Legal / Privacy
Privacy &
data protection
Last updated: 6 July 2026
Soex is built privacy-first. This website sets no tracking cookies, runs no analytics, loads no third-party trackers, and never sells personal data. The small cookie notice you see offers real choices: nothing non-essential runs without your opt-in. This notice explains the little we do process and your rights under the laws that may apply to you, including the EU/UK GDPR, California’s CCPA/CPRA, Taiwan’s PDPA, Japan’s APPI and South Korea’s PIPA.
1. Who we are
Soex (“we”) operates www.soex.co, the official brand site of Soex Pickleball. For the purposes of the EU/UK General Data Protection Regulation, the data controller for this website is Soex. Contact: hello@soex.co.
2. The short version
- No tracking cookies. A consent banner lets you decide whether anonymous analytics may ever run — nothing non-essential is active without your opt-in, and analytics is not even deployed today.
- No advertising or social-media scripts.
- No third-party fonts or CDNs — every asset is served from our own domain.
- No visitor accounts, no signup forms, no visitor database.
- We never sell, rent or share personal data with anyone.
3. What we actually process, and why
(a) Hosting logs. Like virtually every web server, ours keeps standard technical logs — IP address, requested URL, timestamp and browser user-agent — used solely for security, abuse prevention and keeping the service running. Legal basis under the GDPR: legitimate interests (Art. 6(1)(f)). Logs are retained short-term and routinely deleted (see §7).
(b) Language preference. If you choose a language, we store that choice (a short language code) in your browser’s localStorage. It stays on your device, is never transmitted to us, and you can erase it anytime in your browser settings. Under the EU ePrivacy rules this storage is exempt from consent because it exists only to provide a feature you explicitly request. Automatic language suggestion runs entirely on your device using your browser’s language settings and time-zone region — no location lookup is sent to us or to any third party.
(c) Your consent choice. When you answer the cookie banner, we store your decision in your browser’s localStorage so we don’t ask again. It stays on your device and is itself exempt from consent as strictly necessary. You can change it anytime via “Cookie preferences” in the footer. If you opt in to analytics, any future anonymous measurement would activate only after that opt-in; today none is deployed.
(d) Email. If you write to hello@soex.co, we receive what you send and use it to reply and handle your request. Legal basis: legitimate interests, or steps taken prior to entering a contract.
4. What we don’t do
No profiling, no cross-site tracking, no advertising identifiers, no fingerprinting, no tracking pixels, no embedded third-party content. We do not “sell” or “share” personal information as defined by the California CCPA/CPRA, and we do not use or disclose sensitive personal information. Because we track nothing, signals such as Global Privacy Control are honoured by design — there is simply nothing to opt out of.
5. Legal bases (GDPR)
Where the GDPR applies, we rely on: legitimate interests (Art. 6(1)(f)) for hosting logs and for answering messages you send us; and steps prior to a contract (Art. 6(1)(b)) where your enquiry concerns a purchase or partnership. We do not rely on consent for any processing, because we do not perform any processing that requires it.
6. Your rights
Depending on where you live, you have some or all of the following rights, and we honour them regardless of jurisdiction:
- EEA / United Kingdom (GDPR): access, rectification, erasure, restriction of processing, data portability, objection, and the right to lodge a complaint with your local supervisory authority.
- California (CCPA/CPRA): the rights to know, delete and correct. We do not sell or share personal information, so there is nothing to opt out of.
- Taiwan (Personal Data Protection Act): the rights to inquire and review, obtain copies, supplement or correct, demand cessation of collection, processing or use, and deletion.
- Japan (APPI): disclosure, correction and cessation of use.
- South Korea (PIPA): access, correction, deletion and suspension of processing.
To exercise any right, email hello@soex.co. We respond within the statutory deadline that applies in your jurisdiction. Note that for most rights there is little to act on — we hold almost no personal data.
7. Retention
Hosting logs are kept for approximately 30 days and then deleted, unless a specific security incident requires longer retention. Email correspondence is kept only as long as needed to handle the matter, then deleted.
8. International visitors & transfers
This website is hosted in Taiwan. When you visit from another country, the only data that crosses borders is the technical log data described in §3(a). We do not transfer personal data to third parties.
9. Children
This website is not directed at children under 16 and we do not knowingly collect any personal data from children.
10. Changes to this notice
If our practices change, we will update this page and the “last updated” date above. Since the site collects almost nothing, changes should be rare.
11. Contact
Questions about privacy or this notice: hello@soex.co.