Privacy Policy

Last updated: 01.08.2025

1. Identification of the Controller / Processor

Purpose of this Privacy Notice
This Privacy Notice provides information on how chymera s.r.o. processes your personal data when you use our website or mobile application, including any data you provide when creating a user account, booking a sports facility, subscribing to newsletters, or using other services.

Our website and app are not intended for children, and we do not knowingly collect personal data from individuals under the age of 16.

(If the user is under 16 years old, verifiable consent from a legal guardian is required for data processing.)

We recommend reading this notice in conjunction with any other specific notices provided at the time your data is collected or processed.

Data Controller / Processor
Company name: chymera s.r.o.
Company ID (IČO): 57513295
Registered office: Staré Grunty 332, 841 04 Bratislava, Slovakia
Email: [To be added]
Website: www.scorespots.com

chymera s.r.o. (referred to in this notice as "Scorespots", "we", "our", or "us") is responsible for the protection and lawful processing of your personal data.

Changes to this Notice & Duty to Inform Us

This notice was last updated on 01.08.2025.
Please ensure that the personal data we hold about you is accurate and up to date. Inform us of any changes during your relationship with us.

Third-Party Links

Our website may contain links to third-party websites, plug-ins, or applications. Clicking these links or enabling those connections may allow third parties to collect or share data about you.

We do not control these third-party websites and are not responsible for their privacy notices. Please review the privacy policies of every site you visit.

2. Processing of Personal Data

What is Personal Data?

Personal data refers to any information about an identified or identifiable individual. Anonymous data that cannot be linked back to a specific person is not considered personal data.

What Personal Data We Collect?

  • Identification Data: Name, surname, username, title, birthdate, gender.
  • Contact Data: Address, billing address, email, phone numbers.
  • Card Data: Only the last 4 digits and expiration date of your card are stored; full card numbers are never saved.
  • Transaction Data: Payment details and records of purchases or reservations.
  • Technical Data: IP address, login credentials, browser type/version, time zone, location, device OS, plug-ins.
  • Profile Data: Username, password, bookings, feedback, survey responses.
  • Usage Data: How you use our site/app/services.
  • Aggregated Data: Statistical or demographic data not linked to identity, unless combined with personal data.

We do not collect sensitive personal data (e.g., health, beliefs, political opinions) or data on criminal offenses.

Financial Data

Card details are collected and stored only by our payment service provider. For wallet features, we only store the last 4 digits and expiration date.

What Happens If You Don't Provide Data?

If you don't provide necessary data for legal or contractual reasons (e.g., for booking), we may not be able to deliver the service or complete your request. You will be notified in such cases.

3. Collection of Personal Data

I. Direct Collection from You

  • Register or create an account
  • Download/register our app
  • Search for facilities
  • Report an issue
  • Make a reservation
  • Subscribe to newsletters
  • Request marketing materials
  • Participate in promotions or surveys
  • Submit feedback

II. Automated Technologies

We automatically collect technical data about your device and usage via cookies, logs, and similar tools. See our for more.

III. Third-Party and Public Sources

  • Analytics providers (e.g., Google Analytics)
  • Advertising platforms (e.g., Google, Facebook, LinkedIn)
  • Search engines (e.g., Google, Bing)
  • Public registries (e.g., Slovak Business Register)

4. Use of Personal Data

Lawful Bases for Processing

  • Contract performance (e.g., bookings)
  • Legitimate interests (e.g., service improvements, fraud prevention)
  • Legal obligations (e.g., financial or data protection laws)

Processing Purposes

PurposeData TypesLegal BasisLegitimate Interest
User registrationID, ContactContract-
Booking managementID, Contact, TransactionContract-
Campaigns, surveys, promotionsID, Contact, Profile, Usage, MarketingContract, LegitimateMarketing service enhancement
User communication & feedbackID, Contact, Profile, MarketingContract, Legal, LegitimateImproving services, updating data
Platform operations & securityID, Contact, TechnicalLegal, LegitimateIT security, fraud prevention
Personalized content and adsID, Contact, Profile, Usage, TechnicalLegitimateTargeted marketing, user experience

Marketing

  • We may use your data to personalize marketing messages.
  • You'll only receive marketing if you requested info, used our services, or gave consent (e.g., newsletter).
  • We require explicit consent before sharing your data with third parties for marketing.
  • You can opt-out at any time by contacting us.

5. Data Retention

We retain your data only as long as necessary to fulfill the purposes outlined, observing principles of minimization and limitation under Slovak law (§10, Act 18/2018).

  • Duration of your contract with us
  • Legal obligations
  • Our legitimate interest
  • Your consent
  • Proportionality between purpose and scope

After expiration, data may be anonymized for statistics, research, or analysis.

Right to Erasure

You have the right to request deletion of personal data under §23 of the Act if there is no further legal basis for processing.

6. Data Access and Disclosure

We may disclose data to third parties only as necessary for processing and based on legal grounds (§13 of Act 18/2018). We ensure all third-party processors meet GDPR standards (EU Regulation 2016/679).

7. Security Measures

  • Technical Measures: SSL/TLS, antivirus/firewall, backups
  • Organizational Measures: Access limited to authorized personnel
  • Personnel Measures: Staff confidentiality training

8. Data Subject Rights

  1. Right to Access: Request confirmation, see purpose and sources
  2. Right to Correction or Erasure: Fix or delete data if:
    • Purpose expired
    • Processing unlawful
    • Consent withdrawn
    • Allowed by law
  3. Right to Object: Especially for marketing or profiling
  4. Right Not to Be Subject to Automated Decisions
  5. Right to Contact the Authority: Slovak Data Protection Office
  6. Representation: Exercise rights via representative

Response time: 30 days
Cost: Free, except for copies/delivery

9. Cookie Notice

Types of Cookies We Use

  1. Essential Cookies: Login, security
  2. Analytics Cookies: Anonymous tracking
  3. Marketing Cookies: Ad targeting (Google, Facebook)

How You Grant or Withdraw Consent

  • Accept all cookies
  • Reject optional cookies
  • Customize settings

Managing Cookies

  • View/delete cookies in browser
  • Block third-party cookies
  • Disable cookies entirely