Privacy Policy (App)

In this Privacy Policy, we inform you about the processing of personal data and about the access and storage of information on your device when you use OneFootball app.

In addition to this Privacy Policy for our app, we also have a Privacy Policy for the OneFootball website.

Content of this Privacy Policy:

1. Controller and Contact Person

2. Download from an App Store

3. Data Processing by Our App

3.1 App Access Data When Using Our App

3.2 Push Notification on Mobile Devices

3.3 Contact Information

3.4 Registration

3.4.1 Use Without Registration

3.4.2 Settings in the User Account and Operating System

3.5 Orders

3.6 Newsletter

3.6.1 Subscribing to the Newsletter

3.6.2 Newsletter Tracking

3.7 Existing Customer Advertising via E-Mail

3.8 Surveys

3.9 Competitions

3.10 Applications

3.11 Fanshop

3.11.1 Data collection and transfer to sellers

3.11.2 Data Collection by the Payment Service Provider

4. Use of tools

4.1 Technologies Used

4.2 Legal Basis and Withdrawal

4.2.1 Legal Basis

4.2.2 Obtaining Your Consent

4.2.3 Withdrawal your Consent or changing your selection

4.3 IAB Transparency and Consent Framework

4.4 Essential Tools

4.4.1 Own Tools

4.5 Functional Tools

4.6 Analysis Tools

4.7 Marketing Tools

4.8 Purposes, Functions and Service Providers

5. Online Presence in Social Networks

6. Data Disclosure

7. Data Transfer to Third Countries

8. OneFootball Partner Marketing

9. Storage Duration

10. Your Rights, Particularly Withdrawal and Objection

11. Changes to the Privacy Policy

1. Controller and Contact Person

The contact person and so-called controller for the processing of your personal data when using this app within the meaning of the General Data Protection Regulation (GDPR) is

OneFootball GmbH, 

Donaustraße 44

12043 Berlin

Germany.

If you have any questions about data protection in connection with the use of our website, our app, OneFootball support and the OneFootball TV app (hereinafter referred to as OneFootball services), you can also contact our external data protection officer at any time. This can be contacted at the above postal address and by email at privacy@onefootball.com (keyword: "Attn: Data Protection Officer"). We expressly point out that when using this e-mail address, the contents are not exclusively taken note of by our data protection officer. If you wish to exchange confidential information, we therefore ask that you first contact us directly via this e-mail address.

2. Download from an App Store

In order to download and install the OneFootball app from an app store (Google Play, Apple AppStore or another app store via your SmartTV), you may first have to register for a user account with the provider of the respective app store and conclude a corresponding user agreement. We have no influence on the content of this contract; in particular, we are not a party to such a user contract. When you download and install the app, the necessary information is transmitted to the respective provider of the app store (e.g. Google or Apple), in particular your user name, your email address and the customer number of your app store account, the time of the download and the individual device identification number. We have no influence on this data collection and we are not responsible for it. We only process the data provided to the extent necessary for downloading and installing the app on your mobile device (e.g. iPhone, iPad or Android device). We do not store this data for any other purpose.

3. Data Processing by Our App

3.1 App Access Data When Using Our App

When you use the OneFootball app, we collect the following technical data to enable the functions of the OneFootball app, which is automatically collected from your mobile device and transmitted to us when you use it.

The following app access data is automatically recorded each time the OneFootball app is used:

  • Date and time of use

  • Your device name (e.g. "Apple iPhone 14" or "Samsung Galaxy S9")

  • Operating system and version as well as information on screen resolution

  • App version and application ID to identify your app installation

  • General device data, such as language and regional settings

  • IP address of the end device

  • Details of the approximate location from which you are using our app

To improve the app, the OneFootball app also sends us error messages after a crash (i.e. after the OneFootball app was unexpectedly terminated due to a program error or it no longer responded to your inputs). The error messages do not contain any personal data, but only the aforementioned technical app access data and information about which part of the OneFootball app software code caused the error. The IP address of your end device is not transmitted.

The app access data is generally recorded in internal log files for a period of three months after the end of the respective access and then anonymized, unless otherwise specified in this privacy policy.

The data processing of this connection data is absolutely necessary to enable the use of the app, to ensure the permanent functionality and security of our systems and to maintain our app in general administrative terms. The connection data is also stored in internal log files for the purposes described above, temporarily and limited in content to what is absolutely necessary, in order to find the cause and take action in the event of repeated or criminal calls that jeopardize the stability and security of our services.

The legal basis for this processing is Art. 6 para. 1 lit. b GDPR if the app is used in the course of the initiation or performance of a contract, and otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest in enabling the app service and the permanent functionality and security of our systems.

3.2 Push Notification on Mobile Devices

In order to be notified of certain events and topics on mobile devices via push notifications (also called "notifications" by iOS), you must grant the OneFootball app the necessary authorization. When you open the OneFootball app for the first time and register or log in, you will be asked for this authorization. You can adjust the permissions for push notifications in the settings of your operating system or switch push notifications on or off later.

On iOS, you can switch this setting on or off under "Settings" under the menu item "Messages".

On Android, you can find this setting under "Settings" under the menu item "Apps" (or "Application Manager"). After selecting the OneFootball app, you can switch push notifications on or off here.

3.3 Contact Information

You have various options for getting in touch with us. These include the contact form and the e-mail address feedback@onefootball.com. In this context, we process your data exclusively for the purpose of communicating with you.

The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, insofar as your details are required to answer your inquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest in you contacting us and us being able to answer your inquiry.

The data collected by us when you contact us will be automatically deleted after your request has been fully processed, unless we still need your request to fulfill contractual or legal obligations (see section 9 "Storage period").

3.4 Registration

You have the option of registering with an account for our login area in order to be able to use the full range of functions of our services. We have highlighted the data you are required to enter as mandatory fields. Registration is not possible without this data.

An e-mail address and password are required.

The following data may be processed as part of the registration process:

  • Salutation, Gender (optional);

  • First and Last name (optional);

  • Date of Birth (optional);

  • Profile Picture (optional)

The legal basis for processing the data required for registration (mandatory fields) is Art. 6 para. 1 lit. b GDPR. For all other data, the legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to enable you to customize, adapt and change your account, or your consent pursuant to Art. 6 para. 1 lit. a GDPR, insofar as you have given us this.

Our app offers you the option of logging in with an existing account from the social networks listed below:

  • Facebook Login: Meta Platforms Ireland Ltd, Serpentine Avenue, Block J, Dublin 4, Ireland (for persons outside the USA and Canada) or Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA (for persons from the USA and Canada) - Privacy Policy: https://www.facebook.com/privacy/policy/;

  • Google Sign-In for Websites: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (for persons from the European Economic Area and Switzerland) or Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (for all other persons) - Privacy Policy: https://policies.google.com/privacy;

  • Register with Apple: Apple Distribution International ltd, Hollyhill Industrial Estate, Hollyhill Cork, Republic of Ireland (for persons from the European Economic Area and Switzerland) or Apple Inc, One Apple Park Way, Cupertino, CA 95014, USA (for all other persons). 

  • Firebase: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (for persons from the European Economic Area and Switzerland) or Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (for all other persons) - Privacy Policy: https://policies.google.com/privacy.

Once you have logged in with one of your existing accounts, additional registration is no longer required. If you want to use the function, you will first be redirected to the relevant social network. There you will be asked to log in with your login name and password. We do not, of course, take any notice of this login data. The server to which a connection is established may be located in the USA or in other third countries.

By confirming the corresponding log-in button, the relevant social network learns that you have logged into your account on our site and links your social network account with your account in our app. The following data is also transmitted to us:

  • Facebook login: e-mail address, public profile information (in particular Facebook ID, name, profile picture), possibly other profile information such as age, date of birth, Facebook friends, gender, place of residence, like information, profile URL, locations, posts, photos, videos; cookies used in particular: "_fbsr";

  • Google Sign-In for Websites: Email address, Google ID, name, profile picture URL, gender and date of birth,

  • Sign in with Apple: E-mail address (you can also choose the e-mail address of an Apple Relay service), Apple ID

  • Firebase: e-mail address

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

Your personal data may also be transferred by Meta, Google and Apple to the USA and processed there. Meta Platforms Inc. and Google LLC have joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR. Apple is obliged by standard contractual clauses to comply with the level of data protection in the EU.

3.4.1 Use Without Registration

You can use essential functions of our platform without registering. However, the use of these basic functionalities, such as specifying a favorite team and tracking clubs, leagues, associations and players, as well as displaying soccer results and content, requires the processing of personal data.

In order to be able to use the basic functions, we generate a device-specific identification number (pseudonym) when the app is opened for the first time. Information such as the operating system, IP address and server request time is also processed for the technical display of content. The IP addresses are deleted or anonymized after processing, whereby the location is only determined up to the geographical level of the country.

The data in the technical logs are analyzed anonymously in order to improve our platform and correct possible errors. The data processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to show you content based on your interests (namely clubs, leagues, associations and players).

3.4.2 Settings in the User Account and Operating System

In the privacy settings of the user account, under "Personalized advertising and content, measurement of advertising and content, target group research and development of services", you can specify whether you wish to receive customized advertising.

Personalized advertising will only be displayed if you as a user have reached the required age. The required age varies depending on the country in which you are located and the legal requirements for personalized advertising that apply there.

On mobile devices, you can also deactivate the advertising ID of the respective device and thus prevent personalized advertising. On Android, the Google advertising ID can be reset or deactivated under the settings of the Google account used. On iOS, the IDFA can be reset under the Privacy menu item in the settings ("Reset Ad ID"); this creates a new ID that is not merged with the previously collected data. If you activate the "No ad tracking" option, we can only take limited measures, such as determining unique usage ("unique user") or combating fraud.

3.5 Orders

During an order process (e.g. pay-per-view), we collect the mandatory data required for contract processing:

  • Salutation;

  • First and last name;

  • Date of birth;

  • E-mail address;

  • Billing address;

  • Payment information (e.g. IBAN, credit card, etc.);

  • Phone number

The legal basis for processing is Art. 6 para. 1 lit. b GDPR.

3.6 Newsletter

You have the option of subscribing to our newsletter, in which we regularly inform you about new products and promotions.

3.6.1 Subscribing to the Newsletter

We use the so-called double opt-in procedure to subscribe to our newsletter, i.e. we will only send you newsletters by e-mail if you confirm in our notification e-mail by clicking on a link that you are the owner of the e-mail address provided. If you confirm your e-mail address, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of this storage is to send you the newsletter and to be able to prove your registration. In addition, we measure whether our newsletter can be delivered at all.

The legal basis for processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by unsubscribing from the newsletter. A corresponding unsubscribe link can be found in every newsletter. A message to the contact details given above or in the newsletter (e.g. by e-mail or letter) is of course also sufficient.

3.6.2 Newsletter Tracking

We want to share content that is as relevant as possible for our users via our newsletter and better understand what they are actually interested in. We therefore use standard market technologies in our newsletters to measure interactions with the newsletters (e.g. opening of the email, links clicked on). We use this data in pseudonymous form for general statistical evaluations and to optimize and further develop our content and user communication. On the one hand, this is done with the help of small graphics embedded in the newsletter (so-called pixels), which establish a connection to the server of the images when the email is opened. On the other hand, we use links where we first register a click on this link and only then forward it to the desired target page.

The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR. The information in the end device is then accessed on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. You can revoke your consent to the analysis of user behavior at any time with effect for the future by unsubscribing from the newsletter. You can also prevent the measurement of the opening of an email by deactivating graphics or the output of HTML content in your email program by default.

The data on the interaction with our newsletters is stored pseudonymously for 90 days and then completely anonymized.

3.7 Existing Customer Advertising via E-Mail

If you register with us or make a purchase from us, we will also use your contact details to send you further information about our products and services that is relevant to you by email ("existing customer advertising"). This may include, in particular, news, promotions and offers as well as feedback and other surveys.

The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR in conjunction with Section 7 para. 3 UWG, according to which data processing is permitted to safeguard legitimate interests, insofar as this concerns the storage and further use of the data for advertising purposes. You can object to the use of your data for advertising purposes at any time by clicking on the corresponding link in the emails or by sending a message to the contact details given above (e.g. by email or letter) without incurring any costs other than the transmission costs according to the basic rates.

3.8 Surveys

You have the opportunity to take part in one of our surveys. We use the results of these surveys to improve our service. The legal basis for data processing when participating in the survey is your consent in accordance with Art. 6 para. 1 lit. a GDPR. We base the sending of the surveys on your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided you have given us this consent.

We use the information and survey responses you provide to better understand your interests and preferences. For this purpose, we analyze your responses to provide you with targeted advertisements that are tailored to your preferences and activities.

This processing of your data is carried out in accordance with the applicable data protection laws. You have the option at any time to object to receiving personalized advertising or to withdraw your consent to the processing of survey results for advertising purposes. 

In addition, you can object to the sending of a satisfaction survey and the use of your data for advertising purposes at any time by clicking on the corresponding link in the e-mails or by sending a message to the above-mentioned contact details (e.g. by e-mail or letter) or revoke your consent with effect for the future without incurring any costs other than the transmission costs according to the basic rates.

3.9 Competitions

You can take part in our competitions. In the context of competitions, we use your data for the purpose of running the competition and notifying you of the prize. Detailed information can be found in the conditions of participation for the respective competition or the data protection information. The legal basis for processing is the competition contract (sometimes also referred to as "conditions of participation") in accordance with Art. 6 para. 1 lit. b GDPR. Data processing for other or further purposes, in particular for advertising, is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

We base the sending of the offer to participate in the competition on your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided you have given us this consent.

You can object to the sending of an offer to participate in competitions and the use of your data for advertising purposes at any time by using a corresponding link in the e-mails or by sending a message to the contact details above (e.g. by e-mail or letter) or revoke your consent with effect for the future without incurring any costs other than the transmission costs according to the basic rates.

3.10 Applications

You can find the privacy policy for applications here: https://static.onefootball.com/legal/recruiting-privacy-policy/en

3.11 Fanshop

3.11.1 Data collection and transfer to sellers

You can purchase products from third parties in our Fan Shop. The selection and display of products are not contextual and does not involve profiling. The seller’s information is available on the product page. We will forward your order, including the personal information collected during the order process and your email address, to the seller.

The seller will then process this data independently to fulfill your order and for commercial purposes, such as accounting and record-keeping. We will receive updates from the seller about the delivery status to ensure the contract fulfilment and, if applicable, about any cancellation. The legal basis for the data processing is the performance of the contract (Art. 6 I 1 lit. b DSGVO).

More information about the sellers and links to their privacy policies can be found at the following links:

Name: eleven teamsports GmbH, Germany

Address: https://www.11teamsports.com/de-de/11teamsports/impressum/

Privacy Information: https://www.11teamsports.com/de-de/informationen/datenschutz/

3.11.2 Data Collection by the Payment Service Provider

A payment service provider is involved in the payment process. We transmit the payable amount to this provider, which then independently collects your payment data (e.g., credit card number). This data is not shared with OneFootball or the seller; we only receive confirmation of successful payment. In the case of a cancellation or other valid return, any refund will also be processed through the payment provider. The legal basis for this is contract fulfillment (Art. 6 I 1 lit. b DSGVO). For further information, please refer to the payment provider's privacy information:

Stripe Payments Europe, Ltd., Ireland

Address: https://stripe.com/de/legal/imprint

Privacy Information: https://stripe.com/de/privacy

4. Use of tools

4.1 Technologies Used

The app uses various services and applications (collectively "tools") that are offered either by us or by third parties. These include, in particular, tools that use technologies to store or access information in the end device:

  • Cookies: Information stored on the end device, consisting in particular of a name, a value, the storing domain and an expiration date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the specified expiration date. Cookies can also be removed manually.

  • Web storage (local storage / session storage): information stored on the end device, consisting of a name and a value. Information in session storage is deleted after the session, while information in local storage has no expiration date and remains stored unless a mechanism for deletion has been set up (e.g. storage of a local storage with a time entry). Information in local and session storage can also be removed manually.

  • JavaScript: programming codes (scripts) embedded or called up in the app that, for example, set cookies and web storage or actively collect information from the end device or about the usage behavior of visitors. JavaScript may be used for "active fingerprinting" and the creation of user profiles. JavaScript can be blocked by a setting in the end device, although most services will then no longer work.

  • Pixel: tiny graphic automatically loaded by a service that can make it possible to recognize visitors by automatically transmitting the usual connection data (in particular IP address, information about the browser, operating system, language, address called up and time of the call) and, for example, to determine whether an email has been opened or a website visited. With the help of pixels, "passive fingerprinting" and the creation of user profiles can be carried out. The use of pixels can be prevented, for example, by blocking images, such as in emails, although the display is then severely restricted.

  • TC-String: For providers participating in the Transparency and Consent Framework ("TCF") of the Interactive Advertising Bureau ("IAB"), user preferences recorded in a content management platform are encoded and stored in a sequence of letters and numbers, the so-called Transparency and Consent String ("TC-String"). With the help of this TC-String, providers can display targeted advertising to users.

With the help of these technologies and also by simply establishing a connection on a page, so-called "fingerprints" can be created, i.e. usage profiles that do not require the use of cookies or web storage and can still recognize visitors. Fingerprints based on the connection setup cannot be completely prevented manually.

Most browsers are set by default to accept cookies, the execution of scripts and the display of graphics. However, you can usually adjust your browser settings so that all or certain cookies are rejected or scripts and graphics are blocked. If you completely block the storage of cookies, the display of graphics and the execution of scripts, our services may not work or may not work properly.

In the following, the tools we use are listed by category, whereby we inform you in particular about the providers of the tools, the storage duration of cookies or information in local storage and session storage as well as the transfer of data to third parties. We also explain in which cases we obtain your voluntary consent to use the tools and how you can withdraw this consent.

4.2 Legal Basis and Withdrawal

4.2.1 Legal Basis

We use tools necessary for the app on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in order to provide the basic functions of our app. In certain cases, these tools may also be required for the fulfillment of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

If personal data is transferred to third countries, we refer you to Section 7 ("Data transfer to third countries"), also with regard to any associated risks. We will inform you if an adequacy decision exists for the third country in question or if standard contractual clauses or other guarantees have been concluded for the use of certain tools. If you have given your consent to the use of certain tools and the associated transfer of your personal data to third countries, we will (also) transfer the data processed when using the tools to third countries on the basis of this consent in accordance with Art. 49 para. 1 lit. a GDPR.

4.2.2 Obtaining Your Consent

To obtain and manage your consent, we use the OneTrust tool from OneTrust, LLC, 1200 Abernathy Rd, Suite 700, Atlanta, Georgia 30328 ("OneTrust") as a consent management platform ("CMP"). This generates a banner that informs you about the data processing in our app and gives you the opportunity to consent to all, individual or no data processing using optional tools. This banner appears when you open our app and when you call up your settings again to change them or revoke your consent. The banner also appears when you open our app again if you have deactivated the storage of cookies or the cookies or information in the local storage have been deleted or have expired.

When you use the app, your consents or revocations, your IP address, information about your device and the time of your visit are transmitted to OneTrust. In addition, the necessary information is stored on your device to document the consents given and revocations ("Cookielaw by OneTrust (formerly Optanaon)".

Data processing is necessary to provide you with the legally required consent management and to fulfill our documentation obligations. The legal basis is Art. 6 para. 1 lit. f GDPR, justified by our interest in fulfilling the legal requirements for consent management. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

4.2.3 Withdrawal your Consent or changing your selection

You can withdrawal your consent for certain tools, i.e. for the storage and access to information in the end device, the processing of your personal data and the transfer of your data to third countries, at any time with effect for the future. To do this, click on "Privacy settings" under "Settings". There you can also change the selection of tools you wish to consent to the use of and obtain additional information on the tools used. Alternatively, you can assert your revocation directly with the provider for certain tools.

4.3 IAB Transparency and Consent Framework

When using OneTrust, the current version of the IAB Transparency and Consent Framework ("TCF") standard is observed, which specifies conclusive categories of processing purposes and the associated legal bases. TCF also enables your decisions made in the CMP, such as consents, revocations and objections, to be forwarded directly to the providers of the technologies in the CMP. The so-called TC string is used for this purpose. This ensures that your current request is always observed and complied with by the providers.

The following user data is transmitted to OneTrust when using the app: consents, revocations and objections, IP address, information about the browser, end device and the time of the visit.

4.4 Essential Tools

We use certain tools to enable the basic functions of our website ("essential tools"). These include, for example, tools to prepare and display website content, to manage and integrate tools, to provide payment processing services, to detect and prevent fraud and to ensure the security of our website. Without these tools, we would not be able to provide our service. Therefore, essential tools are used without consent.

The legal basis for essential tools is the necessity to fulfill our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in the provision of the respective basic functions and the operation of our app. In cases where the provision of the respective functions is necessary for the performance of a contract or for the implementation of pre-contractual measures, the legal basis for data processing is Art. 6 para. 1 lit. b GDPR. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

4.4.1 Own Tools

We use our own necessary tools that access information in the end device or store information on the end device, in particular:

  • for login authentication,

  • for load distribution,

  • to save your language settings,

  • to note that information placed on our website has been displayed to you - so that it will not be displayed again the next time you visit the website.

4.5 Functional Tools

We also use optional tools to improve the user experience of our app and to offer you more functions ("functional tools"). Although these are not absolutely necessary for the basic functions of the app, they can offer users considerable advantages, particularly in terms of user-friendliness and the provision of additional communication, display or payment channels. This can include, in particular, the integration of external content such as maps and videos as well as logging in via an existing social network account or, for example, a comment function.

The legal basis for the functional tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. To withdraw your consent, see 4.2.3: "Withdrawing your consent or changing your selection".

In the event that personal data is transferred to third countries, we refer to Section 7 ("Data transfer to third countries") in addition to the information provided below.

4.6 Analysis Tools

In order to improve our services, we use optional tools to recognize visitors and to statistically record and analyze general usage behavior based on access data ("analysis tools"). We also use analysis services to evaluate the use of our various marketing channels. The usage information collected is processed and enables us to understand the usage habits of our users. This helps us to adapt and optimize the design of our website and app and to make the user experience more pleasant.

The legal basis for the analysis tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. To withdraw your consent, see 4.2.3: "Withdrawing your consent or changing your selection".

In the event that personal data is transferred to third countries, we refer to Section 7 ("Data transfer to third countries") in addition to the information provided below.

4.7 Marketing Tools

We also use optional tools for advertising purposes ("marketing tools"). Some of the access data collected when you use our app is used to create usage profiles, which in particular store your usage behavior, the advertisements you have viewed or clicked on and, based on this, the classification into advertising categories, interests and preferences. By analyzing and evaluating this access data, we are able to present you with personalized advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and in our app and on the websites and services of other providers. We also analyse your usage behaviour in order to recognize you on other sites and to address you in a personalized manner based on your use of our site (so-called retargeting). In addition, we evaluate the effectiveness and success of our advertising campaigns (in particular so-called conversions and leads).

Additionally, we conduct surveys to better understand your interests and preferences, allowing us to continuously improve our services and products and ensure a personalized user experience. The information collected through these surveys is used to create and enhance usage profiles, enabling personalized advertising. Before participating in a survey, you will be informed about the purpose of data processing and must provide explicit consent. Participation in these surveys is voluntary. For more information on surveys, please refer to Section 3.8 of this Privacy Policy.

The legal basis for processing is your consent pursuant to Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with future effect by contacting us via the contact details provided above (e.g., by email or letter). This will incur no costs beyond the basic transmission fees

Marketing tools also include optional social network tools that are used to share posts and content via these networks ("social media plugins").

The legal basis for the marketing tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. To withdraw your consent, see 4.2.3: "Withdrawing your consent or changing your selection".

In the event that personal data is transferred to third countries, we refer to Section 7 ("Data transfer to third countries") in addition to the information provided below.

In the following section, we would like to explain the tools and the providers used in more detail and the data collected. The following tools and provider are used for these purposes:

  • “Matchmaker” Tool provided by Permutive Limited, 145 City Road, London EC1V1AW, United Kingdom, Link to Permutive’s Privacy Policy and contact information: privacy@permutive.com. Permutive Limited provides data management and audience segmentation services that enables us to analyze and activate user data in a privacy-compliant manner. Their platform uses real-time, first-party data to help us deliver targeted advertising without relying on third-party cookies.

The data collected may include in particular:

  • the IP address of the device;

  • the information of a cookie and in local or session storage;

  • the device identifier of mobile devices (e.g. device ID, advertising ID);

  • Referrer URL (previously visited page);

  • Pages accessed (date, time, URL, title, duration of visit);

  • Downloaded files;

  • Clicked links to other websites; 

  • Information from surveys, such as user preferences and interests;

  • if applicable, achievement of certain goals (conversions);

  • Technical information: Operating system; browser type, version and language; device type, make, model and resolution;

  • Approximate location (country and city if applicable).

However, the data collected is only stored under a pseudonym, so that no direct conclusions can be drawn about individuals.

4.8 Purposes, Functions and Service Providers

Processing purposes and functions, as well as the individual providers ("suppliers") can be viewed in the CMP, which can be accessed in the settings under "Data protection settings".

5. Online Presence in Social Networks

We maintain an online presence on social networks in order to communicate with customers and interested parties and to provide information about our products and services. User data is generally processed by the relevant social networks for market research and advertising purposes. This allows user profiles to be created based on the interests of users. Cookies and other identifiers are stored on the computers of the data subjects for this purpose. Based on these user profiles, advertisements are then placed within the social networks and on third-party websites, for example.

As part of the operation of our online presences, we may have access to information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may contain, in particular, demographic information (e.g. age, gender, region, country) and data on interaction with our online presence (e.g. likes, subscriptions, sharing, viewing images and videos) and the posts and content distributed via it. This may also provide information about the interests of users and which content and topics are particularly relevant to them. This information can also be used by us to adapt the design and our activities and content on the online presence and to optimize it for our audience. Please refer to the list below for details and links to the social network data that we can access as the operator of the online presence. The collection and use of these statistics is generally subject to joint responsibility. Where this applies, the relevant contract is listed below.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in effective information and communication with users, or Art. 6 para. 1 lit. b GDPR, in order to stay in contact with our users and to inform them and to carry out pre-contractual measures with interested parties.

If you have an account with the social network, it is possible that we can see your publicly available information and media when we access your profile. In addition, the social network may allow us to contact you. This can take place, for example, via direct messages or posted contributions. The content of communication via the social network and the processing of content data is the responsibility of the social network as a messenger and platform service. As soon as we transfer personal data from you to our own systems or process it further, we are independently responsible for this and this is done to carry out pre-contractual measures and to fulfill a contract in accordance with Art. 6 Para. 1 lit. b GDPR.

The legal basis for the data processing carried out by the social networks on their own responsibility can be found in the data protection information of the respective social network. Under the links below you will also find further information on the respective data processing and the options to object.

We would like to point out that data protection requests can be made most efficiently with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. You can of course also contact us with your request. In this case, we will process your request and forward it to the provider of the social network.

Below is a list with information on the social networks on which we have an online presence:

6. Data Disclosure

The data collected by us will only be passed on if there is a legal basis for this under data protection law in the specific case, in particular if:

  • you have given your express consent in accordance with Art. 6 para. 1 lit. a GDPR,

  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,

  • we are legally obliged to disclose data in accordance with Art. 6 para. 1 lit. c GDPR, in particular if this is necessary for legal prosecution or enforcement due to official inquiries, court orders and legal proceedings, or

  • this is legally permissible and required under Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are carried out at your request.

Some of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may include, in particular, data centers that store our website and databases, software providers, IT service providers that maintain our systems, agencies, market research companies, group companies and consulting firms. If we pass on data to our service providers, they may only use the data to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects and are regularly monitored by us.

7. Data Transfer to Third Countries

As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision for these countries (Art. 45 GDPR), we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the transfer of data on exceptions under Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the fulfillment of the contract or for the implementation of pre-contractual measures.

If a transfer to a third country is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to collect and analyze it, and that the enforceability of your data subject rights cannot be guaranteed. When obtaining your consent via the consent banner, you will also be informed of this.

8. OneFootball Partner Marketing

In the course of registering on the OneFootball platform and, if applicable, later in the course of use, you can consent to 'OneFootball Partner Marketing'. OneFootball cooperates with a large number of well-known partners, including clubs, leagues, associations or advertising and technical service providers ("OneFootball partners"). You can find a detailed list of our OneFootball partners and their contact details on our 'OneFootball Partner Website'.

If you give your consent to 'OneFootball Partner Marketing', OneFootball is authorized to pass on the following information of your user account to the OneFootball partners:

  • Name,

  • E-mail address,

  • Salutation (if known),

  • Date of birth (if known),

  • Gender (if known),

  • Favorite club (if known).

In addition, you agree that the OneFootball partners may contact you by e-mail for the following marketing purposes: Product and event information, exclusive promotions, competitions, offers, information from advertising partners of OneFootball partners and birthday mailings.

The processing and transmission of your data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can of course withdraw your consent at any time with effect for the future. To revoke your consent, please click on "Manage consent" in the settings of your user profile and press the 'OneFootball Partner Marketing' button. Alternatively, you can also inform us of your revocation at any time in writing by e-mail to privacy@onefootball.com or via the contact form on our website or by clicking on the unsubscribe link in the relevant newsletter.

9. Storage Duration

In principle, we only store personal data for as long as necessary to fulfill the purposes for which we collected the data. We then delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for civil law claims, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of your data in the specific individual case.

For evidence purposes, we must retain contract data in particular for three years from the end of the year in which the business relationship with you ends. Any claims expire at the earliest at this time in accordance with the statutory limitation period.

Even after this, we still have to store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.

10. Your Rights, Particularly Withdrawal and Objection

You are entitled to the data subject rights formulated in Art. 7 para. 3, Art. 15 - 21 at any time if the respective legal requirements are met:

  • Right to withdraw your consent (Art. 7 (3) GDPR);

  • Right to object to the processing of your personal data (Art. 21 GDPR);

  • Right to information about your personal data processed by us (Art. 15 GDPR);

  • Right to rectification of your incorrect personal data stored by us (Art. 16 GDPR);

  • Right to erasure of your personal data (Art. 17 GDPR);

  • Right to restriction of processing of your personal data (Art. 18 GDPR);

  • Right to data portability of your personal data (Art. 20 GDPR).

To assert your rights described here, you can contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees to demonstrate an adequate level of data protection. If the relevant legal requirements are met, we will comply with your data protection request.

Your requests to assert data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, beyond this period if there is reason to assert, exercise or defend legal claims. The legal basis is Art. 6 para. 1 lit. f GDPR, based on our interest in the defense against any civil claims under Art. 82 GDPR, the avoidance of fines under Art. 83 GDPR and the fulfillment of our accountability under Art. 5 para. 2 GDPR.

You have the right to withdraw your consent at any time. As a result, we will no longer continue the data processing that was based on this consent in the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it concerns an objection to data processing for direct marketing purposes, you have a general right of objection, which we will implement without you having to give any reasons.

If you wish to exercise your right of withdrawal or objection, simply send an informal message to the contact details above.

Finally, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR. You can assert this right, for example, with a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged infringement. In Berlin, where we are based, the competent supervisory authority is Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.

11. Changes to the Privacy Policy

We occasionally update this privacy policy, for example if we adapt our app or if the legal or regulatory requirements change.

Version: 2/2024

Status: October 2024