Data Privacy

The requirements of the EU General Data Protection Regulation (hereinafter DSGVO) apply throughout Europe. We would like to inform you about the

processing of personal data carried out by our company in accordance with this regulation (compare Articles 13 and 14 DSGVO). If you have any questions or comments about this data protection declaration, you can send them at any time to the email address given under point 2 or 3.

Table of Contents:

I. Overview

1. Scope

2. Responsible

3. Data Protection Officer

4. Data security

II. The data processing operations in detail

1. General information on data processing

2. Calling the website/application

3. Newsletter

4. Customer support

5. Purchase of goods and services and payment processing

6. Tracking

7. Social media plugins

III. data subject rights

1. Right of objection

2. Right to information

3. Right of rectification

4. Right to erasure ("right to be forgotten")

5. Right to restriction of processing

6. Right to data portability

7. Right of withdrawal for consent

8. Right of appeal

IV. Glossary

I. Overview

In this section of the privacy policy, you will find information on the scope of application, the data controller, its data protection officer and data security.

1. scope

Data processing by SPORTFIVE Germany GmbH can essentially be divided into two categories:

- For the purpose of processing the contract, all data required for the execution of a contract with SPORTFIVE Germany GmbH will be processed. If external service providers are also involved in the processing of the contract, e.g. payment service providers, your data will be passed on to them to the extent necessary in each case.

- When you access the SPORTFIVE Germany GmbH website/application, various information is exchanged between your terminal device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimize our website or to display advertising in the browser of your end device.

This privacy policy applies to the following offers:

- our online offering available at www.official-vip.com;

- whenever otherwise referred to in any of our offerings (e.g. websites, subdomains, mobile applications, web services or third-party integrations), regardless of the way you access or use it.

All of these offerings are also collectively referred to as "Services."

2. person in charge

The data controller - i.e. the person who determines the purposes and means of the processing of personal data - in connection with the Services is

SPORTFIVE Germany GmbH

Barca street 5

22087 Hamburg

Phone: +49 (0)40 376 77-0

Fax: +49 (0)40 376 77-129

E-mail: de.info@sportfive.com

VAT ID No.: DE814116740

Registered office and court of registration: Hamburg HRB 10 22 66

Managing Directors: Philipp Hasenbein, Hendrik Schiphorst

3. data protection officer

You can contact our data protection officer as follows:

Contact form:

ePrivacy GmbH

Represented by Prof. Dr. Christoph Bauer

Burchardstraße 14, 20095 Hamburg

de.info@sportfive.com

4. data security

In order to develop the measures required by Article 32 of the GDPR and thus achieve a level of protection appropriate to the risk, we have established an information security management system in our company.

II. The data processing operations in detail

In this section of the Privacy Policy, we inform you in detail about the processing of personal data within the scope of our Services. For better clarity, we structure this information according to certain functionalities of our services. During the normal use of the services, different functionalities and thus also different processing operations may take effect one after the other or at the same time.

1. general information on the data processing operations

Unless otherwise specified, the following applies to all processing operations described below:

a. No obligation to provide

There is neither a contractual nor a legal obligation to provide the personal data. You are not obliged to provide data.

b. Consequences of non-provision

In the case of required data (data that is marked as mandatory when entered), failure to provide it will mean that the service in question cannot be provided. Otherwise, failure to provide the data may mean that our services cannot be provided in the same form and quality.

c. Consent

In various cases, you have the option of giving us your consent to further processing in connection with the processing described below (where applicable, for part of the data). In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all modalities and the scope of the consent and about the purposes we pursue with these processing operations.

d. Transfer of personal data to third countries

If we transfer data to third countries, i.e. countries outside the European Union, then the transfer takes place exclusively in compliance with the legally regulated permissibility requirements.

The admissibility requirements are regulated by Art. 44 -49 GDPR.

e. Hosting with external service providers

Our data processing is carried out to a large extent using so-called hosting service providers, who provide us with storage space and processing capacity in their data centers and also process personal data on our behalf according to our instructions. These service providers either process data exclusively in the EU or we have guaranteed an appropriate level of data protection with the help of the EU standard data protection clauses.

f. Transmission to government authorities

We transfer personal data to government authorities (including law enforcement authorities) if this is necessary for the fulfillment of a legal obligation to which we are subject (legal basis: Art. 6 para. 1 c) DSGVO) or if it is necessary for the assertion, exercise or defense of legal claims (legal basis Art. 6 para. 1 f) DSGVO).

g. Storage period

We do not store your data longer than we need them for the respective processing purposes. If the data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted, unless their temporary storage is still necessary. Reasons for this may be, for example, the following:

- The fulfillment of retention obligations under commercial and tax law

- Obtaining evidence for legal disputes within the scope of the statutory limitation provisions

Likewise, it is possible for us to further store your data with us if you have expressly given your consent for this.

h. Data categories

- Account data: Login/user ID and password

- Personal master data: Title, title/gender, first name, last name, date of birth

- Address data: street, house number, if necessary address additions, postal code, city, country

- Contact information: Telephone number(s), fax number(s), e-mail address(es).

- Registration Data: Information about the service through which you have registered; timing and technical information about registration, confirmation and deregistration; data provided by you during registration.

- Order data: Products ordered, prices, payment and delivery information.

- Payment data: Account data, credit card data, data on other payment services such as Paypal.

Access data: Date and time of the visit to our service; the page from which the accessing system arrived at our site; pages accessed during use; session identification data (session ID); in addition, the following information of the accessing computer system: Internet Protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.

i. Linkage of personal data

We link your future and historical data of the various service providers if you have given your explicit consent for them.

2. call of the website/application

This section describes how we process your personal data when you access our services. In particular, we point out that the transmission of access data to external content providers (see under b.) is unavoidable due to the technical functioning of information transmission on the Internet.

a. Processing information

Data category Purpose Legal basis Legitimate interest, if applicable Storage duration

Access data Establishing connections, displaying the contents of the service, detecting attacks on our site based on unusual activity, diagnosing errors. Art. 6 para. 1 f) DSGVO proper functioning of services, security of data and business processes, prevention of misuse, prevention of damage due to interference with information systems 7 days

b. Recipients of the personal data

Receiver category Data concerned Legal basis of the transfer Legitimate interest, if applicable

External content providers that provide content (e.g., images, videos, embedded posts from social networks, banner ads, fonts, update information) necessary to display the Service Access data Order processing (Art. 28 DSGVO) Proper functioning of services, (accelerated) display of content

IT security service provider Access data Order processing (Art. 28 DSGVO) Prevention of attacks by exploiting security gaps / vulnerabilities

3. newsletter

What happens to your personal data in connection with a subscription to our newsletter is described here:

a. Processing information

Data category Purpose Legal basis Legitimate interest, if applicable Storage duration

E-mail address Verification of registration (double opt-in procedure), newsletter delivery Art. 6 para. 1 letter a) DSGVO - Newsletter subscription duration

Personal master data Personalization of the newsletter Art. 6 para. 1 letter a) DSGVO - Newsletter subscription duration

Login data Traceability of successful newsletter registration/confirmation/unsubscription Art. 6 para. 1 letter f) DSGVO Proof of successful newsletter subscription/confirmation/unsubscription Newsletter subscription duration

Newsletter usage profile data interest-oriented design of the newsletter Art. 6 para. 1 letter f) DSGVO Improvement of our service, advertising purposes Newsletter subscription duration

b. Recipients of the personal data

Receiver category Data concerned Legal basis of the transfer Legitimate interest, if applicable

Service provider for newsletter dispatch all data mentioned under a. Order processing (Art. 28 DSGVO) -

Data analysis service provider all data mentioned under a. Order processing (Art. 28 DSGVO) -

The newsletter is sent by means of the dispatch service provider "MailChimp", a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the shipping service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement, thereby providing a guarantee of compliance with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The shipping service provider is used on the basis of an order processing agreement pursuant to Art. 28 (3) p. 1 DSGVO.

The dispatch service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

The data analysis is carried out by the service provider KORE Interactive Systems (USA) Inc, 259 W 30th St, 16th Floor New York NY 10001, USA. You can view the service provider's privacy policy here: https://koresoftware.com/privacy-policy/. The data is stored only on servers located in a member country of the European Union. The service provider is used on the basis of an order processing agreement pursuant to Art. 28 para. 3 p. 1 DSGVO.

4. customer support

How we process your personal data when you contact our customer service can be found here:

a. Processing information

Data category Purpose Legal basis Legitimate interest, if applicable Storage duration

Personal master data, contact data, contents of inquiries/complaints Handling customer inquiries and user complaints Art. 6 para. 1 b), f) Customer loyalty, improvement of our service Request processing

b. Recipients of personal data

Receiver category Data concerned Legal basis of the transfer Legitimate interest, if applicable

Service provider for the chat function Contact details Order processing (Art. 28 DSGVO) -

5. purchase of goods and services and payment processing

The following information describes how your personal data is processed when you purchase and pay for goods and services via our online offer:

a. Processing information

Data category Purpose Legal basis Legitimate interest, if applicable Storage duration

Personal master data, contact data, contents of inquiries, contents of offers, payment data Handling customer inquiries and selling goods and services Art. 6 para. 1 b), f) Proper functioning of the services

Improvement of the services offered

b. Recipients of the personal data

Receiver category Data concerned Legal basis of the transfer Legitimate interest, if applicable

Service provider for the payment process Payment data Order processing (Art. 28 DSGVO) -

Data analysis service provider Personal master data, contact data, contents of inquiries, contents of offers Order processing (Art. 28 DSGVO) -

Within the scope of payment processing, your data may be forwarded to the following payment service provider. The credit card number or other bank data will not be stored at SPORTFIVE and will be forwarded directly to the payment service providers:

Payments by credit card, PayPal and Sofortüberweisung are processed by our partner Adyen BV, Simon Carmiggelstraat 6 - 50, 1011 DJ Amsterdam. For the prevention and detection of fraud, we transmit your IP address to our partner Adyen BV, Simon Carmiggelstraat 6 - 50, 1011 DJ Amsterdam. Your IP address will be stored by Adyen BV. All data is transmitted in encrypted form.

In cases where a contract is directly concluded between you and an organizer, we forward your billing data (name, address, purchased service) to the respective organizer.

6. tracking

Below we describe how your personal data is processed using tracking technologies to analyze and optimize our services and for advertising purposes.

The description of the tracking procedures also includes information on how you can prevent or object to the data processing. Please note that the so-called "opt-out", i.e. the refusal of processing, is usually stored via cookies. If you use our services via a new terminal device or in a different browser, or if you have deleted the cookies set by your browser, you will have to declare the rejection again.

You can change your cookie settings (LINK[PJH1] ) at any time to manage your preferences.

The tracking methods described process personal data only in pseudonymous form. A connection with a concrete, identified natural person, i.e. a combination of the data with information about the bearer of the pseudonym, only takes place if you have a customer account with us.

Tracking to analyze and optimize our services and their use, as well as to measure the success of advertising campaigns and optimize the display of advertising

(1) Purposes of the processing

The analysis of user behavior by means of tracking helps us to check the effectiveness of our services, to optimize them and adapt them to the needs of users, and to correct errors. It also serves to statistically determine key data on the use of our services (reach, intensity of use, user surfing behavior) on the basis of uniform standard procedures and thus to obtain values that are comparable across the market.

Tracking to measure the success of advertising campaigns serves to optimize our ads for the future and to enable marketers and advertisers to also optimize their ads accordingly. The purpose of tracking to optimize the display of advertisements is to show users advertisements tailored to their interests, to increase the success of the advertisements and thereby also to increase advertising revenues.

(2) Legal basis of the processing

For services that make the behavior of data subjects on the Internet traceable and for the creation of user profiles, informed consent as defined by the GDPR is required. Via the cookie query that appears when you visit our website, as well as the cookie settings (LINK[PJH2] ), you have the option of agreeing to or rejecting the use of cookies. Cookies that are required to provide the web service (see point (3)) cannot be rejected.

(3) The tracking methods used in detail

This website uses the following types of cookies, the scope and functionality of which are explained below:

- Required: These cookies are necessary for the provision and functionality of the website.

- Functional: These cookies are used to improve customer service.

- Analysis: These cookies help us to better understand usage and purchasing behavior.

- Marketing: These cookies and similar technologies are used to personalize and optimize content and advertising.

Service name Category Purpose Possibility to prevent processing (opt-out) on the provider side Data transfer to third country?

Shopware Required Store functionalities, shopping cart, login Required service No

Zendesk Functional Text Chat https://www.zendesk.de/company/customers-partners/privacy-policy/

etracker Analysis Reach measurement, statistical analysis https://www.etracker.com/datenschutz/#privacy

Google Analytics Analysis Reach measurement, statistical analysis https://tools.google.com/dlpage/gaoptout

Facebook Custom Audience Marketing Advertising https://www.facebook.com/ads/website_custom_audiences/

Digital Window Marketing Advertising https://www.awin.com/de/rechtliches/cookieoptout

Ad:C Media Marketing Advertising https://ad.adc-serv.net

The Reach Group Marketing Advertising https://hal9000.redintelligence.net/privacy/8lcfmzhxc8d6/

BingAds Marketing Advertising https://account.microsoft.com/privacy/ad-settings/signedout

Google Ads Conversion Marketing Advertising https://adssettings.google.com

Google Remarketing Marketing Advertising https://adssettings.google.com

AppNexus Marketing Advertising https://www.appnexus.com/corporate-privacy-policy-de

NEORY Marketing Advertising https://www.neory.com/privacy.html

MediaMath Marketing Advertising https://www.mediamath.com/de/ad-choices-opt-out/

Adform Marketing Advertising https://site.adform.com/privacy-center/platform-privacy/opt-out/

Doubleclick Floodlight Marketing Advertising https://adssettings.google.com

Adition Marketing Advertising https://www.adition.com/datenschutz/

Doubleclick Marketing Advertising https://adssettings.google.com

If you wish to opt-out of interest-based advertising, you may also visit http://www.youronlinechoices.com/de/, click on "Preference Management" and follow the instructions to opt-out of the use of data for interest-based advertising by the service providers listed there, either entirely or on an individual basis. You will still receive advertising, but it will not be interest-based.

Google reCAPTCHA

In order to ensure sufficient data security when submitting forms, we use in certain cases the service reCAPTCHA of the company Google Inc. This serves primarily to distinguish whether the input is made by a natural person or abusively by machine and automated processing. The service includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google. The deviating data protection regulations of Google Inc. apply here. Further information on the data protection guidelines of Google Inc. can be found at https://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/.

etracker

The provider of this website uses services of etracker GmbH from Hamburg, Germany (www.etracker.com) to analyze usage data. Cookies are used for this purpose, which enable a statistical analysis of the use of this website by its visitors and the display of usage-related content or advertising. Cookies are small text files that are stored by the Internet browser on the user's terminal device. etracker cookies do not contain any information that enables identification of a user.

The data generated by etracker is processed and stored by etracker on behalf of the provider of this website exclusively in Germany and is thus subject to strict German and European data protection laws and standards. etracker has been independently audited, certified and awarded the :#ePrivacyseal data protection seal of approval in this regard.

The data processing is carried out on the legal basis of Art. 6 para .1 lit f (legitimate interest) of the EU General Data Protection Regulation (EU-DSGVO). Our legitimate interest is the optimization of our online offer and our web presence. Since the privacy of our visitors is particularly important to us, the IP address is anonymized at etracker as early as possible and login or device identifiers are converted at etracker to a unique key that is not assigned to a person. No other use, merging with other data or disclosure to third parties is made by etracker.

You can object to the aforementioned data processing at any time, insofar as it is personal. Your objection will not have any adverse consequences for you.

Further information on data protection at etracker can be found here.

7. social media plugins

This website may contain add-on programs (plugins) from social networks such as: Facebook, Google+, Twitter or Pinterest, which are operated by third parties and via which messages can be transmitted to the corresponding social network with the help of a button in order to rate, recommend or share content, for example. In doing so, we pursue the purpose and legitimate interest of making our Services better known. We configure our services so that data transmission only takes place when you click the button. The legal basis for the data transfer in this case is Art. 6 I f) DSGVO. The respective provider is responsible for the data protection-compliant processing of the transmitted data.

Service name Provider Privacy information of the provider

Facebook Facebook Inc, 1601 S. California Avenue, Palo Alto, CA 94304, USA https://de-de.facebook.com/about/privacy/

Google+ Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA https://www.google.com/+/policy/pagesterm.html

Twitter Twitter Inc., 539 Bryant Street, Suite 402, San Francisco, CA 94107, USA https://twitter.com/de/privacy

a. Processing information

Data category Purpose Legal basis Legitimate interest, if applicable Storage duration

News and reviews via the user's own social media account To make services better known Art. 6 I f) DSGVO To make services better known

b. Recipients of the personal data

Receiver category Data concerned Legal basis of the transfer Legitimate interest, if applicable

Social media service provider all data mentioned under a.

III. data subject rights

1. right of objection

If we process your personal data for the purpose of direct marketing, you have the right to object at any time with future effect to the processing of personal data relating to you for the purpose of such marketing.

You also have the right to object, on grounds relating to your particular situation, at any time with effect for the future, to the processing of personal data concerning you which is carried out pursuant to Article 6(1)(e) or (f) DSGVO.

You can exercise the right of objection free of charge.

You can reach us via the contact details listed under I.2.

2. right of inquiry

You have the right to know whether personal data concerning you are processed by us, which personal data these are, if any, as well as further information according to Art. 15 DSGVO.

3. right of rectification

You have the right to demand that we correct any inaccurate personal data relating to you without undue delay (Art. 16 DSGVO). Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

4. right to erasure ("right to be forgotten")

You have the right to demand that we delete personal data relating to you without undue delay, provided that one of the reasons set out in Article 17(1) of the GDPR applies and the processing is not necessary for one of the purposes regulated in Article 17(3) of the GDPR.

5. right to restriction of processing

You are entitled to request a restriction in the processing of your personal data if one of the conditions regulated in Art. 18 (1) a) to d) DSGVO is met.

6. right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another controller without hindrance by us or to obtain that a direct transfer is made by us, if this is technically possible. This shall always apply if the basis of the data processing is consent or a contract and the data is processed automatically. Accordingly, this does not apply to data held only in paper form.

7. right of withdrawal in case of consent

Insofar as the processing is based on your consent, you have the right to revoke your consent at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

8. right of appeal

You have a right of appeal to a supervisory authority.

IV. Glossary

Processor: a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.

Browser: Computer program for displaying web pages (e.g. Chrome, Firefox, Safari).

Cookies: The term "cookie" actually comes from the English vocabulary and its original meaning can be translated into German as "cookie". In the context of the World Wide Web, however, a cookie describes a small text file that is stored locally on the user's computer when a website is visited. This file stores data about the user's behavior. If the browser is called up and the corresponding website is visited repeatedly, the cookie is used and provides the web server with information about the user's surfing behavior with the help of the stored data.

Cookies in this context are not cookies, but information that a website stores locally on the visitor's computer in a small text file. This can be settings already made by the user on a page, but also information that the website has collected completely independently from the user. Later, these locally stored text files can be read by the same web server that created them. Most browsers accept cookies automatically. You can manage cookies using the browser functions (mostly under "Options" or "Settings"). This allows the storage of cookies to be disabled, made dependent on your consent in individual cases or otherwise restricted. You can also delete cookies at any time.

Third countries: Country that is not bound by the legal requirements of the EU Data Protection Directive (country outside the EEA).

Personal Data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pixel: Pixels are also called tracking pixels, web beacons, or web bugs. They are small, invisible graphics in HTML e-mails or on web pages. When a document is opened, this small image is loaded from a server on the Internet, and the download is registered there. This allows the server operator to see if and when an e-mail was opened or a web page was visited. Mostly this function is realized by calling a small program (Javascript). In this way, certain types of information on your computer system can be detected and passed on, such as the content of cookies, the time and date of the page view, and a description of the page on which the tracking pixel is located.

Profiling: any type of automated processing of personal data consisting in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location

Services: Our offerings to which this Privacy Policy applies (see Scope).

Tracking: The collection and analysis of data regarding the behavior of visitors to our Services.

Tracking Technologies: Tracking can occur both via the activity logs stored on our web servers (log files) and by means of data collection from your terminal device via pixels, cookies and similar tracking technologies.

Processing: any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.