Back to landing page

Privacy Policy

for athlete-dc.com — the Athlete Development Cockpit by Bangalore Easycoding LLP

Last updated: March 2026

Below is our Privacy Policy, outlining the legal details. The main point is simple: we always aim to take care of you as a user and as a customer.

1. Controller and Contact Information

The controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:

Bangalore Easycoding LLP
235, Binnamangala 2nd Floor, 13th Cross Road
Indira Nagar 2nd Stage, Indiranagar
Bangalore North, Bangalore — 560038
Karnataka, India

Represented by:
- Vikas Kumar — vikas@easy-coding.io
- Rahul Dey — rahul@easy-coding.io
- Andi Peters — andi@easy-coding.io

Contact:
Email: andi@easy-coding.io | vikas@easy-coding.io | rahul@easy-coding.io
Website: https://athlete-dc.com

Data Protection Contact: For all questions regarding data protection, please contact:
Email: datenschutz@easy-coding.io

A formal Data Protection Officer (DPO) appointment is in progress and will be updated here upon completion.

2. Overview

This Privacy Policy explains how we collect, use, process, and protect personal data in connection with:

  1. The athlete-dc.com website — the landing page and marketing website for the Athlete Development Cockpit.
  2. The ADC product suite — including easyRecords, easyDataMesh, and SafeSport Messenger (easyRelay), when used by our customers’ organizations and their authorized users.

We distinguish between:

  • Website visitors — individuals who visit athlete-dc.com.
  • Customers — organizations (e.g., Olympic Training Centers, sport federations) that contract with us to use ADC products.
  • End users — individuals within customer organizations (athletes, coaches, medical staff, administrators) who use the ADC products.

For end users of the ADC products, the Customer is typically the data controller, and Bangalore Easycoding LLP acts as the data processor (Auftragsverarbeiter) pursuant to Art. 28 GDPR. The specific terms are governed by a separate Data Processing Agreement (AVV) between the parties.

3. Data Processing on the Website (athlete-dc.com)

3.1 Server Log Files

When you visit athlete-dc.com, our web server automatically collects and stores information in server log files, which your browser transmits to us. This includes:

  • IP address (anonymized where possible)
  • Date and time of the request
  • Browser type and version
  • Operating system
  • Referrer URL
  • Pages accessed

This data is processed on the basis of Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in ensuring the stability, security, and optimization of our website. This data is not combined with other data sources. Log files are automatically deleted after 30 days.

3.2 Contact and Demo Requests

If you contact us via email, contact form, or request a product demonstration, we process the personal data you provide (name, email address, organization, message content) for the purpose of handling your inquiry.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

This data is stored for the duration necessary to handle your request and for a subsequent retention period of up to 24 months for follow-up purposes, unless a contractual relationship is established, in which case the data is retained for the duration of the contract plus statutory retention periods.

3.3 Cookies

athlete-dc.com uses only technically necessary cookies that are essential for the functioning of the website. These cookies do not require consent under Art. 6(1)(f) GDPR.

We do not use analytics cookies, advertising cookies, or tracking technologies. We do not use Google Analytics, Facebook Pixel, or similar services.

If this changes in the future, we will implement a GDPR- and TTDSG-compliant consent management mechanism before deploying any non-essential cookies.

3.4 Hosting

The website and product infrastructure is hosted on Amazon Web Services (AWS), utilizing data centers located within the European Union (primarily AWS Frankfurt, eu-central-1 region). For customers opting for on-premise deployment, data resides entirely on the Customer’s own infrastructure.

A data processing agreement pursuant to Art. 28 GDPR is in place with AWS. Details on AWS’s GDPR compliance are available at https://aws.amazon.com/compliance/gdpr-center/.

4. Data Processing in the ADC Products

4.1 Role of Bangalore Easycoding LLP

When customers use easyRecords, easyDataMesh, or SafeSport Messenger (easyRelay), Bangalore Easycoding LLP acts as the data processor (Auftragsverarbeiter) on behalf of the customer (data controller). The processing activities, categories of data, and security measures are defined in the Data Processing Agreement (AVV) agreed between the parties.

We process personal data only in accordance with the customer’s documented instructions and this Privacy Policy.

4.2 Categories of Personal Data Processed

Depending on the products used, the following categories of personal data may be processed within the ADC:

easyRecords:

  • Master data of athletes: name, date of birth, gender, nationality, sport, discipline, squad status
  • Master data of staff: name, role, department, institutional affiliation
  • Contact data: email address, phone number (where provided by the customer)
  • Touchpoint data: service delivery records (type, duration, date, provider, cost center)
  • Access and authentication data: user ID, role, access permissions, login timestamps

easyDataMesh:

  • All data categories defined by the customer in their blueprints (data extract configurations)
  • Synchronization metadata: node identifiers, transfer timestamps, blueprint configurations
  • Audit data: data exchange logs between nodes

SafeSport Messenger (easyRelay):

  • Message content: text messages, images, documents, voice messages, video messages
  • Message metadata: sender, recipient(s), timestamp, delivery/read status, message ID
  • User profiles: display name, role, department, profile photo
  • Compliance data: audit trail entries, legal hold records, report records
  • Automated scanning metadata: flag categories and confidence scores (no content exposure)

4.3 Purposes of Processing

Personal data within the ADC products is processed for the following purposes:

  • Provision and operation of the contracted products
  • User authentication and access control
  • Data exchange between nodes (easyDataMesh) as configured by the customer
  • Secure messaging and communication via SafeSport Messenger (easyRelay)
  • Compliance, auditing, and legal hold as required by applicable law
  • System maintenance, error resolution, and security monitoring
  • Product improvement based on anonymized, aggregated usage data

4.4 Legal Bases

  • Art. 6(1)(b) GDPR: Performance of a contract with the customer.
  • Art. 6(1)(f) GDPR: Legitimate interest of the customer in managing athlete development and organizational communication.
  • Art. 6(1)(c) GDPR: Compliance with legal obligations (e.g., retention requirements, audit obligations).
  • Art. 6(1)(a) GDPR: Consent for optional features (e.g., read receipts, online presence, voluntary profile data) — consent is obtained by the customer through the product interface and may be withdrawn at any time.

4.5 Data Storage and Retention

  • Product data for European customers is stored on AWS servers located within the EU (Frankfurt region). Customers may alternatively opt for on-premise hosting on their own infrastructure.
  • Retention periods are configurable by the customer within the products (e.g., message retention policies in SafeSport Messenger).
  • Default retention: Active data is retained for the duration of the contract. Upon termination, data is made available for export for 90 days and subsequently deleted, unless longer retention is required by law or by active legal holds.
  • Backup data is retained for a maximum of 30 days after deletion of the primary data.

4.6 Encryption and Security

  • All data in transit is encrypted using TLS 1.3.
  • All data at rest is encrypted using AES-256-GCM.
  • SafeSport Messenger (easyRelay) messages are encrypted at rest with a split-key architecture (Key_A at runtime, Key_B in compliance vault).
  • Access to decrypted message content requires a dual-key compliance workflow and is fully audited.
  • Passwords are stored using industry-standard hashing algorithms (bcrypt/Argon2).
  • Systems are regularly tested for vulnerabilities.

5. Data Sharing and Sub-Processors

5.1 No Sale of Data

We do not sell, rent, or trade personal data to third parties.

5.2 Sub-Processors

We use the following categories of sub-processors for the operation of the ADC:

  • Amazon Web Services (AWS) — Purpose: Cloud infrastructure, hosting, data storage, backup — Location: EU (Frankfurt, eu-central-1) for European customer data — GDPR compliance: https://aws.amazon.com/compliance/gdpr-center/
  • Email Service Provider — Purpose: Transactional emails (e.g., password reset, notifications) — Location: EU
  • Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) — Purpose: Mobile push notifications for SafeSport Messenger (easyRelay) — Location: EU/US (content minimized — see Section 5.3)

A current list of sub-processors with specific entity names is available upon request at datenschutz@easy-coding.io. Customers are notified of changes to sub-processors in accordance with the Data Processing Agreement.

5.3 Push Notification Services

For mobile push notifications in SafeSport Messenger (easyRelay), we use Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM). Only minimal notification payloads are transmitted (e.g., “New message” without content). The customer can configure notification content levels: full preview, sender only, or silent.

5.4 Law Enforcement and Legal Requirements

We may disclose personal data to competent authorities if we are legally obligated to do so (e.g., by court order or statutory obligation). We will inform the customer of such requests to the extent legally permitted.

6. International Data Transfers

Bangalore Easycoding LLP is registered in India. However, all European customer data is processed and stored within the EU/EEA on AWS infrastructure in the Frankfurt region. Our development and support teams in Bangalore, India do not have access to production customer data by default.

Where access from outside the EU/EEA is necessary (e.g., for support or maintenance with the customer’s explicit authorization), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR
  • Transfer Impact Assessments (TIAs)
  • Supplementary technical measures (e.g., encryption, pseudonymization, access controls)

For customers opting for on-premise hosting, no data leaves the Customer’s own infrastructure. The Customer is informed of any international transfers as part of the Data Processing Agreement.

7. Rights of Data Subjects

7.1 For Website Visitors

As a visitor to athlete-dc.com, you have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR): You may request confirmation as to whether personal data concerning you is processed, and if so, access to such data.
  • Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR): You may request the deletion of your personal data, subject to legal retention obligations.
  • Right to restriction of processing (Art. 18 GDPR): You may request restriction of processing under certain conditions.
  • Right to data portability (Art. 20 GDPR): You may request to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21 GDPR): You may object to the processing of your personal data based on legitimate interests at any time.
  • Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise these rights, please contact: datenschutz@easy-coding.io

7.2 For End Users of ADC Products

If you are an end user of the ADC products (e.g., an athlete, coach, or staff member at an OSP), your organization (the Customer) is the data controller. Please direct data subject requests to your organization in the first instance.

The ADC products provide the following self-service capabilities to support data subject rights:

  • Art. 15 — Access: Users can export their own data via the product interface. Compliance Officers can generate complete exports.
  • Art. 16 — Rectification: Users can edit their profile and master data directly. Edit history is preserved for audit.
  • Art. 17 — Erasure: Erasure requests are processed per the retention policy configured by the Customer. Legal holds override erasure rights. Refusal of erasure is documented with justification.
  • Art. 18 — Restriction: Accounts can be set to read-only pending dispute resolution.
  • Art. 20 — Portability: Machine-readable export in JSON/CSV format is available.
  • Art. 21 — Objection: Objections are logged and reviewed by the Customer’s Data Protection Officer within 30 days.

8. Data Protection Impact Assessment (DPIA)

A Data Protection Impact Assessment pursuant to Art. 35 GDPR is required for the ADC products due to:

  • Systematic monitoring (automated scanning in SafeSport Messenger)
  • Processing of data concerning vulnerable persons (athletes, including minors)
  • Large-scale organizational processing

The DPIA is conducted by the Customer (as data controller) with support from Bangalore Easycoding LLP. It is reviewed by the Customer’s Data Protection Officer and shared with the Works Council where required.

9. Minor Athletes (Under 18)

Where the ADC products process data of athletes under the age of 18, the following enhanced protections apply:

  • Parental or guardian consent is required for account creation (obtained and documented by the Customer).
  • Communication in SafeSport Messenger (easyRelay) is restricted: minors may only communicate with verified, approved users.
  • Additional safeguarding flags are applied in automated scanning.
  • No profiling or automated decision-making is applied to minors’ data.
  • Enhanced data minimization principles apply.

These protections are implemented in accordance with Art. 8 GDPR and the specific requirements of the Customer’s safeguarding policies.

10. Works Council (Betriebsrat) Considerations

Where the Customer is subject to the German Works Constitution Act (BetrVG), the ADC products are designed to accommodate co-determination rights under § 87(1) No. 6 BetrVG. The products provide:

  • A Works Council dashboard (read-only) showing scanning rules, retention policies, legal hold counts, role assignments, and configuration changelogs.
  • Transparency regarding automated scanning rules and thresholds.
  • Configuration options that can be adjusted to reflect Works Council agreements (Betriebsvereinbarungen).

The responsibility for obtaining Works Council approval lies with the Customer.

11. Indian Data Protection Law

As a company registered in India, Bangalore Easycoding LLP also complies with applicable Indian data protection legislation, including the Digital Personal Data Protection Act, 2023 (DPDPA), to the extent applicable. Where Indian law and the GDPR impose different requirements, we apply the stricter standard for European customer data.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our products, legal requirements, or data processing practices. Material changes will be communicated via the website and, for customers, via email notification. The date of the last update is indicated at the bottom of this document.

13. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes data protection law, you have the right to lodge a complaint with a supervisory authority.

For individuals in Baden-Württemberg, Germany:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart, Germany
Website: https://www.baden-wuerttemberg.datenschutz.de
Email: poststelle@lfdi.bwl.de

For individuals in other EU/EEA countries: You may contact your local data protection supervisory authority. A list of EU supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

Last updated: March 2026
Bangalore Easycoding LLP — athlete-dc.com | easy-coding.io
Contact: andi@easy-coding.io | vikas@easy-coding.io | rahul@easy-coding.io
Data Protection: datenschutz@easy-coding.io