El Fútbol App — Data Protection Policy
We are happy that you have shown interest in us. The protection of your privacy and data is one of our top priorities and has deeply influenced our technical architecture, the selection of our tools and frameworks as well as a lot of business decisions along the way.
As the data controller, EL FÚTBOL UG has implemented numerous technical and organizational measures to ensure the protection of personal data processed through this website in the best possible way
The data controller pursuant to the General Data Protection Directive (“GDPR”) in respect of any Personal Information that you submit to us via the app (or otherwise) is EL FÚTBOL UG, a company registered in Cologne, Germany (company number: HRB 106222) with a registered address at Schnurgasse 35a, 50676 Cologne, Germany (“the app, “we”, “us”, “our”). The Personal Information you submit to us via the app services (or otherwise) will be processed by us or by data processors appointed by us to undertake processing on our behalf.
2. What are personal and non-personal information?
“Personal information” is information that we have collected from you that identifies you, or which, in conjunction with other information that is in our possession or is likely to come into our possession, may be used by us to identify you.
“Non-personal information”, is information that we have collected from you which cannot be used by us to identify you.
3. Which data does App Futból Alemán collect and use at which stage?
3.1 Use of our website
If you access or use our website we may collect the following non-personal information:
- Request (Name of the requested file)
- Browser type/version (e.g.: Internet Explorer 11.0)
- Browser language (e.g.: English)
- Operating System (e.g.: Windows 7)
- Cookies On / Off
- Color settings
- Referral URL (the previously visited page)
- Time of Access
- IP Address
The app also may maintain log files which contain IP addresses. An IP address is a numeric address that may be assigned to your computer by your Internet Service Provider and can, in certain circumstances, amount to Personal Information. In general, we use log files to monitor traffic on our Website and to troubleshoot technical problems. In the event of user abuse of our Website, however, we may block certain IP addresses.
We use the information set out in this Section 3.1.1 to optimize your experience of the app. The collection of the information set out in this Section 3.1.1 is mandatory. The app is not able to properly provide you with the the app services without this basic information.
We may also store flash cookies, also known as “local shared objects,” on your Internet-enabled device if the Website uses Adobe Flash. Flash cookies are small files similar to cookies and are used to remember the Website’s settings to personalize the look and feel of the Website. Flash cookies only collect data in the aggregate. Like normal cookies, Flash cookies are represented as small text files on your internet-enabled device.
3.1.3 Analytic Metrics Tools and Other Technologies
Our website uses Google Analytics. To learn how Google uses your data and how you can opt-out click here: https://www.google.com/policies/privacy/partners/. The collection of the information set forth in this Section 3.1.3 is not mandatory.
3.2 Account Registration
You will need to register for the app account in order to access and use some of the app services (“Account”). If you register for an account, in addition to the information we collect under Section 3.1 above we could also collect the following personal information:
- User ID
- Display Name
- Email address
- Profile image
- Phone number (if needed for two-factor authentification)
- Creation date
- Last active date
We use the information set out in this Section 3.2 to provide the app services. The collection of the information set out in this Section 3.2 is mandatory. The app is not able to properly provide you with the app services without this information.
3.3 Account Registration
When you use the platform, in addition to the information we collect under Section 3.1 and 3.2 above we may also collect the following Personal Information and Non-Personal Information:
- Last active date on the platform
The collection of the information set out in this Section 3.3 is mandatory as we cannot operate, optimize and enhance the platform properly without collecting this information. If you do not agree with this data collection and storage we will need to deactivate your account and access to the platform. For legal reasons, this information will be stored as long as your account remains open and for the applicable statutes of limitations thereafter.
In addition to Sections 3.1 to 3.3, if we reasonably suspect that any of the app services or your account is being or has been misused, including without limitation, by virtue of any:
- DoS Attacks
- Distribution of Spam and/or Viruses
- Gold Farming
- defamation, racism, hate speech etc.
- other violations of our Terms of Service
then the app may collect further personal information and non-personal information to verify or refute such suspicions within the limits of applicable law and taking into account your reasonable data protection interests. We will use this information to comply with applicable law and enforce our rights under civil and penal law against the respective users.
The collection of the information set out in this Section 3.4 is mandatory. We may not be able to enforce our rights without such information. For legal reasons, this information will be stored as long as your account remains open and for the applicable statutes of limitations thereafter.
3.5 Crash Reports, Customer Support
Optionally you may choose to send crash reports or contact customer support for any technical and commercial issues.
In addition to the data collected in Sec. 3.1 to 3.4 above the data provided by you may include:
- crash reports
- further machine specifications
- any other data you may choose to provide
The collection of the information set out in this Section 3.5 is not mandatory. However, we might not be able to fix bugs or handle the technical and commercial issues you have without this information. For legal reasons, this information will be stored as long as your account remains open and for the applicable statutes of limitations thereafter.
3.6 Marketing Information
Subject to your approval we may also use the information collected under Sections 3.1 to 3.3 to provide marketing information and special offers for a platform to you. This use of the information collected under Sections 3.1 to 3.3 is not mandatory. You can opt-out of this use of your data at any time here.
4. Will that app share my information with third parties?
The app may share your Personal Information with:
- third party payment providers which are bound by strict privacy policies to carry out payment transactions with you
- any authority to which we are obliged by law to disclose your personal information and non-personal information (e.g. tax authorities for commercial transactions)
We will not disclose your personal information to anybody else without your explicit approval.
We may also use Intercom as a medium for communications, either through email, or through messages within our product(s). As part of our service agreements, Intercom might collect publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses, to enhance your user experience.
If you would like to opt out of having this information collected by or submitted to Intercom, please contact us.
4.2 Amazon Web Services (AWS)
Our platform is hosted by Amazon Web Services (AWS) , which complies to ISO 27001 and SSAE-16 standards, ensuring full data security. AWS provides services for hundreds of thousands of organizations, including enterprises, educational institutions, and government agencies in over 190 countries. AWS is operated by Amazon Web Services, Inc. 410 Terry Ave North Seattle , WA 98109-5210 , USA.
AWS customers designate in which physical region their data and their servers will be located. All our data is stored in Region EU (Frankfurt), which is named “eu-central-1“ within the AWS set of regions. Data replication and backups are done within the regional cluster in which the data is stored and are not replicated to other data center clusters in other regions.
AWS does commit to high levels of availability in its service level agreements (SLA). For example, Amazon EC2 commits to annual uptime percentage of at least 99.95% during the service year. Amazon S3 commits to monthly uptime percentage of at least 99.9%.
For more information on the privacy practices of AWS, please visit:https://aws.amazon.com/de/compliance/gdpr-center/
4.3 Pubnub Inc.
The real-time chat on our platform is based on APIs, professional services, and servers of Pubnub Inc.. PubNub offers real-time infrastructure-as-a-service and provides enterprise-grade security, 99.999% SLA-backed reliability, and global scalability to support secure, large real-time deployments. Today, PubNub powers thousands of realtime apps around the world, from innovative start-ups to globally recognized brands, like Adobe, eBay and Samsung. Their platform handles trillions of real-time transactions per month from over 300 million unique devices with a
Pubnub is fully compliant with GDPR offering a range of features and functionalities that enables us to handle and protect your real-time messages in the best possible way.
PubNub’s encryption offering satisfies Articles 6 and 32 of the GDPR by providing both encryptions for data in transit and data at rest.
All messages are end-to-end encrypted with AES-256. They are not readable as they route through the PubNub network, PubNub cannot read or act on the message data.
All our data (chat history) is stores and persist only in E.U.-hosted data centers. For enterprise clients, we also provide a flexible option to route messages to your own servers so that your IT department has the option to leverage its own infrastructure for audit purposes.
In addition to providing the ability to set a time-to-live for persisted messages, PubNub offers data deletion APIs (such as delete from history) to delete any persisted messages to stay compliant with Article 17 of the EU GDPR – Right to erasure.
Data access is a core tenant of GDPR (specified in Articles 5 and 32). Therefore Pubnub Access Manager provides token-based authorization allowing granular read and writes access control at the user/device, channel, or key level. The Pubnub Access Manager enables us to securely limit the use of personal data. It allows to the creation and enforces secure access to channels throughout the PubNub Data Stream Network.
For more information on the privacy practices of Pubnub, please visit:https://www.pubnub.com/products/security/gdpr/ and https://www.pubnub.com/blog/ensuring-gdpr-compliance-for-pubnub-chat-apps/
4.4 Google Analytics
Google Analytics employs cookies that are stored to your computer in order to facilitate an analysis of your use of our public website. The information generated by these cookies, such as time, place and frequency of your visits to our site, including your IP address, is transmitted to Google’s location in the US and stored there.
In using Google Analytics our website employs the extension “anonymizeIp”. In doing so, Google abbreviates and thereby anonymizes your IP address before transferring it from EU/EEA member states. Google uses this information to analyze your use of our site, to compile reports for us on internet activity, and to provide other services relating to our website. We only use Google Analytics on our public website, not on our dashboard after login.
Google Analytics also uses electronic images known as web beacons (sometimes called single pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how our site is used.
You can find additional information on how to install the browser add-on referenced above at the following link: [https://tools.google.com/dlpage/gaoptout?hl=en.](https://tools.google.com/dlpage/gaoptout?hl=en)
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.
4.5 Facebook Conversion Pixels
We use the “Custom Audience pixel” of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). With its help, we can keep track of what users do after they see or click on a Facebook advertisement. This enables us to monitor the effectiveness of Facebook ads for purposes of statistics and market research. Data collected in this way is anonymous to us, which means we cannot see the personal data of individual users. However, this data is saved and processed by Facebook. Facebook can connect this data with your Facebook account and use it for its own advertising purposes, in accordance with Facebook’s Data Policy which can be found at https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and outside of Facebook. A cookie can also be saved on your device for these purposes.
Please click here if you would like to withdraw your consent [https://www.facebook.com/settings/?tab=ads#_=_.](https://www.facebook.com/settings/?tab=ads#_=_.)
We use Postmark for sending transactional application emails when you use our platform in cases such as account activation or resetting your password. Postmark is a service operated by Wildbit LLC. 25 Chestnut St., Philadelphia, PA, 19106, USA. Your email address will remain within Postmark’s database for as long as we continue to use their services for email communication or until you specifically request removal from the list. You can do this by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
Further information and the applicable data protection provisions of Postmark can be retrieved under https://wildbit.com/privacy-policy and under [https://postmarkapp.com/terms-of-service.](https://postmarkapp.com/terms-of-service)
We are using a service called Mailchimp to manage email marketing subscriber lists and send monthly newsletters to our subscribers. Mailchimp is an online marketing platform operated by The Rocket Science Group LLC, a company headquartered in the State of Georgia in the United States.
Mailchimp automatically places single-pixel gifs, also known as web beacons, in every email sent by our users. These are tiny graphic files that contain unique identifiers that enable us and our users to recognize when a subscriber has opened an email or clicked certain links. These technologies record each subscriber’s email address, IP address, date, and time associated with each open and click for a campaign. We use this data to create reports for our users about how an email campaign performed and what actions subscribers took.
Every newsletter contains a quick and easy unsubscribe link in its footer, which enables users to unsubscribe anytime.
Your email address will remain within Mailchimp’s database for as long as we continue to use Mailchimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
While your email address remains within the MailChimp database, you will receive periodic (approximately monthly) newsletter-style emails from us.
Further information and the applicable data protection provisions of Mailchimp can be retrieved under https://mailchimp.com/legal/ and under [https://mailchimp.com/legal/terms.](https://mailchimp.com/legal/terms)
4.8 Marketing optimization and evaluation – Adjust SDK
For the optimization and evaluation of marketing activities and campaigns, the app uses the service Adjust, which is operated by adjust GmbH. The Adjust GmbH has its seat in the Saarbrücker Str. 37A, 10405 Berlin. If users interact with the campaigns played out by or for the app, this usage data is forwarded to adjust. On the basis of this data, adjust evaluates the reaction of users to the app campaigns and thus enables analyses of the effectiveness of the campaigns. This is particularly the case when the appis not searched for and downloaded directly in the app store but by users redirected to the app by means of elements of the campaigns. Then, prior to downloading, a connection to Adjust is established.
5. How does the app protect your personal information?
The security of your personal information is important to us. We follow the GDPR to protect the personal information submitted to us, both during transmission and in storage.
The personal information that you provide to us will be collected and processed by us or by data processors appointed by us to undertake processing on our behalf pursuant to Art. 28 GDPR. We have implemented physical, electronic and managerial procedures in order to help safeguard and prevent unauthorized access, use, alteration, modification and/or disclosure of your Personal Information.
If you have any questions about security on our Website, please contact us at firstname.lastname@example.org.
6. Review, Correction of Your Information, Requesting Deactivating Your Account
You can correct, update or delete your account information at any time by logging on our website and navigating to your account settings. Should you be unable to log in your Account, please contact us at email@example.com. We will be happy to review, update or remove information as appropriate. If you wish to have your account deactivated, please contact firstname.lastname@example.org.
7. Public Information Including User Generated Content, Online Forums, Blogs and Profiles
You may choose to disclose information about yourself in the course of contributing user-generated content to the platform, to the app or in public online chat rooms, blogs, message boards, user comments, user “profiles” for public view or in similar forums on our website. Information that you disclose in any of these forums is public information, and there is no expectation of privacy or confidentiality there.
You should be aware that any personal information you submit in the course of these public activities can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages in breach of our Terms of Service. We are not responsible for the personal information you choose to submit in these forums.
If you post a video, image, or photo in the app for public view you should be aware that these may be viewed, collected, copied, and/or used by other users without your consent. We are not responsible for the videos, images, or photos that you choose to submit to the app.
8. Third-party sites
We may receive some of the information that you submit to any third party website that you access from an advertisement contained on the app. Both we and the owner or operator of that third-party website will be the data controller in respect of any such information.
9. Contact information
If you have questions or concerns regarding this statement, you may contact us using the following contact information:
Data Protection Officer at email@example.com.
Update November 2022