Careers

Contact Us

Annexes standard contractual clauses

ANNEX I

A. LIST OF PARTIES

MODULE ONE: Transfer controller to controller

Data exporter(s):

1. Name: TDI as defined in Agreement
Address: detailed in Agreement
Contact person’s name, position and contact details: Tom Bullock, Company Secretary, Email: [email protected]
Signature and date: detailed in Agreement
Role (controller/processor): controller

2. Name: SRAD as defined in Agreement
Address: detailed in Agreement
Contact person’s name, position and contact details: Stefano Celardo, Data Protection Officer (DPO), email: [email protected]
Signature and date: detailed in Agreement
Role (controller/processor): controller

Data importer(s):

1. Name: Customer as defined in Agreement
Address: detailed in Agreement
Contact person’s name, position and contact details: detailed in Agreement
Signature and date: detailed in Agreement
Role (controller/processor): controller

B. DESCRIPTION OF TRANSFER

MODULE ONE: Transfer controller to controller

Categories of data subjects
The personal data transferred concern the following categories of data subjects:
Players and other data subjects whose personal data is contained within the TDI Content, Data Services and Live Odds Services.

Categories of personal data
The personal data includes data collected and contained within the TDI Content, Data Services and Live Odds Services, as specifically described in any licence agreement to which the data importer is a party.

Sensitive data transferred (if applicable)
N/A

Frequency of the transfer:
Continuous for the term of the Agreement

Purposes of the transfer(s)
The transfer is for the purpose of permitting the exploitation of rights granted by the data exporter, and the use of the TDI Content, Data Services and Live Odds Services for the permitted purposes under any licence agreement to which the data importer is a party.

Retention period
The personal data transferred may be retained for the life of the Agreement and for the length necessary for the purposes permitted by any licence agreement to which the data importer is a party.

C. COMPETENT SUPERVISORY AUTHORITY
See the Agreement

ANNEX II

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

1. Access control to premises and facilities

Measures must be taken to prevent unauthorized physical access to premises and facilities holding personal data. Measures shall include:

 Access control systems
 Surveillance facilities
 Logging of facility exits/entries

2. Access control to systems

Measures must be taken to prevent unauthorized access to Customer’s own IT systems. These must include the following technical and organizational measures for user identification and authentication:

 Password procedures (incl. special characters, minimum length, change of password)
 Central management of system access
 Access to internal IT systems subject to approval from HR management and IT system administrators

3. Access control to data

Measures must be taken to prevent authorized users from accessing data beyond their authorized access rights. These measures shall include:

 Differentiated access rights
 Access rights defined according to duties/rights/risks

4. Disclosure control

Measures must be taken to prevent the unauthorized access, alteration or removal of data during transfer, and to ensure that all transfers are secure and are logged. These measures shall include:

 Compulsory use of a wholly-owned private network for all data transfers
 Creating an audit trail of all data transfers

5. Input control

Measures must be put in place to ensure all data management and maintenance is logged, and an audit trail of whether data have been entered, changed or removed (deleted) and by whom must be maintained. Measures should include:

 Logging internal user activities on IT systems

6. Job control

Measures should be put in place to ensure that data is processed strictly in compliance with the data importer’s instructions. These measures must include:

 Unambiguous wording of contractual instructions
 Monitoring of contract performance

7. Availability control

Measures should be put in place to ensure that data are protected against accidental destruction or loss. These measures must include:

 Backup procedures
 Uninterruptible power supply (UPS)
 Business Continuity procedures
 Remote storage
 Anti-virus/firewall systems

8. Segregation control

Measures should be put in place to allow data collected for different purposes to be processed separately. These should include:

 Restriction of access to data stored for different purposes according to staff duties.
 Segregation of business IT systems
 Segregation of IT testing and production environments

Contact Decorative Stadium background

GET IN TOUCH WITH OUR TEAM

Contact us