Privacy Policy

The data controller for HT-TOTO is:

skapa s. r. o.
ICO: 47 365 676
DIC: 2023835407
Ambroseho 2478/11, 851 02 Bratislava - mestska cast Petrzalka, Slovakia
Registered: Obchodny register Mestskeho sudu Bratislava III, oddiel: Sro, vlozka c. 91313/B.
Web: www.skapa.sk

Via Hattrick OAuth authentication:

• Hattrick user ID
• Hattrick username
• Team name and league information
• OAuth access tokens (for fetching match data on your behalf)

Via Stripe (only if you purchase the Founder Badge):

• Billing email address

We do NOT collect or store your real name or password. Your Hattrick login credentials are never shared with us. No email address is collected during registration — only if you choose to make a purchase through Stripe.

We use the collected data to:

• Display your profile within the application
• Attribute predictions to your account
• Calculate and display leaderboard rankings
• Show community statistics

HT-TOTO uses essential cookies for session management and security (CSRF protection). These are set automatically and are required for the service to function.

We also use analytics cookies from Google Analytics (GA4) to understand how visitors use the site. Analytics cookies are only set after you explicitly opt in via our cookie consent banner. They collect anonymous data such as pageviews and session duration -- no personally identifiable information is shared with Google.

Additionally, we use advertising cookies from Google AdSense, but only with your consent.

You can change your cookie preferences at any time using the "Cookie Settings" link in the page footer. For full details, please see our Cookie Policy.

Stripe processes payments for the optional Founder Badge purchase. Stripe handles your payment card data directly -- we never see or store your card numbers. See Stripe's Privacy Policy.

Google AdSense provides advertising for non-Founder users. AdSense cookies are only set with your consent. See Google's Privacy Policy.

Your account data is retained while your account is active. Predictions are retained for leaderboard integrity and historical accuracy.

You may request deletion of your account and associated data at any time by contacting us.

Under the General Data Protection Regulation (GDPR), you have the right to:

• Access -- request a copy of your personal data (Hattrick profile info, predictions, billing email if applicable)
• Rectification -- request correction of inaccurate data (profile data is synced from Hattrick; billing email can be corrected on request)
• Erasure -- request deletion of your account and associated data
• Data portability -- request your predictions and account data in a portable format
• Objection -- object to the processing of your data

To exercise any of these rights, contact us via the methods listed in Section 10.

You also have the right to lodge a complaint with the supervisory authority: Urad na ochranu osobnych udajov Slovenskej republiky (Office for Personal Data Protection of the Slovak Republic).

We take appropriate measures to protect your data, including:

• HTTPS encryption for all connections
• OAuth tokens are hidden from application output and API responses
• Payment data is processed directly by Stripe — we never handle card details

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically for any changes.

You can contact us through:

• Company website: www.skapa.sk
• Hattrick.org: dr_skapa's profile