1. Data Controller

The person responsible for the collection, processing, and use of your personal data is:

• Laurin Maurer
• Baumgartenstrasse 10
• 8118 Pfaffhausen
• Switzerland
• Email: strategyorienteering@gmail.com

2. Data We Collect

We collect various types of information in connection with the services we provide, including:

• Account Information: When you register for an account, we collect your email address and password. You also provide a public display name. We store a record of your acceptance of our Terms and Conditions and this Privacy Policy.
• User-Generated Content: We collect the information you provide when you use our service, such as the fantasy teams you create, including the athletes you select for each event.
• Technical and Usage Data: We automatically collect certain information when you visit, use, or navigate the Service. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, and other technical information. This information is primarily needed to maintain the security and operation of our Service, and for our internal analytics purposes.
• Data from Third-Party Services: If you choose to log in using a third-party service (like Google), we receive information from that service, such as your name, email address, and profile picture.

3. How We Use Your Data

We process your data for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent. We use the information we collect for:

• To provide and maintain our Service: To operate the fantasy game, authenticate users, calculate scores, and display leaderboards.
• To manage your account: To manage your registration as a user of the Service.
• To communicate with you: To send you service-related announcements or other information.
• To improve our Service: To analyze usage patterns and improve the user experience.
• For security purposes: To help maintain the safety, security, and integrity of our Service.

4. Legal Basis for Processing (under FADP)

We process your personal data on the following legal bases:

• Consent: We process your data if you have given us specific consent to use your personal information for a specific purpose. You can withdraw your consent at any time.
• Performance of a Contract: Where we have a contract with you (our Terms and Conditions), we process your personal information to fulfill the terms of our contract.
• Legitimate Interests: We process your data when it is reasonably necessary to achieve our legitimate business interests, provided that your interests and fundamental rights do not override those interests.
• Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, or legal process.

5. Data Sharing and Disclosure

We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations. We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. The main third party is:

• Google (Firebase): We use Firebase for backend services, including authentication, database (Firestore), and hosting. Your data is stored on Google's servers.

6. International Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. As we use Google Firebase, your data will be processed in the United States. Google complies with the Swiss-U.S. Data Privacy Framework, which provides an adequate level of data protection for transfers from Switzerland to the United States.

7. Data Security

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

8. Data Retention

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

9. Your Rights Under the FADP

As a user in Switzerland, you have certain rights regarding your personal data. These include:

• The right to access: You have the right to request copies of your personal data.
• The right to rectification: You have the right to request that we correct any information you believe is inaccurate.
• The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
• The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you would like to exercise any of these rights, please contact us at our provided email address.

10. Contact Us

If you have any questions or comments about this policy, you may contact our Data Protection Officer (DPO) by email or post:

• Laurin Maurer
• Baumgartenstrasse 10
• 8118 Pfaffhausen
• Switzerland
• Email: strategyorienteering@gmail.com