GDPR

This chapter describes how Hareja AB handles personal identifiable information in relation to the Team-in-Touch application.

Hareja AB reserves the right to make adjustments to this document at any moment. No rights can be derived from the information in this document.

Collected information and usage

Team-in-Touch is collecting the following personal identifiable information:

  • User email address
    • The user email address is required for identification purposes at login.

    • The user email address is used to send the user messages by email.

    • The user email address is used to contact the user in case of important information about Team-in-Touch.

  • User name or nick
    • The user can provide and change his/her name or nick so that other users can recognize the user in communications.

    • Team-in-Touch is not using this name or nick for any purpose.

  • User password
    • The user password is stored in an obfuscated form using industry standard algorithms.

    • Team-in-Touch is using the user password to be able to identify the identity of the user at login.

  • User Phone Number
    • The user can provide a phone number. This number is shared with other users in the same team, depending on the team settings by the coach.

    • Team-in-Touch does not use the phone number for any other purpose.

    • Team-in-Touch does not exclude the use of this phone number for communication with the user when there is an urgent need.

  • User IP address
    • IP addresses are stored in log entries for customer support purposes and usage analysis in line with common practice.

  • User configuration actions
    • For security and traceability purposes, Team-in-Touch is storing configuration changes in log entries. Configuration changes include for example inviting a new team member, changing contact options etc. Those changes are stored without any further identifiable information than the internal user id and the action.

  • User web browser and mobile phone brand, type and operating system
    • Team-in-Touch stores the web browser used (including operating system) and mobile phone brand, type and operating system version for service analytics. This allows us to focus on the systems used and optimize for those configurations.

  • Mobile Phone App Notification identifier
    • When the user allows Team-in-Touch to send push notifications, Apple/Google provide a unique identifier for the user applicable for that specific phone and the Team-in-Touch application. Team-in-Touch requires this unique identifier to tell Apple/Google whom to send a push notification. Team-in-Touch will remove this identifier when requested to do so by Apple/Google.

Cookies

There are two types of cookies stored by Team-in-Touch. The information stored in those cookies do not require Team-in-Touch to ask for consensus.

Configuration Cookies

Team-in-Touch currently stores two cookies containing configuration information. This information is not personally identifiable and therefore not subject to the GDPR. We store the following information in a configuration cookie:

  • Last used club: This allows the visitor to login immediately to the last used club.

  • Filter settings: The match overview allows the user to configure 4 setting options. This is stored for later usage and doesn’t contain personally identifiable information. (Note, it is on the road-map to remove this cookie in future releases.)

Shared information with third parties

Hareja AB does not share any personal identifiable information with third parties.

Team-in-Touch does not utilize 3rd party solutions to track user behavior, including user statistics.

Team-in-Touch utilizes 3rd party Content Delivery Networks (CDN) to speed up website and application loading for 3rd party provided code like javascript. The use of CDNs is a widely spread and common practice in the industry. Team-in-Touch does not provide any other information than the requested code and version to CDNs.

As it is the users web browser that makes the request with the CDN, the information shared with the CDN depends on the settings of the users browser.

Information Storage and security

Hareja AB stores passwords in an obfuscated form using a technique called hashing with a seed. Access to such hash doesn’t allow one to reconstruct the real password.

All network communication between Team-in-Touch web site and mobile applications is done with state of the art TLS encrypted HTTPS connections. Insecure encryption protocols are disabled and internal processes exist to regularly analyze the security of the used technology.

All data, including backups and log files, is stored on secured servers. Access to servers is controlled and limited to only those that require access. Access to databases is password protected.