GDPR Compliance Policy – TalentLix OÜ

Controller: TalentLix OÜ, Tallinn, Estonia

Tax ID/VAT: To be assigned • Last updated: 21 Sep 2025

1. Scope & Purpose of Processing

TalentLix OÜ (“TalentLix”) processes personal data to operate a sports talent environment, including talent discovery, career opportunities, networking, athlete profiles, communications related to activities and events, and related services necessary to run the platform and club operations.

2. Legal Bases (Art. 6 GDPR)

Processing relies on one or more of the following:

Contract (Art. 6(1)(b)) – account, profile, access to features.
Legitimate interests (Art. 6(1)(f)) – security, fraud prevention, service improvements, internal reporting (balanced against your rights).
Consent (Art. 6(1)(a)) – optional features and certain communications; you may withdraw at any time.
Legal obligations (Art. 6(1)(c)) – compliance with applicable laws.

We do not request special category data by default. If you voluntarily share sensitive data (e.g., health), we will process it only where necessary and with an appropriate legal basis (e.g., explicit consent).

3. Categories of Personal Data

Identification: name, nationality, date of birth.
Contact: email, phone, city/country of residence.
Sports & professional: sport, role, career history, achievements, links to media you provide.
Technical: device data, IP address, logs necessary for security and delivery.
Preferences: profile visibility and communication settings.

4. Sources of Data

Data is obtained from you during registration/profile completion and from your use of the platform (technical/usage data). External media links you add may be governed by third-party privacy policies.

5. Registration of Minors under 14

Users under 14 may register and use the platform only with the explicit consent and ongoing supervision of a parent or legal guardian. Where required, we implement parental consent verification. Without valid parental consent, the account cannot be created or activated. Parents/guardians may request access, correction, or deletion of the minor’s data at any time using the contacts below. If we learn that a user under 14 registered without valid consent, we will suspend or delete the account promptly.

6. Recipients & Sharing

We do not share personal data with third parties without your explicit consent unless required by law or necessary to provide the platform/club services (e.g., vetted IT providers acting as processors under data processing agreements and appropriate safeguards).

7. International Transfers

Data is primarily processed/stored within the EU. If transferred outside the EEA, we ensure appropriate safeguards (e.g., Standard Contractual Clauses) and conduct transfer risk assessments where required.

8. Storage & Retention

We retain data while your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce agreements. Where law prescribes specific periods, we retain accordingly and delete or anonymize once expired.

9. Security Measures

We apply appropriate technical and organizational measures (access controls, encryption in transit where applicable, role-based permissions, monitoring, backups, confidentiality commitments). We review and improve safeguards regularly.

10. Data Subject Rights

You may exercise the following rights under GDPR (subject to conditions and law):

Access, rectification, erasure (“right to be forgotten”).
Restriction of processing and data portability.
Objection to processing based on legitimate interests or to direct marketing.
Withdrawal of consent where processing relies on consent.

Exercising certain rights may affect access to features that rely on the relevant processing.

11. Automated Decisions / Profiling

We do not make decisions producing legal effects solely based on automated processing (including profiling) within the meaning of Art. 22 GDPR. If introduced, we will provide clear information, safeguards, and the option to request human review.

12. Contact & Complaints

To ask questions or exercise your rights:

TalentLix OÜ, Tallinn, Estonia — Email: privacy@talentlix.com — Tax ID/VAT: To be assigned.

You may lodge a complaint with the Supervisory Authority in your country of residence or work. If you are unsure which authority applies, contact us and we will help direct your request.

13. Acknowledgement

By ticking the box at registration, you confirm that you have read and understood this policy and agree to the processing of your personal data by TalentLix OÜ in accordance with the above. If you are under 14: registration must be completed with parental/guardian consent and supervision; otherwise, your account cannot be activated.