privacy-policy-hero-img

Privacy Policy

2ndcourt – Privacy Policy (gdpr Draft)

Version 1.0 – Updated: Sat Dec 13 2025

This Privacy Policy explains how 2ndCourt.com ("2ndCourt", “we”, “us”, “our”) collects, processes, stores, and protects your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

By creating an account or using our services, you agree to the practices described in this Privacy Policy.

1. Data Controller

The data controller responsible for your personal data is:

  • 2ndCourt.com
  • Email: support@2ndcourt.com
  • Registered in: [Insert company / country]
  • Address: [Insert address or city]

If legally required, a Data Protection Officer (DPO) will be appointed and listed here.

2. Categories Of Personal Data We Collect

We only collect data necessary for the functioning of the platform. This includes:

2.1. Data you provide directly

  • Name and surname
  • Email address
  • Phone number (optional)
  • Date of birth (optional or required for competitions)
  • Profile photos (optional)
  • Match results, competition data
  • Venue/club information you submit (if you are a venue administrator)

2.2. Automatically collected data

  • Login history (timestamps)
  • Device information (browser type, OS)
  • IP address (for security)
  • Cookies (see separate Cookie Policy)

2.3. Sensitive data

We do not collect or process special categories of data (Article 9 GDPR).

Users must not submit any sensitive data (health, ethnicity, political beliefs, etc.) on the platform.

3. Legal Basis For Processing

We process your personal data only when a legal basis under GDPR applies:

3.1. Contract performance (Article 6(1)(b))

To:

  • create and manage your account,
  • enable bookings, matches, and profile features,
  • send system notifications (bookings, results, invitations).

3.2. Legitimate interest (Article 6(1)(f))

For:

  • fraud prevention and security,
  • platform analytics and improvement,
  • maintaining service stability and availability.

3.3. Consent (Article 6(1)(a))

For:

  • promotional emails (optional),
  • optional location data (if used),
  • cookies (non-essential).

3.4. Legal obligation (Article 6(1)(c))

If required by law or court request.

4. How We Use Your Data

Your personal data is used to:

  • enable account login and authentication,
  • manage bookings, results, rankings, competitions,
  • display profile information to other users (name, results, ranking),
  • send essential notifications (match confirmations, password resets),
  • manage venue profiles if you are an authorized venue representative,
  • ensure platform security and prevent misuse.

We do not use your data for automated decision making beyond ranking algorithms, which are based solely on user-submitted match results.

5. Who Can See Your Data

Depending on your actions, some data becomes visible to others:

5.1. Publicly visible

  • Your name (or chosen display name)
  • Match results
  • Rankings, statistics
  • Profile photo (if uploaded)

5.2. Visible only to authorized venue administrators

  • Your booking data
  • Contact information necessary for venue management

5.3. Visible only to 2ndCourt administrators

  • Account email
  • Login history
  • Security-related data

We do not sell or share data with advertisers or unrelated third parties.

6. Third-party Processors

We use vetted and GDPR-compliant processors:

6.1. Amazon Web Services (AWS)

  • Primary data hosting and storage
  • Region: EU (Frankfurt or Ireland)
  • Purpose: secure backend and database

6.2. AWS Cognito

  • User authentication
  • Password encryption and token management

6.3. Brevo (Sendinblue)

  • Transactional emails (booking confirmations, match invites, password resets)
  • Marketing emails (only with consent)

6.4. Analytics tools (optional)

  • Privacy-compliant usage statistics
  • No advertising tracking
  • No cross-platform profiling

All processors operate under a data processing agreement (DPA) and comply with GDPR.

7. Data Storage & Retention

We store your data only as long as necessary:

  • Account data: retained until account deletion
  • Match results & rankings: retained to maintain platform integrity
  • Email logs: up to 12 months (security reasons)
  • Backups: stored securely and automatically deleted after a fixed cycle

When deleting your account, personal data is erased or anonymized unless retention is required by law.

8. Data Security

We implement technical and organizational measures including:

  • encrypted communication via HTTPS
  • encryption of passwords and sensitive tokens
  • network isolation via AWS security groups
  • access control restricted to essential personnel
  • audit logging and intrusion detection

No system can guarantee absolute security, but we use industry best practices.

9. International Data Transfers

We strive to keep all data within the EU.

If data is transferred outside the EU (e.g., global email routing), transfers are protected by:

  • Standard Contractual Clauses (SCCs),
  • Adequacy decisions, or
  • Other GDPR-compliant safeguards.

10. Your Gdpr Rights

You have the right to:

  • access your personal data
  • correct inaccurate data
  • request deletion (“right to be forgotten”)
  • restrict processing
  • data portability
  • withdraw consent at any time
  • object to processing based on legitimate interest
  • lodge a complaint with a Data Protection Authority (DPA)

To exercise rights, contact: support@2ndcourt.com

11. Children’s Privacy

2ndCourt is not intended for children under 16.

We do not knowingly process personal data of users under 16.

If such data is discovered, it will be deleted immediately.

12. Changes To This Policy

We may update this Privacy Policy. Material changes will be communicated through the platform or email.

13. Contact

For privacy-related inquiries:

support@2ndcourt.com