NewsEventsPlayersTeamsCoaches

Privacy

Last updated: 4 April 2026. This policy explains how Talent Management BV (“Talent Management”, “we”, “us”, “our”) processes personal data when you use the Dattaa website and related services (the “Services”). It is designed to support transparency under the EU General Data Protection Regulation (“GDPR”) and similar laws. It is not legal advice.

1. Data controller

The controller responsible for personal data processed in connection with the Services is:

Talent Management BV, operating Dattaa (contact via the Contact page or the postal or email address we publish for privacy enquiries on the Website).

If we appoint a data protection officer or EU representative, we will publish those details here.

2. Scope

This policy applies to personal data we process when you visit our site, create or use an account, interact with profiles, events, offers, messaging, subscriptions, or support channels, and when we operate, secure, and improve the Services.

It does not apply to third-party websites or services that we link to; those have their own policies.

3. Categories of personal data

Depending on how you use the Services, we may process:

  • Identity and account data: name, email address, password (stored in hashed form), role (e.g. player, agent), account identifiers, and similar registration fields you provide.
  • Profile and professional data: biography, club or agency affiliation, career history, photos or media you upload, visibility settings, and other content you add to your profile.
  • Usage and technical data: IP address, device and browser type, approximate location derived from IP, pages viewed, actions in the app, timestamps, referral URLs, diagnostics, and similar logs needed to run and secure the Services.
  • Communications: messages you send through the platform, support tickets, and feedback you provide.
  • Transaction data: if you purchase paid features, payment-related identifiers and billing details processed by our payment provider (we do not store full card numbers on our servers).
  • Cookie and local storage identifiers: as described in our Cookie policy (e.g. language preference cookie). Session authentication for the web app may be stored in the browser’s local storage rather than cookies.

4. Purposes and legal bases (GDPR)

We process personal data on the following bases, as applicable:

  • Contract (Art. 6(1)(b) GDPR): to provide the Services you request, manage your account, deliver messaging and core features, and process purchases.
  • Legitimate interests (Art. 6(1)(f) GDPR): to secure the platform, prevent fraud and abuse, analyse aggregate usage to improve the product, enforce our Terms of service, and communicate operational notices, where not overridden by your rights.
  • Legal obligation (Art. 6(1)(c) GDPR): to comply with applicable law, court orders, and regulatory requests.
  • Consent (Art. 6(1)(a) GDPR): where we rely on consent (for example certain non-essential cookies or marketing communications, if offered in your region), you may withdraw consent at any time without affecting prior lawful processing.

5. Recipients and processors

We share personal data only as needed with:

  • Service providers (processors) who host infrastructure, provide databases, email delivery, analytics (where used), customer support tooling, security, and payment processing. Examples of categories include cloud hosting (e.g. Vercel), database hosting (e.g. Neon), and payment processing (e.g. Stripe). Specific subprocessors may change; we impose appropriate data-processing terms.
  • Professional advisers where legally required or for legitimate business purposes.
  • Authorities when required by law or to protect rights and safety.
  • Other users to the extent you choose to make profile or content visible on the platform.

We do not sell personal data as “sale” is defined under the GDPR. If we introduce sharing that constitutes a sale under US state laws where you reside, we will provide the notices and choices those laws require.

6. International transfers

We and our providers may process data in the European Economic Area (“EEA”) and other countries. Where we transfer personal data from the EEA, UK, or Switzerland to countries not recognised as adequate, we use appropriate safeguards such as the EU Commission Standard Contractual Clauses or equivalent mechanisms, unless another legal basis applies.

7. Retention

We retain personal data only as long as necessary for the purposes above, including legal, tax, accounting, and dispute resolution needs. Indicative periods:

  • Account data: for the life of your account and a reasonable period after closure (e.g. to resolve disputes or enforce terms), unless a longer period is required by law.
  • Logs and security data: typically rotated or minimised after a limited period unless needed for an investigation.
  • Marketing / consent records: until you withdraw consent or we no longer need them.

Exact retention can vary by data category and jurisdiction; you may ask us for more detail in a specific case.

8. Your rights

Depending on your location, you may have the right to:

  • request access to your personal data;
  • request rectification of inaccurate data;
  • request erasure (“right to be forgotten”) where applicable;
  • request restriction of processing;
  • data portability for data you provided, where processing is based on consent or contract and automated;
  • object to processing based on legitimate interests or for direct marketing;
  • withdraw consent where processing is consent-based;
  • lodge a complaint with a supervisory authority (in the EEA, a list is available from the European Data Protection Board).

To exercise these rights, contact us via the Contact page or the privacy contact we publish. We may need to verify your identity before responding. You also have the right to opt out of certain processing where local law (e.g. some US state privacy laws) provides that right.

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or alteration. No online service is completely secure; please use a strong password and protect your credentials.

10. Children

The Services are intended for adults involved in professional football. We do not knowingly collect personal data from children below the age at which they may lawfully use the Services in their country (typically under 16 without parental authority). If you believe we have collected such data, contact us and we will take appropriate steps to delete it.

11. Automated decision-making

We do not use fully automated decision-making, including profiling, which produces legal or similarly significant effects solely by automated means, unless we notify you separately and provide a lawful basis.

12. Changes

We may update this policy from time to time. We will post the revised version with an updated “Last updated” date and, where required, provide additional notice (e.g. email or banner).

13. Contact

Privacy questions and requests: use the Contact page or the dedicated privacy contact published on the Website.