Privacy Policy – SportyLink
Version: 1.1 · Effective from: 16.10.2025
1) Controller
Controller: Ondřej Bill
Company ID: 17920299
Contact: info@sportylink.cz
The Controller is responsible for GDPR compliance and these Privacy Policy terms.
2) What data we process
- Identification & contact: first name, last name, email, nickname, (optional) phone.
- Operational: technical cookies (session, login), logs.
- Content: event photos (see “Photos & marketing” below).
We do not process special categories of data (e.g., health data).
3) Purposes & legal bases
| Purpose | Example |
|---|---|
| Account registration & management | create/maintain profile |
| Connecting players & organizers | profile display, event communication |
| Post-event player rating | stars/reviews |
| Account & event notifications | transactional emails, push |
| Newsletter & marketing | news, event tips |
| Security & abuse prevention | logging, defending claims |
Photos & marketing
Photos may be taken at events. Using recognizable photos for marketing (website, social media) requires explicit consent. You can give (or refuse) consent during registration and you can withdraw it anytime by email at info@sportylink.cz. Without consent, we will only use non-identifiable shots or blur/remove a person upon request.
4) Recipients / third parties
- Web4U s.r.o. — hosting & infrastructure.
- Google Ireland Limited — Google Analytics (GA4) – usage analytics.
- Optional: email delivery provider
5) International transfers
We do not transfer your personal data to a country outside the European Union nor to any international organization.
6) Processing Data from Google Services
If you choose to log in or register via Google (Google OAuth / Sign in with Google), the SportyLink application receives the following data from Google:
What Google Data We Collect
- email address
- public name from Google profile
- (optionally) profile picture
How We Use This Data
- to create and identify user accounts
- to display profiles and enable passwordless login
- to send transactional emails related to the account
Data Sharing
This data is not shared with any third parties except service providers necessary for the operation of the application (hosting, emailing). Google data used for login is not transferred to other entities.
Storage and Security
- We store Google email and ID in the database for account management purposes.
- Database access is restricted to system administrators only.
- We use OAuth tokens only for authentication and do not store them for any purpose other than session renewal.
Retention Period and Deletion
- We retain Google data for the lifetime of the account.
- You can delete the data at any time by deleting your account or by requesting via email at info@sportylink.cz. In such case, all data obtained from Google will be removed.
7) Retention
- For as long as your account exists.
- After account deletion, we erase data from active systems; backups and legally required records may be kept for a limited period.
8) Your rights
- Access, rectification, erasure, restriction of processing.
- Objection (always respected for marketing), portability.
We handle requests without undue delay, within 1 month (extendable by 2 months for complex cases). We may ask to verify your identity. You can lodge a complaint with the Czech DPA ÚOOÚ.
9) Cookies & similar technologies
- Necessary (session, login, security) – required for the service to function.
- Analytics (GA) – measuring and improving the service.
- Marketing – only with your consent (manage in cookie banner / settings).
10) Security
Security: we apply appropriate technical and organizational measures (HTTPS, secure passwords, least-privilege access, updates, training). In case of an incident, we act under GDPR; where required, we notify the authority within 72 hours and affected users.
11) Consents
Marketing photos – consent is given during registration. You can withdraw your consent anytime by email at info@sportylink.cz. Withdrawal does not affect processing performed before withdrawal.