Privacy Policy for CanoeApp

Last Updated: February 6, 2026

CanoeApp respects your privacy. This Privacy Policy describes how we collect, use, and share information when you use our web application to organize or participate in canoe competitions.

To ensure clarity regarding data protection laws (such as GDPR), we distinguish between the roles of Data Controller and Data Processor depending on the type of data and the user relationship.

1. Definitions of Roles

  • CanoeApp (Service Provider): The provider of the web application.
  • Entity (Club/Federation): The organization (Sport Club or Federation) that uses CanoeApp to manage athletes and organize competitions.
  • Registered User: An individual who creates an account on CanoeApp. A Registered User may request, or be invited by, one or more Entities to become an Entity user. Upon approval, the Entity assigns a role (Administrator, Coach, or Associate) that determines the user’s permissions within that Entity.
  • Athlete: An individual whose personal data is entered into CanoeApp by an Entity for the purpose of competition participation. Athletes generally do not have direct login access.

2. Data Controller vs. Data Processor

2.1. When CanoeApp is the Data Controller

CanoeApp acts as the Data Controller for:

  • Registered User Account Data: Information you provide directly to us when registering (Name, Email, Time Zone, Country) to gain access to the system.
  • Technical/Usage Data: Cookies, logs, and device information required to maintain the security and functionality of the Service.

2.2. When CanoeApp is the Data Processor

For Athlete Data and Competition Data, CanoeApp acts strictly as a Data Processor.

  • The Entity (Club/Federation) is the Data Controller: The Entity decides why and how athlete data is collected (e.g., to register for a race). The Entity is responsible for ensuring they have the legal basis (such as consent or contract) to upload this data to CanoeApp.
  • Our Role: We process this data solely on the instructions of the Entity to provide the features of the application (creating start lists, timing races, publishing results).

3. Information We Collect

3.1. Registered Users (Direct Collection)

  • Identity Data: First and last name.
  • Contact Data: Email address.
  • Settings: Time zone and country.
  • Preferences: Your consent to receive association requests from Entities.

3.2. Athlete Data (Collected via Entities)

Entities upload data about athletes. If you are an athlete, this data is provided to us by your Club or Federation. In some cases, the competition organizer may enter athlete data on behalf of another Entity when entries are submitted outside the platform (e.g., by email) for competition administration:

  • Name and Surname.
  • Year of Birth (required for Age Group validation).
  • Country of Birth and National Federation.
  • ICF (International Canoe Federation) Number.
  • Active Status.

3.3. Competition Data

During events, we collect performance data, including start times, finish times, split times, and penalties (e.g., gate touches in Slalom).

3.4. Technical and Usage Data

We process certain technical data necessary for the secure and accurate operation of the platform:

  • IP address and Browser/Device information.
  • Browser time zone (required for accurate competition timing).
  • Session and access identifiers (for managing login states and temporary access).

3.5. Social Login Data

If you choose to sign in with a third-party identity provider, we receive information from that provider such as your name and email address. We use this data to create or link your account and to authenticate you.

3.6. Cookies and Similar Technologies

We use cookies and similar technologies to ensure proper functionality, security, and user experience. Details about specific cookies, their purpose, and retention are described in our Cookie Policy, which forms part of this Privacy Policy.

4. Purposes of Processing

We process personal and technical data for the following specific purposes:

  • Account Management: User account creation, authentication, and role management.
  • Competition Administration: Competition setup, administration, and the submission/management of athlete entries.
  • Sporting Operations: Timing, judging, result calculation, and the generation of start lists, results, and PDF documents.
  • Temporary Access: Facilitating limited access to specific parts of the website (e.g., live results, judging tools) via shared links or access codes.
  • Security & Compliance: Security monitoring, fraud prevention, system integrity, and compliance with legal and regulatory obligations.

We do not use personal data for advertising, profiling, or marketing purposes.

5. Legal Bases for Processing (Where CanoeApp Is Controller)

When CanoeApp is the Data Controller (Section 2.1), we process data under the following legal bases, as applicable:

  • Performance of a Contract: To provide your account and access to the Service.
  • Legitimate Interests: To secure the Service, prevent fraud, and maintain platform integrity.
  • Legal Obligation: To comply with applicable laws and regulations.
  • Consent: Where required, for optional features (such as receiving Entity association requests).

6. Responsibilities

6.1. Entity Responsibilities

Entities using CanoeApp are responsible for:

  • Ensuring the accuracy of the Athlete Data they upload.
  • Obtaining necessary consents from Athletes (or their guardians) to share their data with CanoeApp for competition purposes.
  • Responding to privacy requests (e.g., data deletion) from their Athletes.
  • Ensuring they have a lawful basis to submit Athlete Data, including when entering data on behalf of another Entity.

6.2. CanoeApp Responsibilities

We are responsible for:

  • Securing the infrastructure where data is stored.
  • Ensuring data is only processed as defined by the functionality of the app.

7. Public Disclosure of Data

Important: Due to the nature of competitive sports, certain data is inherently public.

  • Public Results: If a competition is marked "Public" by the organizing Entity, athlete data (Name, Club, Country, National Federation) and performance results will be accessible to any visitor on the "Live Results" and "Final Results" pages. Year of birth is not published.
  • PDF Exports: Result lists generated as PDF files may be downloaded by authorized Entity users and provided to the organizing Entity for public distribution and official record-keeping.

8. Sharing and Disclosure

We share data only as necessary to operate the Service and fulfill legal obligations:

  • With Entities: Competition and athlete data is made available to the organizing Entity and its authorized users.
  • Service Providers: We may use trusted vendors for hosting, storage, and infrastructure support under confidentiality obligations.
  • Legal Requirements: We may disclose information if required by law or to protect our rights, users, or the integrity of the Service.

9. Data Storage and Transfers

All personal data, Entity data, and competition results processed by CanoeApp are stored on secure servers located within the European Union (EU). If data must be transferred outside the EU in the future, we will implement appropriate safeguards consistent with applicable law.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encrypted communication (HTTPS).
  • Data encryption when stored.
  • Secure server infrastructure.
  • Access control for authorized personnel only.
  • Secure session management, hashing, and secure handling of temporary identifiers.

Despite these measures, no system can be guaranteed to be completely secure.

11. Data Retention

We retain competition history and results to serve the historical record-keeping needs of the Entities.

  • Registered Users: You may request the deletion of your account by contacting us.
  • Athlete Data: Requests to delete Athlete history must generally be directed to the relevant Federation or Club (the Data Controller), as historical results are often part of the official sporting record.
  • Technical Data: Log and security data are retained only for as long as necessary for security and operational purposes.

12. Your Rights

Depending on your location (e.g., GDPR in Europe), you have specific rights regarding your personal data. These rights include:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention obligations.
  • Right to Restriction: Request that we limit the processing of your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

12.1. How to Exercise Your Rights

  • For Registered Users: As the Data Controller for your account data, you can exercise these rights by contacting us directly at [Contact Email] or through your account settings where available.
  • For Athletes: As the Data Processor, we cannot directly fulfill requests regarding Athlete Data. You must contact the Entity (Club or Federation) that registered you. We will assist the Entity in fulfilling your request upon their instruction.

12.2. Limitations Regarding Sporting Records

Please note that the Right to Erasure and Right to Object may be limited regarding official competition results. Historical sporting records are often maintained indefinitely for archiving purposes in the public interest and for the legitimate interests of the sport.

13. Updates to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.