Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

• Asociația Radical Football
• CIF: 53433927
• Str. Barierei nr. 10, Bl. PB29, Et. 4, Ap. 19, Oradea, Județul Bihor, România
• Email: contact@radicalfootball.ro
• Phone: +40 751 342 405

This privacy policy is governed by the General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679 - and applicable Romanian data protection legislation.

2. Information We Collect

We collect the following categories of personal data depending on how you interact with our platform:

Account Data

• Full name, email address, password (stored in hashed form), and profile name

Profile Data

• City, country, short bio, primary role, experience level, pedagogical focus, club/organization, and profile image

Forum Content

• Posts, comments, and likes

Library Contributions

• Training resources, articles, and uploaded files

Community Data

• Map location (city, country) and optional audio interview

Break Space Reflections

• Reflections submitted to the Break Space, which may be posted anonymously at your choice

Direct Messages

• Messages exchanged between users on the platform

Speaker Applications

• Theme, description, experience, and format preferences submitted when applying to speak at conferences

Payment Data

• Payments are processed by Stripe. We do not store your card numbers or full payment details on our servers.

Conference Registrations

• Name, email, organization, accommodation preferences, and VAT number

Contact Form Submissions

• Name, email address, and message content

Conference Notification Signups

• Email address provided to receive notifications about upcoming conferences

Technical Data

• IP address, browser type and version, and device information

3. How We Use Your Information

We use your personal data to:

• Provide, operate, and maintain our platform and services
• Process payments for conference registrations and donations
• Send transactional emails, including account verification, conference tickets, donation receipts, announcements, and message digests
• Improve and develop the platform based on usage and feedback
• Enforce our terms of service and community guidelines

4. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

• Performance of a contract: Processing necessary to provide you with the services you have signed up for, including account management, conference registrations, and payment processing.
• Consent: Where you have given explicit consent, such as subscribing to conference notifications or submitting a contact form.
• Legitimate interest: Processing necessary for our legitimate interests, such as improving the platform, ensuring security, and preventing abuse, where those interests are not overridden by your rights.
• Legal obligation: Processing necessary to comply with legal requirements, such as retaining payment records for tax and accounting purposes.

5. Third-Party Service Providers

We use the following third-party service providers to operate our platform:

• Supabase (Ireland / EU) - Authentication, database, and file storage
• Stripe (USA, with EU Standard Contractual Clauses) - Payment processing
• Resend (USA, with EU Standard Contractual Clauses) - Transactional emails including verification, tickets, donation receipts, contact form responses, announcements, speaker lifecycle notifications, and message digests
• Google reCAPTCHA v3 - Spam and abuse protection
• Google Maps - Displaying community map locations
• Upstash Redis - Rate limiting (no personal data stored)
• YouTube - Embedded video content

6. Data Sharing

We do not sell your personal data. We share your data only with the third-party service providers listed above, solely for the purposes described in this policy. We may also disclose your information when required by law, regulation, or legal process.

7. International Data Transfers

Some of our third-party service providers are located in the United States. When your personal data is transferred outside the European Economic Area, we ensure that appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs), to protect your data in accordance with GDPR requirements.

8. Data Retention

We retain your personal data as follows:

• Account data is kept for as long as your account remains active.
• Upon request, your account and associated personal data will be deleted in accordance with our deletion procedures.
• Forum posts and library contributions may be anonymized rather than deleted to preserve the integrity of community discussions and shared resources.
• Payment records are retained as required by applicable tax and accounting legislation.

9. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

• Right of access: Obtain a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data.
• Right to restriction: Request that we restrict the processing of your data.
• Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
• Right to object: Object to the processing of your data based on legitimate interests.
• Right to withdraw consent: Withdraw your consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at contact@radicalfootball.ro.

You also have the right to lodge a complaint with the Romanian supervisory authority: Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP).

10. Account Deletion

You can delete your account at any time through your profile settings. When you delete your account, your personal data will be removed in accordance with our data retention policy described above.

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected information from a child under 16, please contact us immediately so that we can take appropriate steps to delete such data.

12. Cookies

We use cookies and similar technologies to operate and improve our platform. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

13. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption, access controls, and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

14. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

15. Contact

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

• Email: contact@radicalfootball.ro
• Phone: +40 751 342 405

Supervisory Authority:

• Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
• B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București, România
• www.dataprotection.ro