Privacy Policy

for the content and functions
of the platform https://sportsdate.app

(hereinafter referred to as “Services”)

As of September 2025

Introduction

Privacy policies are often difficult to read. We understand that. And we want to do things differently. With our privacy policy, we want to provide you with an easy-to-understand explanation of how we process your personal data. To this end, we have structured our privacy policy clearly structured for you and show you for each topic area whether and how we process your personal data .

Table of contents

  1. General information - Brief introduction to the subject of the privacy policy, the controller, and the data protection officer
  2. General information on data processing - Information on what personal data is, the legal basis on which we process it or share it with third parties
  3. Rights of data subjects - Information about your rights to, among other things, access, erasure, or object to our data processing
  4. Information about the cookies and other technologies we use - Information about the use of cookies and other technologies with or by means of which we process your personal data
  5. Data processing in connection with the use of our services - Information about our data processing in our services themselves, about registration, and about individual functionalities
  6. Communication services - Information about communication services and the corresponding processing of your personal data
  7. Payment processing - Information about payment processing with the integration of payment service providers and the resulting processing of your personal data
  8. Provision of our services - Information about our hosting service providers and the services they use
  9. Tools - Information about the services we use to provide our services to you
  10. Fan pages on social media - Information about our presence on social media networks and the corresponding processing of your personal data

1. General information

The protection of your personal data and your privacy is extremely important to us. That is why we would like to offer you comprehensive transparency regarding the processing of your personal data (GDPR) and the storage of information on your device (TDDDG). Only when the processing of personal data and information is transparent to you as the data subject will you be sufficiently informed about the scope, purposes and benefits of the processing.

This privacy policy applies to all processing of personal data carried out by us and to the storage of information on your end devices. It therefore applies both in the context of the provision of our services and within external online presences, such as our social media fan pages.

The controller within the meaning of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other data protection regulations is

Patrick Voigt - IT Services
Sole proprietor
Scharnhorststrasse 33d
10115 Berlin
Germany

Tel.: +49 179 4755034.

Email address: patrick-voigt@web.de

2. General information on data processing

First of all, we would like to provide you with some introductory information on what the protection of your personal data means, what personal data is, how we process it, and what security measures we take in doing so.

2.1 Processing of personal data

Personal data (hereinafter also referred to as “data”) is individual information about the personal or factual circumstances of an identified or identifiable natural person.

Examples of individual details about personal or factual circumstances include:

  • Personal data - name, age, marital status, date of birth
  • Communication data - address, telephone number, email address
  • Account data - account and credit card number
  • Geodata - IP address and location data
  • Health data - health status, illnesses

The “processing” of personal data includes, for example, the following measures

  • Collection - The collection of your data via contact forms, by email, or through processes and services we use.
  • Transfer - The transfer of your data to our service providers, integrated services, or other third parties.
  • Storage - Storing your data in our databases or on our servers
  • Deletion - Deleting your data when we no longer have permission to process it

2.2 Legal basis for processing your personal data

We only process personal data within the legally permissible limits. We are obliged to do so by law, in particular by the GDPR. This means that we are obliged to always be able to base data processing operations on a legal basis. These legal bases are standardized in Art. 6 (1) GDPR. Here we list the most common legal bases on which we process your personal data.

  • Consent - Art. 6 (1) (a) GDPR: Your data will only be processed if you have consented to this processing after receiving sufficient information about its scope and purposes us, have consented to this processing.
  • For the performance of a contract - Art. 6 (1) (b): Your data will only be processed in this case if it is necessary for the performance of a contract between us or for the implementation of pre-contractual measures.
  • Legitimate interest - Art. 6 (1) lit. f GDPR: Your data will only be processed in this case if this is necessary to safeguard a legitimate interest on our part and your interests or fundamental rights and freedoms regarding the protection of your data do not outweigh this interest.

We only process personal data for specific purposes (Art. 5 (1) (b) GDPR). As soon as the purpose of the processing ceases to apply, your personal data will be deleted or protected by technical and organizational measures (e.g., pseudonymization).

The same applies to the expiry of a prescribed storage period, subject to cases in which further storage is necessary for the conclusion or fulfillment of a contract. In addition, there may be a legal obligation to store data for a longer period or to pass it on to third parties (in particular to law enforcement authorities). In other cases, the storage period and type of data collected, as well as the type of data processing, depend on which functions you use in each individual case. We will be happy to provide you with information on this in individual cases, in accordance with Art. 15 GDPR.

2.3 We process these categories of data

Data categories include the following data in particular:

  • Master data (e.g., names, addresses, dates of birth)
  • Contact details (e.g., email addresses, phone numbers, messenger services)
  • Content data (e.g., text entries, photographs, videos, contents of documents/files)
  • Contract data (e.g., subject matter of the contract, terms, customer category)
  • Payment data (e.g., bank details, payment history, use of other payment service providers)
  • Usage data (e.g., history in our services, use of certain content, access times)
  • Connection data (e.g., device information, IP addresses, URL referrers)

2.4 We take the following security measures

In accordance with legal requirements and taking into account the state of the art, the implementation costs and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the threat to your rights and freedoms, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk .

These measures include, in particular, ensuring that your data is stored and processed confidentially, with integrity, and is available at all times. Furthermore, controls on access to your data, as well as access, input, disclosure, securing availability, and separation from data of other natural persons are among the security measures we implement. In addition, we have established procedures to ensure the exercise of data subject rights (see section 5), the deletion of data, and responses in the event of a threat to your data. Furthermore, we take the protection of personal data into account as early as the development stage of our software and through procedures that comply with the principle of data protection through technology design and data protection-friendly default settings.

2.5 How we transfer or disclose personal data to third parties

As part of our processing of your personal data, this data may be transferred or disclosed to other entities, companies, legally independent organizational units, or persons. These third parties may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that we have integrated into our services. If we transfer or disclose your personal data to third parties, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.

2.6 How third-country transfers are carried out

If this privacy policy states that we transfer your personal data to a third country, i.e., a country outside the EU or outside the EEA, the following applies. Third-country transfers are only carried out in accordance with legal requirements. We assure you that we have contractual or legal authorization to transfer and process your data in the third country in question. Furthermore, we only allow your data to be processed by service providers in third countries who, in our opinion, have a recognized level of data protection. This means that there is, for example, an adequacy decision between the EU and the country to which we transfer your personal data. An “adequacy decision” is a decision adopted by the European Commission pursuant to Art. 45 GDPR which determines that a third country (i.e., a country not bound by the GDPR) or an international organization offers an adequate level of protection for personal data. Alternatively, i.e. if there is no adequacy decision, a transfer to a third country will only take place if, for example, contractual obligations between us and the service provider in the third country are in place through so-called standard contractual clauses of the EU Commission and further technical security measures have been taken, which guarantee a level of protection equivalent to that in the EU, or the service provider in the third country has data protection certifications and your data will only be processed in accordance with internal data protection regulations (Art. 44 to 49 GDPR. Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en ).

Within the framework of the so-called “Data Privacy Framework” (“DPF”), the EU Commission has recognized the level of data protection for certain companies from the USA as secure within the framework of the adequacy decision of July 10, 2023. A list of certified companies and further information on the DPF can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ (in English). In this privacy policy, we inform you which services we use are certified under the Data Privacy Framework.

2.7 Deletion of data

The data we process will be deleted in accordance with legal requirements as soon as the consent for processing is revoked or other permissions cease to apply (e.g., if the purpose of processing this data no longer applies or it is not necessary for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

Within the scope of this privacy policy, we provide information on the deletion and storage of data that applies specifically to the respective processing process.

2.8 Storage of and access to data on your device

Unless we obtain your consent to do so, the storage of or access to information on your end device is carried out in accordance with Section 25 (2) No. 2 of the German Act on Data Protection and Privacy in Telecommunications and Digital Services (TDDDG), as the storage of and access to to this information is absolutely necessary in order to provide the desired functions of our services. If we obtain consent for this, the legal basis is Section 25 (1) TDDDG. Our services use cookies, tokens, beacons, or other technologies that may be stored on your end devices and without which the provision of our services would not be possible.

Cookies, tokens, beacons, or other technologies are usually text files that are stored on your device and can be read by us and third parties when you access our services. Many of the aforementioned technologies contain their own ID. Such an ID is a unique identifier for the technology used in each case. It consists of a string of characters that can be assigned to specific websites and servers can be assigned to the specific Internet browser or the specific service or device used, in which cookies, tokens, beacons, or other technologies were stored. This enables the operators of websites and analysis services to identify you as a user and distinguish you from others.

2.9 Order processing

If we use external service providers to process your data, we select and commission them with care . If the services provided by these service providers constitute order processing within the meaning of Art. 28 GDPR, the service providers are bound by our instructions and are regularly monitored. Our order processing agreements comply with the strict requirements of Art. 28 GDPR and the specifications of the German data protection authorities.

3. Rights of data subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR and, as a user, you have the following rights vis-à-vis the controller:

3.1 Right to information

You can request confirmation from the controller as to whether personal data relating to you is being processed by us.

If such processing is taking place, you can request the following information from the controller:

  • the purposes for which the personal data is processed
  • the categories of personal data that are processed
  • the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed
  • the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period
  • the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing
  • the existence of a right to lodge a complaint with a supervisory authority
  • all available information on the origin of the data if the personal data is not collected from the data subject
  • the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and 4 of the GDPR and, at least in these cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
  • You have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, , you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer .

3.2 Right to rectification

You have the right to request the controller to correct and/or complete your personal data if the personal data processed concerning you is inaccurate or incomplete. The controller must make the correction without delay.

3.3 Right to restriction of processing

Under the following conditions, you may request the restriction of the processing of your personal data: :

  • if you dispute the accuracy of the personal data concerning you for a period of time that allows the controller to verify the accuracy of the personal data
  • the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data
  • the controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise, or defense of legal claims, or
  • if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds
  • If the processing of personal data concerning you has been restricted, this data may – apart from its storage – only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State .

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

3.4 Right to erasure

3.4.1. You may request that the controller erase personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay if one of the following reasons applies:

  • The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You withdraw your consent on which the processing was based in accordance with Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR, and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  • The personal data concerning you has been processed unlawfully.
  • The personal data concerning you has been processed in breach of the data protection obligations.
  • The erasure of personal data concerning you is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data concerning you has been collected in relation to the offer of information society services pursuant to Art. 8 (1) GDPR.

3.4.2. If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1) GDPR, it shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, appropriate measures, including technical measures, to inform data controllers who process the personal data that you, as the data subject, have requested the deletion of all links to this personal data or of copies or replications of this personal data .

3.4.3. The right to erasure does not apply if the processing is necessary

  • for exercising the right of freedom of expression and information
  • for compliance with a legal obligation which requires processing by Union or the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller .
  • for reasons of public interest in the area of public health pursuant to Art. 9 (2) lit. h and i as well as Art. 9 (3) GDPR
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
  • for the establishment, exercise, or defense of legal claims.

3.5 Right to information

If you assert your right to rectification, erasure, or restriction of processing against the controller , the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed by the controller about these recipients.

3.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data , provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

3.7 Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR ; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or the processing serves to assert, exercise, or defend legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – of exercising your right to object by means of automated procedures using technical specifications are used.

3.8 Right to revoke the data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal . The processing is lawful until your withdrawal – the withdrawal therefore only affects the processing after receipt of your withdrawal. You can declare your revocation informally by mail or email. The processing of your personal data will then no longer take place, subject to permission based on another legal basis. If this is not the case, your data must be deleted immediately after revocation in accordance with Art. 17 (2) GDPR. Your right to revoke your consent subject to the above conditions, is guaranteed.
Your revocation should be addressed to:

Patrick Voigt - IT Services
Sole proprietor
Scharnhorststrasse 33d
10115 Berlin
Germany
Tel.: +49 179 4755034
Email address: patrick-voigt@web.de

3.9 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you breaches the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

3.10 Automated individual decision-making, including profiling

No automated decisions are made in individual cases, including profiling.

3.11 Notification obligations of the controller

If your personal data has been disclosed to other recipients (third parties) on legal grounds, we will inform them of any rectification, erasure, or restriction of the processing of your personal data (Art. 16, Art. 17 (1) and Art. 18 GDPR). The notification obligation does not apply if it involves disproportionate effort or is impossible. We will also inform you about the recipients upon request .

4. Information about the cookies and other technologies used

We use cookies, beacons, and other technologies to provide and evaluate our services and to use the evaluated data for marketing purposes. Cookies are small text files that contain data from visited websites or domains and are stored on your device (computer, tablet, or smartphone). When you access a website, the cookie stored on your device sends information to the party that placed the cookie.

4.1 How we use cookies and other technologies

We want you to be able to make an informed decision for or against the use of cookies and other technologies that are not strictly necessary for the technical characteristics of the services. Therefore, in the event that we use cookies and other technologies that require your consent , we allow you to make a voluntary decision when you first visit our services and then permanently in the corresponding settings to choose which cookies and other technologies you allow. In this regard, it always applies that functional cookies and other technologies are mandatory for visiting our services and are therefore already permitted by our default settings. Statistics and marketing cookies and other technologies are optional. You can allow them by consenting to the setting of these cookies and other technologies in the consent banner. Alternatively, you can reject statistics and marketing cookies and other technologies.

4.2 Storage period of cookies and other technologies

Unless we provide you with explicit information about the storage period of cookies and other technologies (e.g., in the consent banner), you can assume that the storage period can be up to two years. If cookies and other technologies have been set on the basis of your consent, you have the option at any time to revoke your consent or object to the processing of your data by cookies/technologies (collectively referred to as “opt-out”).

5. Data processing in connection with the use of our services

The use of our services with all their functions involves the processing of personal data. We explain exactly how this happens here.

5.1 Informational use of our services

The purely informational use of our services requires the processing of the following personal data and information: device type and version, operating system used, IP address of the device you use to access our services, and the time you access our services. All this information is automatically transmitted from your device, unless you have configured it to suppress the transmission of this information.
This personal data is processed for the purpose of ensuring the functionality and optimization of our services, This personal data is processed for the purpose of ensuring the functionality and optimization of our services, as well as to guarantee the security of our information technology systems. These purposes are also legitimate interests pursuant to Art. 6 (1) lit. f GDPR, meaning that the processing is carried out on legal grounds.

5.2 Use by or after registration

5.2.1 Registration
Beyond the purely informational use of our services, you have the option of registering for our services and using our entire range of offerings. In doing so, we process in particular master data and contact details such as name, gender, selected sports, geographical home area, and date of registration. In addition, we automatically process connection data such as date, device information, and IP address. After registration, you have the option of using our services in the free version and adding paid premium versions and memberships. Our services allow you to select various services and access the content they contain. This use of our services may require the processing of personal data and information in the manner described in this section 5 .
Some processing steps may also be carried out by third-party providers. Data processing by third-party providers is carried out in accordance with the terms and conditions of the relevant privacy policies. In the case of data processing with third-party providers, this may constitute order processing within the meaning of Art. 28 GDPR. This is subject to strict legal requirements, which we comply with in the course of our contractual agreements with our order processors . Use during or after registration and login and the associated data processing operations may differ from purely informational use. The collection of this data, which is linked to your profile , is carried out for the purpose of verifying your status and the associated fulfillment of our contractual obligations towards you. These are legitimate purposes in accordance with Art. 6 (1) lit. b GDPR. If your consent is required for the processing operation, we will obtain it at the appropriate point (e.g., via the opt-in option in a consent banner when you use our service for the first time). If you have any further questions, we will be happy to assist you within the scope of your right to information under Art. 15 (1) GDPR.

5.2.2 Creation and use of a user account
You can create a user account (hereinafter also referred to as “profile”) in our services in order to use our services and their functions. If you do so, the personal data you provide there will be transmitted to us by your device and stored in our information technology systems. Your IP address and the time of registration are also stored. When you log in to your profile, our service stores tokens on your device to enable you to remain logged in, even if you have to reload our services in the meantime. By creating a profile, you can use the functions of our services. The processing operations associated with creating a profile serve the purpose of being able to assign future usage operations and to be able to access the entire range of our services. When ordering any products or booking services, the processing of your data also serves the purpose of contract execution and is therefore purpose-bound and necessary in accordance with Art. 6 (1) lit. b GDPR. The storage of your IP address and the time of registration is necessary to ensure the security of our information technology systems. This is also in our legitimate interest, which is why the processing is also lawful under Art. 6 (1) (f) GDPR. The personal data you enter will be stored until you delete this data from your profile or, at the latest, until your profile is completely deleted from our system. Contrary to this, we only process certain personal data relating to you if we have legal or contractual authorization to do so. This is the case, for example, if we are permitted to retain contract or payment data even after your profile has been deleted for billing or other reasons that are necessary for the proper execution of our contractual relationship.

5.2.3 Additional information about the user account
After registering and logging in to our services, you have the option of voluntarily providing further information about yourself and your personal data. This information relates to additional master data, such as, in particular, uploading a profile picture, telephone number, email address, and free text. We process this data in the context of completing your user account and, if applicable, for our community functions. The use of the aforementioned functions is an essential part of our services, therefore the processing of your data serves the purpose of contract execution, is thus purpose-bound and necessary in accordance with Art. 6 (1) lit. b GDPR.

5.2.4 Sign-on
In order to use some or all of our services, you must first register, if this is necessary for use. We will then create a user profile to which the specific information you have provided can be assigned . There are various options available to you for registration. You can register with your email address, use the sign-on procedure, or, if offered by us, use guest access first.

Registration with email address and guest access
If you register with your email address or use our services via guest access, an individual ID will first be generated for your device and stored together with your IP address and, in the case of email registration, your email address and password.

Logging in with single sign-on or social login
If you use the single sign-on or social login procedure, you can conveniently log in with your Google account . This procedure first generates an individual ID for your device and stores it together with your IP address. In the next step, your login name and password are transferred to the third-party provider you have selected. This informs the third-party provider that you are using our services and allows them to assign this information to your user profile there. After verification, we receive a token along with your login name, which confirms that you have an account with the respective third-party provider with the specified access data. In addition, the third-party providers transmit further basic information about your user profile there. We have no influence on whether and what information is transmitted to us. You can obtain more detailed information from the respective third-party providers:
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland:
https://policies.google.com/privacy?hl=en

5.3 Functions of our services

Depending on whether you register or use our services as a guest user, you will have access to the functions listed below for creating and participating in sporting events in our services. We provide you with all of these functions so that you can take full advantage of our services, depending on the model you have booked, and so that we can achieve the best results for you in our collaboration. We only forward the data you enter to authorized third parties and process it to fulfill the contractual relationships entered into with you contractual relationships entered into with you, in particular to fulfill the user agreement that you have concluded by using our services. Therefore, the legal basis for processing your data results from Art. 6 (1) lit. b GDPR.

5.4 Chat and messaging system

Our services give you the opportunity to use integrated chat and messaging functions to contact other users, exchange information, and, if necessary, initiate and conclude contracts. The categories of data processed here are master data, contact data, and, if necessary, content data, contract data, and payment data. We transmit this data to the person you have contacted to the extent that you yourself approve the data transmission or integrate this data into your messages yourself. In addition, we receive information about the time and the parties involved in contacting us via our chat and message functions. Furthermore, the personal data you provide by your device and stored in our information technology systems. Your IP address and the time of registration are also stored.

The processing operations associated with the use of our chat and messaging systems serve the purpose of assigning usage operations and enable you to access the entire range of our services. The use of the chat and message functions is an essential part of our services, therefore the processing of your data serves the purpose of contract execution and is thus purpose-bound and necessary in accordance with Art. 6 (1) lit. b GDPR. The storage of your IP address and the time of use of our chat and message functions is necessary to ensure the security of our information technology systems. This is also our legitimate interest, which is why the processing is also lawful under Art. 6 (1) (f) GDPR. The personal data you enter will be stored until you delete your profile with us, and beyond that only for as long as the processing is necessary for the fulfillment of any contract. We do not intend to pass on data to other third parties.

5.5 Community function

Our services give you the opportunity to view and comment on other users' posts and to publicly interact with others. The categories of data processed in this context are master data, contact details (if applicable), and content data (if applicable). We publish this data in our publicly accessible areas. Furthermore, the personal data you provide is transmitted to us by your device and stored in our information technology systems. Your IP address and time of registration are also stored.
The processing operations associated with the community function serve the purpose of enabling you to exchange information with others about our services and their possible uses, and enable you to access the entire range of our services. The use of the community function is an essential part of our services, therefore the processing of your data serves the purpose of contract execution, is thus purpose-bound and necessary in accordance with Art. 6 (1) lit. b GDPR. The storage of your IP address and the time of use of our community function is necessary to ensure the security of our information technology systems. This is also our legitimate interest, which is why the processing is also lawful according to Art. 6 (1) lit. f GDPR . The personal data you enter will be stored until you delete your profile with us, and beyond that only for as long as processing is necessary for the performance of any contract and to the extent that this is technically possible. We do not intend to pass on your data to other third parties.

6. Communication services

Contact form / Contact by email
We process the personal data you provide us with when contacting us for the purpose of responding to your inquiry, your email, or your callback request. The categories of data processed in this context are master data, contact data, content data, usage data (if applicable), connection data, and contract data (if applicable). We forward this data in individual cases to affiliated companies or third parties who are permitted to process this data for the purpose of processing orders and bookings as agreed. The legal basis for processing depends on the purpose of the contact. By submitting your request in the contact form or by contacting us by email, you are indicating that you would like answers or information on specific topics. For this purpose, you also provide your data. We respond to your request as requested and process your data for this purpose. Therefore, the authorization to process your data is based on Art. 6 (1) lit. b GDPR, as we process it to respond to your request and thus to fulfill the contract.

7. Payment processing

We offer various payment methods for processing payment requests. For this purpose, we use the payment service providers described below. We do this for the purpose of providing our services properly and in line with requirements . In this context, the data processed includes usage data, connection data, master data, payment data, contact data, and contract data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, sum, and recipient-related information. The information is required to carry out the transactions. The data entered is only processed by the payment service providers and stored by them. We do not receive any account or credit card-related information, but only information about the confirmation or rejection of the payment. Under certain circumstances, your data may be transferred by the payment service providers to credit agencies. The purpose of this transfer is to verify identity and creditworthiness. For more information, please refer to the terms and conditions and privacy policy of the payment service providers. The legal basis for the use of payment service providers is Art. 6 (1) (b) GDPR. We can only provide the services promised to you services promised to you with our services and thus the fulfillment of our contractual obligations only if we use third parties, such as payment service providers, to process payment transactions. If a payment service provider transfers data to a third country (e.g., the USA), this only takes place on a case-by-case basis, on the basis of a data processing agreement concluded with them and in accordance with standard contractual clauses agreed with them and other security measures permitted by the GDPR, which guarantee the security of the processing of your personal data with a level of protection identical to that in the EU, in particular on the basis of the EU-US Data Privacy Framework (DPF).

Payment Service Provider

Stripe
If you choose a payment method from the payment service provider Stripe, payment processing is carried out via the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will pass on the information you provided during the ordering process along with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Art. 6 (1) (b) GDPR. For more information on Stripe's data protection policy, please visit the URL https://stripe.com/en/privacy#translation.

Stripe reserves the right to carry out a credit check based on mathematical-statistical methods in order to protect its legitimate interest in determining the user's solvency. Stripe may transfer the personal data required for a credit check and obtained in the course of payment processing to selected credit agencies, which Stripe will disclose to users upon request. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, these are based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, but is not limited to, address data. The result of the credit check with regard to the statistical probability of default is used by Stripe for the purpose of deciding on the authorization to use the selected payment method. You can object to this processing of your data at any time by sending a message to Stripe or the credit agencies commissioned. However, Stripe may still be entitled to process your personal data if this necessary for contractual payment processing.

8. Hosting

8.1 Provision of our services

In order to provide you with our services, we use the services of a hosting provider. Our services are accessed from this hosting provider's servers. For these purposes, we use the infrastructure and platform services, computing capacity, storage space, and database services, as well as security services and technical maintenance services provided by the web hosting provider. The data processed includes all data that you enter in connection with your use and communication your visit to our services or that is collected from you in this context (e.g., your IP address). Our legal basis for using a hosting provider to provide our services results from Art. 6 (1) lit. f GDPR (legitimate interest).

8.2 Receiving and sending emails

The hosting services we use may also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients of your emails and the senders, as well as further information relating to the sending of emails (e.g., the providers involved) and the contents of the respective emails are processed. The aforementioned data is processed for purposes including the detection of SPAM. Emails are generally not sent in encrypted form on the Internet. As a rule, emails are encrypted during transmission , but (unless end-to-end encryption is used) not on the servers from which they are sent and received. We therefore cannot accept any responsibility for the transmission of emails between the sender and the recipient on our server. Our legal basis for using a hosting provider to receive and send emails is based on Art. 6 (1) (f) GDPR (legitimate interest).

8.3 Collection of access data and log files

We ourselves (or our hosting provider) collect data on every access to the server (server log files). The server log files may include the address and name of the services and files accessed, the date and time of access, the amount of data transferred, notification of successful access, device type and version, your operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of malicious attacks, known as DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability. Our legal basis for using a hosting provider to collect access data and log files results from Art. 6 (1) lit. f GDPR (legitimate interest).

9. Tools

To ensure smooth technical operation and optimal user-friendly use of our services, we use the following services:

OpenStreetMap
We use the open-source map service “OpenStreetMaps” (also known as “OSM”) to display geo-data in our services. OSM is used to provide an interactive map on our website that shows you how to find and reach sporting events. This service enables us to present our website in an appealing way by loading map material from an external server. The data processed is usage data, location data, and connection data. The recipient of the data is the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. If the OpenStreetMap Foundation transfers this data to a third country (e.g., the USA), this will only happen in individual cases, on the basis of a data processing agreement concluded with the OpenStreetMap Foundation and in accordance with standard contractual clauses agreed with the OpenStreetMap Foundation and other security measures permitted by the GDPR that ensure the security processing of your personal data with a level of protection identical to that in the EU, in particular on the basis of the EU-US Data Privacy Framework (DPF). The legal basis for the use of OSM is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. We have an interest in offering you a map to help you find sports events more easily, which you can use to locate the event. As we only process your personal data to a very limited extent when using OpenStreetMap, we respect your interest in the integrity of your personal data and do not use it unduly. You can find more information on the handling of user data in OSM's privacy policy : https://wiki.osmfoundation.org/wiki/Privacy_Policy.

10. Fan pages on social media websites

We maintain fan pages on social networking websites and process personal data in this context in order to communicate with users active there or to provide information about us. We would like to point out that when you visit our fan pages, your data may be processed outside the European Union. The operators of the respective social networks are responsible for this. A detailed description of the respective forms of processing and the options for objection (e.g., opt-out) can be found in the privacy policies of the operators of the respective social networks.

Instagram
We operate a so-called Instagram fan page for our company on Instagram. When you visit the Instagram fan page, Meta can evaluate your usage behavior and share the information gained from this with us (“Insights”). The page insights are used for the purposes of economic optimization and the needs-based design our website/services. The categories of data processed may include master data, contact data, content data, usage data, and connection data. The recipient of the data is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, as joint controller in accordance with Art. 26 GDPR. The legal basis for processing the data in accordance with the provisions set out here results from our legitimate interest and thus from Art. 6 (1) lit. f GDPR.