[\/et_pb_text][et_pb_divider color=”#09e1c0″ divider_weight=”4px” disabled_on=”on|on|off” _builder_version=”3.2″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” max_width=”40px” module_alignment=”left” custom_margin=”||10px|” animation_style=”zoom” animation_direction=”left” saved_tabs=”all” locked=”off”][\/et_pb_divider][et_pb_text _builder_version=”3.19″ text_font=”||||||||” text_text_color=”#8585bd” text_font_size=”16px” text_line_height=”1.9em” header_font=”||||||||” header_4_font=”|700|||||||” header_4_font_size=”16px” header_4_line_height=”1.9em” animation_style=”zoom” animation_intensity_zoom=”6%” locked=”off”]<\/p>\n Recreation Redefined<\/p>\n Our website address is: https:\/\/recreationredefined.eu.<\/p>\n Any personal data you electronically submit to us on this website, such as your name, email address, home address or other personal information you provide via the transmission of a form or via any comments to the blog, are solely used for the specified purpose and get stored securely along with the respective submission times and IP-address. These data do not get passed on to third parties.<\/p>\n Therefore, we use personal data for the communication with only those users, who have explicitly requested being contacted, as well as for the execution of the services and products offered on this website. We do not pass your personal data to others without your approval, but we cannot exclude the possibility this data will be looked at in case of illegal conduct.<\/p>\n If you send us personal data via email \u2013 and thus not via this website \u2013 we cannot guarantee any safe transmission or protection of your data. We recommend you, to never send confidential data via email.<\/p>\n An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https:\/\/automattic.com\/privacy\/. After approval of your comment, your profile picture is visible to the public in the context of your comment.<\/p>\n If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.<\/p>\n We have embedded elements from social media services on our website, to display pictures, videos and texts. By visiting pages that present such elements, data is transferred from your browser to the respective social media service, where it is stored. We do not have access to this data. If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.<\/p>\n If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.<\/p>\n When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select \u201cRemember Me\u201d, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.<\/p>\n If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.<\/p>\n Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.<\/p>\n These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.<\/p>\n We may share information that is not your individual Personal Information, such as aggregated user statistics, or de-identified information with third parties. We may share your Device Identifiers with third parties along with data related to you and your activities subject to the terms of this Privacy Policy. We do not share your Personal Information that we have collected directly from you on our Service with third parties for those third parties’ direct marketing purposes. We do not as a rule allow third-party operators to collect Personal Information or Usage Information through persistent identifiers on our Services for any purposes other than the internal operations of our Services. Further, we do not use Personal Information collected through our Services for the purpose of targeted advertising. If we de-identify data about you, it is not treated as Personal Information by us, and we may share it with others freely. For this purpose, de-identified data generally refers to data from which we have removed personally identifiable information\u2014i.e., data about individual students, teams members, teachers, or administrators that has been rendered anonymous by stripping out any information that would allow people to determine an individual’s identity, including first and last names, home addresses, telephone numbers, government issued ID numbers, and other types of information that may reveal whether or not inadvertently an individual’s identity. We do this in an effort to protect the privacy or identity of the individuals associated with the data. In addition, we may share the information we have collected about you, including Personal Information, as disclosed at the time you provide your information to us and as described below or otherwise in this Privacy Policy. We may disclose your information as follows:<\/p>\n (a) When You Request Information From or Provide Information to Third Parties. You may be presented with an option on our Service to receive certain information or marketing offers, or both, directly from third parties or to have us send certain information to third parties or give them access to it. If you choose to do so, your Personal Information and other information may be disclosed to such third parties and all information you disclose will be subject to the third-party privacy policies and practices of such third parties. In addition, third parties may store, collect or otherwise have access to your information when you interact with their Tracking Technologies, content, tools apps or ads on our Service or link to them from our Service. This may include using third-party tools such as Facebook, Twitter, Pinterest or other third-party posting or content sharing tools and by so interacting you consent to such third party practices. We are not responsible for the privacy policies and practices of such third parties and, therefore, you should review such third-party privacy policies and practices of such third parties prior to requesting information from or otherwise interacting with them.<\/p>\n (b) Third Parties Providing Services on Our Behalf. We may use third-party vendors to perform certain services on behalf of sportsYou or the Service, such as hosting the Service, designing and\/or operating the Service’s features, processing purchase orders, tracking the Service’s activities and analytics, and enabling us to send you special offers or perform other administrative services. We may provide these vendors with access to user information, including Device Identifiers and Personal Information, to carry out the services they are performing for you or for us. Third-party analytics and other service providers may set and access their own Tracking Technologies on your Device and they may otherwise collect or have access to information about you, potentially including Personal Information, about you. We are not responsible for those third party technologies or activities arising out of them. However, some may offer you certain choices regarding their practices, and information we have been informed of regarding such choices is available at the end of this Privacy Policy. We are not responsible for the effectiveness of or compliance with any third parties’ opt-out options.<\/p>\n (c) To Protect the Rights of sportYou and Others. To the fullest extent permitted by applicable law, we may also disclose your information if we believe in good faith that doing so is necessary or appropriate to: (i) protect or defend the rights, safety or property of sportsYou, our owners, managers, officers or third parties (including through the enforcement of this Policy, our Terms of Use, and other applicable agreements and policies); or (ii) comply with legal and regulatory obligations (e.g., pursuant to law enforcement inquiries, subpoenas, discovery demands or league, school, court or administrative agency orders). To the fullest extent permitted by applicable law, we have complete discretion in electing to make or not make such disclosures, and to contest or not contest requests for such disclosures, all without notice to you.<\/p>\n (d) Affiliates and Business Transfer. We may share your information, including your Device Identifiers and Personal Information, Demographic Information and Usage Information with our parent, subsidiaries and affiliates (“Affiliates”). We also reserve the right to disclose and transfer all such information: (i) to a subsequent owner, co-owner or operator of the Service or applicable database; or (ii) in connection with a merger, consolidation, restructuring, the sale of substantially all of our interests and\/or assets or other corporate change, including, during the course of any due diligence process provided that any such successor will be subject to applicable laws with respect to previously acquired Personal Information.<\/p>\n (e) Co-Branded Areas. Certain areas of the Service may be provided to you in association with third parties (“Co-Branded Areas”) such as sponsors, teams, schools, leagues, charities and political organizations and may require you to disclose Personal Information to them. Such Co-Branded Areas will identify the third party and indicate if they have a privacy policy that applies to their collection and use of your information. Only if you elect to register for products or services, communicate with such third parties or download their content or applications, at Co-Branded Areas, you may be providing your information to both us and to the third party. Further, if you sign-in to a Co-Branded Area with a username and password obtained on the Service, your Personal Information may be disclosed to the identified third parties for that Co-Branded Area.<\/p>\n We are not responsible for such third party\u2019s data collection or practices and you should look to such third parties’ privacy policies for more information before you sign up for any third party Co-Branded Area services or products<\/p>\n e.g. ASKO, Ministry of Sport. <\/span><\/p>\n If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.<\/p>\n For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.<\/p>\n If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.<\/p>\n You are granted the following rights in accordance with the provisions of the <\/span>GDPR<\/a> <\/span>(General Data Protection Regulation) and the Austrian <\/span>Data Protection Act (DSG)<\/a>:<\/p>\n No where.<\/p>\n We have written this privacy policy (version 01.01.1970-121662371) to provide you with information in accordance with the requirements of the <\/span>General Data Protection Regulation (EU) 2016\/679<\/a> <\/span>as well as to explain what information we collect, how we use data and what choices you have as a visitor to this website. Privacy policies usually sound very technical. However, this version should describe the most important things as simply and clearly as possible. Moreover, technical terms are explained in a reader-friendly manner whenever possible. We would also like to convey that we only collect and use information via this website if there is a corresponding legal basis for it. This is certainly not possible if you give very brief technical explanations, as are often standard on the Internet when it comes to data protection. We hope you find the following explanations interesting and informative. Maybe you will also find some information that you did not know yet. We take commercially reasonable steps to protect the Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from us may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.<\/span><\/p>\n <\/span><\/p>\n Scope, penalties, and key definitions<\/span><\/p>\n First, if you process the personal data of EU citizens or residents, or you offer goods or services to such people, then the GDPR applies to you even if you\u2019re not in the EU<\/b>. We talk more about this <\/span>in another article<\/a>.<\/p>\n Second, the <\/span>fines for violating the GDPR are very high<\/b>. There are two tiers of penalties, which max out at \u20ac20 million or 4% of global revenue (whichever is higher), plus data subjects have the right to seek compensation for damages. We also talk <\/span>more about GDPR fines<\/a>.<\/p>\n The GDPR defines an array of legal terms at length. Below are some of the most important ones that we refer to in this article:<\/p>\n Personal data<\/b> <\/span>\u2014 Personal data is any information that relates to an individual who can be directly or indirectly identified. Names and email addresses are obviously personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data. <\/span>Pseudonymous<\/a> <\/span>data can also fall under the definition if it\u2019s relatively easy to ID someone from it.<\/p>\n Data processing<\/b> <\/span>\u2014 Any action performed on data, whether automated or manual. The examples cited in the text include collecting, recording, organizing, structuring, storing, using, erasing\u2026 so basically anything.<\/p>\n Data subject<\/b> <\/span>\u2014 The person whose data is processed. These are your customers or site visitors.<\/p>\n Data controller<\/b> <\/span>\u2014 The person who decides why and how personal data will be processed. If you\u2019re an owner or employee in your organization who handles data, this is you.<\/p>\n Data processor<\/b> <\/span>\u2014 A third party that processes personal data on behalf of a data controller. The GDPR has special rules for these individuals and organizations. They could include cloud servers like <\/span>Tresorit<\/a> <\/span>or email service providers like <\/span>ProtonMail<\/a>.<\/p>\n For the rest of this article, we will briefly explain all the key regulatory points of the GDPR.<\/p>\n If you process data, you have to do so according to seven protection and accountability principles outlined in <\/span>Article 5.1-2<\/a>:<\/p>\n The GDPR says data controllers have to be able to demonstrate they are GDPR compliant. And this isn\u2019t something you can do after the fact: If you think you are compliant with the GDPR but can\u2019t show how, then you\u2019re not GDPR compliant. Among the ways you can do this:<\/p>\n You\u2019re required to handle data securely by implementing \u201cappropriate technical and organizational measures<\/a>.\u201d<\/p>\n Technical measures mean anything from requiring your employees to use <\/span>two-factor authentication<\/b> <\/span>on accounts where personal data are stored to contracting with cloud providers that use <\/span>end-to-end encryption<\/b>.<\/p>\n Organizational measures are things like <\/span>staff trainings<\/b>, adding a <\/span>data privacy policy<\/b> <\/span>to your employee handbook, or <\/span>limiting access to personal data<\/b> <\/span>to only those employees in your organization who need it.<\/p>\n If you have a data breach, you have 72 hours to tell the data subjects or face penalties. (This notification requirement may be waived if you use technological safeguards, such as encryption, to render data useless to an attacker.)<\/p>\n From now on, everything you do in your organization must, \u201cby design and by default,\u201d consider data protection. Practically speaking, this means you must consider the data protection principles in the design of any new product or activity. The GDPR covers this principle in <\/span>Article 25<\/a>.<\/p>\n Suppose, for example, you\u2019re launching a new app for your company. You have to think about what personal data the app could possibly collect from users, then consider ways to minimize the amount of data and how you will secure it with the latest technology.<\/p>\n Article 6<\/a> <\/span>lists the instances in which it\u2019s legal to process person data. Don\u2019t even think about touching somebody\u2019s personal data \u2014 don\u2019t collect it, don\u2019t store it, don\u2019t sell it to advertisers \u2014 unless you can justify it with one of the following:<\/p>\n Once you\u2019ve determined the lawful basis for your data processing, you need to document this basis and notify the data subject (transparency!). And if you decide later to change your justification, you need to have a good reason, document this reason, and notify the data subject.<\/p>\n There are strict new rules about what constitutes <\/span>consent from a data subject<\/a> <\/span>to process their information.<\/p>\n Contrary to popular belief, not every data controller or processor needs to appoint a <\/span>Data Protection Officer (DPO)<\/a>. There are three conditions under which you are required to appoint a DPO:<\/p>\n You could also choose to designate a DPO even if you aren\u2019t required to. There are benefits to having someone in this role. Their basic tasks involve understanding the GDPR and how it applies to the organization, advising people in the organization about their responsibilities, conducting data protection trainings, conducting audits and monitoring GDPR compliance, and serving as a liaison with regulators.<\/p>\n We go in depth about the DPO role <\/span>in another article<\/a>.<\/p>\n You are a data controller and\/or a data processor. But as a person who uses the Internet, you\u2019re also a data subject. The GDPR recognizes a litany of new <\/span>privacy rights for data subjects<\/a>, which aim to give individuals more control over the data they loan to organizations. As an organization, it\u2019s important to understand these rights to ensure you are GDPR compliant.<\/p>\n Below is a rundown of data subjects\u2019 privacy rights:<\/p>\n We\u2019ve just covered all the major points of the GDPR in a little over 2,000 words. The <\/span>regulation itself<\/a> <\/span>(not including the accompanying directives) is 88 pages. If you\u2019re affected by the GDPR, we strongly recommend that someone in your organization reads it and that you consult an attorney to ensure you are GDPR compliant.<\/p>\n![\"\"](\"https:\/\/recreationredefined.eu\/wp-content\/uploads\/2021\/03\/c48ffe720b11a22eec00e87ffbf0d027463251.jpg\")
<\/figure>\nWhat personal data we collect and why we collect it<\/h2>\n
<\/h3>\n
Media<\/h3>\n
\nThe following links lead to the respective social media services\u2019 sites, where you can find a declaration on how they handle your data:<\/p>\n\n
Contact forms<\/h3>\n
Cookies<\/h3>\n
Embedded content from other websites<\/h3>\n
What third parties we receive data from\/Who we share your data with<\/h3>\n
Disclosure of Personal Information to Third Parties<\/h4>\n
How long we retain your data<\/h2>\n
What rights you have over your data<\/h2>\n
\n
Where we send your data<\/h2>\n
Your contact information<\/h2>\n
Additional information<\/h2>\n
How we protect your data<\/h3>\n
\nShould you still have questions, we kindly ask you to follow the existing links to see further information on third-party websites, or to simply write us an email. You can find our contact information in our website\u2019s imprint<\/p>\nWhat data breach procedures we have in place<\/h3>\n
What automated decision making and\/or profiling we do with user data<\/span><\/h3>\n
Industry regulatory disclosure requirements<\/h3>\n
What the GDPR says about\u2026<\/h2>\n
Data protection principles<\/h4>\n
\n
Accountability<\/h4>\n
\n
Data security<\/h4>\n
Data protection by design and by default<\/h4>\n
When you\u2019re allowed to process data<\/h4>\n
\n
Consent<\/h4>\n
\n
Data Protection Officers<\/h4>\n
\n
People\u2019s privacy rights<\/h4>\n
\n
Conclusion<\/h3>\n