MECCIDatenschutzrichtlinie von MECCI

Letzte Aktualisierung: 22 Agosto 2025

1) Verantwortlicher für die Datenverarbeitung

The Data Controller of personal data is:

Mecci.app
Datenschutz-/DSB-Kontakt: info@mecci.app

The Controller is not required to appoint a DPO under Arts. 37–39 GDPR, unless otherwise assessed in the future.

2) Verarbeitete Daten

MECCI processes exclusively the data necessary for service operation and platform security.

a) Account data

  • name, surname, email
  • avatar and identifier issued by OAuth provider (e.g. Google)
  • account settings

b) Data generated from app usage

  • tournaments created, teams, participants, calendars, results
  • statistics and interactions with app features

c) Technical and security logs

  • IP address
  • user agent / device
  • audit logs related to access, modifications and relevant activities, for security and abuse prevention purposes

d) Payment data (Pro users only)

  • transaction outcome
  • amount, order reference, purchased plan
  • license validity period

MECCI does not store complete payment card data, processed exclusively by certified providers (Stripe, PayPal or equivalents).

e) Cookies and similar technologies

  • technical cookies for proper website/app operation
  • any analytical or aggregate measurement cookies only with prior consent, where required

3) Zwecke und Rechtsgrundlagen (Art. 6 DSGVO)

a) Authentication, account creation and management
Legal basis: contract execution (Art. 6.1.b GDPR).

b) Use of app features (tournament management, teams, matches, results)
Legal basis: contract execution (Art. 6.1.b GDPR).

c) Security, abuse prevention, technical monitoring and auditing
Legal basis: Controller's legitimate interest in ensuring security, integrity and service continuity (Art. 6.1.f GDPR).

d) Billing, accounting and regulatory compliance
Legal basis: legal obligation (Art. 6.1.c GDPR).

e) Service communications (technical updates, plan expiry notices, functional changes)
Legal basis: contract execution (Art. 6.1.b GDPR).

f) Aggregate analysis, product improvement, UX optimization
Legal basis: legitimate interest (Art. 6.1.f GDPR). For non-essential analytical tools, consent is required where necessary (Art. 6.1.a GDPR).

4) Datenbereitstellung

Die Bereitstellung von Daten, die für Authentifizierung und Turnierverwaltung erforderlich sind, ist für die App-Nutzung obligatorisch. Die Nichtbereitstellung verhindert die Servicebereitstellung.

5) Aufbewahrung

a) Account data
Retained until account deletion by the user.

b) Tournament, match and generated content data
Retained for the time necessary to provide the service. Following account deletion, they may be anonymized or maintained in non-user-identifiable form, when necessary for statistical purposes or to preserve historical consistency of tournaments.

c) Security and audit logs
Retained approximately for 12–24 months, except for additional retention needs in case of security incidents or legal defense.

d) Fiscal and billing data
Retained for terms provided by Italian regulations (e.g. 10 years).

6) Empfänger

Personal data may be processed by:

  • hosting and cloud infrastructure providers
  • authentication providers
  • payment services
  • consultants or authorized processing subjects

These subjects operate as Data Processors under Art. 28 GDPR.

The updated list of processors is available upon request.

Data is not sold nor transferred to third parties for autonomous commercial purposes.

7) Drittlandübertragungen

Where some providers operate outside the European Economic Area, data transfer occurs in compliance with Arts. 44–49 GDPR, through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCC)
  • further guarantees required by GDPR

8) Rechte der betroffenen Person

The user may exercise at any time the rights provided by Arts. 15–22 GDPR, including:

  • access to personal data
  • rectification and update
  • deletion ("right to be forgotten")
  • processing limitation
  • opposition
  • data portability

Requests must be sent to: info@mecci.app

The user also has the right to lodge a complaint with the Data Protection Authority.

9) Cookies

MECCI uses technical cookies necessary for website and user area operation.

Any analytical or profiling cookies are activated only with prior consent through the appropriate banner, when provided.

For more details, a dedicated Cookie Policy is available (if adopted).

10) Minderjährige

Der Service ist nicht für Minderjährige unter 14 Jahren ohne Einwilligung der Eltern/Vormünder bestimmt.

The user registering an account declares to have the minimum required age.

11) Änderungen

Wir behalten uns vor, diese Information regelmäßig zu aktualisieren. Änderungen werden auf dieser Seite veröffentlicht.

Continued use of the service implies acceptance of the updated version of the notice.