SCHEDULE 3
DATA PROCESSING ANNEX
This Data Protection Annex (the “DP Annex”) forms part of the Subscription Agreement and relates to the processing of personal data when using the Platform (including any additional data processing that may be listed within Schedule 2 (Data Protection) of the Subscription Agreement).
PARTIES & BACKGROUND
The parties, for the purposes of this DP Annex, are the parties that signed the Subscription Agreement, including us, SPORTSFI, a company incorporated in England with company number 13839769 and having its registered office at 71 Queen Victoria Street, London, United Kingdom, EC4V 4BE (“we” and “us”) and [CLUB CORPORATE ENTITY], a company incorporated in [•] with company number [•] and having its registered office at [•] (the “User”) and (each a “Party”, or together the “Parties”).
The Parties entered into the Subscription Agreement (including the Terms of Use and this DP Annex) that requires SportsFi to Process Personal Data on behalf of the User as its Processor. This DP Annex sets out the requirements and conditions on which SportsFi will Process such Personal Data.
AGREED PROVISIONS
1. Definitions AND INTERPRETATION
1.1 In this DP Annex, terms will have the same meaning as those defined in the Terms of Use or the Subscription Agreement, unless otherwise defined
below. Additionally, the following definitions shall apply:
"Controller" has the same meaning as defined in Data Protection Law;
"Data Processing Particulars" means, in relation to any Processing under this DP Annex as set out in Schedule A (Data Processing Particulars) to
this DP Annex and, where relevant, any additional Processing set out in Schedule 2 (Data Protection) of the
Subscription Agreement;
"Data Protection Law" means:
a) any UK or EU Applicable Law to which a Party is subject to where they Process Personal Data and which relates
to the protection of individuals with regards to the Processing of Personal Data and privacy rights, including
without limitation the GDPR and the e-Privacy Directive and relevant member state laws in the European
Economic Area ("EEA") and in relation to the United Kingdom ("UK") the Data (Use and Access) Act 2025, the Data
Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (amended by SI 2011 no. 6)
and the GDPR (as incorporated into UK law under the UK European Union (Withdrawal) Act 2018) as the same are
amended in accordance with the Data Protection, Privacy and Electronic Communications (Amendments etc)
(EU Exit) Regulations 2019 (as amended by SI 2020 no. 1586), as amended to be referred to as DPA 2018, PECR,
and the UK GDPR respectively, as the same are amended, consolidated, modified, re-enacted or replaced from
time to time; and/or
b) any binding pronouncements (including findings, orders, decisions and/or judgements) issued by a Regulator
or a court;
“Data Subject” has the same meaning as defined in Data Protection Law;
"GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection
of natural persons with regard to the processing of personal data and repealing Directive 95/46/EC (General Data
Protection Regulation) OJ L 119/1, 4.5.2016;
"Personal Data" has the same meaning as defined in Data Protection Law;
"Personal Data Breach" has the same meaning as defined in Data Protection Law;
"Platform" means the platform and services described and/or defined in the Terms of Use and Subscription Agreement;
"Process" has the same meaning as defined in Data Protection Law; (and "Processing" and "Processed" shall be construed
accordingly);
"Processor" has the same meaning as defined in Data Protection Law;
“Subscription Agreement” means the Subscription Agreement which incorporates the online Terms of Use
(see www.sportsfi.com/terms-and-conditions) that govern the overarching relationship between the Parties
and which include and incorporate this DP Annex.
"Sub-Processor" means as defined in Clause 2.4;
"User Data" means the Personal Data that is Controlled by the User and which is Processed by, for, or on behalf of the User
in connection with this DP Annex as more particularly described in Schedule A (Data Processing Particulars).
“Terms of Use” means the Platform’s Terms of Use available here www.sportsfi.com/terms-and-conditions;
“Authorised User” means a person authorised or invited by (or on behalf of) the User to use the Platform.
1.2 Terms capitalised in this DP Annex that are not defined above shall have the same definition provided to them in the Subscription
Agreement or Terms of Use (as applicable).
1.3 The Schedules form part of this DP Annex and shall have effect as if set out in full in the body of this DP Annex. Any reference to this DP Annex
includes the Schedules.
1.4 References to Clauses and Schedules are to the clauses and schedules of this DP Annex, unless otherwise stated as referring to a clause,
schedule or paragraph from the Subscription Agreement or Terms of Use.
1.5 In the case of conflict or ambiguity between:
1.5.1 any provision contained in the body of this DP Annex and any provision contained in the Schedules, the provision in the body of this
DP Annex will prevail; and
1.5.2 any of the provisions of this DP Annex and the provisions of the Subscription Agreement or Terms of Use, in relation to the Processing
of Personal Data the provisions of this DP Annex will prevail.
2. Data Protection Provisions
2.1 Arrangement Between the Parties
2.1.1 The Parties may each Process the User Data and the Parties anticipate that the User shall act as a Controller and SportsFi shall act as
a Processor in respect of the User Data.
a) The User shall ensure that they have provided appropriate notices to the Authorised Users that the User allows to access the
Platform in relation to how the User will Process the Authorised User’s Personal Data, as well as complying with any other Data
Projection Law obligations appliable to the User as Controller of the User Data.
b) The User understands that they are ultimately responsible for how Authorised Users use the Platform and comply with the
Platform’s Terms of Use. Further the User understands that if an Authorised User abuses the Platform’s Terms of Use, SportsFi may
prevent the Authorised User from accessing the Platform and may delete the Authorised User’s profile in order to protect the
Platform and both the User and other data constrained within the Platform.
2.1.2 Each of the Parties acknowledges and agrees that Schedule A (Data Processing Particulars) to this DP Annex is an accurate description
of the Data Processing Particulars, together with the information in Schedule 2 (Data Protection) of the Subscription Agreement (to the
extent this is completed).
2.1.3 Notwithstanding Clause 2.1.1, if either Party is deemed to be a joint Controller with the other in relation to the User Data, the Parties agree
that they shall:
a) be jointly responsible for the compliance obligations imposed on a Controller by the Data Protection Laws, and the Parties shall
cooperate to do such reasonably necessary things to enable performance of such compliance obligations, except that each Party
shall be responsible for compliance with their data security obligations where User Data has been transmitted by it, or while User
Data is in its possession or control; and
b) acting reasonably and in good faith seek by way of variation or additional agreement or arrangement, to document the Parties'
respective obligations in accordance with Data Protection Law (particularly in respect of communications with Data Subjects,
third parties and Regulators, including in respect of transparency requirements and notification obligations).
2.2 Contact, User and Authorised User Profile Data
2.2.1 Notwithstanding Clause 2.1 the Parties each acknowledge and agree that they will Process Personal Data in relation to each Party's
representatives (“Contact Data”) (in their respective capacities as Controllers) in order to (as appropriate):
a) administer and provide access to the Platform;
b) request and receive access to the Platform;
c) compile, dispatch and manage the payment of invoices relating to the Subscription Agreement (and to the extent relevant Terms of Use);
d) manage the Subscription Agreement and Terms of Use and resolve any disputes relating to them;
e) respond and/or raise general queries relating to the Subscription Agreement and Terms of Use; and
f) comply with their respective regulatory obligations.
2.2.2 Each Party shall Process such Personal Data for the purposes set out in Clause 2.2.1 in accordance with their respective privacy policies
and obligations under Applicable Law.
2.2.3 In addition to the Contact Data, SportsFi shall also process such information about a User and Authorised User to set up the necessary
profiles on the Platform as well as to undertake KYC Screening. In relation to setting up profiles:
a) SportsFi’s acts as Controller of personal data used to in profiles only in relation to the personal data needed to create the profile and
to ensure that the individual behind the profile complies with the Platform’s Terms of Use.
b) once a profile is set-up, the User controls what level of access and visibility a profile has to the information and personal data
contained in the Platform.
2.3 Data Processor Obligations
2.3.1 In relation to the User Data that the User provides or makes available to the SportsFi or that SportsFi Processes for and on behalf of the
User (the User acting as the Controller) SportsFi shall:
a) only Process the User Data for purposes of performing its obligations under this DP Annex, and only in accordance with the terms
of the Subscription Agreement, the Terms of Use and such other documented instructions (including via email), unless required
to do otherwise by Applicable Law. If SportsFi is required by Applicable Law to Process User Data outside of the instructions of the
User (or the Terms of Use and Subscription Agreement), SportsFi will endeavour (unless prohibited from doing so by such Applicable
Law) to inform the User of such legal requirement before undertaking the Processing;
b) ensure that persons authorised to process User Data are subject to appropriate obligations of confidence in relation to the User
Data;
c) take and implement such measures as required under Article 32 of the UK GDPR and GDPR regarding appropriate technical and
organisational security measures;
d) taking into account the nature of the Processing, assist the User by appropriate technical and organisational measures, insofar as
this is possible, for the fulfilment of the User's obligation to respond to requests by Data Subjects exercising their rights as contained
in Data Protection Law;
e) assist the User in ensuring the User’s compliance with the obligations pursuant to UK GDPR and GDPR Articles 32 to 36 relating to
the processing of User Data, taking into account the nature of processing and the information available to SportsFi;
f) provide the User with reasonable information necessary to demonstrate SportsFi’s compliance with its obligations in terms of this
DP Annex and its compliance with Data Protection Law as it relates to SportsFi’s Processing of the User Data in relation to the
Subscription Agreement and Terms of Use;
g) at the User’s cost and with sufficient notice at a time that does not inconvenience SportsFi, allow for and permit the auditing of
SportsFi’s Processing of User Data in accordance with the provisions of the Subscription Agreement, the Terms of Use, this DP Annex
by the User or another auditor mandated by the User;
h) promptly comply with reasonable requests from the User to amend, transfer or delete any User Data;
i) notify the User without undue delay of becoming aware of any Personal Data Breach, and provide reasonable assistance to the User
in addressing a Personal Data Breach, to the extent appropriate and applicable to SportsFi’s Processing of User Data in relation to
this DP Annex, the Subscription Agreement and/or Terms of Use; and
j) upon the earlier of:
(i) termination or expiry of the Subscription Agreement term; or
(ii) the date on which the User Data is no longer relevant to, or necessary for, the provision of the Product,
cease Processing all User Data and return and/or permanently and securely destroy the User Data and all copies in its possession
or control (such that the User Data is no longer retrievable), as directed in writing by the User except to the extent required by
Applicable Law to retain the User Data;
2.3.2 SportsFi shall advise the User without undue delay if SportsFi considers any instructions from the User to be non-compliant with
Data Protection Law. In such instances, SportsFi is allowed to not follow such instructions issued by the User until such time as
SportsFi considers that the instructions comply with applicable Data Protection Law.
2.4 Appointing Sub-Processors
2.4.1 SportsFi is granted a general authorisation by the User to appoint sub-contractors who may Process the User Data ("Sub-Processor")
in accordance with this Clause 2.4, provided that:
a) SportsFi provides the User prior notice of the appointment such that the User may have the opportunity to object to the
appointment of the new Sub-Processor, with the understanding that at the time of entering the Subscription Agreement, the
entities listed in Schedule B (Approved Sub-Processors) had already been approved as Sub-Processors; and
b) the Sub-Processor contract (as it relates to the Processing of Personal Data) is on terms which are substantially the same as,
and in any case no less onerous than, the terms set out in this DP Annex.
2.5 International Transfers
SportsFi does not transfer User Data outside of the UK or EU, nor does it engage with any Sub-Processors who do the same. If this position
changes, SportsFi will take all necessary measures to implement such steps and mechanisms for the secure transfer of Personal Data
outside the UK and EU. SportsFi will work with the User to enter into such agreements as may be needed by the User for the User to comply
with their obligations under Data Protection Law for the international transfer of User Data.
3. Amendments
3.1 If at any time, SportsFi considers that this DP Annex needs to be amended in order to comply with its obligations under Applicable Law, the
provisions of Clause 1.2 of the Subscription Agreement shall apply.
SCHEDULE A
DATA PROCESSING PARTICULARS
The nature and purpose of the Processing
The type of Personal Data being Processed
The categories of Data Subjects
Data Retention/Deletion Period and Process
Locations (including the geographic region) in which the Personal Data may be Processed by SportsFi and/or any Sub-Processor
Provision of a Platform which modernises and enables the transfers, management of deal data, providing access to financing in relation to football player acquisition and transfers within and across football leagues. Anonymisation of User Data for research and analytical purposes.
Name
Contact information
Player information including:
- Proposed new/loan Club (where applicable)
- Proposed loan term Proposed fee
- Proposed payment terms
- Add-ons (i.e. additional payment possibilities for the Player)
High level football players (male and female)
Club/Team personnel
Football player agents
Funders
SportsFi shall retain User Data for the period necessary to fulfil the purposes outlined in the Subscription Agreement and Terms of Use unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other lawful legitimate purposes.
Within the UK and/or EU.
Further Processing particulars may be contained in Schedule 2 (Data Protection) of the Subscription Agreement. Any such further Processing particulars will be in addition to those listed above.
SCHEDULE B
APPROVED SUB-PROCESSOR(S)
SportsFi’s approved Sub-Processors
AWS
Daedalus Technologies Ltd
Zoho UK
Republic of Ireland
United Kingdom
United Kingdom