Privacy Policy

1. Introduction

The processing of data by Smashpro, as well as the exercise of user rights regarding their personal data, is carried out in accordance with applicable legislation, namely the legal framework for the protection of personal data in force. The data indicated by the customer or the user, as well as other data registered in the context of the services provided by Smashpro and subject to processing, are intended for the execution of our service and may be used for operational, statistical, accounting, financial, and administrative purposes, giving the user, without prejudice to the remaining provisions of this document, their consent for this purpose. After the deletion of the user's account, only data of importance and relevance to the company's activity according to legal, operational, management, maintenance, and restructuring terms of the system and associated infrastructures will be retained. As previously mentioned, Smashpro may resort to third parties for the purposes of collecting and/or processing the user's personal data, as well as to transfer maintenance and management obligations, by provision of services or concession of Smashpro services, with these third parties remaining absolutely bound by equal obligations of confidentiality and to respect the legal framework for the protection of personal data in force.

2. Data processing and security efficiency review policies

This policy and its efficiency should be reviewed annually, or whenever necessary. At that time, this regulation may be updated accordingly, and all stakeholders to whom this document's content is relevant should be informed.

3. Collection of personal data

The Smashpro platform stores user data, which may be entered directly by the users themselves or by other entities that use Smashpro's services, namely the sports clubs that utilize our platform.

Data entered by users

In cases where users enter their data directly, Smashpro acts as the data controller and is solely responsible for their storage.

Data entered by sports clubs

In cases where other entities enter user data, namely the sports clubs that use our platform, Smashpro acts as a data processor, as it stores and processes user data for a third party. The collection of data entered on the Smashpro platform by these entities – sports clubs – is the exclusive responsibility of the entity entering it, and they are obliged to have the express consent of the individuals to whom the data pertains.

User data can also be sent directly by these entities – sports clubs – to Smashpro via email, or any other means not covered by the previous type. In these cases, Smashpro may import user data into the client's platform and will operate as a "processor" of the data.

4. Access to personal data

Users can access their personal data registered on the platform at any time. Users may also request a consultation of their personal data by sending an email to support@smashpro.co.

Records of access to personal data, regardless of who accesses it, are always recorded automatically in digital platforms or via documentation in the case of physical archives, in accordance with the provisions of the current law and GDPR.

5. Storage of personal data

The storage of personal data and others depends on their nature and how they were collected (see section 3 for more information about data collection). Thus, it is necessary to divide the procedures for data storage into two types: data submitted on the Smashpro platform and data sent by other means (email, phone, letter, or others not developed by Smashpro).

Data submitted on the Smashpro platform

Data submitted by users of the Smashpro platform can be submitted through the mobile application or website. Operational data related to the functioning of the platform is stored directly in a database.

Data submitted by other entities, namely sports clubs that use our platform, can be submitted through the back office, which the clubs have reserved access to. Operational data related to the functioning of the platform is stored directly in a database.

Some of the data may be added to the transactional email system, used for notifications regarding reservations, registrations, payments, and others, being stored in the Sengrid systems.

IP addresses are stored both in databases (possibly associated with an internal identification number of the user if they are duly authenticated in the system) and in log files on disk.

Data submitted by other means

Information sent to us by other digital means, such as email, is stored directly on the email server, and may also be printed to a physical format or stored in the cloud (Google Drive). Data sent by other means is stored in the physical archive of Smashpro and can also be digitized and stored in the above-mentioned means.

6. Use of personal data

Data (whether personal or not) is used for distinct purposes according to its nature. As previously mentioned in section 3, Smashpro may act as Data Controller or Data Processor, which influences the use of personal data.

Use of data entered by users

The data provided by users on the platform is used for operational purposes related to its functioning. The data required for registration on the Smashpro platform includes the user's name, a password, their email, and a mobile contact. The mobile contact is used to validate the user's account. This data is collected to ensure and validate the creation of an account on the Smashpro platform. The user has access to a client area where they can review their personal data (used in creating their account) and their reservations. The user can request the deletion of their account by sending a written request via email to support@smashpro.co.

This data may be used for internal analysis, debugging, and correcting errors in the platforms and also for customer support. This data may also be used for communication (marketing or transactional) with the user, via email, phone, and SMS. The use of user data for marketing communications should have the express authorization of the user. The user may also change their preferences at any time, deciding whether or not they wish to receive such communications.

Use of data entered by sports clubs

As mentioned in section 3, in these cases Smashpro operates only as a "processor" of data under GDPR. In this context, Smashpro has no knowledge of the semantics or content of the data entered. For example, a sports club may associate the citizen card number, gender, or tax information with the additional information of its users through the Smashpro platform.

The collection and use of data entered on the Smashpro platform by these entities – sports clubs – is the exclusive responsibility of the entity entering it, and they are obliged to have the express consent of the individuals to whom the data pertains.

Just like the data described above, information sent to Smashpro by means other than those described above may be included in the internal logic of the platform (for example, data sent by clients for importation into the platform), used for customer support purposes, or correction of platform issues.

7. What are your rights?

At any time, you can request information about your Personal Data in our possession. If it is incorrect, incomplete, or irrelevant, you may request its correction or deletion. You may also request a limitation on the processing of your Personal Data and, under certain circumstances, the portability of the data. Whenever there is a legal obligation to retain data, such as accounting regulations or other legitimate grounds for maintaining the data, such as, for example, outstanding debts, we will not be able to delete your Personal Data. You can withdraw your consent for the use of data for advertising purposes at any time. You may contact us by sending an email to support@smashpro.co. Your rights under the Data Protection Law will not be affected.

If you are not satisfied with how we handle your Personal Data, you may file a complaint with the National Data Protection Commission (www.cnpd.pt).

8. Responsible for the processing of personal data

Smashpro Lda
Estrada Nacional N204-5 1979
4770-336, Landim
Portugal
NIPC 518596761
Email: support@smashpro.co

[1] Data controller - Any organization that decides how and why data is processed. It is considered the physical or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data.

[2] Data processor - The individual or legal entity, public authority, agency, or any other body that processes personal data on behalf of the data controller (subcontractor).