Privacy Policy (App)

At the TK8 Sports Academy GmbH (hereinafter “Toni Kroos Academy”), we take the protection of our users’ personal data very seriously. Accordingly, we process personal data used in the App in compliance with all legal requirements, in particular with the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). In this Privacy Policy, we explain to users how we process their personal data when they use our App.

1. Controller and Data Protection Officer

The controller for the processing of the personal data is

TK8 Sports Academy GmbH
Luxemburger Strasse 311
50354 Hürth
Germany

E-mail: support@tonikroos-academy.com

We have appointed an external Data Protection Officer, Prof. Dr. jur. Thomas Wilmer, whom users can contact at the following e-mail address: gdpr@tonikroos-academy.com.

 

2. Permissions

For the App to work with all of its services, it is necessary for the user to grant the App access to certain functions and data of the user’s device. The user is prompted once during the installation process to grant the relevant permissions. The granting of permissions varies depending on the device manufacturer. Access permissions may have different descriptions or individual permission categories may be grouped together, meaning that the user can only consent to the entire permission category. By granting the permission, the user consents to the associated data processing.
The App requests permission to access the photo/video gallery and, if the user consents, to the sending of push notifications.
Some functions of the App may not be available if the user does not consent to one or more of the requested permissions. If the user still tries to activate one of these functions, the App will again request that the relevant permission be granted. The user can also revoke a permission previously granted in their device settings at any time.

 

3. Data collection and processing when using the App

The collection, processing and use of this data is for the purpose of enabling the use of the website (establishing connectivity), ensuring system security and the technical administration of the network infrastructure. The legal basis of the processing is the protection of our legitimate interests pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interests here are to provide users with a website that is secure and pleasant to use.

a) Registration

When registering and creating a profile in the App, the user shares some personal data with us. The name used in the App and the e-mail address of the user are the only mandatory entries in this instance. The user can send us additional information in order to customise their profile and avail of certain services. The user can view and change the information provided in the profile area of the App.

We also save the following information about the user during the registration process:

  • User ID,
  • Creation date of profile,
  • Date of profile update.
  • Device token (in order to potentially send push notifications),
  • Technical information of the device in question (see next point),
  • Version of App used.

This data is collected, processed and used so that the user can create a profile and use the App and its functions. The legal basis for data processing is Article 6 (1) lit. b) of the EU General Data Protection Regulation (GDPR).

b) Using the App

In addition, we automatically log the following data when using the App:

  • IP address of requesting device,
  • Date and time of access,
  • Name and version of the operating system used,
  • Time zone settings,
  • Identification data of the device used,
  • Name of the user’s Internet provider and information about the mobile network used.

This data is collected, processed and used for the purposes of using the App, system security and technical administration of the network infrastructure. The legal basis for data processing is Article 6 (1) lit. b) GDPR.

c) Communication with other users and own contents

Users can introduce their own contents in some areas of the App and communicate with other users. Where users use these functions, they provide us with personal data contained in such contents. In these cases, the corresponding data processing takes place on the basis of the user contract with the users pursuant to Article 6 (1) lit. b) GDPR. Users can also delete such contents themselves in the App settings on a regular basis.

d) Coaching feedback

Where users use the “Coaching feedback” function and upload their own videos for viewing and review by our coaches, these videos are uploaded to a platform of the provider Atlassian B.V., c/o Atlassian Inc., 350 Bush Street, Floor 13, San Francisco, CA 94104, USA (“Jira platform”), who operates it on our behalf. The Jira platform is hosted on servers of Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA (“AWS”), some of which are also based outside the EU. The Jira plat-form uses EU standard contractual clauses to safeguard these data transfers. The user can refer to Atlassian’s privacy policy for more information

On this platform, our coaches have the option of watching the videos and giving the user feedback on the video. Where the user has given their consent, the coaches can also edit the videos on the platform (e.g. insert graphics) in order to provide the user with clearer feedback. The video, including feedback, is then returned to the user. Where the user has given their consent, videos can also be provided for all other users or for a specific group of users. The legal basis for data processing is Article 6 (1) lit. b) GDPR.

e) Analysis of user data with Matomo

In the App, we use the open-source analysis application “Matomo” of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, (“Matomo”) in order to analyse use of the App and its contents. Using the software development kit (SDK) provided by Matomo, the following data is collected and saved:

  • Pseudonymised visitor ID
  • Page accessed in the App
  • Subpages that are still called up within the App
  • Length of stay on individual pages of the App
  • Frequency and time at which App pages are accessed
  • Interactions with the App, e.g. using buttons or watching videos

Personal data is stored by Matomo exclusively within the EU. We have configured Matomo in such a way that IP addresses are only recorded in shortened form. The shortened IP address cannot therefore be assigned to the calling device. The user can prevent such an analysis from taking place by using the following opt-out option: [Add opt-out button] Refer to Matomo’s privacy policy for more information on data protection.
The legal basis for data processing is Article 6 (1) (1) lit. f) GDPR whereby our legitimate interest is based on the evaluation of data in order to optimise the App.

f) Sentry

We use Sentry in the App, a service provided by Functional Software Inc., 45 Fremont Street, 8th Floor, San Francisco, California 94105, USA (“Sentry”). Sentry ensures the technical stability of the App by monitoring the system stability, determining code errors and collecting information for error reports in the event of crashes or other problems.

To this end, usage data and metadata (e.g. device ID, device data, IP address) may be transferred to Sentry servers in the USA. Sentry uses EU standard contractual clauses in order to safeguard this data transfer. The user can refer to Sentry’s privacy policy for more information.

The legal basis for data processing is Article 6 (1) (1) lit. f) GDPR. Our legitimate interest is to provide users with as stable an App as possible. In the device settings, the user can consent to or reject the general transmission of crash reports to App developers. The user can also prevent the generation of error reports via Sentry by objecting to processing: [Add opt-out button]

 

4. Social login

The social login function allows the user to access the App via their Google or Apple account. If the user chooses this option, the relevant provider determines the us-er’s identity and communicates the data shown below to us. Usage data is not communicated to the provider however.

The legal basis for the data transmission is the user’s consent pursuant to Art. 6 (1) lit. a) GDPR, which the user grants by choosing the social login. The user can revoke this consent at any time with future effect. We then process the transmitted data pursuant to Art 6 (1) lit. b) GDPR.

a) Google login

If the user logs in via Google, the following types of data transmission from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) to us will be initiated:

  • E-mail address

If the user wishes to avoid this data transmission and informing Google that they are registered in the App, they must use one of the other available login options.

b) Apple login

If the user logs in via Apple, the following types of data transmission from Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA, (“Apple”) to us will be initiated:

  • E-mail address

If the user wishes to avoid this data transmission and informing Apple that they are registered in the App, they must use one of the other available login options.

 

5. Push notifications

In order to send push notifications, we use the service Google Firebase Cloud Messaging from Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland (“Firebase”). The user can find more information on Firebase at this link and in the privacy policy of Google Firebase. Firebase generates an identifier of the user, which is composed of the device token and the App ID and is stored on the platform together with the user’s chosen push notification settings. Firebase does not receive any other data about the user.

When installing the App and during the registration process, and also in some cases when using specific services of the App, users can give us their consent to the receipt of push notifications and make the relevant permission settings on their de-vice. The user can view and revoke this in the App settings.

The legal basis for this processing is the user’s consent pursuant to Art. 6 (1) (1) lit. a) GDPR. The user can revoke this consent at any time with future effect by deactivating push notifications in the App or device settings.

 

6. Newsletter

If a user registers for our newsletter via the App, we process the personal data provided in order to be able to offer the user the information and services requested by him via the newsletter.

For the distribution of our newsletter, we use CleverReach. The provider is Clever-Reach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach organises and analyses the distribution of newsletters for us. The personal data processed by CleverReach is stored on servers in Germany or Ireland. We can use this service to analyse the behaviour of the recipients of the newsletter, for example, how many recipients have opened the newsletter and how often users clicked on which link in the newsletter. Users can find out more information about CleverReach’s da-ta analysis by visiting https://www.cleverreach.com/en/features/reporting-tracking/, or in CleverReach’s Privacy Policy https://www.cleverreach.com/en/privacy-policy/.

The legal basis for this processing is the user’s consent pursuant to Art. 6 (1) lit. a) GDPR, which the user can revoke at any time with future effect, for example by clicking on the unsubscribe link in the newsletter.

 

7. Voucher codes

In some cases, our sponsors offer users benefits via the App in the form of voucher codes. If a user makes use of this option, the sponsor will process their personal da-ta subject to the terms of their own data protection provisions. We would like to point out that we do not share any user data with the sponsors and do not have any influence over the sponsor’s data processing activities.

 

8. SDKs used

We have implemented some of our own services via SDKs (software development kit = development environment) in the App. In some cases, the various SDKs pro-cess users’ personal data by establishing a direct connection between the device and the provider of the SDK during an App visit. Users can object to the use of SDKs which are used for statistical purposes or individual functions of the App.
For technical reasons, we cannot remove the SDKs in these cases; instead, we can only make settings which prevent further data queries via the SDKs. However, we cannot control which data the SDK providers will query (even if relevant settings forbid data queries).

The following SDKs are integrated into the App:

Provider / name of SDK Description
Firebase Authentication (Google), used for social logins The SDK is used in order to integrate the social login providers into the App and thus give users the option of logging in to the app via their respective accounts with the providers. More information on Firebase Authentication is available here and also in Google’s privacy policy.

 

9. Data transmission to third parties

In some areas, we use providers as processors who process data on our behalf under certain circumstances. This applies to categories, such as IT services, IT development and coaches, among others. We have concluded contracts with these processors pursuant to Art. 28 (3) GDPR to ensure that they too only process the data in compliance with all data protection laws.

If required to do so by law, we also share personal data with authorities or courts under certain circumstances. The legal basis for this is Article 6 (1) lit. c) GDPR.

 

10. Storage period of the data

We store personal data for as long as is necessary for the stated purposes of the processing or as long as we are legally entitled or obliged to store it.

 

11. Data Protection Rights

Users may at any time request information pursuant to Article 15 of the GDPR, rectification pursuant to Article 16 of the GDPR, erasure under the conditions of Article 17 of the GDPR, restriction pursuant to Article 18 of the GDPR and their right to data portability pursuant to Article 20 of the GDPR. In addition, users have the right to object to processing on grounds relating to their person in accordance with Article 21 GDPR, insofar as it is based on Article 6 (1) lit. f) GDPR. To the extent that users do not agree with the processing of their data, they have the right to lodge a complaint with a competent supervisory authority. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of In-formation of North Rhine-Westphalia (Germany (Landesbeauftragte für Datenschutz und Informationsfreiheit

Privacy Policy (Website)

At the TK8 Sports Academy GmbH (hereinafter “Toni Kroos Academy”), we take the protection of our users’ personal data very seriously. Accordingly, we process personal data in compliance with all legal requirements, in particular with the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). In this Privacy Policy, we explain to users how we process their personal data when they use our website or our social media pages.

1. Controller and Data Protection Officer

The controller for the processing of the personal data is

TK8 Sports Academy GmbH
Luxemburger Strasse 311
50354 Hürth
Germany

E-mail: support@tonikroos-academy.com

We have appointed an external Data Protection Officer, Prof. Dr. jur. Thomas Wilmer, whom users can contact at the following e-mail address: gdpr@tonikroos-academy.com.

 

2. Data collection by this website

When accessing this website, the Internet browser automatically transmits to us or the connection services we use:

  • IP address of the requesting computer
  • Date and time of access
  • URL of the data to be retrieved
  • Amount of data transferred
  • Access status (file transferred, file not found, etc.)
  • Recognition data of the browser and operating system used (“user agent”)
  • URL from which the access was referenced

In addition, individual cookies are used on this website (if applicable). For more details, please refer to section 7 Cookies.

Beyond this, we do not collect any personal data on this website.

 

3. Purposes of processing and legal basis

The collection, processing and use of this data is for the purpose of enabling the use of the website (establishing connectivity), ensuring system security and the technical administration of the network infrastructure. The legal basis of the processing is the protection of our legitimate interests pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interests here are to provide users with a website that is secure and pleasant to use.

 

4. Contact

In various areas of the website, users have the opportunity to contact us. In this case, when contacting us, the user declares his consent to the related processing of the personal data he has transmitted to us. We process this data for the purposes of users’ establishing contact and our responding accordingly. The legal basis is the user’s consent in accordance with Art. 6 (1) lit. a) GDPR, which the user can revoke at any time with effect for the future.

 

5. Newsletter

If a user registers for our newsletter via the website, we process the personal data provided in order to be able to offer the user the information and services requested by him via the newsletter.

For the distribution of our newsletter, we use CleverReach. The provider is CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach organizes and analyzes the distribution of newsletters for us. The personal data processed by CleverReach is stored on servers in Germany or Ireland. We can use this service to analyze the behavior of the recipients of the newsletter, for example, how many recipients have opened the newsletter and how often users clicked on which link in the newsletter. Users can find out more information about CleverReach’s data analysis by visiting https://www.cleverreach.com/de/funktionen/reporting-und-tracking/, or in CleverReach’s Privacy Policy https://www.cleverreach.com/en/privacy-policy/.

The legal basis for this processing is the user’s consent pursuant to Art. 6 (1) lit. a) GDPR, which the user can revoke at any time with future effect, for example by clicking on the unsubscribe link in the newsletter.

 

6. Matomo

We use the open source web analytics application “Matomo” by InnoCraft Ltd, New Zealand on the website to analyze the behavior of our users on the website. This application uses cookies, for more details see Section 7. Cookies. When the website is accessed, the following data is collected and stored:

  • An IP address of the calling system of the user shortened/anonymized by one byte
  • The accessed URL
  • The URL from which the user has reached the called URL (referer)
  • The subpages that are called up from the called-up website
  • The dwell time on the website
  • The frequency of the call to the respective URL(s)

The data is not disclosed to third parties.

The application is set so that the IP addresses are not stored completely, but 1 byte of the IP address is masked. In this way, an assignment of the truncated IP address to the requesting device is no longer possible.

The user can prevent the analysis by making use of the following opt-out:

In this case, an opt-out cookie is set for the user. If the user deletes cookies from his user device in the meantime, this opt-out cookie is also deleted and he must save it again.

 

7. Cookies

We use cookies on the website to make the visit attractive and to enable the use of certain functions. Cookies are small text files that are stored on the user’s computer and enable us to recognize the user device. Users have the option of setting their browser so that no cookies can be stored. In this case, certain areas or functions of the website may not work properly.

The website uses cookies from Matomo to measure the use of the website in order to optimize the website accordingly. We do not share information obtained from these cookies with third parties or use it for customized advertising. The legal basis for the use of these cookies is the protection of legitimate interests in accordance with Art. 6 (1) lit. f) GDPR. The legitimate interests lie in analyzing the use of the website in order to make it as pleasant as possible for users. Users can object to the use of Matomo in Section 6. Objecting to Matomo.

The website stores the following cookies:

Name Lifetime Description
MATOMO_SESSID* 30 minutes / session This cookie from Matomo (formerly: Piwik) of InnoCraft Ltd (New Zealand) is used to track and temporarily store user behavior and page views during the session. We do not share any information collected through this cookie with Matomo or any other third party.
mtm_consent_removed* 30 years This cookie from Matomo of InnoCraft Ltd. (New Zealand) we use to allow users to withdraw their consent.
matomo_ignore Until user deletes We use this cookie from Matomo of InnoCraft Ltd (New Zealand) to mark users for us who have objected to the use of Matomo to measure their user behavior. As long as that cookie is saved, no further analysis cookies are saved. We do not share any information collected through this cookie with Matomo or any other third party.

 

8. Facebook and Instagram

We offer users additional information and content through the Instagram and Facebook platforms, both of which are operated by Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). We point out to users that they use these platforms and their functions on their own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).

When visiting the two platforms, Facebook collects technical information (e.g. the IP address) as well as other information that is available in the form of cookies on the user’s PC. In addition, the data that the user discloses about himself on the platform by editing his profile or interacting on the platform is recorded. Facebook may transfer this data to countries outside the European Union. Facebook describes in general terms in its Data Policy exactly what information Facebook receives, processes and, if applicable, transfers to third countries, how users can contact Facebook, customize their ads, and manage and delete the data Facebook collects https://www.facebook.com/about/privacy. At the following link, users can find the data use policy specific to Instagram’s processing of data https://www.facebook.com/help/instagram/519522125107875.

When you visit our Facebook page, Facebook uses the data collected to provide us, as the operator of the page, with statistical information about the use of the page. With respect to the processing of such Insights data, Facebook and we are joint controllers within the meaning of Article 26(1) of the GDPR. We have entered into a shared responsibility agreement with Facebook, which states that Facebook has primary responsibility for fulfilling data protection obligations and enabling data subjects’ rights. Users can find more information on this at the following link https://www.facebook.com/help/pages/insights.

Furthermore, we only collect and process the data that users make available to us through their interaction on the platforms. The purpose of this processing is to moderate our information offering and respond to content and requests. The legal basis is the protection of our legitimate interests in accordance with Art. 6 (1) lit. f) GDPR or, to the extent the purpose of contacting us is to conclude a contract, Art. 6 (1) lit. b) GDPR.

 

9. TikTok

We use the TikTok platform of TikTok, Inc, 10100 Venice Blvd, Culver City, CA 90232 USA (“TikTok”) to provide additional information to our users. We remind users that they use the TikTok platform and its functions under their own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).

The data collected about users when using the Service is processed by TikTok and may be transferred outside the European Union. This includes the IP address, the application used, details of the device used (including device ID and application ID), information on websites accessed, the location, the mobile phone service provider and other information available on the user’s PC in the form of cookies.

In addition, TikTok collects personal data from users for the purpose of evaluating user behavior. TikTok makes some of this data and analysis available to us, as the operator of the TikTok profile, in anonymized and aggregated form. This involves the number of new followers, demographic data such as gender and country, but without any attribution to individual persons. We use these analytics to customize and optimize our TikTok profile to be as user-friendly as possible, as well as to market our posts. The legal basis for this is the protection of our legitimate interests pursuant to Art. 6 (1) lit. f) GDPR.

We have no influence on the type and scope of the data processed by TikTok, the way in which it is processed and used, or the transfer of this data to third parties. TikTok describes in general terms what information it collects and processes in its Privacy Policy, which can be found under the following link https://www.tiktok.com/legal/privacy-policy?lang=en. For information about the cookies set by TikTok, users should refer to the Cookie Policy https://www.tiktok.com/legal/tiktok-website-cookies-policy?lang=en. Users can also find additional information about using TikTok in the End User License Agreement https://www.tiktok.com/legal/terms-of-service?lang=en.

For the TikTok profile setup, we chose the most privacy-friendly settings possible. We, as the provider of the TikTok profile, only collect and process the data from the use of the service which the users make available to us through their interaction on the platform. The purpose of this processing is to moderate our offer and respond to requests. The legal basis is the protection of our legitimate interests according to Art. 6 (1) lit. f) GDPR.

 

10. Twitter

We offer users additional information via the short message service Twitter of Twitter Inc, 795 Folsom St, Suite 600, San Francisco, CA 94107, USA, (“Twitter”). We point out to the users that they use the offered Twitter short message service and its functions on their own responsibility. This applies in particular to the use of interactive functions (e.g. sharing, rating).

The data collected about users when using the service is processed by Twitter and may be transferred to countries outside the European Union. This includes, but is not limited to, the IP address, the application used, information about the device used (including device ID and application ID), information about web pages viewed, location, and mobile phone service provider. This data is attributed to the data of the Twitter account or the Twitter profile of the users. We have no influence on the type and scope of the data processed by Twitter, the type of processing and use or the transfer of this data to third parties.

Users can find information about which data is processed by Twitter and for what purposes in Twitter’s privacy policy (https://twitter.com/privacy?lang=en) as well as on the possibility to view their own data at Twitter (https://support.twitter.com/articles/20172711#). Furthermore, users have the option of requesting information via the Twitter privacy form or archive requests:

As the provider of the information service, we have chosen the most privacy-friendly settings possible. Furthermore, we only collect and process the data that users make available to us through their interaction on Twitter. The purpose of this processing is to moderate our information offering and respond to content and requests. The legal basis is the protection of our legitimate interests in accordance with Art. 6 (1) lit. f) GDPR or, to the extent the purpose of contacting us is to conclude a contract, Art. 6 (1) lit. b) GDPR.

 

11. YouTube

For our YouTube channel, we use the technical platform and service of YouTube, LLC, a company belonging to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, (“Google”). We would like to point out to users that they use the YouTube site and its functions under their own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).

The data collected about users when using the service is processed by Google and may be transferred outside the European Union. This includes the IP address, the application used, details of the device used (including device ID and application ID), information on websites accessed, the location, the mobile phone service provider and other information available on the user’s PC in the form of cookies.

This data is attributed by Google to the data of the YouTube account or the Google account. We have no influence on the type and scope of the data processed by Google, the way in which it is processed and used and the transfer of this data to third parties. In its Privacy Policy, Google describes in general terms what information it collects and processes. There, users will also find information on how to contact Google, along with settings options with which users can specify that Google cannot collect certain data (such as information on your location). Google’s Privacy Policy is available at the following link https://policies.google.com/privacy. Users can find general information on data protection settings when using Google services at the following link https://safety.google/privacy/privacy-controls/, as well as with specific reference to individual services (including YouTube) at the following link https://policies.google.com/technologies/product-privacy?hl=en. Users can find information on the use of personal data for advertising purposes by Google and on the corresponding settings options at the following link https://safety.google/privacy/ads-and-data/.

For the setup of the YouTube channel, we have chosen the most privacy-friendly settings possible. As the provider of the YouTube channel, we only collect and process the data that users provide to us through their interaction on the platform. The purpose of this processing is to moderate our offer and respond to requests. The legal basis is the protection of our legitimate interests according to Art. 6 (1) lit. f) GDPR.

 

12. Data transfers to third parties

In some areas we use service providers as processors, who may process data for us. This applies in particular to the IT services category. We have concluded contracts with these processors in accordance with Art. 28 (3) GDPR to ensure that they also only process the data in compliance with all data protection laws.

If we are legally obliged to do so, we may also transmit personal data to authorities or courts. The legal basis for this is Art. 6 (1) lit. c) GDPR.

 

13. Storage period of the data

We store personal data for as long as is necessary for the stated purposes of the processing or as long as we are legally entitled or obliged to store it.

 

14. Data Protection Rights

Users may at any time request information pursuant to Article 15 of the GDPR, rectification pursuant to Article 16 of the GDPR, erasure under the conditions of Article 17 of the GDPR, restriction pursuant to Article 18 of the GDPR and their right to data portability pursuant to Article 20 of the GDPR. In addition, users have the right to object to processing on grounds relating to their person in accordance with Article 21 GDPR, insofar as it is based on Article 6 (1) lit. f) GDPR. To the extent that users do not agree with the processing of their data, they have the right to lodge a complaint with a competent supervisory authority. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen)