Skip to main content

Players 1st Privacy Policy

Kimberly Quimson avatar
Written by Kimberly Quimson
Updated yesterday

Players 1st Privacy, Security, and Data Protection Policy

Effective Date: November 2025

Players 1st ApS (“Players 1st”, “we”, “us”, or “our”) is committed to protecting your privacy and ensuring the lawful, fair, and transparent processing of your personal data.

This Privacy and Data Protection Policy explains how we collect, use, store, and share personal data when you use our platform and related services (“Services”), and how we safeguard the security and integrity of that data.

It also outlines your rights under applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR, and the Data Protection Act 2018.

This Policy applies to users in the European Economic Area (EEA), the United Kingdom, Great Britain & Ireland, and Germany. References to “GDPR” include the UK GDPR where applicable.

1. Data Controller

Players 1st ApS
CVR 34694222
Paradisgade 4C
8000 Aarhus C, Denmark
Email: privacy@players1st.com

2. Our Commitment to Data Security and Integrity

Players 1st is built on secure, Microsoft Azure–hosted infrastructure, with strict access control, encryption in transit and at rest, and IP validation.

  • Each survey invitation email includes an “Unsubscribe” link.

  • We continuously monitor and protect domain reputation.

  • Our platform complies with the core principles of GDPR: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality.

A copy of our general Data Processing Agreement (DPA) is available here:

https://help.players1st.sport/en/articles/12828792-data-processing-agreement

3. Personal Data We Collect

We collect and process the following categories of personal data:

  • Identification and Account Data: name, email address, organization or club affiliation, login credentials, and subscription details.

  • Survey Data: responses, ratings, and open comments you voluntarily provide.

  • Usage Data: platform interactions such as login times, navigation paths, and feature usage. This includes analytics and diagnostic data collected via PostHog and Sentry to monitor performance.

  • Technical Data: IP address, browser type, device identifiers, and operating system details.

  • Communication Data: correspondence and support interactions.

We do not intentionally collect special categories of data (as defined in Article 9 GDPR) unless you voluntarily disclose it (e.g., in open survey comments).

4. Purposes and Legal Bases for Processing

Purpose

Legal Basis

To provide and operate our Services

Art. 6(1)(b) – Performance of a contract

To manage user accounts and provide support

Art. 6(1)(b) – Performance of a contract

To analyze usage and improve platform performance

Art. 6(1)(f) – Legitimate interest (service optimization)

To monitor errors and ensure service reliability

Art. 6(1)(f) – Legitimate interest (maintaining performance)

To communicate service updates or notices

Art. 6(1)(f) – Legitimate interest (user communication)

To comply with legal obligations

Art. 6(1)(c) – Legal obligation

To send marketing communications (opt-in only)

Art. 6(1)(a) – Consent

5. Third-Party Processors

We use trusted third-party service providers (“Processors”) to help operate, maintain, and improve our Services.

Each provider acts under a written Data Processing Agreement (DPA) ensuring compliance with the GDPR and UK GDPR and is required to implement appropriate technical and organizational safeguards to protect your data.

Current processors:

All third-party processors are contractually prohibited from using personal data for their own purposes and must maintain strict confidentiality and security standards.

6. International Data Transfers

Some personal data, including usage data processed by Intercom or SendGrid, may be transferred outside the European Economic Area (EEA) and the United Kingdom, specifically to the United States.

To ensure compliance with Chapter V of the GDPR and the UK GDPR, Players 1st implements the following safeguards for such transfers:

  • Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Government

  • Adequacy decisions, where applicable

  • Technical and organizational measures, such as encryption, access controls, and restricted access to authorized personnel only

By using our Services, you acknowledge that your personal data may be transferred and processed in jurisdictions outside the EEA and UK under these safeguards.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law.

If you delete your account or request deletion, we will complete full deletion within 90 days unless retention is legally required (e.g., for compliance or dispute resolution).

8. Data Security

We maintain appropriate technical and organizational security measures, including:

  • Encryption in transit and at rest

  • Access control and authentication (including two-factor authentication)

  • Continuous monitoring and logging

  • Regular security audits and penetration testing

9. Your Rights

Under the GDPR and UK GDPR, you have the right to:

  • Access, rectify, or delete your personal data

  • Restrict or object to processing under certain circumstances

  • Request data portability

  • Withdraw consent at any time (without affecting prior lawful processing)

  • Lodge a complaint with a supervisory authority

Germany: Contact your local Landesdatenschutzbehörde (list here)
UK: Information Commissioner’s Office (ICO)

To exercise your rights, contact us at privacy@players1stgroup.com

10. Children’s Data

Our Services are not directed toward children under the age of 16.
If we become aware of any such data collection, it will be promptly deleted.

11. Policy Updates

We may update this Policy periodically to reflect changes in data practices or legal requirements. Material updates will be communicated via email or in-app notification.

12. Contact Information

Players 1st ApS
Paradisegade 4C
8000 Aarhus C, Denmark
privacy@players1st.com

13. AI Assistant (Powered by Microsoft Azure)

Players 1st offers an AI Assistant feature to help users interact with the platform, explore insights, and analyze open feedback efficiently. This feature is hosted securely on Microsoft Azure within the European Union and fully complies with EU and UK data protection standards.

When you use the AI Assistant, your query is processed through a secure, EU-hosted API connection to generate a response based solely on your organization’s survey data.

Key points:

  • Data security: Processing occurs exclusively on EU-based Microsoft Azure servers.

  • Privacy: Your data is not used for AI model training or shared externally.

  • Scope: The Assistant only accesses your club’s dataset and only when you initiate a query.

  • Confidentiality: Sensitive identifiers (e.g., names, emails, phone numbers) are not shared with the model.

Legal Basis and Safeguards

  • Purpose of processing: To generate automated insights from your club’s comment data.

  • Legal basis: Art. 6(1)(b) GDPR – performance of a contract (providing the AI feature); and Art. 6(1)(f) GDPR – legitimate interest (service improvement and user assistance).

  • Hosting location: European Union (Microsoft Azure data centers).

  • Data protection: Enforced through encryption, controlled access, and regular audits.

We encourage users to avoid including personally identifiable information (PII) in AI Assistant queries unless strictly necessary.

UK Addendum

Players 1st also complies with the UK GDPR and the Data Protection Act 2018.
References to “GDPR” in this Policy include the UK GDPR where applicable. The relevant supervisory authority for UK users is the Information Commissioner’s Office (ICO).

Did this answer your question?