Privacy Policy

Unless otherwise stated below, the provision of your personal data is neither required by law nor by contract, nor is it necessary for the conclusion of a contract. You are not obligated to provide this data. Failure to provide it will have no consequences. This applies only to the extent that no other information is provided regarding the processing operations described below.

“Personal data” means any information relating to an identified or identifiable natural person.

1. Data Controller

You can find the contact information for the data controller in our legal notice.

2. Hosting and Server Log Files

You can visit our website without providing any personal information. Every time you access our website, your internet browser transmits usage data to us or our web host/IT service provider, which is then stored in log files (“server log files”). This stored data includes, for example:

  • Name of the page being accessed

  • Date and time of access

  • IP address

  • amount of data transferred

  • requesting provider

  • if applicable, referrer URL and user agent (browser/OS)

Purpose: To ensure technical operations, stability, security (e.g., detection of misuse or attacks), and optimization.

Legal basis: Article 6(1)(f) of the GDPR (legitimate interests).

Retention period: Server log files are generally stored only for as long as is necessary for the purposes stated, and are subsequently deleted or anonymized.

3. Initial Contact

3.1 Unsolicited contact via email

If you contact us on your own initiative via email, we will collect your personal data (name, email address, message text) only to the extent that you provide it.

Purpose: To process and respond to your inquiry.

Legal basis:

  • Article 6(1)(b) of the GDPR, provided that the contact is made for the purpose of taking steps prior to entering into a contract (e.g., consultation, quotation) or relates to an existing contract.

  • Art. 6(1)(f) of the GDPR, if contact is initiated for other reasons (legitimate interest in efficient communication).

Objection: You have the right to object at any time, on grounds relating to your particular situation, to processing based on Article 6(1)(f) of the GDPR (Article 21 of the GDPR).

Retention period: Once processing is complete, we will delete your data unless there are legal requirements to retain it.

3.2 Contact Form

When you use the contact form, we collect your personal data (name, email address, message text) only to the extent that you provide it.

Purpose: To contact you and process your message.

Legal basis: Article 6(1)(a) of the GDPR (consent), provided that the form is designed as a consent mechanism; otherwise, Article 6(1)(b) or (f) of the GDPR, depending on the context (pre-contractual/other contact).

Withdrawal: You may withdraw your consent at any time with future effect, without this affecting the lawfulness of the processing carried out prior to the withdrawal.

Retention period: Once processing is complete, we will delete your data unless there are legal requirements to retain it.

4. WhatsApp Business

When you contact us via WhatsApp, we use WhatsApp Business, provided by WhatsApp Ireland Limited or—depending on your region or the service—its affiliated companies.

Data processed: Phone number, profile name (if applicable), message content, communication metadata (e.g., timestamps), and any other information you provide.

Purpose: To process and respond to your inquiry.

Legal basis:

  • Art. 6(1)(b) of the GDPR (pre-contractual/contractual) or

  • Art. 6(1)(f) of the GDPR (legitimate interest in fast, straightforward communication).

Recipients / Transfers to third countries: When using WhatsApp, data is transferred to WhatsApp/Meta and may also be processed there in third countries. For details, please refer to WhatsApp’s privacy policy (see list of links).

Retention period: We store WhatsApp communications only for as long as necessary to process them and delete them thereafter, unless there are legal retention requirements.

5. Orders and Contract Processing

When you place an order or register, as well as during the fulfillment of the contract, we collect and process your personal data only to the extent necessary to fulfill and process the service and to handle your inquiries.

Purpose: Entering into a contract, providing the service, billing, and support.

Legal basis: Article 6(1)(b) of the GDPR (performance of a contract).

Recipients: Depending on the circumstances, data may be transferred to IT service providers, hosting providers, payment service providers, and, where applicable, shipping or service partners. The scope of data transfer is limited to the minimum necessary.

6. Comments/Reviews

When you post comments or contributions, we process the data you provide (e.g., name/display name, comment text, email address).

Purpose: Publication and management of comments; prevention of abuse.

Legal basis: Article 6(1)(a) of the GDPR (consent) or Article 6(1)(f) of the GDPR (legitimate interest in community features/protection against misuse), depending on the specific circumstances.

Important: When published, only the name/display name you provided and the comment text will be displayed. Your email address will not be published; it will be processed solely for internal purposes (e.g., for follow-up questions, moderation, or spam prevention).

Retention period: Comments are generally stored until they are deleted (by us or—if available—by you), unless there are legal grounds for longer retention.

7. Payment service providers

7.1 PayPal

We offer the option to process payments via PayPal (Europe) S.à r.l. et Cie, S.C.A.

Purpose: Payment processing, fraud prevention, refunds.

Legal basis: Article 6(1)(b) of the GDPR (payment processing/performance of a contract). Where additional fraud prevention measures are taken: Article 6(1)(f) of the GDPR.

Data processed (typically): name, address, email address, phone number, transaction data, and, if necessary, any other data PayPal requires to process the payment.

Note on credit and risk checks: Depending on the PayPal payment method, PayPal may conduct its own checks. We have no influence over this; the PayPal Privacy Policy applies (see list of links).

Role: PayPal regularly processes data as a data controller.

7.2 Stripe

We offer the option of processing payments through Stripe, Inc., or through Stripe’s European subsidiaries.

Purpose: Payment processing, fraud prevention, refunds.

Legal basis: Article 6(1)(b) of the GDPR (payment processing/performance of a contract). Where additional fraud prevention measures are taken: Article 6(1)(f) of the GDPR.

Data processed (typically): Name/cardholder, email, transaction data; payment data (e.g., card details) is generally processed directly by Stripe.

Role: Depending on the processing operation, Stripe may act as a data processor and/or a data controller in its own right. Stripe’s relevant agreements and privacy policies apply (see list of links).

Transfers to third countries: International processing is possible; appropriate safeguards (e.g., standard contractual clauses) are used, depending on the specific circumstances.

8. Cookies, Consent, and Similar Technologies

Our website uses cookies and similar technologies (e.g., local storage, pixels, SDK IDs). Cookies are small text files that are stored in or by the web browser on the user’s device.

8.1 Consent Management with Borlabs Cookie

We use Borlabs GmbH (“Borlabs Cookie”) as a consent management platform (CMP) to manage consent for technologies and services that require consent. A technically necessary cookie (e.g., “borlabs-cookie”) is set to save your selections.

8.2 Legal Basis Under the TDDDG and GDPR

  • Technically necessary cookies/technologies: Storage and retrieval are based on Section 25(2) of the German Telemedia Act (TDDDG) (strictly necessary). Further processing generally takes place on the basis of Article 6(1)(f) of the GDPR (legitimate interest in operation/security) or Article 6(1)(b) of the GDPR (contractually necessary functions), depending on the function.

  • Non-essential cookies/technologies (analytics/marketing/personalization/external media): Storage and retrieval occur only with consent pursuant to Section 25(1) of the German Telemedia Act (TDDDG); subsequent data processing is based on Article 6(1)(a) of the General Data Protection Regulation (GDPR).

8.3 Management and Withdrawal of Consent

You can change or withdraw your consent at any time via our “Cookie Settings.” You can also manage and delete cookies through your browser settings.

9. Analytics, Marketing, and External Media (Tools)

Depending on their configuration, the following tools may set unnecessary cookies or identifiers, or process usage data for analytical or marketing purposes. Where necessary, these tools are activated only after consent is given via our CMP (Borlabs Cookie).

9.1 Google Analytics

We use Google Ireland Limited (Google Analytics).

Purpose: Reach measurement, optimization, error analysis.

Legal basis: Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG (consent).

Transfers to third countries: Depending on the configuration, data may be transferred to third countries (e.g., the United States); appropriate safeguards (e.g., Standard Contractual Clauses) are implemented.

9.2 UserJot (Roadmap/Feedback)

We use UserJot to provide registered users with a roadmap/changelog view and to collect feedback (e.g., feature requests, comments, upvotes).

Data: First name, last name, email address; feedback content; technical log data (e.g., IP address, time), as necessary.

Legal basis: Article 6(1)(b) of the GDPR (function within the web app) and/or Article 6(1)(f) of the GDPR (optimization/quality assurance).

Role: Data Processor (DPA).

Transfers to third countries: permitted; appropriate safeguards (e.g., SCCs) as specified by the provider.

9.3 Google Tag Manager

We use Google Tag Manager to manage tags. It typically does not set any cookies itself, but it can load other tools.

Legal basis: depends on the tools integrated via this site; non-essential tags are used only with consent.

9.4 Google reCAPTCHA / Invisible reCAPTCHA

We use reCAPTCHA to protect against spam and abuse.

Legal basis: Art. 6(1)(f) GDPR (legitimate interests).
If technologies that are not strictly necessary are used in specific cases, additional consent may be required (depending on the context).

9.5 Google Maps (external media) and Google Places Autocomplete

We use Google Maps to display maps and the Google Places Autocomplete API to assist with address entry (e.g., when entering tournament locations).

Data Processed: When you use the autocomplete feature, your input (search terms) and your IP address are transmitted to Google’s servers to generate address suggestions.

Purpose: To simplify address entry and geocoding of tournament locations.

Legal basis:

  • For registered users in the context of tournament creation: Article 6(1)(b) of the GDPR (performance of a contract/provision of the service).
  • For the display of maps on public pages: Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG (consent via Borlabs cookie).

Transfers to third countries: Data may be transferred to Google servers in the United States. Google LLC is certified under the EU-U.S. Data Privacy Framework.

For more information: https://policies.google.com/privacy

9.6 Use of Fonts

We use fonts (“Google Fonts”) on our website that are hosted locally on our server. Therefore, when you visit our pages, no connections are made to servers operated by Google LLC , nor is any personal data (e.g., IP address) transmitted to Google for the purpose of loading the fonts.

Purpose of processing: To ensure a consistent and appealing design of our website and to improve its user-friendliness.

Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in ensuring that our website is technically stable, high-performing, and consistent).

9.7 Brevo Newsletter

We use Brevo (Sendinblue) to send newsletters and emails.

Legal basis: Article 6(1)(a) of the GDPR (consent). You may withdraw your consent at any time by clicking the unsubscribe link.

9.8 YouTube (Enhanced Privacy Mode)

We embed videos from YouTube.

Legal basis: Consent (Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG), provided that the video/iframe is loaded only after consent is given.

10. CDN/Library Services and Other Third-Party Providers

10.1 Cloudflare (CDN/Security)

We use Cloudflare Germany GmbH for security and performance.

Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in secure and efficient operations).

10.2 jsDelivr / unpkg (CDN)

We use CDNs to deliver libraries and scripts more quickly.

Legal basis: Article 6(1)(f) of the GDPR (legitimate interests). Note: Local hosting may be more privacy-friendly.

10.3 DataTables

We use DataTables functions for tables. Depending on how they are integrated, external resources may be loaded.

Legal basis: Article 6(1)(f) of the GDPR; consent may be required for external integrations that require consent.

11. Social media accounts (Facebook, Instagram, LinkedIn)

We maintain online presences on social media platforms, such as Facebook, Instagram, and LinkedIn Ireland Unlimited Company.

In this context, personal data may be processed by the respective platform providers—including outside the EU. We have only limited influence over the nature and scope of the processing carried out by the platform providers.

Purposes: Information, communication, marketing/public relations.
Legal basis: Art. 6(1)(f) GDPR.

For more details, please refer to the privacy policies of the respective providers (see list of links).

12. Retention Periods and Retention Requirements

Unless otherwise stated in this Privacy Policy, we process and store personal data only for as long as is necessary to achieve the respective purpose.

Once the contract has been fully fulfilled, data will be stored for the duration of the statutory retention periods and then deleted.

Typical retention periods (depending on the document): 6 years (HGB) and 10 years (AO).

13. Data Subject Rights

Provided that the legal requirements are met, you have the following rights under Articles 15 through 20 of the GDPR: the right of access, rectification, erasure, restriction of processing, and data portability.

Right to object (Art. 21 GDPR)

If processing is based on Article 6(1)(f) of the GDPR, you have the right to object at any time on grounds relating to your particular situation.

Withdrawal of Consent

Consent may be revoked at any time with future effect.

Right to lodge a complaint (Art. 77 GDPR)

You have the right to file a complaint with a supervisory authority.

Last updated: February 4, 2026

Link Directory (URLs)

Borlabs Cookie
- Manufacturer/Product: https://de.borlabs.io/borlabs-cookie/

Manage browser cookies
- Chrome: https://support.google.com/accounts/answer/61416?hl=de
- Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Safari (macOS): https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
- Internet Explorer (legacy): https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

WhatsApp
- Legal/Privacy: https://www.whatsapp.com/legal/

PayPal
- Privacy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Stripe
- Privacy Center: https://stripe.com/privacy-center/legal

Google / Analytics
- Opt-out add-on: https://tools.google.com/dlpage/gaoptout?hl=de
- Google Privacy: https://policies.google.com/privacy
- Cookies/Technologies: https://policies.google.com/technologies/cookies?hl=de

Brevo
- Privacy: https://www.brevo.com/de/legal/privacypolicy/

YouTube
- Privacy: https://www.youtube.com/t/privacy

Cloudflare
- SCC/Document: https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf

DataTables
- Privacy: https://datatables.net/privacy

Social Media
- Facebook: https://www.facebook.com/about/privacy/
- Instagram: https://instagram.com/about/legal/privacy
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- YourOnlineChoices: http://www.youronlinechoices.com