Data Privacy Statement

Data Privacy Statement of SFJ Capital UG
Effective Date: 31.08.2025
Last Updated: 31.08.2025

This Data Privacy Statement (the "Statement") explains how SFJ Capital UG (also referred to as "SFJ," "we," "us," or "our") collects, processes, stores, shares, and protects your personal data when you:

  • Access our website at HEJSFJ.com,
  • Use the Fred app (accessible via https://fredgoals.com and https://app.fredgoals.com),
  • Engage with any other digital products, applications, or services affiliated with SFJ Capital UG.

This Statement is provided in compliance with the EU General Data Protection Regulation (GDPR), German DSGVO, and applicable United States data privacy laws (including, but not limited to, California Consumer Privacy Act (CCPA) where relevant).

1. Data Controller & Contact Information

SFJ Capital UG
Address: Dhauner Straße 42, 67067 Ludwigshafen am Rhein, Germany
Registry & HBR Number: 67315
Contact Email: hello@hejsfj.com

You may address any privacy-related inquiries or requests (e.g., access, rectification, deletion) to this contact.

2. Scope & Purpose of Processing

We process your personal data for the following legitimate purposes:

  • User registration and account management, ensuring compliance with the Terms of Service and enabling access to our digital services.
  • Responding to user queries submitted via support channels.
  • Legal obligations, such as compliance with judicial orders, law enforcement requests, or mandatory regulatory reporting.
  • Service improvement and analytics, including performance monitoring and feature optimization.
  • Financial transactions, payment processing, and fraud prevention.
  • Any additional purposes clearly noted at the point of data collection.

3. Legal Basis for Processing

  • Contractual Necessity: Personal data processed as required to provide digital services you have requested.
  • User Consent: We rely on your explicit consent for purposes such as analytics tracking and marketing communications. You may withdraw consent at any time without impacting your access to core services.
  • Legal Compliance: Processing necessary to comply with statutory obligations.
  • Legitimate Interests: Where applicable, such as ensuring service security or improving user experience, provided these interests do not override your fundamental rights.

4. Third-Party Services & Disclosures

To deliver and improve our services, SFJ uses the following trusted third-party service providers:

a) Google Analytics

We use Google Analytics to collect anonymized usage data for website and app performance monitoring. It helps us understand user behavior, optimize features, and improve content. No personally-identifiable data is collected through this tool. Users may opt out via browser settings or through Google's opt-out mechanisms.

b) Stripe

We use Stripe for secure payment processing. When you make a payment (e.g., subscription or in-app purchase), Stripe collects payment details (credit card, billing info) which are processed under Stripe's privacy framework. SFJ does not directly store full payment credentials; only the minimal data necessary for fulfillment and record-keeping.

c) Vercel

Our websites and applications are hosted on Vercel, which processes infrastructure-level data (e.g., IP addresses, request logs) for hosting, deployment, and performance continuity. Vercel acts as a data processor and applies industry-standard security protocols.

We ensure each third-party provider maintains GDPR-compliant data protection and, where necessary, a Standard Contractual Clauses (SCC) or equivalent agreement is in place.

5. Data Retention

We retain personal data:

  • For the duration of your account's activity, as necessary to provide services.
  • Post-termination, data will be blocked (archived) for as long as needed to meet statutory limitation periods or liabilities, and then securely deleted.

6. Your Rights under GDPR & Applicable US Law

As a data subject, you have the right to:

  • Access your personal data held by us.
  • Rectify inaccuracies or incomplete information.
  • Erase your personal data ("right to be forgotten") where no legitimate reason prevents deletion.
  • Restrict or object to processing in specific contexts.
  • Receive a copy of your data in a structured, machine-readable format (data portability).
  • Withdraw any consent you have previously granted.
  • Lodge a complaint with an EU supervisory authority or relevant US consumer protection agency.

To exercise any of these rights, please contact hello@hejsfj.com.

7. Data Security

We implement appropriate technical and organizational measures (encryption, access control, secure hosting, internal audits) to protect personal data against unauthorized access, loss, or alteration. Data transfers to third-party processors (e.g., Stripe, Vercel) are conducted with contractual safeguards in place.

8. International Data Transfers

Data may be transmitted and processed by third-party providers located outside the EU (e.g., servers in the U.S.). For all transfers, we employ GDPR-compliant measures such as SCCs, Privacy Shield (where applicable), or binding corporate rules to safeguard your personal data.

9. Changes to the Privacy Statement

We reserve the right to update this Statement to reflect changes in our practices, legal obligations, or service providers. You will be notified of material changes via email or prominent notices on our websites/apps.