Integrity policy

Highlights from the policy:

  • MATCHi does NOT share your data with advertisers & the like for commercial purposes.

  • As a user, you have the right to have your personal data deleted from our system (however, some information may need to be saved in accordance with the Swedish Accounting Act).

  • You can see what personal data relating to you has been processed and how your personal data is used.

  • Information about the operating environment and how the data is protected.

  • Preapproved subcontractors/suppliers of MATCHi AB.


Integrity policy for users of MATCHi.se

As a platform provider, we work continuously to ensure that your personal privacy is protected when you use the services we provide. Your personal data is processed in accordance with applicable legislation (the GDPR). Therefore, we have implemented this integrity policy that determines how your personal data will be processed by us.


MATCHi handles the buyer's personal data in accordance with the Data Protection Regulation (GDPR) and never distributes it to parties who are not affiliated with MATCHi. The only exception is if we explicitly request your approval at the time of purchase.


MATCHi AB processes all information about our users, i.e., personal name, email and other information, with data support. This data is processed in order to manage the customer relationship between you and the facilities and partners affiliated with MATCHi, as well as to provide important information about your purchased services (such as booking confirmation).


Parties and liabilities for the processing of your personal data

MATCHi AB, 556871-6129, Töpelsgatan 7, 416 55 Gothenburg, is a platform provider of systems for bookings, membership databases, billing, etc. MATCHi is a data processor of your personal data for third parties (the facilities where you make your booking). MATCHi is also the data controller for processing your data in MATCHi's own databases. Users who have their own login information for our website are henceforth called Users.


MATCHi is the data controller for processing the personal data that you share with us when:

  • you create an account on MATCHi.se

  • you use MATCHi’s app

  • you have a question and/or contact us

  • you visit our website and accept cookies


What personal data relating to you do we process?

The personal data that is processed will vary depending on whether you are a private individual or a business. If you are a business, it will vary depending on what type of business you have. Business data may be personal data for a customer that is self-employed. When you create an account with us as a User, we collect data that are required, including: email address and first name and surname. Completing your information on your profile is optional. When a private individual creates an account or a seller uses our service, we collect their contact details and company information depending on the type of customer they are at MATCHi.


Handling personal data

MATCHi saves the User's personal data, and other such data that is attributable to them, only to the extent that it is necessary for the User to use their account in so far as the User does not consent to additional services, such as customer surveys and newsletters. The user can always request that MATCHi delete all data stored about them at MATCHi, but then the User can no longer avail of the service.


MATCHi certifies that when data is shared with third parties, it is done in accordance with prevailing legislation and MATCHi is responsible for ensuring that all MATCHi’s suppliers comply with EU requirements regarding the handling of personal data.


In this integrity policy, the User's personal data refers to any information about the User through which the User is directly or indirectly identifiable, including, but not limited to, the User's name, address, date of birth, IP address, account and email address, and other information through which the User can be identified. MATCHi is, unless otherwise specified, the data processor in accordance with the GDPR for MATCHi's processing of personal data that occurs when making a booking. MATCHi may avail of this data from the User’s account when the User creates an account, through the User's acceptance of this integrity policy. MATCHi is the data controller for its own database of Users.


The personal data is processed by MATCHi for the overall purpose of being able to provide the data controller (the seller) with information when a booking is made and which determines the data to be processed and how the data shall be used. By registering a user account, the User agrees to the processing of their personal data for such purposes. MATCHi saves personal data to the extent that it is necessary for the User to be able to book with a third party (the seller). The User has the right to find out which of their data is processed by MATCHi by contacting MATCHi via the contact details provided on the website.


The User may at any time request that MATCHi ceases processing their personal data and thereby deletes such data belonging to the User and being stored by MATCHi. However, such a request may mean that MATCHi cannot continue to provide an account with MATCHi. The User can terminate his/her user account at any time by deregistering as a user or by notifying MATCHi in writing of such a request. After the user’s account has been terminated, the User's personal data will be deleted after a reasonable period of time, providing no other legal requirements such as the Swedish Accounting Act prevent this.


MATCHi does not have the right to pass on the User's personal data to a third party unless this is directly necessary for the provision of the service. Consequently, MATCHi does not share personal data for any other commercial purpose.


Data Controller and Data Protection Officer

MATCHi.se, which is operated by MATCHi AB, Org. No. 556871-6129, is the data processor for any processing of personal data carried out by a third party (the seller) and which is described in this integrity policy, as well as the data controller for the database owned by MATCHi.


Our postal address is Töpelsgatan 7, 41655 Göteborg. Email address: info@matchi.se. Phone: +46 (0)31-380 72 00


Our Data Protection Officer is: Mattias Lundström


Forwarding of personal data

Your personal data that we may send to third parties, and also save, include name, date of birth, address, email address, phone number. Personal identity numbers are only collected and shared when required by federations in each country. All the data that you submit to us through the app is encrypted before storage.


Consent

In order for MATCHi to be able to process your personal data and at the time of booking submit your personal data to a third party, you, the User, must consent. Consent is voluntary for our users. You can withdraw your consent at any time by contacting us at MATCHi. Consent is required for our users to book or otherwise utilize the services provided by MATCHi.


Information security

MATCHi is currently being run at Glesys AB and Amazon AWS. In the future, we will move more and more of our servers to Amazon. The change is part of our continuous and ongoing improvement efforts. Amazon AWS is a collection of services and tools that constitute a world-leading cloud-based platform for applications. Amazon AWS has data centres in the US, Europe, Asia and Oceania, where we store our data on servers in the EU.


Find out more about Amazon AWS here:
http://aws.amazon.com/ec2/faqs/
http://aws.amazon.com/about-aws/globalinfrastructure/


Amazon has years of experience in designing, building and operating large-scale data centres. Physical access to these data centres is strictly controlled by professional security personnel. Authorized personnel must go through multiple authentication steps to gain access to these data centres. The design and precise location of these data centres constitute classified information to which, for security reasons, only selected members of the Amazon staff have access.


We never store any credit card information in our databases. All sensitive payment information is handled securely by our partner Adyen. All communication with our payment partners is encrypted in accordance with industry standards. Passwords are always saved one-way encrypted in our databases.


MATCHi works with the Pseudonymization of data that may be sensitive in terms of the potential for personal identification.


Personal data breaches

MATCHi is liable for processing your data as securely as possible by following the requirements set out in the GDPR.


MATCHi assumes its obligations in the event of a personal data breach. In the event of such a breach, MATCHi will report the breach to the Data Inspection Board within 72 hours, and inform the affected parties as well as specify what we will do to remedy and prevent a breach in the future.


Personal data categories (users and customers)

When Data categories Personal data Legal basis
Ordering a service Company details Corporate registration number
Company name
Address
Postcode
Town/City
Fulfilling our contractual obligations to you
Contact information First name
Surname
Email
Phone
Fulfilling our contractual obligations to you
Creating and using the service Login information
Contact information
First name
Surname
Email
Fulfilling our contractual obligations to you
Online identification IP address Fulfilling our contractual obligations to you
Profile information Gender
Phone number
Date of birth (year/month/date)
Address
Description (matching with other players)
Fulfilling our contractual obligations to you and consent
Contact via email Contact information Email Fulfilling our contractual obligations to you and balancing interests
Company details Company name*
Phone number*
Fulfilling our contractual obligations to you and balancing interests
Company details Company name*
Phone number*
Fulfilling our contractual obligations to you and balancing interests
Case data Message in free text* Fulfilling our contractual obligations to you and balancing interests
Contact via chat Contact details (optional) Name
Email
Phone number
Fulfilling our contractual obligations to you and balancing interests
Company information (optional) Company name Fulfilling our contractual obligations to you and balancing interests
Case data Message in free text* Fulfilling our contractual obligations to you and balancing interests
Contact via phone Contact information (optional) Name
Email
Fulfilling our contractual obligations to you and balancing
Company information (optional) Company name Fulfilling our contractual obligations to you and balancing interests
Case data Conversation in an audio file* Fulfilling our contractual obligations to you and balancing interests
IdrottOnline (Sweden only) Personal data Personal identity number
First name
Surname
Gender
Requirement from Riksidrottsförbundet for integration with IdrottOnline
*Contains the personal data the user has chosen to provide voluntarily.
*Contains the personal data the user/company has chosen to provide.
*Contains the personal data you have chosen to provide.

Subcontractor for processing personal data

Processing Supplier Location
Contact via chat Intercom London, Great Britain
Contact via email Zendesk San Francisco, USA
Contact via phone Telavox Gothenburg, Sweden
Integration with IdrottOnline Riksidrottsförbundet Stockholm, Sweden