Privacy Policy
Updated 25 June 2026
1. Data Controller
XenGolf Oy
Business ID: 3599871-2
Email: info@xengolf.fi
2. Contact Person for Data Protection Matters
For data protection inquiries, please contact us by email at info@xengolf.fi. We will respond as soon as possible, within one month at the latest.
3. Purpose and Legal Basis for Processing Personal Data
We process personal data for the following purposes:
- Newsletter: Email address is used for sending newsletters. Legal basis: consent (EU General Data Protection Regulation, Article 6(1)(a)).
- Analytics: Website usage analysis using Google Analytics 4. Legal basis: consent via the cookie banner (Article 6(1)(a)).
4. Personal Data Processed
- Newsletter: Email address
- Analytics: Cookie identifiers (_ga, _gid), IP address (anonymised), browser information, device type, pages visited, and time of visit
5. Data Retention Period
- Newsletter: Email address is retained as long as the subscription is active. You can unsubscribe at any time.
- Analytics cookies: The _ga cookie expires after 2 years, the _gid cookie after 24 hours.
6. Data Transfers and Disclosures
Personal data is processed by the following services:
- Google Analytics (Google LLC, USA): Website usage statistics. Google complies with the EU-U.S. Data Privacy Framework.
- Amazon Web Services (AWS, eu-north-1, Stockholm): Newsletter form processing. Data remains within the EU/EEA.
- Slack (Salesforce, USA): Newsletter notifications are forwarded to a Slack channel. Slack complies with the EU-U.S. Data Privacy Framework.
Data is not sold or disclosed to third parties for marketing purposes.
7. Data Subject Rights
Under the EU General Data Protection Regulation, you have the right to:
- Access your data: Request information about what personal data we have stored about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your personal data.
- Withdraw consent: Withdraw your consent at any time. You can unsubscribe from the newsletter by contacting info@xengolf.fi. Cookie settings can be changed via .
- Lodge a complaint: You have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) if you believe your personal data has been processed in violation of the GDPR.
Office of the Data Protection Ombudsman: tietosuoja.fi
8. Data Security
We protect personal data with appropriate technical and organisational measures. The website uses HTTPS encrypted connections. Access to personal data is restricted to persons who need the data for their duties.
9. Cookies
The website uses the following cookies:
| Cookie | Purpose | Type | Expiry |
|---|---|---|---|
| xengolf_cc | Cookie preferences | Necessary | 1 year |
| _ga | Google Analytics user identifier | Analytics | 2 years |
| _gid | Google Analytics session identifier | Analytics | 24 hours |
Analytics cookies are only enabled with your consent. You can change your cookie settings at any time: .
10. Impact Golf Mobile App
This section concerns XenGolf Oy's Impact Golf mobile app (iOS and Android), intended for golf players to record scores, view statistics and enter competitions. (Sections 1–9 above concern the website and newsletter.)
Data processed and legal basis:
- Account & contact details: email address, username, account identifier. Basis: contract.
- Player profile: name, gender, date of birth, handicap, profile photo and display preferences. Basis: contract.
- Play data: round scores, per-hole shots and statistics, result and competition history. Basis: contract.
- Friend data: friend connections and requests (by email or QR code), reactions and comments. Basis: contract.
- Competition registrations & payments: registrations and entry fees via Paytrail Oyj. The app does not process or store payment card data. Basis: contract; for payments, a statutory bookkeeping obligation.
- Golf ID / eBirdie credentials: username and password are forwarded for authentication only and are not stored in the app.
- Google and Apple sign-in: a sign-in token, plus the email and name on the first Apple sign-in. Basis: the sign-in method chosen by the user (contract).
- Sign-in tokens (JWT): stored encrypted in the device key store (iOS Keychain / Android Keystore); not disclosed to third parties.
- Location: the app may request device location to show the nearest golf courses when starting a new round. Location is processed on the device only and is not sent to XenGolf or third parties. Basis: consent.
- Camera and photos: for taking or choosing a profile photo and scanning a friend's QR code. Basis: consent.
- Biometric lock (Face ID / fingerprint): optional app unlock. Authentication happens in the operating system on the device; no biometric data is provided to the app or server. Basis: consent.
- Feedback: free-text feedback, optional screenshots and device type. Basis: consent.
Recipients: the Impact Golf backend (api-prod.xengolf.fi); Google and Apple when signing in via them; the Finnish Golf Union's eBirdie / Golf ID; Paytrail Oyj as payment processor. Data is not sold or used for tracking or advertising outside the app.
Retention: account and play data are retained for as long as the account is active. On account deletion, personal data is deleted or anonymised, except payment data required by statutory bookkeeping obligations.
Your rights: the rights in section 7 also apply to the app. The account can be deleted permanently in the app: Profile → Account settings → Delete account. Apple sign-in can additionally be revoked in device settings (Settings → [name] → Sign in & Security → Sign in with Apple → Impact Golf). Privacy requests: info@xengolf.fi.
11. Changes to This Policy
We reserve the right to update this privacy policy. We will notify about significant changes on the website. We recommend reviewing this policy regularly.