Privacy Policy

(Information pursuant to Articles 13 and 14 of the GDPR)

Data Controller

The data controller is the operator of the WayUpScore application, Anže Peharc s.p., promotion and education in sports, Cesta na Hudo 2, Kovor, Tržič, Slovenia (hereinafter: the “Controller”).

The Controller processes personal data in accordance with Regulation (EU) 2016/679 (GDPR), the Slovenian Personal Data Protection Act (ZVOP-2), and the internal Personal Data Protection Rules.

What personal data we process

The Controller processes the following categories of personal data:

contact and identification data (e.g. email address);
user profile data;
sports activity and app usage data;
user-generated content (e.g. photos, comments);
communication data;
technical and security data (e.g. access logs).

Some personal data are required for the use of the application, while others are provided voluntarily.

Purposes and legal bases of processing

Personal data are processed for the following purposes:

enabling registration and use of the application;
providing application functionalities;
enabling communication between users;
providing technical support;
ensuring security and preventing abuse;
development, analysis and improvement of the application;
compliance with the Controller’s legal obligations.

The legal bases for processing personal data are:

performance of a contract;
the user’s consent;
the Controller’s legitimate interests;
compliance with legal obligations.

Retention of personal data

Personal data are stored in a form which permits identification of individuals only for as long as is necessary to fulfil the purposes for which they were collected or otherwise processed, and in accordance with applicable law.

The retention period depends on the type of data, the purpose of processing, the legal basis and any applicable statutory obligations:

User account data are stored for the duration of the user’s registration and, after termination, for as long as necessary to assert, exercise or defend legal claims and to comply with legal obligations.
Profile data and user-generated content are stored until deleted by the user or until the user account is deleted.
Sports activity data are stored for the duration of the user account.
Communications are stored until deleted by the user or until the user account is deleted.
Technical and security data are stored for a limited period necessary to ensure system security, detect errors, prevent abuse and demonstrate compliance.

After the expiry of the applicable retention period, the data are deleted or anonymised.

Recipients of personal data

Personal data may be disclosed to the following categories of recipients:

external IT service providers (e.g. hosting and system maintenance providers);
providers of analytics or communication services, where used;
public authorities, where required by law.

All external recipients process personal data exclusively on the Controller’s instructions and on the basis of appropriate contractual safeguards.

Transfers to third countries

If personal data are transferred outside the European Union or the European Economic Area, the Controller ensures appropriate safeguards in accordance with the GDPR, in particular by using adequacy decisions or standard contractual clauses.

Profile visibility and social features

The application is socially oriented. User profiles are visible to other registered users of the application but are not publicly accessible to the general public. Users may restrict the visibility of certain data in their settings, which may affect the availability or functionality of certain features.

Rights of data subjects

Data subjects have the following rights:

the right to access their personal data;
the right to rectification of inaccurate or incomplete data;
the right to erasure;
the right to restriction of processing;
the right to object to processing;
the right to withdraw consent at any time, where processing is based on consent.

Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Right to lodge a complaint

Data subjects have the right to lodge a complaint with the supervisory authority:

Information Commissioner of the Republic of Slovenia
Dunajska cesta 22,
1000 Ljubljana, Slovenia

Security of personal data

The Controller implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse.

Changes to this Privacy Policy

The Controller reserves the right to amend this Privacy Policy. The current version is always available in the application or on the Controller’s website.