PRIVACY POLICY

last update: 04 April 2019

This Privacy Policy (hereinafter, the Policy) governs the processing of personal data of users of the Services as part of the preparation and staging of the 2nd European Games MINSK 2019.

The Foundation "Directorate of the 2nd European Games 2019" attaches great importance to the protection of your personal data. Please read this Policy carefully and contact us if you have any questions.

1. Terms and Definitions

1.1. For the purposes hereof, the following terms and definitions are used:

You (User) – any individual who uses the Services and has reached the age of legal capacity to enter agreements such as our Terms of Service in accordance with the legislation of the country of their citizenship.

Games – the 2nd European Games MINSK 2019.

EOC – European Olympic Committees.

We (MEGOC) – Foundation "Directorate of the 2nd European Games 2019" acting as the organising committee for the preparation and staging of the Games.

Services – software products designed to automate the processes related to the preparation and staging of the Games as well as the official website of the 2nd European Games MINSK 2019 (domain name: minsk2019.by) and Minsk2019 mobile news app. The processes related to the preparation and staging of the Games include: accreditation requests (including media accreditation), sports entries, volunteer applications, accommodation requests, arrivals & departures requests and any other processes related to the preparation and staging of the Games when MEGOC processes your personal data.

2. Scope

2.1. This Policy shall govern any interactions between MEGOC and users related to personal data processing during the use of the Services.

2.2. This Policy neither governs nor establishes the rights and obligations of third parties. It also does not apply to third-party applications or software which users can integrate with the Services. Thus, if you integrate any third-party applications with our Services, we will not be able to control how such applications process your personal data.

2.3. Please do not use the Services unless you consent to the provisions and scope hereof.

3. Who determines the purposes and means of personal data processing?

3.1. The purposes and means of how your personal data are processed within the Services are determined by the following legal entity:

Foundation "Directorate of the 2nd European Games"

103 Pobediteley Avenue, office 502

220020, Minsk, Belarus

phone: +375 17 308 72 50

email: office@minsk2019.by

4. Personal Data Collection

4.1. Personal data are any information that could enable direct or indirect identification of a person (e.g., their name, passport details, online identifier, etc.).

4.2. In accordance herewith, personal data may be collected both directly and indirectly.

4.3. Personal data are collected directly when you provide them voluntarily, e.g. when signing up, requesting accreditation, etc. You may consent to or refuse the said collection, processing and storage of your personal data.

Please note that in certain cases, unless you consent, you will not be able to access the Services or participate in the Games.

4.4. Indirect collection of personal data may occur automatically when you use the Services, including through cookies (for details see: Cookies Policy) and when your personal data are transferred to us by third parties.

4.5. If you participate in the Games as an employee of a supplier, contractor, sponsor or as a sports delegation member or a representative of national Olympic committees, international sports federations or other organisations involved in the preparation and staging of the Games, we may obtain your personal data from the organisation you represent. All personal data received from third parties are required to ensure your participation in the preparation and staging of the Games. Please note that we cannot control how your personal data are collected if we receive them from third parties, but we guarantee their secure processing on our part.

5. Expression of Consent

5.1. To use certain functions of the Services, you are required to give your consent to the collection and processing of your personal data. You can express your consent by ticking off the appropriate boxes when submitting any personal data.

Please note that we may process not all of your personal data to processing of which you consented.

You may withdraw your consent at any time. However, we reserve the right to continue processing of your personal data to the extent permitted by applicable law in cases when we state that there are other legal grounds for such processing.

5.2. You also agree that your consent to the use of your personal data shall remain in force until your personal data are destroyed.

5.3. We guarantee that we shall process your personal data in the manner and on the terms of the Policy only.

5.4. If you provide personal data of any third parties (e.g. for accreditation purposes), you shall obtain consent to the collection, processing and transfer of personal data from such third parties as well as ensure the accuracy of such third-party personal data.

5.5. By using the Services, you also consent to our Terms of Service.

6. Personal Data We Collect

6.1. Depending on the Service used, we may collect the necessary minimum of your personal details listed below for the purposes of this Policy:

(1) account and login details: name, surname, login, email, phone, details of the contact person (name, surname, position, email, phone);

(2) contact details: name, surname, email, phone, details of the contact person (name, surname, position, email, phone, organisation), Skype, social networks (VК, Instagram, Facebook), messengers;

(3) passport details: surname, first name, patronymic, passport series and number, identification number, citizenship, gender, date of birth, place and country of birth, validity term;

(4) data concerning health: allergies, medical constraints;

(5) professional background: education, employment record, language proficiency;

(6) athlete's information: sport/discipline, preferred name, personal best result, major sporting achievements, team affiliation, coach, education, working language, dominant hand, competitive career start date, hobbies, brief description, social networks;

(7) organizational information: surname, first name, NOC affiliation, client group affiliation, time and place of arrival/departure;

(8) photo and biometric data (height, weight, clothing size and shoe size);

(9) preferences – preferred athletes, countries and sports and (or) sports disciplines;

(10) geolocation.

7. Data Processing, Storage and Protection

7.1. Processing is understood as at least one of the following: collection, storage, modification, rectification, disclosure, structuring, use, destruction as well as any other operations performed with your personal data.

7.2. We will process your personal data only for the following purposes and on the following legal grounds:

Type

Purpose of processing

Legal grounds

Account and login details

To sign users up and provide access to our Services and their functionality.

Legitimate interest to ensure user access to the Services.

Contact details

For emergency communication on various issues related to preparing and staging the Games (e.g., when organising deliveries to the venues), providing updated information about events at pre-Games and Games time and information support.

Legitimate interest to stage the Games and ensure user access to the Service and their functionality.

Passport details

To issue accreditation to participants of the Games by identifying individuals and their functions at the Games and providing required access privileges.

Legitimate interest to ensure safety & security at pre-Games and Games time.

Data concerning health

To provide emergency medical care if necessary and to customise certain Games events (e.g., food & beverage provision and crowd flow management) as well as to improve venue accessibility.

Protection of the rights of the Games participants in the frame of social security.

Professional background

To determine whether you have suitable qualifications to volunteer at the Games. Your professional background will also be considered when assigning you to your preferred functional area.

Legitimate interest to provide volunteers at pre-Games and Games time.

Athlete's information

To be sent to the Games Information Service and published on the Games official website to provide interesting and useful information about the athlete to the audience, to press and broadcasters of the Games. We collect and process information about sport/discipline to verify athlete's eligibility based on the rules of international sports federations for each sport and (or) sports discipline with respect to available participant quotas.

Legitimate interest to provide information about participating athletes via our Services. Provision of these personal data is at the discretion of the user and is not mandatory for participation in the Games, as well as they are not mandatory to have access to the functionality of the Services.

Organizational information

For certain organisational issues (e.g. arrivals and departures).

Legitimate interest to ensure access to the functionality of the Services.

Photo and biometric data

Your photo is required for accreditation purposes. It will be printed on your accreditation card that is used to access the venues. If you are a volunteer, we will process information about your clothing and shoe size to issue a well-fitting uniform. If you are an athlete, we will process information about your height and weight to verify compliance with qualification requirements set by the EOC and international sports federations as well as to transfer them to press and broadcasters to customise athletes' information.

Legitimate interest to ensure staging of the Games, safety & security at pre-Games and Games time and your consent.

Preferences

To provide the best content on Minsk2019 mobile news app.

Legitimate interest to ensure access to the functionality of the Services.

Geolocation

To provide directions (e.g. directions to the venues).

Legitimate interest to ensure access to the functionality of the Services.


7.3. Subject to data anonymisation, your personal data may be used by MEGOC for any other purposes.

7.4. Both we and our partners will not use automated decision-making tools (including profiling) in personal data processing. Automated decision-making tools primarily include those systems that process your personal data without human intervention to make decisions that may have potential legal consequences for you.

7.5. Your personal data will be stored on the servers of our counterparties. We undertake that all our contractors comply with our personal data protection requirements and shall not use your personal data for any purpose other than as indicated in this Policy. Employees of MEGOC shall also take all necessary organisational, legal and technical measures available to protect your personal data. Users of the Services shall also be responsible for the provision of as accurate as possible account details, keeping their passwords and any other login information confidential and its protection from unauthorised access by third parties.

7.6. Your personal data will be stored for as long as it is necessary to ensure your participation in the preparation and staging of the Games unless you object to such processing. We may continue processing your personal data later if it is needed to perform our legal obligations, to resolve disputes, to fulfil our agreements or draw up necessary reports at post-Games time.

7.7. If your personal data are transferred to any third party (e.g., EOC), the storage time will be determined in accordance with the privacy policy of such a third party.

7.8. Any personal data collected and processed hereunder shall be properly protected until:

(1) their disclosure upon your consent;

(2) anonymisation of such personal data;

(3) their disclosure required by applicable law.

7.9. We also guarantee that your personal data shall be used only for the purposes and time set hereunder and our employees and counterparties are aware of the protection and privacy requirements and shall comply with them.

7.10. We will do our best to keep your personal data protected by limiting the number of people who have access to your personal data, running regular scans to identify threats and using anti-virus software and traffic filtering for our servers that store personal data. However, despite any possible precautions taken on our part, we cannot guarantee full protection of the Services against information security risks.

8. Transfer and Disclosure

8.1. Your personal data may be transferred to public bodies of the Republic of Belarus (such as the State Border Control Committee, Ministry of Internal Affairs, State Security Committee) for mandatory checks in accordance with the legislation of the Republic of Belarus on the state border, on internal affairs bodies, on counter-terrorism as well as to draw up reports on the results of the Games.

8.2. Your personal data may be transferred to the border control authorities of the Russian Federation if you wish to enter the territory of the Republic of Belarus to participate in the Games through the territory of the Russian Federation.

8.3. If you are an athlete or media representative/broadcaster, your personal data may also be transferred to national Olympic committees and international sports federations to verify compliance with the rules of the Games and qualification requirements.

8.4. If you wish to use our arrivals & departures service, your personal data may be transferred to our marketing partners and sports federations wishing to engage in arrivals & departures arrangements for participants of the Games. Also, your personal data may be transferred to the transport operator, administrators of the official ports of entry, media representatives and broadcasters who will cover arrivals and departures and engage in the arrangement thereof.

8.5. If you are an athlete, your personal data may be transferred to media or broadcasters covering the Games or published on the official website of the Games if this is required to customise athletes' information.

8.6. Some of your personal data may be transferred to the EOC as part of the Games knowledge sharing programme for promotion of the Olympic movement and future European Games. Your personal data will be adequately protected in the event of a transfer.

8.7. Your personal data will be transferred to independent providers of accommodation services (hotels) for booking arrangements at pre-Games and Games time, where applicable.

8.8. Additionally, your personal data may be provided to our contractors and suppliers. We guarantee that all our contractors and suppliers meet our personal data protection requirements and that they shall not use your personal information in any way beyond the purposes stated herein.

8.9. To ensure the provision of our services, your personal data may also be transferred to a legal entity created after reorganisation of MEGOC should it be necessary.

8.10. In the event of cross-border transfer of your personal data received from the European Union to a jurisdiction not recognised by the European Commission as having an adequate level of personal data protection services, we will sign personal data processing agreements that will include provisions that are recognised by the decisions of the European Commission as adequate for the purposes of personal data protection (EU Commission adequacy decisions).

8.11. Please note that disclosure of your personal data may be required in accordance with law and judicial procedures or at the request of public bodies of the country of your stay or other countries. Your personal data will be disclosed if it is necessary for the purposes of national security, law enforcement, protection of the rights and legitimate interests of MEGOC and third parties or for other substantial public interest purposes.

9. Children's Personal Data

9.1. To the extent to which it is not prohibited by the applicable law, we do not authorise the use of our Services by anyone who has not reached the age of legal capacity to enter agreements such as our Terms of Service in accordance with the legislation of the country of their citizenship. We do not collect and process (at least knowingly) their personal data without the consent of their legal representatives.

10. Chatbots

10.1. Some of our Services may use chatbots for better user experience. Chatbots may also collect your personal data when:

(1) you message a chatbot or upload audio or video files to your conversation with a chatbot;

(2) you click on the links sent by the chatbot.

10.2. Chatbots may collect and process account and login data, accreditation card No., your geolocation if you provide such data in your conversation with a chatbot.

10.3. Chatbots may collect and process information about your IP address if you click on the links sent by chatbots.

11. User Rights

11.1. The rights of users related to the collection and processing of personal data shall be determined in accordance with the applicable law.

11.2. If you are a citizen of a European Union member state, your rights with respect to the collection and processing of personal data may be determined in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).

In accordance with the General Data Protection Regulation you may access, change and/or make additions to, delete, restrict processing and migration of, object to or withdraw your consent to the processing of your personal data as well as lodge a complaint to the supervisory authority.

11.3. To exercise any of your rights above and any other rights guaranteed to you by applicable law and if you have any related questions, write to: help@synesis.by. For issues related to your personal data please contact: dpo@synesis.by.

11.4. The MEGOC reserves the right to verify your identity before exercising any rights at your request. In case we are not able to exercise any of your rights or provide any information, we will also explain the reasons to you.

12. Final Provisions

12.1. This Policy may be amended and (or) modified at any time of the Services operation. In this case we will publish a notice with information about the changes and the new version of the Policy and date of its adoption. The user of the Services shall read and acknowledge the new version hereof.

12.2. The Policy is an agreement between us and the user about the use of the Services. Any other pre-existing written or oral agreements or arrangements with respect to such use are hereby cancelled.

12.3. If any provision hereof is invalid or unenforceable, other provisions shall remain valid and enforceable to the fullest extent permitted by applicable law.

12.4. Failure to enforce your strict compliance herewith cannot be construed as our waiver of any provision hereof or any right hereunder.

12.5. The governing law is the law of the Republic of Belarus. The competent court at the location of MEGOC has the exclusive jurisdiction over all disagreements and disputes arising out of or in connection with the Policy. The Policy is drawn up in English and in Russian. In case of any discrepancies, the Russian version of the document shall prevail.