Privacy Policy

1. Introduction

Your privacy and the protection of personal data are fundamental rights. Our Platform is committed to handling your information transparently, securely, and in full compliance with the EU General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, store, and protect your personal and tax information, and outlines your rights as a user of our services.

Controller:
Website: pitchworthy.me

For the purposes of this Policy, the Controller will be referred to as the “Platform.”

2. Key Definitions

  • Personal data: Any information relating to an identified or identifiable individual (e.g. name, email address, identification number).
  • Tax data: Information required for invoicing, tax reporting, or compliance with applicable financial and accounting regulations (e.g. tax ID number, address, payment details).
  • Controller: The entity determining the purposes and means of processing personal data or in this case, the Platform.
  • Processor: A person or organization that processes data on behalf of the Controller.
  • Processing: Any operation performed on data, such as collection, storage, or deletion.
  • Data subject: The individual whose data are being processed (e.g. user, pitcher, or reviewer).

3. Purpose and Legal Basis of Processing

The Platform processes personal and tax data for specific, legitimate, and clearly defined purposes, and only to the extent necessary.

The main purposes and legal bases include:

  • Providing platform services: To create and manage user accounts (pitchers and reviewers).
  • Fulfilling contractual obligations: To process payments, issue invoices, and manage transactions.
  • Complying with legal obligations: To meet accounting and tax requirements under EU or national law.
  • Legitimate interests: To maintain security, prevent fraud, and improve user experience.
  • Consent: For optional communications such as newsletters or promotional updates.

4. Categories of Data Collected

Depending on your interaction with the Platform, we may collect:

  • Identification data: name, username, contact details, and profile information.
  • Tax and financial data: tax identification number, billing address, and payment details.
  • Technical data: IP address, browser information, and cookies (see Section 6).

We collect only the minimum necessary data for each purpose.

5. Roles

Reviewers: independent controllers once they access your submission. They process your data under their own privacy notices.

Payment processors: act as independent controllers for payment/AML data.

Processors: we use vendors under Article 28 DPAs to host and support the service.

6. Rights of the Data Subject

If the Platform processes your personal or tax data, you have the following rights under GDPR:

  1. The right to be informed about processing activities.
  2. The right to access your data.
  3. The right to rectify inaccurate or incomplete information.
  4. The right to erasure (“right to be forgotten”), when legally applicable.
  5. The right to restrict processing.
  6. The right to data portability.
  7. The right to object to processing.
  8. The right to withdraw consent at any time.
  9. The right to lodge a complaint with the competent data protection authority.

Requests related to these rights may be sent to: support@pitchworthy.me

The Platform will respond within 30 days, or within an extended 60-day period where necessary.

7. Use of Cookies

Our website uses cookies to ensure proper functionality and improve the user experience.

  • Necessary cookies: essential for website operation and cannot be disabled.
  • Optional cookies: used only with your consent (for analytics or preferences).

8. Data Transfers

Personal and tax data may be transferred or stored within the EU/EEA. Transfers outside the EU will only occur where adequate safeguards are in place, in accordance with GDPR Articles 44–49.

9. Data Security

The Platform uses appropriate technical and organizational measures to protect your data against unauthorized access, alteration, or loss.
These include encryption, secure servers, access control, and regular system monitoring.

9. Data Retention

Personal and tax data are retained only as long as necessary to fulfill legal, contractual, or legitimate business purposes.
After this period, data will be securely deleted or anonymized in accordance with legal retention rules.

Table 1. Examples of data retention period

User account data (name, email, username, profile info)
Purpose of Processing: To provide and manage user accounts
Legal Basis: Contractual necessity
Retention Period: Until the account is deleted or inactive for 24 months
Notes / Disposal: Deleted or anonymized after account closure

Communication records (emails, messages, support requests)
Purpose of Processing: Customer support and dispute resolution
Legal Basis: Legitimate interest
Retention Period: 12 months after last communication
Notes / Disposal: Securely deleted afterwards

Tax and invoicing data (billing address, tax ID, payment history)
Purpose of Processing: Accounting, tax reporting, and legal compliance
Legal Basis: Legal obligation
Retention Period: 10 years from the end of the financial year
Notes / Disposal: Retained as required by EU/national tax laws

Consent records (newsletter opt-in, cookie consent)
Purpose of Processing: Proof of consent for compliance
Legal Basis: Legal obligation
Retention Period: For as long as consent is valid + 5 years after withdrawal
Notes / Disposal: Stored securely for audit purposes

Technical data (IP address, logs, device/browser info)
Purpose of Processing: Site functionality, analytics, and security
Legal Basis: Legitimate interest
Retention Period: 6–12 months
Notes / Disposal: Stored securely for audit purposes

Cookies
Purpose of Processing: Improve user experience and functionality
Legal Basis: Consent Legitimate interest
Retention Period: 6 months
Notes / Disposal: Automatically deleted

Newsletter users
Purpose of Processing: Providing notifications regarding new products and promotional offers made available by the Controller.
Legal Basis: Consent
Retention Period: 12 months
Notes / Disposal: Automatically deleted

10. Device & Cookies

We use cookies, local storage, tags, software development kit and similar technologies on website (‘Device Tech’). Under EU law, we only store or read information on your device with your prior consent, except for strictly necessary purposes (e.g., login, security, load balancing). For all other purposes including analytics, performance, personalised ads, measurement, device fingerprinting, we ask for your opt-in. You can withdraw consent at any time via [Account settings]. We record your consent status and provide a full vendor list and purposes in our preference center.

11. Mobile permissions 

When requesting OS permissions (e.g., camera, microphone, photos/files, push notifications), we explain the purpose and use the least-privilege setting. We do not access hardware sensors or advertising identifiers for analytics or ads without your prior consent

12. Updates to This Policy

This Privacy Policy may be updated periodically to reflect legal, technical, or operational changes. The latest version will always be available on our website, with clear notice of any significant updates.

Contact

For any questions, data requests, or privacy concerns, please contact: support@pitchworthy.me