FAQ

Digitally signed documents have no inherent expiration date—they are valid indefinitely. The retention period is governed by the applicable statutory time limits (6–10 years for contracts under HGB/AO). wellplayd archives all signed documents in an audit-proof manner and provides deletion policies.

A QES is required by law if a document must be in “written form” pursuant to Section § 126a of BGB. This applies, for example, to employment contracts (including fixed-term contracts), guarantees, or certain amendments to bylaws.

For typical club documents (codes of conduct, consent forms, coach licensing agreements), a QES is generally not required. If in doubt, we recommend seeking legal review. wellplayd offers QES support upon request for an additional fee per signature. Please contact Support if you are interested.

Yes. For documents not subject to a statutory written form requirement (e.g., codes of conduct, consent forms, guidelines), digital signatures at the EES or FES level under eIDAS are legally recognized and sufficient.

wellplayd uses at least the FES level, which ensures unambiguous attribution to the signer and protection against tampering.

There is no fixed statutory time limit. The duration depends on the purpose of processing. Statutory retention periods provide guidance:

•       Accounting records, contracts: 6 years (§ 257 of HGB)

•       Tax-related documents: 10 years (§ 147 of AO)

•       HinSchG reports: 3 years after the conclusion of proceedings

•       Access to background checks: 3 months after the end of employment

wellplayd supports the configuration of data-category-specific retention periods.

In principle, only data necessary for the specific purpose may be collected (data minimization, Art. 5 DSGVO). Consent or a contract generally forms the legal basis. Special categories such as record extracts (notes regarding access to record certificates) require explicit consent under Art. 9 DSGVO.

wellplayd enables these consents to be obtained digitally and documents them with a timestamp.

Yes. wellplayd processes data as a data processor under Article 28 of the DSGVO and enters into a data processing agreement (AVV) with each client. This agreement is accepted as part of the registration process. All data is stored exclusively on servers within the EU.

The platform is designed according to the “Privacy by Design” principle (Article 25 of DSGVO). Data protection is built into the system itself, rather than being an afterthought.

Yes, the written code of honor or code of conduct is an explicit requirement of the DOSB Tiered Model and is one of the minimum standards that all DOSB member organizations must meet. Coaches, volunteers, and other officials must provide proof that they have signed the code.

wellplayd enables the digital collection and archiving of code signatures at the level of an advanced electronic signature (FES) in accordance with eIDAS.

Depending on the sport and the association, the following documents may be required:

• Extended background check (mandatory under § 72a SGB VIII)

• Valid coaching license / instructor card (DOSB licensing system; renewal every 4 years, depending on the association)

• First aid course (recommendation: renew every 2 years, DRK/DLRG standard)

• Prevention training (specific content and frequency depending on the association)

wellplayd manages all of these documents in a central overview with automatic expiration reminders.

The Tiered Model addresses prevention and minimum standards; it establishes the necessary structures before an incident occurs. The Safe Sport Code supplements the tiered model with an intervention procedure: It outlines what to do when an incident is reported (investigation team, disciplinary body, appeals process) and plans for the structural integration of protection processes throughout the entire sports system by 2028.

wellplayd develops all features in line with the developments of the Safe Sport Code.

The dsj and DOSB Tiered Model establishes minimum standards for prevention and protection against abuse in sports. It was initiated by the dsj in 2020 and adopted by the DOSB General Assembly. It requires all DOSB member organizations—federal and state associations as well as their member organizations—to implement the standards by the end of 2024.

The levels include, among other things, background check management, the introduction of a code of conduct, the establishment of a complaints office, and the appointment of prevention officers. wellplayd implements the necessary processes for implementing the tiered model.

Yes. In the future, the certificate of good conduct will be applied for digitally and made available as a PDF document via a secure process using the BundID account. This is intended to eventually eliminate the current practice of mailing the certificate from Bonn. The extended and European certificates of good conduct are also to be digitized. As things stand, full-scale implementation is still scheduled for 2026.

The stored access data must be deleted no later than 3 months after the end of the individual’s involvement (DSGVO in conjunction with § 72a of SGB VIII). wellplayd supports automated deletion processes based on the end date of the individual’s involvement.

According to § 72a SGB VIII, all individuals who work full-time, part-time, or on a volunteer basis and have regular contact with children and adolescents are required to submit an extended record check. This applies to coaches, trainers, supervisors, parents involved in carpooling, and many other roles.

The standard legal interval is 5 years. Many clubs and associations have independently shortened this interval to 3 years.

No. The background check may only be viewed; it may not be copied or permanently stored. The club may only document that the check was viewed, including, for example, the date, the result, and the issuing authority.

The record check may only be viewed; if it is stored, it must be kept securely and only for as long as absolutely necessary. This applies equally to digital and analog formats. For this reason, we simulate the viewing process and store the photo securely encrypted (unreadable on the server, accessible only on the sender’s and recipient’s local devices). After viewing, the file deletes itself, and only the record of the viewing is retained. Starting in 2026, the record certificate will also be issued as a PDF. This will finally put an end to the debate over whether the digital document is just as valid as the paper version. Our process has been reviewed by four different attorneys and found to be legally compliant. This represents a major step forward in data security compared to storing documents in files, dropping them in mailboxes, or sending them via email.

Since January 2025, internal reporting offices have been required to process anonymous reports as well (§ 16(1) HinSchG), even though they are not required to actively solicit them. wellplayd offers a fully anonymous reporting channel.

According to § 11(5) HinSchG, reports and their documentation must be retained for 3 years after the conclusion of the proceedings. After that, they must be deleted. wellplayd supports automated deletion schedules based on the date the proceedings are concluded.

The HinSchG applies to all organizations with at least 50 employees. Smaller clubs are formally exempt but may voluntarily establish a reporting office to meet protection standards and strengthen trust. Larger associations and sports organizations, such as state associations or Bundesliga clubs, are often already subject to this requirement.

The reporting office must receive reports confidentially, confirm receipt within 7 days, and provide feedback on the measures taken within 3 months at the latest.

wellplayd digitally maps this entire process, including deadline monitoring, anonymous reporting, and structured case management.