MOMENTUM ATHLETE GROUP LTD – GDPR COMMITMENT STATEMENT
The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in recent history, replacing that of the 1995 EU Data Protection Directive (European Directive 95/46/EC). It aims to support the rights individuals have on data about themselves which is collected and stored. It also aims to detect, identify and mitigate against data breaches or leaks for all companies in the EU, as well as enforcing reporting on these issues. This aims to create one uniform policy across the EU regardless of whether the UK is part of the European Union. Any business that deals with EU nationals and business alongside their data must comply with the legislation.
Momentum Athlete Group Ltd aims to comply with the applicable GDPR regulations as a data processor and controller. Working alongside its employees, athletes and partners it will comply with the GDPR legislation that came into force on 25th May 2018.
Momentum Athlete Group Ltd will sometimes collect information such as: name; email address; occupation; telephone number.
Some examples of when we collect this information include: signing up to a newsletter, entering a competition, downloading a document or other marketing material.
Data Retention and Deletion
The data that we collect from you will be stored on a secure server that is password protected.
Momentum Athlete Group Ltd aims to keep data on file for a period of 4 years unless otherwise stipulated or Legitimate Interest has not been established. Data would be hard erased after this time unless the subject of the data requests otherwise or has been engaged with during this time and data on them is necessary for archiving purposes in the public interest.
The personal information Momentum Athlete Group Ltd hold is limited to the contractual obligations and should any personal data be required to move to another provider, this would be made available in a suitable format.
Reporting data breach within Momentum Athlete Group Ltd
As per the GDPR guidelines Momentum Athlete Group Ltd must report a data breach within 72 hours after becoming aware of the breach, unless the breach itself is low risk. This is to be reported to the top authorities which would be ICO (Information Commissioner’s Office) and the Data Protection Act Submission Form. This can be reported by phone on 0303 123 1113. Once a data breach or leak has been detected than it would be reported to this authority. A data breach or leak includes but is not limited to, a lost USB stick, loss or theft of portable devices or data sent to the wrong person.
Internal Policies for GDPR
Momentum Athlete Group Ltd use a number of cloud based systems in order to carry out their contractual obligations. These systems may hold customer information in the UK and Europe in secure data centres. To ensure customers information is safe, access to these systems are restricted to authorised personnel only and only accessed via Multi Factor Authentication, ensuring breaches are avoided as much as possible.
This document is provided as of December 2019 for informational purposes to explain Momentum Athlete Group Ltd stance on GDPR legislation and compliance. It is subject to change or removal without notice.