Legal
For our users in the United Kingdom, PREMATCH is managed by our team in the United Kingdom. Responsible in terms of data protection law lies with PREMATCH Sports Ltd. The following privacy policy applies.
🇩🇪 Disclaimer: Wenn du PREMATCH für den Amateurfußball in Deutschland nutzt, findest du hier die entsprechende Datenschutzerklärung.
In the following, we inform you about the processing of your personal data in connection with the use of the Prematch app (hereinafter referred to as the "app"). This policy sets out how PREMATCH Sports Ltd (‘we’, ‘our’, ‘us’) use and protect your personal data in accordance with applicable UK data protection laws.
Personal data is all data that can be related to a specific natural person, e.g. their name, address, email address, phone number or IP address.
For better readability, the generic masculine is used in this declaration. All personal designations used refer to all genders.
1.1 Person responsible
The controller responsible for your personal data and for data processing in the app pursuant to Article 4 (7) of the UK General Data Protection Regulation (as defined in Section 3(10) and supplemented by Section 205(4) of the Data Protection Act 2018) (“UK GDPR”) is PREMATCH Sports Ltd, 10 John Street, London, United Kingdom, email: privacy@prematchapp.uk.
1.2 Data protection officer
Our data protection officer can be contacted via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, email: datenschutz@heydata.eu.
Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is: GDPR Local Ltd.
Adam Brogden (GDPR Local Ltd.)
1st Floor Front Suite,
27-29 North Street,
Brighton,
England
Email: contact@gdprlocal.com
Tel: +44 1772 217800
1.3 Scope of data processing, processing purposes and legal bases
The scope of the processing of personal data, the personal data we process, the purposes of processing and the legal bases are explained in detail in the Appendix. The following legal bases may be relied on by us for processing your personal data:
1.4 Third Party Access
If necessary, we may transfer (or otherwise give access to) your personal data to certain third parties for one or more of the purposes specified in this privacy policy and in particular to the following recipients:
1.5 Data processing outside the UK
Insofar as we transfer your personal data to service providers or other third parties outside the United Kingdom (UK), adequacy decisions of the UK Information Commissioner’s Office (ICO) pursuant to Art. 45 of UK GDPR guarantee the security of the data during transfer, insofar as these exist, as is the case, for example, for countries in the European Economic Area, Andorra, Argentina, Faroe Islands, Guernsey, Isle of Man, New Zealand, Israel, and Switzerland.
If no adequacy decision exists, the appropriate safeguard we will usually rely on is the specific standard contractual terms approved for use in the UK which give the transferred personal data the same protection as it has in the UK, namely the International Data Transfer Agreement or the International Data Transfer Addendum to the European Commission’s standard contractual clauses for international data transfers . Many of the providers have issued contractual guarantees that go beyond the standard contractual clauses and protect the data beyond the standard contractual clauses. These are, for example, guarantees regarding the encryption of the data or regarding the obligation of the third party to inform the data subject if law enforcement agencies wish to access data.
1.6 Storage period
Unless explicit storage periods are specified in this privacy policy, your personal data stored by us will be deleted when it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If your personal data is not deleted because it is required for other (legally permissible) purposes, its processing will be restricted, i.e. your personal data will be blocked and not processed for other purposes. This applies, for example, to personal data that we must retain for commercial or tax law reasons.
1.7 Rights of the data subjects
As a data subject, you have the following rights vis-à-vis us with regard to the personal data concerning you that we process:
In particular, you can object to the display of data in your profile (e.g. market value) if you do not want this. We will then delete your profile.
You can exercise the above rights by contacting us using the contact details provided in this privacy policy.
As a data subject, you also have the right to complain to a data protection supervisory authority at any time about the processing of your personal data. The UK’s data protection authority is the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.
1.8 No obligation to provide data
You are neither contractually nor legally obliged to provide us with personal data. However, if you refuse to provide such personal data that is necessary for the use of the app or that we are legally obliged to collect, you will not be able to use the app or will only be able to use it to a limited extent.
Mandatory information is labelled as such in the app.
1.9 No automated decision-making in individual cases
We do not use fully automated decision-making in accordance with Article 22 of UK GDPR. Should we use such a process in individual cases, we will inform you of this separately.
1.10. Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any actual or suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
1.11 Updates
We keep our privacy policy under regular review. This version was last updated on Aug 22, 2024.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.
Appendix - Specific Data Processing
Downloading the app
Our app is available for download from Google's Play Store and Apple's App Store (hereinafter "Stores"). When you download the app, the required information is transmitted to the stores, in particular your user name, email address and account customer number, time of download, payment information and individual device identification number. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary for downloading the mobile app to the mobile device.
Information security
When you use our app, we collect data that is necessary to ensure the stability and security of the app. This is our legitimate interest, so the legal basis is Article 6 (1) (f) of UK GDPR (legitimate interest).
Collection of data & calculation of market values
We collect data about amateur footballers from various sources. These sources include, in particular, our users who upload data and statistics from amateur football to our platform (user-generated content). We also collect data from public sources, such as online platforms, websites and club press releases. The app uses this data to calculate a fictitious market value, which includes the following parameters in particular:
Current & previous league level of the player
Age of the player
Position of the player
Performance data of the team
Performance data of the player
Prematch calculates a fictitious market value for all players in the adult sector (unless they have expressly objected to this). Market values are determined on the basis of various publicly available parameters (if known):
In a first step, a base value is calculated based on the current league level of the players. The higher the league, the higher the respective base value. This base value is then adjusted based on the historical leagues in which the players were active in recent seasons.
In a second step, the team's performance data (goals scored, goals conceded, fair play rating) and the position and age of the players are taken into account. This is based on the consideration that, for example, a young player has greater development potential than an older player and his market value should therefore be higher if the other parameters are the same.
In a third step, individual performance data from the players' last ten matches is then included in the assessment. For all players, it is taken into account whether they were in the squad, were in the starting eleven, how long they played and whether they led the team onto the pitch as captain. In addition, the performance data included differs according to position: for goalkeepers, the goals conceded by the team are included, whereas for strikers, the goals scored are included in the market value.
Our market value has no claim to accuracy or realism, but serves - just like the presentation of the data in our app - solely for the entertainment of our users.
The data is stored on our servers for as long as the player is active and deleted as soon as the player requests the deletion of their data.
The legal basis for data processing is Article 6 (1) (f) of UK GDPR. We are interested in providing our users with an app that is as attractive as possible, including market values for playful performance comparisons.
If you do not agree to the display of data concerning you (e.g. market value) in our app, you can object to this at any time. We will then remove your profile from the app.
User account
You can open a user account in the app. We initially process the personal data requested in this context and displayed in your profile on the basis of Article 6 (1) (f) of UK GDPR. Our legitimate interest is to provide you with the functions of the user account.
If you register your user account and agree to our terms of use, the data processing is carried out to fulfil the concluded user contract in accordance with Article 6 (1) (b) of UK GDPR.
As a verified user, you can add further data to your user account on a voluntary basis. You can find more information about this in your user account.
Single sign-on
You can log in to our app using one or more single sign-on procedures. To do this, you use the login details you have already created for another provider. The prerequisite is that you are already registered with the respective provider. If you log in using the single sign-on procedure, we receive information from the provider that you are logged in with the provider and the provider receives information that you are using the single sign-on procedure in our app. Depending on the settings in your account on the provider's website, the provider may provide us with additional information. The legal basis for this processing lies in the user contract between the provider and you.
Providers of the procedure(s) offered:
Verification of a player profile
As a user, you can request to verify your player profile in our app. In order to verify the identity of the user, we process the personal data that is requested in the verification flow.
The legal basis for the processing is Article 6 (1) (f) of UK GDPR in conjunction with our legitimate interest in preventing the takeover of third-party player profiles.
Making contact
When you contact us, e.g. by email or telephone, the personal data you provide us with (e.g. names and email addresses) will be stored by us in order to answer your questions. The legal basis for the processing is our legitimate interest (Article 6 (1) (f) of UK GDPR) in answering enquiries addressed to us. If the communication concerns the initiation of a user relationship or an existing user relationship, the legal basis is Article 6 (1) (b) of UK GDPR.
Competitions
We occasionally offer competitions. We process the data requested to determine and notify the winners. We then delete your data. It is in our legitimate interest to offer competitions to attract new users or to interact with our existing users. The legal basis for data processing is Article 6 (1) (f) of UK GDPR.
Surveys
From time to time, we conduct surveys to get to know our users and their wishes better. In doing so, we collect the personal data requested in each case. It is our legitimate interest to get to know our users and their wishes better, so that the legal basis for the associated data processing is Article 6 (1) (f) of UK GDPR. We delete the data once the results of the surveys have been analysed.
PRO Club subscription
The Prematch app contains functions to purchase paid content via the provider of the app store of the respective device (Google for Android devices and Apple for iOS devices), called PRO Club subscription. The Prematch app uses the technical interface provided by the provider to determine whether a purchase has been made. This involves communication with the provider's app store. The data transmitted in this process is processed in accordance with the provider's data protection regulations and is not accessible to us.
The legal basis for the data processing associated with the initiation, execution and termination of a PRO Club subscription is Article 6 (1) (b) of UK GDPR.
To manage and analyse in-app purchases, we use the RevenueCat product from Revenue Cat, Inc. (hereinafter "RevenueCat"), based at 633 Tarava St. Suite 101, San Francisco, CA 94116 USA.
The data stored and analysed by RevenueCat can be viewed at the following link: https://www.revenuecat.com/dpa
Newsletter (Electronic)
We reserve the right to inform users who have already used our services and from whom we have received an e-mail address or other address for electronic contact (e.g. via SMS and/or Whatsapp or other messenger services) from time to time via this e-mail or other electronic contact address about our similar offers, unless they have objected to this. We rely on the exemption under Article 22 of the Privacy and Electronic Communication Regulations 2003 (PECR) for carrying out this activity. The legal basis for this personal data being processed is Article 6 (1) (f) of UK GDPR. Our legitimate interest lies in the use of direct advertising (Recital 47 of UK GDPR). You can object to the use of your email or other electronic contact address for advertising purposes at any time and without stating reasons and at no additional cost, for example via the link at the end of any electronic contact in this context or by sending an email to our email address stated above.
Based on the consent of the recipients (Article 6 (1) (a) of UK GDPR), we also measure the opening and click rate of our newsletters in order to understand which content is relevant to them.
We send newsletters with the following tools:
We also regularly send information, vouchers and other marketing communications to users who have subscribed to our newsletter (by email or telephone number). In these cases, the processing is based on the consent of the recipients in accordance with Article 6 (1) (a) of UK GDPR. You can revoke your consent to receive the newsletter at any time, e.g. by contacting us using the contact details provided in this privacy policy.
If you have registered to receive communication via WhatsApp, we will process the contact data with the help of WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Further information about the processing of personal data by WhatsApp can be found at https://www.whatsapp.com/legal/privacy-policy
Tools from third-party providers
Firebase Cloud Messaging
We use Firebase Cloud Messaging to communicate with our users. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).
The legal basis for processing is Article 6 (1) (a) of UK GDPR. Processing takes place on the basis of consent. You can withdraw your consent at any time, e.g. by contacting us using the contact details provided in this privacy policy. The revocation does not affect the legality of the processing until the revocation.
Further information can be found in the provider's privacy policy at https://firebase.google.com/support/privacy.
Amazon AWS
We use Amazon AWS for hosting. The provider is Amazon Web Services EMEA Sarl, 38 avenue John F. Kennedy, L-1855, Luxembourg. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).
It is our legitimate interest to provide an app, so the legal basis for data processing is Article 6 (1) (f) of UK GDPR. Insofar as the hosting of the data is necessary to fulfil our obligations under the terms of use, the legal basis is Article 6 (1) (b) of UK GDPR.
Further information can be found in the provider's privacy policy at https://aws.amazon.com/de/privacy/?nc1=f_pr.
AppsFlyer
We use AppsFlyer for analysis. The provider is AppsFlyer Ltd, 14 Maskit St., Herzlia, Israel. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).
The legal basis for processing is Article 6 (1) (a) of UK GDPR. Processing takes place on the basis of consent. You can withdraw your consent at any time, e.g. by contacting us using the contact details provided in this privacy policy.
Further information can be found in the provider's privacy policy at https://www.appsflyer.com/legal/privacy-policy/.
Firebase
We use Firebase for application development. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland . The provider processes usage data (e.g. interest in content, access times), contact data (e.g. email addresses, telephone numbers) and meta/communication data (e.g. device information, IP addresses).
The legal basis for processing is Article 6 (1) (f) of UK GDPR. We have a legitimate interest in developing new applications in a simple manner.
Further information can be found in the provider's privacy policy at https://firebase.google.com/terms/data-processing-terms/.
Firebase App Check
We use Firebase App Check to track errors in applications and for repair management. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland . The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).
The legal basis for processing is Article 6 (1) (f) of UK GDPR. We have a legitimate interest in monitoring the functionality of our applications appropriately.
Further information can be found in the provider's privacy policy at https://policies.google.com/privacy.
Firebase Crashlytics
We use Firebase Crashlytics to track errors in applications and for repair management. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland . The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).
The legal basis for processing is Article 6 (1) (f) of UK GDPR. . Our legitimate interest is to be able to offer a functioning app.
Further information can be found in the provider's privacy policy at https://policies.google.com/privacy.
CleverTap
We use CleverTap to analyse and communicate with our users. The provider is WizRocket Inc, 19th Floor, DLH Park, SV Road, Goregaon West, Mumbai 400062, India. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).
The legal basis for processing is Article 6 (1) (f) of UK GDPR, insofar as we send you messages with content that is a core component of our app (e.g. messages that inform you about the progress of a game) or do not require consent for other reasons. Insofar as we send you messages that contain advertising content and require prior consent under appliable laws, the legal basis is Article 6 (1) (a) of UK GDPR in conjunction with your consent. You can revoke your consent at any time, e.g. by contacting us using the contact details provided in this privacy policy. The revocation does not affect the legality of the processing until the revocation.
Further information can be found in the provider's privacy policy at https://clevertap.com/privacy-policy/.
Intercom
We use Intercom to communicate with our users. The provider is Intercom R&D Unlimited Company, 2nd Floor Stephen Court, 18-21 St. Stephen's Green, Dublin, 2, Ireland. The provider processes content data (e.g. entries in online forms), contact data (e.g. e-mail addresses, telephone numbers), meta/communication data (e.g. device information, IP addresses) and master data (e.g. names, addresses).
The legal basis for processing is Article 6 (1) (f) of UK GDPR. Our legitimate interest is to respond to enquiries from our users.
Further information can be found in the provider's privacy policy at https://www.intercom.com/de/legal/privacy.
Segment
We use Segment for analysis. The provider is Segment.io, Inc, 100 California Street Suite 700 San Francisco, CA 94111, USA. The provider processes meta/communication data (e.g. device information, IP addresses).
The legal basis for processing is Article 6 (1) (a) of UK GDPR. Processing takes place on the basis of consent. You can withdraw your consent at any time, e.g. by contacting us using the contact details provided in this privacy policy. The revocation does not affect the legality of the processing until the revocation.
Further information can be found in the provider's privacy policy at https://segment.com/legal/privacy/.
Sentry
We use Sentry to monitor applications and to track errors in applications or on websites. The provider is Functional Software, Inc, 132 Hawthorne Street San Francisco, CA 94107, USA. The provider processes usage data (e.g. interest in content, access times), content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses).
The legal basis for processing is Article 6 (1) (f) of UK GDPR. Our legitimate interest is to be able to offer a functioning app.
Further information can be found in the provider's privacy policy at https://sentry.io/privacy/.
Amplitude
We use Amplitude for product analysis. The provider is Amplitude, Inc, 631 Howard St. Floor 5, San Francisco, CA 94105, USA. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).
The legal basis for processing is Article 6 (1) (a) of UK GDPR. Processing takes place on the basis of consent. You can withdraw your consent at any time, e.g. by contacting us using the contact details provided in this privacy policy.
Further information can be found in the provider's privacy policy at https://amplitude.com/privacy.
Typeform
We use Typeform for questionnaires and forms. The provider is Typeform S.L., 163 Carrer de Bac de Roda, Barcelona, Spain. The provider processes content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses).
The legal basis for processing is Article 6 (1) (f) of UK GDPR. Our legitimate interest is in particular to enable user enquiries to our customer service.
Further information can be found in the provider's privacy policy at https://admin.typeform.com/to/dwk6gt.
Facebook SDK
We use Facebook SDK for analysis. The provider is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).
The legal basis for processing is Article 6 (1) (a) of UK GDPR. Processing takes place on the basis of consent. You can withdraw your consent at any time, e.g. by contacting us using the contact details provided in this privacy policy.
Further information can be found in the provider's privacy policy at https://www.facebook.com/policy.php.
Zapier
We use Zapier for automation between applications. The provider is Zapier, Inc, 548 Market St. #62411, San Francisco, CA 94104-5401, USA. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).
The legal basis for processing is Article 6 (1) (f) of UK GDPR. We have a legitimate interest in simply connecting the applications in our company and thus optimising the way we work.
Further information can be found in the provider's privacy policy at https://zapier.com/privacy.
SendGrid
We use SendGrid to communicate with customers. The provider is Twilio, Inc, 375 Beale Street, Suite 300, San Francisco, CA 94105, USA. The provider processes usage data (e.g. interest in content, access times), contact data (e.g. email addresses, telephone numbers), meta/communication data (e.g. device information, IP addresses) and master data (e.g. names, addresses).
The legal basis for processing is Article 6 (1) (f) of UK GDPR. We have a legitimate interest in being able to send e-mails technically.
Further information can be found in the provider's privacy policy at https://www.twilio.com/legal/privacy.
Firebase Authentication
We use Firebase Authentication to authenticate our users. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).
The legal basis for processing is Article 6 (1) (f) of UK GDPR. We have a legitimate interest in sufficiently authenticating users of our app.
Further information can be found in the provider's privacy policy at https://policies.google.com/privacy.
YouTube videos
We use YouTube videos for videos in the app. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).
The legal basis for processing is Article 6 (1) (a) of UK GDPR. Processing takes place on the basis of consent. You can withdraw your consent at any time, e.g. by contacting us using the contact details provided in this privacy policy.
Further information can be found in the provider's privacy policy at https://policies.google.com/privacy.
Braze
We use Braze for customer interaction and personalisation of messages in applications or on websites. The provider is Braze, Inc, 318 West 39th Street, 5th Floor, New York, NY 10018, USA. The provider processes usage data (e.g. interest in content, access times), content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses).
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to be able to offer a personalised and user-oriented communication and app experience.
Further information can be found in the provider's privacy policy at https://www.braze.com/company/legal/privacy
RevenueCat
We use RevenueCat to manage in-app purchases and subscriptions in our applications and websites. The provider is RevenueCat, Inc, 633 Taraval Street, San Francisco, CA 94116, USA. The provider processes usage data (e.g. interest in content, transaction data, access times), content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses).
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to ensure the smooth administration of in-app purchases and subscriptions and to optimise the user experience.
Further information can be found in the provider's privacy policy
Microsoft Azure
We use Microsoft Azure for application development. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. The provider processes usage data (e.g., interest in content, access times), contact details (e.g., email addresses, phone numbers), and meta/communication data (e.g., device information, IP addresses).
The legal basis for this processing is Article 6(1)(f) of the GDPR. We have a legitimate interest in developing new applications in a simple and efficient manner.
Further information can be found in the provider’s privacy policy at https://azure.microsoft.com/support/legal/
