Privacy Policy

Privacy Policy – Athlentic

1. Data controller

The controller of personal data is Cabtech CZ s.r.o., ID No. 05585856, with its registered office at Sudoměřská 185/10, 130 00 Prague 3, registered in the Commercial Register of the competent court (hereinafter “Athlentic” or the “controller”). Contact email for personal data protection matters: athlentic@athlentic.app

2. What personal data we process

In connection with the use of the Athlentic platform, we process in particular the following data:

  • Identification and contact details of fans (first name, surname, email address, and billing details if provided by the fan).
  • Data relating to orders of digital cards (cards purchased, amount, date and method of payment).
  • Technical data from access to the website (IP address, server logs, cookies necessary for the operation of the website) Athletes‑sellers have their own profiles on the platform; the data contained in an athlete’s profile is processed for the purpose of operating the platform and presenting the athlete to fans

3. Purposes and legal bases of processing

Personal data is processed only to the extent necessary for the following purposes:

  • Conclusion and performance of a contract – processing orders for digital cards, processing payments, delivering the electronic card to the fan and managing the user account; the legal basis is performance of a contract under Art. 6(1)(b) GDPR.
  • Compliance with legal obligations – in particular bookkeeping and tax agenda related to received payments; the legal basis is Art. 6(1)(c) GDPR
  • The controller’s legitimate interests – protection of Athlentic’s rights and claims (e.g. debt collection, keeping internal records, securing the website and preventing misuse of the service); the legal basis is Art. 6(1)(f) GDPR Fans’ personal data is not used for mass marketing or for sending newsletters

4. Who has access to the data (recipients)

Personal data may be disclosed to the following categories of recipients:

  • The payment service provider Stripe, which processes payments on the Athlentic platform; Stripe acts as an independent entity for the processing of payment data under its own terms and privacy policy.
  • Providers of hosting and technical infrastructure for the platform (server and cloud services).
  • External accountants, tax advisers, legal advisers and other contractors who process data for us on the basis of a data processing agreement.
  • Individual athletes‑sellers as independent controllers to the extent necessary for keeping their own accounting and tax records (typically information on completed transactions)

5. Retention period

Order and payment data is retained for the period required by accounting and tax regulations (usually 10 years from the end of the relevant accounting period) User account data is retained for the duration of the registration; the account can be deleted at any time, subject only to our legal obligations to retain certain data for accounting purposes Technical logs and security records are typically stored for several months, but no longer than 1 year, unless required for handling an incident or legal dispute

6. Cookies and online identifiers

The Athlentic platform uses:

  • Necessary cookies that enable basic functions of the website (login, adding items to the cart, completing an order).
  • Where applicable, analytical cookies for basic traffic statistics in anonymised form. Necessary cookies cannot be disabled as they are required for the platform to function. Analytical cookies can be refused in your browser settings or via the cookie banner on the website, where available

7. Data subject rights

In accordance with the GDPR, you have in particular the following rights:

  • The right of access to personal data and to obtain confirmation of what data about you is processed.
  • The right to rectification of inaccurate or incomplete data.
  • The right to erasure (“right to be forgotten”) if the purpose of processing has ceased and there is no legal obligation to retain the data.
  • The right to restriction of processing.
  • The right to data portability in the cases provided for by the GDPR.
  • The right to object to processing based on legitimate interests.
  • The right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Prague 7 You can exercise your rights by email at athlentic@athlentic.app

8. Processing of personal data by athletes‑sellers

Athletes who offer their digital cards on the Athlentic platform are independent controllers of personal data in connection with their own accounting and tax obligations Athlentic provides them with a technical platform and data necessary for matching payments and keeping records and, in this respect, acts as a processor under Art. 28 GDPR. Athletes are obliged to process fans’ personal data in accordance with the GDPR and, where appropriate, to publish their own privacy policy

9. Security of personal data

Personal data is protected by appropriate technical and organisational measures, in particular:

  • Encryption of communications (HTTPS).
  • Restricting access to personal data only to authorised persons.
  • Regular system updates and continuous monitoring of platform security

10. Changes to this policy

This policy may be updated from time to time, in particular due to changes in legislation or expansion of the Athlentic platform’s features The current version of the policy is always published on the Athlentic website.