This policy explains how Mi Hiepa Scout Limited of Parsonage Chambers, 3 The Parsonage, Manchester M3 2HW, trading as Rezzil (Rezzil, we or us) uses the personal data of Premier League players as well as (to the extent they appear in match footage or other information we process) managers, officials and other Premier League match participants (collectively referred to as Players and Related Persons, and individually as you or your) in connection with the Premier League Player virtual reality game (the Game), in accordance with the United Kingdom General Data Protection Regulation as defined in the Data Protection Act 2018 (as amended) (the DPA) and other applicable data protection legislation including the DPA (together, Data Protection Law).

We keep our privacy practices and procedures under review and we may amend this policy from time to time. This version is dated December 2024.

PLEASE READ THIS POLICY, TOGETHER WITH ANY OTHER PRIVACY NOTICES WHICH WE MAY PROVIDE TO YOU, CAREFULLY SO THAT YOU ARE AWARE OF AND UNDERSTAND THE WAYS IN WHICH WE COLLECT AND USE YOUR PERSONAL DATA. IF YOU ARE A USER OF THE GAME PLEASE SEE THE SEPARATE REZZIL PRIVACY POLICY AVAILABLE HERE.

This policy is provided in layered format so you can click through the sections below. Alternatively, you can download a PDF version of the policy here.

1. Background
2. What Personal Data we collect
3. How and why we use your Personal Data
4. Who we share your Personal Data with
5. Transferring personal data outside the EEA
6. Security of your Personal Data
7. Data Retention
8. Your rights in connection with your Personal Data
9. Contact us
10. Complaints

1.          Background

1.1         When personal data is collected and used for the purposes of this policy, Rezzil is a “controller” under Data Protection Law which means that we are responsible for deciding how we use the personal data that we collect about you.

1.2         In accordance with Data Protection Law, we will ensure that the personal data we hold about you is, at all times:

(a)          used fairly, lawfully, and transparently;

(b)          collected for limited, specific purposes only;

(c)          adequate, relevant to and limited to what is necessary for those purposes;

(d)          kept accurate and up-to-date;

(e)          not kept for longer than is necessary; and

(f)           held securely.

1.3         We shall be accountable for and able to demonstrate our compliance with our obligations under Data Protection Law, and this policy is one of the ways in which we do that.

1.4         We have appointed a Data Protection Lead to oversee compliance with this policy and our data protection compliance activities. Please see Contact Us below.

2.          What Personal Data we collect

2.1         Personal data means any information about you from which you can be identified. It does not include data where your identity has been removed (i.e. anonymous data).

2.2         We are an official licensee of the Premier League. The Premier League supplies to us or procures the supply to us by Football DataCo Limited (FDC) and by FDC’s tracking data licensee Second Spectrum Inc. and the Premier League’s broadcast and other partners (Licensees) (in each case as separate data controllers and you can review their player/athlete or other applicable privacy notices as made publicly available on their websites (or otherwise) for further details), the following personal data of Players and Related Persons for use in connection with the Game as applicable:

(a)          name and shirt number; 

(b)          official photographs as captured at Premier League club access days;

(c)          footage of Premier League matches filmed or recorded by or on behalf of the Premier League’s broadcast and other partners; and

(d)          live on-field tracking and performance data (for example, positioning, distance run, passes made and also pose, skeletal and so-called Mesh data (i.e. specific points on or representations of the body) from Premier League matches enabling a player’s interactions with the ball to be identified and digital visualisation of a player’s pose and/or position to be created) (Tracking Data), other match event data (for example, goals scored or fouls conceded) (Event Data).

We then use the above to develop visualisations recreating actual Premier League match events including avatars and/or digital depictions of Premier League players with related on-field performance characteristics, behaviours and attributes and the provision of background information on the players and the match event within the Game;

(together, Player and Related Persons Data).

2.3         Under Data Protection Law, the following sensitive personal data requires a higher level of protection: personal data revealing or concerning a person’s racial or ethnic origin, religious or philosophical beliefs, sex life, sexual orientations, political opinions, trade union membership and information about health and genetic data and biometric data for the purpose of uniquely identifying a natural person (Special Category Data) and personal data relating to criminal convictions and offences (Criminal Offence Data).

2.4         We do not process Special Category Data or Criminal Offence Data save to the extent that data about on-pitch incidents referring to injury within Event Data could potentially amount to health data. Please see How and why we use your Personal Data below.

3.          How and why we use your Personal Data

3.1         For the most part, we collect and use Player and Related Persons Data because it is necessary for our “legitimate interests” as an official licensee of the Premier League and in particular because it is necessary in order to:

(a)          develop, operate, distribute and promote the Game; and

(b)          protect and enforce our and other rights in relation to the Game and, where necessary or appropriate, take legal action.

3.2         Before using your personal data for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you to ensure that your interests and fundamental rights and freedoms do not override those interests. In other words, we have determined that we have a legitimate need to process your personal data and we are not aware of any reasons that, on balance, mean we should not be doing so. If you have concerns about our processing, please see Your Rights in Connection with Your Personal Data below.

3.3         In accordance with Data Protection Law, in rare circumstances we may also use your personal data because we need to comply with a legal obligation (for example, because a court has ordered us to do so).

3.4         We generally do not rely on your consent in order to process your personal data and we will inform you specifically when we seek to obtain this from you as well as your ability to withdraw that consent at any time.

3.5         To the extent that data about on-pitch incidents referring to injury within Event Data could amount to health data such data is used on the basis that it has already been made public by that player through their participation in a Premier League match (although FDC’s current data collection mandate only requires the capture of the reason for a substitution (i.e. tactical or injury) but not specific injury information).

3.6         Some Tracking Data and the visualisations within the Game result from specific technical processing relating to the physical, physiological or behavioural characteristics of players, but this is not used by us, FDC or the Licensees to identify or confirm the identity of players. Accordingly, even if such data were biometric data, it is not being processed as Special Category Data.

3.7         Unless otherwise required or permitted by law, before using your personal data for a purpose unrelated to the reason we collected it, we will notify you and explain the purpose and legal basis which allows us to do so.

3.8         If you have any questions or require any additional information about the purposes for which your personal data is required and/ or our legal justification you can contact us.  Please see Contact Us below.

4.          Who we share your Personal Data with

4.1         To the extent elements of Player and Related Persons Data are included within the Game itself, we will share that data with users of the Game and with licensees and other third parties who facilitate the operation, distribution and promotion of the Game including the operators of platforms by which users access the Game such as Meta.

4.2         We may also share Player and Related Persons Data with the Premier League and/or FDC and the Licensees as part of the process of approval for the Game as an officially licensed product and/or our relationship with them in connection with the Game.

4.3         We may also share Player and Related Persons Data with courts, regulators, law enforcement, our professional advisors and other third parties in order to protect and enforce our rights in relation to the Game and, where necessary or appropriate, to take legal action, or where we are required by law to do so.

4.4         We may also share Player and Related Persons Data with our hosting, systems and other service providers who we use in relation to the Game. All third-party service providers who we share your personal data with are required to take appropriate security measures to protect your personal data and to comply with certain contractual terms in relation to the use of your personal data. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified limited purposes and in accordance with our written instructions.

4.5         We may also share Player and Related Persons Data with relevant third parties in the event of a sale, merger, insolvency or reorganisation of, or investment into, our business including as part of a due diligence process. 

5.          Transferring Personal Data outside the UK and EEA

5.1         Some countries outside of the UK and the European Union (EU) do not have laws that protect privacy rights and personal data as extensively as the UK and countries in the EU. Therefore, in accordance with Data Protection Law, if we transfer your personal data outside of the UK and the EU, we ensure that your personal data is afforded a similar level of protection by ensuring such transfers are to countries which are recognised as providing an adequate level of legal protection by the UK and/or the European Commission or where one of the specific safeguards approved by the Information Commissioner’s Office (ICO) in the UK and/or the European Commission is in place. You can find further information about these safeguards at International transfers | ICO and https://ec.europa.eu/info/law/law-topic/data-protection_en. In the event that there is any change in the law such that one or all of the safeguards are no longer valid or applicable, we will ensure that we are satisfied that alternative arrangements / safeguards are in place to protect your privacy rights as required by Data Protection Law.

5.2         If you would like further information on the specific mechanism used by us when transferring your personal data out of the UK and EU please contact us using the details provided below.

6.          Security of your Personal Data

6.1         Rezzil is committed to protecting your privacy and has put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Details of these measures are available upon request. Please see Contact Us below.

6.2         We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

7.          Data Retention

7.1         In accordance with Data Protection Law, we will only keep your personal data:

(a)          for as long as necessary to fulfil the specific purposes we collected it for i.e. to enable us to continue to develop, operate, distribute and promote the Game and as otherwise set out in How and why we use your Personal Data; or

(b)          to the extent reasonably necessary to comply with a legal requirement or legal reasons – for example, documents containing personal data may need to be retained for an extended period of time (generally for six years) if there is a real risk that they could be the subject of a claim, or may otherwise be relevant to future litigation.

7.2         To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

7.3         In accordance with Rezzil’s policies and Data Protection Law, after the applicable retention period has ended, the personal data will be either (as applicable):

(a)          securely deleted or destroyed – when the information is no longer required in any form; or

(b)          anonymised (so that it can no longer be associated with you) – for example, where the data remains useful in an aggregated/ generic form for statistical purposes.

7.4         Specific details of retention periods for different aspects of your personal data are available upon request. Please see Contact Us below.

8.          Your rights in connection with your Personal Data

8.1         Under Data Protection Law, you have certain rights (depending on the circumstances) in connection with your personal data, which include to:

(a)          Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it, provided always that this does not adversely affect the rights and freedoms of other people.

(b)          Request correction of the personal data that we hold about you. Where any of the information we hold about you is incorrect or incomplete we will act promptly to rectify this, including where you have requested us to do so.

(c)          Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

(d)          Object to use of your personal data where we are relying on our legitimate interests (see How and why we use your Personal Data) and there is something about your particular situation which makes you want to object to our use on this ground.

(e)          Withdraw your consent to our use of your personal data where we do so in reliance on your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. We generally do not rely on your consent.

(f)           Request the restriction of use of your personal data. This enables you to ask us to suspend the use of personal data about you, for example if you want us to establish its accuracy or the reason for using it.

8.2         You also have a right of data portability to receive personal data in a structured, commonly used and machine-readable format (or to ask us to transfer it to a third party); but note that this only applies to personal data:

(a)          which you have provided to us; and

(b)          which we are processing on the basis of your consent or under contract and where the processing is automated

(so this will not apply to most or all of the personal data we are processing about you).

8.3         We are committed to respecting your rights. You may action your rights (as applicable) by contacting us using the details provided below and we will comply with your requests within a reasonable period unless we have a lawful reason not to do so. Requests should be made in writing and to ensure that personal data is dealt with carefully and confidentially Rezzil will require the requestor to provide verification of their identity and all applications must be accompanied by a copy of one or more official documents, which show your name, date of birth and current address (for example, driving licence, birth/ adoption certificate, passport, recent utility bill).

8.4         Note: in responding to such requests, we will explain the impact of any objections, restrictions or deletions requested.

8.5         We will not charge you a fee to exercise your rights unless your request for access is clearly unfounded or excessive, in which case we may charge you a reasonable fee. Alternatively, we may refuse to comply with the request in such circumstances.

9.          Contact us

If you have any questions about this privacy policy or how we handle your personal data, please contact the Data Protection Lead using the following contact details:

Rezzil Data Protection Lead:

[email protected]

10.      Complaints

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK data protection authority. The ICO’s contact details as are follows: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; Tel: 0303 123 1113 (local rate) or 01625 545 745; https://ico.org.uk/global/contact-us/