Careers

Contact Us

Standard Contractual Clauses

Standard Contractual Clauses

For the purpose of the licence agreement, deal summary or heads of terms which links to this document (in each case the “Agreement”):

Standard Contractual Clauses” shall mean:

(a) in respect of EU personal data, the Approved EU SCCs, whereby (i) module 1 applies, (ii) modules 2, 3 and 4, the footnotes, Clause 11(a) Option and Clause 17 Option 1 are omitted, (iii) the applicable annexes are completed respectively with the information set under the heading “Annex I” below, (iv) the “competent supervisory authority” shall be determined in accordance with the GDPR, (v) the Approved EU SCCs are governed by the law of Ireland, (vi) any dispute arising from the Approved EU SCCs shall be resolved by the courts of Ireland; and (vii) if there is any conflict between the terms of this Agreement and the Approved EU SCCs, the Approved EU SCCs will prevail;

(b) in respect of UK personal data, the International Data Transfer Addendum to Approved EU SCCs, (“Addendum”), issued by the Information Commissioner and laid before Parliament in accordance with s.119A of the Data Protection Act 2018 on 2 February 2022 but, as permitted by clause 17 of such Addendum, the Parties agree to change the format of the information set out in Part 1 of the Addendum so that:

i. the details of the parties in table 1 shall be as set out above (with no requirement for signature);

ii. for the purposes of table 2, the Addendum shall adopt the Approved EU SCCs, including the selection of module 1 and disapplying the optional clauses; and

iii. the appendix information listed in table 3 is set under the heading “Annex I” below and for the purposes of table 4, the Data Exporter may end this Addendum as set out in clause 19 of the Addendum; and

(c) in respect of Swiss personal data, the Approved EU SCCs, provided that the appendix information required is set out under the heading “Annex I” below, including the selection of module 1 and disapplying the optional clauses, and any references in the clauses to the GDPR shall refer to the FADP and the term ‘member state’ must not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence in accordance with clause 18(c) of the clauses.

Approved EU SCCs” shall mean: means the Standard Contractual Clauses set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021.

ANNEX I

A. LIST OF PARTIES

MODULE ONE: Transfer controller to controller

Data exporter(s):

1. Name: TDI as defined in Agreement
Address: detailed in Agreement
Contact person’s name, position and contact details: Tom Bullock, Company Secretary, Email: [email protected]
Signature and date: detailed in Agreement
Role (controller/processor): controller

2. Name: SRAD as defined in Agreement
Address: detailed in Agreement
Contact person’s name, position and contact details: Stefano Celardo, Data Protection Officer (DPO), email: [email protected]
Signature and date: detailed in Agreement
Role (controller/processor): controller

Data importer(s):

1. Name: Customer as defined in Agreement
Address: detailed in Agreement
Contact person’s name, position and contact details: detailed in Agreement
Signature and date: detailed in Agreement
Role (controller/processor): controller

B. DESCRIPTION OF TRANSFER

MODULE ONE: Transfer controller to controller

Categories of data subjects
The personal data transferred concern the following categories of data subjects:
Players and other data subjects whose personal data is contained within the TDI Content, Data Services and Live Odds Services.

Categories of personal data
The personal data includes data collected and contained within the TDI Content, Data Services and Live Odds Services, as specifically described in any licence agreement to which the data importer is a party.

Sensitive data transferred (if applicable)
N/A

Frequency of the transfer:
Continuous for the term of the Agreement

Purposes of the transfer(s)
The transfer is for the purpose of permitting the exploitation of rights granted by the data exporter, and the use of the TDI Content, Data Services and Live Odds Services for the permitted purposes under any licence agreement to which the data importer is a party.

Retention period
The personal data transferred may be retained for the life of the Agreement and for the length necessary for the purposes permitted by any licence agreement to which the data importer is a party.

C. COMPETENT SUPERVISORY AUTHORITY

ANNEX II

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

1. Access control to premises and facilities

Measures must be taken to prevent unauthorized physical access to premises and facilities holding personal data. Measures shall include:

 Access control systems
 Surveillance facilities
 Logging of facility exits/entries

2. Access control to system

Measures must be taken to prevent unauthorized access to Customer’s own IT systems. These must include the following technical and organizational measures for user identification and authentication:

 Password procedures (incl. special characters, minimum length, change of password)
 Central management of system access
 Access to internal IT systems subject to approval from HR management and IT system administrators

3. Access control to data

Measures must be taken to prevent authorized users from accessing data beyond their authorized access rights. These measures shall include:

 Differentiated access rights
 Access rights defined according to duties/rights/risks

4. Disclosure control

Measures must be taken to prevent the unauthorized access, alteration or removal of data during transfer, and to ensure that all transfers are secure and are logged. These measures shall include:

 Compulsory use of a wholly-owned private network for all data transfers
 Creating an audit trail of all data transfers

5. Input control

Measures must be put in place to ensure all data management and maintenance is logged, and an audit trail of whether data have been entered, changed or removed (deleted) and by whom must be maintained. Measures should include:

 Logging internal user activities on IT systems

6. Job control

Measures should be put in place to ensure that data is processed strictly in compliance with the data importer’s instructions. These measures must include:

 Unambiguous wording of contractual instructions
 Monitoring of contract performance

7. Availability control

Measures should be put in place to ensure that data are protected against accidental destruction or loss. These measures must include:

 Backup procedures
 Uninterruptible power supply (UPS)
 Business Continuity procedures
 Remote storage
 Anti-virus/firewall systems

8. Segregation control

Measures should be put in place to allow data collected for different purposes to be processed separately. These should include:

 Restriction of access to data stored for different purposes according to staff duties.
 Segregation of business IT systems
 Segregation of IT testing and production environments

Contact Decorative Stadium background

GET IN TOUCH WITH OUR TEAM

Contact us