Contents

1. Data protection

We take the protection of your personal data very seriously. We treat your personal data confidentially and according to the legal data protection regulations as well as this data protection information.

This data protection information applies to the processing of personal data by us on our website teamtip.net (“website”) and for our web application (hereinafter “web application”) as well as for our mobile apps (hereinafter “apps”) (together hereinafter “applications”). It explains the type, purpose, and scope of the data processing within the framework of the website, the web application, and the mobile apps.

We would like to point out that data transmissions on the Internet can have security gaps. Seamless protection of the data against access by third parties is not possible.

2. Controller

The “Controller” is the natural or legal person, public authority, agency, or other body that alone or with others determines the purposes and means of the processing of personal data.

The controller for the data processing to provide the services within the website teamtip.net and within the applications is:

SPM Sportplatz-Media GmbH
Schleidenstraße 3
22083 Hamburg
E-Mail: kontakt@teamtip.net
Webseite: https://www.teamtip.net/
Tel.: +49 40 537 9863 - 30

The respective trainer(s) and admin(s) are responsible for the data processing within a team in the applications.

Regarding this data processing, we (SPM Sportplatz-Media GmbH) only act on behalf of and according to the instructions of the trainer (order processing). You can find the data protection information of the trainer account for the data processing within a team in the settings under “Trainer data protection”

The following data protection information therefore only applies to the processing of personal data for which we (SPM Sportplatz-Media GmbH) are responsible.

3. General information on data processing

Scope of the processing of personal data

We categorically collect and use the personal data of our users only to the extent required for the provision of our applications, our contents, and our services. The collection and use of our users’ personal data is regularly only carried out with the consent of the user. Exceptions are made in cases in which prior consent cannot be obtained for factual reasons and where the processing of the data is permitted by legal regulations.

Legal basis for the processing of personal data

Insofar as we obtain consent from the data subject for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

In the processing of personal data that is required for the performance of a contract in which the contractual party is the data subject, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing that is required to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

If the processing is required to safeguard a legitimate interest of our company or a third party and the interests, basic rights, and basic freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

Data deletion and storage period

The personal data of the data subject are deleted or blocked as soon as the purpose of the storage is no longer applicable. Additionally, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Data is also restricted or erased if a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data in order to fulfill or conclude a contract.

Note on data transfer to the USA

Our website also includes tools from companies based in the USA. If these tools are enabled, your personal data may be transferred to these companies’ US servers. The processing of personal data in the USA only takes place if the companies have concluded so-called EU standard contract clauses with us and their subcontractors. This provides sufficient guarantees for adequate data protection within the meaning of Art. 46 GDPR.

4. Provision of the website and creation of log files

Whenever our website (including the web application) is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected for a limited period of time:

• The user’s IP address
• The date and time of access
• The user’s user agent
• The path to the accessed page

The data are stored in the log files of our system. These data are only required for the analysis of any malfunctions and are deleted within 30 days at the latest. The legal basis for the temporary storage of the data and log files is Article 6 (1) (f) GDPR. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. The user’s IP address must be stored for the duration of the session for this purpose. The purpose of the storage in log files is to ensure the functionality of the website. We also use the data to optimize the website and ensure the security of our information technology systems. The data are not evaluated for marketing purposes in this context, and no conclusions are drawn about your person. These purposes also include our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR. The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. As a consequence, there is no possibility of objection on the part of the user.

5. Data processing for registered users

When you register and use our applications, the following personal data is collected from you:

• First and last name
• User name
• Age over/under 18
• E-Mail address

We also process the following technical data:

• IP addresses
• Browser types and browser version
• Operating system
• Referrer URL
• Host name of the accessing computer
• Time of the server access
• Metadata
• Device IDs
• Language settings
• Installed app version

These data are processed for the purpose of implementing the user agreement between us and you (Art. 6 (1) sentence 1 lit. b GDPR). We only process the data until the purpose for which it was stored no longer applies or you request us to delete it. Usually, there is no longer any purpose for storing data when you log out of the application. However, if there are mandatory statutory retention periods, the relevant data are only deleted after the statutory periods have expired (e.g., tax-related retention period for invoice data).

6. Minors

Persons who are under the age of 16 must only transmit their personal data to us with the consent of their legal guardians pursuant to Art. 8 GDPR. We do not knowingly collect and process the personal data of minors.

7. Hosting and content delivery networks (CDN)

External hosting

The app or website is hosted by an external service provider (host). The personal data collected via the app or website are stored on the host’s servers. In particular, this may include IP addresses, contact requests, meta- and communication data, contract data, contact data, names, page accesses, and other data generated by an app or website.

The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer through a professional provider (Art. 6 (1) (f) GDPR).

Our host will process your data only to the extent necessary to fulfill its service obligations and will follow our instructions with regard to these data.

We use the following hoster:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany

Conclusion of a contract on order processing

To ensure processing in accordance with data protection regulations, we have concluded a contract for order processing with our host.

8. Contact

You can contact us by email, fax or phone. In this process, your information from the inquiry and the contact details you provide there will be stored by us exclusively for purposes of processing the inquiry and in case of further questions. The data will not be transmitted to third parties in this context.

The legal basis for the data processing is Art. 6 (1) (f) GDPR. Our interest in answering your inquiry outweighs your interest; since you are writing to us, an answer is also in your interest and you are aware that we have to process your data to answer your inquiry.

If the purpose of the email contact is to conclude a contract, the legal basis for the processing is Art. 6 (1) (b) GDPR.

The data will be deleted as soon as they are no longer required for the purpose of their collection. This is the case when the respective conversation with the user has ended. The conversation has ended when it can be derived from the circumstances that the relevant matter has been resolved conclusively.

Zendesk

We use the CRM system Zendesk to process user enquiries. The provider is Zendesk,Inc., 1019 Market Street in San Francisco, CA 94103 USA.

We use Zendesk to be able to process your enquiries quickly and efficiently. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. You can only send enquiries by providing your email address and without giving your name. The messages sent to us remain with us until you request us to delete them or the purpose for storing the data no longer applies (e.g. after processing your enquiry has been completed). Mandatory legal provisions - in particular retention periods - remain unaffected.

If you do not agree to us processing your request via Zendesk, you can alternatively communicate with us by email, phone or fax.

For more information, please see Zendesk's privacy policy: https://www.zendesk.de/company/customers-partners/privacy-policy/

Zendesk chat features

Our website provides you with the ability to send us messages via a chat window. The chat features are provided by Zendesk. When you use this chat window, we store your IP address in addition to your chat messages. It is not necessary to provide your name for the chat.

Abschluss eines Vertrags über Auftragsverarbeitung

We have entered into a contract with Zendesk in which we require Zendesk to protect our customers' data and not to disclose it to third parties.

We have entered into EU standard contractual clauses with Zendesk. This provides sufficient guarantees for adequate data protection within the meaning of Art. 46 DSGVO. You can find out more here: https://www.zendesk.de/company/agreements-and-terms/privacy-policy/#international-transfer-of-personal-data

9. Newsletter data

Sendgrid

This website uses Sendgrid to send newsletters. The provider is Sendgrid, 1801 California Street Suite 500, Denver, CO 80202.

Sendgrid is a service that organizes and analyzes the sending of newsletters. The data you enter for the purpose of receiving newsletters is stored on Sendgrid's servers in the USA. If you do not want Sendgrid to analyze your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message.

Data analysis by Sendgrid

With the help of Sendgrid, it is possible for us to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links, if any, were clicked. In this way, we can determine, among other things, which links were clicked on particularly often.

For detailed information and all about data protection, please visit: https://sendgrid.com/resource/general-data-protection-regulation-2/

Legal basis

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

An adequate level of data protection is guaranteed by the use of the EU standard contractual clauses. Sendgrid has already switched to the new standard data protection clauses of the EU Commission.

Storage period

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from Sendgrid's servers after you unsubscribe from the newsletter. Data that has been stored by us for other purposes (e.g. e-mail addresses for the premium functions) remains unaffected by this.

Conclusion of a contract for commissioned data processing

We have concluded a contract on order processing (AVV) with Sendgrid.

This is a contract required by data protection law, which ensures that the latter only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.

10. Use of cookies and analysis tools

a) Cookies required for the operation

We use so-called session or flash cookies on our website www.spielerplus.de and in our applications. Cookies are text files that are stored in or by the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a distinctive string of characters that enables the browser to be uniquely identified when the website is accessed again. Some functions of our website cannot be offered without the use of cookies. These make it necessary for the browser to be identified even after a webpage is changed. The user data collected with the technically necessary cookies are not used to detect the identity of the user or to create user profiles. The legal basis for the processing of personal data with technically necessary cookies is Art. 6 (1) (f) GDPR.

b) Not mandatory cookies

Analytical tools

When you access our applications, your behaviour may be statistically evaluated with the help of certain analysis tools and analysed for advertising and market research purposes or to improve our offers. When using such tools, we ensure compliance with the legal data protection regulations. When using external service providers (commissioned data processors), we ensure through appropriate contracts with the service providers that the data processing complies with German and European data protection standards.

We use the following tools to analyse user behaviour:

Google Analytics

The applications use functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the application. The information generated by the cookie about your use of this application is usually transmitted to a Google server in the USA and stored there.

The storage of Google Analytics cookies and the use of this analysis tool are carried out on the basis of Art. 6 Para. 1 lit. a DSGVO, as a corresponding consent has been requested (e.g. consent to the storage of cookies). The consent can be revoked at any time.

We have concluded EU standard contractual clauses with Google LLC. This provides sufficient guarantees for adequate data protection within the meaning of Art. 46 DSGVO.

IP anonymisation

We have activated the IP anonymisation function. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on our behalf for the purpose of evaluating your use of the application, compiling reports on application activity and providing other services relating to application usage and internet usage to the operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this application. In addition, you can prevent the collection of the data generated by the cookie and related to your use of the application (including your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link:

https://tools.google.com/dlpage/gaoptout

Demographic characteristics with Google Analytics

The applications use the "demographic characteristics" function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".

Storage period

Data stored by Google at user and event level that is linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised or deleted after 14 months. Details can be found under the following link:

https://support.google.com/analytics/answer/7667196

Google Tag Manager

The applications use functions of the Google Analytics web analysis service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses so-called cookies. These are text files that are stored on your computer that enable an analysis of your use of the application. The information created by the cookie about your use of this application is generally transmitted to a Google server in the USA and stored there.

The storage of Google Analytics cookies and the use of this analysis tool are based on Art. 6 (1) (a) GDPR, since corresponding consent was requested (e.g., consent to the storage of cookies). The consent can be revoked at any time.

We have concluded standard EU contract clauses with Google LLC. This provides sufficient guarantees for adequate data protection within the meaning of Art. 46 GDPR.

11. Plugins and tools

Google Web Fonts

For the uniform display of fonts, these applications use so-called web fonts, which are provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google Fonts are installed locally. There is no connection to Google’s servers. You can find more information on Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy.

12. Encryption

SSL or TLS encryption

For security reasons and to protect the transmission of confidential contents, such as orders or inquiries that you send to us as the operator, we use SSL or TLS encryption. You can recognize an encrypted connection when the browser’s address bar changes from “http://” to “https://” and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this page

If, after the conclusion of a contract with costs, there is an obligation to provide us with your payment data (e.g. account number in the case of direct debit authorisation), this data is required for the processing of payments.

Payment transactions via the common means of payment (PayPal) are made exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

13. Data protection officer

We have assigned a data protection officer for our company.

ARTANA Digital GmbH
Prof. Dr. Christian Rauda
Alstertwiete 3, 20099 Hamburg
Tel. +49 40 537 981 260
Email: datenschutzbeauftragter@sportplatz-media.com
Web: www.artana.law

14. Your rights

If your personal data are being processed, you are a data subject as defined by the GDPR, and you have the following rights in relation to the controller:

a) Right of access

You can request confirmation from the controller as to whether we are processing your personal data.

If such processing has taken place, you can request information from the controller on the following topics:

• the purposes for which the personal data are processed;
• the categories of personal data being processed;
• the recipients or categories of recipients to whom your personal data have been or will be disclosed;
• the planned duration of the storage of the personal data concerning you, or, if no specific information on this is available, criteria for determining the storage period;
• the existence of a right to the rectification or erasure of the personal data or restriction of processing of personal data concerning you, or a right to object to this processing;
• the existence of a right to appeal to a supervisory authority;
• any available information about the source of the data if the personal data are not being collected from the data subject;
• the existence of an automated decision-making process including profiling as defined by Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved as well as on the scope and intended effects of such processing on the data subject.

You have the right to request information as to whether your personal data are being transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

b) Right to rectification

You have the right to request that the controller correct and/or complete the data if the processed personal data concerning you is incorrect or incomplete. The controller must immediately make the correction.

c) Right to restriction of processing

Under the following conditions, you may request the restriction of the processing of your personal data:

• if you contest the accuracy of the personal data concerning you for a period that enables the controller to verify the accuracy of the personal data;
• if the processing is unlawful and you object to the erasure of the personal data and instead request a restriction of their use;
• if the controller no longer needs the personal data for the processing purposes, but you need them to assert, pursue, or defend legal claims; or
• if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet established whether the legitimate reasons of the controller outweigh your reasons.

If the processing of your personal data has been restricted, these data – with the exception of storage – may only be processed with your consent or for the purpose of asserting, pursuing, or defending legal claims or for protecting the rights of another natural or legal person or for reasons related to an important public interest of the Union or a member state.

If the restriction of processing was restricted in accordance with the above conditions, the controller will inform you before the restriction is lifted.

d) Right to erasure

Obligation to delete

You may request that the controller erases your personal data without delay. The controller is then obligated to immediately delete the data if one of the following reasons applies:

• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
• You revoke your consent on which the processing pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR was based and there is no other legal basis for the processing.
• You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
• The personal data concerning you have been processed unlawfully.
• The erasure of the personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the member states to which the controller is subject.
• The personal data concerning you have been collected in relation to services offered by an information society pursuant to Art. 8 (1) GDPR.

Information to third parties

If the controller has made your personal data public and is obligated to their erasure pursuant to Art. 17 (1) GDPR, the controller, in consideration of the available technology and implementation costs, will take appropriate measures, including technical ones, to inform the persons responsible for the data processing that you, as a data subject, have requested the erasure of all links to these personal data or copies or replications thereof.

Exceptions

The right to erasure does not exist if the processing is required

• to exercise the right to freedom of expression and information;
• to comply with a legal obligation that requires the processing according to a law of the Union or member states to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
• for archival purposes, scientific or historic research purposes in the public interest, or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the law referred to in section a) is likely to render impossible or seriously interfere with the attainment of the objectives of such processing; or
• to assert, exercise, or defend legal claims.

e) Right to be notified

If you have asserted the right to the rectification, erasure, or restriction of processing towards the controller, the controller is obligated to notify all recipients to whom your personal data have been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves disproportionate effort.

You are entitled to receive information from the controller about these recipients.

f) Right to data portability

You have the right to receive the personal data concerning you that you provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to have this data transmitted to another responsible person without interference from the controller to whom the personal data has been communicated, provided that

• the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR; and
• the processing is carried out by automated means.

In exercising this right, you also have the right to request that your personal data be transferred directly from one controller to another, insofar as this is technically feasible. This must not affect the freedoms and rights of other people.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

g) Right to object

You have the right to object, for reasons arising from your particular situation, at any time to the processing of your personal data that is carried out pursuant to Art. (6) (1) (e) or (f) GDRP; this also applies to profiling based on these provisions.

The controller will no longer process your personal data, unless the controller can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights, and freedoms, or unless the processing serves to assert, exercise, or defend legal claims.

If personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling to the extent that it is linked to such direct marketing.

If you object to the processing for the purposes of direct marketing, your personal data will no longer be processed for those purposes.

You have the option of exercising your right to object in relation to the use of information society services – notwithstanding Directive 2002/58/EC – by using automated procedures that involve technical specifications.

h) Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. Revoking the consent does not affect the legality of the processing that has occurred on the basis of the consent up until it was revoked.

i) Automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – that has a legal effect on you or significantly affects you in a similar manner.

This does not apply if the decision

• is required for the conclusion or performance of a contract between you and the controller;
• is permissible according to statutory regulations of the Union or member states to which the controller is subject and these regulations provide for appropriate measures to safeguard your rights, freedoms, and your legitimate interests; or
• is made with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) applies and appropriate measures have been taken to safeguard rights and freedoms and your legitimate interests.

With respect to the cases referred to in (1) and (3), the controller will take appropriate measures to safeguard the rights and freedoms and your legitimate interests, which include at least the right to obtain the intervention of a person on behalf of the controller, to express his or her own point of view and to challenge the decision.

j) Right to lodge a complaint with a supervisory authority

Regardless of any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state in which you reside, your place of work, or the place of the alleged infringement, if you believe that the processing of the personal data concerning you is in breach of the GDPR.

The supervisory authority to which the complaint has been lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

15. Amendments to this data protection information

We reserve the right to change these data protection regulations at any time in compliance with the legal requirements.

Current as of: Feb 2021