GDPR Compliance
Last updated: April 20, 2026
Our Commitment
The Gensan Pickleballers community is committed to protecting the privacy and personal data of all users in compliance with the General Data Protection Regulation (GDPR) and the Philippine Data Privacy Act of 2012 (Republic Act No. 10173). This page explains how we handle your personal data under these frameworks.
Data Controller
The data controller for the Paddle Stack application is the Gensan Pickleballers community, based in General Santos City, Philippines. For any data-related inquiries, please contact us through our Facebook page.
Lawful Basis for Processing
We process your personal data based on the following lawful grounds:
- Consent: You voluntarily provide your name, nickname, and skill level when registering. You consent to match data being recorded when you participate in open-play sessions.
- Legitimate Interest: We process gameplay statistics and leaderboard data to operate the community matchmaking and ranking system, which is the core purpose of the App.
Types of Data Processed
| Data Type | Purpose | Retention |
|---|---|---|
| Name & Nickname | Player identification | Until deletion request |
| Skill Level | Matchmaking & rankings | Until deletion request |
| Phone Number | Optional contact (community use) | Until deletion request |
| Match Results | Statistics & leaderboards | Indefinite (anonymizable) |
| XP & Rankings | Leaderboard display | Derived from match data |
Your Rights Under GDPR
As a data subject, you have the following rights:
Right of Access (Article 15)
You can request a copy of all personal data we hold about you. Your player profile and match statistics are already visible to you within the App.
Right to Rectification (Article 16)
You can request correction of any inaccurate or incomplete personal data. Contact us to update your profile information.
Right to Erasure (Article 17)
You can request deletion of your personal data ("right to be forgotten"). Upon request, we will delete your player profile and anonymize your match history data.
Right to Restriction of Processing (Article 18)
You can request that we restrict the processing of your data under certain circumstances, such as when you contest the accuracy of the data.
Right to Data Portability (Article 20)
You can request your personal data in a structured, commonly used, machine-readable format (e.g., JSON or CSV).
Right to Object (Article 21)
You can object to the processing of your personal data based on our legitimate interests. We will cease processing unless we have compelling legitimate grounds.
Right to Withdraw Consent
Where processing is based on your consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Data Protection Measures
- Data is encrypted in transit using HTTPS/TLS.
- Database access is restricted through Row Level Security (RLS) policies.
- No sensitive data (passwords, payment info) is collected or stored.
- Regular review of data handling practices.
International Data Transfers
Your data may be stored on servers outside of your country of residence through our cloud service provider (Supabase). These transfers are protected by appropriate safeguards in compliance with GDPR requirements.
Exercising Your Rights
To exercise any of your rights, please contact us through our Facebook page. We will respond to your request within 30 days. If we need additional time, we will inform you of the reason and expected timeframe.
Questions or Concerns?
If you have any questions about this policy or your data, please message us on our Facebook page.