Privacy Policy

Last updated: 18 May 2026

Grippa Sports Planner BV (“Grippa”, “we” or “us”) takes the protection of your personal data very seriously. This privacy policy explains which personal data we collect when you use the Grippa platform and our website (grippa.app), why we do so, how long we retain it and what rights you have. This policy applies to all users of Grippa, including tennis schools, trainers and players.

1. Who is responsible for your data?

The controller within the meaning of the General Data Protection Regulation (GDPR) is Grippa Sports Planner BV, based in Amsterdam, reachable at info@grippa.app.

To the extent Grippa processes personal data of trainers and players on behalf of a tennis school, Grippa acts as processor and the tennis school is the controller for that data. For questions about processing by the tennis school, please contact that tennis school directly.

2. Which personal data do we process?

Depending on your role on the Platform (tennis school, trainer or player) and how you use the Platform, we process the following categories of personal data:

  • Account data: name, email address, phone number, password (encrypted) and role (Tennis School, Trainer, Player).
  • Organisation data (Tennis School): name, business address, Chamber of Commerce number, VAT number, bank account number.
  • Lesson data: scheduled lessons, participants, attendance, level and trainer notes.
  • Payment data: amount, time, payment method and transaction ID. Full credit card or bank details are processed solely by the payment service provider and not stored by Grippa.
  • Communication data: emails, support messages and notifications you send or receive via the Platform.
  • Technical data: IP address, browser type, device information, language setting, time zone, page views and click behaviour.
  • Cookies and similar techniques: see section 6.

3. Why and on what legal basis do we process your data?

We process personal data only for the purposes listed below and based on the legal grounds from Article 6 GDPR:

  • Performance of the agreement: to create and manage accounts, facilitate lesson planning, enable communication between tennis schools, trainers and players, and handle payments through the Payment Module.
  • Legal obligation: to comply with tax and administrative retention obligations and to respond to lawful requests from competent authorities.
  • Legitimate interest: to improve and secure the Platform, prevent fraud and abuse, compile anonymised statistics and — to a limited extent — contact existing customers about relevant services.
  • Consent: to place non-functional cookies (such as analytics and marketing cookies) and — where applicable — send marketing emails. You can withdraw your consent at any time.

4. With whom do we share your data?

We do not sell your personal data to third parties. We share your data only with the following categories of recipients, and only to the extent necessary:

  • Sub-processors: external parties that process personal data on our behalf. We enter into data processing agreements with these parties.
  • Tennis schools and trainers: to the extent necessary to plan lessons, register participants and handle bookings.
  • Competent authorities: when legally required, for example in the context of a court order or a tax investigation.

The main sub-processors we currently work with are:

  • Google LLC / Google Ireland Ltd. (Google Analytics 4 and Google Tag Manager) — statistics on the use of the website and Platform, including visit data and behavioural analysis.
  • Mollie B.V. and/or Stripe Payments Europe Ltd. — payment processing via the Payment Module, fraud prevention and payouts.
  • Email providers (such as Resend, Postmark or Mailchimp) — sending transactional and, where applicable, marketing emails.
  • Hosting and database providers (such as Vercel, Supabase or AWS) — hosting the Platform, storing and backing up databases and files.

You can request a current overview of our sub-processors via info@grippa.app.

5. Transfers outside the European Economic Area

Some of our sub-processors, including Google, may process personal data in countries outside the European Economic Area (EEA), including the United States. For such transfers we rely on the appropriate safeguards prescribed by the GDPR, such as:

  • the EU-US Data Privacy Framework (where the receiving party is certified);
  • the Standard Contractual Clauses adopted by the European Commission;
  • additional technical and organisational measures, where needed.

6. Cookies and similar techniques

We use cookies and similar techniques on our website and on the Platform. Cookies are small text files placed on your device to support the website's operation and analyse its use.

We use the following categories:

  • Functional cookies: necessary for the operation of the Platform, such as login and session management. No consent required.
  • Analytics cookies (Google Analytics 4 via Google Tag Manager): insight into the use and performance of the Platform. Consent required.
  • Marketing cookies (if used): to show personalised content or advertisements. Consent required.

On your first visit to our website we ask your consent to place non-functional cookies via a cookie banner. You can change your preferences at any time via the cookie settings on the website.

We use Google Analytics 4 (via Google Tag Manager) to gain insight into the use of our website and Platform. Data such as IP address, page views, click behaviour and device information is processed. Google's privacy policy applies to the use of Google Analytics.

7. How long do we retain your data?

We do not retain personal data longer than necessary for the purposes for which it was collected, or as legally required. Indicative retention periods:

  • Account data: for as long as your account is active. After termination, data is deleted or anonymised within a reasonable period, unless we are legally required to retain it longer.
  • Lesson data: for as long as the agreement between Grippa and the relevant tennis school is in force, and for a reasonable period afterwards for administrative purposes.
  • Payment and invoice data: seven (7) years, in line with the tax retention obligation.
  • Communication (emails, support tickets): up to two (2) years after the last interaction.
  • Analytics data: as configured in Google Analytics 4, typically between two (2) and fourteen (14) months.
  • Cookies: as indicated in the cookie settings, varies per cookie.

8. How do we secure your data?

We take appropriate technical and organisational measures to protect your personal data against loss, unauthorised access, modification or disclosure. Examples include:

  • encrypted connections (HTTPS/TLS) between your device and our servers;
  • encrypted storage of passwords;
  • access control and logging on internal systems;
  • regular backups and recovery procedures;
  • careful selection of sub-processors and entering into data processing agreements.

Should a data breach occur despite these measures, we act in accordance with the GDPR and report it to the Dutch Data Protection Authority and/or to data subjects where necessary.

9. What are your rights?

Under the GDPR you have the following rights regarding your personal data:

  • Right of access: you can request which personal data we process about you.
  • Right to rectification: you can have incorrect or incomplete data corrected.
  • Right to erasure: you can request that your data be deleted, unless we are legally required to retain it.
  • Right to restriction: you can request restriction of processing.
  • Right to data portability: you can request your data in a common, structured format.
  • Right to object: you can object to processing based on legitimate interest.
  • Right to withdraw consent: if we process data based on your consent, you can withdraw it at any time.

You can submit a request to exercise these rights via info@grippa.app. We may ask for additional information to verify your identity. We will in principle respond within one month.

If the data is processed by or on behalf of a tennis school, you can contact that tennis school directly. We can refer you if needed.

10. Filing a complaint with the supervisory authority

If you believe that we do not process your personal data correctly, you can file a complaint with the Dutch Data Protection Authority (AP) via autoriteitpersoonsgegevens.nl. We appreciate it if you contact us first so that we can address any concerns.

11. Changes to this privacy policy

We may amend this privacy policy from time to time, for example following changes to our services or new legal requirements. The most recent version is always available on our website. For significant changes we will actively inform you.

12. Contact

Do you have questions about this privacy policy or how we handle personal data? Contact us via Grippa Sports Planner BV, info@grippa.app.

— End of privacy policy —