DATA PROTECTION POLICY
At Hoop Or Go Home, we are committed to safeguarding your personal data in accordance with the Texas Data Privacy and Security Act (TDPSA). This policy outlines our approach to data protection, detailing the rights of data subjects, as well as the obligations of both data controllers and data processors.
Our Data Protection Policy governs the collection, storage, processing, retention, transfer, and disposal of data during our regular operations. Together with our privacy policy, this document serves as a comprehensive guide to how we handle your personal information.
We strongly encourage you to read this Data Protection Policy to understand how we protect your data and your rights.
DEFINITIONS
Data
Refers to any identifiable information about an individual that is recorded and held by Hoop Or Go Home, whether in electronic or paper form, in connection with our Services or any related matters.
Data Controller
Denotes Hoop Or Go Home, a natural or legal person that determines the purposes and means of processing Personal Data, either independently or in collaboration with other data controllers.
Data Processor
Refers to any natural or legal person, agency, affiliate, partner, contractor, public authority, or other entity that processes Personal Data on behalf of Hoop Or Go Home.
Chief Compliance Officer (CCO) or Data Protection Officer (DPO)
An appointed officer responsible for overseeing internal compliance with data protection laws, advising on data protection obligations, conducting Data Protection Impact Assessments (DPIAs), and serving as the primary contact for supervisory authorities and data subjects.
Data Subject
Refers to an individual who is a user or consumer of the Services, an employee, or a contractor of Hoop Or Go Home, and is the subject of Personal Data.
Data Subject Request
A request made by a Data Subject to exercise any rights granted under applicable Data Protection Laws.
Data Protection Laws
Refers to the relevant data protection legislation, including the Texas Consumer Privacy Act (TCPA) and any other applicable laws currently in force in the jurisdiction of any user.
Hoop Or Go Home
Refers to Hoop Or Go Home, located at 400 N. Ervay St. 132940 SMB 76434, Dallas, TX 75313.
Personal Data
Any identifiable information about an individual, including but not limited to name, address, contact details, username, medical information, password, geolocation, IP address, or any other identifying information.
Processing
Any operation or activity performed in connection with Personal Data, whether electronically or manually, including but not limited to obtaining, holding, disseminating, recording, or making the data available.
Services
Refers to all services offered by Hoop Or Go Home to its users or consumers.
Special Category Data
Refers to any information concerning race, ethnicity, religious beliefs, political affiliations, sexual orientation, and biometric data.
POLICY STATEMENT
Hoop Or Go Home assumes full responsibility and accountability for compliance with applicable Data Protection Laws in Texas and beyond. We are dedicated to processing Personal Data effectively, efficiently, and promptly to fulfill our obligations.
This Data Protection Policy outlines how Hoop Or Go Home captures, uses, handles, shares, stores, and disposes of Personal Data.
Scope of the Policy
This Data Protection Policy applies to:
All Functions of Personal Data Processing: This includes activities related to the data of users, clients, customers, employees, affiliates, suppliers, and partners.
All Personnel: This includes all Hoop Or Go Home staff, employees, contractors, partners, and suppliers.
Data Practices: This encompasses data collection, processing, retention, transfer, and disposal.
Data Subject Requests: This includes all requests made by Data Subjects under applicable laws, including the Texas Consumer Privacy Act (TCPA) and any other relevant regulations.
Compliance and Accountability
Any non-compliance, breach, or violation of this Data Protection Policy may result in civil and/or criminal liability. In cases of criminal liability, we will report the matter to the appropriate authorities.
All personnel, including staff, employees, contractors, partners, and suppliers, must read, understand, and comply with this Data Protection Policy.
No individual or entity is permitted to access Personal Data without first entering into a non-disclosure agreement that imposes similar legal obligations regarding data protection as those that Hoop Or Go Home is bound to uphold.
By adhering to this policy, we aim to protect Personal Data and ensure the privacy rights of all individuals we serve.
OBJECTIVES OF POLICY
This Data Protection Policy is designed to:
Define Principles and Rights
Outline the principles and rights established under applicable Data Protection Laws, ensuring clarity and understanding.
Differentiate Data Types
Clearly distinguish between Personal Data and Sensitive Category Data to ensure proper handling and protection.
Establish Procedures and Measures
Implement appropriate procedures and safeguards to comply with all data protection requirements effectively.
Outline Data Sharing Protocols
Identify scenarios in which data must be shared with external organizations and ensure that secure procedures, protocols, and measures are in place for such sharing.
Clarify Exceptions to Data Protection Laws
Specify exceptions under applicable laws, including the Texas Consumer Privacy Act (TCPA), and establish protocols and guidelines to lawfully operate within those exceptions.
Educate Employees and Contractors
Inform employees, staff members, and contractors of their confidentiality obligations, the risks associated with data processing, storage, transfer, and disposal, and the consequences of failing to meet these obligations and manage associated risks.
By adhering to these objectives, Hoop Or Go Home aims to protect Personal Data while fostering a culture of compliance and accountability among all personnel.
RESPONSIBILITIES OF HOOP OR GO HOME
Hoop Or Go Home operates as both a data processor and data controller under applicable data protection laws, including the Texas Consumer Privacy Act (TCPA). Management is responsible for fostering sound data handling practices throughout the organization. This includes incorporating data handling responsibilities into individual job descriptions and ensuring strict adherence to these responsibilities. In addition, management will:
Promote a Culture of Data Protection: Foster an organizational culture that prioritizes data protection and privacy.
Ensure Employee Training: Provide comprehensive training to all employees on data protection principles and practices.
Approve Data Protection Principles: Endorse and promote adherence to the principles outlined in Data Protection Laws.
Maintain Communication with the Data Protection Officer: Stay in regular contact with the Data Protection Officer (DPO) to monitor compliance and request reports on the effectiveness of the data protection system.
Responsibilities of the Chief Compliance Officer
The Chief Compliance Officer (CCO) will be a qualified individual with relevant skills and experience, serving as a member of senior management. The CCO will be appointed by and accountable to the Board of Directors for overseeing the management of personal data and ensuring compliance with data protection best practices.
The CCO's responsibilities will include:
Development and Implementation: Overseeing the development and implementation of policies and practices aligned with Data Protection Laws.
Security and Risk Management: Managing security measures and risk assessments related to personal data.
The CCO will also be responsible for:
Ensuring Compliance: Monitoring and ensuring adherence to Data Protection Laws and this Data Protection Policy across all departments.
Handling Data Subject Requests: Addressing requests from Data Subjects regarding their personal data.
Providing Guidance: Serving as the primary point of contact for employees seeking clarification and guidance on data protection matters.
Responsibilities of Employees
All employees, staff members, contractors, and affiliates of Hoop Or Go Home share individual responsibility for complying with Data Protection Legislation, in addition to this Data Protection Policy. To support this compliance, Hoop Or Go Home will provide a Data Protection Training Manual for all personnel involved in processing personal data.
Employees are responsible for ensuring that they provide accurate, current, and complete information to Hoop Or Go Home. By fulfilling these responsibilities, all team members contribute to the organization's commitment to data protection and privacy.
DATA PROTECTION PRINCIPLES
As both a Data Controller and Data Processor, Hoop Or Go Home is committed to complying with the principles outlined in Article 5 of the General Data Protection Regulation (GDPR) and applicable Texas laws. These principles require that Personal Data is:
Processed Lawfully, Fairly, and Transparently
Personal Data must be handled in a manner that is lawful, fair, and transparent to Data Subjects.
Collected for Specific Purposes
Data must be collected for clear, legitimate purposes and not further processed in a manner incompatible with those purposes.
Adequate and Relevant
Data must be adequate, relevant, and limited to what is necessary for the purposes for which it is collected and processed.
Accurate and Up-to-Date
Personal Data must be accurate and kept in a current state, with reasonable steps taken to rectify or delete inaccurate data.
Retained Only as Necessary
Data must be retained only as long as is reasonably necessary to fulfill the purposes for which it was collected.
Processed Securely
Personal Data must be processed in a manner that ensures its security and protects against unauthorized access or processing.
The Data Controller is accountable for adhering to these principles in both letter and spirit.
Lawfulness and Fairness
To ensure lawfulness and fairness in processing Personal Data, Hoop Or Go Home will ensure that at least one of the following conditions is met before processing any Personal Data:
Consent: Processing is consented to or approved by the Data Subject.
Contractual Necessity: Processing is essential for fulfilling obligations arising from a contract with the Data Subject or for any preliminary matter related to such a contract.
Legal Compliance: Processing is required to comply with legal obligations.
Vital Interests: Processing is necessary to protect the vital interests of the Data Subject.
Public Interest: Processing is mandatory for a task carried out in the public interest.
Legitimate Interests: Processing is necessary for the legitimate interests of the Controller or a third party, unless overridden by the interests or rights of the Data Subject.
Special Category Data
Before processing any Special Category Data, Hoop Or Go Home will satisfy at least one of the following conditions:
Explicit Consent: Obtain the express consent of the Data Subject.
Legal Requirements: Processing is necessary for compliance with employment, contract, social protection, or social security laws.
Safeguarding Interests: Processing is essential to safeguard the interests of the Data Subject.
Public Disclosure: Processing relates to data that has been publicly disclosed by the Data Subject.
Legal Proceedings: Processing is necessary for legal proceedings.
Medical Grounds: Processing is essential for medical purposes, including preventive or occupational medicine or assessing the working capacity of the Data Subject.
Public Archive Purposes: Processing is necessary for maintaining an archive in the public interest.
Rights of Data Subjects
Rights Under the Texas Consumer Privacy Act (TCPA)
The TCPA provides Texas residents with specific consumer privacy rights, including:
Access to Personal Data: The right to request a copy of Personal Data collected in the past twelve (12) months in a usable format.
Transparency in Data Practices: The right to know about data collection practices, including categories of data collected, sources, uses, processing, and disclosures.
Deletion of Personal Data: The right to request the permanent deletion of Personal Data.
Opt-Out of Data Sales: The right to request that Hoop Or Go Home not sell their information to third parties.
Non-Discrimination: The right not to be discriminated against for exercising any rights under the TCPA.
Notification of Rights: The right to be informed of rights provided under the TCPA.
Rights Under the GDPR
Data Subjects, including employees and users, have the following rights regarding their Personal Data:
Right to Access: The right to request details about the Personal Data held and the purpose of processing. Hoop Or Go Home will respond to such requests within six weeks, barring any need for additional time to verify the identity of the Data Subject.
Right to Be Informed: The right to receive clear and accessible information about how their data will be processed before collection.
Right to Rectification: The right to correct inaccurate or incomplete Personal Data.
Right to Erasure: The right to request the permanent deletion of Personal Data.
Right to Restrict Processing: The right to request restrictions on the processing of Personal Data.
Right to Data Portability: The right to obtain and reuse Personal Data in a structured, commonly used format.
Right to Object: The right to object to direct marketing and to require explicit consent for marketing communications.
Rights Related to Automated Decision-Making: The right not to be subject to decisions based solely on automated processing, including profiling. Currently, Hoop Or Go Home does not engage in such practices.
By adhering to these principles and respecting the rights of Data Subjects, Hoop Or Go Home commits to protecting personal data and ensuring compliance with relevant data protection laws.
CONSENT
By "consent," we mean the following:
Explicit and Informed Agreement
Consent must be given explicitly, knowingly, voluntarily, and freely through a clear, specific, and informed indication. This may take the form of a statement or an affirmative action that signifies agreement to the processing of their Personal Data.
Informed Decision
The Data Subject must provide consent based on a clear understanding of the intended use and processing of their Personal Data.
Capacity to Consent
Consent must be given when the Data Subject is in a fit state of mind, without any influence from duress, deceit, or illegal inducement.
Active Communication
Consent must be obtained during active communication between the parties and cannot be implied from non-responses to queries or communications.
Right to Withdraw Consent
Data Subjects have the right to withdraw their consent at any time through a prescribed process. Hoop Or Go Home will ensure that it can demonstrate that consent has been obtained for the intended processing purposes.
Sensitive Data Considerations
For processing sensitive data, Hoop Or Go Home will obtain written consent from the Data Subject unless there is another legitimate basis for processing such data.
Hoop Or Go Home routinely obtains consent from Data Subjects through standard forms, click-wrap agreements, shrink-wrap contracts, or browsewrap agreements, selecting the method that best serves the intended purpose.
SECURITY OF DATA
All employees of Hoop Or Go Home are responsible for ensuring that any Personal Data held by the organization is kept secure and is not disclosed to or shared with any third party unless specifically authorized by Hoop Or Go Home, and only after the third party has executed a confidentiality agreement.
Security Measures
The highest security measures must be employed during the collection, storage, use, disposal, and transfer of Personal Data. Access to Personal Data is restricted to those employees who require it for processing and who are bound by a valid confidentiality agreement prior to accessing such data.
Storage Requirements
Physical Data:
Personal Data in physical form must be stored in a locked drawer or cabinet located in a secure room with controlled access limited to authorized personnel.
Digital Data:
Personal Data in digital form must be protected by strong passwords, encrypted when necessary, and stored on removable media that complies with current industry security standards.
Prevention of Unauthorized Disclosure
Hoop Or Go Home and its employees will utilize best efforts, technologies, and practices to prevent unauthorized disclosure of Personal Data to any third party during collection, storage, processing, or transfer.
Data Deletion and Disposal
Personal Data that is no longer needed must be deleted in a manner that makes it irrecoverable. Any physical records containing Personal Data must be disposed of as confidential waste to ensure complete destruction.
By adhering to these policies, Hoop Or Go Home is committed to safeguarding Personal Data and maintaining the trust of Data Subjects.
DISCLOSURE OF DATA
Hoop Or Go Home is committed to ensuring that no Personal Data is disclosed to unauthorized parties. All employees must exercise due diligence when responding to requests for Personal Data from third parties.
Disclosure Protocol
Caution in Disclosure: Employees should exercise reasonable caution when asked to disclose Personal Data and ensure that any such requests comply with this Data Protection Policy and applicable Data Protection Laws.
Authorization Requirement: No disclosure of Personal Data shall be made without obtaining specific written permission from the Chief Compliance Officer (CCO).
By adhering to these guidelines, Hoop Or Go Home reinforces its commitment to protecting Personal Data and upholding the privacy rights of Data Subjects.
RETENTION AND DISPOSAL
Hoop Or Go Home will not retain Personal Data for longer than is reasonably necessary for the purposes for which it was originally collected. However, Personal Data may be retained for extended periods if it is processed for purposes such as archiving in the public interest, or for statistical, historical, or research purposes, provided that appropriate industry-standard measures are implemented to safeguard the rights, interests, and freedoms of Data Subjects.
Retention Periods: Hoop Or Go Home will clearly specify the retention periods for each category of Personal Data in a relevant register, along with the justification for each retention period.
Data Disposal: When Personal Data is no longer needed, it must be disposed of using appropriate security measures that protect the rights and freedoms of Data Subjects. This ensures that the data cannot be recovered or misused.
By adhering to these policies, Hoop Or Go Home demonstrates its commitment to responsible data management and compliance with applicable data protection laws.
DATA TRANSFER
All transfers of Personal Data from Texas to other jurisdictions are considered unlawful unless those jurisdictions have data protection laws that provide a level of protection equivalent to that of Texas, as recognized by applicable authorities.
When transferring data to companies outside Texas, Hoop Or Go Home will ensure that the receiving organizations adhere to appropriate data protection standards.
Exceptions to the Transfer Policy
In the absence of the above conditions, Hoop Or Go Home may transfer Personal Data under the following exceptions:
Explicit Consent: The Data Subject has provided explicit consent for the proposed transfer after being informed of the associated risks.
Contractual Necessity: The transfer is necessary for the performance of a contract between the Data Controller and the Data Subject, or for any matter preliminary to a proposed contract.
Third-Party Contracts: The transfer is required for the performance or conclusion of a contract executed in the interest of the Data Subject between Hoop Or Go Home and a third party.
Public Interest: The transfer is necessary for reasons of public interest.
Legal Claims: The transfer is required to pursue or defend legal claims.
Protection of Interests: The transfer is necessary to protect the vital interests of the Data Subject.
DATA INVENTORY
Hoop Or Go Home has established a comprehensive data inventory and data flow procedure in compliance with applicable Data Protection Laws. This procedure encompasses the following key elements:
Processing Activities
An overview of how Hoop Or Go Home processes Personal Data.
Source and Origin
Identification of the sources and origins of the Personal Data collected.
Details of Data Subjects
A description of the categories of Data Subjects whose Personal Data is processed.
Description of Personal Data
A detailed account of the types of Personal Data being processed.
Data Inventory Maintenance
Ongoing maintenance of the data inventory to ensure accuracy and completeness.
Processing Activities Documentation
Documentation of all processing activities involving Personal Data.
Reference Documents
A list of documents that reference how Personal Data is utilized.
Potential and Actual Recipients
Identification of potential and actual recipients of Personal Data.
Roles of Data Controller and Processor
Clarification of the roles of the Data Controller and Data Processor throughout the data flow process.
Systems and Repositories
Specification of the systems and repositories used to store and process Personal Data.
Data Transfers
Detailed information about data transfers, including transferees and the purposes of those transfers.
Retention and Disposal
Guidelines regarding the retention and disposal of Personal Data.
By implementing this data inventory and flow procedure, Hoop Or Go Home ensures accountability and transparency in its handling of Personal Data, in compliance with Texas data protection laws.
DATA PROTECTION IMPACT ASSESSMENT
Hoop Or Go Home is committed to recognizing and addressing the vulnerabilities associated with Personal Data and the risks that may affect Data Subjects. To ensure compliance with Texas data protection laws, the organization undertakes the following measures:
Risk Assessment
Risk Evaluation: Hoop Or Go Home assesses the nature and intensity of any risks to Data Subjects throughout its data processing operations.
Data Protection Impact Assessments (DPIAs): The organization conducts DPIAs for its own processing activities and for any third-party contractors processing Personal Data on its behalf. These assessments help identify and mitigate potential risks.
Management of Identified Risks: Hoop Or Go Home is dedicated to managing any risks identified in DPIAs to prevent non-compliance with this Data Protection Policy.
New Technologies and Techniques
When new technologies, media, or techniques are employed that may increase risks to the rights and freedoms of Data Subjects, Hoop Or Go Home will conduct a DPIA to evaluate potential risks associated with these processing operations.
Escalation and Decision-Making
If a DPIA indicates that the intended processing poses a high risk of harm or distress to Data Subjects, the matter will be escalated to the Board of Directors. The Board will then determine whether to proceed with the processing operation and will select appropriate controls to minimize potential risks to Data Subjects.
By implementing these practices, Hoop Or Go Home aims to safeguard Personal Data and uphold the rights of Data Subjects while ensuring compliance with applicable data protection laws.
COMPLAINTS
In the event of non-compliance with applicable Data Protection Laws, Data Subjects have the right to lodge a complaint regarding such violations. The appropriate channels for complaints are as follows:
For GDPR Violations: Data Subjects may file a complaint with the Information Commissioner’s Office (ICO) in the relevant EU member state.
For CCPA Violations: Complaints can be submitted to the Attorney General of Texas.
For Violations of Privacy Shield Principles: Data Subjects may contact the U.S. Department of Commerce to report any breaches of Privacy Shield principles.
Hoop Or Go Home encourages Data Subjects to utilize these channels to ensure their rights are protected and to seek resolution for any concerns regarding the handling of their Personal Data.
CONTACT DATA PROTECTION OFFICER
In case of notices, requests or queries as provided in this policy, please feel free to contact:
Name: Travis Earnest
Phone: 469.954.0549
Email: Privacy@HoopOrGoHome.com
Last Updated 11/28/2024
© 2024 Hoop or Go Home. All Rights Reserved.
