Data Breach Policy

The Company has a Data Security Compliance Program to ensure we operate in accordance with relevant laws and regulations in the event of a Data Breach, including:

Australia

Privacy Act, Part IIIC, Notifiable Data Breaches Scheme

What will we do in the event of a data breach?

Below is a high-level summary of the steps the Company will take in the event of a suspected data breach.

Step 1 – Incident detection and preliminary assessment

Sports Tracker users, employees and contractors can report suspected operational and security breaches to Sports Tracker via live chat or email.

The Company will take immediate steps to conduct a preliminary investigation, where we will identify and classify the suspected breach.

Step 2 – Contain breach

If the preliminary investigation confirms a suspected breach, we will take immediate steps to:

Contain the breach.

Limit distribution of the affected personal information.

Limit possible compromise of other information.

Step 3 – Evaluate risks associated with the breach

The next step is to undertake a reasonable and expeditious assessment to:

Gather all relevant information on the breach.

Make a decision, based on the investigation, about whether the breach is an eligible data breach.

Determine who needs to be made aware of the breach.

Document everything at each step.

Step 4 – Notification

The Company will notify affected organisations and users as soon as possible once the facts are known, if:

If the user affected is a member of a group such as a school, the Company will work with the organisation to decide on who communicates to the user (e.g. the parent).

The Company will inform your countries relevant Privacy Commissioner (e.g. ICO in UK, OAIC in Australia), of any eligible data breaches, providing ongoing updates on key developments.

Step 5 – Review to prevent future breaches

In the event of a breach, the Company will:

Fully investigate the cause of the breach.

Record an Incident Report.

Report to your countries relevant Privacy Commissioner on outcomes and recommendations in the event of a notifiable breach.

Implement recommendations from the investigation to prevent future breaches.