Legal

Last updated: June 2026

Privacy Policy

1. Controller

The controller responsible for the processing of your personal data within the meaning of Art. 4(7) GDPR is the operator of NextSportJobs.

NextSportJobs

Email: info@nextsportjobs.com

NextSportJobs is currently operated as a private early-stage project. Full legal entity details will be added once a company is registered.

2. Legal Basis for Processing

We process your personal data only where we have a valid legal basis under Art. 6 GDPR:

Art. 6(1)(a) GDPR — Consent
Processing where you have given us your specific, informed and freely given consent. You may withdraw consent at any time.
Art. 6(1)(b) GDPR — Performance of a contract
Processing necessary to provide you with the platform and its services, including account creation, job applications and messaging.
Art. 6(1)(c) GDPR — Legal obligation
Processing required to comply with applicable laws, including data protection, tax and commercial law obligations.
Art. 6(1)(f) GDPR — Legitimate interests
Processing necessary for our legitimate interests, such as ensuring platform security, preventing fraud, improving platform functionality and maintaining service quality, provided these interests are not overridden by your rights and freedoms.

Where we process special categories of personal data (Art. 9 GDPR), we rely on your explicit consent (Art. 9(2)(a) GDPR). We do not ask for special category data and candidates should avoid uploading it unless strictly necessary.

3. What Data We Collect and Why

3.1 When you visit the Platform

When you access NextSportJobs, our hosting infrastructure automatically records standard server log data, including:

  • IP address (anonymised or shortened where possible)
  • browser type and version
  • operating system
  • referring URL
  • pages visited and time of access
  • HTTP status codes

Purpose: Platform security, fraud prevention and technical operation. Legal basis: Art. 6(1)(f) GDPR (legitimate interests). Retention: Typically 7–14 days.

3.2 Account Registration

When you create an account we collect:

  • email address
  • password (stored as a hashed value — never in plain text)
  • account type (Candidate or Employer)
  • date of account creation

Purpose: Account creation and authentication. Legal basis: Art. 6(1)(b) GDPR. Retention: For the duration of the account, plus any legally required period after deletion.

3.3 Candidate Profiles

Candidates may voluntarily provide additional information, including:

  • first and last name
  • profile photo
  • location or preferred work location
  • work experience, education and qualifications
  • skills, languages and certifications
  • sport industry experience and preferred roles
  • availability and notice period
  • CV document (PDF or Word)
  • links to professional profiles (e.g. LinkedIn)

Purpose: Creating a candidate profile visible to employers and used to match and apply for jobs. Legal basis: Art. 6(1)(b) GDPR and, for optional fields, Art. 6(1)(a) GDPR (consent by voluntary submission). Retention: For the duration of the account.

Important: Candidates should not upload sensitive personal data (Art. 9 GDPR) such as health information, religious beliefs, political opinions, trade union membership, ethnic origin, biometric data or criminal records unless strictly required for a specific application. If such data is uploaded, we treat this as explicit consent under Art. 9(2)(a) GDPR.

3.4 Job Applications

When a Candidate applies for a job, we transmit the candidate's profile, CV and application materials to the relevant Employer. By submitting an application, the Candidate consents to this transfer.

Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(a) GDPR (consent). Retention: Application data is retained for the duration of the active application process. Candidates may request deletion at any time.

3.5 Employer Accounts

Employers provide:

  • organisation or company name
  • contact name
  • email address
  • job posting information
  • billing details (if applicable in future paid features)

Purpose: Providing employer access to job posting and candidate search features. Legal basis: Art. 6(1)(b) GDPR.

3.6 Messages and Communications

Messages sent through the platform between Candidates and Employers are stored to enable communication. Legal basis: Art. 6(1)(b) GDPR. Retention: For the duration of the account relationship.

3.7 Contact by Email

If you contact us by email, we process your name, email address and the content of your message to respond to your enquiry. Legal basis: Art. 6(1)(f) GDPR. Retention: Until the enquiry is resolved, unless a longer retention period is required by law.

4. Cookies and Tracking Technologies

We use cookies and similar technologies in accordance with the TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz) and the EU ePrivacy Directive (2002/58/EC).

4.1 Technically necessary cookies

These cookies are required for the platform to function (e.g. keeping you logged in, session management, security). They do not require consent under § 25(2) TTDSG as they are strictly necessary.

4.2 Analytics and performance cookies

If we use analytics tools to understand how the platform is used, we will obtain your consent before setting such cookies (§ 25(1) TTDSG / Art. 6(1)(a) GDPR). You can withdraw consent at any time by adjusting your browser settings or our cookie preferences.

4.3 How to manage cookies

You can control and delete cookies through your browser settings. Note that disabling technically necessary cookies may affect platform functionality. For more information on managing cookies, visit allaboutcookies.org.

5. Sharing Your Data

We do not sell your personal data. We may share data only in the following circumstances:

5.1 With Employers

When a Candidate applies for a job or enables Talent Pool visibility, their profile and application data is shared with the relevant Employer. Employers are independent data controllers for any data they receive and are responsible for their own GDPR compliance.

5.2 Technical service providers

We use third-party providers to operate the platform, including hosting (Supabase, cloud infrastructure) and authentication services. These providers act as data processors under Art. 28 GDPR and are contractually bound to process data only on our instructions.

5.3 Legal obligations

We may disclose data where required to do so by law, court order, or competent public authority.

5.4 International transfers

Where data is transferred outside the European Economic Area (EEA), we ensure an adequate level of protection through the EU Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR or other appropriate safeguards.

6. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law:

Data typeRetention period
Account dataUntil account deletion + legally required period
Candidate profile and CVUntil account deletion or explicit deletion request
Job applicationsDuration of recruitment process; deleted on request
MessagesDuration of account relationship
Server logs7–14 days
Email correspondenceUntil enquiry resolved or legally required period
Legal/tax recordsUp to 10 years (§ 147 AO / § 257 HGB where applicable)

7. Your Rights Under GDPR

Under the GDPR and BDSG, you have the following rights. You can exercise any of these rights by contacting us at info@nextsportjobs.com:

Art. 15 GDPR

Right of access

You have the right to obtain confirmation of whether we process personal data about you, and if so, a copy of that data and information about how it is processed.

Art. 16 GDPR

Right to rectification

You have the right to have inaccurate or incomplete personal data corrected without undue delay.

Art. 17 GDPR

Right to erasure ('right to be forgotten')

You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, you withdraw consent, or processing was unlawful.

Art. 18 GDPR

Right to restriction of processing

You have the right to request that we restrict the processing of your data in certain circumstances (e.g. while accuracy is contested).

Art. 20 GDPR

Right to data portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a structured, commonly used and machine-readable format.

Art. 21 GDPR

Right to object

You have the right to object at any time to processing based on Art. 6(1)(f) GDPR (legitimate interests), including profiling. We will stop processing unless we demonstrate compelling legitimate grounds.

Art. 7(3) GDPR

Right to withdraw consent

Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Art. 77 GDPR

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. In Germany, the competent authorities are the state data protection authorities (Landesdatenschutzbehörden). You may also contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

We will respond to your request within one month of receipt, as required by Art. 12 GDPR. In complex cases this may be extended by a further two months, in which case we will notify you.

8. Children's Data

NextSportJobs is not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If we become aware that data from a minor has been submitted, we will delete it promptly. If you believe a minor has provided us data, please contact info@nextsportjobs.com.

9. Data Security

We apply appropriate technical and organisational measures (TOMs) to protect your personal data against accidental loss, unauthorised access, disclosure, alteration and destruction, in accordance with Art. 32 GDPR. These include:

  • encrypted data transmission via TLS/HTTPS
  • hashed password storage
  • access controls and authentication measures
  • regular security reviews
  • secure cloud hosting infrastructure

In the event of a personal data breach, we will notify the competent supervisory authority within 72 hours where required under Art. 33 GDPR, and affected individuals where required under Art. 34 GDPR.

10. Third-Party Services

The platform uses the following categories of third-party services which may process personal data as data processors under Art. 28 GDPR:

  • Cloud database and authentication (Supabase / AWS infrastructure in EU region)
  • Email delivery (for transactional notifications)
  • Web hosting and CDN (Vercel or similar)
  • Optional: analytics tools (only with prior consent)

We do not use advertising networks or share data with social media platforms for targeting purposes.

11. Automated Decision-Making and Profiling

NextSportJobs may use automated features such as job matching or candidate recommendations. These are informational tools only — no purely automated decision-making with legal or similarly significant effects on individuals takes place, as prohibited without safeguards under Art. 22 GDPR.

Hiring decisions remain entirely with Employers. Candidates and Employers are not subject to decisions based solely on automated processing.

12. Employer Obligations Under GDPR

When Employers receive Candidate data through NextSportJobs, they become independent data controllers for that data. Employers are required to:

  • process Candidate data only for legitimate recruitment purposes
  • comply with all applicable GDPR and BDSG obligations
  • provide Candidates with required privacy information (Art. 13/14 GDPR)
  • not retain Candidate data longer than necessary
  • not use Candidate data for unrelated marketing or commercial purposes
  • implement appropriate security measures for data received

NextSportJobs is not responsible for how Employers process data after it has been shared with them.

13. Links to Third-Party Websites

The platform may contain links to employer websites, external job application systems and other third-party sites. These are outside our control and are governed by their own privacy policies. We are not responsible for the data protection practices of third-party websites.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. The latest version will always be available on this page with the date of the most recent update.

Where changes are material, we will notify registered users by email or through the platform. Continued use of the platform after updates take effect constitutes acceptance of the revised policy.

15. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. In Germany, you may contact:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)

Graurheindorfer Str. 153, 53117 Bonn, Germany

www.bfdi.bund.de

Alternatively, you may contact the supervisory authority for your place of residence or the place of the alleged infringement.

16. Contact — Data Protection Enquiries

For any questions, requests or concerns regarding this Privacy Policy or the processing of your personal data, please contact:

NextSportJobs — Data Protection

Email: info@nextsportjobs.com

We will respond within one month as required by Art. 12 GDPR.

© 2026 NextSportJobs