How Matcho handles personal and technical data.
Matcho is a service of Mumba, established in the Netherlands. This page explains which data Matcho processes, why we process it, how data is stored, and which choices and rights users have in relation to that processing.
Matcho only processes data needed for accounts, pools, predictions, security, support, and the technical operation of the service.
Matcho is a service of Mumba, established in the Netherlands.
Mumba is responsible for the processing of personal data within the app and related services.
Questions about privacy, data deletion, or other requests can be sent to: info@mumba.nl.
Depending on how Matcho is used, we may process the following categories of data:
We process data to create and manage accounts, run pools and predictions, show rankings and results, send invites and notifications, secure the app, and handle questions or support requests.
Most processing is necessary for the performance of the agreement with the user, for example for account management, participation in pools, predictions, and showing results.
For certain features, such as notifications or similar communications, processing may be based on consent. In addition, we may process data on the basis of legitimate interest or a legal obligation, depending on the type of data and the purpose involved.
Data is stored in the technical infrastructure Matcho uses to provide the service. This includes a relational database, session and cache storage, cloud storage for uploaded files, and infrastructure used for push notifications.
Based on the current configuration, Matcho's core data storage is primarily set up in European regions. The application infrastructure uses Laravel Cloud in a European region, and certain Firebase services are configured within the project to use a European region.
For some supporting third-party services, such as authentication or push notifications, processing may also take place outside the European Economic Area. In that case, such processing takes place under the relevant provider's terms and applicable safeguards.
We only share personal data to the extent needed for the technical operation or management of Matcho.
We do not sell personal data to third parties.
We do not keep personal data longer than necessary for the purpose for which it was collected or processed.
Account data and related pool data may be retained while an account remains active or as long as needed for pool functionality, administration, security, or dispute handling.
When an account is deleted or anonymized, directly identifying data is removed or nulled where possible. Certain functional or administrative data may be retained on a limited basis for ranking integrity, security, or legal obligations.
We take reasonable technical and organizational measures to protect personal data and other relevant data against loss, misuse, and unauthorized access.
Even with these measures, absolute security can never be guaranteed.
To the extent applicable under the General Data Protection Regulation (GDPR) and other privacy laws, users may request access, correction, deletion, restriction, or portability of their personal data.
Users may also request that their account be anonymized or deleted. Requests are assessed with due regard for legal obligations, technical limitations, and legitimate interests.
Matcho may use third-party services or link to external websites and platforms. Data processing by those third parties is governed by their own privacy policies and responsibilities.
We may update this privacy statement from time to time. The most recent version will be published on this page.
This privacy statement is intended as a general public explanation. For business customers, additional arrangements such as a data processing agreement or security information may be made available separately.