1. About us
Kitman Labs Limited is incorporated in Ireland under company registration number 518477 (Company). Our registered office and principal place of business is Block B, 4th Floor, Joyce’s Court, Talbot Street, Dublin 2. The principal offices of our US subsidiary are at Suite 250, 545 Middlefield Road, Menlo Park, CA 94025. Our contact details can be found on our website at www.kitmanlabs.com. The Company may from time to time have other subsidiaries or holding companies in parts of the world where we do business but the Company remains at all times the primary holder and custodian of personally identifying information (also known as ‘personal data’) which we receive, hold and process in relation to living individuals.
Our business and operations are governed primarily by the Irish Data Protection Acts 1988 to 2003 which implement European Union Directive 95/46/EC on Data Protection. We are subject to the jurisdiction of the Irish Data Protection Commissioner: www.dataprotection.ie. Where applicable, local laws (such as the US Health Insurance Portability and Accountability Act of 1996) may also apply to your situation.
Our business involves collecting, analysing and reporting on health and non-health related information concerning individuals (mainly professional athletes) who are employed or contracted by our customers.
3. What personal data do we collect?
The personal data we collect and process can be described under three categories: (a) personal information, (b) health information, and (c) performance information.
The personal information we collect concerns athletes as well as coaching staff and other personnel and consists of full name, email address, photos, position/role, height, weight, date of birth, gender, country of birth, passport information, location, computer information (such as your IP address and “cookie” preferences) and squad/team/organisation/association information).
The health information we process relates to athletes only and spans both objective measurable data and subjective well-being data. It comprises range of motion for various joints, neuromuscular and biomechanical data, psychological and physiological data, self and externally perceived well-being information, information on past and current injuries, notes made by physicians and other medical practitioners, information concerning relevant medical treatments, diagnostic information and information concerning medication as well as extended medical information such as surgical history, medical history and details of allergies).
The performance information we process relates to athletes only and comprises technical performance information, information obtained from sensors worn by athletes both during training and while playing competitively and third party performance information gleaned from statistical and observational analysis of athletes’ in-game activities).
4. For what purposes do we collect personal data?
We collect and process personal data primarily in order to allow us to provide services to our customers including amateur and professional sports teams and representative organisations. In so doing we may process your information for the following purposes:
• Providing you with access to and the benefit of Kitman Labs’ services;
• Following up any payments that our customers may owe us,
• Administering contractual agreements or arrangements necessary to provide services to you;
• Enhancing and personalising the services that we offer to you;
• Administering our accounts and administrative records;
• Communicating with you on any matter relating to the provision generally of our services;
• Dealing with your inquiries and requests, including contacting you if necessary;
• Carrying out our obligations arising from any contracts entered into between you and us or between us and our customers;
• Contacting you for your views on our services and notifying you occasionally about important changes or developments to our services;
• Carrying out market research campaigns;
• Improving and developing our services;
• Ensuring that content delivered as part of our services is presented in the most effective manner for you and for your computer or mobile device; and
• Performing specific research on athletes and subject-areas as well as statistical analysis and machine-learning, market analysis and producing reports.
We also have two secondary purposes for which we collect this personal data. In each case they relate to anonymised and aggregated information only. The first is for general research purposes and the second is for general statistical analysis and publication. Information which has been anonymised in the manner described above ceases to constitute personal data from the time that it has been fully anonymised.
We collect non-personal usage data to help us understand how our users use our services and to support,maintain, and improve the services.
5. How do we use personal data and to whom do we disclose it?
We process personal data as set out above by storing the information, aggregating all of the sources of information which we receive and making them available to players and teams (or other organisations) in one unified dashboard so as to make the information more actionable. We also apply algorithmic and statistical analysis to the information to try and predict when the risk of injury is greatest. We also assist players and teams to gauge the risk associated with varying levels of training or playing intensity and duration at a particular time and endeavour to identify ways in which players can make the most impact in any given set of circumstances.
Allied to the secondary purposes for which we collect information, we anonymise personal data in order to enable us to carry out general research and statistical analysis thereon without the risk of individuals’ personal data being compromised.
We use a range of monitoring and profiling tools, both hardware and software, to gather, organise and analyse the data which we obtain and hold.
We disclose sensitive personal data (such as health information) only to players, the teams or other organisations that employ them, their respective physicians and other allied medical practitioners (such as physiotherapists) as well as coaching and administrative staff within the organisation. We also disclose such data where we compelled to do so by law. In situations of emergency when we have a reason to believe that the physical safety of any person is at risk, we may disclose sensitive personal data to any relevant third party. Where we disclose sensitive personal data as set out above in the ordinary course of providing services to our customers and the athletes employed by them, we disclose such data in a controlled and managed way to designated representatives of the organisation concerned and at all times we offer tools to our customers to allow detailed control of what specific individuals can access specific types of information. It is a matter for such organisations and the athletes employed by them to ensure that such data is used and handled appropriately within the relevant organisation.
We disclose non-sensitive personal data to the people identified in the previous paragraph and also to organisations to whom we outsource services, and our business partners and associates and to any third party where such disclosure is required in order to enforce the terms of our agreements with customers and/or to protect the rights, property or safety of our company, our customers and others. We also disclose non-sensitive personal data in certain circumstances to regulatory bodies for the purposes of monitoring and/or enforcing our compliance with any regulatory rules/codes or where required by law, regulation or legal proceedings and to any competent authority in response to a valid, legally compliant request by such an authority provided always that in each such case we endeavour to minimise the level of personal data that is disclosed at all times.
In addition, we disclose both sensitive and non-sensitive personal data to our staff, service providers and any contractors who assist us in providing services as set out and who have a need to access personal data. We also disclose information to service providers (such as providers of hosting services) whose services are necessary for us to provide our services to customers in a cost-effective manner.
We disclose personal data to third parties only pursuant to written agreements that give reasonable assurance as to the continuing confidentiality and security of personal information with which we are entrusted by our customers or as we are required to do by law or the order of any court of competent jurisdiction.
We do not disclose personal data to third parties for their direct marketing purposes.
We may disclose information including personal data if we are acquired or merge with another entity or in connection with a sale of our assets. In such instance, personal data will only be provided to the acquirer if the acquirer will be continuing to provide services to Company customers in substantially the same manner as the Company has.
6. What security protocols do we apply?
All personal data is held on dedicated and encrypted servers and behind secure firewall(s). Access is restricted by secure authentication mechanisms. Personal data is generally made available only to those who have a need to access it and for third parties it is made available only by accessing through a dashboard which does not permit access to the underlying data itself. Despite these protocols, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect personal data, we cannot and do not guarantee or warrant the security of any information you transmit to or from the services.
7. Our other obligations
We strive to ensure that all information we collect and process is accurate, complete and up-to-date. Our customers undertake to us that all information they provide to us will meet this standard. However, since we draw information from a number of different sources, we cannot guarantee that all information we receive and process will at all times be wholly accurate, complete and up to date, even though we make every effort to ensure that this is the case. If at any stage you have a concern about any information which we hold, we would very much appreciate you letting us know by email to email@example.com.
We are firmly of the view that the information we collect and process is both sufficient in order for us to provide high-quality services to our customers but also does not involve the collection or processing of more information than is necessary.
We undertake to delete the personal data of all data subjects who use our services one year after they cease to be an employee or contractor of a customer of Kitman Labs unless we are requested to retain the information for longer either by our customer or by any individual about whom we hold personal data.
8. Your right of access
You have the right to obtain access to any personal data we hold on you from time to time and you can request same by notifying us in writing or by email to firstname.lastname@example.org. We reserve the right to seek and obtain satisfactory proof of identity and to charge whatever fee may be permitted by applicable law in relation to any such access request.
If you believe that any personal data which we hold concerning you is inaccurate or otherwise incorrect we will be pleased to rectify any such error but please note that rectification may require us to consult with any relevant customer of the company in order to verify any alleged inaccuracy.
The services do not respond to web browser “do not track” signals or other mechanisms that provide users the ability to exercise choice regarding the collection of personal data about an individual consumer’s online activities over time. Visit www.donottrack.us to find out more about “do not track.”
10. Children's Privacy Statement
We do not knowingly collect personally data from children under the age of 13. If we become aware that we have inadvertently received personally data from a user under the age of 13, we will delete such information from our records.
11. Your consent
You can withdraw your consent at any time on notice in writing to our office in Dublin as set out above and we will thereafter stop collecting personal data in relation to you and we will cease further processing of the information we hold (although we will continue to retain a copy of such information for archival and verification purposes).