Privacy policy
This policy explains how Critmortal collects, uses, and protects personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Italian Privacy Code (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018).
Data controller
The data controller is Filippo Vivirito, operating the Critmortal platform. Contact: info@critmortal.com.
Data we collect
| Category | Data | Source |
|---|---|---|
| Account | Name, email address, profile picture | Provided by you or via Google Sign-In |
| Club membership | Club affiliations, approval status, join date | Created when you join a club |
| Activity | Event sign-ups, match results, dinner orders, marketplace listings | Generated by your use of the app |
| Contact details (optional) | Phone number, social profile links | Provided voluntarily in your profile |
| Technical | Session cookies, push notification tokens | Generated automatically on login |
Why we process your data
- Contract performance — to operate your account, manage club memberships, and deliver the features you use (events, notifications, marketplace, etc.).
- Legitimate interest — to maintain platform security, prevent abuse, and improve the service through aggregate analytics.
- Legal obligation — to comply with applicable law when required.
We do not sell personal data. We do not use personal data for automated decision-making or profiling that produces legal effects.
Data sharing
Your data is shared only within the club you belong to (other members see your name and the profile details you choose to make visible). We do not share data with third parties except:
- Google — if you sign in with Google, Google processes your authentication data under their own privacy policy.
- Hetzner Online GmbH — our hosting provider stores data on servers located in the EU (Germany).
Retention
Account data is retained for as long as your account is active. If you request deletion, we will erase your personal data within 30 days, except where retention is required by law. Activity records (e.g. match results) may be anonymised rather than deleted to preserve club statistics.
Your rights
Under GDPR you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request erasure ('right to be forgotten')
- Restrict or object to processing
- Receive a copy of your data in a portable format
- Lodge a complaint with the Italian DPA (Garante per la protezione dei dati personali — www.garanteprivacy.it)
To exercise any of these rights, email info@critmortal.com with the subject "Privacy request". We will respond within 30 days.
Cookies
For details on cookies, see our Cookie policy.
Last updated: June 2025.