TransferLobby

Privacy Policy

Version 1.0 · Effective April 2026

1. Who We Are

TransferLobby is operated by [Company Name] ("we", "us", "our"). We are the data controller for the personal data processed through our platform. For questions about this policy, contact us at privacy@transferlobby.com.

2. What Data We Collect

We collect the following personal data:

  • Account data: Email address and password (hashed)
  • Player profiles: Name, date of birth, country, nationality, position, league level, physical attributes (height, weight), preferred foot, bio, and custom performance stats
  • Team profiles: Team name, city, country, league, team type
  • Communication data: Messages sent in contact requests and listing applications
  • Financial data: Payment records for credit purchases (processed via Stripe)
  • Usage data: IP address, browser user agent, and interaction logs for audit purposes
  • Consent records: What you have consented to, when, and from which IP address

3. Legal Basis for Processing

  • Contract performance: Processing your data to provide the TransferLobby matching service
  • Consent: Marketing communications, optional data sharing with partners
  • Legal obligation: Retaining financial records as required by Finnish accounting law
  • Legitimate interest: Platform security, fraud prevention, service improvement

4. How We Use Your Data

  • To provide the player-team matching platform
  • To facilitate contact between players and teams
  • To process payments for contact credits
  • To communicate with you about your account
  • To improve our service and ensure platform security

5. Data Sharing

We share data only with:

  • Stripe: For processing payments. Stripe processes data under their own privacy policy.
  • Other users: Anonymized profile data is visible to other users. Full identity is only revealed when both parties accept a contact request.

We do not sell your personal data to third parties.

6. Data Retention

  • Account data: Kept until you request deletion, plus a 30-day grace period
  • Payment records: 6 years (required by Finnish accounting law)
  • Contact messages: 1 year
  • Consent records: Duration of account + 3 years
  • Inactive accounts: Anonymized after 2 years of inactivity

7. Your Rights

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your account and data
  • Portability: Export your data in machine-readable format
  • Object: Object to processing based on legitimate interest
  • Restrict: Request restriction of processing
  • Withdraw consent: Withdraw any consent you have given

You can exercise these rights through your account settings or by contacting us at privacy@playerexchange.com.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted password storage, HTTPS for all communications, and access controls.

9. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay where the breach is likely to result in a high risk to your rights.

10. International Transfers

Payment processing through Stripe may involve data transfer outside the EEA. Such transfers are protected by Standard Contractual Clauses approved by the European Commission.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated to you and may require your renewed consent. The current version is always available on this page.

12. Contact

For any questions about this privacy policy or to exercise your rights, contact us at privacy@transferlobby.com.