SPITCH-Android App

Install

SPITCH App

Install

SPITCH App

Currently you can only use the Mobile App on Apple devices. We are working on offering SPITCH on Apple devices for Mobile-Web as well.

Install

Privacy Policy

Privacy Policy for www.spitch.live and related mobile applications (“Website”).

1 Data privacy means mutual trust at SPITCH

When SPITCH set out to create a high-quality daily fantasy sports game with interesting prize winnings, we knew that we needed important partners, namely our users.

We work with you to make a new gaming experience possible for you and offer you an attractive sum of money as the winner with the best strategies. SPITCH wouldn’t be able to exist without you. This partnership is also reflected in the way we handle your personal data. Since SPITCH is an experience of cooperative action, it’s a matter of course for us to collaborate with you when it comes to protecting your personal data.

This Privacy Policy sets out the way in which SPITCH Ltd. (“we” or “us”) collects and processes personal data (as defined in paragraph 3.1 below), how and for what purposes we process data, the conditions under which and when we erase data, and what rights you have in relation to the data. Should you have any questions about this Privacy Policy or the processing of your personal data, feel free to contact us at: info@spitch.live.

By using our Services, you acknowledge that you have read and agreed to the terms of this Privacy Policy. If you do not wish to provide your personal data on the basis set out in this Privacy Policy, you should not enter the relevant information on the Website, or otherwise provide us with your personal data. However, if you do not provide your personal data, you may not be able to use all of the Services.

This policy is made compliant with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

2 The Data Controller is SPITCH

We are pleased that you are visiting the Website of SPITCH Ltd. (hereinafter referred to as ‘SPITCH’), of No. 2, Geraldu Farrugia Street, Zebbug, ZBG 4351, Malta, email: info@spitch.live, a company registered in the Commercial Register of the District Court of Malta under the No. C 89594 (SPITCH Limited), and we thank you for your interest in SPITCH.

3 Collection and storage of personal data as well as the nature and purpose of use

As part of operating the Website, we collect your personal data. ‘Personal Data’ shall mean any information from which you can be directly or indirectly identified, including your name, email address, home address, mobile number, debit/credit card data and date of birth.

3.1 Access to the SPITCH Website and app

3.1.1 Log files
Each time access is made to our Website www.spitch.live and our app, data is sent by the respective Internet browser on your respective terminal device to the server of our Website/application and temporarily stored in log data files, otherwise known as ‘log files’.

The data sets stored in this way contain the following data which are stored up until automatic erasure:

  • Date and time of the retrieval,
  • Name of the site retrieved,
  • IP address of the inquiring device,
  • Information on the terminal device used (operating system/platform, version of the operating system, mobile phone model, app version, browser version)
  • Message if access was successful,
  • Referrer URL (source URL, from which you arrived at our Website),
  • Data quantity transferred,
  • Loading time,
  • Product and version information of each browser used, and
  • Name of your access provider.

The IP address is saved and automatically and immediately anonymised solely for the purpose of combatting misuse and for detecting and eliminating errors.

The legal basis for processing the IP address is Article 6(1)(f) GDPR. We have a legitimate interest in guaranteeing the smooth establishment of a connection, convenient use of our Website and evaluation of system security and stability.

The legal basis for processing data is Article 6(1)(1)(f) GDPR. Our legitimate interest is based on the data collection purposes listed above. Under no circumstances do we use the data collected to draw conclusions on you as a data subject.

3.1.2 Cookies, tracking and social media plug-ins
We use so-called cookies, tracking tools, targeting procedures and social media plug-ins for our Website and app. Detailed information about the precise procedure involved and the manner in which your data is used in each case is provided below in Chapter 3.5.1.

3.2 Data processing upon conclusion of a contract
Whenever you register for an Account at SPITCH and/or enter into a further contract with us, we shall process the data necessary for concluding the contract, for its performance, or for terminating the contract with you.

This includes the following data:

  • First name, last name
  • Delivery address
  • Email address
  • Date of birth
  • Information about the transactions you undertake
  • Log file including player game history e.g. game name, debit posting date/time etc
  • Details of payment cards used
  • Records of your discussions with our Customer Care services teams

The legal basis for such is Article 6(1)(a) and (b) GDPR, i.e., you make the data available to us upon the basis of the respective contractual relationship between you and us (e.g. managing your user account, concluding a sales contract). To process your email address if you make a purchase, we are also required to send you an electronic order confirmation as per the legal obligations stipulated in the German Civil Code (BGB) (Article 6 (1)(c) GDPR).

To the extent that we do not use your data for further advertising purposes (see 3.5 SPITCH online presence and Website optimisation), we shall store the data collected as necessary for fulfilment of the contract for the term of the contract. After expiration of this time period, we shall retain the information about the contractual relationship, which must be retained in accordance with commercial and tax law, for the legally defined time periods. During this time period, the data shall only be processed again in the event of a review by the financial administration.

Furthermore, for concluding the purchase contract, the following data processing is necessary:

Your payment data shall be shared with the payment service provider engaged by us in order to process the payment(s). The respective data shall be transferred solely for the respective purposes and shall be erased after successful payment.

3.3 SPITCH won’t send you any unsolicited advertising
As part of the Account registration process, you will have the opportunity to choose whether or not to receive information on offers and promotions from us. Unless you have informed us at the time of setting up your Account that you do not wish to receive promotional material, we will send you such communications until you inform us that you no longer wish to receive them. SPITCH will only send you offers and information tailored to your needs if there is a corresponding legal basis for this, for example, after obtaining your consent for the specific purpose (Article 6 (1) (a) GDPR).

3.3.1 Update your marketing preferences
You may update your marketing preferences at any time by:
If you are receiving emails, you may click on the “unsubscribe” link in an email and follow the instructions to opt-out of receiving marketing material.

If you are receiving text messages, you may follow the instructions to unsubscribe to opt-out of receiving marketing material.
Contacting us at info@spitch.live to object to the use of your personal data for any of the aforementioned purposes at any time and free of charge with effect for the future. If you file an objection, your data will be blocked for further promotional data processing. We would like to point out that in exceptional cases advertising material may still be sent even after receipt of your objection. Due to the lengthy lead time it takes to handle the selection, this can occur due to technical reasons and does not mean that we have not implemented your objection.

3.3.2 Newsletters
On our Website, we offer you the opportunity to subscribe to our newsletter in order to provide you with up-to-date information. We use the so-called double opt-in procedure (DOI procedure) to ensure that no mistakes are made while entering the email address: after you have entered your email address into the registration field and granted your consent to receiving our newsletter, we will send you a confirmation link to the email address you provided to us. Only when you click on this confirmation link will your email address be added to our mailing list for the distribution of our newsletter (Article 6(1)(a) GDPR).You can revoke your consent at any time with effect for the future by sending a notification to info@spitch.live or by using the option to unsubscribe provided at the bottom of each newsletter.

3.3.3 Recommendations sent via email
We email existing customers recommendations on a regular basis. You will receive these recommendations from us even if you have not subscribed to the newsletter. We use the email you provided to us upon making your purchase to advertise our own products. The legal basis for this processing of data is Article 6 (1)(f) GDPR.

Notice of right of objection
You can revoke your consent at any time with effect for the future by sending a notification to info@spitch.live or by using the option to object to recommendation emails, without incurring any charges other than the basic costs of transmitting messages.

3.3.4 Contests
Whenever you register for contests organised by SPTICH, we collect, save and process your name, mailing address, email address and telephone number, if necessary, for the purpose of carrying out the contest and communicating with you in regard to the contest. We immediately erase your data after contest completion. Detailed information can be found in the respective terms and conditions of participation for the respective contest. The legal basis for data processing in this case is either Article 6(1)(b) GDPR, i.e. the processing of your data is necessary for the fulfilment of the agreement on your participation in the contest. Or the legal basis for this processing of your data is Article 6(1)(a) GDPR, i.e. provision of your consent.

3.4 Disclosure of data to third parties
Except as described in this Privacy Policy, we will not disclose personal data to third parties without the appropriate legal basis. We may disclose your personal data to any of the following recipients:

  • any third party which assists us in providing the Services, including, but not limited to, payment processors, customer services representatives and chat moderators as further detailed below;
  • any third party which can assist us in verifying the accuracy of your personal data, including financial institutions and credit reference agencies;
  • any third party which assists us in monitoring use of our Services, including the detection and prevention of fraud and collusion;
  • any advisers auditing any of our business processes or who have a legitimate need to access such information for the purpose of advising us;
  • any law enforcement body which may have any reasonable requirement to access your personal data; and
  • any potential purchaser of SPITCH Ltd‘s business or any investors in it (including in the event of insolvency).

3.4.1 Payment processing
We cooperate with our partner of Wirecard AG, Einsteinring 35, 85609 Aschheim, Germany, in order to be able to offer you the best possible selection of payment methods. If you choose one of the payment methods offered, payment is processed via the payment service provider Wirecard (Wirecard UK & Ireland Ltd, 1st Floor Ulysses House, Foley Street Dublin 1, Ireland), with whom we share your information provided during the order process together with the information about your order (name, mailing address, possibly IBAN, possibly BIC, invoice amount, currency and possibly transaction number). Your data will only be shared with the payment service provider Wirecard for the purpose of payment processing in accordance with Article 6(1)(b) GDPR. Your data will only be shared if this is actually necessary for processing the payment. Further information on Wirecard AG’s privacy policy can be found at https://www.wirecard-cardsolutions.co.uk/privacy-policy/.

3.4.2 Authentication
SPITCH uses an external identity provider for authentication purposes. SPITCH uses a ‘delegation of authentication’ procedure. For login purposes, SPITCH uses the software module Auth0 (further information available at: https://auth0.com/terms/ and https://auth0.com/privacy/) and then sends Auth0 the user’s email address and password.

3.4.3 Sending emails
One of the platform’s main features is the dispatch of emails to various SPITCH user groups in order to ensure that content is personally communicated in a timely manner. For the purpose of sending emails, we use the email service provider Mailjet, 37 Bis Rue du Sentier 75002 Paris, France. Only email addresses required for sending communication are shared and temporarily stored. Email addresses shall be completely deleted at least 30 days after the last dispatch. Email addresses are used exclusively by SPITCH and are not shared with third parties. Mailjet’s privacy policy is available at: https://www.mailjet.de/privacy-policy/. The legal basis for using an email service provider is based on our legitimate interest as per Article 6(1)(f) GDPR. We have concluded a contract for order-data processing with Mailjet in accordance with Article 28(3)(1) GDPR.

Mailjet may retrieve the recipient’s data in pseudonymous form, i.e. without any association to a user, in order to optimise or improve their own services, for example, for the technical optimisation of sending communication and the presentation of newsletters or for statistical purposes. The email service provider, however, does not use our newsletter recipients’ data in order to write to them personally or to share the data with third parties.

3.4.4 Content Delivery Networks (CDN)
SPITCH uses a CDN (Content Delivery Network) called ‘Cloud CDN’ provided by Google LLC. A CDN makes it possible, in particular, to shorten the loading time of the Website and app or certain content, for example, by sending files from a very fast server that’s located as close as possible to you. Processing is carried out in order to shorten the loading time of our Website. Processing is required to safeguard the overriding legitimate interests of the controller (Article 6(1)(f) GDPR).

3.4.5 Disclosure to third parties on the basis of legal obligations and legitimate interests
SPITCH may need to work with credit rating agencies, fraud detection agencies and anti-money laundering agencies to meet our regulatory and legal obligations in the course of processing your SPITCH account and any account-related transactions.

The purpose of this communication is intended for the:

  • Assessment of whether you are a politically exposed person (PEP) or a person who is subject to financial sanctions.
  • Assessment of whether your personal details resemble those of persons suspected of money laundering or fraud.
  • Electronic verification of your personal data by comparing it with third-party databases.

Where payment service providers request such information in connection with fraud-related issues, we shall share such personal data provided that the request for information is aimed at safeguarding your rights and/or the legitimate interests of the company to protect itself against fraudulent activity.

3.4.6 Disclosure to regulatory authorities
In order to comply with our legal obligations, the Malta Gaming Authority (MGA), the Financial Investigations and Analysis Unit (FIAU), the Sanctions Monitoring Board or other competent law enforcement agencies may request that SPITCH disclose data, which may require that we share all personal data, evidence, payment and gaming transaction history, communication history and other information we have available on you. The competent authority may determine the method to be used to share data over which we have no control.

3.4.7 Other reasons for sharing data
Your personal data is not transmitted to third parties for purposes other than those shown below.

We share your personal data with third parties only if:

  • You have given your express consent to do so pursuant to Article 6(1)(1)(a) GDPR.
  • Disclosure is necessary in accordance with Article 6(1)(1)(f) in order to assert, exercise or defend legal claims, and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data.
  • In the event that a legal obligation exists for disclosure pursuant to Article 6(1)(1)(c) GDPR.
  • This is lawful and it is necessary pursuant to Article 6(1)(1) (b) for concluding contractual relationships with you.

3.5 SPITCH online presence, Website optimisation and the app

3.5.1 General information about cookies
We use cookies on our Website to make visiting our website appealing and to enable the use of certain functions, as well as to record statistics about the use of our Website. Cookies are small files that are automatically created by your browser and stored on your terminal device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your terminal device and do not contain any viruses, trojans or other malware. Cookies contain information resulting from connection with the specific terminal device used. However, this does not mean that we have immediate knowledge of your identity.

Most of the cookies used by us are deleted again after the end of the browser session (so-called session cookies). In addition, we use temporary cookies to optimise user-friendliness. These are stored on your terminal device for a specified period of time. If you then visit our Website again to use our services, the system automatically detects that you have already visited us and what entries and settings you have made, so that you do not have to enter all this information again. The data processed by the cookies is required for the stated purposes in order to safeguard our legitimate interests as well as those of third parties pursuant to Article 6 (1)(1)(f) GDPR.

Of course, you can configure your browser in such a manner that it does not save our cookies on your terminal device. The help function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, provided that you set up your browser to notify you whenever you receive a new cookie, or how you can delete all of the cookies already received and block any additional ones.

If these cookies and/or the information they contain personal data, the legal basis for data processing is Article 6(1)(f) GDPR. Our interest in optimising our website is to be regarded as justified in the sense of the aforementioned provision.

3.5.2 Google Analytics
For the purpose of a design tailored to your demands and for the purpose of continuous optimisation of our website, we use Google Analytics, a web analysis service of Google Inc. (‘Google’), as per Article 6 (1)(f) GDPR. Google Analytics uses so-called ‘cookies’, text files that are stored on your computer and facilitate an analysis of your use of the website. In this context, pseudonymised user profiles are created and cookies are used. The information about your use of this website is generated by the cookie, such as browser type/version, operating system used, referrer URL (the site previously visited), host name of the accessing computer (IP address), and time of server enquiry.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports about website activities, and to render additional services affiliated with the website use and the Internet use vis-à-vis the website operator. The IP address transferred by your browser within the framework of Google Analytics is not merged with other data from Google. You can use a corresponding setting on your browser software to prevent cookies from being stored; however, we would like to point out that in this case you may not be able to use all the features of this website to their full extent. Moreover, you can prevent the recording of the data generated by the cookie and related to your use of the website (incl. your IP address) by Google as well as the processing of such by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser add-on, particularly with browsers on mobile terminal devices, you can also prevent the recording by Google Analytics: An opt-out cookie is activated that prevents your data from being collected when you visit this website. The opt-out cookie is valid only in this browser and only for our website, and is stored on your device. If you delete the cookies in this browser, then you will have to reactivate the opt-out cookie. You can find additional information about the privacy policy of Google Analytics on the Google Analytics website.

3.5.3 Google Adwords
This website uses Google AdWords. Google AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (‘Google’). We use the remarketing function of the Google AdWords service here. This remarketing function enables us to show interest-based ads to users of our website on other websites within the Google Display Network (on Google itself, ‘Google ads’ or on other websites). To do this, we analyse the interaction of users on our website, for example, the offers in which users have shown an interest. Targeted advertising can then be presented to users on other websites after they have visited our website. To do this, Google saves an identifier in the browsers of users who visit certain Google services or websites in the Google Display Network. This identifier, known as a ‘cookie’, records the visits of these users. It uniquely identifies a web browser on a specific computer but does not identify any individual. No personal data is saved. The legal basis for this processing of data is Article 6 (1)(f) GDPR.

You may disable Google’s use of cookies by clicking the following link and downloading and installing the plug-in provided there: www.google.com/settings/ads/plugin.

Further information on Google Remarketing as well as Google’s privacy policy can be found at: www.google.com/privacy/ads/.

3.5.4 Google AdWords conversion tracking
We also use the conversion tracking feature of the Google AdWords service. When you click on an ad placed by Google, a conversion tracking cookie is stored on your computer or terminal device. These cookies become invalid after 30 days and contain no personal data. As such, they cannot personally identify any user. We use the information collected with the conversion tracking cookie to generate conversion statistics for AdWords customers who have opted for conversion tracking.

3.5.5 Option to object/opt-out
In addition to the deactivation methods previously described, you can generally prevent such technologies by activating a corresponding cookie setting in your browser. You also have the option to deactivate preference-based advertising by using the preference manager which is available here.

3.5.6 Sentry
We use the service known as Sentry (Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA) to improve the technical stability of our service by monitoring system stability and detecting code errors. Sentry is used for these purposes alone and does not evaluate any data for advertising purposes. The data of the users, for example, information on the device or time of error, is collected anonymously and not used for personal purposes. It is then subsequently deleted. Further information about Sentry’s privacy policy can be found at: https://sentry.io/privacy/

3.5.7 Google Firebase Analytics
SPITCH uses Google Firebase Analytics. Firebase Analytics is a service which makes it possible to collect and analyse app usage data from smartphones. When you use the app, selected actions are encrypted for this purpose and then shared in pseudonymous form with Firebase Analytics in order to analyse general user behaviour in terms of efficiency, etc. and in the course of the evaluation to draw conclusions on how to continuously improve the app.
Further information about Google’s use of data can be found in the company’s privacy policy at: https://www.firebase.com/terms/privacy-policy.html

3.5.8 Firebase Remote Config
The SPITCH app uses Firebase Remote Config so we can modify the app on installed terminal devices, without you having to completely re-install it from the app store whenever changes are made. Your device information, language settings and country settings are transferred to Google in the USA and processed there for this purpose.

Information about how Remote Config works can be found at: https://firebase.google.com/products/remote-config/.

3.5.9 Use of Fabric (including Crashlytics)
On our app, we use Fabric and Crashlytics, web analysis services operated by Twitter Inc. 795 Folsom St., Suite 600, San Francisco, CA 94107 (‘Twitter’), in order to improve our app and rectify errors, for example, system crashes. The data collected is provided to us in anonymous form and become the property of Twitter. We are notified about crashes and only see the line of code that caused the crash, the type of mobile terminal device and installed operating system, the amount of free memory and flash memory, and whether the operating system has been ‘jailbroken’. We use this data to reproduce the error as best as possible and then fix it in a future release.

Information on the data which Fabric saves is provided in Fabric’s Terms and Conditions (https://fabric.io/terms).

3.5.10 Push notifications
If you use the SPITCH app, we have made it technically possible to send you, in addition to emails, push notifications, if you have given your consent for push notifications to be sent to you (Article 6(1)(a) GDPR). You can revoke your consent at any time with effect for the future and you can delete your account at any time. A push notification is a message that the app has new information. You can then decide to view or ignore these push notifications. When a push notification is sent, your device data is shared with the push notification system of your smartphone’s or tablet’s operating system so that the push notification can be sent for you to receive. Firebase Cloud Messaging from Google, Inc., based in the United States, is typically used here. A supplementary agreement has been concluded with Google for the processing of data and Google is certified in accordance with the Privacy Shield. Google’s general privacy policy and terms of service (https://policies.google.com/privacy?hl=en) and Firebase’s Terms of Use (https://firebase.google.com/terms/) are available in English. Firebase Cloud Messaging provides statistics and analyses on usage behaviour in an anonymous and aggregated form in order to identify possible errors and improve the apps (Article 6 (1) (f) GDPR). Should you wish to receive push notifications from us in the future, you can change your SPITCH app settings at any time for this purpose.

4 Usage of web fonts

We use Google Web Fonts on our website to display font types in a standardised manner. The required web fonts (font types) are loaded by your browser when you access the website server, in order to display the texts and font types correctly. During this process, your browser establishes a connection to Google’s servers, whereby Google is made aware that our website is being visited by a terminal device with your IP address. The use of Google Web Fonts and the data processing associated with this is used in our interest in displaying our website in an appealing manner. The legal basis is Article 6(1)(f) GDPR.

If your browser does not support the displaying of web fonts, a standard font is used instead.
Further information about Google Web Fonts is available at https://fonts.google.com/ as well as in Google’s privacy policy at https://policies.google.com/privacy?hl=de

5 Social Media

5.1 Use of Facebook Social Plugins
We use so-called social plug-ins (‘Plug-ins’) of the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). The plug-ins can be identified by a Facebook logo or the phrase “Facebook Social Plugin”. When you visit a page of our website that contains such a plug-in, your browser establishes a direction connection to the Facebook servers. The content of the plug-in is sent directly to your browser by Facebook and integrated into the website. This plug-in integration enables Facebook to receive the information that your browser has accessed the respective page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. If you are logged into Facebook, Facebook can directly associate your visit to our website with your Facebook profile. If you interact with the plug-ins, for example, by pressing the ‘Like’ button or posting a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook contacts. The purpose and scope of data collection and the further processing and use of data by Facebook as well as your rights and setting options for the protection of your privacy can be found in Facebook’s privacy policy at http://www.facebook.com/policy.php. In order to prevent Facebook from directly associating the data collected via our website with your Facebook profile, you must log out of Facebook before visiting the website. The loading of Facebook Plugins can also be completely prevented by using browser add-ons.

5.2 Use of Instagram social plug-ins
On our website, so-called social plug-ins (‘plug-ins’) from Instagram are used, which are operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (‘Instagram’). The plug-ins can be identified by an Instagram logo, for example, in the form of an ‘Instagram camera’. If you access one of our websites that has such a plug-in, your browser creates a direct link to the Instagram servers. The content of the plug-ins is transmitted by Instagram directly to your browser and integrated into the website. This integration makes it possible for Instagram to obtain information that your browser has accessed the corresponding page in our website, even if you do not have an Instagram profile or you are currently not logged in to Instagram. This information (including your IP address) is transferred directly to an Instagram server in the USA and stored there. If you are logged into Instagram, Instagram can directly associate your visit to our website using your Instagram account. If you interact with the plug-ins, for example, by pressing the ‘Instagram’ button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts. The purpose and scope of data collection and the further processing and use of data by Instagram as well as your rights and setting options for the protection of your privacy can be found in Instagram’s privacy policy at: https://help.instagram.com/155833707900388/. In order to prevent Instagram from directly associating the data collected via our website with your Instagram account, you must log out of Instagram first before visiting our website. The loading of Instagram plug-ins can also be completely prevented by using browser add-ons (e.g. with the script blocker ‘NoScript’ (http://noscript.net/)).

5.3 Use of Twitter plug-ins (e.g. ‘Twitter’ button)
On our website, so-called social plugins (‘plug-ins’) from the microblogging service Twitter are used, which is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (‘Twitter’). The plug-ins can be identified by a Twitter logo, for example, in the form of a blue ‘Twitter bird’. If you access one of our websites that has such a plug-in, your browser creates a direct link to the Twitter servers. The content of the plug-ins is transmitted by Twitter directly to your browser and integrated into the website. This integration makes it possible for Twitter to obtain information that your browser has accessed the corresponding page in our website, even if you do not have a Twitter profile or you are currently not logged into Twitter. This information (including your IP address) is transferred directly to a Twitter server in the USA and stored there. If you are logged into Twitter, Twitter can directly associate your visit to our website using your Twitter account. If you interact with the plug-ins, for example, by pressing the ‘Twitter’ button, this information is also transmitted directly to a Twitter server and stored there. The information is also published on your Twitter account and displayed to your contacts. The purpose and scope of data collection and the further processing and use of data by Twitter as well as your rights and setting options for the protection of your privacy can be found in Twitter’s privacy policy: at https://twitter.com/privacy. In order to prevent Twitter from directly associating the data collected via our website with your Twitter profile, you must log out of Twitter before visiting the website. The loading of Twitter plug-ins can also be completely prevented by using browser add-ons (e.g. with the script blocker ‘NoScript’ (http://noscript.net/)).

6 Recipients outside the EU or EEA

With the exception of the processing set forth herein, we do not share your personal data with any recipients headquartered outside of the European Union or the European Economic Area. The processing activities set forth herein include a data transfer to the servers of providers of tracking or targeting technology commissioned by us. These servers are located in the USA. Where we transfer your personal data outside of the EU or EEA, we will put in place adequate measures to ensure that your personal data is kept secure.

The adequate measures shall include:

  • transferring data to a jurisdiction which the European Commission recognises as providing adequate protection for the rights and freedoms of data subjects in connection with the processing of their personal data. The data transfer is carried out in accordance with the principles of the so-called ‘Privacy Shield’,
  • transfers pursuant to standard contractual clauses in accordance with European Commission decisions on transferring personal data.

7 Your rights

7.1 Overview
In addition to the right to withdraw your consent given to us, you also have the following rights, when the respective legal conditions are extant:

  • in accordance with Article 15 GDPR, to request access to your personal information processed by as, together with information about your personal data. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the source of your data if the data has not been collected by us;
  • in accordance with Article 16 GDPR, to demand the immediate correction of incorrect or incomplete data;
  • in accordance with Article 17 GPDR, to request the erasure of your personal data stored by us, as far as no legal or contractual retention periods or other legal obligations or rights for further storage are to be observed by us;
  • in accordance with Article 18 GDPR, to restrict the processing of your data if you dispute the accuracy of the data, the processing is unlawful, but you reject its erasure; the data controller no longer requires the data but you need it to assert, exercise or defend legal claims or if you have filed an objection to the processing in accordance with Art. 21 GDPR;
  • in accordance with Article 20 GDPR, the right to data portability, i.e. the right to receive selected data stored by us about you in a common, machine-readable format, or to request the transfer to another controller;
  • the right to lodge a complaint with a supervisory authority or seek judicial remedy. You can usually contact the supervisory authority at your normal place of residence or your workplace or where we are headquartered.

The aforementioned rights which you are entitled to in relation to us can be asserted at datenschutz@spitch.live.

7.2 Right of objection
If your personal data is processed on the basis of legitimate interests in accordance with Article 6 (1)(1)(f), you have the right in accordance with Article 21 GDPR to object to the processing of your personal data if grounds for this relating to your particular situation exist or the objection is to direct marketing. In the latter case, you have a general right of objection that will be executed by us without having to name a specific situation.

Should you wish to assert your right to revocation or objection, simply send an email to info@spitch.live.

Insofar as we process data based on the consent you granted us, you have the right to revoke such consent at any time. The revocation of consent does not render invalid the data processing performed on the basis of consent until the time of revocation.

7.3 Apply for rights
Where you make a request in respect of your rights we will require proof of identification. We may also ask that you clarify your request. We will aim to respond to any request within one month of verifying your identity, with a possibility to extend this period for particularly complex requests in accordance with applicable law. If we receive repeated requests or have reason to believe requests are being made unreasonably, we reserve the right not to action the request, provided that a justification shall be given to you within the time periods specified in the GDPR.

Please be aware that while we will try to accommodate any request you make in respect of your rights, they are not absolute rights. This means that we may have to refuse your request or may only be able to comply with it in part.

In accordance with applicable law, we reserve the right to withhold personal information if disclosing it would adversely affect the rights and freedoms of others.

8 Data security

We are committed to ensuring that your personal data is secure. We use appropriate technical and organisational safeguards to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continually improved as new technology becomes available.

8.1 Data security on our Website
When you visit our Website, we use the common SSL (Secure Sockets Layer) method combined with the highest level of encryption your browser supports. A 256 bit connection is used in most cases.

8.2 Disclosure
If your browser does not support a 256 bit connection, we will use 128-bit v3 technology instead. This means that all the information sent between your computer and our secure computer environment is encrypted or scrambled so that no one can read it in transit. You can recognise whether a particular page of our website is transferred in encrypted form by the key or padlock symbol on your browser’s bottom status bar.

Where your personal data needs to be disclosed to our service providers, we require them to process and protect your information in a manner consistent with this Privacy Policy and applicable laws.

Unfortunately, the transmission of information via the internet is not completely secure. If you believe your Personal Data has been compromised, please contact us at info@spitch.live.

9 Retention of your personal data

9.1 Basis of storage
We will retain your personal data for the minimum period necessary for us to provide you with the Services and to comply with our legal and regulatory obligations. We will retain your personal data for as long as your Account is active or otherwise for a limited period of time needed to fulfil the purposes for which such personal data was initially collected, unless otherwise required by law.

9.2 Storage time
Accordingly, your personal data will be retained for a minimum of five (5) years following the closure of your Account (if applicable) or the last activity made on your Account. Where it is no longer necessary for us to process your personal data, we will erase your information sooner.

9.3 Extension of the storage times
The above retention times may be extended when it is necessary for compliance with a legal obligation, to investigate a crime, handle a claim or resolve a complaint.

10 Data Protection Officer

SPITCH Ltd. has appointed a Data Protection Officer (“DPO”) who is responsible for all matters relating to privacy and data protection. The DPO can be reached at the following address: datenschutz@spitch.live.

11 Contact Us

You may contact our Customer Services Team at support@spitch.live.

12 Timeliness and amendments to this privacy policy

This privacy policy, which was last amended in November 2018, is currently valid.

It may become necessary to change this Privacy Policy due to the further development of our Website and its offers or on account of amended legal or official requirements; if we do so we will post the changes to this page as well as the date that the changes take effect. Our current Privacy Policy can be downloaded and printed from our website at any time: http://spitch.live/en/privacy.