Legal

data privacy

For our users in the United Kingdom, PREMATCH is managed by our team in the United Kingdom. Responsible in terms of data protection law lies with PREMATCH Sports Ltd. The following privacy policy applies.

🇩🇪 Disclaimer: Wenn du PREMATCH für den Amateurfußball in Deutschland nutzt, findest du hier die entsprechende Datenschutzerklärung.

In the following, we inform you about the processing of your personal data in connection with the use of the Prematch app (hereinafter referred to as the "app"). This policy sets out how PREMATCH Sports Ltd (‘we’, ‘our’, ‘us’) use and protect your personal data in accordance with applicable UK data protection laws. 

Personal data is all data that can be related to a specific natural person, e.g. their name, address, email address, phone number or IP address.

For better readability, the generic masculine is used in this declaration. All personal designations used refer to all genders.

1. Overview 

1.1 Person responsible 

The controller responsible for your personal data and for data processing in the app pursuant to Article 4 (7) of the UK General Data Protection Regulation (as defined in Section 3(10) and supplemented by Section 205(4) of the Data Protection Act 2018) (“UK GDPR”) is PREMATCH Sports Ltd, 10 John Street, London, United Kingdom, email: privacy@prematchapp.uk. 

1.2 Data protection officer

Our data protection officer can be contacted via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, email: datenschutz@heydata.eu.

Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is: GDPR Local Ltd.

Adam Brogden (GDPR Local Ltd.)

1st Floor Front Suite,

27-29 North Street,

Brighton,

England

Email: contact@gdprlocal.com

Tel: +44 1772 217800

1.3 Scope of data processing, processing purposes and legal bases

The scope of the processing of personal data, the personal data we process, the purposes of processing and the legal bases are explained in detail in the Appendix. The following legal bases may be relied on by us for processing your personal data: 

  • Consent: Article 6 (1) (a) of UK GDPR serves as the legal basis for processing operations for which we obtain consent.
  • Contract: Article 6 (1) (b) of UK GDPR is the legal basis insofar as the processing of personal data is necessary for the fulfilment of a contract, e.g. to fulfil our obligations under the terms of use. This legal basis also applies to processing that is necessary for pre-contractual measures, for example in the case of enquiries about our services.
  • Legal Obligation: Article 6 (1) (c) of UK GDPR applies if we fulfil a legal obligation with the processing of personal data, e.g. arising from tax law.
  • Legitimate Interest: Article 6 (1) (f) of UK GDPR serves as the legal basis if we can rely on legitimate interests for the processing of personal data, e.g. for the processing of user enquiries.

1.4 Third Party Access

If necessary, we may transfer (or otherwise give access to) your personal data to certain third parties for one or more of the purposes specified in this privacy policy and in particular to the following recipients:

  • External service providers who provide services to us (including, without limitation, those set out in the Appendix – specifically those set out in section ‘Tools from third-party providers’ in the Appendix). 
  • Authorities where required under applicable laws or otherwise. 
  • Partner company or other entities within our corporate group. 
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

1.5 Data processing outside the UK

Insofar as we transfer your personal data to service providers or other third parties outside the United Kingdom (UK), adequacy decisions of the UK Information Commissioner’s Office (ICO) pursuant to Art. 45 of UK GDPR guarantee the security of the data during transfer, insofar as these exist, as is the case, for example, for countries in the European Economic Area, Andorra, Argentina, Faroe Islands, Guernsey, Isle of Man, New Zealand, Israel, and Switzerland. 

If no adequacy decision exists, the appropriate safeguard we will usually rely on is the specific standard contractual terms approved for use in the UK which give the transferred personal data the same protection as it has in the UK, namely the International Data Transfer Agreement or the International Data Transfer Addendum to the European Commission’s standard contractual clauses for international data transfers . Many of the providers have issued contractual guarantees that go beyond the standard contractual clauses and protect the data beyond the standard contractual clauses. These are, for example, guarantees regarding the encryption of the data or regarding the obligation of the third party to inform the data subject if law enforcement agencies wish to access data.

1.6 Storage period

Unless explicit storage periods are specified in this privacy policy, your personal data stored by us will be deleted when it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If your personal data is not deleted because it is required for other (legally permissible) purposes, its processing will be restricted, i.e. your personal data will be blocked and not processed for other purposes. This applies, for example, to personal data that we must retain for commercial or tax law reasons.

1.7 Rights of the data subjects

As a data subject, you have the following rights vis-à-vis us with regard to the personal data concerning you that we process:

  • Request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
  • You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes. 
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
  • If you want us to establish the data's accuracy;
  • Where our use of the data is unlawful but you do not want us to erase it;
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
  • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

In particular, you can object to the display of data in your profile (e.g. market value) if you do not want this. We will then delete your profile. 

You can exercise the above rights by contacting us using the contact details provided in this privacy policy.  

As a data subject, you also have the right to complain to a data protection supervisory authority at any time about the processing of your personal data. The UK’s data protection authority is the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.

1.8 No obligation to provide data

You are neither contractually nor legally obliged to provide us with personal data. However, if you refuse to provide such personal data that is necessary for the use of the app or that we are legally obliged to collect, you will not be able to use the app or will only be able to use it to a limited extent.

Mandatory information is labelled as such in the app.

1.9 No automated decision-making in individual cases

We do not use fully automated decision-making in accordance with Article 22 of UK GDPR. Should we use such a process in individual cases, we will inform you of this separately.

‍1.10. Security 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any actual or suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

1.11 Updates 

We keep our privacy policy under regular review. This version was last updated on Aug 22, 2024. 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

Appendix - Specific Data Processing

Downloading the app

Our app is available for download from Google's Play Store and Apple's App Store (hereinafter "Stores"). When you download the app, the required information is transmitted to the stores, in particular your user name, email address and account customer number, time of download, payment information and individual device identification number. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary for downloading the mobile app to the mobile device.

Information security 

When you use our app, we collect data that is necessary to ensure the stability and security of the app. This is our legitimate interest, so the legal basis is Article 6 (1) (f) of UK GDPR (legitimate interest).

Collection of data & calculation of market values

We collect data about amateur footballers from various sources. These sources include, in particular, our users who upload data and statistics from amateur football to our platform (user-generated content). We also collect data from public sources, such as online platforms, websites and club press releases. The app uses this data to calculate a fictitious market value, which includes the following parameters in particular:

Current & previous league level of the player

Age of the player

Position of the player

Performance data of the team

Performance data of the player

Prematch calculates a fictitious market value for all players in the adult sector (unless they have expressly objected to this). Market values are determined on the basis of various publicly available parameters (if known):

In a first step, a base value is calculated based on the current league level of the players. The higher the league, the higher the respective base value. This base value is then adjusted based on the historical leagues in which the players were active in recent seasons. 

In a second step, the team's performance data (goals scored, goals conceded, fair play rating) and the position and age of the players are taken into account. This is based on the consideration that, for example, a young player has greater development potential than an older player and his market value should therefore be higher if the other parameters are the same.   

In a third step, individual performance data from the players' last ten matches is then included in the assessment. For all players, it is taken into account whether they were in the squad, were in the starting eleven, how long they played and whether they led the team onto the pitch as captain. In addition, the performance data included differs according to position: for goalkeepers, the goals conceded by the team are included, whereas for strikers, the goals scored are included in the market value.

Our market value has no claim to accuracy or realism, but serves - just like the presentation of the data in our app - solely for the entertainment of our users. 

The data is stored on our servers for as long as the player is active and deleted as soon as the player requests the deletion of their data.

The legal basis for data processing is Article 6 (1) (f) of UK GDPR. We are interested in providing our users with an app that is as attractive as possible, including market values for playful performance comparisons.

If you do not agree to the display of data concerning you (e.g. market value) in our app, you can object to this at any time. We will then remove your profile from the app. 

User account

You can open a user account in the app. We initially process the personal data requested in this context and displayed in your profile on the basis of Article 6 (1) (f) of UK GDPR. Our legitimate interest is to provide you with the functions of the user account.  

If you register your user account and agree to our terms of use, the data processing is carried out to fulfil the concluded user contract in accordance with Article 6 (1) (b) of UK GDPR.  

As a verified user, you can add further data to your user account on a voluntary basis. You can find more information about this in your user account. 

Single sign-on

You can log in to our app using one or more single sign-on procedures. To do this, you use the login details you have already created for another provider. The prerequisite is that you are already registered with the respective provider. If you log in using the single sign-on procedure, we receive information from the provider that you are logged in with the provider and the provider receives information that you are using the single sign-on procedure in our app. Depending on the settings in your account on the provider's website, the provider may provide us with additional information. The legal basis for this processing lies in the user contract between the provider and you.

Providers of the procedure(s) offered:

  • Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). Personal data we receive from Facebook is communicated to users by Facebook as part of the registration process. Information on Facebook and the contact details of the data protection officer as well as further information on how Facebook processes personal data, including the legal basis and the options for exercising rights as a data subject vis-à-vis Facebook, can be found at https://www.facebook.com/about/privacy. We are jointly responsible with Facebook for the data processing carried out by Facebook in the context of the use of the procedure and have concluded an agreement with Facebook on joint responsibility (Article 26 of UK GDPR). There we have defined the respective responsibilities for the fulfilment of the obligations under the UK GDPR with regard to joint processing. We are obliged to provide the above information and Facebook has assumed responsibility for the further rights of data subjects in accordance with Article 15-20 of UK GDPR.

Verification of a player profile

As a user, you can request to verify your player profile in our app. In order to verify the identity of the user, we process the personal data that is requested in the verification flow.

The legal basis for the processing is Article 6 (1) (f) of UK GDPR in conjunction with our legitimate interest in preventing the takeover of third-party player profiles. 

Making contact

When you contact us, e.g. by email or telephone, the personal data you provide us with (e.g. names and email addresses) will be stored by us in order to answer your questions. The legal basis for the processing is our legitimate interest (Article 6 (1) (f) of UK GDPR) in answering enquiries addressed to us. If the communication concerns the initiation of a user relationship or an existing user relationship, the legal basis is Article 6 (1) (b) of UK GDPR. 

Competitions

We occasionally offer competitions. We process the data requested to determine and notify the winners. We then delete your data. It is in our legitimate interest to offer competitions to attract new users or to interact with our existing users. The legal basis for data processing is Article 6 (1) (f) of UK GDPR.

Surveys

From time to time, we conduct surveys to get to know our users and their wishes better. In doing so, we collect the personal data requested in each case. It is our legitimate interest to get to know our users and their wishes better, so that the legal basis for the associated data processing is Article 6 (1) (f) of UK GDPR. We delete the data once the results of the surveys have been analysed.

PRO Club subscription

The Prematch app contains functions to purchase paid content via the provider of the app store of the respective device (Google for Android devices and Apple for iOS devices), called PRO Club subscription. The Prematch app uses the technical interface provided by the provider to determine whether a purchase has been made. This involves communication with the provider's app store. The data transmitted in this process is processed in accordance with the provider's data protection regulations and is not accessible to us.

The legal basis for the data processing associated with the initiation, execution and termination of a PRO Club subscription is Article 6 (1) (b) of UK GDPR.

To manage and analyse in-app purchases, we use the RevenueCat product from Revenue Cat, Inc. (hereinafter "RevenueCat"), based at 633 Tarava St. Suite 101, San Francisco, CA 94116 USA.

The data stored and analysed by RevenueCat can be viewed at the following link: https://www.revenuecat.com/dpa

Newsletter (Electronic)

We reserve the right to inform users who have already used our services and from whom we have received an e-mail address or other address for electronic contact (e.g. via SMS and/or Whatsapp or other messenger services) from time to time via this e-mail or other electronic contact address about our similar offers, unless they have objected to this. We rely on the exemption under Article 22 of the Privacy and Electronic Communication Regulations 2003 (PECR) for carrying out this activity. The legal basis for this personal data being processed is Article 6 (1) (f) of UK GDPR. Our legitimate interest lies in the use of direct advertising (Recital 47 of UK GDPR). You can object to the use of your email or other electronic contact address for advertising purposes at any time and without stating reasons and at no additional cost, for example via the link at the end of any electronic contact in this context or by sending an email to our email address stated above.

Based on the consent of the recipients (Article 6 (1) (a) of UK GDPR), we also measure the opening and click rate of our newsletters in order to understand which content is relevant to them.

We send newsletters with the following tools: 

  • SendGrid of the provider Twilio, Inc, 375 Beale Street, Suite 300, San Francisco, CA 94105, USA (privacy policy: https://www.twilio.com/legal/privacy). The provider processes content, usage, meta/communication data and contact data in the USA.
  • Mailchimp of the provider Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (privacy policy: https://mailchimp.com/legal/privacy/). The provider processes content, usage, meta/communication data and contact data in the USA.
  • Sendinblue of the provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (privacy policy: https://de.sendinblue.com/legal/privacypolicy/). The provider processes content, usage, meta/communication data and contact data in the EU.

We also regularly send information, vouchers and other marketing communications to users who have subscribed to our newsletter (by email or telephone number). In these cases, the processing is based on the consent of the recipients in accordance with Article 6 (1) (a) of UK GDPR. You can revoke your consent to receive the newsletter at any time, e.g. by contacting us using the contact details provided in this privacy policy. 

If you have registered to receive communication via WhatsApp, we will process the contact data with the help of WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Further information about the processing of personal data by WhatsApp can be found at https://www.whatsapp.com/legal/privacy-policy

Tools from third-party providers

Firebase Cloud Messaging

We use Firebase Cloud Messaging to communicate with our users. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis for processing is Article 6 (1) (a) of UK GDPR. Processing takes place on the basis of consent. You can withdraw your consent at any time, e.g. by contacting us using the contact details provided in this privacy policy. The revocation does not affect the legality of the processing until the revocation.

Further information can be found in the provider's privacy policy at https://firebase.google.com/support/privacy.

Amazon AWS

We use Amazon AWS for hosting. The provider is Amazon Web Services EMEA Sarl, 38 avenue John F. Kennedy, L-1855, Luxembourg. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

It is our legitimate interest to provide an app, so the legal basis for data processing is Article 6 (1) (f) of UK GDPR. Insofar as the hosting of the data is necessary to fulfil our obligations under the terms of use, the legal basis is Article 6 (1) (b) of UK GDPR.  

Further information can be found in the provider's privacy policy at https://aws.amazon.com/de/privacy/?nc1=f_pr.

AppsFlyer

We use AppsFlyer for analysis. The provider is AppsFlyer Ltd, 14 Maskit St., Herzlia, Israel. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis for processing is Article 6 (1) (a) of UK GDPR. Processing takes place on the basis of consent. You can withdraw your consent at any time, e.g. by contacting us using the contact details provided in this privacy policy. 

Further information can be found in the provider's privacy policy at https://www.appsflyer.com/legal/privacy-policy/.

Firebase

We use Firebase for application development. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland . The provider processes usage data (e.g. interest in content, access times), contact data (e.g. email addresses, telephone numbers) and meta/communication data (e.g. device information, IP addresses).

The legal basis for processing is Article 6 (1) (f) of UK GDPR. We have a legitimate interest in developing new applications in a simple manner.

Further information can be found in the provider's privacy policy at https://firebase.google.com/terms/data-processing-terms/.

Firebase App Check

We use Firebase App Check to track errors in applications and for repair management. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland . The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis for processing is Article 6 (1) (f) of UK GDPR. We have a legitimate interest in monitoring the functionality of our applications appropriately.

Further information can be found in the provider's privacy policy at https://policies.google.com/privacy.

Firebase Crashlytics

We use Firebase Crashlytics to track errors in applications and for repair management. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland . The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis for processing is Article 6 (1) (f) of UK GDPR. . Our legitimate interest is to be able to offer a functioning app. 

Further information can be found in the provider's privacy policy at https://policies.google.com/privacy.

CleverTap

We use CleverTap to analyse and communicate with our users. The provider is WizRocket Inc, 19th Floor, DLH Park, SV Road, Goregaon West, Mumbai 400062, India. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis for processing is Article 6 (1) (f) of UK GDPR, insofar as we send you messages with content that is a core component of our app (e.g. messages that inform you about the progress of a game) or do not require consent for other reasons. Insofar as we send you messages that contain advertising content and require prior consent under appliable laws, the legal basis is Article 6 (1) (a) of UK GDPR in conjunction with your consent. You can revoke your consent at any time, e.g. by contacting us using the contact details provided in this privacy policy. The revocation does not affect the legality of the processing until the revocation.

Further information can be found in the provider's privacy policy at https://clevertap.com/privacy-policy/.

Intercom

We use Intercom to communicate with our users. The provider is Intercom R&D Unlimited Company, 2nd Floor Stephen Court, 18-21 St. Stephen's Green, Dublin, 2, Ireland. The provider processes content data (e.g. entries in online forms), contact data (e.g. e-mail addresses, telephone numbers), meta/communication data (e.g. device information, IP addresses) and master data (e.g. names, addresses).

The legal basis for processing is Article 6 (1) (f) of UK GDPR. Our legitimate interest is to respond to enquiries from our users. 

Further information can be found in the provider's privacy policy at https://www.intercom.com/de/legal/privacy.

Segment

We use Segment for analysis. The provider is Segment.io, Inc, 100 California Street Suite 700 San Francisco, CA 94111, USA. The provider processes meta/communication data (e.g. device information, IP addresses).

The legal basis for processing is Article 6 (1) (a) of UK GDPR. Processing takes place on the basis of consent. You can withdraw your consent at any time, e.g. by contacting us using the contact details provided in this privacy policy. The revocation does not affect the legality of the processing until the revocation.

Further information can be found in the provider's privacy policy at https://segment.com/legal/privacy/.

Sentry

We use Sentry to monitor applications and to track errors in applications or on websites. The provider is Functional Software, Inc, 132 Hawthorne Street San Francisco, CA 94107, USA. The provider processes usage data (e.g. interest in content, access times), content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses).

The legal basis for processing is Article 6 (1) (f) of UK GDPR. Our legitimate interest is to be able to offer a functioning app. 

Further information can be found in the provider's privacy policy at https://sentry.io/privacy/.

Amplitude

We use Amplitude for product analysis. The provider is Amplitude, Inc, 631 Howard St. Floor 5, San Francisco, CA 94105, USA. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis for processing is Article 6 (1) (a) of UK GDPR. Processing takes place on the basis of consent. You can withdraw your consent at any time, e.g. by contacting us using the contact details provided in this privacy policy.

Further information can be found in the provider's privacy policy at https://amplitude.com/privacy.

Typeform

We use Typeform for questionnaires and forms. The provider is Typeform S.L., 163 Carrer de Bac de Roda, Barcelona, Spain. The provider processes content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses).

The legal basis for processing is Article 6 (1) (f) of UK GDPR. Our legitimate interest is in particular to enable user enquiries to our customer service.

Further information can be found in the provider's privacy policy at https://admin.typeform.com/to/dwk6gt.

Facebook SDK

We use Facebook SDK for analysis. The provider is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis for processing is Article 6 (1) (a) of UK GDPR. Processing takes place on the basis of consent. You can withdraw your consent at any time, e.g. by contacting us using the contact details provided in this privacy policy.

Further information can be found in the provider's privacy policy at https://www.facebook.com/policy.php.

Zapier

We use Zapier for automation between applications. The provider is Zapier, Inc, 548 Market St. #62411, San Francisco, CA 94104-5401, USA. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis for processing is Article 6 (1) (f) of UK GDPR. We have a legitimate interest in simply connecting the applications in our company and thus optimising the way we work.

Further information can be found in the provider's privacy policy at https://zapier.com/privacy.

SendGrid

We use SendGrid to communicate with customers. The provider is Twilio, Inc, 375 Beale Street, Suite 300, San Francisco, CA 94105, USA. The provider processes usage data (e.g. interest in content, access times), contact data (e.g. email addresses, telephone numbers), meta/communication data (e.g. device information, IP addresses) and master data (e.g. names, addresses).

The legal basis for processing is Article 6 (1) (f) of UK GDPR. We have a legitimate interest in being able to send e-mails technically.

Further information can be found in the provider's privacy policy at https://www.twilio.com/legal/privacy.

Firebase Authentication

We use Firebase Authentication to authenticate our users. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis for processing is Article 6 (1) (f) of UK GDPR. We have a legitimate interest in sufficiently authenticating users of our app.

Further information can be found in the provider's privacy policy at https://policies.google.com/privacy.

YouTube videos

We use YouTube videos for videos in the app. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The legal basis for processing is Article 6 (1) (a) of UK  GDPR. Processing takes place on the basis of consent. You can withdraw your consent at any time, e.g. by contacting us using the contact details provided in this privacy policy.

Further information can be found in the provider's privacy policy at https://policies.google.com/privacy.

Braze

We use Braze for customer interaction and personalisation of messages in applications or on websites. The provider is Braze, Inc, 318 West 39th Street, 5th Floor, New York, NY 10018, USA. The provider processes usage data (e.g. interest in content, access times), content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses).

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to be able to offer a personalised and user-oriented communication and app experience.

Further information can be found in the provider's privacy policy at https://www.braze.com/company/legal/privacy

RevenueCat

We use RevenueCat to manage in-app purchases and subscriptions in our applications and websites. The provider is RevenueCat, Inc, 633 Taraval Street, San Francisco, CA 94116, USA. The provider processes usage data (e.g. interest in content, transaction data, access times), content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses).

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to ensure the smooth administration of in-app purchases and subscriptions and to optimise the user experience.

Further information can be found in the provider's privacy policy