Polasaí Príobháideachais
Nuashonraithe go deireanach: 1 March 2026
I bhfeidhm ó: 1 March 2026
1. Data Controller
TrapStats
Registered in CEIDG (Poland), NIP: 9592064173
REGON: 525970500
CEIDG registration date: 01.08.2023
Data protection enquiries: privacy@trapstats.co.uk
2. What Data We Collect
We collect and process the following categories of personal data, each with a specific lawful basis under UK GDPR / EU GDPR:
| Data Type | Purpose | Lawful Basis | Retention |
|---|---|---|---|
| Email address | Account creation, service delivery | Contract (Art. 6(1)(b)) | Account lifetime + 6 months |
| Name | Personalisation, communication | Contract | Account lifetime + 6 months |
| Payment information | Subscription billing | Contract | Processed by Stripe — we never store card details |
| IP address | Security, fraud prevention | Legitimate Interest (Art. 6(1)(f)) | 90 days |
| Usage data (pages viewed, features used) | Service improvement | Legitimate Interest | 12 months (anonymised) |
| Device/browser type | Technical compatibility | Legitimate Interest | 90 days |
| Betting preferences (selected tracks, alerts) | Feature personalisation | Contract | Account lifetime |
| Email marketing preferences | Newsletter, promotions | Consent (Art. 6(1)(a)) | Until consent withdrawn |
| Support correspondence | Customer service | Contract | 3 years |
| Financial records (invoices) | Legal/tax compliance | Legal Obligation (Art. 6(1)(c)) | 7 years (HMRC requirement) |
3. Analytics — Privacy-First Approach
We use Plausible Analytics, a privacy-focused analytics service that does NOT use cookies, does NOT collect personal data, and does NOT track individual users across websites. Plausible is hosted in the EU and is fully GDPR compliant. No cookie consent is required for Plausible.
4. Third-Party Data Sharing
We share data with the following third parties, each under appropriate safeguards:
| Provider | Purpose | Data Shared | Location | Safeguards |
|---|---|---|---|---|
| Stripe Inc. | Payment processing | Email, name, payment details | USA/EU | EU-US Data Privacy Framework + SCCs |
| Plausible Analytics | Anonymous site analytics | None (no personal data) | EU (Germany) | N/A — no personal data |
| Hetzner | Server hosting | All platform data | EU (Finland) | DPA + adequate safeguards |
We do not sell your personal data to any third party.
5. International Data Transfers
Our servers are located in the EU (Finland, Hetzner). For users in Ireland (EU), data transferred to the UK is protected by the European Commission's adequacy decision for the United Kingdom (adopted 28 June 2021). For transfers to the United States (Stripe), we rely on Standard Contractual Clauses (SCCs) and/or the EU-US Data Privacy Framework where applicable.
6. Your Rights
Under UK GDPR and EU GDPR, you have the following rights:
- Right of access (Subject Access Request) — obtain a copy of your personal data
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten") — request deletion of your data
- Right to restrict processing — limit how we use your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — withdraw marketing consent at any time
- Right not to be subject to automated decision-making — request human review
To exercise any of these rights, email: privacy@trapstats.co.uk. We will respond within 30 days (UK GDPR) / 1 month (EU GDPR).
UK residents: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) — ico.org.uk — Tel: 0303 123 1113
Irish residents: You have the right to lodge a complaint with the Data Protection Commission (DPC) — dataprotection.ie — Tel: +353 (0)761 104 800
EU residents (other): You may lodge a complaint with your local supervisory authority.
7. Children's Privacy
TrapStats is intended for users aged 18 and over only. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a minor, we will delete it immediately.
8. Data Security
We implement appropriate technical and organisational measures to protect your data, including: encryption in transit (TLS 1.3), encryption at rest, access controls, regular security reviews, and incident response procedures.
Payment data is handled exclusively by Stripe, a PCI-DSS Level 1 certified payment processor. We never see, store, or process your full card number.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email (if you have an account) and by posting the updated policy on this page with a new "Last updated" date.
10. Contact
Data Protection Officer: privacy@trapstats.co.uk
General enquiries: support@trapstats.co.uk
Postal address: Poland