Privacy policy

Last updated: Sep 27 2024

1. Introduction

Welcome to the Squashly website ("we", "our," or "us"). We are committed to protecting your privacy and ensuring that your personal data is processed responsibly, lawfully, and adequately for the purposes of processing.

The Controller of your personal data is Squashly OÜ, located at Pille tn 9/3-53, Harju maakond, 10138 Tallinn, Estonia; Registry number: 14576821 (hereinafter referred to as the Controller). You may contact the Controller regarding data protection matters via email at: [email protected].

This Privacy Policy, which is an integral part of the Terms and Conditions for Squashly Users, outlines how we collect, use, disclose, and protect your personal data when you use our website and mobile application (collectively, the "Platform") to organize and book squash games at various venues. For definitions of terms used in this Policy (such as Venues, Service, or User), please refer to the Terms and Conditions for Squashly Users.

2. Information We Collect

We may collect the following types of personal information:

  • User Information: Name, phone number, email address, hometown, as well as other personal information you voluntarily provide by making it available in your account. We may also collect information about the device and browser you use to access the Platform, including IP address, operating system, and browser type.
  • Booking Information: Information about the games you have booked, including details about the venue, date, time, and location of the game.
  • Profile Information: You can choose to provide additional information, such as a profile picture, additional descriptions, or your nickname.
  • Login Information: Our servers automatically record information when you use our Platform, including your interactions with the Platform, pages visited, and dates and times of visits.

3. How Do We Use Your Personal Information?

3.1. We process your personal data based on the legal grounds provided in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as "GDPR," in order to:

  • Perform the Agreement concluded with you, in particular by facilitating reservations of the Venues, providing communication between Users and Venues, and transferring your personal data to the Venues when you use the Service, in accordance with Article 6(1)(b) GDPR;
  • Comply with the requirements of generally applicable law, in accordance with Article 6(1)(c) of the GDPR;
  • Realize consumer rights and enforce our terms and conditions of the Services, and protect against possible claims, which is necessary to realize the Controller's legitimate interest in accordance with Article 6(1)(f) of the GDPR, by providing for the establishment of possible claims;
  • Develop and improve the functionality of the Services and the Platform, which is necessary to achieve the legitimate legal interest of the Controller, in accordance with Article 6(1)(f) of the GDPR, by ensuring the security and proper operation of Services and the Platform.

3.2. Providing your personal data is voluntary but necessary for the conclusion of the Agreement and the proper use of the Platform. Without providing your data, you will not be able to create an account or access all features of the Platform.

4. Sharing of Your Personal Data.

4.1. Squashly shares your personal data with the Venues as necessary for them to provide their services to you.

4.2. The data referred to in Section 4.1. that we provide to the Venues includes:

  • Name and surname,
  • Profile name (nickname),
  • Email address and phone number.

4.3. The Venues will process your personal data as separate Controllers and bear the related responsibility themselves.

4.4. Your personal data that you provide on your profile will also be available to other Platform Users.

4.5. Your personal data may also be shared in the following cases:

  • In response to legal requests, court orders, or to protect our rights, privacy, security, or property;
  • In the event of a merger, sale, or transfer of assets, your data may be transferred as part of the transaction.

5. Online Payments.

We use Stripe, a third-party payment processor, to handle payments made through the Platform. When you make a payment on the Platform, your payment information is collected and processed by Stripe, which operates independently of us. We do not store your full credit card information on our servers.

5.1. Information Collected by Stripe.

When you make a payment, Stripe may collect certain personal data, including:

  • Payment Information: Credit card number, expiration date, and security code (CVV).
  • Billing Information: Name, billing address, and email address.
  • Transaction Information: The amount of the transaction, date, and time of the transaction.

Stripe processes this information in accordance with its own privacy policy, which can be found on the Stripe website. We encourage you to review Stripe’s privacy policy to understand how your personal data is handled by them.

5.2. How We Use Payment Information.

We receive confirmation of payment from Stripe, including details such as the transaction amount, date, and status. We use this information to:

  • Facilitate and confirm your bookings on the Platform;
  • Issue receipts or confirmations for your payments;
  • Address any issues or disputes related to payments.

5.3. Sharing of Payment Information.

We do not share your payment information with any third parties, except as necessary to process the payment or as required by law. Your payment data may be shared with:

  • Stripe: As our payment processor, Stripe needs this information to complete transactions;
  • Legal Authorities: In response to legal requests, court orders, or to protect our rights, privacy, security, or property.

5.4. Security of Your Payment Information.

Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available in the payments industry. We and Stripe take appropriate technical and organizational measures to protect your payment information against unauthorized access, disclosure, alteration, or destruction.

5.5. Your Rights Related to Payment Information.

You have the right to:

  • Request information about your transactions;
  • Request the rectification of any incorrect information related to your payments;
  • Object to the processing of your payment information under certain circumstances;
  • Withdraw your consent to the processing of your payment information at any time, noting that this may affect your ability to make payments through the Platform.

5.6. Contact Us.

If you have any questions or concerns about how your payment information is handled, please contact us at: [email protected].

6. Security of Your Personal Data.

We take all reasonable measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction.

7. Your Rights Related to Processing of Your Personal Data.

In connection with the processing of your data, you have the right to:

  • Access your account information and update it in your profile settings;
  • Request rectification, deletion, transfer, or restriction of processing of your data;
  • Object to the processing of your personal data;
  • Withdraw your consent to the processing of your personal data at any time, for data that we process based on your consent. Withdrawal of consent will result in the termination of the concluded Agreement;
  • Lodge a complaint about the processing of your personal data with the President of the Office for Personal Data Protection.

8. Period of Processing of Your Personal Data.

We process your personal data for the period necessary for the purposes of processing, i.e.:

  • To perform the Agreement concluded with you, particularly by facilitating the booking of Venues, ensuring communication between Users and Venues, and providing your personal data to the Venues whenever you use the Service, in accordance with Article 6(1)(b) of the GDPR, until the termination or expiration of the Agreement, and thereafter for a period until your claims expire;
  • To comply with the requirements of common applicable law in accordance with Article 6(1)(c) of the GDPR, until such obligations expire;
  • To realize consumer rights and enforce our terms and conditions of the Services, and to protect against possible claims, which is necessary to realize the Controller's legitimate legal interest in accordance with Article 6(1)(f) of the GDPR, until the statute of limitations for claims;
  • To develop and improve the Services, which is necessary to realize the Controller's legitimate legal interest in accordance with Article 6(1)(f) of the GDPR, until the Agreement is terminated.

9. Automated Processing of Personal Data and Transfer of Data Outside the European Economic Area.

Your personal data will not be subject to any operations involving automated decision-making, including profiling, and will not be transferred to entities located outside the European Economic Area or to international organizations.

10. Changes to This Privacy Policy.

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any changes in a manner consistent with your prior consent. The amended Policy will also be available on our website: https://squashly.io/.

11. Contact Us.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us by email at: [email protected].

12. Your Consent.

By using our Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your data as described herein.