Privacy and data

Privacy policy

Last updated:

Club Deportivo Almazora (hereinafter, “the club”) processes the personal data collected through this website in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection and guarantee of digital rights (LOPDGDD). This policy explains what data we collect, for what purposes, how long we keep it, with whom we share it and how you can exercise your rights.

1. Data controller

Name: Club Deportivo Almazora.

Tax ID: G12231759.

Address: Calle San Felipe, 11, Planta 1, Puerta B — 12550 Almassora (Castellón), Spain.

Contact email for data protection matters: infocdalmazora@gmail.com.

2. Data we collect and purposes

We collect only the data necessary for each purpose.

  • Player registration: name, surnames, date of birth, ID or passport, photograph, parent or guardian details (when the player is a minor), relevant medical information voluntarily provided, kit size. Purpose: managing the federative card, fees and participation in official competitions.
  • Member registration: name, surnames, date of birth, ID, address and contact details. Purpose: managing the annual fee, club communications and stadium access on matchdays.
  • Newsletter: email address, language. Purpose: sending the weekly club digest. Processed only after double opt-in (explicit email confirmation).
  • Contact form: name, email, message. Purpose: replying to the enquiry.
  • Photo gallery: images of players and members taken during the club’s ordinary activity. Processed in line with the image consent given at registration.

3. Legal basis

Each processing activity relies on a different legal basis depending on the nature of the data:

  • Player and member registrations: contract performance (sporting relationship with the club) and compliance with legal obligations (federation, sports regulations).
  • Newsletter, contact and other consents: explicit consent of the data subject (Art. 6.1.a GDPR), revocable at any time.
  • Images at public club events: written informed consent and, additionally, the club’s legitimate interest in publicising its activity.

4. Retention period

Data is kept for the time necessary to fulfil the purpose for which it was collected and, afterwards, during the applicable legal periods (minimum 5 years for tax data related to membership fees, under Spanish tax law).

Newsletter data is kept until the subscriber unsubscribes, at which point it is deleted or anonymised within 30 days.

5. Recipients and international transfers

We do not sell or transfer data to third parties for commercial purposes. We share data with the following providers strictly necessary to operate the site and the club’s services, all of them under a signed Data Processing Agreement (DPA):

  • Supabase (Frankfurt, Germany) — database and file storage. Data: everything collected through forms. No international transfer outside the EEA.
  • Resend (Dublin, Ireland) — transactional and newsletter email delivery. Data: email address, message content. No international transfer outside the EEA.
  • Vercel Inc. (San Francisco, USA) — website hosting. Data: basic traffic (IP, user-agent). International transfer covered by Standard Contractual Clauses (SCC) approved by the European Commission.
  • Football Federation of the Valencian Community (FFCV) — only the data needed to process federative licences.

6. Your rights

As a data subject you can exercise the following rights at any time:

  • Access to your personal data.
  • Rectification of inaccurate data.
  • Erasure when the data is no longer necessary.
  • Objection to certain processing activities.
  • Restriction of processing.
  • Portability of your data to another controller.
  • Withdraw your consent at any time (without affecting the lawfulness of prior processing).

To exercise these rights, write to infocdalmazora@gmail.com clearly stating which right you wish to exercise and attaching a copy of your ID or equivalent document. We will respond within a maximum of one month.

  • If you believe that the processing does not comply with the regulations, you can file a complaint with the Spanish Data Protection Agency (www.aepd.es).

7. Minors

For underage player registrations, consent is given by the parent or legal guardian. The club does not collect data from minors without that explicit authorisation.

8. Security measures

The club applies appropriate technical and organisational measures to ensure the security of personal data, including transit encryption (HTTPS), access controls, row-level security policies (RLS) on the database, and periodic review of subprocessors.

9. Changes to the policy

This policy may be updated to reflect legal changes or new processing activities. The date of the latest revision is shown at the top of this page. In substantial changes, subscribers will be notified by email.