Legal

GDPR Compliance

How Clubify protects your data rights under GDPR

Last updated: 1 February 2026

Our Commitment to GDPR

Clubify is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). As an Irish company, we adhere to both GDPR and the Irish Data Protection Act 2018.

Your Data Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You can request a copy of all personal data we hold about you. We will provide this within 30 days.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data.

Right to Erasure

You can request that we delete your personal data. We will do so unless we have a legal obligation to retain it.

Right to Data Portability

You can request your data in a machine-readable format (JSON) to transfer to another service.

Right to Object

You can object to certain types of processing, including processing for direct marketing.

Right to Restrict Processing

You can request that we limit how we use your data while a complaint or query is being resolved.

How to Exercise Your Rights

To exercise any of these rights, you can:

  • Use the data export feature in your admin portal settings
  • Email us at privacy@clubify.ie
  • Contact us by post at Clubify, Dublin, Ireland

We will respond to your request within 30 days. In complex cases, we may extend this by an additional 60 days, but we will inform you of this.

Legal Basis for Processing

We process personal data based on:

  • Contract: To provide services you've subscribed to
  • Legitimate Interest: To improve our services and prevent fraud
  • Consent: For optional features like marketing communications
  • Legal Obligation: To comply with applicable laws

Data Processing

Data Controller

Clubify is the data controller for personal data processed through our platform. We determine the purposes and means of processing.

Data Processors

We use the following third-party processors:

  • Cloudflare: Web hosting and security (EU/US with appropriate safeguards)
  • Resend: Email delivery (US with EU data processing agreement)

All processors are bound by data processing agreements that ensure GDPR compliance.

International Transfers

Where we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, such as:

  • EU-approved Standard Contractual Clauses
  • Adequacy decisions by the European Commission

Data Breach Procedures

In the event of a data breach that poses a risk to your rights, we will:

  • Notify the Data Protection Commission within 72 hours
  • Inform affected users without undue delay
  • Document the breach and our response

Supervisory Authority

If you believe we have not handled your data properly, you have the right to lodge a complaint with a supervisory authority. In Ireland, this is the Data Protection Commission:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
www.dataprotection.ie

Contact Our Data Protection Officer

For any questions about GDPR or data protection, contact us: