Privacy Policy

Grenzenlos Foundation is the controller responsible for the personal data processed through this website. Our registered address is Freiburg, Germany. You can reach us at info@grenzenlosfoundation.com or via our contact page. Full legal details are available in our Impressum.

We only process data that is necessary to provide our youth football camps, academy programmes, and related services:

• Parent / guardian accounts: name, email address, phone number, and a securely hashed password when you register for the parent portal.
• Email verification (OTP): we generate one-time codes to verify your email address and to support password resets. Codes are stored hashed and expire automatically.
• Camp & academy registrations: the child's name, date of birth, age group, and the medical, allergy, and emergency-contact information you provide so we can deliver programmes safely.
• Documents & waivers: files you upload (for example consent forms) and the waiver acceptances recorded against a registration.
• Payments: we use Stripe to process programme fees. Card details are entered directly with Stripe and are never stored on our servers; we retain the transaction reference, amount, and status.
• Contact form: the name, email, reason, and message you submit so we can respond to your enquiry.
• Technical data: limited server log data such as IP address, browser type, and timestamps, which we use for security, abuse prevention, and rate limiting.

• Stripe — payment processing for programme fees.
• ZeptoMail (Zoho) — sending transactional emails such as verification codes, registration confirmations, and notifications.
• Website & database hosting — our hosting provider stores the data described above to operate the website.

We do not sell your personal data, and we only share it with these providers to the extent needed to deliver our services.

We use strictly necessary cookies to keep you signed in to the parent portal and to process payments securely through Stripe. These essential cookies do not require consent. We do not use advertising or third-party tracking cookies.

We process personal data on the basis of the performance of a contract (delivering camps and programmes you register for), your consent (for example optional communications), our legitimate interests (securing and improving the service), and compliance with our legal obligations, in accordance with the GDPR.

We keep personal data only for as long as necessary for the purposes described above, or as required by law (for example, tax and accounting obligations for payment records). Registration and child-safeguarding data is retained for the duration of the programme relationship and applicable statutory periods, after which it is deleted or anonymised.

Under the GDPR you have the right to access, correct, or delete your personal data, to restrict or object to its processing, and to data portability. You may also lodge a complaint with a supervisory authority. To exercise any of these rights, please contact us at info@grenzenlosfoundation.com.

Parents and guardians register children for our programmes and provide the related information. We process children's data only to deliver programmes safely and never for marketing. If you believe a child's data has been provided without proper authority, contact us and we will address it promptly.