Clubily Privacy Policy.

When you access our platform as a registered user or visit our web portal, you place your trust in us by providing your data. This Privacy Policy aims to inform you with total transparency about the nature of the information collected, the reasons for obtaining it, and its purposes. Given its importance, we suggest you perform an exhaustive reading of the following clauses.

Laws incorporated by this Privacy Policy.

This Privacy Policy has been fully adapted to the regulations in force in Spain and the European Union on privacy and the processing of personal data on the internet. Specifically, the processing of information conforms to the provisions of the following rules:

•Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

•Organic Law 3/2018 of December 5 on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).

•Royal Decree 1720/2007 of December 21, approving the Regulation for the development of Organic Law 15/1999 of December 13 on the Protection of Personal Data (RDLOPD).

•Law 34/2002 of July 11 on Information Society Services and Electronic Commerce (LSSI-CE).

Privacy Policy.

The User provides their personal data to Clubily when registering or creating an account. We process your personal data in the following situations:

•When you use our Services;

•To continue updating, developing, and improving our Services;

•To communicate with you.

To offer you our Services, it is necessary to provide us with the required personal data described in this Privacy Policy. Otherwise, we will not be able to guarantee the correct functioning of our Services.

The Privacy Policy explains the following:

•What type of information is collected and for what purpose;

•How the information in question is used;

•What rights the registered User has and how they can contact Clubily if they have any questions about the processing of their personal data.

Clubily is the Data Controller for the personal data described in this Privacy Policy. Regarding additional personal data that may be processed within the platform, Clubily acts merely as a technical provider or data processor. Legal responsibility for the purpose and management of this data lies with the sports organization, to whose privacy policy the user should refer for any questions about the processing of their information.

If Clubily wishes to use information for purposes other than those described in this Privacy Policy, we will request your express consent.

Information we collect.

The creation of a user account and interaction with Clubily Services involve receiving personal data. To ensure maximum transparency, an informative table follows that breaks down the categories of the processed data, the purpose of each processing, and the legal basis that supports it. This section also details the periods for deleting and storing the personal data provided.

Data Category	Purpose of Processing	Legal Basis	Preservation Period
1. Identifying and contact data. Includes full name, date of birth, email address, and similar data.	Management and administration of the user account, sending of commercial marketing communications (general or personalized), and provision of technical assistance services.	Processing is necessary for the execution of the service contract. Marketing and technical support management are based on the legitimate interest of the entity in offering improvements and resolving incidents.	Not specified / Duration of service.
2. Supplementary identifying and contact information. Such as postal address or additional contact details.	Profile administration and optimization of communication channels with the user.	Based exclusively on voluntary consent provided by you. Its absence could limit certain secondary functions of the service.	Not specified.
3. Technical navigation identifiers. IP address, geolocation, operating system, and browser type.	Technical adaptation of the platform to the devices used and optimization of the navigation experience according to geographical location.	Legitimate interest to guarantee technical functioning and correct provision of contracted services.	60 days.
4. Activity and usage logs. Personal settings, frequency of access, and web sections consulted.	User behavior analysis for continuous improvement of the interface and personalization of site preferences.	Legitimate interest focused on the capacity to maintain, develop, and optimize the technological platform.	60 days.
Consolidated information (Sections 1 to 4).	Legal protection of the entity and management of possible legal actions or claims in defense of its interests.	Compliance with applicable legal obligations and pursuit of legitimate interests within the framework of effective judicial protection.	Not specified.

Personal data of minors.

According to Articles 8 of the GDPR and 7 of Organic Law 3/2018 of December 5 on the Protection of Personal Data and Guarantee of Digital Rights, the legitimacy of the processing of personal data through Clubily Services is reserved for those users who have turned 14 years old. Regarding minors under 14 years old, it will be an indispensable requirement to obtain the prior consent of their legal representatives; the processing of their information will only be considered lawful to the extent that such authorization has been effectively granted.

How we use the information we collect.

The User will provide most of the personal information detailed in the table above. By being a Clubily account holder and using the Services, you agree that we may view your username, profile picture, and activity logs both within Clubily and on integrated external platforms (such as your sports organization's web portals). At all times, we guarantee compliance with the privacy settings and visibility restrictions you have previously configured in your Clubily account.

Digital marketing.

As a Clubily user, we may send you electronic marketing related to news about our Services. If you do not want such marketing, you can always opt out or not give your consent.

If you have given your consent, you always have the right to withdraw it or to object to us processing your personal data for direct marketing.

Data processing outside the EU/EEA.

Your personal information may be stored on servers or processed by service providers located in countries outside the European Union or the European Economic Area (EU/EEA).

In such cases, we always guarantee that the processing of your data has a level of protection equivalent to the European level, implementing the necessary legal safeguards. Among these measures, we highlight the use of standard contractual clauses approved by the European Commission, which you can consult directly on the official portal of that institution.

Openness and choice.

We understand that each User has a different perception of their privacy. Our commitment is to act with total transparency regarding the information we collect, allowing you to make informed decisions about the use of your information.

While you maintain an active session on our platform, we will use cookies and similar technologies (such as web beacons or pixel tags). These small text files are installed on your computer to optimize your navigation and analyze the performance of our Services.

You have the power to manage, restrict, or delete these cookies through your browser settings, although you should keep in mind that limiting their use could affect the operation and user experience on our website.

Information we share.

Your personal data is shared with our technological service providers only to the extent indispensable to ensure the correct functioning and provision of the Services. We also inform you that, in the event of a formal legal requirement, your information may be communicated to the competent authorities or judicial bodies.

We commit not to transfer your personal information to companies, organizations, or people outside Clubily, with the exception of the situations detailed below:

•Advertising consent management: You have the power to authorize the sending of direct marketing communications, as well as to withdraw such consent at any time you wish.

•Interruption of commercial actions: At the moment you revoke your authorization, we will immediately cease the processing of your personal data for direct marketing purposes.

•Effect on the personalization of services: You should consider that the withdrawal of consent could limit our ability to offer you the full range of our Services, especially those that require personalized information.

•Legality and retroactivity: The revocation of consent prevents future advertising shipments but does not affect the legal validity of the data processing carried out during the time your authorization was active.

•Persistence due to alternative legal bases: We may continue treating your information if there is another legal basis, such as the execution of a contract or legitimate interest, always applying data minimization criteria.

Clubily reserves the right to publicly disseminate, or share with its strategic collaborators, such as publishers, advertisers, or linked platforms, anonymized information that does not allow the identification of the User. The goal of this exchange is to transparently show statistical trends and behavior patterns regarding the global use of our Services.

In the event that Clubily is involved in a merger, acquisition, or any other form of asset disposal, we guarantee that we will maintain the strict confidentiality of your personal information. Likewise, we commit to notifying you before your data is transferred or becomes subject to a privacy policy other than this one.

Information security.

Clubily is committed to protecting user information through the implementation of technical and organizational measures adapted to the risk level. To ensure the integrity and confidentiality of the data, the Website has an SSL (Secure Socket Layer) certificate, which ensures that all communication between the server and the user travels fully encrypted.

We complement this technological protection with strict internal controls:

•Continuous review: We periodically audit our collection, storage, and processing procedures, including physical security measures to prevent unauthorized access to our systems.

•Restricted access: We limit access to personal information only to those employees, providers, and agents who require such data to perform their functions. All authorized personnel are subject to contractual confidentiality clauses and can be sanctioned or fired in case of non-compliance.

Despite our efforts to prevent the accidental or unlawful destruction, loss, or alteration of data, Clubily recognizes that it is impossible to guarantee the total invulnerability of the Internet against fraudulent access by third parties. Therefore, and in compliance with the GDPR, the Data Controller undertakes to communicate to the User, without undue delay, any security violation that may entail a high risk for their rights and freedoms. A security violation is understood as any incident that results in the unauthorized alteration, communication, or access to the personal data transmitted or processed.

Applicability of the Privacy Policy.

This Privacy Policy is applicable to all Services provided by Clubily, its subsidiaries, and those benefits offered on integrated external web platforms linked to our brand.

It is stated that this regulatory framework is not extensible to services offered by independent companies or individuals. Third-party products present in content channels, sites that incorporate Clubily elements, and any website linked via links from or to the platform Services fall outside this scope.

Additionally, our Privacy Policy does not reach the information management practices of other entities that promote our Services. These organizations could employ cookies, pixel tags, or other technologies to show ads of interest under their own privacy regulations.

Acceptance and changes.

It is essential that the User has read and expressed their compliance with the conditions on personal data protection of this Privacy Policy, with the acceptance of the processing of their data being necessary for the Data Controller to carry it out in the manner, terms, and purposes indicated. Access and use of the Website will therefore imply acceptance of its Privacy Policy.

Clubily reserves the right to modify its Privacy Policy, either by its own criteria or due to legislative, jurisprudential, or doctrinal changes of the Spanish Data Protection Agency. Updates or changes in this Privacy Policy will be notified explicitly to the User; however, it is recommended to consult this page periodically to stay informed of the latest updates.

User rights.

It is paramount that the User has continuous access to their personal information during the use of our Services. If inaccurate data is detected, you will be allowed to update or delete it easily, provided that such information should not be kept for legal reasons or legitimate commercial purposes. Before proceeding with the update of your personal information, you may be requested to verify your identity to ensure the protection of your account.

Whenever feasible to facilitate access or correction of data, it will be done free of charge, except in those cases that require a disproportionate technical effort. Our priority is to manage the Services ensuring that information is not deleted by error or malicious actions; consequently, the definitive deletion of data on active servers may be delayed and the information could remain stored in our backup system for an additional period.

When we process your personal data, you have rights and the opportunity to influence how we do it. Among others, you have the following rights:

•Right to be informed. You have the right to request information about the personal data we process about you at any time. If you want us to inform you, you can contact us at the email address listed at the bottom of this Privacy Policy.

•Right of access. You have the right to receive a copy of the personal data we process about you. If you contact us for a copy of your personal data, we will ask you to identify yourself. This is important because only you have the right to access your personal data.

•Right of rectification. You can contact us at any time and ask us to correct information that is incorrect or incomplete.

•Right of erasure ("right to be forgotten"). In certain circumstances, you have the right to ask us to delete your personal data. This applies if:

- Your personal data is processed unlawfully.

- Your personal data is no longer necessary for the purposes for which it was collected.

- You object to our processing, and we don't have legitimate reasons for our processing that weigh more to continue treatment.

- Your data must be deleted to comply with a legal obligation.

•Right to data portability. In the event that the processing is carried out by automated means, the User will have the right to receive their personal data from the Data Controller in a structured, commonly used, and machine-readable format, and to transmit it to another data controller. Whenever technically possible, the Data Controller will directly transmit the data to that other controller.

•Right to claim. In the event that the User considers there is a problem or violation of current regulations in the way their personal data is being processed, they will have the right to effective judicial protection and to file a claim before a control authority, particularly in the State of their habitual residence, workplace, or place of the alleged violation. In the case of Spain, the control authority is the Spanish Data Protection Agency (https://www.aepd.es/).

•Right not to be subject to a decision based solely on automated processing, including profiling. It is the User's right not to be subject to an individualized decision based solely on the automated processing of their personal data, including profiling, unless current legislation establishes otherwise.

Thus, the User may exercise their rights by written communication addressed to the Data Controller, specifying:

•Name, surname of the User and copy of the ID. In cases where representation is admitted, identification by the same means of the person representing the User will also be necessary, as well as the document proving the representation. The photocopy of the ID can be replaced by any other valid legal means that proves identity.

•Petition document detailing the specific reasons for the request or information to which access is wanted.

•Address for notifications.

•Date and signature of the applicant.

•Any additional document proving the request being made.

This request and any other attached document can be sent to the following address and/or email:

Postal address: Calle Gregorio Marañón 2, 28660, Boadilla del Monte, Madrid.

Email: compliance@clubily.es

Identity of the Data Controller for personal data.

In addition to providing the Services, the Data Controller for the personal data collected is Clubily, with NIF/CIF: 70069472H, represented by: Izán Ruiz Hernández. Their contact details are as follows:

Postal address: Calle Gregorio Marañón 2, 28660, Boadilla del Monte, Madrid.

Contact phone: +34 638 289 258

Contact email: info@clubily.es

This privacy policy was last updated: 2025-04-08.