Privacy Policy

1. Introduction

Racket Sports Company SRL ("we", "us", "our") operates the padelademy.com platform ("Service"). This Privacy Policy explains how we collect, use, store and protect your personal data when you use our Service, in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Romanian data protection law.

2. Data Controller

The data controller responsible for your personal data is:

Racket Sports Company SRL, Str. Lev Tolstoi nr. 1A, Timisoara, Romania. For any questions regarding your data, contact us at contact@padelademy.com.

3. Data We Collect

We collect the following categories of personal data:

• Account data: name, email address, password (hashed), role, and academy name when you register.
• Student data: names, contact details, birth dates, skill levels, photos, and enrollment information that you enter about your students.
• Usage data: attendance records, payment records, training sessions, tournament entries, and P&L figures that you create within the platform.
• Payment data: when you subscribe, Stripe processes your payment information. We store only your Stripe customer ID and subscription ID — we never see or store your credit card number.
• Technical data: IP address, browser type, device information, and access timestamps collected automatically through server logs.

4. How We Use Your Data

We process your personal data for the following purposes:

• Providing the Service: to create and manage your account, deliver the features you use, and maintain your academy data.
• Billing: to process subscription payments through Stripe and manage your subscription status.
• Communication: to send you essential service-related emails such as password resets and account notifications.
• Security: to protect against unauthorized access, detect fraud, and maintain the integrity of our Service.
• Legal compliance: to comply with applicable laws, regulations, and legal processes.

5. Legal Basis for Processing

We process your data based on the following legal grounds under GDPR:

• Contract performance (Art. 6(1)(b)): processing necessary to provide the Service you subscribed to.
• Legitimate interest (Art. 6(1)(f)): for security, fraud prevention, and improving our Service.
• Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, and other legal requirements.
• Consent (Art. 6(1)(a)): where applicable, for optional communications. You can withdraw consent at any time.

6. Data Sharing

We do not sell your personal data. We share data only with:

• Stripe, Inc. — for payment processing. Stripe's privacy policy applies to payment data they handle.
• Hosting providers — our servers are located within the European Union.
• Legal authorities — if required by law, court order, or governmental regulation.

We do not transfer your personal data outside the European Economic Area (EEA) unless adequate safeguards are in place as required by GDPR.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your data within 30 days, except where retention is required by law (e.g., tax records may be retained for up to 10 years as required by Romanian fiscal law).

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Passwords are hashed using bcrypt and never stored in plain text.
• All data transmission is encrypted via HTTPS/TLS.
• Access to personal data is restricted to authorized personnel only.
• Regular security reviews and updates.

9. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your data ("right to be forgotten").
• Restriction: request restriction of processing in certain circumstances.
• Portability: receive your data in a structured, commonly used format.
• Objection: object to processing based on legitimate interest.
• Withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at contact@padelademy.com. We will respond within 30 days.

10. Cookies

Our Service uses essential session cookies required for authentication and security. These are strictly necessary for the Service to function and do not require consent. We do not use advertising or tracking cookies.

11. Children's Privacy

Our Service is designed for padel academy administrators and coaches (adults). Student data entered into the platform may include information about minors. Academy administrators are responsible for ensuring they have appropriate consent from parents or guardians to store and process data about minor students within the platform.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or through the Service. The "Last updated" date at the top of this page indicates when this policy was last revised.

13. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):

ANSPDCP — Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest, Romania
Website: www.dataprotection.ro

14. Contact

For any questions, requests, or concerns about this Privacy Policy or your personal data, contact us at:

Racket Sports Company SRL
Email: contact@padelademy.com
Str. Lev Tolstoi nr. 1A, Timisoara, Romania