Privacy and Cookie Policy for TKDPLANNER.EU

Within the operation of the Application, there is a distinction in data processing roles:

Data Controller (Clubs): Regarding the personal data of athletes (including minors), their parents, and coaches, the Sports Club to which the user belongs is the Data Controller. The Club decides what data is collected (e.g., National ID/PESEL, weight).

Data Processor (Application Operator): Łukasz Szutowicz (the owner of the Application) processes athletes' data on behalf of the Club, solely for the purpose of providing the Service (database storage).

Data Controller (Application Operator): Łukasz Szutowicz acts as the Data Controller solely regarding the billing and contact data of the Club owners (his direct clients).

The Application processes data necessary for sports management, including:

Identification data (First name, Last name, National ID/PESEL — for insurance and sports association licenses),

Contact data (Phone, E-mail, Address),

Physical attributes (Weight, Age — for tournament categories),

Organizational data (Belt/Rank, Club affiliation, Attendance, Tournament results),

Health data (Exclusively information regarding the expiration date of medical clearances).

We maintain the highest security standards. We use trusted technology providers:

Database and Authentication: We use Supabase Inc. Data is stored on servers located in the European Union (Frankfurt, Germany), operated by AWS, ensuring compliance with European data protection standards.

Hosting and Frontend: The application is hosted by Vercel Inc. (USA).

E-mail Communications: We use Resend Labs Inc. (USA) to send system notifications.

Performance Analytics: We use Vercel Speed Insights to collect anonymous application performance metrics (e.g., page load time, interface responsiveness). This service does not use cookies, does not collect personal data, and does not allow identification of individual users. Data is processed by Vercel Inc. (USA).

Data Transfers outside the EEA: Due to the use of Vercel and Resend, some technical or contact data may be processed in the USA. These entities ensure an adequate level of data protection based on Standard Contractual Clauses (SCCs) approved by the European Commission.

We employ connection encryption (SSL/TLS), database access control mechanisms (Row Level Security), and secure authentication methods. User passwords are encrypted (hashed) and are not visible to the Operator.

Data in the Application is stored for the duration of the agreement with the Club and for the duration of the athlete's membership in the Club, and subsequently archived for 2 years (for defense against legal claims), unless the Club (as the Data Controller) decides to delete it earlier.

Data subjects have the right to access their data, rectify it, erase it, and restrict its processing. For matters concerning an athlete's data, please contact your Club directly.