Privacy Policy

Privacy Policy 1. Data controller SportPas is the data controller for the processing of your personal data. Contact: sportpas.dk@gmail.com Address: Aarhus, Denmark 2. What we collect We only collect information necessary to provide our service: - Name and email address (when creating an account) - Company affiliation and role (employee, employer, or venue owner) - Timestamps and venue ID at check-in - Technical logs (IP address, browser type) for security and error handling We do not collect health data, fitness statistics, or GPS location. 3. Purposes and legal basis We process your data to: - Create and manage your account (contract, GDPR art. 6.1.b) - Process check-ins at partner venues (contract, art. 6.1.b) - Comply with legal requirements (legal obligation, art. 6.1.c) - Improve the service and prevent misuse (legitimate interest, art. 6.1.f) 4. Sharing of data We do not share your personal data with third parties for marketing purposes. Data is shared only: - With the company that granted you access (for administration purposes) - With the venue you check in to (name and time of visit) - With data processors that help us operate the service (hosting, email) All data processors are bound by data processing agreements and process data within the EU/EEA. 5. Retention We retain your data for as long as your account is active, or as long as required by law. Check-in logs are retained for up to 24 months. 6. Your rights You have the right to: - Access the data we hold about you - Have incorrect data corrected - Have your data deleted (right to erasure) - Receive your data in a machine-readable format (data portability) - Object to processing based on legitimate interest Send a request to: sportpas.dk@gmail.com You can also lodge a complaint with the Danish Data Protection Agency (datatilsynet.dk). 7. Cookies We only use technically necessary cookies to keep you logged in. See our cookie policy for details.