Privacy Policy

1. About us

Kitman Labs Limited is incorporated in Ireland under company registration number 518477 (Company). Our registered office and principal place of business is Block B, 4th Floor, Joyce’s Court, Talbot Street, Dublin 2. The principal offices of our US subsidiary are at Suite 250, 545 Middlefield Road, Menlo Park, CA 94025. Our contact details can be found on our website at www.kitmanlabs.com. The Company may from time to time have other subsidiaries or holding companies in parts of the world where we do business but the Company remains at all times the primary holder and custodian of personally identifying information (also known as ‘personal data’) which we receive, hold and process in relation to living individuals.

Our business and operations are governed primarily by the Irish Data Protection Acts 1988 to 2003 which implement European Union Directive 95/46/EC on Data Protection. We are subject to the jurisdiction of the Irish Data Protection Commissioner: www.dataprotection.ie. Where applicable, local laws (such as the US Health Insurance Portability and Accountability Act of 1996) may also apply to your situation. 

Our business involves collecting, analysing and reporting on health and non-health related information concerning individuals (mainly professional athletes) who are employed or contracted by our customers.

2. About this privacy policy

This privacy policy sets out what personal data we collect through our websites and mobile applications (e.g., iPhone applications, iPad applications, Android applications, etc.), our other applications, interactive features, widgets and resources through traditional Internet websites, mobile devices and other platforms (including social media sites), the purposes for which we collect it, how we use such personal data and the people to whom we may disclose it, what steps we take to safeguard personal data which we hold and our other obligations in that regard.

3. What personal data do we collect?

The personal data we collect and process can be described under three categories: (a) personal information, (b) health information, and (c) performance information. 

The personal information we collect concerns athletes as well as coaching staff and other personnel and consists of full name, email address, photos, position/role, height, weight, date of birth, gender, country of birth, passport information, location, computer information (such as your IP address and “cookie” preferences) and squad/team/organisation/association information). 

The health information we process relates to athletes only and spans both objective measurable data and subjective well-being data. It comprises range of motion for various joints, neuromuscular and biomechanical data, psychological and physiological data, self and externally perceived well-being information, information on past and current injuries, notes made by physicians and other medical practitioners, information concerning relevant medical treatments, diagnostic information and information concerning medication as well as extended medical information such as surgical history, medical history and details of allergies). 

The performance information we process relates to athletes only and comprises technical performance information, information obtained from sensors worn by athletes both during training and while playing competitively and third party performance information gleaned from statistical and observational analysis of athletes’ in-game activities).

We also automatically collect certain non-personal information relating to the use of our services. This usage data may include information about the computer or device you use to access the services, including the hardware model, operating system and version, MAC address, unique device identifier (“UDID”), phone number, International Mobile Equipment Identity (“IMEI”) and mobile network information. We may also automatically collect and use the usage data contained in log files. The information in log files may include your ISP, the Web browser you used to visit the service, the time you visited the services, which web pages you visited on the services, and other anonymous information. If we begin to collect and process information other than that set out above, we will update and revise this privacy policy accordingly.

4. For what purposes do we collect personal data?

We collect and process personal data primarily in order to allow us to provide services to our customers including amateur and professional sports teams and representative organisations. In so doing we may process your information for the following purposes:

• Providing you with access to and the benefit of Kitman Labs’ services;

• Following up any payments that our customers may owe us,

• Administering contractual agreements or arrangements necessary to provide services to you;

• Enhancing and personalising the services that we offer to you;

• Administering our accounts and administrative records;

• Communicating with you on any matter relating to the provision generally of our services;

• Dealing with your inquiries and requests, including contacting you if necessary;

• Carrying out our obligations arising from any contracts entered into between you and us or between us and our customers;

• Contacting you for your views on our services and notifying you occasionally about important changes or developments to our services;

• Carrying out market research campaigns;

• Improving and developing our services;

• Ensuring that content delivered as part of our services is presented in the most effective manner for you and for your computer or mobile device; and

• Performing specific research on athletes and subject-areas as well as statistical analysis and machine-learning, market analysis and producing reports.

We also have two secondary purposes for which we collect this personal data. In each case they relate to anonymised and aggregated information only. The first is for general research purposes and the second is for general statistical analysis and publication. Information which has been anonymised in the manner described above ceases to constitute personal data from the time that it has been fully anonymised. 

We collect non-personal usage data to help us understand how our users use our services and to support,maintain, and improve the services.

5. How do we use personal data and to whom do we disclose it?

We process personal data as set out above by storing the information, aggregating all of the sources of information which we receive and making them available to players and teams (or other organisations) in one unified dashboard so as to make the information more actionable. We also apply algorithmic and statistical analysis to the information to try and predict when the risk of injury is greatest. We also assist players and teams to gauge the risk associated with varying levels of training or playing intensity and duration at a particular time and endeavour to identify ways in which players can make the most impact in any given set of circumstances. 

Allied to the secondary purposes for which we collect information, we anonymise personal data in order to enable us to carry out general research and statistical analysis thereon without the risk of individuals’ personal data being compromised. 

We use a range of monitoring and profiling tools, both hardware and software, to gather, organise and analyse the data which we obtain and hold. 

We disclose sensitive personal data (such as health information) only to players, the teams or other organisations that employ them, their respective physicians and other allied medical practitioners (such as physiotherapists) as well as coaching and administrative staff within the organisation. We also disclose such data where we compelled to do so by law. In situations of emergency when we have a reason to believe that the physical safety of any person is at risk, we may disclose sensitive personal data to any relevant third party. Where we disclose sensitive personal data as set out above in the ordinary course of providing services to our customers and the athletes employed by them, we disclose such data in a controlled and managed way to designated representatives of the organisation concerned and at all times we offer tools to our customers to allow detailed control of what specific individuals can access specific types of information. It is a matter for such organisations and the athletes employed by them to ensure that such data is used and handled appropriately within the relevant organisation.

We disclose non-sensitive personal data to the people identified in the previous paragraph and also to organisations to whom we outsource services, and our business partners and associates and to any third party where such disclosure is required in order to enforce the terms of our agreements with customers and/or to protect the rights, property or safety of our company, our customers and others. We also disclose non-sensitive personal data in certain circumstances to regulatory bodies for the purposes of monitoring and/or enforcing our compliance with any regulatory rules/codes or where required by law, regulation or legal proceedings and to any competent authority in response to a valid, legally compliant request by such an authority provided always that in each such case we endeavour to minimise the level of personal data that is disclosed at all times.

In addition, we disclose both sensitive and non-sensitive personal data to our staff, service providers and any contractors who assist us in providing services as set out and who have a need to access personal data. We also disclose information to service providers (such as providers of hosting services) whose services are necessary for us to provide our services to customers in a cost-effective manner. 

We disclose personal data to third parties only pursuant to written agreements that give reasonable assurance as to the continuing confidentiality and security of personal information with which we are entrusted by our customers or as we are required to do by law or the order of any court of competent jurisdiction.

We do not disclose personal data to third parties for their direct marketing purposes. 

The data you provide to us may be transferred to third parties located outside the European Economic Area (EEA). Countries outside the EEA do not always have adequate data protection laws and security measures. However we will take reasonable steps to ensure that your data is processed by third parties only in accordance with the Acts and our privacy policy. 

We may disclose information including personal data if we are acquired or merge with another entity or in connection with a sale of our assets. In such instance, personal data will only be provided to the acquirer if the acquirer will be continuing to provide services to Company customers in substantially the same manner as the Company has.

6. What security protocols do we apply?

All personal data is held on dedicated and encrypted servers and behind secure firewall(s). Access is restricted by secure authentication mechanisms. Personal data is generally made available only to those who have a need to access it and for third parties it is made available only by accessing through a dashboard which does not permit access to the underlying data itself. Despite these protocols, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect personal data, we cannot and do not guarantee or warrant the security of any information you transmit to or from the services.

7. Our other obligations

We strive to ensure that all information we collect and process is accurate, complete and up-to-date. Our customers undertake to us that all information they provide to us will meet this standard. However, since we draw information from a number of different sources, we cannot guarantee that all information we receive and process will at all times be wholly accurate, complete and up to date, even though we make every effort to ensure that this is the case. If at any stage you have a concern about any information which we hold, we would very much appreciate you letting us know by email to privacy@kitmanlabs.com.

We are firmly of the view that the information we collect and process is both sufficient in order for us to provide high-quality services to our customers but also does not involve the collection or processing of more information than is necessary.

We undertake to delete the personal data of all data subjects who use our services one year after they cease to be an employee or contractor of a customer of Kitman Labs unless we are requested to retain the information for longer either by our customer or by any individual about whom we hold personal data.

8. Your right of access

You have the right to obtain access to any personal data we hold on you from time to time and you can request same by notifying us in writing or by email to privacy@kitmanlabs.comWe reserve the right to seek and obtain satisfactory proof of identity and to charge whatever fee may be permitted by applicable law in relation to any such access request. 

If you believe that any personal data which we hold concerning you is inaccurate or otherwise incorrect we will be pleased to rectify any such error but please note that rectification may require us to consult with any relevant customer of the company in order to verify any alleged inaccuracy.

9. Cookies

We use cookies to store and collect information about your use of our services. Cookies are small text files stored by the browser on your equipment's hard drive. They send information stored on them back to our web server when you access our site. These cookies enable us to put in place personal settings and load your personal preferences to improve your experience. You can find out more about cookies at www.allaboutcookies.org.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our services. By using our services, you consent to the processing of data about you by the company in the manner and for the purposes set out above.

The services do not respond to web browser “do not track” signals or other mechanisms that provide users the ability to exercise choice regarding the collection of personal data about an individual consumer’s online activities over time. Visit www.donottrack.us to find out more about “do not track.”

10. Children's Privacy Statement

We do not knowingly collect personally data from children under the age of 13. If we become aware that we have inadvertently received personally data from a user under the age of 13, we will delete such information from our records.

11. Your consent

Teams and other organisations that engage our services have committed to us in writing that they have obtained all necessary consents (including the consent of the athletes they employ or otherwise engage) to the performance of those services. Although Kitman Labs merely processes such information on behalf of its customers, we have elected separately to re-confirm the consent of all athletes to the processing of their data as set out above by means of this privacy policy and an acceptance option which is accessible to all athletes as part of their accessing our services.

You can withdraw your consent at any time on notice in writing to our office in Dublin as set out above and we will thereafter stop collecting personal data in relation to you and we will cease further processing of the information we hold (although we will continue to retain a copy of such information for archival and verification purposes).

12. Miscellaneous

This privacy policy may be amended from time to time by means of a revised version being posted to www.kitmanlabs.com/privacy. Whenever it is amended we will ask all users to re-confirm their agreement for personal data to be processed as set out in this policy. 

All notices to Kitman Labs in relation to this privacy policy shall be addressed to the Data Protection Officer at the company’s address in Dublin or sent by email to privacy@kitmanlabs.com

This privacy policy is governed by and shall be construed in accordance with Irish law. Any dispute, difference or controversy arising out of this privacy policy shall be subject to the exclusive jurisdiction of the Irish courts.