PRIVACY POLICY

pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR)

Last updated: January 2026

1. DATA CONTROLLER

The Data Controller is:

Stefano Loberti

Via Vescovado, 18 - 15121 Alessandria (AL), Italy

VAT: IT02569330067

Email: stefanoloberti@gmail.com

2. PROCESSING PRINCIPLES

The Controller is committed to processing personal data in compliance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality, as provided by Article 5 of the GDPR.

3. PERSONAL DATA PROCESSED

The Platform collects only the following personal data:

EMAIL ADDRESS

The email address is the only personal data required for registration on the Platform. Collection occurs through a double opt-in system: the User enters their email address and receives a confirmation email containing a link that must be clicked to complete registration and validate the account.

No other mandatory personal data is collected. Any data entered by the User in tournament content (player names, results, etc.) is the sole responsibility of the User who enters it.

4. PURPOSES AND LEGAL BASIS OF PROCESSING

Personal data is processed for the following purposes:

a) Account registration and management

The email address is necessary to create the account, authenticate the User, and allow access to reserved features. Legal basis: performance of a contract to which the data subject is party (Art. 6(1)(b) GDPR).

b) Service communications

The email may be used to send essential technical communications regarding the Service (e.g., registration confirmation, password recovery, maintenance notices). Legal basis: legitimate interest of the Controller (Art. 6(1)(f) GDPR).

c) Legal compliance

Data may be processed to comply with legal obligations. Legal basis: legal obligation (Art. 6(1)(c) GDPR).

5. PROCESSING METHODS

Personal data is processed using electronic tools and security measures adequate to ensure confidentiality. Processing is carried out by the Controller and/or any data processors appointed pursuant to Article 28 of the GDPR.

6. DATA RECIPIENTS

Personal data is not transferred to third parties for commercial or marketing purposes.

Data may be disclosed to:

• Hosting and technical infrastructure service providers, as data processors
• Competent authorities, where required by law

7. DATA TRANSFER

Personal data is stored on servers located in the European Union. Should transfer to third countries become necessary, the Controller will ensure appropriate safeguards pursuant to Articles 46 et seq. of the GDPR.

8. RETENTION PERIOD

Personal data is retained for the time necessary to pursue the purposes for which it was collected:

• Account data: until account deletion by the User or up to 24 months of inactivity
• In case of legal obligations: for the period required by applicable law

After the retention period, data will be deleted or irreversibly anonymized.

9. DATA SUBJECT RIGHTS

Pursuant to Articles 15-22 of the GDPR, the User has the right to:

• Access: obtain confirmation of processing and access their data
• Rectification: obtain correction of inaccurate data or completion of incomplete data
• Erasure ("right to be forgotten"): obtain deletion of their data, in cases provided by law
• Restriction: obtain restriction of processing in cases provided by law
• Portability: receive their data in a structured, machine-readable format
• Object: object to processing for legitimate reasons
• Withdraw consent: withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal

To exercise these rights, the User may send a request to stefanoloberti@gmail.com, specifying "Privacy Request" in the subject line.

10. COMPLAINT TO SUPERVISORY AUTHORITY

The User has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali - www.garanteprivacy.it) if they believe that their data processing violates the GDPR.

11. COOKIES

The Platform uses only strictly necessary technical cookies for the operation of the Service, such as:

• Session cookies for User authentication
• Cookies for browsing session management

No profiling cookies or third-party cookies for advertising or tracking purposes are used. User consent is not required for technical cookies pursuant to Article 122 of Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.

12. DATA SECURITY

The Controller adopts appropriate technical and organizational measures to protect personal data from unauthorized access, loss, destruction, or disclosure, in accordance with Article 32 of the GDPR. Such measures include:

• Use of encrypted connections (HTTPS/SSL)
• Secure authentication procedures
• Regular data backups

13. MINORS

The Platform is not intended for users under 16 years of age. The Controller does not knowingly collect personal data from minors. If a parent or legal guardian finds that a minor has provided personal data without authorization, they are invited to contact the Controller to request its deletion.

14. CHANGES TO THIS POLICY

The Controller reserves the right to update this Privacy Policy at any time. Changes will be published on the Platform with indication of the last update date. Continued use of the Service after publication of changes constitutes acceptance of the updated Policy.

15. CONTACT INFORMATION

For any requests regarding personal data processing:

Stefano Loberti

Via Vescovado, 18 - 15121 Alessandria (AL), Italy

Email: stefanoloberti@gmail.com