GOAT Draft Fantasy Sports LLC is committed to protecting the confidentiality and integrity of your personal information.
Compliance with this Policy is mandatory.
GOAT Draft Fantasy Sports LLC ("Company") has adopted this Personal Information Protection Policy ("Policy") to govern the treatment of our customers' and employees' Personal Information. The loss of Personal Information can result in substantial harm to individuals, including embarrassment, inconvenience, and fraudulent use of the information. Protecting the confidentiality and integrity of Personal Information is a critical responsibility that must be taken seriously at all times.
The purpose of this Policy is to:
This Policy applies to all Company employees, agents, and representatives, including any contractor or third-party provider of services to the Company ("Third-Party Service Provider") who have access to Personal Information the Company has collected or otherwise has in its possession. This Policy applies to all Personal Information collected, maintained, transmitted, stored, retained, or otherwise used by the Company regardless of the media on which that information is stored and whether relating to employees, customers, or any other person.
"Personal Information" means information the Company has collected or otherwise maintains or has in its possession that identifies or can be used to identify or authenticate an individual, including, but not limited to:
For employees, Personal Information only includes information that is kept in secure files that are not generally accessible to employees on a company-wide basis.
"Data Subject" means the person about whom Personal Information is collected.
"Sensitive Personal Information" means Personal Information that if lost, compromised, accessed, or improperly disclosed could result in harm, embarrassment, inconvenience, or unfairness to an individual and that therefore is subject to heightened protections.
Examples of Sensitive Personal Information include, but are not limited to:
If you have any questions about whether any Personal Information qualifies as Sensitive Personal Information, you should contact your supervisor.
"Security Incident" means any act or omission that compromises the security, confidentiality, or integrity of Personal Information or the physical, technical, administrative, or organizational safeguards the Company or a Third-Party Service Provider has put in place to protect Personal Information. The loss of or unauthorized access to, disclosure, or acquisition of Personal Information is a security incident.
It is Company policy that whenever it collects Personal Information for any purpose, including for human resources or employment purposes, it must inform the Data Subject of how it will use, process, disclose, protect, and retain that Personal Information by presenting a privacy policy or privacy notice to the individual at the time the individual provides the Personal Information. For example, Company presents the end user privacy policy to users and obtains consent when users sign up for a GOAT Draft account.
You may only collect Personal Information in compliance with applicable Company policies, notices, and Data Subject consent, and the Personal Information collected must be limited to that which is reasonably necessary to accomplish the Company's legitimate business purposes or as necessary to comply with law.
You may only access Personal Information when the information relates to and is necessary to perform your job duties. You may not access Personal Information for any reason unrelated to your job duties. You may not use Personal Information in a way that is incompatible with the notice given to the Data Subject at the time the information was collected. If you are unsure about whether a specific use or disclosure is appropriate, you should consult with your supervisor. You may only share Personal Information with another Company employee, agent, or representative if the recipient has a job-related need to know the information.
Personal Information may only be shared with a Third-Party Service Provider if it has a need to know the information for the purpose of providing the contracted services and if sharing the Personal Information complies with the privacy notice provided to the Data Subject. You may not share Personal Information with a Third-Party Service Provider without an agreement that requires privacy practices greater than or equivalent to Company privacy practices.
You must collect, maintain, and use Personal Information that is accurate, complete, and relevant to the purposes for which it was collected.
You are responsible for protecting Personal Information. You must exercise particular care in protecting Sensitive Personal Information from loss, unauthorized access, and unauthorized disclosure.
Individuals have rights when it comes to how their Personal Information is handled. These rights may vary depending on the applicable jurisdiction, but may include for example:
You must comply with applicable laws regarding the rights of Data Subjects. If you are unsure of the applicable legal requirements, or if you receive a request or complaint from a Data Subject regarding the handling of his or her Personal Information, please review our end user privacy policy or contact your supervisor.
You should keep Personal Information only for the amount of time it is needed to fulfill the legitimate business purpose for which it was collected or to satisfy a legal requirement.
All Company personnel who have access to Personal Information must be educated on this Policy and the treatment of Personal Information. In addition, whenever Personal Information is entrusted to a Third-Party Service Provider, proper management and supervision over the outside party's handling of that Personal Information must be ensured through appropriate contracts.
If you know or suspect that a Security Incident has occurred, do not attempt to investigate the matter yourself. Immediately contact the Information Security Coordinator. You should preserve all evidence relating to the potential Security Incident.
The Operations department is responsible for administering and overseeing implementation of this Policy and, as applicable, developing related operating procedures, processes, policies, notices, and guidelines. If you are concerned that any provision of this Policy, or any related policy, operating procedure, process, or guideline designed to protect Personal Information, has been or is being violated, please contact the Information Security Coordinator. The Company will conduct periodic reviews and audits to assess compliance with this Policy. Employees who violate this Policy and any related guidelines, operating procedures, or processes designed to protect Personal Information and implement this Policy may be subject to discipline.
Other Company policies also apply to the collection, use, storage, protection, and handling of Personal Information and may be relevant to implementing this Policy. You should familiarize yourself with these policies, including the end user privacy policy.
This Policy is not intended to restrict communications or actions protected or required by state or federal law.
This Policy may be revised from time to time. This Policy was last revised on [DATE].