Privacy Statement

ScribePro Limited provides a digital solution delivered through an online application which allows sporting organisations to record and retain medical information in relation to their teams and individual players. ScribePro Limited takes data privacy seriously. We try to meet the highest standards when processing your Personal Information. We therefore conduct our business in compliance with applicable laws on data privacy protection and data security. This privacy statement describes who we are, how we collect, share and use your Personal Information, how we are committed to protecting the security and privacy of all Personal Information or data collected from you and how you can exercise your privacy rights.

The Data Controller who is responsible for how we handle your Personal Information is ScribePro Limited (Company number SC593435) having our registered office at 22 Drumcarn Drive, Milngavie G62 2EB. Any queries you have in relation to the same should be directed to hello@scribepro.co.

Key Terms

“Personal Information” means any information that identifies or can be used to identify an individual directly or indirectly. Examples of Personal Information include, but are not limited to, first and last names, date of birth, email address, phone number or details related to that individual’s health.

“Service” means the use of the ScribePro application, any of its add-ons or improvements and any support or related Service.

“Member” means any person or entity that is registered to use our Service. This will usually be a sporting organisation or team as distinct from a sports player.

“Contact” means a person that a Member has given us Personal Information about through the Service. For example, if you are a Member then the person within your organisation such as the clinician who inputs Personal Information into the ScribePro application will be a Contact as would any Player whose Personal Information has been uploaded onto the ScribePro application by that clinician and is being managed on that application platform.

“Visitor” means, depending on the context, any person who visits our website or who otherwise engages with us whether by telephone, email, forms via our website, through our social media platforms, at events, through our social media platforms or even face to face. This will usually be someone who contacts us through our website to enquire about our Company or Service, subscribes to marketing, but can also be a supplier or business contact.

“you” and “yours” means, depending on the context, either a Member, a Contact or a Visitor.

1. INFORMATION WE MAY COLLECT FROM YOU

We may ask you to provide certain information about yourself when you use our website or are in contact with us about the products or Service we provide (whether it is by telephone, email via the forms on our website, through applications or platforms we use, through our social media platforms, at events or even face to face).

There are three distinct groups we deal with:

(A) Members;
(B) Contacts; and
(C) Visitors

(A) In respect of Members the Personal Information we collect depends on the context of your interactions with us, your account settings, the features of the ScribePro application or Service you use, your location and applicable law. The Personal Information collected may include:

  • Details in relation to your identity such as your name and those of the key users of our Service within your organisation;
  • Contact details and shipping details (usually an email address) for delivery of the application or Service including your postal/e-mail address and phone number and those of any key users within your organisation;
  • Account log-in credentials such as your or your key user’s email address or username and password when you sign up for an account with us;
  • Transaction details about the Service you specifically request from us;
  • Financial details in relation to any Service bought from us including addresses for invoices/billing and bank payment details (including credit card payment details);
  • Profile details from documents you complete on-line;
  • Troubleshooting and support data (which is data we collect in connection with support queries we receive from you and which may include contact or authentication data, the content of your chats and other communications with us);
  • Information from customer surveys and feedback forms in respect of any of our Service; and
  • details of your visits to our website including but not limited to traffic data, location data, weblogs and other communication data and the resources that you access or use.

The Personal Information we hold about you will be held solely for the following purposes:

  • To maintain records of your use of our Service and administering those Service;
  • To communicate with you regarding any transactions with you;
  • To make suggestions that may be of interest to you keeping you up-to-date regarding our Service and activities whether by newsletter, email, or otherwise;
  • To facilitate payments in respect of any Service requested by you;
  • To comply with our regulatory and legal obligations;
  • For credit and identity verification and fraud detection in respect of transactions with you;
  • To establish, exercise or defend any complaints made by or against you or any claims or litigation process raised by either of us against the other including in respect of us resorting to debt recovery or enforcing our terms of business;
  • To administer of our website and business (including webhosting and support) and to ensure that content from our website is relevant to you and is presented in the most effective manner for you including seeking your views on our products and service.

Our legal basis under GDPR for doing so is either performance of a contract with you, legal obligation or that such processing is in our legitimate interests in respect of running our organisation including developing our Service, ensuring security and performance of our website and informing our overall marketing strategy.

(B) In respect of Contacts our Service is intended for use by our Members. As a result, for much of the Personal Information we collect and process about Contacts through the Service, we act as a processor on behalf of our Members. Such Personal Information may include basic contact details and health information including height, weight, allergies, GP details, sporting injuries and treatments. We are not responsible for the privacy or security practices of our Members, which may differ from those set forth in this privacy policy. Please check with individual Members about the policies they have in place. However please note that we will ensure that we process that information only in accordance with the appropriate data protection laws in particular taking all reasonable steps to ensure we take all appropriate technical and organisational measures against the unauthorised or unlawful processing of that Personal Information.

We may use the Personal Information we collect or receive about you in reliance on our (and where applicable, our Members’) legitimate interests for the following purposes:

  • To enforce Member’s compliance with our Standard Terms of Use and applicable law. This may include utilizing usage data and developing tools and algorithms that help us prevent violations.
  • To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
  • To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements.
  • To prosecute and defend a court, arbitration, or similar legal proceeding.
  • To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • To provide, support and improve the Service. For example, this may include sharing your information with third parties in order to provide and support our Service or to make certain features of the Service available to our Members. When we share Personal Information with third parties, we take steps to protect your information in a manner that is consistent with applicable privacy laws. For further information about how we share information, refer to Section 3 below.
  • To carry out other legitimate business purposes, as well as other lawful purposes about which we will notify you.
  • To perform data analytics projects. Our data analytics projects may use data from Members accounts, including your Personal Information, to provide and improve the Service. We use information provided to us by Members, so we can make more informed predictions, decisions, and Services for our Members.
  • For research into sporting injury by analysing injuries and illnesses, supporting clinicians as they provide treatment, and for use in improving care and recovery through injury research. If you prefer your data not to be used in this manner, you can opt out of data analytics projects at any time by emailing us at hello@scribe.pro.

(C) In respect of Visitors the Personal Information collected may include:

  • Details in relation to your identity such as your name and contact details including your work postal/e-mail address and work phone number and job title (in the case of a supplier);
  • Details of products or Service acquired by us and provided by you and advices received;
  • Financial and transactional details in relation to the provision of any Service by you to us;
  • Data we collect in connection with queries we receive from you and which may include contact or authentication data, the content of our chats and other communications with us;
  • Information from surveys and feedback forms in respect of any of our Service;
  • Details of any information you choose to provide to us when you communicate or otherwise interact with us (such as work experience and/or qualifications when enquiring about a role with us);
  • Details of your visits to our website including but not limited to traffic data, location data, weblogs and other communication data and the resources that you access or use.

The Personal Information we hold about Visitors will be held solely for the following purposes:

  • To administer or maintain records of the Service or advice we receive from you where you are one of our suppliers including transaction and financial details about Service we have requested or received from you and payments which are due in respect of those Service;
  • To deal with any queries received from you;
  • To establish, exercise or defend any complaints made by or against you or any claims or litigation process raised by either of us against the other including in respect of us resorting to debt recovery or enforcing our terms of business;
  • For credit and identity verification and fraud detection in respect of transactions with you;
  • To administer of our website and business (including webhosting and support);
  • To carry out legitimate business purposes as well as other lawful purposes such as data analysis, identifying usage trends and expanding our business activities in reliance of our legitimate interests as well as other lawful purposes which we notify you about;
  • To co-operate with public and government bodies, courts or regulators in accordance with our legal obligations to the extent that this requires the processing or disclosure of Personal Information to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our site or Service, protecting personal property or safety, complying with judicial proceedings, court orders or legal proceedings or responding to lawful requests.

Our legal basis under GDPR for doing so is that such processing is required in connection with fulfilling our legal obligations and is in our legitimate interests in respect of running our business including developing our Service, ensuring security and performance of our website and informing our overall marketing strategy

In respect of all groups we will generally not collect sensitive or special category data from you via our website. Sensitive or special category data is Personal Information which includes your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic or biometric data, or information concerning your health or mental wellbeing or sexual orientation. Where we do require to process such sensitive or special category data to provide our Service to you we will notify you in advance and will request your express consent in writing to process such sensitive data.

If you do not wish us to collect any of the Personal Information stated above, you should discuss this with us. We can explain the reasons for collection and discuss the consequences of not providing the information or of providing partial or incomplete information and the effect this may have on our ability to provide our Service.

2. HOW LONG WE HOLD INFORMATION FOR

We will only retain your Personal Information for as long as is necessary in line with the purposes for which it was originally requested or collected or where we are required to do so for some legal or reporting purpose.

In working out how long we retain personal data we look at the type of personal data involved, the purpose of processing, how sensitive or confidential the data is and at legal and commercial considerations including any legal obligations we have. By way of example by law in respect of Members we are required to keep accounting records for six years after end of the year in which the last transaction with you occurred. This means that we will be required to keep some basic client details for that purpose even although our relationship with you may be at an end. However, it should be noted that the requirement is basic customer details and therefore it is not legitimate to also keep information such as your preferences for that period of time. Where we have no ongoing legitimate business need to process your Personal Data we will either delete it or anonymise it (for example because your Personal Information has been stored in backup archives) then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

If you have any questions relating to either retention periods or require more detail on the purposes of processing or the specific reason or legal grounds, we are relying on for that processing then please contact us for additional information.

3. SHARING YOUR INFORMATION

We will not sell the Personal Information that we collect from you or hold about you and will only use it for the purposes set out in this privacy statement. We may share your Personal Information with the following parties: –

  • Service providers who provide us with IT and administration Service such as our IT Support and back up provider and webhosting company, and social media and marketing Service providers;
  • Third party providers of Service such as contractors taking payments on our behalf but only to the extent necessary for the provision of the Service;
  • Regulatory authorities who require reporting of our activities by law such as the tax authorities;
  • Professional advisers such as our lawyers, accountants, bankers and insurers;
  • Debt collection agencies for the purposes of credit control or recovery of any sums due by you to us; and
  • Third parties to whom we sell, transfer or merge our business or any part of it; and
  • Any other person but only with your consent.

It is specifically stated in relation to Contact Personal Information that in respect of research data sharing is limited to recognised sporting and medical bodies. All data shared is anonymised and the data shared is restricted to medical and training data for the express purpose of research into sporting injury.

All third parties with whom we share your data are required to protect your personal data, treat it confidentially and to process it in accordance with the law. Where we use third parties we will take all reasonable steps to ensure that they are GDPR compliant and in particular that: –

  • they have adequate technical and other measures in place to ensure the security of your Personal Information;
  • that they only use it for specified purposes;
  • that any employees or contractors who have access to the information are adequately trained and deal with it on a need to know basis only;
  • and that they act only in accordance with our instructions.

4. IP ADDRESSES AND COOKIES

When you visit our website we automatically collect certain information about the device you use to do so (“your device”), including information about your web browser, IP address, time zone and some of the cookies that are installed on your device. Additionally, as you browse the website we collect information about the individual webpages or products that you view, what websites or search terms referred you to the website and information about how you interact with the website. We refer to this automatically-collected information as Device Information.

We collect Device Information using the following technologies:

“Cookies” are data files that are placed on your device and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.

“Log files” track actions occurring on the website and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

“Web beacons”, “tags” and “pixels” are electronic files on the website used to record information about how you use the website.

Full details on what cookies we use and how to disable them are included in our Cookies Policy.

5. MARKETING INFORMATION

We may provide you with information on products that we sell. In order to optimise your customer experience with you this may include postal mail, SMS and emails to you to update you on our latest offers and events. We may also show you content via social media platforms and other external applications such as Facebook, Twitter and Instagram. This is regarded as marketing activity. We will only market to you where you have: –

• specifically requested marketing information from us; or
• Previously acquired similar Service/goods from us; or
• Consented by way of ticking a box or opting in to receiving marketing from us.

If you have opted out of marketing, we will not send you any future marketing without your consent.

Each time we market to you we will always give you the right to opt out of any future marketing by using the simple “unsubscribe” link in emails or the “STOP” number for texts. We would point out that you have the right at any time to ask us not to market to you by emailing us at hello@scribepro.co rather than waiting on a specific opt out.

6. SECURITY OF PERSONAL DATA

We take information security very seriously. Your information and records will be stored securely to ensure privacy of your Personal Information. We take all reasonable steps to ensure that there are technical and organisational measures of security in place to protect your personal data from unauthorised access to or disclosure of it, and against loss or accidental damage or unauthorised alteration of it. Staff handling your personal data are also adequately trained in relation to the legal requirements for handling personal data. These include robust procedures for dealing with breaches including incident reporting and notifying the national supervisory or data protection authorities, and where appropriate you, of any breaches, the consequences of the same and the remedial action taken.

Where possible the information you provide us with will be held within the European Economic Area (“EEA”) or within the UK.

7. OVERSEAS TRANSFERS

We would point out that countries outside of the EEA do not always have similar levels of protection for personal data as those inside the EEA. The law provides that transfers of personal data in respect of EU based individuals outside of the EEA is only permitted where that country has adequate safeguards in place for the protection of personal data. Some types of processing may use cloud solutions which can mean information may sometimes be held on servers which are located outside of the EEA or may use processors who are based overseas.

Where we use cloud-based Service or third-party providers of such Service and in either or both circumstances the data is processed outside of the EEA if you are an EU based individual that will be regarded as an overseas transfer. Before instigating an overseas transfer, we will ensure that the recipient country and/or processor has security standards at least equivalent to EU standards and in particular one of the following permitted safeguards applies: –

  • The country in question is deemed to have adequate safeguards in place as determined by the European Commission; or
  • There is a contract or code of conduct in place which has been approved by the European Commission which gives your Personal Information the same protection it would have had if it was retained within the EEA; or
  • If the overseas transfer is to the United States, then the transferee is a signatory to the EU-US privacy Shield as all Privacy Shield signatories are obliged to give your Personal Information the same degree of protection it would have had if it was retained within the EEA.

If none of these safeguards exist, then we may seek your explicit consent for an overseas transfer. In line with your rights as an individual you are free to withdraw this consent at any time.

8. YOUR RIGHTS

In certain instances, you have rights as an individual which you can exercise in relation to the information we hold about you. These rights are:

  • the right to restrict processing of your personal data;
  • the right to rectification or correction of your personal data;
  • the right to object to processing of your personal data;
  • the right of erasure of personal data (also referred to the right to be forgotten);
  • the right not to be subject to a decision based solely on automated processing or profiling;
  • the right to transfer your personal data (also referred to as the right of portability);
  • the right to withdraw your consent to processing your personal data; and
  • the right of access to your personal data.

Additional information about these rights can be found on the Information Commissioner’s website at www.ico.org.uk/for-organisation/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

As described in Section 1 (B) above, for much of the Personal Information we collect and process about Contacts through the Service, we act as a processor on behalf of our Members. In such cases, if you are a Contact and want to exercise any data protection rights that may be available to you under applicable law or have questions or concerns about how your Personal Information is handled by us as a processor on behalf of our individual Members, you should contact the relevant Member that is using the Service, and refer to their separate privacy policies.
If you no longer want to be contacted by one of our Members through our Service, please contact the Member directly to update or delete your data.

If you have provided consent and we are relying on that as the legal ground of processing your Personal Information and wish to exercise your right to withdraw that consent you can do so at any time by contacting us at hello@scribepro.co. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We may ask you to verify your identity in order to help us respond efficiently to your request.

9. ACCESS TO PERSONAL INFORMATION

We try to be as open as we can in giving people access to their Personal Information. You can make a subject access request at any time about the Personal Information we process about you. In the case of Contacts as set out in Section 8 above this should be made direct to the Member who is using the Service in the first instance. For all other requests any request requires to be in writing and is not subject to any charges or fees. If we do hold any Personal Information about you, we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it has or will be disclosed to;
  • the source of the information (if not you);
  • where possible, the period for which it will be stored; and
  • let you have a copy of the information in an intelligible form.

We will respond to a subject access request within 30 days. On occasion we may need additional information from you to determine your identity or help us find the information more quickly. Where the information you have requested is complex we may take longer than this but shall keep you advised as to progress should this be the case.

If you believe that any information we hold about you is incorrect or incomplete you should email us at hello@scribepro.co. Any information which is found to be incorrect will be corrected as soon as possible.

Complaints

We would prefer to resolve any issues or concerns you may have direct with you. If you feel you are unable to resolve matters by contacting us direct or are you are unhappy or dissatisfied with how we collect or process your Personal Information you have the right to complain about it to your national data protection authority. For example, the Information Commissioner is the statutory body which oversees data protection law in the UK where we have our registered office. They can be contacted through www.ico.org.uk/concerns.

Contact

Questions, comments and requests regarding this privacy statement are welcomed and should be addressed to hello@scribepro.co.

Changes to this Privacy Statement

We keep our privacy notice under regular review. This privacy statement was last updated on 27th July 2020.