The first category is data you upload or provide to BigTeams for use with our online athletic management tools and platform, including the associated mobile and desktop applications (collectively, the “Platform”).
The second category is information received from our marketing activities, our website (www.bigteams.com) and other interactions (e.g., customer service inquiries) you may have with BigTeams (collectively, the “Websites”).
The Platform and Websites are collectively referred to herein as the “Services”
Personal Data (“Personal Data”) is any data that can be used to identify or contact a single person. We do not consider Personal Data to include information that has been made anonymous so that it does not identify a specific individual.
BigTeams may collect and receive Customer Data which may include Personal Data and other information and data (“Other Information”) in a variety of ways:
Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information is not provided, we may be unable to provide the Services.
BigTeams uses Other Information in furtherance of our legitimate interests in operating our Services, Websites and business. More specifically, BigTeams uses Other Information:
As long as the account is in good standing (payment received for subscription), BigTeams will retain event data for a minimum of 10 years. Once payment is forfeited, BigTeams is no longer required to retain any event data.
Student data is retained for 10 years from the date of the student’s High School graduation to meet all HIPPA and FERPA compliance. BigTeams may choose to keep information on a deactivated account for the period of time needed for BigTeams to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes, and enforce our agreements.
Removal of the data consists of deleting data within the database, as well as removal of uploaded forms and documents which are associated with student, parent or faculty account. After all data is removed, there will be no way to recover data as all traces of data will be permanently removed from the system.
Your BigTeams’ account information is password protected so that only you are authorized to access this personal information. We strongly recommend that you do not divulge your password to anyone. BigTeams will not ask for your password in an unsolicited phone call or in an unsolicited email.
This section describes how BigTeams may share and disclose Information. We may also use and distribute your personal information to enable our contracted service providers and strategic partners to support our business operations, including, without limitation, bill collection, marketing, fraud detection, product and service development and technology services. With respect to any such third-party service provider acting as an agent on our behalf, we will ensure such party is subject to laws providing the same level of privacy protection and agrees in writing to provide an adequate level of privacy protection.
BigTeams takes security of data very seriously. BigTeams works hard to protect Other Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Other Information we collect, process and store, and the current state of technology. We do not rent or sell the Personal Data you provide to us. All connections to the Website, occur over industry-standard secure TLS connections using a strong cipher and minimum 2048-bit-key size certificate.
The data received from pre-participation forms are only used to complete the information needed to submit eligibility for student athletes and to provide information to the school and district. BigTeams complies with relevant FERPA and HIPAA requirements regarding security and privacy. Only school administrators and staff that have been designated by the school have access to view the information – principal, athletic director and assistants, coach of relevant teams and athletic trainers. BigTeams takes the following security measures: all access to the Website and Platform is over HTTPS access to the physical servers is restricted to senior IT staff, and remote access is only over secure channels. All unnecessary services are disabled; firewalls are configured for each service to allow only approved traffic through. HIPAA and FERPA compliance is maintained through our use of Amazon Web Services (“AWS”).
Websites: We use various service providers to host the data we collect from the Websites, and we use technical measures to secure such data. We ensure a variety of security measures are implemented by such service providers, including firewalls, Secure Socket Layer (SSL) technology, encryption and authentication tools, to help protect your information. We protect your Personal Data with the same or better security measures than we protect our company data. While we use SSL encryption to protect sensitive information online, we also take steps to protect user information off-line. Access to all of our users' information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example, our billing clerk or a customer service representative) are granted access to personally identifying information.
When we send emails for notification purposes or for marketing purposes, we use SendGrid. We have verified SendGrid has reasonable safety and security measures in place related to Personal Data. You can learn more about SendGrid’s security policies here.
We also use Salesforce for interaction with those who paid for our product and to handle customer support items. We have verified Salesforce has reasonable safety and security measures in place related to the Personal Data. You can learn more about Salesforce’s security policies here.
We also use Clickatell as an opt-in service for Platform users to register and receive notifications by SMS. Clickatell also uses AWS. You can learn about AWS’s security policies here.
You are, as data-owner and user of the Services and Websites, entitled to (i) access your Personal Data and be informed about the way in which your information is treated, (ii) rectify your personal data in case it is not up-to- date, it is inaccurate or incomplete, (iii) ask for your data to be removed if you consider that it is not used in accordance with the applicable principles, duties and obligations, and (iv) object to the processing of your Personal Data for specific purposes. These rights are known as “Personal Rights”.
How to Exercise Your Personal Rights
If you decide to exercise your Personal Rights, you may contact our Information Security Office, via email at firstname.lastname@example.org for any requests related to your data protection rights. Your request must be accompanied with the following information and documentation:
BigTeams will issue a response within a timely manner following receipt of your request, which will be informed to you using your selected method. Once you receive our response you will have a 20-business day period to respond to our communication. In the event you need to speak with us or in the event you disagree with our response please contact us at email@example.com along with a phone number for us to reach you, in order for BigTeams to discuss with you any issue. In case you do not reply to our response within the before mentioned period we will understand in good faith that you agree with our conclusion.
If your request refers to your right to access data, BigTeams will provide you with copies of the information and/or scanned documents.
BigTeams may refuse the exercise of your Personal Rights in instances permitted by the laws and regulations of the territories which are applicable to your use and shall inform you about such decision. The refusal may be partial, in which case BigTeams will carry out the access, rectification, cancellation, deletion, or objection in the corresponding part.Revocation of Your Consent to The Treatment of Personal Data
You, as data-owner, can revoke your consent to the treatment of your personal data in accordance with the procedure set forth above “How to Exercise your Personal Rights”, in the understanding that once we receive your request to revoke your consent we will issue our response within a five-day period.Options to Limit the Use and Disclosure of Your Personal Data
You, as data-owner, can limit the use and disclosure of your personal data in accordance with the procedure set forth above “How to Exercise your Personal Rights”, in the understanding that once we receive your request to revoke your consent we will issue our response within a five-day period.
BigTeams 20098 Ashbrook Pl Suite 155 Ashburn, VA 20147