GDPR Statement

Last updated:

1. Overview

moveIQ is committed to compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and its national implementations. This statement explains how we meet GDPR obligations and how we protect the rights of our users within the European Economic Area (EEA).

2. Lawful Bases for Processing

We process personal data only where we have a valid lawful basis:

  • Article 6(1)(b) — Contract: Processing necessary for the performance of our contract with you (account creation, Service delivery, billing).
  • Article 6(1)(f) — Legitimate Interests: Security, fraud prevention, abuse detection, and platform analytics. We conduct Legitimate Interests Assessments (LIAs) where applicable.
  • Article 6(1)(a) — Consent: Marketing communications and non-essential cookies. Consent may be withdrawn at any time.
  • Article 6(1)(c) — Legal Obligation: Compliance with tax, accounting, and other legal requirements.

3. Data Subject Rights

You have the following rights under GDPR. We respond to all requests within 30 days.

  • Right of access (Art. 15): Request a copy of data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate data.
  • Right to erasure (Art. 17): Request deletion, subject to legal retention obligations.
  • Right to restriction (Art. 18): Request we limit processing in certain circumstances.
  • Right to portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making (Art. 22): We do not use solely automated decisions with significant legal effect.

Submit requests to: privacy@playdraughts.org or through your account settings. We may request identity verification before fulfilling requests.

4. Minors & Parental Consent

In accordance with Article 8 GDPR and the Latvian PDPL, users under 16 require explicit, verifiable parental or guardian consent. Our registration flow includes:

  • Age gate at registration.
  • Parental consent email verification for users under 16.
  • Time-limited consent tokens (72-hour expiry).
  • Restricted data use for minor accounts (no marketing, limited analytics).
  • Parental dashboard for managing child account data.

5. Data Processing Agreements

We have Data Processing Agreements (DPAs) in place with all third-party processors handling personal data, including Stripe (payments), our cloud infrastructure provider, and email service providers. A list of sub-processors is available on request.

6. Data Breach Procedure

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware, where required under Article 33 GDPR. Affected users will be notified without undue delay where the breach is likely to result in high risk to their rights and freedoms (Article 34 GDPR).

7. Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for overseeing GDPR compliance. Contact: privacy@playdraughts.org

8. Supervisory Authority

You have the right to lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija): Website: www.dvi.gov.lv | Email: info@dvi.gov.lv