Privacy Policy

Pursuant to GDPR (EU) 2016/679

1. Data Controller

The controller within the meaning of the GDPR is:
HandSoft Kft.

Email:
Phone:
Registration number:

2. Data Collected and Purpose

We process the following personal data:

  • Name and email address β€” for identification and communication
  • Date of birth (full date or year only) β€” for identity verification, member administration, and federation reporting
  • Gender β€” for correct salutation (optional)
  • Consumption data (products, quantities, prices, timestamps) β€” for billing
  • Payment data (amount, date) β€” for accounting
  • Booking data (resource, time ranges, participant count, status, booking reference, no-show/cancellation metadata) β€” for reservation management
  • Free-text booking notes (member notes, internal notes) β€” for operational handling of bookings
  • Booking finance data (amount, currency, billing status, linked payment request) β€” for proper settlement
  • Sport profiles (federation ID per sport) β€” for federation reporting and licensing purposes; legal basis: Art. 6(1)(b) GDPR
  • Tournament participation data (player name, date of birth/year, federation ID, match result, round) β€” for tournament administration and federation reporting; applies to both tenant members and external (non-member) participants; legal basis: Art. 6(1)(b) or (f) GDPR
  • Consent IP address β€” as proof of granted consent
  • Phone number β€” for contact (optional, if provided)
  • Login logs β€” for security and traceability

Legal basis: Art. 6(1)(b) GDPR (performance of contract), Art. 6(1)(c) GDPR (legal retention obligations), and Art. 6(1)(f) GDPR (legitimate interest in proper accounting and tournament documentation).

3. Retention Periods and Erasure

Member data (name, email, date of birth, gender, phone number)

Inactive member accounts without activity are automatically anonymised after 2 year(s). After anonymisation, no conclusions can be drawn about the person concerned.

Sport profiles (federation IDs)

Sport profiles are permanently deleted when a member account is anonymised.

Tournament participation data (match results)

Match results are retained indefinitely for statistical and documentary purposes. When a member account is anonymised, the personal link is severed: the player name and date of birth are removed from the match record and the link to the member account is deleted. The result itself is retained in anonymous form. External (non-member) tournament participants may request deletion of their data by contacting the tenant in writing.

Consent IP address

The IP address collected during registration is automatically deleted after 1 year(s). The timestamp of consent is retained as proof.

Accounting data (consumption, payments, payment requests, booking finance)

Consumption and payment data are subject to legal retention obligations (for example, under Section 132 BAO in Austria) and are therefore retained for 7 years. After account anonymisation, these records remain only in aggregated, non-personal form; assignment to a natural person is no longer possible.

Booking notes and internal notes

Free-text booking notes are removed when an account is anonymised, where they may still contain personal data.

Activity log (audit log)

Security and activity logs are automatically deleted after 2 year(s).

4. Your Rights

  • Access (Art. 15 GDPR) β€” You may review and export your stored data at any time.
  • Rectification (Art. 16 GDPR) β€” You may correct your data in your profile.
  • Erasure (Art. 17 GDPR) β€” You may request anonymisation of your account. Accounting-relevant data remains in anonymised form in line with legal retention obligations.
  • Data portability (Art. 20 GDPR) β€” You may export your data as JSON or CSV.
  • Objection (Art. 21 GDPR) β€” Please contact the controller named above.

5. Cookies and Technical Data

This application uses only technically necessary session cookies. No tracking cookies, analytics tools, or advertising services are used. The session is deleted on logout.

6. Data Sharing

Personal data is not shared with third parties, sold, or used for advertising purposes.

7. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent data protection supervisory authority. In Austria, this is the Austrian Data Protection Authority (DSB).

Version 2 — July 01, 2026