Privacy Policy

Last updated: April 1, 2026

1. Data Controller

The data controller for this service is identified in the Impressum. For questions about data processing, contact us via the information provided there.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: Email address, full name, display name
  • Player data: Name, nickname, email, phone number, skill level, notes
  • Usage data: Tournament results, match scores, statistics
  • Technical data: IP address, browser user agent (for security and consent logging)

3. Legal Basis for Processing (GDPR Art. 6)

  • Consent (Art. 6(1)(a)): Registration and acceptance of Terms of Service
  • Contract performance (Art. 6(1)(b)): Providing the tournament management service
  • Legitimate interest (Art. 6(1)(f)): Security, fraud prevention, service improvement

4. How We Use Your Data

  • Providing and maintaining the tournament management service
  • Authenticating your identity and managing your account
  • Generating statistics and leaderboards
  • Security logging and abuse prevention

5. Data Sharing

We do not sell your personal data. Data may be shared with:

  • Other members of your organization (tournament results, player profiles)
  • Public visitors (anonymized leaderboard and live match data)
  • Service providers (hosting, payment processing) under data processing agreements

6. Data Retention

  • Active accounts: retained while the account is active
  • Inactive accounts (no login for 2 years): notified then deleted
  • Audit logs: retained for 1 year
  • Consent records: retained for 5 years (legal requirement)

7. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access (Art. 15): Request a copy of your data — available via Data Export
  • Rectification (Art. 16): Correct inaccurate data via your profile settings
  • Erasure (Art. 17): Request deletion of your data — available via Delete Account
  • Portability (Art. 20): Receive your data in a machine-readable format (JSON)
  • Objection (Art. 21): Object to processing based on legitimate interest

8. Cookies

We use only essential session cookies required for authentication. No tracking or analytics cookies are used. Essential cookies do not require consent under GDPR/ePrivacy.

9. Security

We implement appropriate technical and organizational measures to protect your data, including encryption of sensitive fields, secure session management, and audit logging.

10. Changes to This Policy

We will notify users of material changes to this policy and request re-consent where required.

This privacy policy is a template and requires legal review before use in production.