Register Sign in

Last updated: 29 April 2026

Privacy policy

This notice explains how SportHub handles personal data for account holders, community administrators, members, collaborators, staff, employees, and people whose records are managed in the service.

Data controller and contact

For data processed directly by this service, the controller is Eugeniu Grigoras, Reggio Emilia, Italy.

For privacy questions or requests, contact eugeniogrigoras@gmail.com.

When a sporting club, community, employer, or other organization uses the service to manage its own people under a data-processing appointment and written instructions, that organization remains the controller for those records and Eugeniu Grigoras acts as processor. In that situation, requests about those records should normally be addressed first to that organization.

The controller that enters the records is responsible for giving the Article 13 GDPR privacy notice to its members, customers, employees, or guardians, and for collecting any required consent for photos, health certificates, or other special-category data.

Data we process

  • Account and access data: name, email address, password hash, authentication tokens, two-factor or recovery-code state, roles, permissions, language, theme, font, and other preferences.
  • Community and organization data: community or club names, collaborator roles, membership lists, groups, staff or employee records where enabled, and related settings.
  • Member and employee data: names, surnames, date of birth, email, phone, nationality, country, address, postal code, fiscal code, profile images, and similar master data entered by authorized users.
  • Activity and administration data: subscriptions, payments, payment methods or notes, attendance entries and exits, certificates, medical or health certificate files, sporting licenses, federations, and related status history.
  • Technical and security data: IP address, request metadata, session cookies, logs, audit or change history, backup manifests, error traces, and device/browser information needed to run and protect the service.
  • Communication data: emails and messages needed for registration, email confirmation, password reset, security notices, support, and service administration.

Why we process data

We process data to create and secure accounts, authenticate users, provide member and employee management features, manage subscriptions, payments, certificates, sporting licenses and attendance, send account emails, provide support, maintain backups, restore the service when needed, prevent abuse, and comply with legal or administrative obligations.

The legal bases may include contract performance or pre-contractual steps, legitimate interests in operating and securing the service, legal obligations, consent where required, and, for health or medical certificate data, an applicable special-category condition under Article 9 GDPR such as explicit consent or obligations connected with sport, health, or safety requirements.

For club-managed records processed under written instructions, we do not use the data for our own profiling, marketing, or unrelated analytics.

Hosting, backups, and processors

  • IONOS SE hosts the VPS that runs the application. IONOS states that, for contracts concluded from 19 July 2022, its data-protection regulation is part of its general terms and no separate data-processing agreement is required. IONOS data-processing information
  • Hetzner Online GmbH provides the Storage Box used for off-site backups. A Hetzner data-processing agreement dated 29 April 2026 covers backup processing. Backup sets may contain the full encrypted application database and media store, including records that have been deleted from the live service until the backup retention period expires.
  • Transactional email providers process email addresses and message content only as needed to deliver account and service emails.

Sharing and technical access

Personal data is not sold. Authorized users can access records according to their role and permissions. Technical access by the processor is limited to hosting, maintenance, support, security, backup, and recovery tasks, and is normally performed only on request or under documented instructions from the relevant controller.

Data may be shared with hosting, backup, email, authentication, and similar service providers only as needed to provide the service, or with public authorities where legally required.

International transfers

Core hosting, application data, and backup processing take place within the European Union or European Economic Area. No extra-EU transfer of application data is intended. If this changes, the relevant controller authorization, safeguards, and privacy information will be updated before the new processing is used.

Cookies and local preferences

The service uses essential cookies for login sessions, security, anti-forgery protection, selected community context, culture/language, timezone, theme, font, and similar preferences. These cookies are needed to provide the service or remember choices. The service does not use advertising cookies or behavioral marketing analytics.

Retention

Account, community, member, employee, subscription, payment, certificate, sporting-license, and attendance data are kept for as long as needed to provide the service, meet legal or administrative obligations, resolve disputes, or satisfy the retention instructions of the relevant community or organization. Security logs are normally retained for a limited operational period. Backup copies are automatically rotated; deleting live data may not remove it immediately from existing backups.

For data processed on behalf of a sporting club or other controller, data is returned or deleted at the end of the relationship according to the written agreement and instructions, normally within 30 days unless a legal obligation requires otherwise.

Security

We use role-based access controls, authentication, encrypted application storage, protected backup transfer over SFTP/SSH, backup integrity checks, logical separation between customer environments, limited technical access, and provider data-processing agreements to protect personal data. No internet service can be guaranteed completely secure, but access is limited to what is needed to operate, maintain, support, and recover the service.

Your rights

Depending on the situation and applicable law, you may request access, correction, deletion, restriction, portability, objection to processing, or withdrawal of consent. You may also complain to the Italian Data Protection Authority, the Garante per la protezione dei dati personali. If your data was entered by a club, employer, or community, we may need to coordinate the request with that organization.

Children and sensitive data

The service may contain records about minors, guardians, health certificates, or other sensitive information when an authorized organization enters that data for sports, membership, employment, or safety administration. Those users must ensure they have the required notice, consent, legal basis, and authorization before entering this information.

Updates

This notice may be updated when the service, hosting, subprocessors, backup process, or legal requirements change. The latest version is published on this page.