IPSF Privacy Policy 2025

IPSF Privacy Policy

Effective Date: 2025 | Last Updated: October 2025

1. Who We Are

The International Pole and Aerial Sports Federation (IPSF) is a non-profit organisation promoting pole and aerial sports worldwide. The IPSF is the world governing body for pole and aerial sports.

We are committed to protecting your privacy and handling your data lawfully under the General Data Protection Regulation (GDPR) and Polish data protection laws.

This Privacy Policy applies globally to all activities conducted by the IPSF and to any national federations, committees or authorised organisers duly acting under the authority of the IPSF, insofar as they process personal data for IPSF-related purposes.

IPSF acts as the data controller for its own processing operations. National Federations and event organisers act as independent controllers unless a written Data Processing Agreement states otherwise.

2. What This Privacy Policy Covers

This Privacy Policy explains what personal data we collect and why, how we use and store it, with whom we share it and your rights under GDPR as they relate to the IPSF.

It applies to all visitors, members, athletes, coaches, judges, volunteers and users of the IPSF website, web app and mobile app.

3. Data We Collect

We may collect the following:

• Identification and contact details;
• Membership and account data;
• Competition and judging information;
• Financial transaction references from Stripe or PayPal (no card data stored by IPSF);
• Technical data such as IP address, device ID, cookies and logs;
• Images and videos (with consent);
• Data of minors (under 18, with guardian consent); and
• Disciplinary or anti-doping data required under IPSF Rules.

4. How We Collect Data

IPSF collects personal data through the following interactions:

• When you create an IPSF account or register for membership;
• When you enter or judge competitions organised or sanctioned by IPSF;
• When you subscribe to newsletters or marketing communications;
• When you make payments through Stripe or PayPal;
• When you contact IPSF via online forms or email; and
• Through essential cookies and analytics tools used on our digital platforms.

5. How and Why We Use It

IPSF processes personal data only where a lawful basis applies:

• Contract performance (Art. 6(1)(b)) for account registration, competition entry, and membership administration;
• Legal obligation (Art. 6(1)(c)) for compliance with accounting, tax, and applicable anti-doping rules;
• Legitimate interests (Art. 6(1)(f)) for system security, fraud prevention, and communication with members;
• Consent (Art. 6(1)(a)) for newsletters, marketing, media, and processing of minors' data;
• Special category data may be processed under Art. 9(2)(a) (explicit consent), Art. 9(2)(f) (establishment, exercise or defence of legal claims), Art. 9(2)(g) (substantial public interest in sports governance), or Art. 9(2)(h) (health data for athlete safety).

6. Cookies and Analytics

Our Joomla-based website uses essential cookies for functionality and optional analytics cookies only with your consent, in accordance with the ePrivacy Directive (2002/58/EC).

You can manage preferences through our cookie banner or your browser settings.

7. Data Sharing and International Transfers

We share data only when necessary and under GDPR-compliant agreements:

• Hetzner Online GmbH: hosting of website and databases (Germany);
• SendGrid / Twilio: email delivery (USA) protected by SCCs (2021/914);
• Stripe / PayPal: payment processing (EU/USA) protected by SCCs (2021/914); and
• National Federations and organisers: independent controllers for their processing.

IPSF does not sell or trade personal data.

To deliver its services effectively, the IPSF relies on a small number of carefully selected external providers who act as data processors under written agreements. Each provider processes personal data solely on IPSF’s documented instructions and only for the purposes described below.

IPSF ensures that all such providers offer appropriate technical and organisational measures consistent with Article 28 of the GDPR, and that any transfers of personal data outside the European Economic Area are protected by approved legal safeguards such as the European Commission’s Standard Contractual Clauses (Decision (EU) 2021/914).

The principal processors and service providers engaged by the IPSF are listed below:

Processor / Service Provider Purpose of Processing Location Legal Safeguard Hetzner Online GmbH Hosting and data storage Germany EU – GDPR compliant SendGrid / Twilio Email distribution and transactional messaging USA Standard Contractual Clauses (EU 2021/914) Stripe / PayPal Payment processing EU / USA Standard Contractual Clauses (EU 2021/914) Google Workspace Internal collaboration and backups EU data region Standard Contractual Clauses (EU 2021/914)

8. Data Retention

We keep your data only as long as necessary:

• Accounts: deleted after 24 months of inactivity;
• Competition records: 10 years (Art. 89 GDPR);
• Financial data: 7 years (accounting laws); and
• Media: until consent is withdrawn.

When data is no longer needed, it is securely deleted or anonymised.

See Privacy Policy for cookies information

9. Data Security

We implement robust security controls: SSL/TLS encryption, EU-based hosting, firewalls, access controls, staff training, encrypted backups and regular audits.

Further technical details are outlined in the IPSF Data Protection Policy.

10. Your Rights

You have a number of important rights over your personal data. These include the right to:

• Access the personal data we hold about you and receive a copy of it;
• Correct any inaccurate or incomplete information;
• Request deletion of your data when it is no longer needed or where you have withdrawn consent;
• Limit how your data is used in certain situations;
• Receive your data in a portable format and transfer it to another organisation; and
• Object to your data being processed for particular reasons, such as direct marketing.

If you have given your consent for us to use your data, you can withdraw that consent at any time.

To exercise any of these rights, please contact us at support@ipsfsports.org. We will respond within one month of receiving your request (this may be extended by up to two months for particularly complex cases).

If you are not satisfied with how we handle your request, you have the right to make a complaint to the President of the Personal Data Protection Office (UODO) – the Polish national data protection authority – in accordance with Article 77 of the GDPR.

11. Processing of Minors’ Data

IPSF processes the personal data of individuals under 18 years of age only with verifiable consent from a parent or legal guardian.

Where national law sets a lower threshold (e.g. 16 years under Polish law), IPSF will apply the higher standard by default.

12. Data Breaches

In the event of a personal data breach, IPSF will:

1. Immediately contain the incident and assess its scope;
2. Record the breach in the internal register, noting date, type, and corrective actions;

• Notify UODO within 72 hours where required under Article 33 GDPR; and

1. Inform affected individuals without undue delay if the breach poses a high risk to their rights and freedoms.

IPSF maintains a breach register and reviews all incidents annually to improve prevention measures.

13. Changes to This Policy

Any amendments shall be approved by the IPSF Executive Board and communicated through the IPSF website or other appropriate channels. The latest version will be available at https://ipsfsports.org/privacy

14. Contact Us

International Pole and Aerial Foundation,
Operating as International Pole and Aerial Sports Federation (IPSF)
os. Jana III Sobieskiego 40/2N, 60-688 Poznań, Poland

Email: support@ipsfsports.org