Data Protection Policy

GDPR & CCPA compliance

In compliance with the General Data Protection Regulations of the EU (GDPR) and the California Consumer Privacy Act (CCPA), IMLeagues sets out its policy defining the data protection approach of IMLeagues, rights of data subjects, obligations of data controller and data processor, and governing the data collection, storage, processing, retention, transfer and disposal during the ordinary operation in IMLeagues. This policy, along with the Privacy Policy, constitutes our Data Protection Policy.

Definitions

Data. Any identifiable information of a person recorded and held by IMLeagues, either in electronic or paper form, in connection with Services or any ancillary matter.

Data Controller. A natural or legal person, IMLeagues, which, alone or jointly with other data controller, determines the purposes and means of the processing of Personal Data.

Data Processor. A natural or legal person, agency, affiliate, partner, contractor, public authority, or any other body that processes personal data on behalf of IMLeagues.

Chief Compliance Officer / Data Protection Officer. An officer appointed and assigned by IMLeagues to monitor internal compliance, advise and inform on data protection obligations, provide advice in connection with Data Protection Impact Assessments (DPIAs), and act as a contact person for the supervisory authority and data subjects.

Data Subject. An individual who is a user or consumer of the Services, employee, or contractor of IMLeagues and is the subject of the data and/or Personal Data.

Data Subject Request. A request made by a Data Subject in exercise of any rights provided under Data Protection Laws.

Data Protection Laws. Applicable data protection legislation including the California Consumer Privacy Act (CCPA), General Data Protection Regulation 2016/679 of EU (GDPR), and any laws currently in force in the local jurisdiction of any user.

IMLeagues. IMLeagues LLC, 1728 Talbot Ridge St, Wake Forest, NC 27587.

Personal Data. Any identifiable information of an individual including, without limitation, name, address, contact details, username, medical details, password, geolocation, IP address or any other information.

Processing. Any operation or activity performed in connection with personal data, electronically or manually, including obtaining, holding, disseminating, recording, or making available the data.

Services. All services offered by IMLeagues to its users or consumers.

Special Category Data. Any information relating to race, origin, religious belief, political affiliations, association, sexual orientation, and biometric data.

Policy Statement

  • IMLeagues assumes overall responsibility and accountability for compliance with the applicable Data Protection Laws.
  • IMLeagues is committed to process Personal Data in an effective, efficient and timely manner.
  • This Data Protection Policy defines the way IMLeagues captures, uses, handles, shares, stores and disposes of the data.
  • This policy applies to all functions of Personal Data processing (users, clients, employees, affiliates, suppliers, partners), to all IMLeagues staff, employees, contractors, partners and suppliers, and to all Data Subject requests made under the GDPR, CCPA and any other applicable laws.
  • Any non-compliance, breach or violation of this policy may expose the responsible party to civil or criminal liability.
  • IMLeagues staff, employees, contractors, partners and suppliers or any parties who may have access to the personal data must have read, understood and comply with this policy.
  • No party is allowed to access the personal data without first entering into a non-disclosure agreement imposing similar legal obligation on the third party.

Data Protection Principles

Being Data Controller and Data Processor, IMLeagues complies with GDPR principles provided in Article 5 of the GDPR. Personal data must be:

  • Processed lawfully, fairly and in a transparent manner in relation to Data Subjects.
  • Collected for specific, explicit, and legitimate purposes.
  • Adequate, relevant and limited to what is necessary in connection with the purposes for which the data is collected and processed.
  • Accurate and kept in an updated form.
  • Retained only as long as it is reasonably necessary.
  • Processed in a way that warrants adequate security of the personal data.

Lawfulness and Fairness

To ensure lawfulness and fairness while processing Personal Data, IMLeagues will ensure that at least one of the following conditions is met before processing any Personal Data:

  • Processing is consented to or approved by the Data Subject.
  • Processing is essential for the performance of an obligation arising from a contract with the Data Subject.
  • Processing is required for performance of any obligation imposed by applicable laws.
  • Processing is primarily required to protect the Data Subject's vital interests.
  • Processing is mandatory for an obligation performed in the public interest.
  • Processing is required for the purposes of the Controller's legitimate interests or of a third party, unless the Controller's interests are outweighed by those of the Data Subject.

Rights of a Data Subject under CCPA

The CCPA defines consumer privacy rights for the residents of the State of California. Data Subjects have the right to:

  • Request a copy of specified Personal Data collected during the last twelve (12) months in a usable format.
  • Know IMLeagues' data collection practices in connection with the categories of Personal Data, the source and origin of the information, use and processing of the Data, and disclosure of Personal Data.
  • Have Personal Data permanently deleted.
  • Know data sale practices of IMLeagues.
  • Request IMLeagues not to sell their information to any third parties.
  • Not be discriminated against for opting out or exercising any right provided under the CCPA.
  • Be notified of their rights provided by the CCPA.

Rights of a Data Subject under GDPR

The GDPR provides the following rights to EU residents. Data Subjects have the right to:

  • Be informed about how their Personal Data is collected and used.
  • Access their Personal Data held by IMLeagues.
  • Have inaccurate Personal Data rectified.
  • Request erasure of Personal Data ("right to be forgotten").
  • Restrict processing of their Personal Data.
  • Data portability — receive their Personal Data in a structured, machine-readable format.
  • Object to the processing of their Personal Data.
  • Not be subject to a decision based solely on automated processing.

Exercising Your Rights

To exercise any of the rights described above, contact our Data Protection Officer at privacy@imleagues.com. We will respond to your request within the timeframes required by applicable law (generally 30 days under GDPR, 45 days under CCPA).

Data Breach Notification

In the event of a personal data breach likely to result in a risk to the rights and freedoms of Data Subjects, IMLeagues will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by the GDPR. Where the breach is likely to result in a high risk, IMLeagues will also notify affected Data Subjects without undue delay.

Contact

For questions regarding this Data Protection Policy or to exercise your rights under the GDPR or CCPA, please contact:
IMLeagues LLC
1728 Talbot Ridge St, Wake Forest, NC 27587
privacy@imleagues.com