PRIVACY POLICY

The controller is IESF (International Esports Federation), an organization with its registered seat at 615, 6F, Suyeonggangbyeon-daero 140, Haeundae-gu, Busan, Korea (further referred to only as "IESF" or "controller").

We collect and process the following categories of personal data depending on how you interact with our services:

Account Registration Data

• Full name, email address, and password (hashed)
• Date of birth (to verify age eligibility and enforce age requirements)
• Nationality and country of residence
• Profile picture (optional)

OAuth Provider Data

If you choose to sign in using a third-party OAuth provider, we receive and store the following data from the respective provider:

• Google: Name, email address, profile picture, and Google account ID
• Discord: Username, discriminator, email address, avatar, and Discord user ID
• Twitch: Display name, email address, profile image, and Twitch user ID

We do not receive or store your passwords from OAuth providers. We only request the minimum permissions necessary for authentication.

Technical Data

• IP address, browser type, and user agent string
• Device information and operating system
• Access timestamps and referring URLs

We process your personal data only when we have a valid legal basis under Article 6 of the General Data Protection Regulation (GDPR). The following table outlines the legal basis for each processing activity:

When you participate in IESF-sanctioned esports competitions, we collect and process additional data specific to the competition context:

• Player Profiles: In-game names, game-specific IDs, team affiliations, and player rankings
• Match Data: Competition results, match statistics, scores, and performance metrics
• Eligibility Data: Passport or national ID information (for nationality verification), date of birth verification, and anti-doping compliance records
• Media Content: Photos, videos, and livestream footage captured during competitions

Competition results and player rankings are considered public information and may be published on the IESF website, shared with media partners, and distributed to member federations. Individual player statistics may also be shared with game publishers for the purpose of anti-cheat enforcement.

We use cookies and similar technologies to enhance your experience on our platform. When you visit our login page, we set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we set cookies to save your authentication session. These cookies are essential for the platform to function and include JWT authentication tokens. Session cookies expire when you log out; persistent login cookies (if "Remember Me" is selected) last for up to two weeks.

For more detailed information about the cookies we use and how to manage your cookie preferences, please see our Cookie Policy.

Pages on this site may include embedded content (e.g. videos, images, articles, social media feeds). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

We may share your personal data with the following categories of recipients:

• IESF Member Federations: National esports federations that are members of IESF, for the purpose of organizing and administering national and regional competitions
• Tournament Platform Partners: Third-party platforms used to host IESF-sanctioned competitions
• Anti-Cheat and Integrity Providers: Services that ensure fair play and competition integrity
• Service Providers: Hosting, email, analytics, and other infrastructure providers that process data on our behalf under data processing agreements
• Legal and Regulatory Bodies: Where required by law or to protect IESF's legal rights

Personal data may be transferred to countries outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or transfers to countries with an adequacy decision.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specific retention periods include:

• Account data: Retained for the lifetime of your account, plus 2 years after account deletion to comply with legal obligations
• Competition results and rankings: Retained indefinitely as part of IESF's historical sports records
• Identity verification documents: Retained for the competition season plus 2 years, then securely deleted
• Technical logs: Retained for 12 months for security and debugging purposes
• Consent records: Retained for 5 years after consent is withdrawn, as required for compliance documentation

When data is no longer required, it is securely deleted or anonymized so that it can no longer be associated with you.

You may exercise any of your data subject rights by contacting our Data Protection Officer at [email protected].

IESF takes the security of your personal data seriously. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, IESF will:

• Notify the supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. The notification will include the nature of the breach, categories and approximate number of individuals affected, likely consequences, and measures taken or proposed to address the breach.
• Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34. The notification will describe the nature of the breach in clear and plain language, provide the DPO's contact details, describe likely consequences, and outline the measures taken to address or mitigate the breach.
• Document all breaches regardless of severity, including the facts of the breach, its effects, and the remedial actions taken. This documentation is maintained to enable the supervisory authority to verify compliance.