection Laws in ensuring adequate safeguards in relation to such transfer. As an Athlete User and parent/guardian, you consent to university athletics departments and coaches in the United States viewing your Content for the purposes outlined in this Agreement.
1.4 Assistance: We will provide reasonable assistance, as requested by you, in any data protection impact assessments or investigation or consultation with any data privacy supervisor authority or in relation to the exercise by a data subject of his/her rights under the Data Protection Laws.
1.5 Data Subject Request: We will notify you if we receive a request from a data subject under any Data Protection Laws; and will not respond to that request except on your documented instructions or as required by Data Protection Laws.
1.6 Employee Obligations: We will take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to your personal data, ensuring in each case that access is strictly limited to those individuals who need to access the personal data. We will ensure that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
1.7 Sub-processors: You consent to our use of sub-processors to process personal data on our behalf in connection with this Agreement. We will impose upon any sub-processor the same obligations related to the processing of personal data as set out in this Agreement and we are liable for any breach of this clause 9 that is caused by an act or omission of our sub-processor. We will provide you details of our sub-processors upon written request.
1.8 Data Breaches: In case of any data breaches and other events where the security of personal data has been compromised or we suspect it may have been compromised, we will, without delay, notify you of the data breach and provide all pertinent information relating to the breach.
1.9 Return or Deletion of personal data: We may only process personal data for as long as needed to comply with our obligations under this Agreement or in order to comply with applicable law. You may, within 14 days of the End Date, ask us to return, at your cost, a complete copy of all your personal data. If we do not receive such request, we will, within 30 days of the End Date, delete all copies of your personal data.
1.10 Audit: On reasonable notice (which shall not be less than 14 days) you, or such professional auditor appointed by you, may audit our compliance with the data processing terms of this Agreement and the Data Protection Laws. Such audit must be conducted so as to reduce the impact on is and we cannot be compelled to provide information relating to third parties. You will reimburse our reasonable costs in complying with the audit.

The Data Protection Laws are the EU General Data Protection Regulation 2016/679 and the national laws that implement the GDPR into national laws (including the Data Protection Act in the UK) and any other applicable data protection laws. The terms, such as personal data, data processor and data controller have the meaning given to them under the Data Protection Laws.