Today’s Plan coach agreement
Last updated: 17 May 2018
Summary
Today’s Plan provides the ability for a coach or coaching company (coach) to manage their athlete’s training. This includes the ability to access a user’s account and data, prescribe training and communicate with the athlete. This functionality is provided by a range of the Today’s Plan system, including the website, mobile applications, desktop software and API access.
Once an athlete account is associated with a coach, the coach can access personal and sensitive information about an athlete. Noting that an association requires acceptance by both the coach and athlete.
It is important that you and all your company employees or associates (associates) who have Today’s Plan accounts are aware of your privacy and security obligations to user’s data.
If you or your associates are accessing data related to a user who resides in the European Union, you may also be subject to the General Data Protection Regulation (GDPR).
Today’s Plan is bound by a number of privacy and security requirements – both via the Australian Privacy Act (Cth), the European GDPR, and through a number of our agreements with our service providers and connected partners.
As such, before we can enable your Today’s Plan coaching account, you agree to maintain and undertake certain privacy obligations and data usage restrictions.
If you are unsure on any of the content of this agreement, please contact support@todaysplan.com.au
Today’s Plan coach agreement
User accounts and delegate access
Introduction
The Today’s Plan coaching Agreement (Agreement) is made and entered into by and between Today’s Plan Pty Ltd (Today’s Plan) and you. “You” means you individually or the entity that you represent. If you are entering into this Agreement for an entity, you represent and warrant to us that you have the legal authority to bind that entity, including all employees, delegates and associates to this Agreement.
By accessing or using the Today’s Plan coaching system, you acknowledge that you have read, and agree to abide by this Agreement. If you are unable to comply with the current or any future version of this Agreement, you must immediately cease all use of Today’s Plan.
In summary;
- You will have access to personal and sensitive user data. You have obligations regarding privacy and security of this data
- You will not share any user data without their express consent
- You will not transfer data into any another system, platform, application, or third party without the user’s express consent
- You will not transfer any European Union user’s data outside the European Union unless in compliance with the GDPR
- You are solely responsible for maintaining any relevant privacy of user data. Should a user allow you to transfer, copy or download any of their data you accept sole responsibility for maintaining the relevant privacy requirements so the the user can access, rectify and delete data held or controlled by you
- You will clearly inform users you have access to of your privacy policy
- You will honour any user’s request to access, rectify or delete their personal data you may hold or control. This may include, but is not limited to, data you have downloaded or exported, screenshots, and emails
Please read the entire Today’s Plan coach Agreement below as it governs your use of the Today’s Plan system.
This policy was written in English. To the extent a translated version conflicts with the English version, the English version controls. Unless indicated otherwise, this privacy policy does not apply to third party products or services or the practices of companies that we do not own or control, including other companies you might interact with on or through our services.
User accounts and delegate access
- Each coach, associate, athlete or user of the Today’s Plan system must maintain their own login / account. A Today’s Plan username and password should never be shared.
- If a coaching company employee or associate leaves the company, their account should either be deleted or re-assigned. Any existing athlete associations should also be removed.
- A Today’s Plan password should never be shared. If you require access to an athlete’s account, use the features provided within the website. You should never need an athlete’s password to access their account or information
- You are solely responsible for the confidentiality of your account password. You agree to use best practice to keep your password secure, to change your password regularly and to maintain a minimal level of complexity on your password. If you believe an unauthorized person has gained access to your password, then you must notify us as soon as possible
- Access to a user’s account is gained by an access request, which must be accepted by the other party. Under no circumstances should the acceptance be completed by the same party, such as by logging in with the user’s credentials
Privacy and security
- You agree to use commercially reasonable and appropriate measures to maintain the security and integrity of any user data accessed via the Today’s Plan system. You are fully responsible for the security of data accessed via Today’s Plan. You agree to comply with all applicable state and federal laws and rules, which includes applicable privacy requirements such as GDPR. All user data obtained via Today’s Plan in your possession or control must be deleted by you upon a user’s request or upon the user’s termination or cancellation of the developer application subscriptions.
- You agree to ensuring that any Today’s Plan data is encrypted and transmitted over a secure, encrypted channel (e.g., HTTPS). Where technically feasible, any Today’s Plan user data you hold at rest should also be encrypted. You must notify Today’s Plan of any security breach, involving data obtained via Today’s Plan, within the meaning of the GDPR, within 24 hours any such security incident
- You agree to respect user’s privacy. You may use and retain data only so long as necessary for the purpose you originally obtained it. It is essential that you do not disclose data or use it for, another user or any other third party without a lawful basis
- You must maintain a privacy policy that is consistent with industry standards including (where applicable) GDPR compliance and you must not use, retain or share any end user data in a manner inconsistent with applicable laws and/or Today’s Plan privacy policy
- Your privacy policy must be made available by reasonably prominent hyperlinks that does not conflict with or supersede the Today’s Plan privacy policy and that explains how you collect, store, use, and/or transfer any personal data. You also agree to comply with all privacy and data protection laws applicable to you
- For reference, personal data means data that may be used, either alone or together with other information, to identify an individual user, including, without limitation, a user’s name, address, telephone number, username, email address, city and country, geolocation, unique identifiers, picture, or other similar information and includes personal data as defined in the GDPR
Indemnity
- Where pursuant to Article 82(4) of the GDPR, if either party is found to be liable for the damage arising from a breach or breaches of the GDPR, in order to ensure effective compensation of a one or more individuals, then the other party shall indemnify that party for that portion of the compensation attributable to any breaches of GDPR giving rise to the compensation for which it is responsible.
- This Agreement does not create or imply any partnership, agency or joint venture between the parties. For the purposes of Article 26 of the GDPR, the parties acknowledge that each party is a separate and independent controller of the personal data which it discloses or receives under this Agreement. The parties do not and will not process personal data which it discloses or receives under the Agreement as joint controllers. Each party shall be individually and separately responsible for complying with the obligations that apply to it as a controller under applicable data protection and privacy laws. It is agreed that where either party receives a request from a data subject in respect of personal data controlled by the other party, where relevant, the party receiving such request will direct the data subject to the other party, as applicable, in order to enable the other party to respond directly to the data subject’s request.
