Privacy Policy

This policy describes how your personal data is processed when you use Business & Sport, in accordance with the General Data Protection Regulation (GDPR).

1. Data controller

The data controller is the publisher of business-and-sport.com (legal form and registration: to be determined). For any question about your data, contact us at support@business-and-sport.com. Data Protection Officer (DPO): to be determined.

2. Data we collect

Depending on how you use the service, we process the following categories of data:

• Account and identity: email address, password (stored hashed/encrypted), first and last name.
• Professional profile: occupation, company, region, sports practised, photo and descriptions.
• Network: contacts, connection requests and matches (professional and open matches).
• Messaging: private conversations (encrypted), club and event chat messages.
• Activity: event participation, club memberships, badges earned.
• LinkedIn integration (optional): if you enable it, an access token and your LinkedIn identifier to post on your behalf.
• Notifications: a device identifier (push token) used to send you notifications.
• Internal advertising measurement: display and click statistics for our own ad spaces (first-party measurement, no third-party tracker).

3. Purposes and legal bases

We use your data to: provide the service (account, profile, matchmaking, messaging, events) on the basis of contract performance; send you notifications and, if you enable it, publish to LinkedIn, on the basis of your consent; measure the audience of our internal advertising and ensure platform security, on the basis of our legitimate interest; and send you service-related emails.

4. Cookies and trackers

We use only strictly necessary cookies: authentication (session) and remembering your language. We use no third-party advertising cookies or third-party analytics tools, so no consent banner is required at this time. Should we introduce such tools, a prior consent mechanism will be put in place.

5. Push notifications

To send notifications we use Firebase Cloud Messaging (Google). A device identifier is kept for this purpose. You can disable notifications from your device settings; the identifier is deleted when your account is deleted.

6. Recipients and processors

Your data is hosted by IONOS (France). We use Google Firebase for push notifications and, if you enable the integration, LinkedIn. The payment provider (Stripe) will be added when payments are activated. We do not sell your personal data.

7. Retention periods

Your data is kept for as long as your account is active. After your account is deleted, it is erased, except for data that must be retained for legal or accounting obligations (durations: to be specified).

8. Your rights

Under the GDPR, you have the rights of access, rectification, erasure, portability, objection and restriction. You can export your data and delete your account directly from your "Account / Personal data" area, or write to us at support@business-and-sport.com. You may also lodge a complaint with the supervisory authority (in France, the CNIL - www.cnil.fr).

9. Security and data transfers

We implement appropriate security measures: encrypted connections (HTTPS), hashed passwords and message encryption. As some of our providers (e.g. Google) may operate outside the European Union, any transfers are governed by the appropriate safeguards provided for by the GDPR.

10. Changes and contact

We may update this policy; the last update date is shown at the top of the page. For any question, contact us at support@business-and-sport.com.