Privacy Policy

1) Scope & who we are

Thumb Royale is a roaming mobile esports festival running BO1 ladders and nightly Sprint-Cups across European cities. This Privacy Policy explains how we handle personal data collected on our websites, pop-up venues, registration desks, and creator booths. We operate in the EEA, the UK, and Switzerland with a GDPR-first approach.

Controller: Thumb Royale GmbH (or local event subsidiary where applicable). For questions, see Contact.

2) Data we collect

• Basic account/entry data — name/pseudonym, email, city, age declaration, preferred language.
• Match records — scores, timestamps, opponent IDs, device profile ID (mirrored controls), ladder position.
• Operational logs — check-in time, queue lane, ref notes tied to clip timestamps.
• Media & creator assets — clips you submit or consent to capture (opt-in, revocable).
• Technical — IP, coarse location derived from venue Wi-Fi, device type; we do not collect raw biometrics.
• Payments — handled by payment providers; we store only confirmation metadata (no card numbers).

3) How we use data

• To operate ladders, brackets, leaderboards, and nightly Sprint-Cups.
• To provide creator materials, clean feeds, and overlays when requested.
• To verify eligibility, enforce rules, and handle disputes via ref tools.
• To communicate schedules, city hops, safety notices, and policy changes.
• To improve the festival format via aggregated, anonymised stats.

4) Legal bases (GDPR)

• Contract — participation in events and provision of services you request.
• Legitimate interests — running a fair tournament, preventing fraud, securing venues.
• Consent — creator captures, marketing emails, and certain cookies. You may withdraw at any time.
• Legal obligation — complying with event safety and local regulations.

5) Sharing & processors

We use vetted processors for ticketing, email, analytics, storage, and payments. Contracts include GDPR-compliant terms and, where relevant, Standard Contractual Clauses. We never sell personal data.

6) Retention

Match records and queue logs live for the season plus a short audit window. Creator consents persist until revoked or the asset is deleted. We keep the minimum necessary for the festival to function and legal requirements to be met.

7) Your rights

You can request access, correction, deletion, portability, and restriction. You can also object to processing carried out under legitimate interests. For consent-based processing, you may withdraw consent without affecting prior lawfulness.

EEA/UK residents may lodge a complaint with a supervisory authority in their country.

8) Security

We protect data with role-based access, encryption in transit and at rest, and strict on-site procedures (sealed lanes, device parity checks). No method is perfectly secure, but we design for minimisation and resilience.

9) International transfers

Where data leaves the EEA/UK, we rely on adequacy decisions or Standard Contractual Clauses with supplementary measures.

10) Minors

Local venue rules apply. Where under-18 participation is allowed, guardian approval may be required. We do not knowingly collect data from children below the applicable age of digital consent.

11) Cookies & similar tech

We use essential cookies for session and security. Analytics and marketing cookies run only with consent. You can adjust preferences via your browser and on-site prompts where available.

12) Contact

Email: thumb-royale@gmail.com. For postal details or DPO inquiries, contact us by email first and we will provide the most appropriate channel for your region.

13) Changes to this policy

We may update this Privacy Policy to reflect operational or legal changes. We will post the new date at the top and, where appropriate, provide a prominent notice.