Archived Policy: https://tocafootball.com/privacy-policy-081618
1. Scope of this Policy
TOCA develops products that are intended to allow individuals to improve their soccer skills and develop precision through the application of various proprietary training techniques. We also provide training facilities for individuals to advance their skills. Most importantly, we are a member of the worldwide soccer community. This policy applies to the personal information we collect from individuals online and through our facilities. Our company is based in the United States and your data is processed in the U.S.
2. What Personal Information Do We Collect?
Information You Provide to Us
You may choose to share information with us when you interact with our Website, become a customer of ours, interact with us as a customer or send communications to us whether through email, phone or text. When doing so, we may collect the following:
There may be some circumstances where we collect personal information from you in-person. For example, if we meet you at a conference, vendor exhibition, privacy event, or similar business events, we may collect your contact information to follow up with you about our products and services.
Information We Collect Automatically
Unless you have opted-out or have otherwise refused to provide consent, the following is data that we collect automatically:
Information We Collect from Others
We sometimes collect personal information from third parties who help us with our business and commercial needs. This may include the following:
3. How Do We Use the Personal Information We Collect?
As part of operating our business, we undertake a multitude of operations which require the processing of personal information. We collect, combine, and analyze the personal information we collect to:
Our commercial purposes are to advance our commercial interests and this includes advertising and marketing. We keep your personal information in identifiable form for as long as is reasonably necessary to fulfil the purposes for which we collected it and to comply with our legal obligations. This generally means holding your personal information for as long as one of the following apply:
Data Aggregation and De-Identification
We, or third parties we permit, may aggregate and de-identify data collected so that it can either no longer be directly associated with a natural person or cannot be associated with a natural person at all. We may then use such data for its business purposes including the provision interest-based advertising and reporting. We may share aggregated and de-identified data with our affiliates and third parties, including with our advertising partners.
4. Sharing of Your Personal Information.
We may disclose information about you:
We may also disclose personal information in the following circumstances: (1) to comply with an applicable federal, state, or local law; (2) to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (3) to cooperate with law enforcement agencies concerning conduct or activity that web reasonably and in good faith believes may violate federal, state, or local law; (4) to exercise and defend legal claims; (5) when such disclosure is necessary to protect the rights and freedoms of other individuals; (6) as part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of our business; and (7) in any other manner permitted by law, including engaging in protected speech.
Links to web sites that are not operated by or for us (“Third-Party Sites”) are provided solely as a convenience to you. If you use these links, you will leave our website. This Policy does not apply to Third-Party Sites. We have not reviewed the Third-Party sites, do not control and are not responsible for any of their content or their privacy policies, if any. We do not endorse or make any representations about them, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the Third-Party Sites listed on or linked to from our website, you should understand that you do so at your own risk.
5. Your Choices and Opting Out of Interest-Based Advertising and Analytics.
If you want to limit the data that we or others collect about you through this Website and want us to not target ads that are based on your interests to your browsers or devices, you may opt out from tracking and tailored advertising at any time through one of the ways described below. If you opt out, you will still see ads, but those ads are less likely to have anything to do with products or services that you may care about. With tailored advertising, you receive ads and offers that are more likely to be useful to you. Please note, if you use multiple browsers or devices, you must opt out from each browser and device individually.
We are committed to protecting the security of any personal information you provide. We implement appropriate technical and organizational measures to safeguard personal data in our possession against being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. No transmission of data over the Internet, however, is guaranteed to be completely secure. While we strive to protect your personal data, we cannot ensure or warrant the security of any data you transmit to us or that we collect about you. We have procedures in place to address any suspected personal data breach and we will notify you of any such breach, as may be required by applicable law.
7. Children’s Privacy
We are committed to complying with the Children’s Online Privacy Protection Act (COPPA) and the California Consumer Privacy Act. Our website and services are not directed to children under the age of 16. We do not knowingly collect personal information from children under the age of 16. If we receive personal information that we discover was provided by a child under the age of 16, we will promptly destroy such information. Parents are encouraged supervise their children’s online activities and consider the use of other means to provide a child-friendly online environment. Additional information is available on the Direct Marketing Association’s home page at http://www.the-dma.org. If you would like to learn more about COPPA, visit the Federal Trade Commission home page at http://www.ftc.gov.
8. California Residents
Please review the “California Privacy Rights Notice” attachment, below, which is incorporated as part of this Policy for California residents only.
9. EU Data Subject: Our Legal Basis and Your Rights
We provide the representations and information in this section in compliance with European privacy laws, in particular the European General Data Protection Regulation (GDPR). If you are a visitor from the European Territories (including the European Economic Area, Switzerland, and the United Kingdom), our legal basis for collecting and using the personal data described above will depend on the personal information concerned and the specific context in which we collect it.
We will normally collect personal data from you where the processing is in our legitimate interests. In some cases we may collect, and process personal data based on consent.
EU data subjects have certain rights with respect to your personal data that we collect and process. We respond to all requests we receive from individuals in the EEA wishing to exercise their data protection rights in accordance with applicable data protection laws.
Please note that even if you request for your personal data to be deleted, certain aspects may be retained for us to: meet our legal or regulatory compliance (e.g. maintaining records of transactions you have made with us); exercise, establish or defend legal claims; and to protect against fraudulent or abusive activity on our Service.
To submit a request regarding your European Privacy Rights, please send your request to Privacy@tocafootball.com . We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
U.S. – EU PRIVACY SHIELD AND U.S. – SWISS PRIVACY SHIELD
In compliance with the Privacy Shield Principles, TOCA commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact TOCA at firstname.lastname@example.org.
TOCA has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS at https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Under certain conditions, you may be able to invoke binding arbitration to resolve your complaint. TOCA is subject to the investigatory and enforcement powers of the Federal Trade Commission.
If TOCA shares personal data transferred to the U.S. under the Privacy Shield with a third-party service provider that processes such data on TOCA’s behalf, then TOCA will be liable for that third party’s processing in violation of the U.S. Privacy Shield Principles, unless TOCA can prove that it is not responsible for the event giving rise to the damage.
10. Agreement and Changes
11. Contact Us
If you have any questions, please contact us by any of the following means:
Mail: TOCA Privacy, 2777 Bristol Street, Suite D. Costa Mesa, CA 92626
California Privacy Rights Notice
What is the CCPA?
The CCPA is a California law that provides California residents certain rights to their personal information. You can read the CCPA here:
California residents, called “consumers” in the CCPA, have the following rights:
We will explain more about how to exercise these rights below.
When we talk about “personal information” under the CCPA, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to, directly or indirectly, a consumer or household. Personal information does not include publicly available information or information that is deidentified or aggregate consumer information. The CCPA does not apply to personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994. It also doesn’t apply to health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.
Information We Have Collected About Consumers in the Preceding 12 Months
The following chart sets out the CCPA categories of personal information we have collected from consumers within the last twelve (12) months
CategoryExamplesSourceCollectedIdentifiersName, IP address, email address, cookie string data, pseudonymous data (e.g. hashed emails), operating system, device type, mobile device’s identifier, and other unique identifier that may be assigned to any device by third parties and cross-referenced to recognize a device.Consumer, advertising networks, internet service providers, data analytics providers, operating systems and platforms, social networks, business operation service providers.Yes.Personal information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance informationConsumers, business operation service providers.Yes *Most information collected is business information.Protected classification characteristics under California or federal lawAge (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).Consumer, data analytics providers, social networks, business operation service providers.Yes.Commercial informationRecords of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.Consumer, data analytics providers, operating systems and platforms, business operation service providers.Yes.Biometric informationGenetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. No.Internet or another similar network activityBrowsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.Consumer, advertising networks, internet service providers, data analytics providers, operating systems and platforms, business operation service providers.YesGeolocation data No.Sensory dataAudio, electronic, visual, thermal, olfactory, or similar information. No.Professional or employment-related informationCurrent or past job history or performance evaluations.Consumer, social networks.Yes.Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R Part 99))Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. No.Inferences drawn from other personal informationProfile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.Third party data providers.Yes.
The Purposes for Which Personal Information is Collected
We may collect the personal information we collect for one or more of the following business purposes:
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose or commercial purpose (as set out above). This includes:
Sale of Your Personal Information.
The CCPA defines a “sale” of personal information as the disclosure, sharing, or making available of a consumer’s personal information by a business to another business or third party for monetary or other valuable consideration. It is not a sale if a consumer uses or directs the business to intentionally disclose personal information or uses the business to intentionally interact with a third party.
You have the right to instruct us to stop the kind of sharing that the CCPA treats as “sales” and not to engage in that kind of sharing in the future, unless you choose to allow it. Please be aware there may be circumstances where we can share information with others even if you instruct us to stop “selling” your personal information, as permitted under the CCPA. For example, we may still be able to share information with our service providers so that they can provide services to us. In addition, your instruction to stop “selling” your personal information will not affect sharing that occurred before you gave us the instruction.
TOCA does not monetize your personal information; We share certain information about your device and interaction with our Website to enhance your experience with us and to engage in the legitimate business purpose of advertising and marketing. We do not “sell” the personal information of known minors under 16 years of age. The Your Choices and Opting Out of Interest-Based Advertising and Analytics section of our Policy describes how you can opt-out of sharing of your data for advertising and analytics purposes.
You may opt-out of the sale of your personal information by sending us a request by email at Privacy@tocafootball.com. Please include your name, email address and a telephone number at which you can be reached regarding your request. We will respond to all verifiable requests as required by the CCPA. You also have the option to designate an authorized agent to make a request on your behalf. In order to protect your privacy, we may require proof of this authorization before proceeding with the request.
Exercising Your California Privacy Rights
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. Agents must submit proof that they have been authorized by the consumer to act on their behalf. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We verify requests by sending a confirmation email to the requestor and by matching the identifying information provided by the consumer to the personal information already maintained by us. We cannot respond to your request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request; and (ii) confirm the personal information relates to you. If we are unable to verify the identify of a consumer to a enough degree of certainty, we will deny the request and explain the reason for the denial.
Exercising Access, Data Portability, and Deletion Rights
You may only make a verifiable request for access or data portability twice within a 12-month period. To exercise the access, data portability, and deletion rights described above, please submit a request to us using at Privacy@tocafootball.com .
Other California Privacy Rights
In addition to the CCPA, the California Civil Code permits California residents with whom we have an established business relationship to request that we provide you with a list of certain categories of personal information that we have disclosed to third parties for their direct marketing purposes during the preceding calendar year. To make such a request, please contact our us and mention that you are making a “California Shine the Light” inquiry.