Privacy Policy

1. Who we are

SquareOne d.o.o., Zagreb ("SquareOne", "we") operates sq1.club and the SquareOne member app. We are the controller of personal data processed through our website, application forms and member services under the GDPR.

2. What data we collect

• Identification data: name, email, phone number, date of birth (for memberships)
• Application data: information you submit through membership, corporate or contact forms
• Usage data: server logs, device type, language, anonymised analytics
• Member data: bookings, attendance, preferences (for active members only)

3. Why we use it

• To respond to your enquiry or process your application (Art. 6(1)(b) GDPR)
• To operate the club, member app and bookings (Art. 6(1)(b) GDPR)
• To send service emails and important member communications (Art. 6(1)(b) and (f))
• To improve the website and our services (Art. 6(1)(f) — legitimate interest)
• Marketing emails only with your explicit opt-in (Art. 6(1)(a))

4. Who we share it with

We share data only with vetted processors that help us operate the club: hosting and database providers (Lovable Cloud / Supabase, EU region), email delivery services and payment providers. All processors are bound by data processing agreements compliant with the GDPR.

5. How long we keep it

Form submissions are kept for up to 24 months. Member records are kept for the duration of membership plus the legal retention period (10 years for accounting under Croatian law).

6. Your rights

• Access to the data we hold about you
• Correction of inaccurate data
• Erasure where no legal retention applies
• Restriction or objection to processing
• Data portability
• Lodge a complaint with the Croatian Personal Data Protection Agency (AZOP)

7. Contact

For privacy questions or to exercise your rights: privacy@sq1.club.