Avenant relatif au traitement des données (DPA)
Date d'entrée en vigueur 2026-07-06 · Dernière mise à jour 2026-07-06
1. Scope and roles
This Data Processing Addendum ("DPA") forms part of the Terms of Service between you (the club operator, acting as the data controller) and Osii, operator of Scorvo (acting as the processor). It applies where Scorvo processes personal data about third parties — such as your players and team members — on your behalf. The English version governs.
2. Subject matter and nature of processing
- Subject matter: hosting and processing member data so you can run your clubs, teams, tournaments, and records.
- Duration: for as long as your account exists, or until the data is deleted.
- Nature and purpose: storage, organization, display, statistics, and optional AI-assisted import of the records you enter.
- Categories of data: names, optional contacts, notes, roster attributes, photos, and competition records.
- Categories of data subjects: the players and team members you record.
3. Processing on your instructions
We process member data only on your documented instructions, including the actions you take in the app and the settings you configure, unless required otherwise by law — in which case we inform you before processing, unless the law prohibits it.
4. Confidentiality
Personnel authorized to process member data are bound by confidentiality and access it only as needed to provide the Service.
5. Security measures
We implement appropriate technical and organizational measures, taking into account the state of the art and the risks of processing. See the Security Measures section below.
6. Subprocessors
You give general authorization for us to engage the subprocessors listed on our Subprocessors page to provide the Service. We impose data protection obligations on them consistent with this DPA. We will update the Subprocessors page before adding or replacing a subprocessor; that page is how we notify you of changes, and you may object by contacting support@scorvo.io.
7. Assisting you with data subject rights
Taking into account the nature of the processing, we assist you with appropriate measures so you can respond to requests from data subjects to exercise their rights. You can access, edit, export, and delete member data directly in the app; we support your requests at support@scorvo.io.
8. Security incidents and assistance
We assist you in meeting your obligations regarding security, breach notification, and data protection impact assessments, taking into account the information available to us. We will notify you without undue delay after becoming aware of a personal data breach affecting member data you control.
9. Return or deletion of data
On termination of the Service, or on your request, we delete member data. When you delete your account, member data is removed across our database and file storage; AI import source files are deleted within 30 days of upload.
10. Audits and information
We make available to you the information reasonably necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by you or an auditor you mandate, subject to reasonable notice, confidentiality, and security constraints.
11. Security Measures
- Access control: data is scoped to a single owner and reachable only after authentication.
- No public file URLs: photos and files are served only through short-lived, signed links to the owner.
- Data minimization: AI import and MCP paths transmit only the fields needed; player contacts are excluded from AI processing.
- Restricted production access and abuse monitoring.