Privacy Policy

This Privacy Policy describes the processing of personal data carried out in connection with the EliteRefs digital platform (the “Platform”), operated by:

EliteRefs is a professional SaaS platform provided exclusively to sports federations and governing bodies for the management, training, performance analysis, and evaluation of referees and officials.

The Platform operates under a Business-to-Business (B2B) contractual model.

2.1 Federation as Data Controller

For all personal data relating to referees, officials, managers, and affiliated members uploaded or processed within the Platform, the respective Federation acts as the Data Controller pursuant to Article 4(7) GDPR.

The Federation determines:

• The purposes of processing
• The categories of personal data processed
• The retention periods and access policies
• The internal evaluation criteria

2.2 Algo Dynamics Srl as Data Processor

Algo Dynamics Srl acts exclusively as Data Processor under Article 4(8) and Article 28 GDPR.

Algo Dynamics Srl:

• Processes personal data solely on documented instructions of the Federation
• Does not determine independent purposes of processing
• Does not use federation data for marketing or commercial exploitation
• Does not access data except where necessary for technical support, security, or maintenance

A separate Data Processing Agreement (DPA) governs the relationship between Algo Dynamics Srl and each Federation.

Depending on the Federation’s configuration, the Platform may process the following categories:

3.1 Identification and Contact Data

• First name
• Last name
• Email address
• Phone number
• Date of birth
• Nationality
• Refereeing role
• Federation affiliation
• Profile picture

3.2 Professional and Performance Data

• Athletic performance metrics
• Height and weight
• Fitness test results
• Technical evaluation scores
• Statistical performance indicators
• Disciplinary records entered by authorized personnel
• Internal performance reviews

3.3 Data Integrated from Third-Party Services

Where activated by the user or Federation:

• Data from Polar
• Data from Strava

Such integrations occur only upon explicit activation and in accordance with the Federation’s policies.

3.4 System and Usage Data

• IP address
• Device type
• Browser type
• Access timestamps
• System logs
• Internal communications and platform interactions

3.5 Medical-Related Information

The Platform does not store medical certificates or health diagnoses. Only administrative data such as fitness certificate renewal and expiration dates may be recorded.

Certain performance and disciplinary information may constitute sensitive or high-impact professional data.

Where processing falls within Article 9 GDPR categories, such processing is carried out exclusively under the Federation’s lawful basis and responsibility.

Algo Dynamics Srl does not independently evaluate or classify such data.

Personal data is processed exclusively for:

• Account creation and management
• Referee training and education
• Performance analysis and benchmarking
• Technical and disciplinary evaluation
• Internal reporting and federation governance
• Operational communications
• Surveys for platform improvement
• Security monitoring and fraud prevention
• Legal compliance

The Platform does not conduct direct marketing campaigns toward users.

As Data Controller, the Federation determines the applicable legal basis, which may include:

• Performance of a contract (Art. 6(1)(b) GDPR)
• Legitimate interests (Art. 6(1)(f) GDPR)
• Legal obligations (Art. 6(1)(c) GDPR)
• Public interest in the field of sport governance
• Explicit consent where required

Algo Dynamics Srl processes personal data solely under Article 28 GDPR as Processor.

The Platform infrastructure is hosted in Berlin, Germany (European Union).

Where infrastructure providers located outside the EU/EEA are involved (e.g., AWS-based services), transfers are safeguarded through:

• Standard Contractual Clauses (SCCs)
• Supplementary technical measures
• Encryption in transit and at rest
• Risk assessment procedures

All transfers comply with Chapter V GDPR.

Personal data is retained:

• For the duration of the contractual agreement between Algo Dynamics Srl and the Federation;
• For 30 days following contract termination for backup continuity purposes;
• For longer periods where required by applicable law (e.g., tax or litigation obligations).

Upon expiration of retention periods, data is securely deleted or anonymized.

Algo Dynamics Srl implements appropriate measures under Article 32 GDPR, including:

• SSL encryption (HTTPS)
• Encrypted data transmission
• Secure cloud infrastructure
• Role-based access control
• Administrative two-factor authentication
• Password-protected accounts
• Regular backups
• Access limitation on a need-to-know basis
• Infrastructure monitoring

Security measures are periodically reviewed and updated.

Since Federations act as Data Controllers, data subjects must exercise their rights directly with their Federation.

Such rights include:

• Right of access
• Right to rectification
• Right to erasure
• Right to restriction
• Right to data portability
• Right to object
• Right to lodge a complaint with a supervisory authority

Algo Dynamics Srl will assist the Federation where legally required.

Algo Dynamics Srl may engage carefully selected subprocessors for hosting, infrastructure, or security services.

All subprocessors:

• Are contractually bound under Article 28 GDPR
• Provide adequate guarantees of data protection
• Are subject to confidentiality obligations

A current list of subprocessors is available upon request to the Federation.

In the event of a personal data breach:

• Algo Dynamics Srl will notify the Federation without undue delay
• Provide relevant information to support regulatory obligations
• Cooperate in mitigation and remediation efforts

The Federation remains responsible for regulatory notification where required.

The Platform does not conduct automated decision-making under Article 22 GDPR that produces legal or similarly significant effects.

Analytics tools are decision-support systems and do not replace human judgment.

Algo Dynamics Srl shall not be liable for:

• The lawfulness of data uploaded by the Federation
• The legal basis chosen by the Federation
• The accuracy of disciplinary or evaluation data
• The internal use of reports generated by the Federation

Responsibility for compliance with data protection law remains with the Federation as Data Controller.

This Privacy Policy may be updated to reflect legal, technical, or operational changes.

Updated versions will be published on the Platform.