GDPR Compliance

1. Our Commitment

Spiker Pro is committed to complying with the General Data Protection Regulation (GDPR) for users located in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland. This page supplements our Privacy Policy and explains your specific rights under GDPR.

2. Data Controller

Spiker Pro acts as the Data Controller for personal data collected through our Services. For questions about data processing:

• 📧 Data Protection Contact: privacy@spikerpro.com

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

4. Your GDPR Rights

If you are in the EEA, UK, or Switzerland, you have the following rights:

4.1 Right of Access (Article 15)

You have the right to request a copy of all personal data we hold about you. We will provide this within 30 days of your request.

4.2 Right to Rectification (Article 16)

You can correct inaccurate or incomplete personal data directly in the app (Profile → Edit) or by contacting us.

4.3 Right to Erasure ("Right to Be Forgotten") (Article 17)

You can request deletion of your personal data. We will:

• Delete your account and personal profile data
• Remove your name from active leaderboards
• Anonymize (but not delete) historical match results and scores to maintain data integrity for other players
• Retain financial records as required by law (typically 7 years)

4.4 Right to Data Portability (Article 20)

You can request an export of your data in a machine-readable format (JSON). This includes your profile, match history, ranking history, and event participation.

4.5 Right to Restrict Processing (Article 18)

You can request that we limit how we process your data while a complaint or dispute is being resolved.

4.6 Right to Object (Article 21)

You can object to processing based on legitimate interest. We will stop unless we have compelling legitimate grounds.

4.7 Right to Withdraw Consent (Article 7)

Where processing is based on consent (e.g., location tracking, marketing emails), you can withdraw consent at any time:

• Location: Disable in your device's Settings → Privacy → Location Services
• Marketing Emails: Click "Unsubscribe" in any marketing email
• Push Notifications: Disable in your device's Settings → Notifications

4.8 Right to Lodge a Complaint

If you believe we have violated your data protection rights, you have the right to lodge a complaint with your local data protection authority (DPA).

5. International Data Transfers

Your data may be transferred to and processed in the United States, where our servers are hosted (via Vercel and Supabase). We protect these transfers through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with all sub-processors
• Encryption in transit and at rest

6. Sub-Processors

We use the following third-party sub-processors:

7. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Notify affected individuals without undue delay if the breach poses a high risk
• Document the breach, its effects, and remedial actions taken

8. How to Exercise Your Rights

To exercise any of the rights above, you can:

• Use the in-app settings (Profile → Privacy → Request Data / Delete Account)
• Email us at privacy@spikerpro.com with the subject "GDPR Request"

We will respond within 30 days. We may request identity verification before processing your request. There is no fee for exercising your GDPR rights.