Data Processing Agreement

3.1 Scope and Purpose

We will process Personal Data only to the extent necessary to provide the services in accordance with the Terms of Service and this DPA. The purpose of the processing is to provide you with sports data API services.

3.2 Types of Personal Data

The types of Personal Data processed may include:

• Contact information (name, email address, phone number)
• Account information (username, password hash)
• Billing information (address, payment details)
• Usage data (API calls, IP addresses, access logs)
• Any other Personal Data provided by you or your users through our services

3.3 Categories of Data Subjects

The categories of Data Subjects whose Personal Data may be processed include:

• Your employees, contractors, and representatives
• Your end users who access or use applications that incorporate our API
• Any other individuals whose Personal Data is provided by you or your users

4.1 Instructions

We will process Personal Data only on your documented instructions, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by applicable law.

4.2 Confidentiality

We will ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

4.3 Security Measures

We will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of Personal Data in transit and at rest
• Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
• Ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident
• Process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures

4.4 Sub-processors

We will not engage another processor without your prior specific or general written authorization. In the case of general written authorization, we will inform you of any intended changes concerning the addition or replacement of other processors, thereby giving you the opportunity to object to such changes.

Where we engage another processor for carrying out specific processing activities on your behalf, the same data protection obligations as set out in this DPA shall be imposed on that other processor.

4.5 Data Subject Rights

We will assist you by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of your obligation to respond to requests for exercising the Data Subject's rights under applicable data protection laws.

4.6 Data Protection Impact Assessment

We will assist you in ensuring compliance with your obligations regarding data protection impact assessments and prior consultation with Supervisory Authorities, taking into account the nature of processing and the information available to us.

4.7 Data Deletion

At your choice, we will delete or return all Personal Data to you after the end of the provision of services relating to processing, and delete existing copies unless applicable law requires storage of the Personal Data.

4.8 Audits

We will make available to you all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you.