Privacy Policy

1. SCOPE

This Privacy Policy describes how Dallara‑AK Esports LLC (“Dallara‑AK”, “we”, “us”, “our”) collects, uses, discloses and safeguards the personal information of adult participants (“Drivers”), spectators and other individuals who interact with the **Dallara Esports Championship 2025** (the “Competition”). Participation is limited to individuals 18 years of age or older; we therefore do not intentionally collect or process data relating to minors.

2. DATA CONTROLLER

Controller: Dallara‑AK Esports LLC, 1201 N Main St, Speedway, IN 46224, USA.  
E‑mail: privacy@dallara‑akesports.com

3. CATEGORIES OF PERSONAL DATA

CategoryExamplesPurposeLegal BasisTypical Retention
IdentificationLegal name, date‑of‑birth (age 18+ verified), nationality, government ID on requestEligibility screening; identity verification at on‑site venuesContract; Legal obligation12 months after event
ContactE‑mail, phone, postal address, Discord IDEvent and logistics communications, visa letters, prize deliveryContract12 months
Gameplay & TelemetryLap times, inputs, frame rate, server logs, replay filesLeaderboards, anti‑cheat analytics, dispute resolutionContract; Legitimate interest5 years
Audio‑VisualWebcam feed (Zoom), on‑site photographs, livestream clips, voice chatBroadcast production; marketing highlights; anti‑cheatLegitimate interest; Consent (where required by local law)2 years
Device/TechnicalIP address, device ID, OS, browser, cookie ID, crash dumpsCyber‑security, fraud prevention, performance analyticsLegitimate interest12 months
Payment & TaxBank, tax ID, FMV of prizeReimbursement, tax reporting, anti‑money‑laundering checksContract; Legal obligation10 years
Travel & LogisticsPassport number, visa status, travel itinerary, emergency contactGrand Final travel coordination and risk managementContract; Legitimate interest6 months post‑event
Marketing PreferencesNewsletter opt‑in status, preferred language, social handlesOpt‑in marketing and community engagementConsentUntil withdrawal
Anti‑Cheat DataHardware serials, running processes, cheat‑detection hashesDetection and investigation of cheating or match‑fixingLegitimate interest5 years

We may retain Personal Data longer or shorter than the stated period where a specific statute, regulation, court order, governmental request, or litigation hold requires us to do so.  Examples include, but are not limited to:

  • Tax & Accounting – Internal Revenue Code § 6001, 26 C.F.R. § 1.6001-1 (generally 7 years for supporting records).
  • Corporate & Securities – Sarbanes-Oxley Act § 802 (destruction freeze for audit workpapers), SEC / FINRA record-keeping rules.
  • Anti-Money-Laundering & Export Controls – Bank Secrecy Act (31 C.F.R. § 1010) or OFAC screening logs (5 years).
  • State Privacy Statutes – California CPRA, Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, which may require that data be kept only for the time “reasonably necessary” for the disclosed purpose.
  • Litigation Holds & Government Requests – court orders, subpoenas, or governmental investigations that mandate preservation.
  • Data-Deletion Requests – where a verified consumer request for deletion (e.g., CPRA § 1798.105) obliges us to erase data sooner—unless an exemption applies (fraud prevention, legal defense, etc.).

Whenever we extend or shorten a retention period, we document the legal or business justification in our internal data-retention log.  Once no further legal basis exists, the data are securely erased or irreversibly anonymized in accordance with NIST SP 800-88 (Revision 1) or an equivalent industry standard.

4. PURPOSES OF PROCESSING & LEGAL BASES

We process Personal Data only for purposes that are lawful, proportionate and transparent:

  1. Competition administration – registration, scheduling, leaderboards, stewarding (Contract).  
  2. Anti‑cheat & integrity – real‑time telemetry analysis, hardware inspections (Legitimate interest).
  3. Broadcast & publicity – livestreams, highlight reels, press releases (Legitimate interest; Consent where required under French right of image).
  4. Prize fulfilment & taxation – stipends, IRS Form 1099‑MISC, 30 % withholding for non‑US recipients (Legal obligation), if applicable.
  5. Customer support & dispute resolution – handling protests and appeals (Legitimate interest).
  6. Security & incident response – DDoS mitigation, intrusion detection (Legitimate interest).  
  7. Analytics & service improvement – aggregated statistics to improve future events (Legitimate interest).  
  8. Direct marketing – newsletters, partner updates (Specific consent; opt‑out any time).  

5. SHARING, DISCLOSURE & ONWARD TRANSFERS

We disclose Personal Data strictly on a need‑to‑know basis and under appropriate safeguards.
We do not sell Personal Data, nor share it for cross‑context behavioural advertising as defined by CPRA or VCDPA.

6. INTERNATIONAL DATA TRANSFERS

Our primary servers are located in the United States.

7. YOUR PRIVACY RIGHTS, HOW TO EXERCISE THEM, CONTACTS

EU / UK / Swiss residents  

  • Access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and the right not to be subject to automated individual decisions (GDPR Arts. 15–22; nFADP 2023).  
  • Lodge a complaint with your supervisory authority (e.g., CNIL, ICO, FDPIC).

United States – state privacy laws  

  • California CPRA, Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA (and any subsequently enacted state law), if applicable: 
    • Right to know/confirm, correct, delete, data portability, opt-out of “sale” or “sharing” and of targeted advertising, limit use of sensitive data, no retaliation.  
    • Right to appeal a denied request.  
  • Response deadline: 45 days, extendable once for 45 days with notice (§ 1798.130 CPRA; CO § 6-1-1306).

Brazil (LGPD)  

  • Confirm processing, access, correction, anonymization, portability, deletion, information on sharing, revoke consent, review of automated decisions (Art. 18).  
  • Response deadline: 15 days.

How to submit a request:
E-mail: privacy@dallara-akesports.com. We will verify your identity—typically via a government-issued photo ID or an e-mail challenge—and will retain that proof only as long as needed to complete verification.
Standard response times:

  • 1 month under GDPR (extendable by one additional month for complex cases).  
  • 15 days under LGPD.  
  • 45 days under U.S. state privacy laws (possible one-time 45-day extension).  

If we deny your request, you may appeal by following the instructions in our denial response.  
No fee will be charged unless a request is manifestly unfounded or excessive.

Automated Decision‑Making

We do not rely on fully automated decision‑making that produces legal or similarly significant effects (GDPR Art. 22). Any anti‑cheat flag is manually reviewed by the Stewards Panel.

8. COOKIES & TRACKING TECHNOLOGIES

Please refer to our Cookie policy. You can withdraw consent any time via the cookie‑banner link “Cookie Settings”.

Dallara - AK Esports
Dallara
AK Esports
E-Motion
Dallara Esports Championship