Privacy Policy

Who we are

FootballISM is a product of Moongy S.A. This product is a platform that manages all the essential information and processes of Football Clubs in a fully integrated, centralized, and mobile environment.

This Privacy Policy applies to data collected by agap2IT on the platform website FootballISM: http://www.football-ism.com/

For more additional information’s, about the data collect directly by company agap2it, you may consult its Privacy Policy thru the site.

All personal data provided will be treated with the guarantee of security and confidentiality required by the legal framework about the protection of personal data.

Guidelines

This policy seeks to define how the personal data of users of the FootballISM website are treated.

Similarly, Moongy S.A., as the managing body of the Football ISM website, is required to comply with this policy in accordance with the obligations of Regulation 2016/679/EU of the European Parliament and of the Council of 27 April 2016, on the protection of individuals regarding the processing of personal data and on the free movement of such data (hereinafter referred to as "the Regulation").

In this sense, Moongy S.A. seeks to ensure that the Football ISM website complies with the legal obligations of the Regulation and that the personal data of its customers, potential customers, and any other data subjects whose personal data they process during their business are processed in accordance with the regulatory and legal standards in force and are stored securely.

 

Data Controller

Moongy, S.A. , holder of the FootballISM brand, based at Rua Sousa Martins, nº10, Lisboa registered at the Commercial Registry office of Lisbon, under the registration number and legal person 507 431 073 is  the entity responsible for the processing the data under the FootballISM  website, committing itself to apply the necessary technical and organizational measures,  taking into account all aspects that may influence compliance with the General Data Protection Regulation (hereinafter referred to as the "GDPR"), to safeguard the Fundamental Rights of Data Subjects. For that, Moongy, S.A. has the several technological measures ("privacy-enhancing tecnologies") which we constantly seek to update, having employees specially highlighted for this purpose, demonstrating our concern and commitment to the Data Subject. In addition, we keep a record of the nature, scope, context, and purposes of processing the data collected that allows us to ensure and prove that the processing is carried out in order to ensure the full Protection of Data Holders as a commitment that attests to our responsability.

Contacts:

  • Postal address: Rua Sousa Martins, nº10, Lisboa, 1050 - 218 Lisboa
  • Phone Contact: 21 313 7680
  • E-mail: gdpr@agap2.pt

 

 Disclaimer

Moongy S.A.  clarifies that it holds the role of Data Controller limited to the relationship with the visitor of the site, without Log In made, prior to any subscription of the platform, and, in the personal data, that are transmitted to Moongy S.A.  for single and exclusive compliance with contractual obligations (under GDPR underway included: pre-contractual and legal due diligence. When using the platform after Log In, Moongy S.A.  is not responsible for the data entered in the platform, holding a role of Data Processor, which is limited to adjusting interface to the needs of the user. Any personal data placed on the interface is the sole responsibility of the user, limited to Moongy S.A.  to act as Data Processor for the purpose determined by the Data Controller (User) who inserts the personal data and treats the personal data. Moongy S.A. expressly recognizes that does not use the personal data placed on the platform for any purpose of its own. Defining 'Why' and 'How' personal data is/will be processed. Regarding Purposes and Lawfulness of Processing of Data collected and inserted in the interface of the platform, retention periods of the data that are placed in the interface, the User is the Data Controller, Moongy S.A.  will comply based on documented instructions. After Subscription and/or Log In, it is clarified that the User of the product platform is the Data Controller, declaring Moongy S.A.  as a Data Processor.

Application and scope

The Present Privacy Policies applies to the collaborators, Data Processors, Joint Controllers, clients, site user’s, trainees, and candidates operating in this Company Universe.

To effect of the present Privacy Policy, each company detains her own legal registration number having her own Privacy Policies independent and autonomous (however, it’s detained by the Group Moongy, S.A.) for responsibility effects, each company (and they’re assents) are independent, not being responsible any of these entities for the acts or omissions of the other entities in the group on what concerns to data privacy aspects.

Global Projects Department (GPD)

Among other responsibilities, this department that is aware and is always involved, in adequate and useful time in all the questions about personal data protection, having in consideration the risks associated to the data treatment operations, such as the nature, scope, context and purposes. Must still watch over the compliance of all the established with the purposes of preserve the secrecy of the data.

In what concerns to Data Subjects Rights (DSR), Personal Data Breach Communications (PDBC) and other communications relative to GDPR, this is the contact point.

Contacts:

  • Global Projects Department: gdpr@agap2.pt

 

Your Personal data

What is Personal Data?

Personal data is the information relative to a Singular Person (Natural Person) identified or identifiable (Data Subject) excluding from its scope the data relative to Legal Persons. It’s considered identified a Natural Person that can be identifiable, direct, or indirectly, in special references to an identificatory, for example, a name, an ID number, tracking data, etc.

Any specific element of the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person.

Wich data do we need to treat

The collectible data is the strictly necessary being limited to the purposes for which they are intended, which are determined, explicit, legitimate, and kept for the strict period in which they may be necessary for their purpose. Personal data must be processed lawfully, fairly, and transparently in relation to the data subject.

To the Compliance of the Company’s activity and has a Data Controller, Moongy, S.A. needs to collect and treat the following data:

Data Category

Collected information

Contact and identification details

Name, phone number, email address and the content of the message left in the contact section of the website, professional experience, training, and Curriculum vitae.

 Data of Users of the website

Cookies collect generic information, such as: i) preferred language; ii) users form to use the site; iii) how you use the website; ii) information related to your preferences;

 

What is the purpose of the treatment?

Data Category

Collected Information

Contact and identification details

We only store user data based on a legitimate interest in ensuring the correct and effective response to communications and requests made by users, as well as following the recruitment process.

Website user data

They are used for:

i) Improving the user experience of our website;

ii) Presentation of content that we think is of interest to you.

Legal Purpose of treatment

The Purposes of treatment of the personal data are determined by the execution of diverse kinds of formalized contracts that become needed to continue the entire activity of the company, among them we state:

  • The execution of the service provision contracts that we maintain with our customers;
  • Employment contracts we have with our employees;
  • Management of internal processes for customers and employees;
  • Accounting, fiscal and administrative management;
  • Litigation management;
  • Physical security control and compliance with legal obligations.

 

In GDPR terms, we are legitimated by the following legal purposes (Lawfulness of Processing):

  1. Execution of contracts or pre-contractual steps – Processing is necessary for the conclusion, execution, and management of contracts to which the data subject is a party, or at the request of the data subject.
  2. Compliance with Legal Obligation – For the fulfillment of a legal obligation to which the company is subject. For example, communication of tax data.
  3. Pursuing a legitimate interest, such as the safety of people and goods, the improvement of the quality of a service, to promote transparency within the scope of Social Responsibility. Moongy, S.A. performs a duly registered balancing test that ensures the legitimacy of the treatment.
  4. Consent - Whenever the legal grounds listed above are not applicable, Moongy, S.A. requests the Data Subject's Consent. Consent is a free, specific, informed, and explicit expression of will through an unequivocal (and written) declaration or act in which the Data Subject authorizes the Treatment.

 

The withdrawal of consent can be requested at any time, by sending a simple request to the email address: gdpr@agap2.pt .

The Personal Data collected by us will be treated and kept according to the purposes and for the minimum period legally necessary.

Whom can we share your data?

Moongy, S.A. may, in the scope of its basic activities, disclose the data collected to fulfill the purposes indicated in this policy, being provided to the entities of the Moongy, S.A. network’s only the data strictly necessary for the execution of the service, based on the fulfillment of legal obligation (for example salary processing or any tax obligation that requires it), and may also, to the strictly necessary, be communicated to official entities whenever this is legally required and may be handled by suppliers of the company (for example internal and external auditors that allows us to preserve and improve the quality of the service).

In this sense, the entire scope of this policy extends to the treatments of third parties and data processors, considering:

  • Compliance with the treatment of the GDPR, this privacy policy and a legal, fair and transparent treatment;
  • The data collected are merely instrumental to our activity, intended to pursue a certain, specific, and legitimate purpose. Any further processing cannot be incompatible with the specific purposes;
  • The data collected will be those strictly necessary for the purpose, which are adequate, relevant and necessary for the purposes and collection of treatment, taking into account the principle of data minimization;
  • The data will be kept accurate and updated in order to guarantee the principle of accuracy and guaranteeing their integrity and confidentiality;
  • Still regarding integrity and confidentiality, there cannot be any illegal and/or unauthorized treatment in order to prevent any loss, destruction, or damage to data by adopting all appropriate technical and organizational measures;
  • The conservation of the Data Subject's data is a concern for Moongy, S.A., therefore, the data will remain identifiable solely and exclusively for the necessary period to fulfill the purposes for which the data’s processed.

 

How long the data will be kept

Personal data shall be retained, without prejudice to legal or regulatory provisions to the contrary, for the period necessary for the purposes for which they are intended and for which they are processed. In the case of communications received through the contact page of the Football ISM website, they will be kept for a maximum period of 1 year.

 

Your Rights

Rights of the data subject

The Data subject has the following rights, which he can easily and free of charge request, through the following e-mail: gdpr@agap2.pt

Only in case of manifestly unfounded or excessive requests may a fee be charged for the exercise of these rights (in accordance with article 15, No. 3 from GDPR).

 

Access Right

The data subject has the right to question whether or not the data is being processed and, if so, the right to access their personal data and to be provided with the following information:

  1. Purpose of the treatment;
  2. Categories of data to be processed;
  • Third parties to whom the data will be disclosed;
  1. Expected retention periods or, if this is not possible, the criteria used to set that period;
  2. Existence of the right to request rectification, erasure, limitation of treatment or opposition to the treatment;
  3. Security and destination measures related to the transfer of data to third countries;
  • Right to lodge a complaint with the supervisory authority.

The data subject also has the right to obtain a copy of the personal data being processed.

 

Rectification Right

The data subject has the right to request and obtain the rectification of inaccurate data and to request that incomplete personal data is completed without undue delay.

 

Right to be Forgotten

The data subject has the right to request the erasure of his personal data, without undue delay, whenever they are no longer accurate for the purpose that motivated their collection or treatment. He may also decide to withdraw his consent to the processing of his personal data whenever he wants to enjoy the right to oppose it.

There are some exceptions to this right, such as, if they are against the exercise of freedom of expression and information, if they are necessary for the fulfillment of legal obligations, if they are necessary for reasons of public interest or public health, if they are necessary for archival matters of public interest, scientific, historical research, for statistical purposes or the exercise or defense of rights in legal proceedings. In these cases, the data subject must be informed of the reason why it is not possible to respond to his request.

Right to limitation of Treatment

The data subject has the right to limit/restrict the processing of his/her personal data whenever one of the following situations occurs:

  1. If the data are inaccurate and they are contested during the period in which it is possible to verify their accuracy;
  2. If the treatment is unlawful, but the data subject opposes to the end of the treatment and only wants to limit its use;
  • If the data controller no longer needs the data for processing, but such data required by the data subject for the purposes of declaring, exercising or defending a right in a judicial process;
  1. If at any time you have objected to the respective processing and it has not ceased (i) for imperative and legitimate reasons presented to the controller or (ii) for the purposes of declaring, exercising, or defending a right in a legal proceeding.

In the situations listed above, you may be asked to suspend processing or limit the scope of processing to certain categories of data (for example only providing full name and address) or even specific processing purposes.

Notification Right

Whenever the data subject is requested to rectify, erase or limit the processing of data, the person responsible for the treatment informs the data subject that he has proceeded in accordance with the request, unless such communication proves impossible or involves a disproportionate effort. If the data subject so requests, the controller provides information on said recipients.

Data Portability Right

The data subject has the right to receive personal data concerning him in a structured, commonly used, and machine-readable format without Moongy S.A. being able to object under the terms of article 20 No. 1 of the GDPR:

  • if the processing is based on a contract;
  • the data subject has given consent;
  • processing is carried out by automated means.

 

How can I exercise my rights?

To exercise any of these rights or for any questions regarding the processing of their personal data, the data subject must address a request to the person responsible for processing, the e-mail address to make the request: gdpr@agap2.pt.

Although these rights are clarified to the data subject when collecting the respective personal data, in case of doubts, the data subject can contact the person responsible for the treatment by e-mail: gdpr@agap2.pt.

 

RESPONSABILITIES

How do we Protect your Data?

Moongy, S.A. has been working to maintain and preserve personal data providing a high level of security. In compliance with the principle of security, secrecy, and privacy, we guarantee the processing of your data only by authorized persons, only accessing and processing your data by those who have the legitimacy to do so, always doing so in a confidential manner. The “need-to-know” principle was adopted, where employees can only have access to personal data if it is strictly necessary for the performance of their duties. Treatment outside this scope is considered prohibited and submitted to disciplinary sanctions, in accordance with our internal security and confidentiality policies and procedures, which are periodically updated as necessary.

Depending on the nature, scope, context, and purposes of data processing, as well as the risks arising from the treatment for the rights and freedoms of the data subject, we apply, both when defining the means of treatment and when processing, the necessary and appropriate technical and organizational measures for data protection.

Employees are not allowed to use personal data for private or economic purposes, transmit them to unauthorized third parties and/or allow access in any other way.

Moongy, S.A. also undertakes to ensure that, by default, only relevant, necessary, and appropriate data will be processed for each specific purpose of the treatment and that such data are not made available without human intervention to an undefined number of people.

Although this is not foreseen, if the transfer of personal data to countries outside the European Union is carried out, the applicable legal provisions are observed, namely regarding the determination of the suitability of such country regarding data protection and the requirements applicable to such transfers.

Security measures were also defined, ranging from best practices to the prevention of external threats. These are described in the security policy. If you wish to have access to it, you can request it by sending an e-mail to: gdpr@agap2.pt

Global Projects Department

The DPG is responsible for:

  1. Act on behalf of the Data Controller with respect to all duties and obligations under the GDPR;
  2. Monitor and control the compliance of processes with the GDPR and with the policies implemented properly and in a timely manner;
  • Ensuring that it has all the resources necessary for the performance of its functions;
  1. Act as a point of contact for requests from data subjects regarding the processing of their personal data and the exercise of their rights;
  2. Carry out an impact assessment on data protection if a certain type of treatment so requires.

Violation of Personal Data

It is considered a violation of personal data any act that calls into question the security of the data, in an accidental or unlawful manner, and causes the unauthorized destruction, loss, alteration, disclosure or access to personal data transmitted, stored or subject to any other type of treatment.

We can firmly declare that Moongy S.A. has been working to maintain and preserve personal data with a high level of security. However, small, unexpected deviations may occur.

If any of our candidates, employees, customers, data processers or third parties detect or suspect of a possible personal data breach, they should immediately send an email to gdpr@agap2.pt, indicating what has happen, as well as identify the data that may be involved. In this way, the responsible department can act quickly and adequately, in accordance with the rules established in the Regulation.

In case of a data breach and to the extent that such breach is likely to entail a high risk for the rights and freedoms of customers, workers, and other employees and/or partners, we undertake to report such breach to Comissão Nacional de Proteção de Dados (CNPD), within 72 hours of becoming aware of the incident, and to the holders of personal data whenever such breach is likely to entail a high risk for their rights.

COOKIES

What are the cookies?

Cookies are small text files, which are stored on your computer or mobile device through your internet browser (browser). By browsing, they record your preferences and allow the website to identify your device the next time you visit.
At any time, you can decide to be notified of the receipt of cookies, check or change the type of cookies, as well as block their entry into your system, through the settings of your internet browser.

Why are they used?

Cookies are an essential part of the operation of our website and to facilitate your navigation on the Platform, the main purpose of which is to improve your search experience. For example, they are used to help determine the usefulness, interest and number of websites uses, enable faster and more efficient browsing, and eliminate the need to repeatedly enter the same information.

The information collected by Cookies also allows us to improve the website through estimates and usage patterns, and to allow its suitability to the individual interests of users.

As described below, the website uses technical or strictly necessary cookies, performance cookies, functionality cookies and advertising cookies. Each of these cookies may be installed by the agap2IT websites (own cookies) or by websites external to agap2IT (third party cookies) and may be removed as soon as the user leaves the website (session cookies) or remain on the terminal device after the user leaves the website (persistent cookies).

The cookies currently used by the website are as follows:

Technical or strictly necessary cookies

Technical or strictly necessary cookies are cookies installed for the purpose of allowing navigation on the website, allowing a correct user experience, namely the security of the website or consent management. For this reason, these cookies do not require your consent.

Cookie

Cookie designation

Finality

Cookie nature

Duration

Cookiebot

CookieConsent

Saves the user consent status cookie for the current domain.

Thrid party

1 year

www.football-ism.com

PHPSESSID

Save user session status via requests.

Own

Session

Google

rc::a

This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website..

Thrid party

Persistent

Google

rc::c

Allows to distinguish between humans and bots

Thrid party

Session

Youtube / Google Play

Consent[x2]

Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website.

Third Party

2 Years

Performance cookies

Performance cookies allow you to count visits and traffic sources, so that agap2IT can measure and improve the performance of the website. These cookies help us to know which pages are most visited and to analyze how visitors use the website. All information collected by these cookies is anonymous.

Cookie

Cookie designation

Finality

Cookie nature

Duration

Google

ga

Records a unique ID that is used to generate statistical data on how the visitor uses the site.

Third Party

2 years

Google

_gat

Used by Google Analytics to manage the request rate

Third Party

1 day

Google

_gid

Records a unique ID that is used to generate statistical data on how the visitor uses the site.

Third Party

1 day

 

Functionality Cookies

Functionality cookies allow the website to provide enhanced functionality and customization, such as remembering the language in which you want to see the website in your next visit. If you do not allow these cookies some of these features, or even all of them, may not act correctly.

Cookie

Cookie designation

Finality

Cookie nature

Duration

www.football-ism.com

qtrans_front_language

Determines the visitor’s preferred language. Allows the site to set the preferred language on the visitor’s re-entry.

Own

1 year

YouTube

VISITOR_INFO1_LIVE

Try to estimate the bandwidth of users on pages with integrated Youtube videos.

Third party

179 days

YouTube

YSC

Logs a unique ID to keep statistics of which Youtube videos the user has seen.

Third party

Session

YouTube

ytidb::LAST_RESULT_ENTRY_KEY

Stores the user's video player preferences using embedded YouTube video

Third party

Persistent

YouTube

yt-remote-cast-installed

Stores user’s video player preferences using embedded Youtube video.

Third party

Session

YouTube

yt-remote-connected-devices

Stores user’s video player preferences using embedded Youtube video.

Third party

Persistent

YouTube

yt-remote-device-id

Stores user’s video player preferences using embedded Youtube video.

Third party

Persistent

YouTube

yt-remote-fast-check-period

Stores user’s video player preferences using embedded Youtube video.

Third party

Session

YouTube

yt-remote-session-app

Stores user’s video player preferences using embedded Youtube video.

Third party

Session

YouTube

yt-remote-session-name

Stores user’s video player preferences using embedded Youtube video.

Third party

Session

 

Revocation and management of consents

The user may, at any time, revoke or change the preferences of consents previously granted. All you need to do is access the Football ISM cookie management tool.

The use of cookies can also be defined in the preferences of your browser, namely in the privacy options. For this purpose, we recommend that you refer to the help section/menu of your browser or visit the respective provider’s web pages.

 

 

 

Complaint to the Supervisory Authority

Although the existence of Moongy, S.A. commitment to resolve any type of situation. The Data Subject has the right to file a complaint to the competent authorities (CNPD) if any of the rights is denied.

From the competent authority:

Comissão Nacional de Proteção de Dados

Av. D. Carlos I, No. 134 - 1.º

1200-651 Lisboa / Portugal

Tel: +351 213928400 / Fax: +351 213976832 / E-mail: geral@cnpd.pt

www.cnpd.pt

Changes to the Privacy Policy

Moongy, S.A. reserves the right to change this Privacy Policy at any time, being that change duly published here.

In any case, we suggest that you review this Policy regularly so that, in the event of changes or updates being introduced, you can always be properly informed about them.

Applicable Law and Jurisdiction

The privacy policy as well as the collection, processing or transmission of data from customers, employees and partners are governed by the provisions of regulation (EU) 2016/679, of the European Parliament of the Council, of April 27, 2016 and by the applicable legislation and regulations. In Portugal, namely Law No. 58/2019 of 8 August.

Any Disputes arising from the validity, interpretation, or execution of the Privacy Policy, or that are related to the collection, processing, or transmission of Customer data, must be submitted exclusively to the jurisdiction of the judicial courts of the District of Lisbon, without prejudice to the legal imperatives rules applicable.

Contact

If you have any doubts, wish to exercise your rights, suggestions or complaints regarding Data Protection and this Privacy Policy, you can contact us at our email address: gdpr@agap2.pt .