PlayAce Logo
PlayAce

Privacy Policy

Effective Date: October 30, 2025

1. Introduction

This Privacy Policy describes how PlayAce ("we," "our," or "us") collects, uses, and protects your personal information when you use our tennis community platform and related services. This policy applies to all services offered through our website, mobile applications, and related platforms (collectively, the "Service"). We process your personal data based on various legal grounds as described in Section 4 of this policy, including contract performance, legitimate interests, consent where required, and legal obligations. We adhere to the principles of data minimization (Article 5(1)(c) GDPR) and purpose limitation (Article 5(1)(b) GDPR) by collecting and processing only the data necessary for the respective purposes. Your use of our Service indicates that you have read and understood this policy. If you do not agree with this policy, please do not use our Service.

2. Data Controller

The data controller responsible for your personal data is: Paul Artjomow Software Bodelschwinghstr. 1 48527 Nordhorn, Germany Email: admin@playace.de

3. Information We Collect

We may collect the following types of information:

  • Personal Information: Name, email address, phone number, date of birth, profile picture, postal address, and other contact details you provide during registration or account updates.
  • Profile Information: Tennis skill level, playing preferences, availability, match history, club affiliations, tournament participation, rankings, achievements, and other tennis-related information you choose to share.
  • Usage Data: Information about how you use our platform, including matches played, messages sent, communities joined, events attended, booking history, search queries, feature usage, and other interactions with our Service.
  • Device and Technical Information: IP address, browser type and version, device type and model, operating system, language preferences, referring URLs, access times, pages viewed, click-stream data, and other technical information about your device and internet connection.
  • Location Data: With your explicit consent, we may collect precise or approximate location data through GPS, Wi-Fi, or IP address to suggest nearby players, courts, events, and clubs.
  • Communication Data: Content of messages you send through our platform, support tickets, feedback, and other communications with us or other users.
  • Payment Information: Payment method details, billing address, transaction history, and other financial information necessary to process payments (processed securely through our payment providers).
  • Biometric Data: If you choose to use biometric authentication features, we may collect biometric identifiers such as fingerprint or facial recognition data, which is stored securely on your device. Biometric data constitutes special categories of personal data under GDPR Article 9 and is only processed with your explicit consent (Article 9(2)(a) GDPR).

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: Where you have given explicit consent for specific processing activities, such as marketing communications or location tracking.
  • Contract Performance: Processing necessary for the performance of our contract with you, including account management and service provision.
  • Legitimate Interests: Processing necessary for our legitimate business interests, including: (1) Improving and optimizing our services, platform functionality, and user experience through analytics and user behavior analysis; (2) Preventing fraud, abuse, and security threats to protect our users and platform integrity; (3) Ensuring network and information security, including detecting and responding to technical issues and cyberattacks; (4) Analyzing usage patterns to develop new features and enhance existing functionality; (5) Managing business operations and ensuring service continuity. We have balanced these interests against your privacy rights and will only process data on this basis where our interests do not override your fundamental rights and freedoms.
  • Legal Obligation: Processing required to comply with legal obligations, such as tax reporting or responding to legal requests.
  • Vital Interests: Processing necessary to protect vital interests of you or another person in emergency situations.
  • Special Categories of Personal Data: Biometric data is processed only with your explicit consent pursuant to Article 9(2)(a) GDPR. You may withdraw your consent at any time.

5. How We Use Your Information

We use the collected information for various purposes, including:

  • Service Provision: To create and manage your account, authenticate users, provide our core services, process transactions, and deliver requested features.
  • Player Matching: To connect you with compatible tennis players based on skill level, location, preferences, and availability using our matching algorithms.
  • Communications: To send you service-related notifications, updates, security alerts, support messages, and respond to your inquiries.
  • Platform Improvement: To analyze usage patterns, diagnose technical problems, conduct research, and enhance the functionality, performance, and user experience of our platform.
  • Personalization: To customize content, features, and recommendations based on your preferences, behavior, and interactions with our platform.
  • Marketing: With your explicit consent, to provide you with news, special offers, promotional materials, and information about other services, events, and features that may interest you.
  • Security and Fraud Prevention: To detect, prevent, and respond to fraud, security threats, abuse, and other harmful activities that may affect our Service or users.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
  • Analytics: To understand how our Service is used, measure performance, and generate insights to improve our offerings.

6. Data Storage and Security

We store and process your information using our self-hosted database infrastructure. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and staff training. Your data is primarily stored in secure data centers within the European Union. While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Account data is typically retained for the duration of your account plus 3 years after account deletion. Communication data is retained for 7 years for legal compliance. Usage analytics data is anonymized after 2 years. You can request earlier deletion of your data by contacting us, subject to legal retention requirements.

8. Data Sharing and Disclosure

We may share your information in the following circumstances:

  • Other Users: Your profile information, match history, and tennis-related data are visible to other users as necessary for the functioning of our platform. You can control the visibility of certain information through your privacy settings.
  • Service Providers: Third-party vendors who provide services on our behalf, such as payment processing (Stripe), email delivery, data analysis, and customer support. These providers are contractually bound to protect your data.
  • Legal Requirements: When required by law, court order, subpoena, or governmental authority, or when we believe disclosure is necessary to protect our rights, property, or safety, or that of our users or the public.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the involved parties. We will notify you of any such change in ownership or control.
  • With Your Consent: We may share your information for other purposes with your explicit consent.

9. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the following rights regarding your personal data:

  • Right of Access: You can request copies of your personal data that we hold, including information about how it is processed.
  • Right to Rectification: You can ask us to correct inaccurate or incomplete personal data.
  • Right to Erasure ('Right to be Forgotten'): You can request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the original purpose.
  • Right to Restriction of Processing: You can ask us to restrict the processing of your personal data in certain situations.
  • Right to Data Portability: You can ask us to transfer your personal data to another organization or directly to you in a structured, commonly used, and machine-readable format.
  • Right to Object: You can object to our processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.
  • Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects you. Our platform uses automated matching algorithms (profiling) to suggest compatible tennis players based on factors such as skill level (ELO rating), location, playing preferences, availability, and past match history. This profiling involves calculating compatibility scores using your profile data, match history, and preferences. While these suggestions are automated, they do not produce legal effects and you have full control to accept, reject, or modify suggestions. You may request human review of any automated matching decisions or object to profiling by contacting us at admin@playace.de.
  • Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw consent by contacting us at admin@playace.de or through your account settings where applicable (e.g., marketing preferences).
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable law. The supervisory authority responsible for us is the State Commissioner for Data Protection of Lower Saxony (LfDI Niedersachsen), Prinzenstraße 5, 30159 Hannover, Germany (www.lfd.niedersachsen.de). However, you may also contact the supervisory authority in your country of residence.

To exercise any of these rights, please contact us at admin@playace.de. We will respond to your request within 30 days and may need to verify your identity before processing your request. These services are provided free of charge, except in cases of manifestly unfounded or excessive requests.

10. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your experience, analyze usage patterns, and provide personalized content. Cookies are small text files stored on your device. You can control cookie settings through your browser preferences or our cookie consent banner, but disabling certain cookies may limit some functionality of our Service.

Types of Cookies We Use:

  • Essential Cookies: Required for basic website functionality and security. These cookies cannot be disabled as they are necessary for the Service to function. Examples include session authentication cookies and security tokens.
  • Performance Cookies: Help us understand how visitors interact with our website by collecting anonymous information. We use PostHog analytics cookies (with your consent) to analyze usage patterns, track errors, and improve performance. These cookies collect anonymized data about page views, interactions, and technical performance metrics.
  • Functional Cookies: Enable enhanced functionality and personalization. These cookies remember your preferences and settings to provide a customized experience.
  • Targeting Cookies: Currently, we do not use targeting cookies for advertising purposes. Any future use of targeting cookies will require your explicit consent and will be disclosed in this policy.

You can manage your cookie preferences at any time through our cookie settings banner or by contacting us. Your consent preferences are stored locally on your device and can be changed at any time.

11. Profiling and Automated Matching

Our platform uses automated processing, including profiling, to provide player matching services. This involves:

How Profiling Works:

  • Algorithm: Our matching algorithm analyzes your profile data including tennis skill level (ELO rating), playing preferences, location, availability, match history, and specified preferences to calculate compatibility scores with other players.
  • Logic: The algorithm considers multiple factors: (1) Skill level compatibility based on ELO ratings and preferred skill range; (2) Geographic proximity (if location data is provided with consent); (3) Matching preferences such as preferred game types, playing times, and days; (4) Historical match data and outcomes; (5) User-specified matching criteria.
  • Significance: This profiling helps identify compatible players for you, improving your chances of finding suitable match partners. The suggestions are recommendations only and do not produce legal effects or significantly affect your rights. You maintain full control over whether to accept, reject, or modify any suggestions.
  • Your Rights: You have the right to: (1) Request human review of automated matching decisions; (2) Object to profiling at any time by contacting us; (3) Receive information about the logic involved in matching decisions; (4) Express your point of view regarding automated matching. To exercise these rights, contact us at admin@playace.de.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach. The notification will include: (1) The nature of the breach; (2) The categories and approximate number of data subjects and records concerned; (3) The likely consequences of the breach; (4) The measures we have taken or propose to take to address the breach. We will also provide guidance on steps you can take to protect yourself, such as changing passwords or monitoring your accounts. We maintain comprehensive security measures and incident response procedures to prevent and address data breaches.

13. International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA) where data protection laws may differ. When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms. We primarily store data within the EEA through our EU-based service providers. Some third-party services (notably PostHog for analytics) may process data in the United States, but we ensure appropriate safeguards are in place through Standard Contractual Clauses and other approved mechanisms.

14. Children's Privacy

Our Service is not intended for children under the age of 16. We do not knowingly collect, use, or disclose personal information from children under 16 without the required consent. Under German law (BDSG), individuals aged 16 and above can consent to data processing themselves. For individuals between 13 and 15 years, parental consent is required. Individuals under 13 may not use the Service. If we become aware that we have collected personal information from a child under 16 without the required consent, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

15. Third-Party Services

Our Service may contain links to third-party websites, applications, or services that are not owned or controlled by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services before providing them with your personal information.

Third-Party Services We Use:

  • Stripe: Payment processing (privacy policy: https://stripe.com/privacy)
  • Sentry: Error monitoring, performance tracking, and session replay (privacy policy: https://sentry.io/privacy/)
  • PostHog: Analytics and product analytics (privacy policy: https://posthog.com/privacy). PostHog is configured to process data within the EU. Data is only collected with your explicit consent through our cookie consent mechanism.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: admin@playace.de

Address: Paul Artjomow Software, Bodelschwinghstr. 1, 48527 Nordhorn, Germany

Data Protection Officer: admin@playace.de

Note: We have appointed a Data Protection Officer to assist you with data protection inquiries. This appointment is voluntary pursuant to GDPR Article 37(7).

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and, where required by law, by sending you a notification via email or through our Service. We encourage you to review this policy periodically. Your continued use of our Service after any changes indicates your acceptance of the updated policy.

Last updated: 11/2/2025