Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms of Service between ShooterLogs, Inc. ("ShooterLogs," "we," "us," or "our") and users of the ShooterLogs Services ("User," "you," or "your"). This DPA explains how we process personal data collected through our services and outlines our compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Definitions

The terms "Controller," "Processor," "Data Subject," "Personal Data," "Processing," "Special Categories of Personal Data," and "Supervisory Authority" shall have the meanings given to them in applicable data protection laws, including the GDPR.

"Services" refers to the ShooterLogs platform, including the website, mobile applications, and related products and services.

"User Data" means Personal Data provided by or on behalf of the User to ShooterLogs for processing in connection with the Services.

2. Roles and Scope

For the purposes of this DPA, ShooterLogs acts as a Processor of User Data on behalf of the User, who acts as the Controller. This DPA applies to the Processing of User Data by ShooterLogs on behalf of the User in connection with the provision of the Services.

ShooterLogs may also act as a Controller for certain Personal Data, such as account information and usage data. For information on how we process Personal Data as a Controller, please refer to our Privacy Policy.

3. Processing of User Data

3.1 Purpose of Processing

ShooterLogs shall process User Data solely for the purpose of providing the Services as described in the Terms of Service and this DPA. This includes:

• Storing and managing shooting session data, equipment information, and performance metrics;
• Processing analytics and generating insights based on User Data;
• Facilitating communication between coaches and athletes;
• Providing customer support and technical assistance;
• Improving and optimizing the Services;
• Complying with applicable laws and regulations.

3.2 Categories of Data Subjects

The categories of Data Subjects whose Personal Data may be processed under this DPA include:

• Users of the Services;
• Users' coaches, teammates, or training partners;
• Other individuals whose Personal Data is uploaded or inputted by Users into the Services.

3.3 Types of Personal Data

The types of Personal Data that may be processed under this DPA include:

• Contact information (e.g., name, email address, phone number);
• Account information (e.g., username, password);
• Profile information (e.g., profile picture, biography, shooting preferences);
• Performance data (e.g., training session results, competition scores);
• Equipment information (e.g., firearm details, ammunition data);
• Communication data (e.g., messages between coaches and athletes);
• Usage data (e.g., features used, time spent on the platform);
• Location data (when enabled by the User);
• Media files (e.g., photos or videos uploaded by the User).

4. Data Processing Principles

ShooterLogs shall process User Data in accordance with the following principles:

• Lawfulness, fairness, and transparency: User Data will be processed lawfully, fairly, and in a transparent manner.
• Purpose limitation: User Data will be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
• Data minimization: User Data will be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
• Accuracy: User Data will be accurate and, where necessary, kept up to date.
• Storage limitation: User Data will be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data is processed.
• Integrity and confidentiality: User Data will be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

5. Security Measures

ShooterLogs shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including but not limited to:

• Encryption of Personal Data during transmission and at rest;
• Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
• Ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
• Process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing;
• Measures to ensure that personnel authorized to process Personal Data have committed to confidentiality;
• Implementation of access controls and authentication mechanisms;
• Regular security assessments and vulnerability scanning.

For more details on our security practices, please refer to our Security Policy.

6. Sub-processors

ShooterLogs may engage sub-processors to assist in providing the Services. ShooterLogs shall ensure that:

• Each sub-processor is subject to data protection terms that provide at least the same level of protection for User Data as those in this DPA;
• ShooterLogs remains fully liable for the actions and omissions of its sub-processors;
• Upon request, ShooterLogs will provide Users with a list of current sub-processors.

By accepting this DPA, you provide general authorization for ShooterLogs to engage sub-processors. ShooterLogs shall inform Users of any intended changes concerning the addition or replacement of sub-processors, giving Users the opportunity to object to such changes.

7. Data Transfers

ShooterLogs may transfer User Data to countries outside the European Economic Area (EEA) or the User's jurisdiction. When doing so, ShooterLogs shall ensure that:

• The transfer is to a country that has been deemed to provide an adequate level of protection for Personal Data by the European Commission or applicable regulatory authority;
• The transfer is subject to appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission;
• The transfer is necessary for the performance of a contract between ShooterLogs and the User, or for the implementation of pre-contractual measures taken at the User's request;
• The User has provided explicit consent to the proposed transfer.

8. Data Subject Rights

ShooterLogs shall assist Users in fulfilling their obligations to respond to Data Subjects' requests to exercise their rights under applicable data protection laws. These rights may include:

• Right of access;
• Right to rectification;
• Right to erasure ('right to be forgotten');
• Right to restriction of processing;
• Right to data portability;
• Right to object to processing;
• Right not to be subject to automated decision-making, including profiling.

If ShooterLogs receives a request directly from a Data Subject regarding User Data, ShooterLogs shall promptly notify the User and provide reasonable assistance to the User in responding to the request.

9. Data Breach Notification

In the event of a personal data breach affecting User Data, ShooterLogs shall:

• Notify the User without undue delay after becoming aware of the breach;
• Provide the User with sufficient information to allow the User to meet any obligations to report the breach to Supervisory Authorities or Data Subjects;
• Take reasonable steps to mitigate the effects of the breach and minimize potential damage;
• Assist the User in documenting the breach and any remedial actions taken.

10. Data Protection Impact Assessments

ShooterLogs shall provide reasonable assistance to Users in conducting data protection impact assessments and consulting with Supervisory Authorities, where required by applicable data protection laws.

11. Deletion or Return of User Data

Upon termination of the Services, or upon the User's request, ShooterLogs shall, at the User's choice, delete or return all User Data to the User, and delete existing copies, unless storage is required by applicable law.

12. Audits and Inspections

ShooterLogs shall make available to Users all information necessary to demonstrate compliance with the obligations set forth in this DPA and shall allow for and contribute to audits, including inspections, conducted by the User or an auditor mandated by the User.

13. Liability

ShooterLogs's liability arising out of or related to this DPA shall be subject to the limitations and exclusions of liability set out in the Terms of Service.

14. Changes to this DPA

ShooterLogs may modify this DPA from time to time by posting the revised version on our website and notifying Users. The revised DPA will be effective upon posting, unless otherwise stated.

15. Contact Information

If you have any questions about this DPA, please contact our Data Protection Officer:

Data Protection Officer
ShooterLogs, Inc.
123 Shooting Lane, Suite 100
Marksman City, CO 80001
Email: privacy@shooterlogs.com
Phone: (800) 555-1234