Effective Date: January 26, 2021
Archived Policy: https://tocafootball.com/privacy-policy-081618
1. Scope of this Policy
TOCA develops products that are intended to allow individuals to improve their soccer skills and develop precision through the application of various proprietary training techniques. We also provide training facilities for individuals to advance their skills. Most importantly, we are a member of the worldwide soccer community. This policy applies to the personal information we collect from individuals online and through our facilities. Our company is based in the United States and your data is processed in the U.S.
2. What Personal Information Do We Collect?
Information You Provide to Us
You may choose to share information with us when you interact with our Website, become a customer of ours, interact with us as a customer or send communications to us whether through email, phone or text. When doing so, we may collect the following:
- Your name, phone number, email address, company email address, company name, job title, and messages you send us (which are associated with your contact information).
- When you use our services as part of your training sessions, we will collect information about your sessions, such as the number and names of players, the time and date of the session, the number and type of exercises, and the number and type of touches.
- If you email us at one of the email addresses posted on our Website, we may collect and retain personal information contained within your email communications.
- If you make a purchase, we or our service providers may collect credit card numbers and other payment or billing information.
- When you create an account, we collect passwords, security questions, and other identifiers.
- If you participate in a contest, sweepstakes, or promotion, we may collect personal information related to that event.
- If you apply to become a licensee of our products or services, we may collect your business information including contact information like an email address and phone number.
- You may provide us with demographic information such as your age and gender.
- Your contact and marketing preferences.
There may be some circumstances where we collect personal information from you in-person. For example, if we meet you at a conference, vendor exhibition, privacy event, or similar business events, we may collect your contact information to follow up with you about our products and services.
Information We Collect Automatically
Unless you have opted-out or have otherwise refused to provide consent, the following is data that we collect automatically:
- Log Data: We log information about your use of our Website, including the type of browser you use, access times, pages viewed, your IP address, internet service provider, and the page you visited before navigating to the Services.
- Browser Data: This is technical information about the browser you are using that is captured in order to properly format our Website for your browser.
- Device Data: This is technical information about the device you use to access our Website such as your device’s IP address and operating system. If you are using a mobile device, your device type, and mobile device’s unique advertising identifier (such as the Apple IDFA or Android Advertising ID) and any other unique identifier that may be assigned to the mobile device.
- Location Data: This is non-precise information related to your general location derived from your device’s IP address. This does not reveal your precise location (i.e. your GPS latitude and longitude).
- Website Activity Data: This is data about your browsing activity on our Website. For example, which pages you visited and when, how much time was spent on a page, what items were clicked on a page, whether you downloaded a document.
Information We Collect from Others
We sometimes collect personal information from third parties who help us with our business and commercial needs. This may include the following:
- Other Users: If another user refers you to Us, we will collect your personal information from that user.
- Affiliates: We collect and share personal information among the entities or operating groups affiliated with TOCA. We share information as a normal part of conducting business and offering products and services to our customers.
- Service Providers and Suppliers: We may receive contact information or other personal information from our vendors or agents working on our behalf for the purposes described in this Policy.
- Business Partners: We receive personal information from other companies with which we work together to offer services to our customers, or to reach potential customers with our marketing messages. This includes our advertising and analytics providers and our partners with which we offer co-branded services or engage in joint marketing activities.
- Social Media Platforms: If you connect with us or one of our representatives on social media, we may collect your personal information that is publicly available or that you have made publicly available and any information the platform makes available.
- Marketing Providers: We may gather your personal information from advertising services who provide us with marketing lists based on user interests.
- Legal Authority: Including law enforcement agencies, courts, regulatory agencies, and data protection authorities.
- Parties to Corporate Transactions: We may receive personal information as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or at transfer, divestiture, or sale of all or a portion of business or assets.
- Identity Verification Services/Background Checks: We may receive personal information from identity verification services if you apply to become a licensee. We may perform a background check in certain instances.
3. How Do We Use the Personal Information We Collect?
As part of operating our business, we undertake a multitude of operations which require the processing of personal information. We collect, combine, and analyze the personal information we collect to:
- fulfill your requests for information;
- to administer our Website and other online content;
- to help ensure that our facilities and premises are safe and secure;
- facilitating purchase transactions for products and services;
- providing top-level customer support;
- engaging in quality control in order to improve our offerings to you;
- conduct marketing and promotions;
- engage in content based or interest-based advertising,
- ensuring the safety and security of our employees and visitors to our online properties;
- to prevent, detect, and investigate fraud, cyber incidents, or illegal activity;
- communicating with you and others in relation to your use of our services, including providing policy updates;
- administering our record-keeping for legal, tax, and operational purposes;
- exploring new and unique ways to provide products and services;
Our commercial purposes are to advance our commercial interests and this includes advertising and marketing. We keep your personal information in identifiable form for as long as is reasonably necessary to fulfil the purposes for which we collected it and to comply with our legal obligations. This generally means holding your personal information for as long as one of the following apply:
- your personal information is reasonably required in order to provide you the services you have requested;
- your personal information is reasonably required in order to protect and defend our rights or property (this will generally be the length of the relevant legal limitation period); or
- we are otherwise required to keep your personal information by applicable laws or regulations.
Data Aggregation and De-Identification
We, or third parties we permit, may aggregate and de-identify data collected so that it can either no longer be directly associated with a natural person or cannot be associated with a natural person at all. We may then use such data for its business purposes including the provision interest-based advertising and reporting. We may share aggregated and de-identified data with our affiliates and third parties, including with our advertising partners.
4. Sharing of Your Personal Information.
We may disclose information about you:
- With Our Service Providers: We contract with companies who provide services to us to support our business operations including advertising networks, data analytics providers, operating systems and platforms, government entities, social networks, as well as billing, collections, tech, customer and operational support providers;
- Authorized Disclosures: We share your personal information with companies or other organizations where you have asked us to or agreed that we may share your personal information with them;
- Our Sales Partners: Our sales partners may receive information in order to facilitate a sales transaction (we consider this a business-to-business transaction);
- Our Professional Advisors;
- Legal Authorities: Any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues; or
- Successors: Any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this Policy.
We may also disclose personal information in the following circumstances: (1) to comply with an applicable federal, state, or local law; (2) to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (3) to cooperate with law enforcement agencies concerning conduct or activity that web reasonably and in good faith believes may violate federal, state, or local law; (4) to exercise and defend legal claims; (5) when such disclosure is necessary to protect the rights and freedoms of other individuals; (6) as part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of our business; and (7) in any other manner permitted by law, including engaging in protected speech.
Links to web sites that are not operated by or for us (“Third-Party Sites”) are provided solely as a convenience to you. If you use these links, you will leave our website. This Policy does not apply to Third-Party Sites. We have not reviewed the Third-Party sites, do not control and are not responsible for any of their content or their privacy policies, if any. We do not endorse or make any representations about them, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the Third-Party Sites listed on or linked to from our website, you should understand that you do so at your own risk.
If you want to limit the data that we or others collect about you through this Website and want us to not target ads that are based on your interests to your browsers or devices, you may opt out from tracking and tailored advertising at any time through one of the ways described below. If you opt out, you will still see ads, but those ads are less likely to have anything to do with products or services that you may care about. With tailored advertising, you receive ads and offers that are more likely to be useful to you. Please note, if you use multiple browsers or devices, you must opt out from each browser and device individually.
- Use Browser Setting to Block Cookies: You can use your web browser to directly block all cookies, or just third-party cookies, through your browser settings. Using your browser settings to block all cookies, including strictly necessary ones, may interfere with proper site operation. Guidance on how to control cookies in popular browsers is contained here:
- Microsoft Internet Explorer
- MacOS Safari
- Mozilla Firefox
- Google Chrome
- Adobe (Flash Cookies)
- Using Advertising Industry Tools:You can opt out of interest-based targeting provided by participating ad servers through the following:
- Network Advertising Initiative
- Digital Advertising Alliance
- Digital Advertising Alliance of Canada
- European Interactive Digital Advertising Alliance
- Google allows users to opt out of tracking by Google Analytics and Google Analytics Demographics and Interest Reporting services. You can adjust your setting here, or download the Google Analytics Opt-Out Browser Add-on.
- You can opt-out of device level data collection via Trade Desk by going to: https://www.adsrvr.org/
- Mobile Device Opt-Out: To opt-out of receiving interest-based ads that are based on your behavior across different mobile applications, please follow instructions for iOS and Android devices. For iOS 7 or Higher: Go to your Settings > Select Privacy > Select Advertising > Enable the “Limit Ad Tracking” setting. For Android devices with OS 2.2 or higher and Google Play Services version 4.0 or higher: Open your Google Settings app > Select Ads > Enable “Opt out of interest-based advertising”.
We are committed to protecting the security of any personal information you provide. We implement appropriate technical and organizational measures to safeguard personal data in our possession against being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. No transmission of data over the Internet, however, is guaranteed to be completely secure. While we strive to protect your personal data, we cannot ensure or warrant the security of any data you transmit to us or that we collect about you. We have procedures in place to address any suspected personal data breach and we will notify you of any such breach, as may be required by applicable law.
7. Children’s Privacy
We are committed to complying with the Children’s Online Privacy Protection Act (COPPA) and the California Consumer Privacy Act. Our website and services are not directed to children under the age of 16. We do not knowingly collect personal information from children under the age of 16. If we receive personal information that we discover was provided by a child under the age of 16, we will promptly destroy such information. Parents are encouraged supervise their children’s online activities and consider the use of other means to provide a child-friendly online environment. Additional information is available on the Direct Marketing Association’s home page at http://www.the-dma.org. If you would like to learn more about COPPA, visit the Federal Trade Commission home page at http://www.ftc.gov.
8. California Residents
Please review the “California Privacy Rights Notice” attachment, below, which is incorporated as part of this Policy for California residents only.
9. EU Data Subject: Our Legal Basis and Your Rights
We provide the representations and information in this section in compliance with European privacy laws, in particular the European General Data Protection Regulation (GDPR). If you are a visitor from the European Territories (including the European Economic Area, Switzerland, and the United Kingdom), our legal basis for collecting and using the personal data described above will depend on the personal information concerned and the specific context in which we collect it.
We will normally collect personal data from you where the processing is in our legitimate interests. In some cases we may collect, and process personal data based on consent.
EU data subjects have certain rights with respect to your personal data that we collect and process. We respond to all requests we receive from individuals in the EEA wishing to exercise their data protection rights in accordance with applicable data protection laws.
- Access, Correction or Deletion. You may request access to, correction of, or deletion of your personal data. You can often go directly into the Service under Account Settings to take these actions.
Please note that even if you request for your personal data to be deleted, certain aspects may be retained for us to: meet our legal or regulatory compliance (e.g. maintaining records of transactions you have made with us); exercise, establish or defend legal claims; and to protect against fraudulent or abusive activity on our Service.
- Objection. You may object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes and may do so using the options provided in this Policy. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Restriction. You have the right to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Portability. You have the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw Consent. If we have collected and processed your personal data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
- File a complaint. You have the right to file a complaint with a supervisory authority about our collection and processing of your personal data. To file a request or act on one of your rights, please contact us at the contact details provided below. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
To submit a request regarding your European Privacy Rights, please send your request to Privacy@tocafootball.com . We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
U.S. – EU PRIVACY SHIELD AND U.S. – SWISS PRIVACY SHIELD
In compliance with the Privacy Shield Principles, TOCA commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact TOCA at firstname.lastname@example.org.
TOCA has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS at https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Under certain conditions, you may be able to invoke binding arbitration to resolve your complaint. TOCA is subject to the investigatory and enforcement powers of the Federal Trade Commission.
If TOCA shares personal data transferred to the U.S. under the Privacy Shield with a third-party service provider that processes such data on TOCA’s behalf, then TOCA will be liable for that third party’s processing in violation of the U.S. Privacy Shield Principles, unless TOCA can prove that it is not responsible for the event giving rise to the damage.
10. Agreement and Changes
11. Contact Us
If you have any questions, please contact us by any of the following means:
Mail: TOCA Privacy, 2777 Bristol Street, Suite D. Costa Mesa, CA 92626
California Privacy Rights Notice
What is the CCPA?
The CCPA is a California law that provides California residents certain rights to their personal information. You can read the CCPA here:
California residents, called “consumers” in the CCPA, have the following rights:
- The right to request that we disclose certain information to you about our collection and use of personal information over the past 12 months.
- The right to request that we delete any of your personal information that we collect from you and retained, subject to certain exceptions.
- The right to opt-out of the sale of personal information by us.
- The right not to receive discriminatory treatment by us for exercising the privacy rights conferred by the CCPA.
We will explain more about how to exercise these rights below.
When we talk about “personal information” under the CCPA, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to, directly or indirectly, a consumer or household. Personal information does not include publicly available information or information that is deidentified or aggregate consumer information. The CCPA does not apply to personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994. It also doesn’t apply to health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.
Information We Have Collected About Consumers in the Preceding 12 Months
The following chart sets out the CCPA categories of personal information we have collected from consumers within the last twelve (12) months
|Identifiers||Name, IP address, email address, cookie string data, pseudonymous data (e.g. hashed emails), operating system, device type, mobile device’s identifier, and other unique identifier that may be assigned to any device by third parties and cross-referenced to recognize a device.||Consumer, advertising networks, internet service providers, data analytics providers, operating systems and platforms, social networks, business operation service providers.||Yes.|
|Personal information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))||Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information||Consumers, business operation service providers.||Yes *Most information collected is business information.|
|Protected classification characteristics under California or federal law||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||Consumer, data analytics providers, social networks, business operation service providers.||Yes.|
|Commercial information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Consumer, data analytics providers, operating systems and platforms, business operation service providers.||Yes.|
|Biometric information||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||No.|
|Internet or another similar network activity||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||Consumer, advertising networks, internet service providers, data analytics providers, operating systems and platforms, business operation service providers.||Yes|
|Sensory data||Audio, electronic, visual, thermal, olfactory, or similar information.||No.|
|Professional or employment-related information||Current or past job history or performance evaluations.||Consumer, social networks.||Yes.|
|Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R Part 99))||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||No.|
|Inferences drawn from other personal information||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Third party data providers.||Yes.|
The Purposes for Which Personal Information is Collected
We may collect the personal information we collect for one or more of the following business purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
- To provide, support, personalize, and develop our Website, products, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of TOCA’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by TOCA about our Website users is among the assets transferred.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose or commercial purpose (as set out above). This includes:
- California Customer Records personal information categories.
- Protected classification characteristics under California or federal law.
- Commercial information.
- Internet or similar network activity.
- Professional or employment-related information.
- Inferences drawn from other personal information.
Sale of Your Personal Information.
The CCPA defines a “sale” of personal information as the disclosure, sharing, or making available of a consumer’s personal information by a business to another business or third party for monetary or other valuable consideration. It is not a sale if a consumer uses or directs the business to intentionally disclose personal information or uses the business to intentionally interact with a third party.
You have the right to instruct us to stop the kind of sharing that the CCPA treats as “sales” and not to engage in that kind of sharing in the future, unless you choose to allow it. Please be aware there may be circumstances where we can share information with others even if you instruct us to stop “selling” your personal information, as permitted under the CCPA. For example, we may still be able to share information with our service providers so that they can provide services to us. In addition, your instruction to stop “selling” your personal information will not affect sharing that occurred before you gave us the instruction.
TOCA does not monetize your personal information; We share certain information about your device and interaction with our Website to enhance your experience with us and to engage in the legitimate business purpose of advertising and marketing. We do not “sell” the personal information of known minors under 16 years of age. The Your Choices and Opting Out of Interest-Based Advertising and Analytics section of our Policy describes how you can opt-out of sharing of your data for advertising and analytics purposes.
You may opt-out of the sale of your personal information by sending us a request by email at Privacy@tocafootball.com. Please include your name, email address and a telephone number at which you can be reached regarding your request. We will respond to all verifiable requests as required by the CCPA. You also have the option to designate an authorized agent to make a request on your behalf. In order to protect your privacy, we may require proof of this authorization before proceeding with the request.
Exercising Your California Privacy Rights
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. Agents must submit proof that they have been authorized by the consumer to act on their behalf. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We verify requests by sending a confirmation email to the requestor and by matching the identifying information provided by the consumer to the personal information already maintained by us. We cannot respond to your request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request; and (ii) confirm the personal information relates to you. If we are unable to verify the identify of a consumer to a enough degree of certainty, we will deny the request and explain the reason for the denial.
Exercising Access, Data Portability, and Deletion Rights
You may only make a verifiable request for access or data portability twice within a 12-month period. To exercise the access, data portability, and deletion rights described above, please submit a request to us using at Privacy@tocafootball.com .
Other California Privacy Rights
In addition to the CCPA, the California Civil Code permits California residents with whom we have an established business relationship to request that we provide you with a list of certain categories of personal information that we have disclosed to third parties for their direct marketing purposes during the preceding calendar year. To make such a request, please contact our us and mention that you are making a “California Shine the Light” inquiry.