Privacy Policy

1. Controller

The party responsible for data processing is:

JUGAD UG (haftungsbeschränkt)
Ludwigstr. 12B, 04315 Leipzig, Germany
Represented by its Managing Director Julian Haluska
Email: support@jugad.app

Contact for data protection matters: Julian Haluska, support@jugad.app

2. Scope

This privacy policy applies to our website jugad.eu, our web app play.jugad.app and our native apps for iOS and Android (together, "our Services"). It informs you about the nature, scope and purpose of the processing of personal data as well as your rights.

3. Legal Bases

We process personal data on the basis of the GDPR, in particular:

  • Art. 6(1)(a) – consent,
  • Art. 6(1)(b) – performance of a contract / pre-contractual measures,
  • Art. 6(1)(c) – legal obligation,
  • Art. 6(1)(f) – legitimate interest.

We state the applicable basis for each processing activity below.

4. Recipients and Processors

To provide our Services we use carefully selected service providers that process data exclusively on our behalf and in accordance with our instructions (processing on our behalf under Art. 28 GDPR). Processing primarily takes place on servers located in Germany or the European Union. Where, in individual cases, a transfer to a third country occurs, Section 17 applies.

5. Provision of our Services and Server Log Files

When you access our Services, technically necessary data transmitted by your browser or device is processed: IP address, date and time, amount of data transferred, browser type and version, operating system, referrer URL and the resource requested.

  • Purpose: technically error-free delivery, stability and security.
  • Legal basis: Art. 6(1)(f) GDPR.
  • Hosting: Processing takes place on servers located in Germany (EU).

6. Cookies and Local Storage

We use technically necessary cookies and comparable technologies (e.g. localStorage) that are required for operation – in particular a session/login cookie, a cookie to protect against cross-site requests, and the storage of your language setting.

  • Legal basis: Section 25(2) no. 2 TDDDG (German Telecommunications Digital Services Data Protection Act; technically necessary); the processing of the associated data is based on Art. 6(1)(f) or – for logged-in users – Art. 6(1)(b) GDPR.

For reach measurement, see Section 16 (Matomo).

7. Registration and User Account

To use our Services you can create a user account. Depending on the function, we process:

  • master data: email address, first and last name, profile picture;
  • contact data: phone number;
  • further profile information: date of birth, region, language;
  • address data (e.g. for bookings, contracts, invoices);
  • activity and reputation data (participations, reliability and punctuality ratings, points);
  • communication data (see Section 14);
  • for guest use without an account: first name and a device token.
  • Purpose: provision of the account and the functions used.
  • Legal basis: Art. 6(1)(b) GDPR; for voluntary information Art. 6(1)(a).

Note on minors: Our Services are intended for persons aged 16 or older. Persons under 16 may not use our Services.

8. Core Features: Games, Pitches, Bookings, Tournaments

To organise and participate in games, to manage and book pitches and to run tournaments, we process the data required for this (including participations, game/booking times, pitch and location details, team and registration data, payment and billing data).

  • Purpose: provision of the respective feature used.
  • Legal basis: Art. 6(1)(b) GDPR; for billing additionally lit. c.

9. Payment Processing (Stripe)

Payments are processed via Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Depending on the payment method, this includes, among other things, the cardholder's name, payment data (e.g. credit card data, CVC), bank details and the time and amount of the transaction. You enter the payment data directly with Stripe; we ourselves do not store any complete payment-instrument data.

Organisers, pitch landlords and event hosts can receive payments via Stripe Connect. For this, Stripe additionally processes identity, address and account data as well as identity-verification (KYC) information. We only store an account identifier and the activation status.

  • Purpose: processing of payments and payouts, fraud prevention.
  • Legal basis: Art. 6(1)(b) GDPR; lit. c (retention); lit. f (fraud prevention).

10. Storage of Images and Documents

Uploaded profile pictures and pitch photos as well as generated documents (e.g. contract PDFs) are stored with a cloud storage provider with servers located in the EU (Frankfurt region).

  • Purpose: provision and secure storage of your content and documents.
  • Legal basis: Art. 6(1)(b) GDPR; for contract documents lit. c.

11. Maps and Location Features

To display maps and for location search, we use service providers with servers located in the EU. When a map is loaded, your IP address is necessarily transmitted to the map service for technical reasons; to determine addresses from location coordinates, the coordinates are transmitted to a geocoding service.

  • Purpose: display of maps and location features.
  • Legal basis: Art. 6(1)(f) or Art. 6(1)(b) GDPR.

12. Sign-In via Third Parties (Single Sign-On)

Alternatively, you can sign in using accounts from Google, Apple or Facebook. In doing so, we receive a unique user identifier, your email address and, where applicable, your name from the respective provider. Processing by the respective provider is governed by its privacy policy.

  • Purpose: simplified registration and sign-in.
  • Legal basis: Art. 6(1)(b) GDPR; lit. a (choice of method).

13. Notifications (Push and Email)

Push notifications: With your consent, we send push notifications (e.g. reminders, payment and tournament notices). For this, a device-related push token (of your smartphone or browser) is processed via Firebase Cloud Messaging (Google). No web analytics via Firebase/Google Analytics takes place.

Email: To send account, transactional and – only with consent – marketing emails, we process your email address and the respective message content. We handle the dispatch via an email delivery service provider with servers located in the EU.

  • Legal basis: transactional Art. 6(1)(b) GDPR; marketing and push Art. 6(1)(a) GDPR (revocable at any time via the settings).

14. Communication

Within our Services, users can communicate via direct messages and comments; in doing so, we process the content, the participants and the time.

  • Purpose: communication between users.
  • Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR.

15. Contracts and Invoicing

In connection with contracts and tournament registrations, we process the data required for this (including name, address, email, phone number, billing and, where applicable, company data, signature and payment data) and generate contract documents.

  • Purpose: conclusion and performance of contracts, invoicing, fulfilment of tax and commercial-law obligations.
  • Legal basis: Art. 6(1)(b) and lit. c GDPR.

16. Reach Measurement (Matomo)

We use the open-source web analytics tool Matomo, which we self-host. No cookies are set and the IP address is anonymised. We record, among other things, pages visited, time, approximate origin (region), platform/system and the delivery of advertising impressions (e.g. number of impressions). The evaluation is carried out exclusively in aggregated, anonymised form; no individual person is identified and no merging with your user account takes place.

  • Purpose: statistical reach and usage analysis as well as the determination of advertising metrics (e.g. impressions) for billing and financing our Services.
  • Legal basis: Art. 6(1)(f) GDPR. As only anonymous, aggregated statistics are produced, neither consent nor a separate opt-out is required for this.

17. Data Transfers to Third Countries

Some of the services we use are operated by companies headquartered in, or with a parent company in, the USA (in particular Google, Apple and Meta). This may result in a transfer of personal data to the USA.

Where the providers are certified under the EU-US Data Privacy Framework, an adequacy decision of the EU Commission exists (Art. 45 GDPR). Otherwise, we base transfers on the EU Commission's Standard Contractual Clauses (Art. 46 GDPR) and additional safeguards. Despite these guarantees, a level of data protection comparable to that of the EU cannot be guaranteed in every case.

18. Retention Period

We process and store personal data only for as long as is necessary for the respective purposes:

  • account and profile data: until your account is deleted;
  • other usage data: until the purpose ceases to apply;
  • reach-measurement data: in anonymised form;
  • contract and invoicing data: until the expiry of the statutory retention periods (generally 6 or 10 years, Section 147 German Fiscal Code (AO), Section 257 German Commercial Code (HGB)).

Where statutory retention obligations exist, we restrict processing instead of deleting the data.

19. Data Security

We take appropriate technical and organisational measures to protect your data against loss, misuse and unauthorised access (including transport encryption). Our measures are continuously adapted.

20. Your Rights

You have the right to:

  • access (Art. 15 GDPR),
  • rectification (Art. 16 GDPR),
  • erasure (Art. 17 GDPR),
  • restriction of processing (Art. 18 GDPR),
  • data portability (Art. 20 GDPR),
  • objection to processing based on legitimate interests (Art. 21 GDPR).

You can withdraw any consent given at any time with effect for the future. To exercise your rights, a message to support@jugad.app is sufficient.

21. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement. The authority responsible for us is the Saxon Commissioner for Data Protection and Transparency (Sächsische Datenschutz- und Transparenzbeauftragte), Devrientstraße 5, 01067 Dresden, Germany (www.datenschutz.sachsen.de).

22. Validity and Changes

This privacy policy is currently valid. As our Services develop or legal requirements change, it may become necessary to amend it. The version published here applies in each case.

Follow us

crossmenu