Privacy Policy

Translated from German.

Unless otherwise stated below, providing your personal data is neither required by law nor by contract, nor is it necessary for entering into a contract. You are not obliged to provide the data. Failure to provide it has no consequences. This applies only insofar as no other information is provided for the processing operations described below.

“Personal data” means any information relating to an identified or identifiable natural person.

1. Controller

The contact details of the controller responsible for data processing can be found in our legal notice (“Imprint”).

2. Hosting and Server Log Files

You may visit our websites without providing any information about yourself. Each time our website is accessed, usage data is transmitted to us or our web host/IT service provider by your internet browser and stored in log data (“server log files”). This stored data includes, for example:

  • Name of the page accessed
  • Date and time of access
  • IP address
  • Amount of data transferred
  • Requesting provider
  • Where applicable, referrer URL and user agent (browser/operating system)

Purpose: Ensuring technical operation, stability, security (e.g., abuse/attack detection) and optimization.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

Retention period: Server log files are generally stored only as long as necessary for the purposes stated above and then deleted or anonymized.

3. Contact

3.1 Unsolicited Contact by Email

If you contact us by email on your own initiative for business purposes, we collect your personal data (name, email address, message text) only to the extent you provide it.

Purpose: Processing and responding to your request.

Legal basis:

  • Art. 6(1)(b) GDPR, if the contact relates to pre-contractual measures (e.g., consultation, offer) or an existing contract.
  • Art. 6(1)(f) GDPR, if the contact is made for other reasons (legitimate interest in efficient communication).

Right to object: You have the right to object at any time, on grounds relating to your particular situation, to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR).

Retention period: After final processing, we delete your data unless statutory retention obligations apply.

3.2 Contact Form

When using the contact form, we collect your personal data (name, email address, message text) only to the extent you provide it.

Purpose: Contacting you and processing your message.

Legal basis: Art. 6(1)(a) GDPR (consent), if the form is designed as a consent solution; otherwise Art. 6(1)(b) or (f) GDPR depending on the context (pre-contractual/other contact).

Withdrawal: You may withdraw your consent at any time with effect for the future; this does not affect the lawfulness of processing carried out before withdrawal.

Retention period: After final processing, we delete your data unless statutory retention obligations apply.

4. WhatsApp Business

If you contact us via WhatsApp, we use WhatsApp Business provided by WhatsApp Ireland Limited and—depending on region/service—affiliated companies.

Processed data: Phone number, possibly profile name, message content, communication metadata (e.g., timestamps), and other information you provide.

Purpose: Processing and responding to your request.

Legal basis:

  • Art. 6(1)(b) GDPR (pre-contractual/contractual), or
  • Art. 6(1)(f) GDPR (legitimate interest in fast, uncomplicated communication).

Recipients / third-country transfers: When using WhatsApp, data is transmitted to WhatsApp/Meta and may also be processed in third countries. For details, please refer to WhatsApp’s privacy information (see link directory).

Retention period: We store WhatsApp communication only as long as necessary for processing and then delete it unless statutory retention obligations apply.

5. Orders and Contract Performance

For orders/registrations and in the course of contract performance, we collect and process your personal data only insofar as this is necessary to fulfill and perform the service and to process your inquiries.

Purpose: Conclusion of contract, provision of service, billing, support.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

Recipients: If necessary, data may be transferred to IT service providers, hosting providers, payment service providers and, where applicable, shipping/service partners. Data transfers are limited to the minimum necessary scope.

6. Comments/Reviews

If you post comments/contributions, we process the data you provide (e.g., name/display name, comment text, email address).

Purpose: Publication and administration of comments, abuse prevention.

Legal basis: Art. 6(1)(a) GDPR (consent) and/or Art. 6(1)(f) GDPR (legitimate interest in community features/abuse protection), depending on the specific implementation.

Important: When published, only the name/display name you provide and the comment text will be displayed. Your email address will not be published, but will be processed internally only (e.g., for queries/moderation/spam prevention).

Retention period: Comments are generally stored until deleted (by us or—if offered—by you), unless there are legal reasons for longer retention.

7. Payment Service Providers

7.1 PayPal

We offer the option to process payments via PayPal (Europe) S.à r.l. et Cie, S.C.A.

Purpose: Payment processing, fraud prevention, refunds.

Legal basis: Art. 6(1)(b) GDPR (payment processing/performance of contract). Where additional fraud prevention measures are applied: Art. 6(1)(f) GDPR.

Processed data (typically): Name, address, email, phone number, transaction data, and possibly additional data that PayPal requires for payment processing.

Creditworthiness/risk checks notice: Depending on the PayPal payment method, PayPal may carry out its own checks. We have no influence over this; PayPal’s privacy policy applies (see link directory).

Role: PayPal generally processes data as an independent controller.

7.2 Stripe

We offer the option to process payments via Stripe, Inc. and/or Stripe entities in Europe.

Purpose: Payment processing, fraud prevention, refunds.

Legal basis: Art. 6(1)(b) GDPR (payment processing/performance of contract). Where additional fraud prevention measures are applied: Art. 6(1)(f) GDPR.

Processed data (typically): Name/cardholder name, email, transaction data; payment data (e.g., card data) is generally processed directly by Stripe.

Role: Depending on the processing activity, Stripe may act as a processor and/or an independent controller. The relevant agreements and privacy information from Stripe apply (see link directory).

Third-country transfers: International processing possible; appropriate safeguards (e.g., Standard Contractual Clauses) are used depending on the circumstances.

8. Cookies, Consent and Similar Technologies

Our website uses cookies and similar technologies (e.g., local storage, pixels, SDK IDs). Cookies are small text files stored on your device by your internet browser.

8.1 Consent Management with Borlabs Cookie

We use Borlabs GmbH (“Borlabs Cookie”) as a consent management platform (CMP) to manage consents for technologies/services requiring consent. A technically necessary cookie (e.g., “borlabs-cookie”) is set to store your selection.

8.2 Legal Bases under the TDDDG and the GDPR

  • Technically necessary cookies/technologies: Storage/access is based on Sec. 25(2) TDDDG (strictly necessary). Further processing is generally based on Art. 6(1)(f) GDPR (legitimate interest in operation/security) or Art. 6(1)(b) GDPR (contractually necessary functions), depending on the function.
  • Non-essential cookies/technologies (analytics/marketing/personalization/external media): Storage/access only with consent under Sec. 25(1) TDDDG; subsequent data processing is based on Art. 6(1)(a) GDPR.

8.3 Managing and Withdrawing Consent

You can change or withdraw your consents at any time via our “Cookie Settings”. You can also manage and delete cookies via your browser settings.

9. Analytics, Marketing and External Media (Tools)

Depending on configuration, the following tools set non-essential cookies/identifiers or process usage data for analytics/marketing purposes. Where required, these tools are activated only after consent via our CMP (Borlabs Cookie).

9.1 Google Analytics

We use Google Analytics provided by Google Ireland Limited.

Purpose: Reach measurement, optimization, error analysis.

Legal basis: Art. 6(1)(a) GDPR in conjunction with Sec. 25(1) TDDDG (consent).

Third-country transfers: Depending on configuration, data may be transferred to third countries (e.g., the USA); appropriate safeguards (e.g., SCCs) are used.

9.2 UserJot (Roadmap/Feedback)

We use UserJot to provide registered users with a roadmap/changelog view and to collect feedback (e.g., feature requests, comments, upvotes).

Data: First name, last name, email address; feedback content; technical log data (e.g., IP/time) where necessary.

Legal basis: Art. 6(1)(b) GDPR (feature within the web app) and/or Art. 6(1)(f) GDPR (optimization/quality assurance).

Role: Processor (DPA/processing agreement).

Third-country transfers: Possible; appropriate safeguards (e.g., SCCs) according to the provider’s information.

9.3 Google Tag Manager

We use Google Tag Manager to manage tags. It typically does not set cookies itself but may load other tools.

Legal basis: Depends on the tools integrated via it; non-essential tags only after consent.

9.4 Google reCAPTCHA / Invisible reCAPTCHA

We use reCAPTCHA to protect against spam/abuse.

Legal basis: Art. 6(1)(f) GDPR (security interest). If non-essential technologies are used in individual cases, additional consent may be required (depending on integration).

9.5 Google Maps (External Media) and Google Maps Autocomplete

We use Google Maps to display maps and the Google Places Autocomplete API to assist with address entry (e.g., when entering tournament locations).

Data processed: When using the autocomplete function, your input (search terms) and your IP address are transmitted to Google servers to generate address suggestions.

Purpose: Facilitating address entry, geocoding of tournament locations.

Legal basis:

  • For registered users when creating tournaments: Art. 6(1)(b) GDPR (contract performance/provision of the function).
  • For map display on public pages: Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG (consent via Borlabs Cookie).

Third country transfer: Data may be transferred to Google servers in the USA. Google LLC is certified under the EU-US Data Privacy Framework.

Further information: https://policies.google.com/privacy

9.6 Use of Fonts

We use fonts (“Google Fonts”) on our website that are hosted locally on our server. When you access our pages, no connections are made to servers of Google LLC and no personal data (e.g., IP address) is transmitted to Google for the purpose of retrieving fonts.

Purpose of processing: Consistent and appealing presentation of our website and improved user-friendliness.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a technically stable, performant and consistent presentation of our website).

9.7 Brevo Newsletter

We use Brevo (Sendinblue) for newsletters/email distribution.

Legal basis: Art. 6(1)(a) GDPR (consent). Withdrawal at any time via the unsubscribe link.

9.8 YouTube (Enhanced Privacy Mode)

We embed videos from YouTube.

Legal basis: Consent (Art. 6(1)(a) GDPR in conjunction with Sec. 25(1) TDDDG), provided the video/iframe is loaded only after consent.

10. CDN/Library Services and Other Third Parties

10.1 Cloudflare (CDN/Security)

We use Cloudflare Germany GmbH for security and performance.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and efficient operation).

10.2 jsDelivr / unpkg (CDN)

We use CDNs to deliver libraries/scripts faster.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Note: local hosting may be more privacy-friendly.

10.3 DataTables

We use DataTables functionality for tables. Depending on integration, external resources may be loaded.

Legal basis: Art. 6(1)(f) GDPR; where consent is required for external integrations, consent applies.

11. Social Media Presences (Facebook, Instagram, LinkedIn)

We maintain online presences on social networks, e.g., Facebook / Instagram and LinkedIn Ireland Unlimited Company.

Personal data may be processed by the respective platform providers—also outside the EU. We have only limited influence on the type and scope of processing by the platform providers.

Purposes: Information, communication, marketing/public relations. Legal basis: Art. 6(1)(f) GDPR.

For details, please refer to the privacy notices of the respective providers (see link directory).

12. Retention Period and Statutory Retention Obligations

Unless otherwise stated in this privacy policy, we process and store personal data only as long as necessary to achieve the respective purpose.

After full performance of the contract, data is stored within the scope of statutory retention periods and then deleted.

Typical periods (depending on the document): 6 years (HGB) and 10 years (AO).

13. Data Subject Rights

If the statutory requirements are met, you have the following rights under Articles 15 to 20 GDPR: right of access, rectification, erasure, restriction of processing, and data portability.

Right to Object (Art. 21 GDPR)

Where processing is based on Art. 6(1)(f) GDPR, you have the right to object at any time on grounds relating to your particular situation.

Withdrawal of Consent

Consents may be withdrawn at any time with effect for the future.

Right to Lodge a Complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority.

Last updated: 04 February 2026

Link Directory (URLs)

Borlabs Cookie
- Manufacturer/Product: https://de.borlabs.io/borlabs-cookie/

Manage browser cookies
- Chrome: https://support.google.com/accounts/answer/61416?hl=de
- Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Safari (macOS): https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
- Internet Explorer (legacy): https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

WhatsApp
- Legal/Privacy: https://www.whatsapp.com/legal/

PayPal
- Privacy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Stripe
- Privacy Center: https://stripe.com/privacy-center/legal

Google / Analytics
- Opt-out Add-on: https://tools.google.com/dlpage/gaoptout?hl=de
- Google Privacy: https://policies.google.com/privacy
- Cookies/Technologies: https://policies.google.com/technologies/cookies?hl=de

Brevo
- Privacy: https://www.brevo.com/de/legal/privacypolicy/

YouTube
- Privacy: https://www.youtube.com/t/privacy

Cloudflare
- SCC document: https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf

DataTables
- Privacy: https://datatables.net/privacy

Social Media
- Facebook: https://www.facebook.com/about/privacy/
- Instagram: https://instagram.com/about/legal/privacy
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- YourOnlineChoices: http://www.youronlinechoices.com