Legal
Last updated: June 2026
Privacy Policy
1. Controller
The controller responsible for the processing of your personal data within the meaning of Art. 4(7) GDPR is the operator of NextSportJobs.
NextSportJobs
Email: info@nextsportjobs.com
NextSportJobs is currently operated as a private early-stage project. Full legal entity details will be added once a company is registered.
2. Legal Basis for Processing
We process your personal data only where we have a valid legal basis under Art. 6 GDPR:
- Art. 6(1)(a) GDPR — Consent
- Processing where you have given us your specific, informed and freely given consent. You may withdraw consent at any time.
- Art. 6(1)(b) GDPR — Performance of a contract
- Processing necessary to provide you with the platform and its services, including account creation, job applications and messaging.
- Art. 6(1)(c) GDPR — Legal obligation
- Processing required to comply with applicable laws, including data protection, tax and commercial law obligations.
- Art. 6(1)(f) GDPR — Legitimate interests
- Processing necessary for our legitimate interests, such as ensuring platform security, preventing fraud, improving platform functionality and maintaining service quality, provided these interests are not overridden by your rights and freedoms.
Where we process special categories of personal data (Art. 9 GDPR), we rely on your explicit consent (Art. 9(2)(a) GDPR). We do not ask for special category data and candidates should avoid uploading it unless strictly necessary.
3. What Data We Collect and Why
3.1 When you visit the Platform
When you access NextSportJobs, our hosting infrastructure automatically records standard server log data, including:
- IP address (anonymised or shortened where possible)
- browser type and version
- operating system
- referring URL
- pages visited and time of access
- HTTP status codes
Purpose: Platform security, fraud prevention and technical operation. Legal basis: Art. 6(1)(f) GDPR (legitimate interests). Retention: Typically 7–14 days.
3.2 Account Registration
When you create an account we collect:
- email address
- password (stored as a hashed value — never in plain text)
- account type (Candidate or Employer)
- date of account creation
Purpose: Account creation and authentication. Legal basis: Art. 6(1)(b) GDPR. Retention: For the duration of the account, plus any legally required period after deletion.
3.3 Candidate Profiles
Candidates may voluntarily provide additional information, including:
- first and last name
- profile photo
- location or preferred work location
- work experience, education and qualifications
- skills, languages and certifications
- sport industry experience and preferred roles
- availability and notice period
- CV document (PDF or Word)
- links to professional profiles (e.g. LinkedIn)
Purpose: Creating a candidate profile visible to employers and used to match and apply for jobs. Legal basis: Art. 6(1)(b) GDPR and, for optional fields, Art. 6(1)(a) GDPR (consent by voluntary submission). Retention: For the duration of the account.
Important: Candidates should not upload sensitive personal data (Art. 9 GDPR) such as health information, religious beliefs, political opinions, trade union membership, ethnic origin, biometric data or criminal records unless strictly required for a specific application. If such data is uploaded, we treat this as explicit consent under Art. 9(2)(a) GDPR.
3.4 Job Applications
When a Candidate applies for a job, we transmit the candidate's profile, CV and application materials to the relevant Employer. By submitting an application, the Candidate consents to this transfer.
Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(a) GDPR (consent). Retention: Application data is retained for the duration of the active application process. Candidates may request deletion at any time.
3.5 Employer Accounts
Employers provide:
- organisation or company name
- contact name
- email address
- job posting information
- billing details (if applicable in future paid features)
Purpose: Providing employer access to job posting and candidate search features. Legal basis: Art. 6(1)(b) GDPR.
3.6 Messages and Communications
Messages sent through the platform between Candidates and Employers are stored to enable communication. Legal basis: Art. 6(1)(b) GDPR. Retention: For the duration of the account relationship.
3.7 Contact by Email
If you contact us by email, we process your name, email address and the content of your message to respond to your enquiry. Legal basis: Art. 6(1)(f) GDPR. Retention: Until the enquiry is resolved, unless a longer retention period is required by law.
4. Cookies and Tracking Technologies
We use cookies and similar technologies in accordance with the TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz) and the EU ePrivacy Directive (2002/58/EC).
4.1 Technically necessary cookies
These cookies are required for the platform to function (e.g. keeping you logged in, session management, security). They do not require consent under § 25(2) TTDSG as they are strictly necessary.
4.2 Analytics and performance cookies
If we use analytics tools to understand how the platform is used, we will obtain your consent before setting such cookies (§ 25(1) TTDSG / Art. 6(1)(a) GDPR). You can withdraw consent at any time by adjusting your browser settings or our cookie preferences.
4.3 How to manage cookies
You can control and delete cookies through your browser settings. Note that disabling technically necessary cookies may affect platform functionality. For more information on managing cookies, visit allaboutcookies.org.
5. Sharing Your Data
We do not sell your personal data. We may share data only in the following circumstances:
5.1 With Employers
When a Candidate applies for a job or enables Talent Pool visibility, their profile and application data is shared with the relevant Employer. Employers are independent data controllers for any data they receive and are responsible for their own GDPR compliance.
5.2 Technical service providers
We use third-party providers to operate the platform, including hosting (Supabase, cloud infrastructure) and authentication services. These providers act as data processors under Art. 28 GDPR and are contractually bound to process data only on our instructions.
5.3 Legal obligations
We may disclose data where required to do so by law, court order, or competent public authority.
5.4 International transfers
Where data is transferred outside the European Economic Area (EEA), we ensure an adequate level of protection through the EU Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR or other appropriate safeguards.
6. Data Retention
We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law:
| Data type | Retention period |
|---|---|
| Account data | Until account deletion + legally required period |
| Candidate profile and CV | Until account deletion or explicit deletion request |
| Job applications | Duration of recruitment process; deleted on request |
| Messages | Duration of account relationship |
| Server logs | 7–14 days |
| Email correspondence | Until enquiry resolved or legally required period |
| Legal/tax records | Up to 10 years (§ 147 AO / § 257 HGB where applicable) |
7. Your Rights Under GDPR
Under the GDPR and BDSG, you have the following rights. You can exercise any of these rights by contacting us at info@nextsportjobs.com:
Art. 15 GDPR
Right of access
You have the right to obtain confirmation of whether we process personal data about you, and if so, a copy of that data and information about how it is processed.
Art. 16 GDPR
Right to rectification
You have the right to have inaccurate or incomplete personal data corrected without undue delay.
Art. 17 GDPR
Right to erasure ('right to be forgotten')
You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, you withdraw consent, or processing was unlawful.
Art. 18 GDPR
Right to restriction of processing
You have the right to request that we restrict the processing of your data in certain circumstances (e.g. while accuracy is contested).
Art. 20 GDPR
Right to data portability
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a structured, commonly used and machine-readable format.
Art. 21 GDPR
Right to object
You have the right to object at any time to processing based on Art. 6(1)(f) GDPR (legitimate interests), including profiling. We will stop processing unless we demonstrate compelling legitimate grounds.
Art. 7(3) GDPR
Right to withdraw consent
Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
Art. 77 GDPR
Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority. In Germany, the competent authorities are the state data protection authorities (Landesdatenschutzbehörden). You may also contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
We will respond to your request within one month of receipt, as required by Art. 12 GDPR. In complex cases this may be extended by a further two months, in which case we will notify you.
8. Children's Data
NextSportJobs is not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If we become aware that data from a minor has been submitted, we will delete it promptly. If you believe a minor has provided us data, please contact info@nextsportjobs.com.
9. Data Security
We apply appropriate technical and organisational measures (TOMs) to protect your personal data against accidental loss, unauthorised access, disclosure, alteration and destruction, in accordance with Art. 32 GDPR. These include:
- encrypted data transmission via TLS/HTTPS
- hashed password storage
- access controls and authentication measures
- regular security reviews
- secure cloud hosting infrastructure
In the event of a personal data breach, we will notify the competent supervisory authority within 72 hours where required under Art. 33 GDPR, and affected individuals where required under Art. 34 GDPR.
10. Third-Party Services
The platform uses the following categories of third-party services which may process personal data as data processors under Art. 28 GDPR:
- Cloud database and authentication (Supabase / AWS infrastructure in EU region)
- Email delivery (for transactional notifications)
- Web hosting and CDN (Vercel or similar)
- Optional: analytics tools (only with prior consent)
We do not use advertising networks or share data with social media platforms for targeting purposes.
11. Automated Decision-Making and Profiling
NextSportJobs may use automated features such as job matching or candidate recommendations. These are informational tools only — no purely automated decision-making with legal or similarly significant effects on individuals takes place, as prohibited without safeguards under Art. 22 GDPR.
Hiring decisions remain entirely with Employers. Candidates and Employers are not subject to decisions based solely on automated processing.
12. Employer Obligations Under GDPR
When Employers receive Candidate data through NextSportJobs, they become independent data controllers for that data. Employers are required to:
- process Candidate data only for legitimate recruitment purposes
- comply with all applicable GDPR and BDSG obligations
- provide Candidates with required privacy information (Art. 13/14 GDPR)
- not retain Candidate data longer than necessary
- not use Candidate data for unrelated marketing or commercial purposes
- implement appropriate security measures for data received
NextSportJobs is not responsible for how Employers process data after it has been shared with them.
13. Links to Third-Party Websites
The platform may contain links to employer websites, external job application systems and other third-party sites. These are outside our control and are governed by their own privacy policies. We are not responsible for the data protection practices of third-party websites.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. The latest version will always be available on this page with the date of the most recent update.
Where changes are material, we will notify registered users by email or through the platform. Continued use of the platform after updates take effect constitutes acceptance of the revised policy.
15. Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority. In Germany, you may contact:
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153, 53117 Bonn, Germany
Alternatively, you may contact the supervisory authority for your place of residence or the place of the alleged infringement.
16. Contact — Data Protection Enquiries
For any questions, requests or concerns regarding this Privacy Policy or the processing of your personal data, please contact:
NextSportJobs — Data Protection
Email: info@nextsportjobs.com
We will respond within one month as required by Art. 12 GDPR.
© 2026 NextSportJobs