Privacy Policy (App)

In this privacy policy, we inform you about the processing of personal data and about the access and storage of information on your end device when using our OneFootball App.

Content of this privacy policy:

  1. Responsible and contact person

  2. Download from an app store

  3. Data processing by our app

    • 3.1  App access data when using our app

    • 3.2  Push notifications on mobile devices

    • 3.3  Making contact

    • 3.4  Registration

    • 3.5  Orders

    • 3.6  Newsletter

    • 3.7  Acquiring existing customers by e-mail

    • 3.8  Surveys

    • 3.9  Sweepstakes

    • 3.10 Applications

  4. Use of tools

    • 4.1  Technologies used

    • 4.2  Legal basis and revocation

    • 4.3  IAB Transparency and Consent Framework

    • 4.4  Necessary tools

    • 4.5  Functional tools

    • 4.6  Analysis tools

    • 4.7  Marketing tools

    • 4.8  Processing purposes, functions and service providers

  5. Online presence in social networks

  6. Forwarding of data

  7. Data transfer to third countries

  8. Storage Duration

  9. Your rights, in particular cancellation and objection

  10. Changes to the privacy policy

  1. Responsible and contact person

The contact person and so-called controller for the processing of your personal data when using this app within the meaning of the General Data Protection Regulation (GDPR) is

OneFootball GmbH Greifswalder Str. 212 10405 Berlin Germany

If you have any questions about data protection in connection with the use of our website,our app, OneFootball support and the OneFootball TV app (hereinafter referred to as OneFootball services), you can also contact our external data protection officer at anytime. This can be contacted at the above postal address and by email at privacy@onefootball.com (keyword: "Attn. data protection officer"). We expressly point out that when using this e-mail address, the contents are not exclusively taken note of by our data protection officer. If you wish to exchange confidential information, we therefore ask that you first contact us directly via this e-mail address.

  1. Download from an app store

In order to download and install the OneFootball app from an app store (Google Play, Apple AppStore or another app store via your SmartTV), you may first have to register for a user account with the provider of the respective app store and conclude a corresponding licence agreement. We have no influence on the content of this contract; in particular, we are not a party to such a licence agreement. When you download and install the app, the necessary information is transmitted to the respective provider of the app store (e.g. Google or Apple), in particular your user name, your email address and the customer number of your app store account, the time of the download and the individual device identification number. We have no influence on this data collection and we are not responsible for it. We only process the data provided to the extent necessary for downloading and installing the app on your mobile device (e.g. iPhone, iPad or Android device). We do not store this data for any other purpose.

  1. Data processing by our app

3.1 App access data when using our app

When you use the OneFootball app, we collect the following technical data to enable the functions of the OneFootball app, which is automatically collected from your mobile device and transmitted to us when you use it.

The following app access data is automatically recorded each time the OneFootball app is used:

  • Date and time of use

  • Your device name (e.g. "Apple iPhone 14" or "Samsung Galaxy S9")

  • Operating system and version as well as information on screen resolution

  • App version and application ID to identify your app installation

  • General device data, such as language and regional settings

  • IP address of the end device

  • Details of the approximate location from which you are using our app

To improve the app, the OneFootball app also sends us error messages after a crash (i.e. after the OneFootball app has been unexpectedly terminated due to a programme error or it has stopped responding to your inputs). The error messages do not contain any personal data, but only the aforementioned technical app access data and information on which part of the OneFootball app software code caused the error. The IP address of your end device is not transmitted.

The app access data is generally recorded in internal log files for a period of three months after the end of the respective access and then anonymised, unless otherwise specified in this privacy policy.

The data processing of this connection data is absolutely necessary to enable the use of the app, to ensure the permanent functionality and security of our systems and to maintain our app in general administrative terms. The connection data is also stored in internal log files for the purposes described above, temporarily and limited in content to what is necessary, in order to find the cause and take action in the event of repeated or criminal calls that jeopardise the stability and security of our services.

The legal basis for this processing is Art. 6 para. 1 lit. b GDPR if the app is used in the course of the initiation or performance of a contract, and otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest in enabling the app service and the permanent functionality and security of our systems.

3.2 Push notifications on mobile devices

In order to be notified of certain events and topics on mobile devices via push notifications (also known as "notifications" in iOS), you must grant the OneFootball app the necessary authorisation. When you open the OneFootball app for the first time and register or log in, you will be asked for this authorisation. You can adjust the permissions for push notifications in the settings of your operating system or switch push notifications on or off later.

On iOS, you can switch this setting on or off under "Settings" under the "Messages" menu item.

On Android, you can find this setting under "Settings" under the menu item "Apps" (or "Application Manager"). After selecting the OneFootball app, you can switch push notifications on or off here.

3.3 Contact us

You have various options for contacting us. These include the contact form and the e-mail address feedback@onefootball.com. In this context, we process your data exclusively for the purpose of communicating with you.

The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, insofar as your details are required to answer your enquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest in you contacting us and us being able to answer your enquiry.

The data collected by us when you contact us will be automatically deleted after your enquiry has been fully processed, unless we still need your enquiry to fulfil contractual or legal obligations (see section 8 "Storage duration").

3.4 Registration

You have the option of registering with an account for our login area in order to be able to use the full range of functions of our services. We have highlighted the data that you are required to enter by labelling them as mandatory fields. Registration is not possible without this data.

You will need to enter your e-mail address and password.

The following data may be processed as part of the registration process:

  • Salutation, gender (optional);

  • First and last name (optional);

  • Date of birth (optional);

  • Profile picture (optional)

The legal basis for processing the data required for registration (mandatory fields) is Art. 6 para. 1 lit. b GDPR. For all other data, the legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to enable you to customise, adapt and change your account, or your consent pursuant to Art. 6 para. 1 lit. a GDPR, insofar as you have given us this.

Our app offers you the option of logging in with an existing account from the social networks listed below:

  • Facebook Login: Meta Platforms Ireland Ltd, Serpentine Avenue, Block J, Dublin 4, Ireland (for persons outside the USA and Canada) or Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA (for persons from the USA and Canada) - Privacy Policy: https://www.facebook.com/privacy/policy/;

  • Google Sign-In for Websites: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (for persons from the European Economic Area and Switzerland) or Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (for all other persons) - Privacy Policy: https://policies.google.com/privacy;

  • Register with Apple: Apple Distribution International ltd, Hollyhill Industrial Estate, Hollyhill Cork, Republic of Ireland (for persons from the European Economic Area and Switzerland) or Apple Inc, One Apple Park Way, Cupertino, CA 95014, USA (for all other persons).

  • Firebase: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (for persons from the European Economic Area and Switzerland) or Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (for all other persons) Privacy Policy: https://policies.google.com/privacy.

Once you have logged in with one of your existing accounts, additional registration is no longer required. If you wish to use the function, you will first be redirected to the relevant social network. There you will be asked to log in with your login name and password. Ofcourse, we do not take any notice of this login data. The server to which a connection is established may be located in the USA or in other third countries.

By confirming the corresponding login button, the relevant social network will be informed that you have logged into your account on our site and will link your social network account to your account in our app. The following data is also transmitted to us:

  • Facebook login: e-mail address, public profile information (in particular Facebook ID, name, profile picture), possibly other profile information such as age, date of birth, Facebook friends, gender, place of residence, like information, profile URL, locations, posts, photos, videos; cookies used in particular: "_fbsr";

  • Google Sign-In for Websites: Email address, Google ID, name, profile picture URL, gender and date of birth;

  • Sign in with Apple: E-mail address (you can also choose the e-mail address of an Apple Relay service), Apple ID

  • Firebase: e-mail address

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

Your personal data may also be transferred by Meta, Google and Apple to the USA and processed there. Meta Platforms Inc. and Google LLC have joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR. Apple is obliged to comply with the level of data protection in the EU via standard contractual clauses.

3.4.1 Use without registration

You can use essential functions of our platform without registering. However, the use of these basic functionalities, such as specifying a favourite team and tracking clubs, leagues, associations and players, as well as displaying football results and content, requires the processing of personal data.

In order to be able to use the basic functionalities, we generate a device-specific identification number (pseudonym) when the app is opened for the first time. Information such as the operating system, IP address and server request time is also processed for the technical display of content. The IP addresses are deleted or anonymised after processing, whereby the location is only determined up to the geographical level of the country.

The data in the technical logs is analysed anonymously in order to improve our platform and correct possible errors. The data processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to show you content based on your interests (namely clubs, leagues, associations and players).

3.4.2 Settings in the user account and operating system

In the data protection settings of the user account, under "Personalised advertising and content, measurement of advertising and content, target group research and development of services", you can specify whether you wish to receive customised advertising.

Personalised advertising will also only be displayed if you as a user have reached the required age. The required age varies depending on the country in which you are located and the legal requirements for personalised advertising that apply there.

On mobile devices, you can also deactivate the advertising ID of the respective device and thus prevent personalised advertising. On Android, the Google advertising ID can be reset or deactivated under the settings of the Google account used. On iOS, the IDFA can be reset under the Privacy menu item in the settings ("Reset Ad ID"); this creates a new ID that is not merged with the previously collected data. If you activate the "No ad tracking" option, we can only take limited measures, such as determining unique usage ("unique user") or combating fraud.

3.5 Orders

During an order process (e.g. pay-per-view), we collect the mandatory data required for contract processing:

  • Salutation;

  • First name and surname;

  • Date of birth;

  • E-mail address;

  • Invoice address;

  • Payment information (e.g. IBAN, credit card, etc.);

  • Telephone number

The legal basis for processing is Art. 6 para. 1 lit. b GDPR.

3.6 Newsletter

You have the option of subscribing to our newsletter, in which we regularly inform you about innovations to our products and promotions.

3.6.1 Subscribe to the newsletter

We use the so-called double opt-in procedure to subscribe to our newsletter, i.e. we will only send you newsletters by e-mail if you confirm in our notification e-mail by clicking on a link that you are the owner of the e-mail address provided. If you confirm your e-mail address, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of this storage is to send you the newsletter and to be able to prove your registration. In addition, we measure whether our newsletter can be delivered at all.

The legal basis for processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by unsubscribing from the newsletter. A corresponding unsubscribe link can be found in every newsletter. A message to the contact details given above or in the newsletter (e.g. by e-mail or letter) is of course also sufficient.

3.6.2 Newsletter tracking

We want to share content that is as relevant as possible for our customers via our newsletter and better understand what they are actually interested in. We therefore use standard market technologies in our newsletters to measure interactions with the newsletters (e.g. opening of the email, links clicked on). We use this data in pseudonymous form for general statistical evaluations and to optimise and further develop our content and customer communication. On the one hand, this is done with the help of small graphics embedded in the newsletter (so-called pixels), which establish a connection to the server of the images when the e-mail is opened. On the other hand, we use links where we first register a click on this link and only then forward it to the desired target page.

The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR. The information in the end device is then accessed on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. You can revoke your consent to the analysis of user behaviour at any time with effect for the future by unsubscribing from the newsletter. You can also prevent the measurement of the opening of an email by deactivating graphics or the output of HTML content in your email programme by default.

The data on the interaction with our newsletters is stored pseudonymously for 90 days and then completely anonymised.

3.7 Existing customer acquisition by e-mail

If you register with us or make a purchase from us, we will also use your contact details to send you further information about our products and services that is relevant to you by email ("existing customer advertising"). This may include, in particular, news, promotions and offers as well as feedback and other surveys.

The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR in conjunction with Section 7 para. 3 UWG, according to which data processing is permitted to safeguard legitimate interests, insofar as this concerns the storage and further use of data for advertising purposes. You can object to the use of your data for advertising purposes at any time by clicking on the corresponding link in the emails or by sending a message to the contact details given above (e.g. by email or letter) without incurring any costs other than the transmission costs according to the basic rates.

3.8 Surveys

You have the opportunity to take part in one of our surveys. We use the results of these surveys to improve our service.

The legal basis for data processing when participating in the survey is your consent in accordance with Art. 6 para. 1 lit. a GDPR. We base the sending of the surveys on your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided that you have given us this consent.

You can object to the sending of a satisfaction survey and the use of your data for advertising purposes at any time by clicking on the corresponding link in the e-mails or by sending a message to the above-mentioned contact details (e.g. by e-mail or letter) or revoke your consent with effect for the future without incurring any costs other than the transmission costs according to the basic rates.

3.9 Competitions

You have the opportunity to take part in our competitions.

In the context of competitions, we use your data for the purpose of organising the competition and notifying the winners. Detailed information can be found in the conditions of participation for the respective competition. The legal basis for processing is the competition contract in accordance with Art. 6 para. 1 lit. b GDPR. Data processing for other or further purposes, in particular for advertising, is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

We base the sending of the offer to participate in the competition on your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided you have given us this consent.

You can object to the sending of an offer to participate in competitions and the use of your data for advertising purposes at any time by clicking on the corresponding link in the emails or by sending a message to the above-mentioned contact details (e.g. by email or letter) or revoke your consent with effect for the future without incurring any costs other than the transmission costs according to the basic rates.

3.10 Applications

You can find the privacy policy for applications here: https://static.onefootball.com/legal/recruiting-privacy-policy/en

  1. Use of tools

4.1 Technologies used

The app uses various services and applications (collectively "tools") that are offered either by us or by third parties. These include, in particular, tools that use technologies to store or access information in the end device:

  • Cookies: Information stored on the end device, consisting in particular of a name, a value, the storing domain and an expiry date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the specified expiry date. Cookies can also be removed manually.

  • Web storage (local storage / session storage): Information stored on the end device, consisting of a name and a value. Information in session storage is deleted after the session, while information in local storage has no expiry date and remains stored unless a mechanism for deletion has been set up (e.g. storage of a local storage with a time entry). Information in local and session storage can also be

    deleted manually.

  • JavaScript: Programming codes (scripts) embedded or called up in the app that, for example, set cookies and web storage or actively collect information from the end device or about the user behaviour of visitors. JavaScript may be used for "active fingerprinting" and the creation of user profiles. JavaScript can be blocked by a setting in the end device, although most services will then no longer work.

  • Pixel: A tiny graphic automatically loaded by a service that can make it possible to recognise visitors by automatically transmitting the usual connection data (in particular IP address, information about the browser, operating system, language, address called up and time of the call) and, for example, to determine whether an email has been opened or a website visited. With the help of pixels, "passive fingerprinting" and the creation of user profiles can be carried out. The use of pixels can be prevented, for example, by blocking images, such as in emails, although the display is then severely restricted.

  • TC-String: For providers participating in the Transparency and Consent Framework ("TCF") of the Interactive Advertising Bureau ("IAB"), user preferences recorded in a content management platform are coded and stored in a sequence of letters and numbers, the so-called Transparency and Consent String ("TC-String"). Providers can use this TC string to display targeted advertising to users.

With the help of these technologies and also by simply establishing a connection on a page, it may be possible to create so-called "fingerprints", i.e. user profiles that do not require the use of cookies or web storage but can still recognise visitors. Fingerprints based on the connection setup cannot be completely prevented manually.

Most browsers are set by default to accept cookies, the execution of scripts and the display of graphics. However, you can usually adjust your browser settings so that all or certain cookies are rejected or scripts and graphics are blocked. If you completely block the storage of cookies, the display of graphics and the execution of scripts, our services may not function properly or at all.

In the following, the tools we use are listed by category, whereby we inform you in particular about the providers of the tools, the storage duration of cookies or information in local storage and session storage as well as the transfer of data to third parties. We also explain in which cases we obtain your voluntary consent to use the tools and how you can revoke this consent.

4.2 Legal basis and cancellation

4.2.1 Legal basis

We use tools necessary for the app on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to provide the basic functions of our app. In certain cases, these tools may also be necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

We use all other non-essential (optional) tools that provide additional functions on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. These include, for example, tools that are used to recognise users and to statistically record and analyse general user behaviour on this app and other apps and websites. With the help of these tools, we can understand usage habits and adapt and optimise this app. They also include, for example, tools that are used to create user profiles about user behaviour and the advertisements and content viewed or clicked on by users. This enables classification into advertising categories, the display of personalised advertising and content on this app and other apps and websites as well as retargeting with advertising in other apps and on other websites (retargeting). The access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. Data processing using these tools only takes place if we have received your consent for this in advance.

If personal data is transferred to third countries, we refer, also with regard to any associated risks, to Section 7 ("Data transfer to third countries"). We will inform you if an adequacy decision exists for the third country in question or if standard contractual clauses or other guarantees have been concluded for the use of certain tools. If you have given your consent to the use of certain tools and the associated transfer of your personal data to third countries, we will (also) transfer the data processed when using the tools to third countries on the basis of this consent in accordance with Art. 49 para. 1 lit. a GDPR.

4.2.2 Obtaining your consent

To obtain and manage your consent, we use the OneTrust tool from OneTrust, LLC, 1200 Abernathy Rd, Suite 700, Atlanta, Georgia 30328 ("OneTrust") as a consent management platform ("CMP"). This generates a banner that informs you about the data processing in our app and gives you the option of agreeing to all, individual or no data processing using optional tools. This banner appears when you open our app and when you call up the selection of your settings again in order to change them or revoke your consent. The banner also appears when you open our app again if you have deactivated the storage of cookies or the cookies or information in the local storage have been deleted or have expired.

When you use the app, your consents or revocations, your IP address, information about your device and the time of your visit are transmitted to OneTrust. In addition, the necessary information is stored on your device to document your consents and revocations ("Cookielaw by OneTrust (formerly Optanaon)".

Data processing is necessary to provide you with the legally required consent management and to fulfil our documentation obligations. The legal basis is Art. 6 para. 1 lit. f GDPR, justified by our interest in fulfilling the legal requirements for consent management. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

4.2.3 Revoking your consent or changing your selection

You can revoke your consent for certain tools, i.e. for the storage and access to information in the end device, the processing of your personal data and the transfer of your data to third countries, at any time with effect for the future. To do this, click on "Data protection settings" under "Settings". There you can also change the selection of tools you wish to consent to the use of and obtain additional information on the tools used. Alternatively, you can revoke your consent for certain tools directly with the provider.

4.3 IAB Transparency and Consent Framework

When using OneTrust, the current version of the IAB Transparency and Consent Framework ("TCF") standard is observed, which specifies conclusive categories of processing purposes and the associated legal bases. TCF also enables your decisions made in the CMP, such as consents, revocations and objections, to be forwarded directly to the providers of the technologies in the CMP. The so-called TC string is used for this purpose. This ensures that your current request is always honoured and complied with by the providers.

The following user data is transmitted to OneTrust when using the app: Consents, revocations and objections, IP address, information about the browser, end device and the time of the visit.

4.4 Necessary tools

We use certain tools to enable the basic functions of our website ("necessary tools"). These include, for example, tools to prepare and display website content, to manage and integrate tools, to provide payment processing services, to detect and prevent fraud and to ensure the security of our website. Without these tools, we would not be able to provide our service. Therefore, necessary tools are used without consent.

The legal basis for necessary tools is the necessity to fulfil our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in the provision of the respective basic functions and the operation of our app. In cases where the provision of the respective functions is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, the legal basis for data processing is Art. 6 para. 1 lit. b GDPR. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

4.4.1 Own tools

We use our own necessary tools that access information in the end device or store information on the end device, in particular

  • for login authentication,

  • for load distribution,

  • to save your language settings,

  • to note that information placed on our website has been displayed to you - so that it is not displayed again the next time you visit the website.

4.5 Functional tools

We also use optional tools to improve the user experience of our app and to offer you more functions ("functional tools"). Although these are not absolutely necessary for the basic functions of the app, they can bring considerable benefits to visitors, particularly in terms of user-friendliness and the provision of additional communication, display or payment channels. This can include, in particular, the integration of external content such as maps and videos as well as logging in via an existing social network account or, for example, a comment function. The legal basis for the functional tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. To revoke your consent, see 4.2.3: "Revoking your consent or changing your selection".

In the event that personal data is transferred to third countries, in addition to the information provided below, we refer to Section 7 ("Data transfer to third countries").

4.6 Analysis tools

In order to improve our services, we use optional tools to recognise visitors and to statistically record and analyse general user behaviour based on access data ("analysis tools"). We also use analysis services to evaluate the use of our various marketing channels. The usage information collected is analysed and enables us to understand the usage habits of our visitors. This helps us to adapt and optimise the design of our website and app and to make the user experience more pleasant.

The legal basis for the analysis tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. To revoke your consent, see 4.2.3: "Revoking your consent or changing your selection".

In the event that personal data is transferred to third countries, in addition to the information provided below, we refer to Section 7 ("Data transfer to third countries").

4.7 Marketing tools

We also use optional tools for advertising purposes ("marketing tools"). Some of the access data collected when you use our app is used to create usage profiles, which in particular store your usage behaviour, the advertisements you have viewed or clicked on and, based on this, the classification into advertising categories, interests and preferences. By analysing and evaluating this access data, we are able to present you with personalised advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and in our app and on the websites and services of other providers. We also analyse your usage behaviour in order to recognise you on other sites and to address you in a personalised manner based on your use of our site (so-called retargeting). In addition, we analyse the effectiveness and success of our advertising campaigns (in particular so-called conversions and leads).

Marketing tools also include optional social network tools that are used to share posts and content via these networks ("social media plugins").

The legal basis for the marketing tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. To revoke your consent, see 4.2.3: "Revoking your consent or changing your selection".

In the event that personal data is transferred to third countries, in addition to the information provided below, we refer to Section 7 ("Data transfer to third countries").

In the following section, we would like to explain the tools and the providers used for this in more detail. The data collected may include in particular

  • the IP address of the device;

  • the information of a cookie and in local or session storage;

  • the device identifier of mobile devices (e.g. device ID, advertising ID);

  • Referrer URL (previously visited page);

  • Pages accessed (date, time, URL, title, length of visit);

  • Downloaded files;

  • Clicked links to other websites;

  • If applicable, achievement of certain goals (conversions);

  • Technical information: Operating system; browser type, version and language;

    device type, make, model and resolution;

  • Approximate location (country and city if applicable).

However, the data collected is only stored under a pseudonym, so that no direct conclusions can be drawn about individuals.

4.8 Processing purposes, functions and service providers

Processing purposes and functions, as well as the individual providers ("suppliers") can be viewed in the CMP, which can be accessed in the settings under "Data protection settings".

  1. Online presence in social networks

We maintain an online presence on social networks in order to communicate with customers and interested parties and to provide information about our products and services. User data is generally processed by the relevant social networks for market research and advertising purposes. This allows user profiles to be created based on the interests of users. Cookies and other identifiers are stored on the computers of the data subjects for this purpose. These user profiles are then used, for example, to display adverts within the social networks as well as on third-party websites.

As part of the operation of our online presences, we may have access to information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may contain, in particular, demographic information (e.g. age, gender, region, country) and data on interaction with our online presence (e.g. likes, subscriptions, sharing, viewing images and videos) and the posts and content distributed via it. This may also provide information about the interests of users and which content and topics are particularly relevant to them. This information can also be used by us to adapt the design and our activities and content on the online presence and to optimise it for our audience. Please refer to the list below for details and links to the social network data that we can access as the operator of the online presence. The collection and use of these statistics is generally subject to joint responsibility. Where this applies, the relevant contract is listed below.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in effective information and communication with users, or Art. 6 para. 1 lit. b GDPR, in order to stay in contact with our customers and inform them and to carry out pre-contractual measures with interested parties.

If you have an account with the social network, it is possible that we can see your publicly available information and media when we access your profile. In addition, the social network may allow us to contact you. This can be done, for example, via direct messages or posts. The content of the communication via the social network and the processing of the content data is the responsibility of the social network as a messenger and platform service. As soon as we transfer personal data from you to our own systems or process it further, we are independently responsible for this and this is done to carry out pre-contractual measures and to fulfil a contract in accordance with Art. 6 para. 1 lit. b GDPR.

The legal basis for the data processing carried out by the social networks on their own responsibility can be found in the data protection information of the respective social network. The links below will also provide you with further information on the respective data processing and the options for objecting.

We would like to point out that data protection requests can be made most efficiently with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. You can of course also contact us with your request. In this case, we will process your enquiry and forward it to the provider of the social network.

Below is a list with information on the social networks on which we have an online presence:

  1. Forwarding of data

The data collected by us will only be passed on if there is a legal basis for this under data protection law in the specific case, in particular if:

  • you have given your express consent to this in accordance with Art. 6 para. 1 lit. a GDPR,

  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,

  • we are legally obliged to disclose data in accordance with Art. 6 para. 1 lit. c GDPR, in particular if this is necessary for legal prosecution or enforcement due to official enquiries, court orders and legal proceedings, or

  • this is legally permissible and required in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are carried out at your request.

Some of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may include, in particular, data centres that store our website and databases, software providers, IT service providers that maintain our systems, agencies, market research companies, group companies and consulting firms. If we pass on data to our service providers, they may only use the data to fulfil their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us.

  1. Data transfer to third countries

As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision for these countries (Art. 45 GDPR), we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the transfer of data on exceptions under Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the fulfilment of the contract or for the implementation of pre-contractual measures.

If a transfer to a third country is planned and no adequacy decision or suitable guarantees exist, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. When obtaining your consent via the consent banner, you will also be informed of this.

  1. Storage duration

In principle, we only store personal data for as long as necessary to fulfil the purposes for which we collected the data. We then delete the data immediately, unless we still need the data until the statutory limitation period expires for evidence purposes for civil law claims, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of your data in the specific individual case.

For evidence purposes, we must retain contract data in particular for three years from the end of the year in which the business relationship with you ends. Any claims expire at the earliest at this time in accordance with the statutory limitation period.

Even after this, we still have to store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.

  1. Your rights, in particular cancellation and objection

You are entitled to the data subject rights formulated in Art. 7 Para. 3, Art. 15 - 21 at any time if the respective legal requirements are met:

  • Right to withdraw your consent (Art. 7 (3) GDPR);

  • Right to object to the processing of your personal data (Art. 21 GDPR);

  • Right to information about your personal data processed by us (Art. 15 GDPR);

  • Right to rectification of your incorrect personal data stored by us (Art. 16 GDPR);

  • Right to erasure of your personal data (Art. 17 GDPR);

  • Right to restriction of processing of your personal data (Art. 18 GDPR);

  • Right to data portability of your personal data (Art. 20 GDPR).

To assert your rights described here, you can contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees to demonstrate an adequate level of data protection. If the relevant legal requirements are met, we will comply with your data protection request.

Your requests for the assertion of data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, beyond this period if there are grounds for the assertion, exercise or defence of legal claims. The legal basis is Art. 6 para. 1 lit. f GDPR, based on our interest in the defence against any civil law claims pursuant to Art. 82 GDPR, the avoidance of fines pursuant to Art. 83 GDPR and the fulfilment of our accountability obligation pursuant to Art. 5 para. 2 GDPR.

You have the right to withdraw your consent at any time. As a result, we will no longer continue the data processing that was based on this consent in the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it concerns an objection to data processing for direct marketing purposes, you have a general right to object, which we will also implement without you having to give reasons.

If you would like to exercise your right of cancellation or objection, simply send an informal message to the contact details above.

Finally, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR at . You can assert this right, for example, with a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged infringement. In Berlin, where we are based, the competent supervisory authority is Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.

  1. Changes to the privacy policy

We occasionally update this privacy policy, for example when we customise our app or when legal or regulatory requirements change.

Version: 1.0 / Status: April 2024