Privacy Policy

Effective: 2026-01-06 • Version: 1.1

1. Data Controller

• Data controller: PWRPLN / Blaskó István
• Registered / mailing address: HU‑5430 Tiszaföldvár, Döbrei János út 213.
• Email: adatvedelem@pwrpln.hu
• Phone: +36 30 179 0433

2. What personal data do we process?

2.1 Contact (if you contact us)

If you contact us by email or via a contact form, we may process the following data:

• name (if provided),
• email address,
• message content,
• time of the inquiry and technical metadata (e.g. email headers).

Purpose: responding to inquiries, communication, handling requests or offers.
Legal basis: consent and/or steps prior to entering into a contract (GDPR Article 6(1)(a) and/or (b)).

2.2 Technical log data

For the secure operation of the Website, the hosting provider and/or your browser may process technical log data (e.g. IP address, browser type, request timestamps, error codes).
Purpose: operation, troubleshooting, prevention of misuse.
Legal basis: legitimate interest (GDPR Article 6(1)(f)).

3. Cookies

The Website may use strictly necessary cookies (e.g. language selection, basic functionality). If statistical or marketing cookies are used, this will be subject to separate consent and communicated via a cookie management interface.

3/A. PWRPLN applications – what data do we process?

PWRPLN applications (e.g. app.pwrpln.hu and club‑specific subdomains) support athlete performance and wellness workflows. The scope of processed data depends on club configuration and user roles (e.g. player, coach, medical staff, analyst, admin).

3/A.1 User and access data

• account identifiers (e.g. email, name/display name),
• roles and permissions (e.g. coach/player),
• club or team affiliation (e.g. teamId, squad/age group),
• security and audit events (e.g. login timestamps, errors, access logs).

3/A.2 Athlete profile and professional data

• athlete profile data (e.g. jersey number, position, team, notes),
• training logs and load data (e.g. training type, duration, intensity),
• wellness and daily check‑in responses (e.g. sleep quality, fatigue, soreness, stress, motivation),
• injury and pain‑map module data (if enabled by the club).

3/A.3 Integrations – WHOOP (optional)

If the athlete connects their WHOOP account, the WHOOP OAuth authorization process is used and we may retrieve metrics required for the Service via the WHOOP API (e.g. Recovery, Strain, Sleep). The processing of WHOOP data is also governed by WHOOP’s own privacy policy.

3/A.4 Special categories of data (health/wellness)

Certain wellness, injury or physiological metrics may qualify as special category data (health data). Such data is processed only to the extent necessary to provide the Service, based on the relationship between the club and the athlete and the applicable agreements (e.g. explicit consent or another appropriate condition under GDPR Article 9(2)).

3/B. Processing of sensor and performance data (APP PRIVACY – HIGHLIGHTED)

Performance, load, recovery and wellness data processed within the PWRPLN applications (including in particular Recovery, Strain, Sleep, HRV and other physiological indicators) are treated as highly protected data under PWRPLN’s internal data protection policies, regardless of whether such data originates from manual input or external sensor integrations (e.g. WHOOP).

3/B.1 Access principles

• Data may be accessed exclusively by the authorized professional staff of the respective club (e.g. coaching staff, strength & conditioning coaches, medical staff, performance analysts).
• Access is strictly role‑ and permission‑based, technically restricted and logged.
• PWRPLN operators do not interpret, evaluate or use such data for sports‑professional decision‑making.

3/B.2 Use limitations

• PWRPLN does not sell, license or disclose sensor or performance data to third parties.
• Data may be used exclusively for the internal sports‑professional operations of the club.
• Marketing, advertising, research or statistical use is permitted only in anonymized form and solely under a separate agreement.

3/B.3 Technical and organizational safeguards

• Data transmission and storage are protected by encrypted channels and infrastructure.
• The system applies access logging, permission checks and incident detection.
• PWRPLN performs regular security and configuration reviews.

3/B.4 Retention and deletion

The retention of performance and wellness data is linked to the contractual relationship with the relevant club. Upon termination of the club–athlete relationship, the affected data will be deleted or irreversibly anonymized no later than within 30 days, unless longer retention is required by law or to establish, exercise or defend legal claims.

3/B.5 Automated decision‑making

PWRPLN applications do not carry out automated decision‑making producing legal effects or similarly significant impacts on athletes. Any indicators, risk flags or visualizations serve solely as decision support; all professional decisions are made by humans.

4. Data processors, recipients and data transfers

To operate the marketing Website and the PWRPLN applications, we may use the following service providers (data processors) and recipients. The exact list depends on enabled modules and club configuration.

• Firebase Hosting / Firebase platform (Google): static content delivery, application operation, authentication and database services, and technical logging (Google LLC / Google Ireland Ltd.).
• WHOOP (optional, if integrated): OAuth authorization and API data retrieval based on the athlete’s connected WHOOP account (WHOOP, Inc.).
• Git / CI tools: source code management and build/deployment processes.
• Email service provider: receiving and sending messages when contact is made.

We do not sell or otherwise disclose personal data to third parties. Access is limited to authorized club staff and service providers strictly necessary for operation.

5. How long do we retain data?

• Contact data: until the inquiry is resolved, and in case of legal claims until the end of the statutory limitation period.
• Technical logs: typically retained for a limited period (days to weeks) depending on operational needs.

Termination of the club–athlete relationship: data processed within the PWRPLN applications that is linked to a club will generally be deleted or anonymized no later than within 30 days after termination of the contract or relationship, unless further retention is required by law or for the establishment, exercise or defense of legal claims. The exact retention rules are defined in the agreement with the club and the applicable Data Processing Agreement (DPA).

6. To whom do we disclose personal data?

Personal data is accessible primarily to (i) authorized users designated by the club (by role), (ii) service providers necessary for operation (data processors), and (iii) public authorities only where required by law. We do not sell personal data.

7. International data transfers

Some service providers (e.g. Google/Firebase, WHOOP) may process data outside the European Economic Area (EEA). In such cases, appropriate safeguards are applied (e.g. EU Standard Contractual Clauses or adequacy decisions), and further information can be provided upon request.

7/A. Roles: club and PWRPLN

Within the PWRPLN applications, the specific data protection roles depend on the agreement with the club. Typically, the club acts as the data controller (determining the purposes and means of processing for sports‑professional workflows), while PWRPLN acts as a data processor operating the platform. The details are governed by the applicable Data Processing Agreement (DPA). In the case of data subject requests, PWRPLN assists the controller club in fulfilling such requests.

8. Data subject rights

In connection with data processing, you have the following rights:

• right to be informed,
• right of access, rectification and erasure (“right to be forgotten”),
• right to restriction of processing,
• right to data portability (where applicable),
• right to object to processing based on legitimate interests,
• right to withdraw consent (where processing is based on consent).

To exercise your rights, please contact us at: adatvedelem@pwrpln.hu

9. Complaints

If you believe that the processing of your personal data is unlawful, you may lodge a complaint with the supervisory authority:

• NAIH – Hungarian National Authority for Data Protection and Freedom of Information
• Website: https://www.naih.hu
• Address: 1055 Budapest, Falk Miksa utca 9‑11.
• Postal address: 1363 Budapest, Pf. 9.

10. Amendments

We reserve the right to update this Privacy Policy. Any changes will be published on this page together with the effective date.

Back to the website: Home