Privacy Policy

Foldwire processes personal data of Users in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act No. 18/2018 Coll. on the Protection of Personal Data, as amended. These Privacy Policy explains what data we collect, for what purpose, on what legal basis, and what rights you have in relation to your data.

1. Controller Identification

The controller of the Platform and the data controller for Administrators’ personal data is:

• Business name: Mgr. Andrej Garaj — UX Dizajn
• Place of business: Bystrická 2479/16, 902 01 Pezinok, Slovak Republic
• Company ID (IČO): 54 694 493
• Trade Register: District Office Pezinok, No. 130-28893
• Contact email: [email protected]

2. Three-Party Relationship — Who Is the Controller and Who Is the Processor

Foldwire as controller — for the processing of personal data of Administrators (name, email, Subscription records), Foldwire acts as an independent controller within the meaning of Art. 4(7) GDPR.

Foldwire as processor — for the processing of personal data of Players entered by the Administrator into the Space, Foldwire acts as a processor within the meaning of Art. 4(8) GDPR. It processes such data exclusively on the instruction of the Administrator and on their behalf. Foldwire does not share this data with third parties for commercial purposes.

Administrator as controller — the Administrator of each Space is the controller of their Players’ personal data within the meaning of the GDPR. The Administrator is responsible for the lawfulness of processing (including obtaining the necessary legal basis from Players), the accuracy of the data entered, and fulfilling controller obligations towards data subjects.

By accepting these Terms, Foldwire concludes a Data Processing Agreement (DPA) with each Administrator pursuant to Art. 28 GDPR. On this basis, Foldwire is authorised to process Players’ personal data under the conditions set out in these Privacy Policy and Terms of Service.

3. What Personal Data We Process and Why

A) Administrator data (Foldwire as controller):

• Full name — identification within the Platform
• Email address — login, notifications, billing, support
• Password — stored exclusively as a secure cryptographic hash (never in readable form)
• Subscription and billing records — fulfilment of contractual obligations

B) Player data entered by the Administrator (Foldwire as processor):

• Full name — required, player identification within the team
• Email address — optional, for Player access to the Platform and notifications
• Phone number — optional
• Date of birth — optional
• Playing position — optional

C) Operational records (generated through Platform use):

• Attendance records for training sessions and events
• Training payment tracking (not financial transactions)
• RSVP responses to events
• Messages sent in the team chat
• Squads and line-ups

D) Technical records:

• IP addresses at login — protection against brute-force attacks (rate limiting)
• Records of emails sent through the Platform (email_log)
• Session identifier (session cookie) for maintaining login state

4. Legal Basis for Processing

• Performance of a contract — Art. 6(1)(b) GDPR: processing of Administrator data necessary for the provision of Platform services based on acceptance of the Terms of Service (contractual relationship).
• Performance of a processing agreement — Art. 28 GDPR: processing of Player data by Foldwire as processor on the basis of the Administrator’s mandate; the legal basis in relation to Players shall be ensured by the Administrator as controller.
• Legitimate interests — Art. 6(1)(f) GDPR: IP address logs at login for Platform security and protection against unauthorised access; email_log records to demonstrate the sending of important notifications.
• Legal obligation — Art. 6(1)(c) GDPR: retention of tax and accounting documents in accordance with applicable Slovak law.

5. Purpose of Processing

Personal data is used exclusively for the operation of the Platform — player management, training attendance and payment tracking, event organisation and RSVP, squad management, team communication, and technical security of the Platform. We do not use data for profiling, advertising, sale to third parties, or any purposes unrelated to the operation of the Platform.

6. Cookies and Browser Storage

Foldwire uses exclusively essential session cookies to maintain login state (with HttpOnly, SameSite=Lax, and Secure attributes when using HTTPS). These cookies are automatically deleted upon logout or when the browser is closed. We do not use analytics cookies, advertising cookies, or any third-party tracking technologies.

7. Where Data Is Stored and Who Processes It

Data is stored on servers within the European Union. Foldwire does not transfer personal data to third countries outside the EU/EEA.

Foldwire may use sub-processors for certain data processing activities (e.g. cloud infrastructure providers, SMTP for sending emails) — exclusively within the EU/EEA and subject to appropriate data protection standards. An up-to-date list of sub-processors is available upon request at [email protected].

8. Recipients of Data

Players’ personal data within the Platform is visible exclusively to the Administrator of the relevant Space and to the Players themselves (their own data). Foldwire does not sell, rent, or transfer this data to third parties for commercial purposes.

An exception applies when data must be disclosed pursuant to a lawful decision by a competent public authority in accordance with the law. In such cases, Foldwire will inform the data subject unless prohibited by law from doing so.

9. Data Retention Periods

• Administrator account and active Space: data is retained for the duration of the contractual relationship (active Subscription or trial period).
• After termination of the contractual relationship / cancellation of the Space: all Players’ personal data is permanently deleted within 30 days. Administrator data is deleted within 30 days of account cancellation, except for tax and accounting documents which are retained for the period prescribed by applicable Slovak law (generally 10 years).
• IP records from rate limiting: automatically deleted after 24 hours.
• Email log records: retained for 6 months, then automatically deleted.
• Session cookies: deleted upon logout or end of the browser session.

10. Security Measures

Foldwire implements appropriate technical and organisational measures to protect personal data:

• Passwords are stored exclusively as secure cryptographic hashes — never in readable form.
• All communication with the Platform is encrypted using HTTPS/TLS.
• Session cookies are configured with HttpOnly, SameSite=Lax, and Secure attributes.
• Login is protected by rate limiting (automatic blocking after repeated failed attempts).
• Database access is restricted exclusively to authorised system components.
• All database queries use parameterised statements (protection against SQL injection).

No system is one hundred percent secure. We recommend that Users use a strong, unique password and log out after each session on a shared device. If you suspect unauthorised access, please contact us immediately at [email protected].

11. Rights of Data Subjects

In accordance with the GDPR and Act No. 18/2018 Coll., you have the following rights:

• Right of access (Art. 15 GDPR): you have the right to know what personal data we process about you, for what purpose, and to whom it is disclosed.
• Right to rectification (Art. 16 GDPR): you have the right to request correction of inaccurate or incomplete data. Administrators can correct most of their own data directly in their account settings.
• Right to erasure — “right to be forgotten” (Art. 17 GDPR): you have the right to request deletion of your personal data, provided that further retention is not required by law (e.g. accounting obligations).
• Right to restriction of processing (Art. 18 GDPR): in certain circumstances (e.g. dispute about the accuracy of data), you may request a temporary restriction on the processing of your data.
• Right to data portability (Art. 20 GDPR): you have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format.
• Right to object (Art. 21 GDPR): you have the right to object to the processing of your data based on legitimate interests.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal.

How to exercise your rights: Administrators exercise their rights directly at [email protected]. Players exercise their rights primarily with the Administrator of their team (as the controller). If the issue cannot be resolved through the Administrator, Players may also contact Foldwire directly. Foldwire undertakes to acknowledge receipt of a request within 3 working days and to respond without undue delay, within a maximum of 30 days.

12. Right to Lodge a Complaint with the Supervisory Authority

If you believe that the processing of your personal data is contrary to the GDPR or Act No. 18/2018 Coll., you have the right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic (ÚOOÚ SR):

• Website: dataprotection.gov.sk
• Address: Hraničná 12, 820 07 Bratislava 27
• Email: [email protected]
• Tel.: +421 2 3231 3214

13. Changes to the Privacy Policy

We may update this Privacy Policy in line with changes in legislation, Platform operation, or security standards. Administrators will be notified of material changes by email at least 14 days before they take effect. The current version is always available on this page with the date of the last update.

14. Contact

All questions, requests, and complaints regarding personal data protection should be sent to: [email protected]

This Privacy Policy enters into force and effect on 25 May 2026. Last updated: May 2026.