Privacy Policy
BrewBattle
Last updated: 04/02/2026
BrewBattle (hereinafter "Platform") is managed by a private citizen, Dario Caruso. This policy describes how personal data of users is collected, used and protected in accordance with EU Regulation 2016/679 (GDPR).
1 Data Controller
2 Types of Data Collected
- Data provided by user: name, surname, email, password (hashed), profile data.
- Competition operational data: beer information (recipes), shipping address (if required for sending samples/prizes), uploaded files.
- Payment data: The Platform does NOT collect or store sensitive financial data (e.g., credit card numbers). We receive from payment processors (e.g., PayPal) only the transaction outcome (transaction ID, payment status).
- Automatically collected data: IP address, access logs, device and browser information, aggregated navigation data (via Google Analytics).
3 Processing Purposes
- User account management (registration and access).
- Management of competition registrations and generation of evaluation sheets (BJCP).
- Sending transactional communications (e.g., registration confirmations, beer status updates).
- Logistics management (sharing addresses with Organizers for shipping samples or prizes).
- Technical management, security, backup and abuse prevention.
- Anonymized statistical analysis on platform usage.
4 Legal Basis
Processing is based on:
- Art. 6(1)(b) GDPR — contract execution for platform management and competition participation.
- Art. 6(1)(f) GDPR — legitimate interest for security and abuse prevention.
- Art. 6(1)(a) GDPR — explicit consent for analytics cookies activation (Google Analytics).
5 Processing Methods
Processing is carried out using computer tools. Adequate technical and organizational measures are adopted to ensure security. IP data collected via Analytics is anonymized (IP masking) where supported.
6 Data Retention
| Category | Retention Period |
|---|---|
| User account | Until account deletion |
| Competition data (Results and History) | Retained indefinitely for historical and statistical archive purposes, unless deletion is requested. |
| Google Analytics data | Up to 14 months (standard setting) |
| Technical logs | 30–180 days |
7 Data Communication and Transfer
Personal data may be communicated to the following categories of recipients:
Competition Organizers (Independent Controllers)
By registering for a competition, your data (name, email, phone, beer data, shipping address) is communicated to the specific event Organizer to enable the competition to take place.
Important: The Organizer acts as an Independent Data Controller for data relating to their competition. BrewBattle is not responsible for the use of data made by Organizers outside the platform.
- Judges: access beer data in anonymized (blind judging) or pseudonymized form, limited to what is necessary for evaluation.
- Technical providers: hosting and email infrastructure service providers, appointed as Data Processors.
8 User Rights
Data subjects can exercise the rights provided by Articles 15-22 GDPR (access, rectification, erasure, withdrawal of consent). You can manage cookie preferences directly from the banner on the site.
To exercise rights contact:
9 Security
-
Hashed password
-
Access control (ACL)
-
Limited file access
-
HTTPS and Backup
10 Cookies and Third Parties
Technical Cookies (Necessary)
Essential for operation (session, CSRF security, language preferences). No consent required.
Analytics Cookies (Google Analytics 4)
Used to collect aggregated statistical information on site usage by users (number of visitors, pages visited, time spent).
- Provider: Google Ireland Limited (Dublin, Ireland).
- Data collected: IP address (anonymized), navigation data, device used.
- Processing location: Ireland and United States (subject to adequate safeguards).
- Activation: Only with your explicit consent via banner.
11. Changes to the Policy
This policy may be updated. Changes will be published on this page.
This policy is provided pursuant to Regulation (EU) 2016/679 (GDPR).