OnePlayr

Welcome to OnePlayr! ONEPLAYR is pioneering a digital revolution that redefines the soccer experience through artificial intelligence and other technical innovations. Our platform invites fans and players alike to actively participate in a global community and benefit from it. ONEPLAYR isn’t just a platform; it’s a movement that connects soccer lovers everywhere — whether you’re a player, a weekend warrior, or a fan. With an AI-powered analysis system, players can upload soccer videos representing their unique abilities.

This Privacy Policy aims to inform you, our valued user, about how OnePlayr collects, uses, and protects your personal data. We are committed to ensuring your privacy and safeguarding your information in accordance with applicable data protection laws. By using our services, you acknowledge that you have read and understood this policy, allowing us to transparently explain our data handling practices and your rights regarding your personal data. The app is currently only available as a beta version. The beta focuses on video creation and the community experience.

I. OnePlayr GmbH as Data Controller

The data controller in accordance with the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection regulations is:

OnePlayr GmbH

Lilienweg 16

74388 Talheim

Germany

Email: info@oneplayr.com

Website: www.oneplayr.com

For direct contact with our data protection officer, please send a letter to

OnePlayr GmbH

- confidential - for the data protection officer only

Lilienweg 16

74388 Talheim

Germany

or reach out via email at legal@oneplayr.com and request a direct confidential contact.

II. General Information on Data Processing

1. Scope of Processing Personal Data

We process personal data of our users only to the extent necessary to provide a functional application and our contents and services. The processing of personal data of our users is regularly conducted only with the consent of the user. An exception applies in cases where obtaining prior consent is not possible for factual reasons and where the processing of data is permitted by legal regulations.

If we obtain consent from the data subject for processing operations of personal data, Article 6(1)(a) GDPR serves as the legal basis.​ We process your personal data in accordance with Article 6(1)(a) GDPR when you have given your consent to the respective processing. Your consent is voluntary and can be revoked by you at any time. You will receive further information about the processing activity based on your consent in any case. Please note that the withdrawal of your consent does not have retroactive effect; any processing that has already taken place remains unaffected.

For the processing of personal data necessary for the fulfillment of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for carrying out pre-contractual measures. ​We process your personal data in accordance with Article 6(1)(b) GDPR when the processing is carried out to provide our services based on the contract concluded between us.​ This includes processing in the context of providing the app and associated services on the OnePlayr platform, as well as services related to OnePlayr’s crypto-based services and products. For example, this processing is necessary for the creation or provision of your account or for the provision of the profile you have set up. Further information on the scope of the services we provide can be found in the respective contractual documents and their terms and conditions.

If processing is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.​ We process your personal data in accordance with Article 6(1)(c) GDPR due to our legal obligations as a service provider. We are subject to various legal obligations, including the obligation to verify age or to fulfill tax-related reporting and control obligations.

If processing is necessary for the protection of a legitimate interest of our company or a third party, and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interest, Article 6(1)(f) GDPR serves as the legal basis. ​We process your personal data in accordance with Article 6(1)(f) GDPR when we have a legitimate interest in doing so.​ This means that our interest in processing your data is not overridden by your interests or your fundamental rights and freedoms. Whether this is the case is determined by us on a general basis and before the initiation of the respective processing activity. We will consider the purposes outlined below and assess the specific circumstances in each situation, taking into account the legitimate expectations you might have based on your relationship with us. We conduct this analysis to ensure that these data processing activities do not infringe upon your data protection rights. These purposes include the following:

  • Enforcement of legal claims and defense in legal disputes;

  • Ensuring our IT security and the overall IT operations;

  • Prevention and investigation of criminal offenses;

  • Non-promotional email correspondence;

  • Testing and optimizing needs analysis procedures, including customer segmentation;

  • Direct marketing or market research regarding the functionality and performance of our services;

  • Measures to further develop the capabilities of our services (for example, our app).

If you would like more information on the considerations mentioned above or if you wish to opt out of certain data processing activities based on our legitimate interest due to your particular circumstances, please contact us so that we can further assess your situation and the ongoing processing activities.

3. Type of Data Processed

Most of the personal data we process is provided by you (for example, your name or email address). We also process data from your device that we collect during your use of our app or website, as well as, where permissible, data we obtain from third parties or public sources.

We collect and process your personal data when you create an account. If you do not provide the following information, you will not be able to create an account with us:

  • Email address

During your registration, we also collect your device’s location (which you must allow via your device settings), and we may also request additional information or documents due to legal requirements (e.g., data protection or youth protection), in accordance with our legal obligations as a financial institution.

​We collect and process this data to fulfill our legal and contractual obligations.

After registration, you will either be activated as a user or receive a notification about the waiting list if the maximum number of users has already been reached.​ In this case, we will still create your account. For verification, we send each user a code via email, which they can then use to set a username and password.

Within the app, you can undergo additional onboarding and voluntarily provide additional information. This includes data such as nationality, place of residence, height, and a profile picture. These details are optional and are solely for the purposes of profile enhancement.

​As a user, you can upload videos of yourself and participate in so-called challenges.​ The challenges are clearly defined and provide a description as well as, if applicable, a sample video. In the feed, other users can see your videos and the videos of all other users, and they can scroll through the feed, visit profiles, and like videos. For participating in or winning a challenge, users earn credits, which can be used on the platform at a later time.​

​We use the information you provide to personalize our service to a limited extent as described below.​ You can personalize our services by, for example, selecting different display modes and colors and determining whether and for what purposes we may collect and use your in-app data.

In addition, we process your personal data, such as your interactions with the feed and other actions you take, to show you contract updates, new features, or new services in our app, or to demonstrate how you can use our services. We process the data to fulfill our contractual obligations based on the choices you make, as applicable, based on your consent, and with regard to warnings based on our legal obligations.

The beta focuses on video creation and the community experience. Interactions are primarily visual; users upload videos and profile information, scroll through the feed, and can like content. All submissions are voluntary, so the legal basis for this processing is your consent.

You also have the option to change your contact information and other personal data. This processing is carried out to fulfill our contractual obligations.

4. Data Deletion and Storage Duration

​We only retain your data for as long as we need it to provide you with our services or to comply with our legal obligations.​ We are subject to various statutory retention requirements that dictate how long we are legally obliged to store data. These laws apply even if you explicitly request us to delete your data. Our retention periods arise from our regulatory and tax reporting obligations, which can vary between 2 and 10 years, and in some exceptions, up to 15 years (usually starting from the end of the respective calendar year). As we are a German company, German statutory retention periods apply, unless the laws of the country in which you are located explicitly provide otherwise. The key German laws (which generally stem from EU directives and regulations) in this context are the General Tax Code, the Money Laundering Act, and the Commercial Code. Furthermore, the retention period also depends on the statutory limitation periods, which vary by location and can range from 2 years to up to 30 years. Personal data that we process based on your consent will be stored until you withdraw your consent or close your account, and we no longer have a legitimate interest in retaining this data.​ For example, if you have consented to receive marketing emails, we must retain your consent for a certain period to demonstrate that the marketing emails you have received from us are based on your validly granted consent.

5. Marketing Activities and Social Media

We process personal data for our marketing activities and in connection with our use of social media. We also process personal data to display or send personalized advertising. For this purpose, we use the information made available to us as well as data collected during your use of our app, including delivery confirmations and information about whether messages have been read. You can object to this processing at any time by contacting us or by closing your account. ​The processing of your data for advertising purposes, where no consent is required, is based on our legitimate interest in direct advertising and marketing.​ We only use tracking data for marketing purposes based on your consent, and you can withdraw your consent at any time in your profile settings.

III. Provision of the App and Creation of Logfiles

1. Description and Scope of Data Processing

With each use of our app, our system automatically collects data and information from the computer system of the accessing device. The following data is collected:

  • Browser type and version: Information about the browser type and the version used.

  • Operating system: The operating system of the user’s device.

  • IP address: The user’s IP address.

  • Date and time of access: Date and time of access.

  • Visited pages: Features that are accessed from the user’s system.

  • Device: Device Vendor, Model, OS Version Information

The temporary storage of the IP address by the system is necessary to enable the delivery of the app to the user’s device. For this, the user’s IP address must be stored for the duration of the session. The data is deleted as soon as it is no longer necessary for the purposes of its collection. In the case of the collection of data for the provision of the app, this is the case when the respective session is finished. The collection of data for the provision of the app and the storage of data in logfiles are essential for the operation of the app. Thus, the legal basis for the temporary storage of data and logfiles is Article 6(1)(f) GDPR.

IV. Recipients or Categories of Recipients

​We only transfer your data to third parties (data processors as well as other data controllers) when this is in compliance with applicable law.​ The data controllers are responsible for processing your data on their own, and you can assert your rights as a data subject directly with them. Data processors process your data on our instructions and under our responsibility. We generally engage data processors when we outsource specific areas of our services, such as IT services, handling certain customer service inquiries, logistics, or printing services.

1. Categories of Recipients

Depending on how you use our services, we may share your personal data with the following categories of recipients:

  • Public authorities and institutions for the purposes of fulfilling legal obligations, fraud and crime prevention, enforcing claims, or defending legal claims;

  • External consultants or lawyers for the purposes of fulfilling legal obligations, fraud and crime prevention, enforcing claims, or defending legal claims;

  • Service providers that provide technical services such as sending SMS messages or conducting video identifications, customer service functions, or text analysis services (including artificial intelligence) to deliver our services to you;

  • Service providers that host and provide the IT infrastructure for us or ensure our IT security to deliver our services to you;

  • Marketing services such as social networks, email providers, customer data platforms, technical service providers for marketing campaigns or contests, and advertising networks to promote our services to you and others.

​You can contact us if you would like more information about the respective recipients of personal data.

2. Recipients of Your Personal Data

  • Apple and Google​Purpose of Data Sharing:

    • The user shares specific data with the service providers Apple and Google, particularly in connection with push notifications and encrypted communication channels.​

    • Data Contents: The shared information includes details about push notifications and encrypted communications with the OnePlayr app servers in the case of Apple iCloud Private Relay.

    • Legal Basis: This data sharing occurs in the context of using the app on iOS and Android devices and is subject to the terms of service of the respective platform.

  • Expo (650 Industries, Inc.)

    • Service: Expo is used as a service provider for push notifications, automated app updates, and app delivery.

    • Data Contents: Expo only receives device-specific information (operating system, device type, and app-specific data) for the provision of services. Personal data of users is not shared.

    • Legal Basis: The data sharing is carried out for the provision of technical services and is subject to the data protection regulations of the Expo services.

  • Amazon Web Services (AWS)

    • Service: AWS is utilized as the hosting provider for the OnePlayr app in the eu-central-1 region (Germany / Frankfurt am Main).

    • Data Contents: All user data, including email, password, and video content, is stored encrypted in the databases and storage buckets of the Germany region. Video and image files are delivered globally through the AWS CloudFront Content Delivery Network (CDN).

    • CDN and Data Transfer: Through CloudFront, data is mirrored from Frankfurt to various Edge Centers worldwide to enable efficient delivery for users. As a result, data is transferred to different countries, including Dubai, the USA, Mexico, Argentina, South Korea, Japan, Australia, Kenya, and many others. A detailed list of Edge Locations can be found here: https://aws.amazon.com/de/cloudfront/features/?whats-new-cloudfront.sort-by=item.additionalFields.postDateTime&whats-new-cloudfront.sort-order=desc.

    • Legal Basis: The storage, encryption, and distribution of data occur within the framework of the app provision and are subject to the data protection regulations of AWS services.

3. Transfer of Personal Data to Third Countries

​To ensure an adequate level of data protection, we only transfer personal data to third parties outside the European Economic Area if at least one of the following transfer mechanisms is in place:​

  • If the European Commission has confirmed that an adequate level of data protection exists in the third country according to Article 45(1) GDPR;

  • The recipient has established so-called Binding Corporate Rules;

  • The EU Standard Contractual Clauses adopted by the European Commission have been agreed upon between us and the third party; or

  • You have consented to the transfer.

You can contact us if you would like more information about the respective transfer mechanism (possibly including copies of the relevant mechanism) and the service providers we use.

V. Automated Decisionmaking

When you use our services, we may make automated decisions within the meaning of Article 22 GDPR.​ This means that we process your personal data, current changes to your personal data, and other factors such as the use of an unknown device to predict a risk or a specific outcome. For example, selfie authentication is carried out in an automated manner. As long as this is not legally prohibited, we will inform you about an automated decision made under Article 22 GDPR and provide you with further information. You can request a manual review of an automated decision by a person at any time. We only make automated decisions under certain circumstances and only to comply with our legal obligations and to protect your and our interest in a safe and secure service, for example, to combat violent content.

VI. App Permissions

When using our app, we may ask you to grant access to certain features of your device (so-called app permissions). Depending on the operating system, you must either grant these permissions explicitly or you can revoke them for each permission in your device’s app settings.

During the onboarding process, we require access to your microphone and camera, as well as the location of your device. You can revoke these permissions at any time in your operating system settings. Additionally, we may also seek permission to send you push notifications or to use information on your device to make your login more secure (e.g., Face ID or fingerprint unlocking).

​You are free to consent to this processing or not, and we will process your data based on your consent.

VII. Your Rights

You have the following data protection rights:​

  • The right to access your personal data (Article 15 GDPR);

  • The right to rectification (Article 16 GDPR);

  • The right to erasure (Article 17 GDPR);

  • The right to restriction of processing (Article 18 GDPR);

  • The right to object to processing (Article 21 GDPR); and

  • The right to data portability (Article 20 GDPR) within the legal provisions.

With regard to the right of access to your data and the right to erasure, the restrictions pursuant to Article 17(3) GDPR and applicable local law must be taken into account. You have the right to withdraw your consent at any time with effect for the future (Article 7(3) sentence 1 GDPR). However, the lawfulness of processing carried out before the withdrawal is not affected.

In addition, there is the right to lodge a complaint with the data protection supervisory authority pursuant to Article 77 GDPR in conjunction with Section 19 of the Federal Data Protection Act.