The first category is data you upload or provide to BigTeams for use with our web-based athletic and activity management platform and various software tools, including the associated mobile and desktop applications (collectively, the “Products”).
The second category is information received from our marketing activities, our website (www.bigteams.com) and other interactions (e.g., customer service inquiries) you may have with BigTeams (collectively, the “Websites”).
The Products and Websites are collectively referred to herein as the “Services”.
Table of Contents:
- Information We Collect and Receive
- How We Use Information
- Data Retention
- How We Share and Disclose Information
- Your Personal Rights
- Contacting BigTeams
Personal Data (“Personal Data”) is any data that can be used to identify or contact a single person. We do not consider Personal Data to include information that has been made anonymous so that it does not identify a specific individual.
Information We Collect and Receive
BigTeams may collect and receive Customer Data which may include Personal Data and other information and data (“Other Information”) in a variety of ways:
- Personal Data Collection. We do not collect any Personal Data about you unless you or the organization to which you belong (typically a school or district) voluntarily submits such information to us.
- Account Information.
- To create or update an account, you or your associated organization supply BigTeams with a name, and email address or phone number.
- Once an initial account is created, we may collect additional Personal Data based upon the product(s) your school or district has purchased.
- We do not collect or store any billing information. We work with third party payment processors who we have vetted and verified are secure and compliant in order to process payments. Our payment processor is Authorize.net and you can learn more about their Payment Card Industry Data Security Standard compliance here: https://support.authorize.net/s/article/Is-Authorize-Net-PCI-DSS-compliant.
- Other Information.
- Usage Information. As is true of most internet services, BigTeams also automatically collects and stores certain non-personally identifying information sent to us by your computer, mobile phone, or other device whenever you access the BigTeams Websites. Non-personally identifying information includes data that does not, on its own, permit direct association with any specific individual. Non-personally identifying information may include, without limitation, your operating system, Internet service provider, the type of browser, computer, or mobile device that you use, how you use the BigTeams Websites, and other similar information, as well as data we have obtained from you and aggregated with other user information. BigTeams collects this information to make it easier and more efficient for you to use the BigTeams Websites and to allow us to understand how our users as a group use the services and resources provided on the Websites. Such non-personally identifying information is collected in a number of ways, including tracking your activities through "cookies," your IP address or most recently visited URL, or your mobile device. (For more information on cookies, IP addresses, or mobile devices, please see the appropriate sections below.) We may eventually use such information to tailor the content, services, and advertisements by sponsors selected by the relevant association, district or school on our Websites to your current and future needs. We may also use such information to determine which areas of our Websites are the most commonly used, which areas need improvement, and what technologies are being used so that we may continually improve our Websites and application.
- Third Party Services. A Customer can choose to permit or restrict Third Party Services to connect to their program. Once enabled, the provider of a Third-Party Service may share or receive certain information with BigTeams. For example, we may receive the username and email address of users, along with additional information that the application has elected to make available to BigTeams to facilitate the integration. When a Third Party Service is enabled, BigTeams is authorized to connect and access Other Information made available to BigTeams in accordance with our agreement with the Third Party Provider and any permission(s) granted by Customer (including, by its Authorized User(s)). We do not, however, receive or store passwords for any of these Third-Party Services when connecting them to the Services.
- Third Party Data. BigTeams may receive data about organizations, industries, lists of companies that are customers, Website visitors, marketing campaigns and other matters related to our business from parent corporation(s), affiliates and subsidiaries, our partners, or others that we use to make our own information better or more useful. This data may be combined with Other Information we collect and might include aggregate-level data, such as which IP addresses correspond to zip codes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.
- Additional Information Provided to BigTeams. We also receive Other Information when submitted to our Websites or in other ways, such as if you participate in a focus group, contest, activity or event, apply for a job, enroll in an educational program hosted by BigTeams, request support, interact with our social media accounts or otherwise communicate with BigTeams.
Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information is not provided, we may be unable to provide the Services.
How We Use Information
Customer Data will be used by BigTeams in accordance with Terms of Service to perform the Services agreed upon with the Customer. BigTeams is a processor of Customer Data and Customer is the controller. Customer may, for example, use the Services to grant and remove access to a website, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Services.
BigTeams uses Other Information in furtherance of our legitimate interests in operating our Services, Websites and business. More specifically, BigTeams uses Other Information:
- To provide, update, maintain and protect our Services, Websites and business. This includes use of Other Information to support delivery of the Services under our Terms of Service, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities, or at an Authorized User’s request.
- As required by applicable law, legal process or regulation.
- To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Other Information to respond.
- To develop and provide search, learning and productivity tools and additional features. BigTeams tries to make the Services as useful as possible for Authorized Users. For example, we may improve search functionality by using Other Information to help determine and rank the relevance of content, channels or expertise to an Authorized User, make Services or Third Party Service suggestions based on historical use and predictive models, identify organizational trends and insights, to customize a Services experience, or create new productivity features and products.
- To send emails and other communications. We may send you service, technical and other administrative emails, messages, and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about BigTeams. These are marketing messages so you can control whether you receive them. If you have additional questions about a message you have received from BigTeams please reach out through the contact mechanisms described below.
- For billing, account management and other administrative matters. BigTeams may need to contact you for invoicing, account management, and similar reasons and we use account data to administer accounts and keep track of billing and payments.
- To investigate and help prevent security issues and abuse.
As long as the account is in good standing (payment received for subscription), BigTeams will retain event data for a minimum of 10 years. Once payment is forfeited, BigTeams is no longer required to retain any event data.
Student data is retained for 10 years from the date of the student’s High School graduation to meet all HIPPA and FERPA compliance. BigTeams may choose to keep information on a deactivated account for the period of time needed for BigTeams to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes, and enforce our agreements.
Removal of the data consists of deleting data within the database, as well as removal of uploaded forms and documents which are associated with student, parent or faculty account. After all data is removed, there will be no way to recover data as all traces of data will be permanently removed from the system.
Your BigTeams’ account information is password protected so that only you are authorized to access this personal information. We strongly recommend that you do not divulge your password to anyone. BigTeams will not ask for your password in an unsolicited phone call or in an unsolicited email.
How We Share and Disclose Information
This section describes how BigTeams may share and disclose Information. BigTeams will not disclose personal information to any other party without the prior consent of the parent or eligible student.
- Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business. These third parties may, for example, provide calendar or CMS services, or we may share business information to develop strategic partnerships with Third Party Service providers to support our common customers.
- Third Party Services. Customer may enable or permit Authorized Users to enable Third Party Services. Authorized Users must opt-in to each Third Party Service. We also require each Third-Party Service to disclose all permissions for information access in the Services, but we do not guarantee that they do so. When enabled and when the User opts-in, BigTeams may share Other Information with Third Party Services. Third Party Services are not owned or controlled by BigTeams and third parties that have been granted access to Other Information may have their own policies and practices for its collection, use, and sharing. Please check the permissions, privacy settings, and notices for these Third-Party Services or contact the provider for any questions.
- Corporate Affiliates. BigTeams may share Other Information with its corporate affiliates, parents and/or subsidiaries.
- During a Change to BigTeams’ Business. If BigTeams engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of BigTeams’ assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities, some or all Other Information may be shared or transferred, subject to standard confidentiality arrangements.
- Aggregated or De-identified Data. We may disclose or use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective BigTeams customer the average number of events scheduled, or pre-participations forms completed.
- To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation, or legal process.
- To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property, or safety of BigTeams or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With Consent. BigTeams may share Other Information with third parties when we have consent to do so.
BigTeams takes security of data very seriously. BigTeams works hard to protect Other Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Other Information we collect, process and store, and the current state of technology. We do not rent or sell the Personal Data you provide to us. All data is housed within the United States. All connections to the Website, occur over industry-standard secure TLS connections using a strong cipher and minimum 2048-bit-key size certificate.
The data received from pre-participation forms are only used to complete the information needed to submit eligibility for student athletes and to provide information to the school and district. BigTeams complies with relevant FERPA and HIPAA requirements regarding security and privacy. Only school administrators and staff that have been designated by the school have access to view the information – principal, athletic director and assistants, coach of relevant teams and athletic trainers. BigTeams takes the following security measures: all access to the Services is over HTTPS, access to the physical servers is restricted to senior IT staff, and remote access is only over secure channels. All unnecessary services are disabled; firewalls are configured for each service to allow only approved traffic through. HIPAA and FERPA compliance is maintained through our use of Amazon Web Services (“AWS”).
- AWS healthcare compliance links are here: https://aws.amazon.com/health/healthcare-compliance/
- AWS FERPA blog: https://aws.amazon.com/blogs/security/ferpa-compliance-in-the-aws-cloud/
- Overall AWS compliance info: https://aws.amazon.com/compliance/
- AWS Security: https://aws.amazon.com/security/
Websites: We use various service providers to host the data we collect from the Websites, and we use technical measures to secure such data. We ensure a variety of security measures are implemented by such service providers, including firewalls, Secure Socket Layer (SSL) technology, encryption and authentication tools, to help protect your information. We protect your Personal Data with the same or better security measures than we protect our company data. While we use SSL encryption to protect sensitive information online, we also take steps to protect user information off-line. Access to all of our users' information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example, our billing clerk or a customer service representative) are granted access to personally identifying information.
When we send emails for notification purposes or for marketing purposes, we use SendGrid. We have verified SendGrid has reasonable safety and security measures in place related to Personal Data. You can learn more about SendGrid’s security policies here: https://sendgrid.com/policies/security/
We also use Salesforce for interaction with those who paid for our product and to handle customer support items. We have verified Salesforce has reasonable safety and security measures in place related to the Personal Data. You can learn more about Salesforce’s security policies here: https://trust.salesforce.com/en/security/
We also use Clickatell as an opt-in service for users of the Services to register and receive notifications by SMS. Clickatell also uses AWS. You can learn about AWS’s security policies here: https://aws.amazon.com/security/
In the event that BigTeams becomes aware of Personally Identified Data is accessed or obtained by an unauthorized individual, BigTeams will take immediate steps to limit and mitigate such security breach to the extent possible. We will provide notification to Customers as soon as practicable and no later than 48 hours of discovery.
You are, as data-owner and user of the Services and Websites, entitled to (i) access your Personal Data and be informed about the way in which your information is treated, (ii) rectify your personal data in case it is not up-to-date, it is inaccurate or incomplete, (iii) ask for your data to be removed if you consider that it is not used in accordance with the applicable principles, duties and obligations, and (iv) object to the processing of your Personal Data for specific purposes. These rights are known as “Personal Rights”.
How to Exercise Your Personal Rights
If you decide to exercise your Personal Rights, you may contact our Information Security Office, via email at firstname.lastname@example.org for any requests related to your data protection rights. Your request must be accompanied with the following information and documentation:
- Your ID information and, if applicable, the information of your legal representative. For legal representative, please attach a copy of his/her power-of-attorney.
- A clear and precise description of the Personal Data about which the Personal Rights are to be exercised, as well as the right or rights that are to be exercised.
- An address where you desire to hear and receive BigTeams’ response and any future communications and/or notifications, or, in its case, your desire to receive our response and/or future notifications or responses via email, providing us with your email address.
- If you prefer to correspond via email, you must expressly state your desire to receive BigTeams’ response through an email communication, specifying the corresponding email address.
- As stated above in this Policy, BigTeams does not collect or store any information or data you process through the Hosted Software. Therefore, there is no ability or need to request removal of any data related to the Hosted Software.
- Any parent or guardian of a Teen may exercise the Personal Rights of a Teen by following the same process provided in this Personal Rights section. Provided however, that the parent or guardian must also provide information sufficient to verify you are the actual parent or guardian of the Teen.
BigTeams will issue a response within a timely manner following receipt of your request, which will be informed to you using your selected method. Once you receive our response you will have a 20-business day period to respond to our communication. In the event you need to speak with us or in the event you disagree with our response please contact us at email@example.com along with a phone number for us to reach you, in order for BigTeams to discuss with you any issue. In case you do not reply to our response within the before mentioned period we will understand in good faith that you agree with our conclusion.
If your request refers to your right to access data, BigTeams will provide you with copies of the information and/or scanned documents.
BigTeams may refuse the exercise of your Personal Rights in instances permitted by the laws and regulations of the territories which are applicable to your use and shall inform you about such decision. The refusal may be partial, in which case BigTeams will carry out the access, rectification, cancellation, deletion, or objection in the corresponding part.
Revocation of Your Consent to The Treatment of Personal Data
You, as data-owner, can revoke your consent to the treatment of your personal data in accordance with the procedure set forth above “How to Exercise your Personal Rights”, in the understanding that once we receive your request to revoke your consent we will issue our response within a five-day period.
Options to Limit the Use and Disclosure of Your Personal Data
You, as data-owner, can limit the use and disclosure of your personal data in accordance with the procedure set forth above “How to Exercise your Personal Rights”, in the understanding that once we receive your request to revoke your consent we will issue our response within a five-day period.
20098 Ashbrook Pl
Ashburn, VA 20147