Abler’s Privacy Policy

(Last updated 23. December 2024)

1. About us

1.1. Abler (“Abler” or “the System”) is a complete management system for sports as well as other leisure activities and events, operated by Abler ehf., ID No. 660117-0670, Höfðabakka 9c, 110 Reykjavík, Iceland (in this privacy policy also referred to as “we” or “us”). Abler is designed for coaches, group leaders, athletese, organisation members, guardians and organisation staff. Within Abler, coaches and group leaders have the capability to create game and training plans, organize teams/groups, and easily make changes via the system's coach interface. Members can connect to the system, get an overview of their schedules, communicate with their coaches and sign up for organisation services. Guardians can monitor their children’s schedules, sign them up for organisation events and services and communicate directly with coaches and organisation staff.

1.2. We place great emphasis on ensuring that the processing of personal information is based on the fundamental principles of laws and regulations, striving to safeguard and respect the rights of individuals.

1.3. The purpose of this privacy policy is to inform you about how personal data is collected, stored and processed by us, and applies to all individuals who use Abler (whether through the app or browser interface).

1.4. In most instances, the organisation with whom you interact through Abler is the data controller and we are the data processor on behalf of that organisation. However, in some instances we are the data controller. This privacy policy provides details of the personal data we collect and process as data controller. The organisations with whom you interact through Abler are responsible for providing you with information about their own privacy policies in respect of their use of your personal data.

1.5. All processing of personal data by us is done in accordance with applicable data protection laws from time to time.

1.6. For further information about us and Abler, please also see our Terms of Use.

2. Types of personal data collected

2.1. Personal data means any information about an individual from which that person can be identified. The collection and processing of personal information is a necessary part of the use of Abler, and the System cannot function without the collection of certain personal information.

2.2. As data controller, we may collect, use, store and/or transfer different kinds of personal data about you which we have grouped together as follows:

  1. Identity Data, Contact Data and Profile Information: including your name, date of birth, ID number (in some countries), address, telephone number, username, password, profile picture and information about parental/guardian relationships (or other applicable family ties).
  2. Financial Data: including payment card details.
  3. Transaction Data: including information on payment history and payment instructions.
  4. Technical Data: including IP address, login data, device ID, operating system version and other technology on the devices you use to access Abler.
  5. Usage Data: including information about how you interact with and use Abler.
  6. Communication Data: information about your communications with us and your communications with other users through Abler, including your interactions with other notifications and forms of communication within Abler. The communication system in Abler is traditionally structured, and information about the participants in each communication thread is accessible in the System.

2.3. Organisations with whom you interact through Abler may collect, use and store different kinds of personal data about you through Abler. Each organisation is the data controller in respect of your interactions with the organisation and we are the data processor on behalf of that organisation. The personal information collected, used and stored by organisations through Abler may include:

  1. Identity Data, Contact Data and Profile Information: including your name, ID number and/or date of birth, address, telephone number, username, profile picture and information about parental/guardian relationships (or other applicable family ties).
  2. Transaction and Participation Data: including information on your purchases from the organisation, participation in groups and events operated by the organisation and attendance at the organisation’s training and events.
  3. Communication Data: information about your communications with the organisation or in relation to the organisation’s services, including in group conversations linked to the organisation’s services and your interactions with other notifications.
  4. Other Data: other information that you may provide to the organisation through Abler or that the organisation may record about you within Abler.
  5.   How we collect your personal data

3.1. In our capacity as data controller we use different methods to collect data from and about you including through:

3.1.1. Your interactions with Abler. You may give us your personal data by providing it in your use of Abler as well as filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

·       register an account for use of Abler or provide or update your personal details in Abler;

·       sign-up for services or events through Abler;

·       indicate participation in events in Abler;

·       use Abler for communicating; or

·       give us feedback or contact us.

3.1.2. Information provided by an Organisation. An organisation using Abler may give us personal data about you.

3.1.3. Automated technologies or interactions. As you interact with our website or app, we will automatically collect Technical Data about your equipment, browsing actions and patterns.

3.1.4. Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources, such as applicable national registries. Technical Data is collected from analytics providers such as Google Analytics, to increase the service quality.

 

3.2. Organisations with whom you interact through Abler may use different methods to collect data from and about you. Each organisation is responsible for providing you with information about the personal data they collect from you, however the methods they use to collect data from and about you through Abler include:

3.2.1. Your interactions with Abler. Information you have provided in your use of Abler.

3.2.2. Your interactions with the organisation. This includes information you have provided to the organisation, whether through Abler or other interactions with the organisation, as well as information that may be recorded by the organisation from observation (for instance attendance at or participation in events).

3.2.3. Information from third parties. Information provided by parents, guardians or family members, or other relevant third parties.

4. Purposes for which we will use your personal data

4.1. We will only use your personal data to enable you to use Abler and interact with the organisations with whom you have chosen to interact.

4.2. We may display adverts through Abler and may use personal data to target adverts to you. If we display targeted adverts you can change your settings to opt out of targeted adverts.

4.3. We may also use the data to send out newsletters, marketing materials or promotional materials and other information that may be relevant to you. You can always change your settings to opt out of these messages if they are not required for us to provide the service.

4.4. We may also use non-personally identifiable information about Users and use of the Abler for various purposes including developing and improving the software and detecting developments and trends in sports and leisure activities. We may share statistical reports and/or analyses based on aggregated and non-personally identifiable data from a group of users, however we take steps to ensure that any such information is anonymised and non-personally identifiable.

5.  Legal basis for processing personal information

5.1. The law requires us to have a legal basis for collecting and using your personal data. As data controller, we rely on one or more of the following legal bases:

5.1.1. Your consent: We may use your personal data where you have provided your active consent. This may include the consent provided by you when you accept our Terms of Use and use Abler, or other specific consent you may provide from time to time for specific purposes, for instance subscribing to email newsletter or in connection with your communications with us.

5.1.2. Performance of a contract with you: We may use your personal data in order to provide you with access to Abler and functionality of the System in accordance with your acceptance of our Terms of Use, as well as performance of other contracts you may enter into with us.

5.1.3. Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

5.1.4. Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to.

6. Disclosure of your personal data

6.1. We may share the personal data of individuals who use our services to third parties or the authorities, to the extent required and permitted by law, for instance:

6.1.1. To external service providers and processors who provide necessary services for our operations and for us to provide the System to you.

6.1.2. To law enforcement, courts or other public authorities, only to the extent we are legally obliged to do so.

6.1.3. If you request us to provide or transfer your person al data to a third party.

6.2. Where we make the decision to share personal data with a third party, we require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with this Privacy Policy and in accordance with our instructions.

7. International transfers

7.1. This clause 7.1 applies to Users inside the European Economic Area (“EEA”).

In respect of Users based in the EEA, we do not transfer personal data to a country outside of the EEA unless it is ensured that the information benefits from a similar level of protection as in the EEA or with your specific consent. It if it is necessary to transfer information to a country outside of the EEA, we will only transfer the personal data if appropriate safeguards are in place in accordance with applicable data protection rules and regulations, such as the use of standard data protection clauses adopted by the EU Commission or an adequacy decision by the EU Commission.

7.2. This clause 7.2 applies only to Users inside the United Kingdom (“UK”).

In respect of Users based in the UK, we do not transfer personal data to a country outside of the UK and EEA unless it is ensured that the information benefits from a similar level of protection as in the UK or with your specific consent. It if it is necessary to transfer information to a country outside of the UK and EEA, we will only transfer the personal data if appropriate safeguards are in place in accordance with applicable data protection rules and regulations.

8. Your rights in relation to your personal data

8.1. You have a number of rights under data protection laws in relation to your personal data. This includes the rights to:

  1. Request access to your personal data: You have the right to information about whether personal data about you is processed and access to it.
  2. Transfer of personal data: In certain circumstances, you may request that certain personal information that has been provided transferred to another party. This can only be done if it is technically feasible and only to the extent your personal data has been obtained on the basis of your consent or to fulfil a contract.
  3. Request corrections or erasure of personal data: At any time, you may request that incorrect or unreliable personal information about you is corrected. In certain circumstances, you may request that certain personal data about you is deleted, however deletion of personal data may impact your ability to use the System.
  4. Object to the processing of personal data: In certain circumstances you may object to the processing of your personal data and request that we stop processing your personal data. If you object to the processing of your personal data this may impact your ability to use the System.  You may always object to the processing of your personal data for the purpose of direct marketing.

8.2. We will respond to requests according to the above free of charge unless they are unwarranted, excessive or request the delivery of more than one copy of personal information. We place great emphasis on all processing of personal information in Abler being in accordance with privacy laws and regulations, and the security and privacy of your personal data. If you wish to exercise your rights you must prove your identity to our satisfaction.

8.3. In the event of a dispute regarding our use of personal data, you may contact us by sending an email to privacycompliance@abler.io. Individuals are also always entitled to direct a complaint to the Icelandic Data Protection Authority in the event of a dispute regarding the processing of personal information. You can contact the Icelandic Data Protection Authority by sending an email to postur@personuvernd.is.

9. Security of Personal Data

9.1. We care strongly about the security of your personal information. We strive to follow and maintain sensible and commercially satisfactory security policies and practices to protect personal data from unauthorized access, deletion, use, alteration or disclosure and we regularly assess information security risk factors related to personal information.

9.2. We have established an information security policy providing for internal audit and documentation of our internal security as well as ensuring regular training of employees on handling personal data and the risks to information security.

9.3. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a need to know in connection with our operations. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

9.4. We have put in place appropriate security measures. The main technical measures that we have taken include network security solutions that combine firewalls, network settings and other technologies, encryption of data transfer in the System with HTTPS data, using storage within the EEA, or the United States in accorance with the EU-U.S. Data Privacy Framework, and regular backup of essential data. We have also taken to ensure that unauthorized persons do not have access to personal information.

9.5. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

10. Cookies

10.1.  The System uses 1st and 3rd party cookies to collect information and improve our services. Essential cookies are set by default but cookies used to improve user experience and for analytics are only set if you accept those cookies. If you do not want to accept the essential cookies, you must stop using the website and clear our cookies from your browser. See instructions from your browser vendor for how to clear cookies.

10.2 Cookies used on our website:

lang
Type: Essential
Owner: Abler
Duration: Session
Purpose: Show content in the correct language

id_token
Type: Essential
Owner: Abler
Duration: 10 minutes
Purpose: Keep the user logged in

refreshToken
Type: Essential
Owner: Abler
Duration: 6 months
Purpose: Keep the user logged in

_GRECAPTCHA
Type: Essential
Owner: Google
Duration: 7 months
Purpose: Protect the system against attacks

SIDCC
Type: Essential
Owner: Google
Duration: 13 months
Purpose: protect users' data from unauthorized access.

__Secure-1PSIDCC
Type: Essential
Owner: Google
Duration: 12 months
Purpose: protect users' data from unauthorized access.

__Secure-3PSIDCC
Type: Essential
Owner: Google
Duration: 12 months
Purpose: protect users' data from unauthorized access.

CookieConsent
Type: User experience
Owner: Abler
Duration: 12 months
Purpose: Track state of cookie consent

cookieconsent_status
Type: User experience
Owner: Abler
Duration: 12 months
Purpose: Track state of cookie consent

_ga
Type: Analytics
Owner: Google
Duration: 13 months
Purpose: Website analytics to understand usage of the system

_fbp
Type: Analytics
Owner: Facebook
Duration: 4 months
Purpose: Measure the efficiency of online ad campaigns that lead users into Abler’s website

11. Data Retention Period

11.1.  We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

11.2.  To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

11.3.  Automated and/or manual processes are in place to delete personal data according to the following periods of retention:

  1. Audit logs and debugging information, 1 year after it was recorded
  2. Personal data in product analytics such as exact device type and device id, 5 years after it was recorded
  3. Personally-identifiable information in user profile, as well as messages and profile picture, 7 years after last activity in the system.

12. Contact

12.1.  If you have any questions or suggestions about the processing of personal data in Abler, you can contact Abler ehf, Höfðabakka 9c, 110 Reykjavík, Iceland by emailing privacycompliance@abler.io.

13. Changes to the Privacy Policy

13.1.  We keep this Privacy Policy under regular review and reserve the right to update this Privacy Policy from time to time.  Updates will take effect when the updated Privacy Policy is posted on our website. The next time you access Abler after changes have taken effect, you must confirm your acceptance of the updated Privacy Policy. If you do not accept the changes, you may not be able to continue to use the system.

Cookie NoticeWe use cookies to make your browsing experience smoother and more personalised. Want to know more? Check out our Privacy Policy.