PRIVACY POLICY 

In the following, we inform you about the processing of your personal data in connection with the use of the Prematch app (hereinafter only "app").

Personal data is any data that can be related to a specific natural person, e.g. their name or IP address.

For better readability, the generic masculine is used in this statement. All personal terms used refer to all genders.

1. overview 

1.1 Responsible person 

Verantwortlicher für die Datenverarbeitungen in der App gem. Art. 4 Abs. 7 EU-Datenschutz-Grundverordnung (DSGVO) ist die PREMATCH Sports GmbH, Brüsseler Str. 21, 50674 Köln, Deutschland, E-Mail: privacy@prematchapp.de. 

1.2 Data protection officer

Our data protection officer can be contacted via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, e-mail: datenschutz@heydata.eu.

1.3 Scope of data processing, processing purposes and legal basis

We explain the scope of the processing of personal data, the processing purposes and the legal basis in detail under point 2. The following are generally considered to be the legal basis for data processing:

  • Art. 6 para. 1 p. 1 it. a DSGVO serves as our legal basis for processing operations for which we obtain consent.
  • Art. 6 (1) p. 1 lit. b DSGVO is the legal basis insofar as the processing of personal data is necessary for the fulfillment of a contract, e.g. for the fulfillment of our obligations arising from the terms of use. This legal basis also applies to processing that is necessary for pre-contractual measures, such as in the case of inquiries about our services.
  • Art. 6 (1) p. 1 lit. c DSGVO applies if we fulfill a legal obligation with the processing of personal data, e.g. resulting from tax law.
  • Art. 6 para. 1 p. 1 lit. f DSGVO serves as the legal basis if we can rely on legitimate interests to process personal data, e.g. for processing user requests.

1.4 Receiver

To the extent necessary, we transfer personal data to processors for one or more of the purposes set forth in this Privacy Policy and, in particular, to the following recipients:

  • External service providers
  • Authorities 
  • Partner company

1.5 Data processing outside the EEA

Insofar as we transfer data to service providers or other third parties outside the European Economic Area (EEA), adequacy decisions of the EU Commission pursuant to Art. 45 para. 3 of the GDPR guarantee the security of the data during the transfer, insofar as these exist, as is the case, for example, for the United Kingdom, Canada and Israel.

If no adequacy decision exists, the legal basis for the data transfer is usually standard contractual clauses, unless we indicate otherwise. These are a set of rules adopted by the EU Commission and are part of the contract with the respective third party. According to Art. 46 (2) lit. b DSGVO, they ensure the security of the data transfer. Many of the providers have given contractual guarantees that protect the data beyond the standard contractual clauses. These are, for example, guarantees regarding the encryption of the data or regarding an obligation on the part of the third party to notify data subjects if law enforcement agencies want to access data.

1.6. storage period

Unless explicit storage periods are specified within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted, i.e. the data will be blocked and not processed for other purposes. This applies, for example, to data that we must retain for reasons of commercial or tax law.

1.7 Rights of the persons concerned

As a data subject, you have the following rights with respect to the personal data we process about you:

  • Right to information
  • Right of rectification or erasure
  • Right to restriction of processing
  • Right to object to processing where it is based on legitimate interests 
  • Right to data portability
  • Right to revoke consent once given at any time. The revocation does not affect the lawfulness of the processing until the revocation.

In particular, you can object to the display of data in your profile (e.g. market value) if you do not want this. We will then delete your profile. 

You may exercise the foregoing rights by contacting us using the contact information provided in this Privacy Policy.  

As a data subject, you also have the right to complain to a data protection supervisory authority about the processing of your personal data. Contact details for the data protection supervisory authorities can be found at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

1.8 No obligation to provide data

You are neither contractually nor legally obligated to provide us with personal data. However, if you refuse to provide data that is absolutely necessary for the use of the app or that we are legally obligated to collect, you will not be able to use the app or will only be able to use it to a limited extent.

Mandatory information is marked as such in the app.

1.9 No automatic decision-making in individual cases

As a matter of principle, we do not use fully automated decision-making pursuant to Article 22 DSGVO. Should we use such in individual cases, we will inform about this separately if this is required by law.

2. concrete data processing

2.1 Download the app

Our app is available for download from Google's Play Store and Apple's App Store (the "Stores"). When you download the app, the required information is transmitted to the Stores, in particular username, email address and customer account number, time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it. We process the data only insofar as it is necessary for downloading the mobile app to the mobile device.

2.2 Information security 

When you use our app, we collect data that is necessary to ensure the stability and security of the app. This is our legitimate interest, so that the legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.

2.3 Collection of data from public sources & calculation of market values

We collect data about amateur soccer players from public sources, such as online platforms, websites and press releases from clubs. From this data, the app calculates a fictitious market value, which includes the following parameters in particular:

  • Current & previous league level of the player
  • Player age
  • Player position
  • Team performance data
  • Performance data of the player

Our market value has no claim to accuracy or realism, but serves - just like the presentation of the data in our app - solely for the entertainment of our users.

The data will be stored on our servers as long as the player is active and will be deleted as soon as the player requests the deletion of his data.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our interest is to offer our users an app that is as attractive as possible, including market values for the playful comparison of performance.

If you do not agree with the display of data concerning you (e.g. market value) in our app, you can object to it at any time. We will then remove your profile from the app. 

2.4 User account

You can open a user account in the app. We process the data requested in this context to fulfill the concluded user contract for the account, so that the legal basis of the processing is Art. 6 para. 1 p. 1 lit. b DSGVO. 

As a verified user, you can voluntarily add further data to your user account. You can find more information about this in your user account. 

2.5 Single sign-on

You can log in to our app using one or more single sign-on methods. In doing so, you use the login data already created for another provider. The prerequisite is that you are already registered with the respective provider. If you log in using a single sign-on procedure, we receive information from the provider that you are logged in to the provider and the provider receives information that you are using the single sign-on procedure in our app. Depending on the settings in your account on the provider's site, additional information may be provided to us by the provider. The legal basis for this processing is the usage agreement between the provider and you.

Provider(s) of the procedure(s) offered are:

  • Apple Inc, Infinite Loop, Cupertino, CA 95014, USA (privacy policy: https://www.apple.com/legal/privacy/de-ww/).
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (privacy policy: https://policies.google.com/privacy).
  • Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). Which data we receive from Facebook is communicated to users by Facebook as part of the registration process. Information about Facebook and the contact details of the data protection officer, as well as further information about how Facebook processes personal data, including the legal basis and the options for exercising rights as a data subject against Facebook, can be found at https://www.facebook.com/about/privacy. We are jointly responsible with Facebook for the data processing taking place through Facebook in the context of the use of the procedure and have concluded a joint responsibility agreement (Art. 26 DSGVO) with Facebook. There we have defined the respective responsibilities for the fulfillment of the obligations under the GDPR with regard to joint processing. We are obliged to provide the above information and Facebook has assumed responsibility for the further data subject rights pursuant to Art. 15-20 DSGVO.

2.6 Verification of a player profile

As a user, you can request to verify your player profile in our app. In order to verify the identity of the user, we process the personal data that is requested in the verification flow.

The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f DSGVO in connection with our legitimate interest in preventing the takeover of third-party player profiles. 

2.7 Contacting

When contacting us, e.g. by e-mail or telephone, the data provided to us (e.g. names and e-mail addresses) will be stored by us in order to answer questions. The legal basis for the processing is our legitimate interest (Art. 6 para. 1 p. 1 lit. f DSGVO) to answer inquiries directed to us.

2.8 Sweepstakes

Occasionally we offer competitions. We process the data requested in these competitions in order to determine and notify the winners. Afterwards, we delete the data. It is our legitimate interest to offer competitions to attract new users or to interact with our existing users. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO.

2.9 Surveys

From time to time, we conduct surveys to get to know our users and their wishes better. In doing so, we collect the data requested in each case. It is our legitimate interest to get to know our users and their wishes better, so that the legal basis for the associated data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. We delete the data when the results of the surveys have been evaluated.

2.10. Newsletter

Wir behalten uns vor, Nutzern, die bereits Leistungen von uns in Anspruch genommen haben und von diesen wir in diesemZusammenhang eine E-Mail-Adresse oder eine sonstige Adresse zur elektronischen Kontaktaufnahme (z.B. via SMS und/oder Whatsapp respektive sonstige Messengerdienste) erhalten haben, von Zeit zu Zeit über diese E-Mail- oder die sonstige elektronische Kontaktdresse über unsere, ähnlichen Angebote zu informieren, falls sie dem nicht widersprochen haben. Rechtsgrundlage für diese Datenverarbeitung ist Art. 6 Abs. 1 S. 1 lit. f DSGVO. Unser berechtigtes Interesse liegt in der Nutzung von Direktwerbung (Erwägungsgrund 47 DSGVO). Du kannst der Verwendung deiner E-Mail oder der sonstigen elektronischen Kontaktadresse zu Werbezwecken jederzeit und ohne Nennung von Gründen ohne zusätzliche Kosten widersprechen, zum Beispiel über den Link am Ende einer jeden elektronischen Kontaktaufnahme in diesem Zusammenhang oder per E-Mail an unsere oben genannte E-Mail-Adresse.

Based on the consent of the recipients (Art. 6 para. 1 p. 1 lit. a DSGVO), we also measure the opening and click-through rate of our newsletters to understand which content is relevant to them.

We send newsletters with the tools 

  • SendGrid of the provider Twilio, Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, USA (privacy policy: https://www.twilio.com/legal/privacy). The provider processes content, usage, meta/communication data and contact data in the USA.
  • Mailchimp of the provider Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (privacy policy: https://mailchimp.com/legal/privacy/). The provider processes content, usage, meta/communication data and contact data in the USA.
  • Sendinblue of the provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (privacy policy: https://de.sendinblue.com/legal/privacypolicy/). The provider processes content, usage, meta/communication data and contact data in the EU.

We also regularly send information, vouchers and other marketing communications to users who have signed up for our newsletter (by email or telephone number). In these cases, the processing is based on the consent of the addressees pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. You can revoke your consent to receive the newsletter at any time by contacting us, for example, using the contact details provided in this privacy policy. 

If you have registered to receive communications via WhatsApp, we process the contact information using WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. More information about the processing of personal data by WhatsApp can be found at https://www.whatsapp.com/legal/privacy-policy.

2.11. Third-party tools

2.11.1 Firebase Cloud Messaging

We use Firebase Cloud Messaging to communicate with our users. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The processing is based on consent. You can revoke your consent at any time by contacting us, for example, using the contact details provided in this privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

Further information is available in the provider's privacy policy at https://firebase.google.com/support/privacy.

2.11.2 Amazon AWS

We use Amazon AWS for hosting. The provider is Amazon Web Services EMEA Sarl, 38 avenue John F. Kennedy, L-1855, Luxembourg. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

It is our legitimate interest to provide an app, so the legal basis for data processing is Art. 6 (1) p. 1 lit. f DSGVO. Insofar as the hosting of the data is necessary to fulfill our obligations arising from the terms of use, the legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO.  

Further information is available in the provider's privacy policy at https://aws.amazon.com/de/privacy/?nc1=f_pr.

2.11.3 AppsFlyer

We use AppsFlyer for analytics. The provider is AppsFlyer Ltd, 14 Maskit St., Herzlia, Israel. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The processing is based on consent. You can revoke your consent at any time by contacting us, for example, using the contact details provided in this privacy policy. 

Further information is available in the provider's privacy policy at https://www.appsflyer.com/legal/privacy-policy/.

2.11.4 Firebase

We use Firebase for application development. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland . The provider processes usage data (e.g. interest in content, access times), contact data (e.g. email addresses, telephone numbers) and meta/communication data (e.g. device information, IP addresses).

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. f DSGVO. We have a legitimate interest to develop new applications in a simple way.

Further information is available in the provider's privacy policy at https://firebase.google.com/terms/data-processing-terms/.

2.11.5 Firebase App Check

We use Firebase App Check for error tracking in applications and for repair management. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland . The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis of the processing is Art. 6 (1) p. 1 lit. f DSGVO. We have a legitimate interest in adequately monitoring the functionality of our applications.

Further information is available in the provider's privacy policy at https://policies.google.com/privacy.

2.11.6 Firebase Crashlytics

We use Firebase Crashlytics for error tracking in applications and for repair management. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland . The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. f DSGVO. . Our legitimate interest is to be able to offer a functioning app. 

Further information is available in the provider's privacy policy at https://policies.google.com/privacy.

2.11.7 CleverTap

We use CleverTap to analyze and communicate with our users. The provider is WizRocket Inc, 19th Floor, DLH Park, SV Road, Goregaon West, Mumbai 400062, India. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis of the processing is Art. 6 (1) sentence 1 lit. f DSGVO, insofar as we send you messages with content that is a core component of our app (e.g., messages that inform you about the progress of a game) or do not require consent for other reasons. Insofar as we send you messages that have advertising content and require prior consent pursuant to Section 7 (2) No. 2 UWG, the legal basis is Article 6 (1) sentence 1 lit. a DSGVO in conjunction with your consent. You can revoke consent once given at any time by contacting us, for example, using the contact details provided in this privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

Further information is available in the provider's privacy policy at https://clevertap.com/privacy-policy/.

2.11.8 Intercom

We use Intercom to communicate with our users. The provider is Intercom R&D Unlimited Company, 2nd Floor Stephen Court, 18-21 St. Stephen's Green, Dublin, 2, Ireland. The provider processes content data (e.g. entries in online forms), contact data (e.g. e-mail addresses, telephone numbers), meta/communication data (e.g. device information, IP addresses) and master data (e.g. names, addresses).

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest is to respond to requests from our users. 

Further information is available in the provider's privacy policy at https://www.intercom.com/de/legal/privacy.

2.11.9. segment

We use Segment for analysis. The provider is Segment.io, Inc, 100 California Street Suite 700 San Francisco, CA 94111, USA. The provider processes meta/communication data (e.g. device information, IP addresses).

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The processing is based on consent. You can revoke your consent at any time by contacting us, for example, using the contact details provided in this privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

Further information is available in the provider's privacy policy at https://segment.com/legal/privacy/.

2.11.10. Sentry

We use Sentry to monitor applications and track errors in applications or on websites. The provider is Functional Software, Inc, 132 Hawthorne Street San Francisco, CA 94107, USA. The provider processes usage data (e.g. interest in content, access times), content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses).

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest is to be able to offer a functioning app. 

Further information is available in the provider's privacy policy at https://sentry.io/privacy/.

2.11.11. Amplitude

We use Amplitude for product analysis. The provider is Amplitude, Inc, 631 Howard St. Floor 5 San Francisco, CA 94105, USA. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The processing is based on consent. You can revoke your consent at any time by contacting us, for example, using the contact details provided in this privacy policy.

Further information is available in the provider's privacy policy at https://amplitude.com/privacy.

2.11.12. Typeform

We use Typeform for questionnaires and forms. The provider is Typeform S.L., 163 Carrer de Bac de Roda, Barcelona, Spain. The provider processes content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses).

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a DSGVO. Our legitimate interest is in particular to enable user inquiries to our customer service.

Further information is available in the provider's privacy policy at https://admin.typeform.com/to/dwk6gt.

2.11.13. Facebook SDK

We use Facebook SDK for analytics. The provider is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The processing is based on consent. You can revoke your consent at any time by contacting us, for example, using the contact details provided in this privacy policy.

Further information is available in the provider's privacy policy at https://www.facebook.com/policy.php.

2.11.14. Zapier

We use Zapier for automation between applications. The provider is Zapier, Inc, 548 Market St. #62411, San Francisco, CA 94104-5401, USA. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. f DSGVO. We have a legitimate interest in easily connecting the applications in our company and thus optimizing the way we work.

Further information is available in the provider's privacy policy at https://zapier.com/privacy.

2.11.15. SendGrid

We use SendGrid to communicate with customers. The provider is Twilio, Inc, 375 Beale Street, Suite 300, San Francisco, CA 94105, USA. The provider processes usage data (e.g. interest in content, access times), contact data (e.g. e-mail addresses, telephone numbers), meta/communication data (e.g. device information, IP addresses) and master data (e.g. names, addresses).

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. f DSGVO. We have a legitimate interest in being able to send emails technically.

Further information is available in the provider's privacy policy at https://www.twilio.com/legal/privacy.

2.11.16. Firebase Authentication

We use Firebase Authentication to authenticate our users. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. f DSGVO. We have a legitimate interest in sufficiently authenticating users of our app.

Further information is available in the provider's privacy policy at https://policies.google.com/privacy.

2.11.17. YouTube videos

We use YouTube videos for videos in the app. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The processing is based on consent. You can revoke your consent at any time by contacting us, for example, using the contact details provided in this privacy policy.

Further information is available in the provider's privacy policy at https://policies.google.com/privacy.

2.11.18. Stream Activity Feed

We use Stream Activity Feed to create your personalized news feed. The provider is Stream.io INC.,2005 Broadway, Boulder, CO 80302, USA. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest is to provide our users with a personalized newsfeed, which is a core function of the app.

Further information is available in the provider's privacy policy at https://getstream.io/legal/privacy/.