Privacy Policy

1. Who we are

Conectico Ltd (“Conectico”, “we”, “us” or “our”) operates the Conectico football career and recruitment platform available at conectico.io and related subdomains. We are the data controller responsible for the personal data you provide to us.

Registered address: Conectico Ltd, 25 Football Lane, Dublin 2, D02 XY12, Ireland.
Data Protection Officer: [email protected]

2. Data we collect

We collect personal data in the following categories:

• Account data: name, email address, password hash, role, registration date, locale preference.
• Profile data: position, nationality, date of birth, career history, current club, contract status, preferred countries, bio and any other information you choose to include.
• Verification documents: government-issued ID, licence certificates or other credentials you submit during the manual verification process. These are stored in private, access-controlled storage.
• Media: profile photos, video highlights, and other files you upload.
• Usage data: IP address, browser type and version, device identifiers, pages visited, time spent, clicks, referrer URLs, and other interaction data collected via cookies and similar technologies.
• Communications: messages sent through our in-platform messaging system, and any correspondence with our support team.
• Transaction data: subscription plan, billing history, and payment method details processed by our payment processor (we do not store full card numbers).
• Invite data: email addresses you provide when sending invitations to other users.

3. Legal bases for processing

Under the General Data Protection Regulation (GDPR), we rely on the following lawful bases:

• Contract performance: processing your account data and profile data to deliver the services you have signed up for.
• Legitimate interests: fraud prevention, security monitoring, improving our platform, and sending relevant product communications to existing users where we have a reasonable expectation of interest.
• Legal obligation: retaining financial records and responding to lawful requests from authorities.
• Consent: for non-essential cookies and marketing communications where required. You may withdraw consent at any time.

4. How we use your data

• Provide, operate and maintain the platform and your account.
• Authenticate you and protect your account security.
• Enable discovery — making your profile visible to other users according to your publication settings.
• Process and display job vacancies and applications.
• Facilitate in-platform messaging between users.
• Conduct manual identity and credential verification.
• Process subscription payments and manage billing.
• Send transactional notifications (account activity, application updates, messages).
• Send product and service updates, where you have consented or we have a legitimate interest.
• Detect and prevent fraud, abuse, and violations of our Terms of Service.
• Comply with legal and regulatory obligations.
• Analyse aggregate usage patterns to improve the platform (in anonymised or pseudonymised form).

We do not sell your personal data to third parties for advertising purposes.

5. Cookies and tracking

We use cookies and similar technologies to operate the platform and analyse usage. For full details — including a category breakdown and opt-out options — please see our Cookie Policy.

6. Third-party service providers

We share personal data with trusted sub-processors only to the extent necessary to provide the platform. Our current sub-processor categories include:

• Cloud infrastructure: hosting, databases, and file storage (EU-region servers).
• Email delivery: sending transactional and notification emails.
• Payment processing: Stripe Inc. — processes payment card data under PCI-DSS compliance. We do not receive or store raw card data.
• Analytics: privacy-preserving, cookieless analytics to understand aggregate platform usage.
• Error monitoring: error and performance monitoring tools operating under data processing agreements.

All sub-processors are bound by data processing agreements (DPAs) and are required to process data only on our documented instructions and in compliance with applicable data protection law.

7. International data transfers

Our primary infrastructure is located within the European Economic Area (EEA). Where we work with sub-processors outside the EEA — including providers in the United States — we ensure adequate safeguards are in place through the EU Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms approved by the European Commission.

8. Data retention

• Account and profile data: retained for as long as your account is active plus 30 days following deletion, to allow recovery from accidental deletion. After that period data is permanently deleted or anonymised.
• Verification documents: retained for 12 months after the verification decision is made, then permanently deleted.
• Messages: retained for 24 months, then deleted. Moderation records are retained for 5 years for compliance purposes.
• Financial and billing records: retained for 7 years as required by Irish and EU tax law.
• Server logs and usage data: retained for up to 90 days in raw form, then aggregated or deleted.
• Invite data: email addresses used in invites are deleted 90 days after the invite expires or is accepted.

9. Children's data

The platform is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at [email protected] and we will promptly delete that information.

10. Your rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion of your data (“right to be forgotten”), subject to our retention obligations.
• Portability: receive your data in a structured, machine-readable format.
• Restriction: ask us to restrict processing of your data in certain circumstances.
• Objection: object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: where processing is based on consent, withdraw at any time without affecting prior processing.

You can exercise many of these rights directly in your account settings. For other requests, email us at [email protected]. We will respond within 30 days (or within the shorter period required by applicable law).

You also have the right to lodge a complaint with your local supervisory authority. In Ireland, this is the Data Protection Commission (dataprotection.ie).

11. California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA, including the right to know, the right to delete, the right to opt-out of sale/sharing, and the right to non-discrimination. We do not sell or share personal information for cross-context behavioural advertising. To exercise your CCPA rights, please contact us at [email protected].

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on the platform at least 14 days before changes take effect. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.

13. Contact us

For privacy-related questions or to exercise your rights, please contact our Data Protection Officer: