The AXXS website and app are operated by EMKAO GmbH. We are a company registered in Germany under company number 268662 with our registered office in c/o HQ (3rd floor) Feringastr. 6, D-85774 Unterföhring. EMKAO GmbH is part of the AXXS Group (hereinafter referred to as "AXXS", "We", "Our" and "Us").
1. Important information and who we are
The AXXS website and app are not intended for children and we do not knowingly collect data about children.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data by us infringes the GDPR. However, we would appreciate it if we could address your concerns before you contact the data protection supervisory authority and therefore ask you to contact us first.
It is important that the personal data we hold about you is accurate and up to date. Please 2 inform us if your personal data changes during your relationship with us.
Our Third Party Links
Website and App may contain links to third party websites, plug-ins and applications. When you click on these links or enable these connections, third parties may collect or share information about you. We have no control over these third party websites and are not responsible for their privacy policies.
2. The data we collect about you
Personal data or personal information is any information about an individual from which that individual can be identified. This does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different types of personal information about you, which we have summarised as follows:
Identity data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender and identity verification results.
Contact data includes billing address, shipping address, email address, social media account details and phone numbers.
Financial data includes bank account, PayPal and payment card details, the results of credit checks relating to you and details of funds held in your AXXS wallet in the app.
Transaction data includes details of payments to and from you and transaction details relating to the games you have played in our App.
Technical data includes IP address, your login details, browser type and version, time zone setting and geographic location, browser plug-in types and versions, operating system and platform, and other technologies on the devices you use to access this App.
Profile data includes your username and password, your interests, your responses to surveys, your preferences, your feedback, the football clubs you support, records of any games you have played on our App and your winnings, your activities during those games, details of your interactions with our in-app sports news articles, your history of using our App and details of other users you have added as friends on the App.
Usage data includes information about how you use our app, website, products and services and how you play our games.
Marketing and communications data includes your preferences about receiving marketing materials from us and our third parties and your communications preferences.
We do not collect special categories of personal data about you (this includes information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). We do not collect information about criminal convictions and offences.
If you do not provide personal data
If we are required by law or a contract we have with you to collect personal data and you do not provide it to us when requested, we may not be able to perform the contract we have entered into or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have ordered from us, but we will let you know in due course.
3. How is your personal data collected?
We use various methods to collect data from and about you, including through:
Direct interactions. You may provide us with your identity, contact, profile and financial data when you complete forms on our website or app, or when you correspond with us by post, telephone, email or otherwise. This includes personal data you provide when you:
use our mobile app;
create an account on our website or app;
join a game on the app;
subscribe to our service or publications;
request that marketing material be sent to you;
participate in a game, promotion or survey; or
provide feedback to us or have you contact us.
Third party or publicly available sources. We receive personal data about you from various third parties and public sources, as set out below Technical Data from the following parties:
(a) Analytics providers such as Google based outside the EU and EEA;
(b) Advertising networks such as Google and other search engine providers and social media platforms based both inside and outside the EU and EEA; and 4
(c) Search information providers such as Google, located both inside and outside the EU and EEA; and
(d) Hosting service providers (including for our backups and virus protection), such as Amazon Webservices based in the EEA.
• Contact, financial and transactional data from technical, payment and delivery service providers. - Identity and contact data from "Know Your Client" and identity verification agencies provided by Payment IQ/Bambora service providers based within and outside the EU and EEA, who in turn may also send or receive data from their own end suppliers, including Schufa, based within the EU.
• Identity and contact data of German football clubs.
• Identity and contact data if you interact with us via social media.
4. How we use your personal data
We will only use your personal data where the law allows us to do so. In most cases, we will use your personal data in the following circumstances:
When we need to perform the contract we want to enter into or have entered into with you.
When it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.
Click here to find out more about the types of legal basis we will rely on to process your personal data.
Generally, we do not rely on consent as a legal basis for processing your personal data, although we will obtain your consent before sending you direct marketing communications from third parties by email or text message or before sharing your data with football clubs. You have the right to withdraw your consent for marketing purposes at any time by contacting us.
Purposes for which we will use your personal data
Below is a tabular description of all the ways in which we intend to use your personal data and the legal basis on which we do so. Where appropriate, we have also indicated our legitimate interests.
Note that we may process your personal data for more than one legal ground depending on the specific purpose for which we use your data. Please contact us if you require details of the specific legal ground on which we rely when processing your personal data where more than one ground is set out in the table below.
|Purpose/Activity||Type of data||Lawful basis for processing including legitimate interest|
|To register you as a new customer||(a) Identity (b) Contact||(a) Performance of a contract with you (b) Necessary for our legitimate interests (to collect debts owed to us)|
|To process and deliver your order: (a) administer payments, fees and charges (b) collect and recover monies owed to us||(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and communication||(a) Performance of a contract with you (b) Necessary for our legitimate interests (to collect debts owed to us)|
|To enable you to participate in a prize draw, game or survey||(a) Identity (b) Contact (c) Profile (d) Use (e) Marketing and communication||(a) Fulfilment of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services and play our games in order to develop them and grow our business)|
|To manage and protect our business, website and app (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity (b) Contact (c) Technical||(a) Necessary for our legitimate interests (for the conduct of our business, the provision of administrative and IT services, network security, the prevention of fraud and in connection with a corporate or group reorganisation) (b) Necessary for compliance with a legal obligation|
|To develop and deliver relevant website and app content, games and advertising to you and to measure or understand the effectiveness of the advertising we provide to you||(a) Identity (b) Contact (c) Profile (d) Use (e) Marketing and communication (f) Technical||Necessary for our legitimate interests (to study how customers use our products/services and interact with our games, to develop them, to grow our business and to inform our marketing strategy)|
|Use of data analytics to improve our website, app, products/services, marketing, customer relationships and experiences||(a) Technical (b) Use (c) Profile||Necessary for our legitimate interests (to define customer types for our games, products and services, to keep our website and app up to date and relevant, to develop our business and inform our marketing strategy)|
|To make suggestions and recommendations to you about goods or services that may be of interest to you, including relevant news, new games or potential friends||(a) Identity (b) Contact (c) Technical (d) Use (e) Profile (f) Marketing and communication||Necessary for our legitimate interests (to develop our products/services and expand our business)|
|To provide your data to professional football clubs to assist them in communicating with their fans, merchandising or other activities within their privacy policies.||(a) Identity (b) Contact (c) Profile||Only with your consent|
We aim to give you the opportunity to decide how we use certain personal data, particularly in relation to marketing and advertising. We have put in place the following personal data controls:
Promotional offers from us: we may use your identity, contact, technical, usage and profile data to build up a picture of what we think you want or need or what may be of interest to you. This is how we decide which products, services, new games and offers might be relevant to you (we call this marketing).
Opt-Out: You will receive marketing communications from us if you have requested information from us or participated in a game on our App and you have not opted out of receiving these marketing communications.
Marketing by third parties: We will obtain your explicit consent before sharing your personal data with third parties for marketing purposes.
Opting out: You can ask us or third parties to stop sending you marketing communications at any time by emailing us or following the unsubscribe links in any marketing communication sent to you or by contacting us at any time. If you opt out of receiving our marketing messages, this will not apply to any personal data you have provided to us when participating in a game on the App, providing details of your product/service experience or in any other transaction.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we consider that we need to use it for a different purpose and that reason is compatible with the original purpose. If you would like an explanation of how processing for the new 8 purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for another purpose, we will inform you of this and explain the legal basis that allows us to do so.
Please note that we may process your personal data without your knowledge or consent in accordance with the above rules where required or permitted by law.
5. Disclosure of your personal data
We may disclose your personal data to the parties listed below for the purposes set out in the "Purposes of Use" table above.
Internal third parties, as described in the Glossary.
External third parties, as described in the Glossary.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only allow them to process your personal data for specific purposes and in accordance with our instructions.
6. International transfers
Many of our external service providers are based outside the EU and EEA, so their processing of your personal data will involve a transfer of data to countries outside the EU and EEA.
Whenever we transfer your personal data outside the EU and EEA, we will ensure that a similar level of protection is provided by implementing at least one of the following safeguards:
We will only transfer your personal data to countries which, in the opinion of the competent authorities, provide an adequate level of protection for personal data.
Where we use certain service providers, we may use standard contractual clauses and, where appropriate, other measures approved for use that protect personal data in the EU and EEA in the same way.
Please contact us if you would like more information about the specific mechanism we use when transferring your personal data outside the EU and EEA.
7. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used without authorisation or accessed, altered or disclosed. In addition, we restrict access to your personal data to those employees, agents, contractors and other third parties who need to know that data for business reasons. They will only process your 9 personal data on our instructions and are bound to confidentiality.
Access to our personal data databases is restricted and only those with verified requests and a business reason may be granted access. Neither our developers nor our service providers have direct access to our personal data databases. All actions are logged. Data is not kept on personal devices, nor can it be copied to a USB stick or external storage drive.
We have procedures in place in the event of a suspected personal data breach and will notify you and the relevant supervisory authorities of a breach where we are required to do so by law.
8. Data storage
How long will you use my personal data?
We will only retain your personal data for as long as is reasonably necessary to fulfil the purposes for which we collected it, including to comply with legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period of time if there is a complaint or if we have reason to believe that litigation is imminent in relation to our relationship with you.
In determining the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes by other means, and applicable legal, regulatory, tax, accounting or other requirements. We use automated database scripts to delete most of the personal data we hold. Typically:
We retain technical data and usage data for a maximum of one year;
Transaction data and some financial data, such as fraud exclusion data, we will keep for six years; and
We will keep most other data for as long as you have installed the AXXS app, plus two years.
Details of the retention periods for different aspects of your personal data can be found in our retention policy, which you can request by contacting us.
In certain circumstances you may ask us to delete your data: See "Your legal rights" for more information.
In certain circumstances, we will anonymise your personal data for research or statistical purposes (so that it can no longer be associated with you), in which case we may use this information indefinitely without notifying you.
9. Your legal rights
In certain circumstances you have rights under data protection laws in relation to your personal data. You have the right to:
To be given access to your personal data.
Request correction of your personal data.
Request erasure of your personal data.
Object to the processing of your personal data.
Request restriction of the processing of your personal data.
Request the transfer of your personal data.
Withdraw your consent.
If you wish to exercise any of the above rights, please contact us.
Normally no fee required
You do not have to pay a fee to access your personal data (or to exercise any other rights). However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive. Alternatively, we may refuse to respond to your request in these circumstances.
What we may need from you
We may need to request certain information from you to confirm your identity and to ensure your right of access to your personal data (or to exercise your other rights). This is a security measure to ensure that personal data is not disclosed to people who do not have the right to receive it. We may also contact you to ask for more information about your request to speed up our response.
Deadline for response
We aim to respond to all legitimate requests within one month. Occasionally it may take longer than one month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you informed.
Legitimate interest means our company's interest in running and managing our business so that we can provide you with the best service/product and the best and safest experience. We will ensure that we consider and weigh up any potential impact on you (both positive and negative) and your rights before processing your personal data for our legitimate interests. We will not use your personal data for activities where the impact on you outweighs our interests (unless we have your consent or are otherwise required or entitled to do so by law). You can find out more about how we balance our legitimate interests against any potential impact on you in relation to particular activities by contacting us.
Contract performance means that your data is processed if this is necessary for the performance of a contract to which you are a party or for taking action at your request prior to the conclusion of such a contract.
Complying with a legal obligation means that your personal data will be processed if this is necessary for compliance with a legal obligation to which we are subject.
External third parties
Service providers based in the Netherlands and the US who act as processors and provide IT, systems management and marketing services.
Professional advisors acting as processors or jointly with other controllers, including lawyers, bankers, auditors and insurers based in Germany providing advisory, banking, legal, insurance and accounting services.
Tax offices and other authorities operating in Germany that require notification of processing activities in certain circumstances.
Professional football clubs to whom we will only disclose your personal data with your consent.
YOUR LEGAL RIGHTS
You have the right to:
Request information about your personal data (commonly known as a 'personal data request'). This allows you to obtain a copy of the personal data we hold about you and check whether we are processing it lawfully.
You can ask us to correct the personal data we hold about you. This allows you to have incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data you provide to us.
Request for deletion of your personal data. In this way, you can ask us to erase or remove personal data if there is no valid reason to continue processing it. You also have the right to ask us to erase or remove your personal data if you have successfully exercised your right to object to processing (see below), if we may have processed your data unlawfully, or if we need to erase your personal data to comply with local law. However, please note that we may not always be able to comply with your request for erasure for certain legal reasons, which may be notified to you at the time of your request.
You may object to the processing of your personal data if we rely on a legitimate interest (or that of a third party) and there is something in your particular situation that causes you to object to the processing on that ground because you consider that it adversely affects your fundamental rights and freedoms. You also have the right to object when we process your personal data for direct marketing purposes. In some cases, we can demonstrate that we have compelling legitimate grounds for processing your data that override your rights and freedoms.
Request to restrict the processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following cases:
If you want us to verify the accuracy of the data.
If our use of the data is unlawful but you do not want us to delete it.
If you need the data even if we no longer need it because you need it to establish, exercise or defend legal claims.
You have objected to the use of your data, but we need to check whether we have compelling legitimate grounds for using the data.
Request the transfer of your personal data to you or to a third party. We will provide you or a third party of your choice with your personal data in a structured, commonly used and machine-readable format. Note that this right only applies to automated data that you have originally consented to the use of, or where we have used the data to perform a contract with you.
You can withdraw your consent at any time when we rely on consent to process your personal data. However, this will not affect the lawfulness of the processing that took place before you withdrew your consent. If you withdraw your consent, we may no longer be able to offer you certain products or services. We will inform you if this is the case when you withdraw your consent.