Analytics cookies
We use analytics cookies to understand how the site is used and improve the experience. You can accept or decline.

Privacy Policy

FTHA Results Service & PeliJS — Tournament Management Platform

Controller: Suomen Pöytäjääkiekkoliitto ry
Contact: webmaster@poytajaakiekko.fi
Last updated: 2026-02-05

1. Overview

FTHA Results Service & PeliJS is a table hockey tournament management and statistics platform operated by Suomen Pöytäjääkiekkoliitto ry (Finnish Table Hockey Federation). This privacy policy describes what personal data we collect, why we collect it, and how we process it in accordance with the EU General Data Protection Regulation (GDPR).

2. Data We Collect

2.1 Account Data

When you create an account (directly or via Google sign-in), we collect:

  • Name — your display name
  • Email address — used for login and communication
  • Password — stored as a bcrypt hash (never in plain text)
  • Profile image — either uploaded or from your Google account

2.2 Player Profile Data

If you link a player profile to your account, we may additionally store:

  • Birth year
  • Nationality
  • Profile image (hosted on Cloudinary)
  • ITHF (International Table Hockey Federation) world ranking ID

2.3 Tournament and Match Data

When you participate in tournaments, we collect:

  • Match scores and results
  • Tournament standings and statistics
  • Live session data (score submissions, chat messages)

Tournament data including player names, match scores, standings, and rankings is publicly visible. This is inherent to the service's purpose as a sports statistics platform.

2.4 Pre-Registration Data

When registering for events without an account, you may optionally provide:

  • Name
  • Email address
  • Birth year
  • Nationality

2.5 Technical and Audit Data

We automatically collect:

  • IP address — logged in audit records and live session submissions
  • User agent (browser/device information) — logged in audit records
  • Timestamps — for all recorded actions

This data is collected for security, fraud prevention, and ensuring the integrity of tournament records.

2.6 Cookies

We use the following cookies. Analytics cookies are only set after you grant consent.

Cookie Purpose Duration
next-auth.session-token Authentication session 90 days
next-auth.csrf-token CSRF protection Browser session
locale Language preference 1 year
platka-accent Theme color preference Persistent
platka-theme-overrides Theme customization Persistent
platka-analytics-consent Stores your analytics consent choice 1 year
_ga / _ga_* Google Analytics 4 usage analytics 2 years

3. Legal Basis for Processing

We process personal data under the following GDPR legal bases (Article 6):

  • Consent (Art. 6(1)(a)) — account creation, Google OAuth sign-in
  • Performance of a contract (Art. 6(1)(b)) — providing tournament management services
  • Legitimate interest (Art. 6(1)(f)) — security auditing, fraud prevention, maintaining integrity of tournament records

4. Third-Party Services

We use the following third-party services that may process your data:

Service Purpose Data Shared Location
Google OAuth Authentication Email, name, profile picture US
Google Analytics 4 Usage analytics (consent-based) Page views and event metadata US
Cloudinary Image hosting Profile and event images US
SMTP provider Email delivery Email addresses EU
ITHF (trefik.cz) World ranking data Player names (public data) Czech Republic (EU)

For US-based services (Google, Cloudinary), data transfers are protected by Standard Contractual Clauses (SCCs) and other appropriate safeguards.

5. Data Storage and Transfers

  • Our database is hosted within the EU/EEA.
  • Data transferred to third-party services outside the EU is protected by Standard Contractual Clauses or other GDPR-compliant transfer mechanisms.

6. Data Retention

  • User accounts: Retained until you request deletion
  • Tournament results and standings: Retained indefinitely as public sports records
  • Audit logs: Retained indefinitely for tournament integrity
  • Email verification tokens: Automatically deleted after 24 hours
  • Password reset tokens: Automatically deleted after expiration

7. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing of your data
  • Data portability — receive your data in a structured format
  • Object to processing based on legitimate interest

To exercise any of these rights, contact us at webmaster@poytajaakiekko.fi.

Note: Deletion of your account does not remove publicly recorded tournament results (match scores, standings), as these constitute public sports records.

You also have the right to lodge a complaint with the Finnish Data Protection Authority:

Tietosuojavaltuutetun toimisto
Lintulahdenkuja 4, 00530 Helsinki
tietosuoja.fi

8. Children

We do not impose a minimum age for registration. However, in accordance with Finnish implementation of the GDPR, users under 16 years of age require parental or guardian consent to create an account and use the service. By creating an account for a minor, the parent or guardian accepts this privacy policy on their behalf.

9. Security Measures

We implement the following security measures to protect your data:

  • Passwords hashed with bcrypt
  • HTTPS encryption in production
  • HTTP-only, secure session cookies
  • CSRF token protection
  • Rate limiting on live session submissions

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For significant changes, we may notify users by email.

For questions about this privacy policy or your personal data, contact us at webmaster@poytajaakiekko.fi.