Privacy Policy

 

The EDGE10 Privacy Policy applies to all products and services provided by EDGE10 and it’s international divisions.

 

Here at EDGE10 we understand that in the modern sports performance management, the privacy and security of our client’s data is paramount. This privacy policy explains in user-friendly language what data we hold, why we hold it, and what we do with it.
In addition to this EDGE10 enforces rigorous controls regarding all data we hold, and we carry out regular audits of our information security policies and procedures using third party auditors to ensure we are applying industry standard best practice.
The EDGE10 privacy policy is published in conjunction with the EDGE10 Security Statement.

What Information do we hold?

For Athletes and Staff of EDGE10 client organisations

In our capacity as data processors to our clients we hold personal identifiable data in the form of contact details e.g. names, addresses, phone numbers, and email address, for client staff directly linked to the day to day operation of the EDGE10 application and the contract between EDGE10 and the client organisation.

We also collect usage data and audit trails for all access to EDGE10 application in order to provide support services, improve the application and better gauge the areas our clients find most useful.

For non-clients

We hold basic contact information for past clients, individuals that have previously shown an interest in the application, individuals who have approached EDGE10, and those who have previously been in contact with us. This information consists of, names, addresses, phone numbers, and email address.

 

How is this data used?

The Contact Information we hold is used primarily to advise client staff regarding service announcements and disruptions, as well as to inform clients of new features, upcoming changes, and other news relevant to EDGE10 and its clients. We also use contact information to stay in touch with interested parties regarding developments in the area of sports science, to update them on improvements made to the EDGE10 application and to engage with relevant individuals and organisations who may benefit from a market leading sports data management system.

Usage Data is used to provide support services, help track engagement, develop the application and better serve our clients.

 

What Information do we share?

Simply put, nothing. Given the nature of Pro sport we understand that privacy is important for our clients and so EDGE10 does not share Personal Identifiable Information with other organisations except where there has been a specific agreement put in place with the individual or organisation for that purpose.

 

How is your data secured?

Please see our EDGE10 Security Statement document which can be found below.

 

How long will you hold my data?

We will hold your data for the duration of your organisations contract with EDGE10. Holding this data is a requirement for us to provide an individual with support and consultation services while part of an EDGE10 client organisation. Once a contract has been concluded or an individual no longer uses EDGE10, we retain all contact information in order to update interested parties on developments in the area of sports science, to update them of improvements made to the EDGE10 application and in order to reengage with individuals at a later date.

Once an individual has ceased being a client of EDGE10 or one of it’s international divisions, they can request the removal of their information from our database by emailing us at Support@EDGE10.com

 

How do you exercise your rights under the GDPR?

Under the terms of the GDPR all individuals whose data EDGE10 holds have the following rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object

To exercise any of these rights please contact us at Support@EDGE10.com and we will be happy to assist.

Security Statement

The EDGE10 security statement applies to all products and services provided by EDGE10 and it’s international divisions.

 

Information Security Strategy Overview:

  • EDGE10 is ISO-27001:2013 certified
  • Use of modern SOC 2 Type 2 audited data centres which are also certified or follow ISO 27001 policies, and meet the Uptime Institute’s Tier IV datacentre standards
  • Adherence to security best practices for code development, testing, and operations
  • Regular external review of the policies and procedures for Information Security
  • Regular vulnerability and penetration testing carried out by accredited third parties
  • Secure by design development process.

The following sections of this document cover the key areas of Information Security and Privacy Policy in detail, including: System Security, Operational Security, Physical Security, and Application and Data Security.

 

System Security

Application Security

  • Individual, configurable user accounts for all users
  • Fully configurable access permissions for all data types:
    • Role based access permissions
    • Athlete specific groups
    • Group based permissions
  • Client customisable security rules, password complexity, account lock out, etc.

Infrastructure Security

  • Separate data and application environments for each client.
  • All sensitive personal information stored on client machines is encrypted.
  • Customer data is fully encrypted during transit.
  • Use of hashed Passwords throughout all EDGE10 Environments
  • Access to production environments restricted to authorised personnel.

 

Operational Security

EDGE10 along with our data centre providers follow strict operational security provisions.

Data Centre Operational Security:

  • Policies and procedures that are SOC 2 Type 2 audited and ISO-27001:2013 certified.
  • Access to confidential information is restricted to authorized personnel only, in accordance with documented processes.
  • All employees are trained on documented information security and privacy procedures.
  • Thorough background security checks are conducted for all data centre personnel.
  • Systems access is logged and tracked for auditing purposes.
  • Secure document destruction policies and procedures are followed.
  • Change management procedures are fully documented.
  • Tested Disaster Recovery and Business Continuity plans are regularly reviewed and audited

Corporate Operational Security:

EDGE10 has fully documented policies and procedures that are reviewed on a regular basis.

  • All employees are trained and tested upon joining EDGE10 and then perform annual training on all documented information security and privacy procedures. Regular updates are provided via email and face to face training.
  • Access to the production environments is limited to authorised personnel only, accessed is via secure connections.
  • Access to customer data is limited to authorised personnel only, according to documented processes.
  • Tested Disaster Recovery and Business Continuity plans that are regularly reviewed and audited.

 

Physical Security

Data Centre Physical Security

EDGE10 only uses leading hosting providers in the form of Microsoft Azure and Amazon AWS for its data centres.

These data centres have the following physical safeguards:

  • Data centre staffed 24 hours a day, 7 days a week.
  • For Microsoft Azure data centres, access is limited to Microsoft technicians only.
  • At Amazon, data centre access is limited to Amazon data centre technicians only.
  • Entry to the data centres are regulated by photographic identification, biometric scans, and secured shipping/receiving areas isolated from data centre floor.
  • Interior and external security camera surveillance monitoring, with the video stored for review.
  • Unmarked facilities to maintain a low profile.
  • Physical security audits by third parties.

Full information about data centre operations, security policies, and procedures are available at:

Microsoft Azure: https://www.microsoft.com/en-us/TrustCenter/Security

Amazon AWS: https://aws.amazon.com/security/

EDGE10 Facility Physical Security

  • Data centre staffed 24 hours a day, 7 days a week.
  • For Microsoft Azure data centres, access is limited to Microsoft technicians only.
  • At Amazon, data centre access is limited to Amazon data centre technicians only.
  • Entry to the data centres are regulated by photographic identification, biometric scans, and secured shipping/receiving areas isolated from data centre floor.
  • Interior and external security camera surveillance monitoring, with the video stored for review.
  • Unmarked facilities to maintain a low profile.