PDMS Terms of Use
UK Sports Institute Limited (“UK Sports Institute”) Terms of Use (“the Terms”) for the Performance Data Management System (“PDMS”)
PDMS is a system owned, managed and operated by the UK Sports Institute to hold performance data, health data and medical records of athletes. UK Sports Institute offers PDMS as part of UK Sports Institute’ contractual obligations to sport national governing bodies (NGBs) under a services contract. Other bodies (Nominating Bodies) will receive a licence from UK Sports Institute to hold their athlete’s data on PDMS.
All use of PDMS is governed by the following terms. Your use of PDMS indicates your agreement to abide by the following terms. If you do not wish to be bound by these terms, you should not use PDMS.
The following terms when used in these Terms of Use shall have the following meaning:
“Athlete Personal Data”
Means any Personal Data, relating to an athlete which is processed on PDMS
“Data Protection Legislation”
Means (a) any law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding restriction (as amended, consolidated or re-enacted from time to time) which relates to the protection of individuals with regards to the processing of Personal Data to which a Party is subject, including the Data Protection Act 2018 (“DPA”) and the UK General Data Protection Regulation (UK GDPR) (“UK GDPR”); and (b) any binding code of practice or guidance published by the UK’s Information Commissioner’s Office from time to time; Personal Data, Data Controller and Data Processor have the meanings as defined in the Data Protection Legislation
“Intellectual Property Rights”
All patents, rights to inventions, utility models, copyright and related rights, trademarks, service marks, trade, business and domain names, rights in trade dress or get-up, rights in goodwill or to sue for passing off, unfair competition rights, rights in designs, rights in computer software, database right, topography rights, moral rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications for and renewals or extensions of such rights, and all similar or equivalent rights or forms of protection in any part of the world
“Medical Record”
Means information processed on PDMS about the injury or illness (both mental and physical) of athletes or support staff, and includes data obtained directly from the individual or indirectly from consultations or test results and including any treatment or medications received
“Nominating Body”
Means third parties which have a licence to hold their athlete’s data on PDMS (i.e. where UK Sports Institute simply processes the data on the instructions of that third party) this may include some Sport National Governing Bodies (NGB), a Home Countries Sports Institute (HCSI), the British Olympic Association (the BOA), the British Paralympic Association (the BPA) or the relevant Commonwealth Games Association (CGA)
“Performance Data”
Any information or data about an athlete or support staff held on PDMS that is not a Medical Record
“PDMS User Personal Data”
Means Personal Data relating to a PDMS User which is not Athlete Personal Data
“PDMS User”
Any individual who has been authorised by the UK Sports Institute to access PDMS
“Processing”
Covers most things that can be done with, or actions taken in respect to, personal data, including collection, use, transfer, storage and deletion of such data
2 Intellectual Property
2.1 All Intellectual Property Rights in the PDMS system are wholly owned by, or licensed to, the UK Sports Institute.
2.2 As a PDMS User, you agree that you will not reproduce, copy, distribute, make available, publish, sell, license or transfer any of the software, code, functionality or concepts relating to the PDMS to any third party, or otherwise make use of the content in any way except for your own use.
2.3 You agree not to place on to PDMS any materials or documents that would constitute a breach of the intellectual property rights or copyright of any third parties.
3 Data Protection
3.1 You acknowledge that for the purposes of the Data Protection Legislation, the UK Sports Institute may act as (i) a data controller for personal data processed under a services contract with a NGB or (ii) as a data processor for Personal Data processed on behalf of a Nominating Body depending on the circumstances. A separate agreement is in place between the UK Sports Institute and the Nominating Body in respect of such processing of Personal Data.
3.2 PDMS may only be accessed in accordance with set permissions which are based on the PDMS User’s role and the purposes for which he/she requires access. You must only access PDMS in accordance with the permissions provided to you. You agree that you will contact the UK Sports Institute immediately when you change your role or leave an NGB or Nominating Body in order that the UK Sports Institute may update access permissions.
3.4 You must not knowingly allow any other person to access PDMS using your permissions settings. If another person requires access to PDMS that person must contact pdoperations@uksportsinstitute.co.uk for authorisation.
3.5 You must keep confidential all data accessed by you on PDMS and must only access and use such data for the purposes of your role and for no other purpose. You must not access any data which you do not require for the purpose of our role.
3.6 You must take all reasonable steps to keep the Personal Data held on PDMS secure and confidential and must notify the UK Sports Institute Data Protection Office (DPO) immediately on dataprotection@uksportsinstitute.co.uk if you suspect there may have been any unauthorised access, accidental loss or destruction to such Personal Data. You may be required to provide full details and assistance as the performance data team may request to investigate the matter further.
3.7 Information relating to your use of PDMS (including creating, viewing, editing and deleting data on PDMS) will be held in accordance with the privacy notice set out below. This notice is in addition to (and separate from) any other privacy notice provided to you by the UK Sports Institute.
4. Standards of Record Keeping and Acceptable Use
4.1 All PDMS records added or amended by you within PDMS must comply with the rules and regulations of your professional regulatory body.
4.2 The UK Sports Institute shall be entitled to access records added or amended by you for the purpose of quality assurance; to investigate a technical problem; to investigate a complaint or legal claim; for the purpose of audit including auditing compliance with these terms; and to improve the service.
4.3 You will not intentionally upload any files that could corrupt or otherwise damage PDMS.
4.4 You agree that PDMS must only be used for the purpose of processing Medical Records or Performance data and must not be used for any other purpose.
5 Access
5.1 You agree that the UK Sports Institute has the right to suspend your access to PDMS at any time to carry out any maintenance or development work.
5.2 You agree that access to PDMS is for a limited time period as defined by the needs of your role. You agree to stop accessing and using the service should these needs no longer apply.
5.3 You agree that the UK Sports Institute has the right at its sole discretion to deny access to the PDMS to any user who fails to fully comply with these terms.
6 Password security
6.1 You have a unique personal password and username to enable you to access and use PDMS and that this password and username combination is for your exclusive personal use of the PDMS and must not be provided to a third-party individual or organisation.
6.2 You agree that you are responsible for the confidentiality of the username and password, for all uses of it and all documents placed on the PDMS through such use.
6.3 The UK Sports Institute may, from time to time, make available apps from which certain PDMS services may be available on devices (“PDMS Apps”). Such PDMS Apps should only be downloaded to, and accessed through, a device which is properly secured by a password, passcode or other secure user authentication process. It is your responsibility to ensure the PDMS App cannot be accessed on your device by any third party.
6.4 You agree to exit PDMS in a secure manner when you have finished your user session and not leave it logged on or available for others to use.
6.5 You agree that your right to access the PDMS or a PDMS App is not transferable to any third party and you will be liable for any inappropriate use of (i) the PDMS by any third party using your password and username or (ii) PDMS Apps by any third party using the device upon which you have downloaded the PDMS App.
6.6 If you suspect that a third party may have used PDMS using your password or username or have accessed a PDMS App, you should contact pdoperations@uksportsinstitute.co.uk immediately and the UK Sports Institute shall take appropriate action which may include suspension of your user account.
7. Miscellaneous
7.1 These Terms supersede and replace any other terms between the UK Sports Institute and you regarding acceptable use in respect of PDMS.
7.2 The UK Sports Institute may revise these terms from time to time, the most current version will always be accessible on PDMS. If the revision, in the UK Sports Institute’s sole discretion, is material the UK Sports Institute will notify you via an e-mail to the email associated with your account. By continuing to access or use the PDMS after those revisions become effective, you agree to be bound by the revised terms.
7.3 These terms shall be governed by and construed in accordance with the law of England and Wales.
V4: August 2023
PDMS USER PRIVACY NOTICE
This notice provides details of the processing carried out by UK Sports Institute on PDMS User’s Personal Data and informs PDMS Users about their privacy rights.
A separate privacy notice is available to athletes who receive services from UK Sports Institute therefore this notice does not apply to those athletes. Other athletes (those whose data is held on PDMS under a licence with a Nominating Body or a NGB) will have received a separate privacy notice from their Nominating Body or NGB.
What personal data is processed about you
PDMS Users are divided into the following categories of users:
- Practitioners;
- BOA, BPA, CGA Practitioners;
- Administrators; and
- Other PDMS Users.
UK Sports Institute will process the following categories of personal data for the above noted categories of PDMS User:
How is your personal data collected?
The following methods of collection are used:
Direct interactions
You give the UK Sports Institute, the NGB or the Nominating Body your Identity and Contact Data by filling in forms or by other correspondence. You may input Special Category Data (e.g sickness) into PDMS directly via AER app. You provide Professional Opinions by directly entering these into PDMS.
Indirect interactions
You may provide your Special Category Data, Location and Chronological Data via a Practitioner, Administrator or other authorised personnel for example at an overseas competition where a doctor with access to PDMS uses PDMS to record medication or treatment provided to you.
Automated technologies or interactions
When you use PDMS, UK Sports Institute will collect Location and Chronological Data, Identity Data, Technical and Usage Data about the device you use to access PDMS, your browsing actions and patterns. This data is collected by using cookies, server logs and other similar technologies
Informing UK Sports Institute of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if any of your personal data changes.
How will we use your data?
We have set out below a description of the purposes for which UK Sports Institute will use your personal data and the legal bases we rely on to do so.
Marketing
UK Sports Institute will not use any of your data for marketing purposes. We would ask for your explicit consent before your data was shared with any third party for marketing purposes.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Recipients of your personal data
We will share your personal data for the purposes set out in the table above with carefully selected external IT service providers who assist us with the administration, management and support of the PDMS system.
We have agreements in place with all such service providers that require them to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Data security
We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Such measures include encryption, password policy and multi-factor authentication, and strict user administration control paired with comprehensive permissions management processes.
In addition, only those who have a business need to know your data will access your data and at all times are subject to a duty of confidentiality.
It should be noted that despite having such security measures in place, we cannot eliminate all risk of a data breach. In the event of a data breach, we have set procedures in place to fully investigate the breach. If we are required to do so, we would notify you of details of the breach and the steps to be taken to remedy or mitigate the breach.
Cookies
Cookies are small text files that are placed on your device (i.e. computer or smartphone) by websites that you visit. Cookies allow a website to recognise and remember a user’s device. They are widely used in order to make websites work, or work more efficiently, as well as to provide information about a user’s preferences or past actions.
PDMS uses a single essential cookie to determine user identity. This cookie will be created on the first successful login to PDMS.
PDMS stores performance based cookies allowing us to count visits and traffic sources so we can measure and improve the performance of PDMS. They help us to know which pages are the most and least popular and see how visitors move around the site.
Data retention
We will retain personal data held on PDMS for as long as reasonably necessary to fulfil the purposes we collected it for (see table above for the specific purposes).
Where UK Sports Institute acts as purely a data processor, we will hold the data in line the NGB or Nominating Party’s instructions.
In some circumstances you can ask us to delete your data, see below for further information.
Your legal rights
Right to complain
If you’re not satisfied with our response to any complaint or believe the UK Sports Institute’ processing of your personal data does not comply with data protection legislation, you have the right to lodge a complaint with the UK Supervisory Authority, the Information Commissioner’s Office (ICO) using the following details:
Address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone number: 0303 123 1113
Website: www.ico.org.uk
How to contact us
If you have any questions about this Notice, or if you wish to exercise any of the rights set out above, please contact the UK Sports Institute’ Data Protection Officer (DPO) at: dataprotection@uksportsinstitute.co.uk.
You can also find details on how to complain to the UK Supervisory Authority set out in the table directly above.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. There is usually no fee required. We shall comply with all legitimate requests within the prescribed timeframe of one month.
Changes to our privacy notice
We will keep this privacy notice under regular review, the latest version will be held on PDMS and the UK Sports Institute website so any updates will be reflected there. Where significant changes are made to this notice, we will alert you to those changes.
This privacy policy was last updated in August 2023