Privacy Policy

Who we are

This site, deep-padel.com, and our padel academy are operated by DEEP Padel Nordics AB, a company registered in Sweden, trading as DEEP Padel (registered as a trademark in the European Union). For any privacy-related question, write to info@deep-padel.com.

We are the data controller for the personal data described in this policy. We have not appointed a Data Protection Officer — under GDPR Art. 37 we are not required to (we are not a public authority, do not process special-category data on a large scale, and do not engage in large-scale systematic monitoring).

What data we collect

Booking data

When you register for the academy, an event, or book a private lesson we collect: your name, email, phone number, date of birth, gender, padel level (self-reported or assigned), and your training preferences (days, times, club). For juniors we also collect parent or guardian contact details.

Portal data

If you have a player account at /my, we store your login credentials (email + hashed password — we never see your plain password), your attendance history, coach evaluations, payment history, and your communication preferences (e.g. marketing opt-in).

Website data

When you visit our site we may collect technical data via essential cookies and server logs (IP address, browser type, page paths). With your consent, we may also set analytics or marketing cookies. See our Cookie Policy for the full list and your controls.

Why we process your data (legal basis)

We rely on different legal bases under GDPR Art. 6 depending on the purpose:

• Bookings & payments — performance of a contract with you (Art. 6(1)(b)).
• Marketing emails — your explicit consent (Art. 6(1)(a)). You can withdraw at any time in your profile.
• Coach evaluations — our legitimate interest in providing structured athletic development (Art. 6(1)(f)).
• Communication log — our legitimate interest in maintaining service quality and resolving issues (Art. 6(1)(f)).
• Tax & accounting records — legal obligation under the Swedish Bookkeeping Act (Bokföringslagen Ch 7 §2), which requires us to retain accounting records for seven years (Art. 6(1)(c)).

Who sees your data

• Stripe — processes card payments. Stripe is established in the US; transfers are covered by the Standard Contractual Clauses included in Stripe's Data Processing Addendum. We never see or store your card number.
• Email service provider — for transactional and (with consent) marketing emails.
• Hosting provider — EU-region infrastructure.
• Your coaches — see your name, contact details, level, attendance, and evaluations relevant to the groups they instruct you in. They do not see other players' data unless those players are in the same group.

How long we keep your data

• Active player data — for as long as your account is active.
• Bookings & payments — 7 years from the end of the financial year, per Bokföringslagen Ch 7 §2.
• Marketing consent — indefinitely while you remain opted in; deleted immediately when you withdraw consent.
• Cookie consent records — 12 months, after which you'll be asked to renew.
• Account erasure — when you ask us to delete your account, we anonymize your personal information immediately. Accounting rows (bookings, payments) are kept under a "Deleted User" placeholder so the financial trail remains intact for the statutory retention period; they no longer contain your personal information.

Your rights

Under GDPR you have the following rights regarding your personal data:

• Access (Art. 15) — get a copy of the data we hold about you. The "Download my data" button in your profile gives you a JSON export.
• Rectification (Art. 16) — correct inaccurate or incomplete data. Most fields are editable in your profile, otherwise email us.
• Erasure (Art. 17) — ask us to delete your data. The "Delete my account" button in your profile starts the flow. Bookkeeping records are preserved for 7 years per Swedish law (anonymized, no longer linked to your identity).
• Restriction (Art. 18) — ask us to pause processing while we investigate a complaint or correction.
• Portability (Art. 20) — receive your data in a machine-readable format. The download is JSON.
• Objection (Art. 21) — object to processing based on legitimate interest.
• Withdraw consent — at any time, for anything we process on the basis of consent (e.g. marketing emails).

To exercise any of these rights, use the self-service controls in your profile, or email info@deep-padel.com.

Cookies

We use a small number of essential cookies to keep you logged in and to remember your consent choice. Optional cookies (analytics, marketing) are off by default and only set if you explicitly opt in. See our Cookie Policy for the full list and how to change your preferences at any time.

Contacting us & complaints

For any privacy question, contact us first at info@deep-padel.com. We aim to respond within 30 days.