Privacy Policy (GDPR)

1. Controller

Controller within the meaning of the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679):

Daniel Brüser
Lütke-Kleistr. 5
48231 Warendorf
Email: info@ani-m.de

2. Categories of processed data

a) Event data

• Event name
• Event date
• Event ID

b) Participant / scorecard data

• Shooter name
• Team (optional)
• Discipline (FT / HFT)
• Weapon type / class
• Categories (e.g., Open, Lady, Veteran, Junior, etc.)
• Scores / target results
• Notes (optional)

c) Technical data

• Scorecard ID (random UUID)
• Timestamps (when changes are saved/synced)
• Local browser storage (LocalStorage)

We do not intentionally store IP addresses beyond what is technically required in server log files (e.g., for security and operation).

3. Purpose

• creating and managing events
• recording and displaying results
• optional online synchronization between devices
• export (CSV) for event organizers

No marketing tracking, profiling, or advertising use is performed.

4. Legal basis

• Art. 6(1)(a) GDPR (consent) – via checkbox confirmation
• where applicable, Art. 6(1)(b) GDPR (performance of a contract) – participation in an event
• and/or Art. 6(1)(f) GDPR (legitimate interests) – secure and stable operation

You can withdraw your consent at any time with effect for the future.

5. Storage & transfer

a) Local (offline-first)

By default, data is stored locally in your browser via LocalStorage. You can delete it at any time by clearing your browser storage.

b) Online sync (optional)

If online synchronization is enabled, data is transmitted to our server endpoint (api.php) for storage and synchronization. Transfer should be encrypted via HTTPS when supported by the hosting environment.

6. Retention / deletion (30 days)

Event-related data stored on the server is deleted no later than 30 days after creation of the event:

• either manually by the organizer,
• or automatically via server-side routines (e.g., cron job).

Local data in the browser remains stored until you delete it yourself.

7. Third parties / hosting

We do not share event/participant data with third parties.

The website/app is hosted by a hosting provider. Processing by the provider may occur for hosting and server operation and is covered where required by an agreement pursuant to Art. 28 GDPR.

8. Rights of data subjects

As a data subject within the meaning of the GDPR (Regulation (EU) 2016/679), you have the following rights:

• Right of access pursuant to Art. 15 GDPR
• Right to rectification pursuant to Art. 16 GDPR
• Right to erasure ("right to be forgotten") pursuant to Art. 17 GDPR
• Right to restriction of processing pursuant to Art. 18 GDPR
• Right to data portability pursuant to Art. 20 GDPR
• Right to withdraw consent at any time pursuant to Art. 7(3) GDPR
• Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR
• Right to an effective judicial remedy pursuant to Art. 79 GDPR

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

The competent supervisory authority in Germany is the data protection authority of the federal state in which you reside or in which the controller is established.

9. Security

We implement appropriate technical and organizational measures to protect data against loss and unauthorized access. Data transfer should be encrypted using HTTPS when available.

10. Voluntary information

Entering personal information (e.g., shooter names) is voluntary. Event organizers are responsible for ensuring participant data is collected and used lawfully for the purpose of the event.