GDPR

Dartfish is GDPR ready - Last update: May 25, 2018


At Dartfish we believe technology can make athletes better, teams stronger, officials fairer and sport safer.

Similarly, we also believe that your personal data should be protected and secured, and therefore we have consistently met the highest standards when it comes to data protection over the years.

As such we welcome the new General Data Protection Regulation (GDPR), valid as of May 25, 2018, which strengthen the security and protection of personal data in the EU.

What is GDPR?

In 2016, the European Union (EU) approved a new privacy regulation called the General Data Protection Regulation commonly known as the GDPR. It’s a mandatory ruling that applies to all companies that collect the data and information of EU individuals. The GDPR is designed to strengthen the security and protection of personal data in the EU, as well as provide businesses with a structured framework on how to collect, process, use, and share personal data. GDPR relies on the following principles:

  1. The Principles of Lawfulness, Fairness, and Transparency: These dictate that the personal data needs to be processed in a way that is lawful to the subject.
  2. The Principle of Purpose Limitation: The data processors can only use the data for the objectives they’ve explicitly described and justified.
  3. The Principle of Data Minimization: The information that is required has to be relevant for its purpose and limited to what is necessary.
  4. The Principle of Trueness, Accuracy: If some of the data is inaccurate, it should be removed or rectified.
  5. The Principle of Storage Limitation: Data is kept in a form which permits identification of persons for no longer than is necessary for the purposes for which the personal data is processed.
  6. The Principle of Integrity and Confidentiality: This principle stands for taking all required measures to ensure all the personal data is protected.

Controllers and Processors

The GDPR also introduces two parties when it comes to collecting and processing personal data: data controllers and data processors.

A data controller governs the purposes and ways that personal data is processed. Dartfish customers, be they organizations or individuals, are data controllers.

Dartfish is consequently considered in the new GDPR as data processor in the sense that it will process your personal data and is responsible to make sure that all processors with whom it deals will be GDPR compliant.

What did Dartfish undertake to be compliant with the new GDPR?

Over the last months, Dartfish teams worked to review and ensure our way of operating and handling your personal data is fully compliant with GDPR. We also reviewed all our systems and partners to ensure they were also meeting GDPR standards.

Among other things, we have taken the following steps:

  • Reviewed and strengthened the security infrastructure we operate for you by upgrading our platforms in the last months to further enhance the data protection standards we rely on.
  • Mapped all personal data used and collected in Dartfish to ensure this data is processed and managed according to the GDPR instructions.
  • Updated the processes used to collect your data (implementation of the “privacy by default” principle).
  • Made sure we have the appropriate contractual terms in place, to perform our role as a data processor for our customers while complying with the GDPR.
  • We’ve informed and updated the whole Dartfish workforce on the impact of GDPR.
  • We’ve revised our Terms of Use and our Privacy Policy to support the GDPR requirements.
  • Performed security and privacy assessment to our sub-processors to ensure they are all complying with the GDPR requirements.
  • We’ve strengthened and streamlined our internal processes to make sure we could meet GDPR requirements on the following customer rights.
    • Right to access personal information stored by Dartfish
    • Right to rectify personal information stored by Dartfish
    • Right to delete personal information stored by Dartfish

Over the months to come, we will continue to monitor best practices in the application of GDPR to further improve our processes and products within this new regulation.

Does Dartfish offer a Data Processing Agreement (DPA)?

Yes. Our Data Processing Agreement (DPA) can be viewed online here. Should you need a signed copy of our DPA, you can download it, send a signed copy to legal@dartfish.com and we’ll provide you a countersigned copy.

Has Dartfish appointed a Data Protection Officer (DPO)?

No, based on Art 37/1 of the GDPR regulation, Dartfish is not required to appoint a Data Protection Officer (DPO). There is however a person in charge of GDPR implementation at Dartfish and which will address all questions, queries and requests on this topic. This person can be reached by email at legal@dartfish.com or by phone at +41 26 425 49 50

Where can I learn more about GDPR?

Additional information is available on the official GDPR website of the European Union.