Privacy Policy
Last updated: September 30, 2024
The protection of your personal data is important to us. With this privacy policy, we would like to explain to you in more detail what personal data we collect and for what purposes this data is processed.
1. Controller and contact
The controller for purposes of processing your personal data is:
Brezuk GmbH
Konradstrasse 20
8005 Zürich
Switzerland
If you have any questions or suggestions regarding data protection or would like to exercise your rights, please feel free to contact us at the following link:
https://www.brezuk.com/contact
You can reach our Data Protection Officer at: [email protected]
For clarity, any data processing by activity providers who offer their services on the Brezuk platform is subject to their respective privacy policies. Activity providers act as separate data controllers.
2. Subject of data protection
The subject of data protection is personal data, i.e. all information relating to an identified or identifiable natural person. Personal data is also referred to simply as data in the following.
3. Automated data collection
When accessing our website, your end device automatically transmits data for technical reasons. The following data is stored separately from other data that you may transmit to us:
- URL of the page accessed
- Latency of the network connection
- IP address
- Date and time
We store this data for the following purposes:
- for load balancing, i.e. to distribute access to our website across several devices and to be able to offer you the fastest possible loading times;
- to ensure the security of our IT systems, e.g. to defend against specific attacks on our systems and to recognise attack patterns;
- to ensure the proper operation of our IT systems, e.g. if errors occur that we can only rectify by storing the IP address;
- to enable criminal prosecution, averting of danger or legal prosecution in the event of specific indications of criminal offences.
Your IP address is only stored for a period of 30 days.
In this case, the processing is carried out to ensure the security of the processing in accordance with Art. 32 GDPR, as well as on the basis of our legitimate interest in protecting ourselves against misuse of our service (Art. 6 para. 1 lit. f GDPR).
4. Brezuk account
Registration
- Nickname
- Email address
- Passwords
Your registration data is required to set up and manage a user account for you. In this case, you conclude a user agreement with us, on the basis of which we collect this data (Art. 6 para. 1 lit. b GDPR).
In order to conclude the agreement, you must provide us with this data. However, you are neither contractually nor legally obliged to conclude the agreement and thus to provide the data. Furthermore, you have the option to sign up with your already existing Google account and/or Apple account.
5. Customer support
5.1 Processing of enquiries
Customer support and other enquiries are handled entirely via email. The processor of your request is Brezuk GmbH. In this case we store the content of your enquiry as well as the email address with which the enquiry was sent. We store the data for 365 days.
5.2 Improvement of customer service
In order to continuously improve our customer service, we analyse enquiries sent to us on the basis of certain parameters and keywords. Although, as a matter of principle, no analysis is carried out on the basis of personal data, it cannot be ruled out that, in individual cases, personal data may also be processed within this context. The processing required within this context serves our legitimate interest as well as that of our customers in the continuous improvement of our customer service (Art. 6 para. 1 lit. f GDPR).
6. Technical service providers
We use technical service providers for hosting and some of the services required for the website. Accordingly, the processing of data takes place on the servers of these service providers. These service providers only process the data according to our explicit instructions and are obliged to guarantee sufficient technical and organisational measures for data protection. Consequently, our service providers act for us as so-called processors within the meaning of Art. 28 GDPR.
6.1 Hosting of the website
For the hosting of our website, we use the services of Cloudflare Germany GmbH based in Germany. Accordingly, when you interact with our website, it is processed on Cloudflare servers.
7. Joining an existing sport activity
7.1 Joining an existing sport activity
When you join a sports activity on our app, we collect the data required to carry out the activity. This usually includes the following information: nickname and the date and time of joining.
The processing that takes place in connection with this is based on Art. 6 para. 1 lit. b GDPR. To the extent necessary, we will transfer your data to the host responsible for the activity who will process your personal data as set out in their privacy policy as an independent data controller. If a transfer to a third country outside the European Economic Area is necessary, this is based on Art. 49 para. 2 lit. b, c GDPR.
7.2 Joining reminders
In order to keep you updated on your joinings we will send you reminders and updates for upcoming activities (e.g. activity approaching in 24 hours, not enough participants in a game you’ve joined, new messages from the host of an activity you’ve joined, changed cornerstones of the activity (date and/or time and/or location), game call off) to make sure that you have all information you need to attend your joined activity. On your device, you can choose to not be notified anymore.
We process your personal data in order to be able to provide you with these features of our service (Art. 6 para. 1 lit. b GDPR).
8. Being matched up for a sports activity
8.1 Being matched up for a sports activity
When you decide to be matched up for sport activities and thereby buy a subscription on our app, we collect the data required to carry out the best possible matchup. This usually includes the following information: nickname, preferred sport, preferred sport subcategories, preferred range of activity modes, preferred range of participants, preferred skill levels, preferred genders, current state of fitness, desired number of sport activities per week, your availabilities (days, times, locations).
For certain activities we are required to book facilities for you. In order to book these facilities we additionally require the following information: first name, last name, address. In some cases also your age, and your gender. Please note that certain facility owners require the disclosure of this information. If you do not wish for this information to be disclosed, do not provide the information. You must note however, that this means we can’t book certain facilities for you, which means that you choose to not use the full range of our service provision.
The processing that takes place in connection with this is based on Art. 6 para. 1 lit. b GDPR. To the extent necessary, we will transfer your data to potential participants for them to decide whether they want to join an activity with you. Depending on your privacy settings, the extent of visible information may be limited.
8.2 Ratings of your matched activity
After participating in a matched up activity, we send all participants in-app forms to rate their experience. The ratings are voluntary and intended to improve future matchups on an ongoing basis. The ratings concern the participants’ satisfaction with the skill level and fitness level of the other participants, the vibe of the activity with the other participants as well as their satisfaction with the chosen location. The processing that takes place in connection with this is based on Art. 6 para. 1 lit. b GDPR.
9. Customer Surveys and Research Panels
We might invite you to participate in moderated or unmoderated research panels. You might be either a Brezuk Customer or an external participant recruited independently. The participation and the video recordings of these sessions are always based on your express consent, which we collect in writing before the research activity. These research agencies act as data controllers. We invite you to participate based on our legitimate interest and we do not address you in case you have opted out of marketing emails.
10. Social media
10.1 Instagram
Our Instagram page can be found at: https://www.instagram.com/brezuk.official
Instagram is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland"). The Instagram privacy policy can be found at: https://help.instagram.com/519522125107875 . In it you will also find information on the settings options for your account.
Your personal data may also be made available to other Facebook or Instagram companies. This may involve the transfer of personal data to the USA and other third countries for which there is no EU Commission adequacy decision. In this case, Facebook will use the standard contractual clauses approved by the EU Commission. Further information can also be found in the Instagram Privacy Policy.
In addition, as part of the operation of our Instagram page, we are jointly responsible with Facebook for the processing of so-called Instagram Insights. With the help of these Instagram Insights, Facebook analyses the behaviour on our Instagram page and provides us with this information in non-personal form. For this purpose, we have concluded a joint data protection responsibility agreement with Facebook, which you can view at the following link: https://facebook.com/legal/terms/page_controller_addendum . In it, Facebook undertakes, among other things, to assume primary responsibility under the GDPR for the processing of Instagram Insights and to fulfil all obligations under the GDPR with regard to the processing of Page Insights.
10.2 LinkedIn
You can find our LinkedIn account at: https://www.linkedin.com/company/brezuk
For users located in the European Economic Area and Switzerland, LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn Ireland"). You can find LinkedIn's data protection guidelines here: https://www.linkedin.com/legal/privacy-policy?trk=organization-guest_footer-privacy-policy . In it you will also find information on the settings options for your LinkedIn profile.
Please note that LinkedIn also transfers personal data to third countries outside the European Economic Area for which there is no EU Commission adequacy decision. Insofar as such a transfer occurs, LinkedIn will use the standard contractual clauses approved by the EU Commission. Corresponding information can be found at https://www.linkedin.com/help/linkedin/answer/62533 .
Finally, we receive non-personal information and analytics from LinkedIn about the use of our account or interactions with our posts. This information allows us to analyse and optimise the effectiveness of our LinkedIn activities. The processing that takes place within this context is based on our legitimate interest in optimising our LinkedIn activities (Art. 6 para. 1 lit. f GDPR).
10.3 Social Media Management
In order to measure the success of our social media activities, we also record when we are tagged on social media networks. Within this context, we also process information about the people who tag us. The processing that takes place within this context is based on our legitimate interest in optimising our social media activities (Art. 6 para. 1 lit. f GDPR).
10.4 Analysis of our social media activities
We also evaluate the success of our social media postings. We analyse how often individual postings are clicked. The data processing is based on our legitimate interest in analysing our reach and the success of our social media activities.
11. Further sharing of data
Beyond the cases described, your personal data will only be passed on without your express prior consent in the following cases:
If it is necessary for the clarification of an illegal use of our services or for legal prosecution, personal data will be forwarded to the law enforcement authorities and, if necessary, to injured third parties. However, this only happens if there are specific indications of unlawful or abusive behaviour. A transfer may also take place if this serves to enforce terms of use or other agreements. We are also legally obliged to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offences subject to fines and the tax authorities.
This data is disclosed on the basis of our legitimate interest in combating abuse, prosecuting criminal offences and securing, asserting and enforcing claims and provided that your rights and interests in the protection of your personal data are not overridden, Art. 6 para. 1 lit. f GDPR or on the basis of a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR.
We disclose personal data to auditors, accounting service providers, lawyers, banks, tax consultants and similar bodies insofar as this is necessary for the provision of our services (Art. 6 para. 1 lit. b GDPR) or the proper operation of our business (Art. 6 para. 1 lit. f GDPR) or we are obliged to do so (Art. 6 para. 1 lit. c GDPR).
We rely on contractually affiliated third-party companies and external service providers ("processors") to provide the services. In such cases, personal data is passed on to these processors to enable them to continue processing. These processors are carefully selected and regularly reviewed by us to ensure that your rights and freedoms are protected. The processors may only use the data for the purposes specified by us and are also contractually obliged by us to treat your data exclusively in accordance with this privacy policy and the German data protection laws.
The transfer of data to processors takes place on the basis of Art. 28 para. 1 GDPR.
As part of the further development of our business, it may happen that the structure of Brezuk GmbH changes by changing the legal form, founding, buying or selling subsidiaries, parts of the company or components. In such transactions, customer information is passed on together with the part of the company to be transferred. Whenever personal information is disclosed to third parties to the extent described above, we will ensure that this is done in accordance with this privacy policy and the relevant data protection laws.
Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as necessary (Art. 6 para. 1 lit. f GDPR).
12. Automated individual decisions or profiling measures
We do not use any automated processing processes to bring about a decision or profiling.
13. Erasure of your data
We delete or anonymise your personal data as soon as it is no longer necessary for the purposes for which we collected or used it in accordance with the above paragraphs. We also continue to retain your data if we are obliged to do so for legal reasons or if the data is needed for a longer period of time for criminal prosecution or to secure, assert or enforce legal claims.
If you delete your user account, your profile will be deleted completely and permanently. However, we will retain backup copies of your data to the extent and for as long as this data is required for legal reasons or for criminal prosecution or to secure, assert or enforce legal claims.
If data must be retained for legal reasons, processing will be restricted. The data is then no longer available for further use.
Storage beyond the contractual relationship is based on our aforementioned legitimate interests according to Art. 6 para. 1 lit. f GDPR.
14. Your rights as a data subject
You have the rights described below with regard to the processing of your personal data. To exercise your rights, you can make a request by post or by email to the address above.
14.1 Right of access to information
You have the right to receive information from us at any time, upon request, about the personal data we process that concerns you, to the extent and subject to the conditions of Art. 15 GDPR and § 34 BDSG.
14.2 Right to correct incorrect data
You have the right to request that we correct personal data relating to you without delay if it is inaccurate.
14.3 Right to erasure
You have the right to demand that we delete the personal data concerning you under the conditions described in Art. 17 GDPR and § 35 BDSG. These conditions provide in particular for a right to erasure if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an obligation to erasure under Union law or the law of the Member State to which we are subject. Please note that an erasure of your account information (user name, email address, password) results in a deletion of your account.
14.4 Right to restriction of processing
You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the duration that the verification of the accuracy requires, as well as in the event that the data subject requests restricted processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer required for the purposes pursued by us, but the user requires it for the assertion, exercise or defence of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user.
14.5 Right to data portability
You have the right to receive from us the personal data relating to you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 GDPR.
14.6 Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Art. 6 para. 1 lit. e or f GDPR, in accordance with Art. 21 GDPR. We will then stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
14.7 Right of appeal
You have the right to contact a supervisory authority of your choice in case of complaints.
14.8 Data processing when exercising your rights
Finally, we would like to point out that we process the personal data provided by you when exercising your rights pursuant to Art. 15 to 22 GDPR for the purpose of implementing these rights and to be able to provide evidence thereof. This processing is based on the legal basis of Art. 6 para. 1 lit. c GDPR in conjunction with Art. 15 to 22 GDPR and § 34 para. 2 BDSG.23
15. Changes to this privacy policy
The current version of this privacy policy is always available at https://www.brezuk.com/privacy .