πŸ‡ͺπŸ‡Ί

GDPR Compliance

General Data Protection Regulation

Last Updated: November 3, 2025

1. Our Commitment to GDPR

SmartCaddie.ai is committed to protecting the privacy and personal data of all users, including those in the European Union (EU) and European Economic Area (EEA). We comply with the General Data Protection Regulation (GDPR) and ensure your data rights are respected.

This page outlines how we meet GDPR requirements and explains your data protection rights under EU law. For complete details about our data practices, please also review our Privacy Policy.

2. Data Controller Information

SmartCaddie.ai acts as the data controller for personal data collected through our service. This means we determine how and why your personal data is processed.

Contact Information:

Website: smartcaddie.ai

Data Protection Inquiries: Available through account profile

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

3.1 Contract Performance (Article 6(1)(b))

Processing necessary to provide our service to you:

  • Creating and managing your account
  • Processing payments and subscriptions
  • Providing AI caddie recommendations and golf advice
  • Tracking your rounds and performance data
  • Delivering customer support

3.2 Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate business interests:

  • Improving our service and developing new features
  • Analyzing usage patterns and service performance
  • Preventing fraud and ensuring security
  • Sending service announcements and important updates

3.3 Consent (Article 6(1)(a))

Processing based on your explicit consent:

  • Marketing emails and promotional communications
  • Location tracking for course detection (optional)
  • Non-essential cookies and analytics
  • Sharing success stories and testimonials

3.4 Legal Obligation (Article 6(1)(c))

Processing required to comply with legal obligations:

  • Tax and accounting records
  • Responding to legal requests and court orders
  • Complying with financial regulations

4. Your GDPR Rights

Under GDPR, you have the following data protection rights:

βœ… Right to Access (Article 15)

You can request a copy of all personal data we hold about you, including your profile, round history, and usage data.

✏️ Right to Rectification (Article 16)

You can update or correct inaccurate personal data through your account settings or by contacting us.

πŸ—‘οΈ Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data when it's no longer necessary or if you withdraw consent. Note: Some data may be retained for legal or legitimate business purposes.

⏸️ Right to Restrict Processing (Article 18)

You can request that we limit how we use your data in certain circumstances (e.g., while disputing accuracy).

πŸ“¦ Right to Data Portability (Article 20)

You can request your data in a machine-readable format (JSON) to transfer to another service.

🚫 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

πŸ€– Rights Related to Automated Decision-Making (Article 22)

Our AI provides recommendations, but does not make automated decisions with legal or significant effects. You always maintain control over your golf strategy decisions.

❌ Right to Withdraw Consent (Article 7(3))

You can withdraw consent at any time (e.g., unsubscribe from marketing emails, disable location tracking). This does not affect the lawfulness of processing before withdrawal.

5. How to Exercise Your Rights

Self-Service Options

You can exercise many rights directly through your SmartCaddie.ai account:

  • Profile Settings: Update your personal information and preferences
  • Privacy Settings: Control location tracking and data sharing
  • Data Export: Download your complete data in JSON format
  • Account Deletion: Permanently delete your account and data
  • Email Preferences: Manage marketing and notification settings

Contact Us for Assistance

For assistance with data protection rights, submit a support ticket through your profile:

  • Go to Profile β†’ Support
  • Select "Data Protection / Privacy Request"
  • We will respond within 30 days as required by GDPR

6. Data Retention

We retain personal data only as long as necessary for the purposes stated in our Privacy Policy:

  • Active accounts: Data retained while your account is active
  • Inactive accounts: Deleted after 3 years of inactivity (with prior notice)
  • Deleted accounts: Most data deleted within 30 days; backups within 90 days
  • Financial records: Retained for 7 years for tax/legal compliance
  • Support tickets: Retained for 2 years for quality assurance

7. International Data Transfers

SmartCaddie.ai may transfer your personal data outside the EU/EEA to provide our services. When we do:

  • We ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the EU Commission
  • We work with service providers that comply with GDPR-equivalent data protection standards
  • We implement additional safeguards such as encryption and access controls

Our primary service providers include:

  • Cloud hosting providers with EU data centers
  • Stripe (payment processing) - GDPR compliant
  • CDN providers for content delivery

8. Data Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: TLS/SSL for data in transit, AES-256 for data at rest
  • Access controls: Role-based access and multi-factor authentication
  • Regular audits: Security reviews and penetration testing
  • Incident response: 72-hour breach notification as required by GDPR
  • Staff training: Regular data protection training for all team members
  • Data minimization: We only collect data necessary for our service

9. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms:

  • We will notify the relevant supervisory authority within 72 hours
  • We will notify affected users without undue delay
  • We will provide information about the breach, its impact, and remediation steps
  • We will take immediate action to contain and remedy the breach

10. Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your local data protection authority (supervisory authority) in the EU/EEA.

However, we encourage you to contact us first so we can address your concerns directly.

Find your local supervisory authority: European Data Protection Board

11. Children's Privacy

SmartCaddie.ai does not knowingly collect data from children under 16 years of age (or the applicable age in your jurisdiction). If we become aware that we have collected data from a child without proper consent, we will delete it promptly. Parents or guardians can contact us if they believe a child has provided personal data without consent.

12. Updates to GDPR Compliance

We regularly review and update our GDPR compliance practices. Material changes will be communicated through email and prominently displayed on our website. Continued use of our service after changes indicates acceptance of updated practices.

13. Contact Us

For questions about GDPR compliance or to exercise your data protection rights:

Website: smartcaddie.ai

Data Protection Requests: Submit Support Ticket

Response Time: Within 30 days as required by GDPR

This GDPR Compliance page should be read in conjunction with our Privacy Policy, Terms of Service, and Cookie Policy.

Privacy Policy | Terms of Service | Cookie Policy | Home