CH
Club Hub

Privacy Policy

Last updated: December 2024

WorldSportClubHub is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), India's Digital Personal Data Protection Act 2023 (DPDP), Switzerland's Federal Act on Data Protection (FADP), and other applicable data protection laws.

India DPDP Act 2023 - Terminology

Under India's DPDP Act: You are a "Data Principal" and we are a "Data Fiduciary". The rights described below apply equally under GDPR (EU), DPDP (India), and FADP (Switzerland).

1. Data Controller

WorldSportClubHub ("we", "us", "our") is the data controller responsible for your personal data. For any data protection inquiries, contact us at privacy@worldsportclubhub.com

2. Information We Collect

We collect information you provide directly to us, such as when you create an account, join a club, or contact us for support.

Personal Data We Process:

  • Identity Data: Name, username, profile image
  • Contact Data: Email address, phone number
  • Account Data: Login credentials (passwords are hashed and never stored in plain text)
  • Membership Data: Club memberships, roles, join dates
  • Technical Data: IP address, browser type, device information
  • Usage Data: How you interact with our platform

3. Legal Basis for Processing

We process your personal data based on the following legal grounds (GDPR Article 6):

  • Contract Performance: To provide our services and manage your account
  • Legitimate Interest: To improve our services and communicate with you
  • Consent: For marketing communications and non-essential cookies
  • Legal Obligation: To comply with applicable laws

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send you technical notices and support messages
  • Respond to your comments and questions
  • Facilitate club management and member communications
  • Detect and prevent fraud or abuse

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods:

Data TypeRetention Period
Account DataUntil account deletion + 30 days
Club Membership DataDuration of membership + 1 year
Notifications90 days
Session Data30 days of inactivity
Audit Logs2 years (legal requirement)
Cookie Consent Records2 years

6. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access (Article 15)

Request a copy of your personal data.

Right to Rectification (Article 16)

Request correction of inaccurate personal data.

Right to Erasure (Article 17)

Request deletion of your personal data ("Right to be Forgotten").

Right to Data Portability (Article 20)

Export your data in a machine-readable format.

Right to Object (Article 21)

Object to processing based on legitimate interests.

Right to Withdraw Consent (Article 7)

Withdraw consent at any time for consent-based processing.

Exercise Your Rights

You can exercise these rights directly from your account settings:

  • Export Data: Download all your data in JSON format
  • Delete Account: Permanently delete your account and all associated data
  • Update Profile: Correct or update your personal information

Or contact us at privacy@worldsportclubhub.com and we will respond within 30 days.

7. Information Sharing

We do not sell your personal information. We may share your information with:

  • Club Administrators: For members of that club (name, membership status)
  • Service Providers: Who assist our operations under strict data processing agreements
  • Legal Authorities: When required by law or to protect our rights

Third-Party Processors:

  • Vercel: Hosting (EU/US)
  • Neon: Database (EU)
  • Google: Authentication (Standard Contractual Clauses)

8. International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection
  • Binding Corporate Rules where applicable

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest for sensitive data
  • Secure password hashing (bcrypt)
  • Regular security audits
  • Access controls and authentication
  • Security headers (CSP, HSTS, X-Frame-Options)

10. Cookies

We use cookies and similar technologies. You can manage your cookie preferences through our cookie consent banner. For detailed information, see our Cookie Policy.

Cookie Categories:

  • Essential: Required for the website to function (always active)
  • Functional: Remember your preferences (requires consent)
  • Analytics: Help us understand usage patterns (requires consent)
  • Marketing: Deliver relevant advertisements (requires consent)

11. Children's Privacy

Our services are not directed to children under 18 (or 16 in EU/EEA). We do not knowingly collect personal data from children without verifiable parental consent. If you believe we have collected data from a child without proper consent, please contact us immediately.

India (DPDP Act): Processing of children's data (under 18) requires verifiable parental consent.
EU (GDPR): Age threshold is 16 years.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Supervisory Authority

If you are in the EU and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local Data Protection Authority.

14. Grievance Officer (India DPDP)

In accordance with India's Digital Personal Data Protection Act 2023, we have appointed a Grievance Officer to address your concerns regarding data processing:

Grievance Officer: Harsh Jain

Email: grievance@worldsportclubhub.com

Response Time: Within 30 days of receiving the grievance

Address: Basel, Switzerland

If your grievance is not resolved satisfactorily, you may escalate to the Data Protection Board of India (DPBI).

15. Right to Nominate (India DPDP)

Under India's DPDP Act, Data Principals have the right to nominate another individual to exercise their data rights in the event of death or incapacity.

To register a nominee, please contact us at privacy@worldsportclubhub.com with subject line "Nominee Registration".

16. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

  • EU (GDPR): We will notify the relevant supervisory authority within 72 hours
  • India (DPDP): We will notify the Data Protection Board of India (DPBI) within 72 hours
  • Switzerland (FADP): We will notify the FDPIC as soon as possible
  • Affected Users: We will notify you without undue delay if the breach is likely to result in high risk

17. Contact Us

For questions about this Privacy Policy or to exercise your data rights, please contact us:

General Inquiries: privacy@worldsportclubhub.com

Grievances (India): grievance@worldsportclubhub.com

Response Time: Within 30 days as required by GDPR/DPDP