Privacy Policy

​

• Personal data is processed by Sportz-Well only for a lawful purpose and for the specific purposes for which consent was obtained from the Data Principal.

• Processing without explicit consent is permitted only under clearly defined "legitimate uses," such as compliance with laws or court orders, employment purposes, or responding to medical emergencies or epidemics.

​​

4. Consent Requirements

• Valid consent from you (the Data Principal) must be free, specific, informed, unconditional, and unambiguous, demonstrated through a clear affirmative action.

• Consent cannot be bundled, coerced, or implied through silence or pre-ticked boxes; it must be a deliberate and explicit agreement.

• Sportz-Well provides comprehensive notice to you at or before the time of seeking consent. This notice includes:

    ◦ The categories of personal data collected.

    ◦ The specific purposes of processing.

    ◦ The grievance redressal mechanism.

    ◦ Methods for exercising your rights under the Act.

• Notices are presented in clear and plain language and are available in English or any of the twenty-two languages specified in the Eighth Schedule to the Constitution of India.

• Sportz-Well maintains verifiable logs of consent for audit purposes.

​​

5. Withdrawal of Consent

• You have the right to withdraw your consent at any time.

• The process for withdrawing consent is comparable in simplicity to how consent was initially provided.

• Upon withdrawal, Sportz-Well will promptly cease all processing activities of your personal data, and ensure any associated processors also cease processing and erase relevant data, unless retention is necessary for a specific purpose or legal compliance.

​

6. Data Security Measures

• Sportz-Well implements robust technical and organizational safeguards to prevent data breaches. These measures include:

    ◦ Encryption, obfuscation, masking, or the use of virtual tokens.

    ◦ Maintaining access controls and access logs, with regular review and monitoring to detect unauthorized activity.

    ◦ Implementing data backups to ensure continuity of processing.

    ◦ Retaining data for at least one year to support breach detection, investigation, and recurrence prevention.

    ◦ Including provisions in contracts with data processors to safeguard personal data.

​

7. Data Sharing and Cross-Border Transfers

• Sportz-Well ensures that any engagement with data processors for data processing activities is through a valid contractual relationship.

• Cross-border data transfers (transmission of personal data from India to other countries) are permitted unless the Central Government specifically restricts transfers to certain countries or territories through official notification (a "negative list" approach).

​

8. Rights of Data Principals (Your Rights)

• As a Data Principal, you have the following rights:

• Right to Access Information: You can obtain a summary of your processed personal data, details of processing activities, and identities of other Data Fiduciaries with whom your data has been shared.

• Right to Correction, Completion, and Update: You can request Sportz-Well to correct any inaccuracies, complete incomplete data, or update your personal data.

• Right to Erasure: You can request the deletion of your personal data, unless retention is necessary for a specified purpose or legal compliance.

• Right to Grievance Redressal: Sportz-Well provides an accessible grievance redressal mechanism. You must use this mechanism to resolve issues before approaching the Data Protection Board of India.

• Right to Nominate: You can nominate an individual to exercise your rights under this Act in the event of your death, unsoundness of mind, or infirmity of body.

• Right to Revoke Consent: As detailed in point 5 above.

​

9. Grievance Redressal Mechanism

• Sportz-Well has appointed a Grievance Officer/contact person to respond to your questions about data processing.

• The contact information for this person will be displayed in an accessible manner, and we are committed to responding to your requests within a reasonable time.

​

10. Data Breach Notification

• A personal data breach is defined as any unauthorized processing or accidental disclosure, acquisition, sharing, use, alteration, destruction, or loss of access to personal data that compromises confidentiality, integrity, or availability.

• Sportz-Well is obligated to report all data breaches to the Data Protection Board of India and to the affected Data Principals promptly, regardless of the magnitude of the breach or the risk of harm.

• The notification will include details such as the nature and extent of the breach, its timing and location, consequences, and mitigating measures.

​

11. Processing of Children's Data

• For individuals under the age of 18 (children) or persons with disabilities, Sportz-Well will obtain verifiable consent from their parent or lawful guardian before processing their personal data.

• Sportz-Well is prohibited from:

    ◦ Processing personal data that is likely to cause any detrimental effect to the well-being of a child.

    ◦ Tracking or engaging in behavioral monitoring of children.

    ◦ Using targeted advertising directed at children (unless permitted by Central Government).

​

12. Policy Updates and Compliance

• This Data Protection Policy will be regularly reviewed and updated to ensure ongoing compliance with evolving legal standards and Sportz-Well's business practices.

• Significant changes to the policy will be communicated transparently to users.

​

13. Impact of Non-Compliance

• Non-compliance with the DPDP Act can result in substantial financial penalties, which can be up to ₹250 crore, depending on the gravity and nature of the breach.

• Non-compliant entities may also suffer significant reputational harm, undermining customer trust and long-term viability

​