← Back to Home
GDPR Compliance Statement
TeamWalletX is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws. This document outlines how we collect, process, store, and protect your personal data in compliance with GDPR requirements.
Data Controller: TeamWalletX
Contact: privacy@teamwalletx.com
Data Protection Officer: Available upon request
Personal Data We Process
Under GDPR, personal data means any information relating to an identified or identifiable natural person. We process the following categories of personal data:
| Data Category |
Data Types |
Purpose |
| Identity Data |
Name, email address, player number |
Account creation, team management |
| Team Data |
Team affiliations, role (admin/player), membership status |
Team coordination, access control |
| Performance Data |
Penalty records, payment history, statistics, achievements |
Team management, gamification |
| Financial Data |
Penalty amounts, payment status, transaction records |
Financial tracking, payment processing |
| Technical Data |
Device type, OS version, app version, crash reports |
App functionality, technical support |
| Usage Data |
App interactions, feature usage, performance metrics |
Service improvement, analytics |
Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR Article 6:
Legitimate Interest (Article 6(1)(f))
- Team management and coordination
- App functionality and technical support
- Service improvement and analytics
- Security and fraud prevention
Contract Performance (Article 6(1)(b))
- Providing sports team management services
- Processing penalty assignments and payments
- Enabling team communication features
Consent (Article 6(1)(a))
- Marketing communications (where applicable)
- Non-essential notifications
- Optional features requiring explicit consent
Legal Obligation (Article 6(1)(c))
- Compliance with applicable laws
- Response to legal requests
- Tax and financial reporting requirements
Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
Right of Access (Article 15)
- Request confirmation of data processing
- Obtain a copy of your personal data
- Receive information about processing purposes and recipients
Right to Rectification (Article 16)
- Correct inaccurate personal data
- Complete incomplete personal data
- Update outdated information
Right to Erasure / "Right to be Forgotten" (Article 17)
- Request deletion of personal data when no longer necessary
- Withdraw consent and request data deletion
- Object to unlawful processing
Right to Restrict Processing (Article 18)
- Limit processing while verifying accuracy
- Restrict processing instead of deletion
- Object to processing based on legitimate interests
Right to Data Portability (Article 20)
- Receive personal data in structured, machine-readable format
- Transmit data to another controller
- Available for automated processing based on consent or contract
Right to Object (Article 21)
- Object to processing based on legitimate interests
- Object to direct marketing (absolute right)
- Object to automated decision-making and profiling
How to Exercise Your Rights:
Contact us at privacy@teamwalletx.com or use the in-app data export feature for data portability requests. We will respond within 30 days as required by GDPR.
Data Processing Activities
Data Collection
- Direct Collection: Information you provide during registration, team setup, and app usage
- Automatic Collection: Technical data, usage patterns, and app performance metrics
- Third-Party Sources: Firebase Authentication for account verification
Data Processing Purposes
- Providing sports team management services
- Processing penalty assignments and tracking payments
- Enabling team coordination and communication
- Implementing gamification features (achievements, leaderboards)
- Improving app performance and user experience
- Providing customer support and technical assistance
- Ensuring platform security and preventing fraud
Automated Decision-Making
We may use automated processing for:
- Achievement unlocking based on performance metrics
- Penalty suggestion algorithms for administrators
- App performance optimization
You have the right to object to automated decision-making and request human intervention where it significantly affects you.
Data Sharing and International Transfers
Data Recipients
We may share your personal data with:
- Team Members: Limited data sharing for team functionality
- Service Providers: Google Firebase (hosting), payment processors
- Legal Authorities: When required by law or legal process
International Data Transfers
Your data may be transferred to and processed in countries outside the EEA, including:
- United States: Google Firebase services (adequacy decision/Standard Contractual Clauses)
- Other Countries: As necessary for service provision with appropriate safeguards
Transfer Safeguards
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Binding Corporate Rules (BCRs) for multinational processors
- Technical and organizational measures ensuring data protection
Data Retention and Deletion
Retention Periods
- Account Data: Retained while account is active and up to 3 years after deletion
- Team Data: Retained while team exists and up to 7 years for financial records
- Technical Data: Retained for up to 2 years for security and improvement purposes
- Communication Data: Retained for up to 1 year unless legally required longer
Automatic Deletion
- Inactive accounts may be deleted after 2 years of no activity
- Technical logs automatically deleted after specified retention periods
- Temporary files and cache data regularly purged
Deletion Process
When you request account deletion or exercise your right to erasure:
- Personal identifiers are immediately anonymized or pseudonymized
- Data is marked for deletion and removed within 30 days
- Some data may be retained longer for legal compliance
- You will receive confirmation of deletion completion
Data Security Measures
Technical Safeguards
- Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
- Access Controls: Multi-factor authentication and role-based access
- Network Security: Firewalls, intrusion detection, and DDoS protection
- Monitoring: 24/7 security monitoring and incident response
Organizational Measures
- Regular security training for personnel
- Data minimization and privacy by design principles
- Regular security audits and penetration testing
- Incident response and breach notification procedures
Data Breach Response
In case of a personal data breach:
- We will assess the breach within 24 hours
- Notify supervisory authorities within 72 hours if high risk
- Inform affected individuals without undue delay if high risk to rights
- Implement measures to mitigate adverse effects
- Document the breach and response measures
Children's Data Protection
Special protections apply to children's personal data under GDPR:
- Age Verification: We verify users are 16+ or have parental consent (lower ages where national law permits)
- Parental Rights: Parents can exercise rights on behalf of children under 16
- Enhanced Protection: Additional safeguards for data processing involving minors
- Consent Requirements: Parental consent required for data processing of children under 16
Sports Team Context: TeamWalletX is designed for sports teams and may be used by minors under parental or coach supervision. Team administrators must ensure appropriate consents are obtained.
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR.
EU Data Protection Authorities
- Your Local Authority: Contact the data protection authority in your EU member state
- Lead Authority: We cooperate with lead supervisory authorities under GDPR's one-stop-shop mechanism
- Complaint Process: You can file complaints online or by mail with relevant authorities
Contact Before Complaints
We encourage you to contact us first at privacy@teamwalletx.com to resolve any data protection concerns. We are committed to working with you to address any issues promptly and effectively.
Updates to This Data Protection Notice
We may update this GDPR compliance document to reflect:
- Changes in applicable data protection laws
- Updates to our data processing activities
- New features or services that affect data processing
- Feedback from supervisory authorities or users
We will notify you of significant changes through:
- Email notifications to registered users
- In-app notifications highlighting key changes
- Updates posted on our website with change summaries