Privacy & Cookie Policy

Last updated: 4 June 2026

This Privacy and Cookie Policy describes how personal data is processed in connection with the LAUD platform available at laud.com (the “Service”), including the public website and user accounts, and explains the rights of the individuals whose data we process.

1. General provisions

The controller of personal data within the meaning of the data protection regulations is Scale sp. z o.o. with its registered office in Warsaw, ul. Dominiki 6, 03-604 Warszawa, entered into the register of entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, XIII Commercial Division of the National Court Register under KRS number 0000827120, NIP 5242897605, REGON 385497806, share capital PLN 25,000 (the “Administrator”).

The legal basis for the processing of personal data by the Administrator is:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), hereinafter the “Regulation” or “GDPR”;
• the Act of 10 May 2018 on the protection of personal data, hereinafter the “Act”.

Given that the Administrator does not meet the criteria set out in Article 37(1) of the Regulation, no Data Protection Officer has been appointed. All matters relating to the protection of personal data should therefore be directed to the Administrator by e-mail at legal@laud.com.

The Administrator pays particular attention to protecting the privacy of users of the Service. Personal data is collected with due diligence, kept confidential and protected against unauthorised access using the technical and organisational measures required by the Regulation and the Act.

The Administrator does not process special categories of personal data (sensitive data) of users of the public website. The public website is not directed at children under the age of 16.

2. Scope of this Policy — controller and processor

This Policy concerns personal data for which the Administrator acts as the controller — primarily the data of website visitors and of the persons who create and use accounts in the Service (e.g. staff of sports clubs and organisations).

Where a client (e.g. a club or organisation) uses the Service to process personal data of third parties — such as players, including minors, members of staff, or other individuals whose data the client uploads or generates within the platform — the client is the controller of that data and the Administrator acts solely as a processor acting on the client’s documented instructions. Such processing is governed by a separate data processing agreement concluded with the client, and not by this Policy.

3. Your rights

In connection with the processing of personal data, you have the following rights:

• the right of access to your data, including the right to obtain confirmation whether your data is processed and to receive a copy of it;
• the right to rectification of inaccurate data and to complete incomplete data;
• the right to erasure (“the right to be forgotten”) where the data is no longer necessary, consent has been withdrawn and there is no other legal basis, an objection has been raised, or the data has been processed unlawfully;
• the right to restriction of processing in the cases set out in the Regulation;
• the right to object to processing carried out on the basis of legitimate interest;
• the right to data portability, i.e. to receive your data in a structured, commonly used, machine-readable format and to have it transmitted to another controller where technically feasible;
• the right to withdraw consent at any time, without affecting the lawfulness of processing carried out before its withdrawal;
• the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych) where you believe the processing infringes the Regulation.

To exercise the above rights, please contact the Administrator by e-mail at legal@laud.com.

4. Profiling and automated decisions

The Administrator does not make decisions about users based solely on automated processing, including profiling, that would produce legal effects concerning them or similarly significantly affect them.

5. Entrustment of data processing

For the proper provision of the Service, the Administrator uses external providers (processors) that offer sufficient guarantees of appropriate technical and organisational measures in accordance with Article 28 of the Regulation. With each such provider the Administrator concludes a data processing agreement.

The Administrator entrusts the processing of personal data to the following categories of entities:

• providers of hosting, cloud infrastructure and content delivery / video streaming and storage;
• providers of authentication, database and application back-end services;
• providers of website and product analytics;
• providers of payment and billing services;
• providers of e-mail, SMS and other communication services;
• providers of anti-spam / CAPTCHA protection and transactional e-mail delivery for online forms (e.g. the contact form);
• providers of other technical, IT and organisational solutions necessary for the operation of the Service.

Some of these providers (for example providers of cloud infrastructure, analytics or payments) may process data outside the European Economic Area. In such cases the Administrator ensures an appropriate level of protection, in particular through the European Commission’s standard contractual clauses or an adequacy decision.

The Administrator may be obliged to disclose data to competent public authorities on the basis of a lawful request, to the extent resulting from that request.

6. Purposes, legal bases, retention and scope of data

• Creating and operating a user account — legal basis: Article 6(1)(b) GDPR (performance of a contract). Scope: first and last name, e-mail address, phone number, organisation/club, login data. Retention: for the duration of the account and afterwards for the period of limitation of potential claims.
• Handling contact and enquiries (e-mail) — legal basis: Article 6(1)(a) GDPR (consent) and Article 6(1)(f) GDPR (legitimate interest in responding). Scope: first and last name, e-mail address and the content of the message. Retention: until consent is withdrawn and then for the limitation period for claims.
• Billing and accounting — legal basis: Article 6(1)(c) GDPR (legal obligation). Scope: billing data. Retention: for the period required by tax and accounting law.
• Analytics and improving the Service — legal basis: Article 6(1)(a) GDPR (consent given via the cookie banner). Scope: technical and usage data described in section 7.
• Establishing, pursuing or defending claims — legal basis: Article 6(1)(f) GDPR (legitimate interest). Retention: until the legitimate interest ceases, no longer than the limitation period under the Civil Code.

7. Cookies

The Service uses cookies — small text files stored on the user’s end device that can be read by the Administrator’s IT system. On the first visit, the user is shown information about cookies together with a request for consent.

• Necessary cookies are used to ensure the proper functioning of the website and do not require consent.
• Analytics cookies are used only after the user’s consent. The Administrator uses Google Analytics (measurement ID G-C4N1K3JL42), provided by Google, to create statistics and optimise the operation of the Service. Until consent is given, the analytics script is not loaded.

The user may at any time change or withdraw consent and may also manage or delete cookies through their web browser settings. Disabling certain cookies may affect the functioning of the website.

8. Server logs

Using the Service involves sending requests to the server on which it is hosted. Each request is recorded in the server logs, which include, among others, the IP address, the date and time of the request, information about the browser and the operating system. Logs are stored on the server and used solely for administration purposes; they are not combined with other data and are not used to identify users.

9. Contact and changes

For any questions regarding this Policy or the processing of personal data, please contact the Administrator at legal@laud.com. The Administrator may update this Policy; the current version is always published on this page together with its effective date.