PRIVACY & PERSONAL DATA PROTECTION POLICY
Last updated: May 2024
CONTENTS
PRIVACY & PERSONAL DATA PROTECTION POLICY 1
2.1. Information collected automatically during your visit and interaction with our website/app 4
2.2. Information You Provide Us Directly 5
- Legal bases of processing 9
- Processing of personal data – Recipients 10
- Transmission of personal data to third parties 12
- Data Retention Time 12
- Technical and organizational security measures 12
- Right to withdraw consent 15
- Rights of data subjects 15
- Right to lodge a complaint 17
- Cookies Policy 17
- Changes to this policy 20
- Communication 20
1. Privacy Policy Content
The “1,2,3 High App ” (hereinafter “the application”) and “1,2,3 High Pro ” (hereinafter “the website”) are managed by the limited liability company under the name ” OneTwoThree High GmbH ” (hereinafter “the company”), which is responsible for processing your personal data that we collect from you during your visit and when using the services of our application and website, i.e. all information that identifies you or can identify you directly or indirectly, in accordance with the General Regulation 2016/679 of the European Union on Data Protection ( General Data Protection Regulation , henceforth as “GDPR”).
The protection of natural persons against the processing of personal data is of the utmost importance for the company. Therefore, the collection and processing of personal data by the company is done only in accordance with the General Regulation and the generally applicable legislation and where this is required. We take the protection of your privacy and personal data very seriously and have taken all the necessary measures to safeguard the security and confidentiality of information concerning visitors/users of the services of our application/website.
This Privacy Policy explains:
- how we collect, use and share your data; It also describes how long we keep your information and how we keep it secure when we share it;
- your rights regarding the protection of your data.
Please read carefully this Privacy and Personal Data Protection Policy of our application/website in order to be informed about the data information collected from you when you visit it and when you use its online services, your use of them as well as about with your rights.
This Policy serves to inform data subjects in accordance with articles 13-14 of the General Data Protection Regulation of the EU 679/2016. If you have any questions about this Policy and in general how our company collects and processes your personal data, please contact our company at the email address [email protected].
This Privacy Policy applies only to our website and application. Users should note that our website may contain links to other websites, but the company is not responsible for the practices, terms of use and privacy policy or content of those websites. .
2. What kind of personal data we collect
The app “1,2,3 High App ” is an application through which the user/athlete can post exclusively sports audiovisual content (text, photos, videos) and communicate with other users/athletes, as well as professionals in the field. The purpose of the application is to promote sports talents, improve the athletic abilities of users/athletes, and promote competition. In summary, the app includes:
- User profile, with photo and video albums , personal information, user photo, cover photo, etc.
- Main update page for all users where they can see the posts of their friends/followers.
- Ability to add new users/friends.
- All profiles are “closed”, and after accepting the request the user/athlete will be able to access the profile and posts of the other user/athlete.
- Users can communicate with each other, with the right to save their conversations and upload photos.
- Users can interact with other users’ posts, photos and videos and “score” them.
- Users can participate in challenges set by the administrator of the application, by posting photos or videos. All users of the application have access to the above and the right to interact.
- Ranking of users based on the rating of their photos, the completion of certain tests, their activity and their interaction with other users.
- Smart ads, which appear on users’ homepage.
Also, our professional website “1,2,3 High Pro” enables sports professionals (e.g. coaches, athlete managers) to register online in order to create their professional profile by choosing one of the subscription options provided. The purpose of the professional website, which is addressed exclusively to users/professionals, is to find talented athletes and communicate with them, through a contact form.
The use of the above services of our application/website requires the creation of an account of the user of our application/website, by entering specific personal information. In the case of simple browsing on our website, the company does not collect and process browsing information that can identify you directly or indirectly, beyond what may be collected automatically from your browsing on our website. Particularly:
2.1. Information collected automatically when you visit and interact with our website/app
The simple browsing of the application and our website, as long as no registration and use of its online services is done, does not require the visitor to provide/enter personal data. However, just by visiting and browsing, certain information may be automatically collected that can directly or indirectly identify you , such as:
- your computer’s Internet Protocol (IP) address,
- the type of browser and the operating system
- the web pages you visited immediately before and after your visit to the page,
- the speed of the connection and information about the software programs installed on your computer or mobile phone;
- server connection information and
- basic information collected through HTML cookies , Flash cookies , web beacons and other similar technologies (see below in the Cookies section ).
2.2 . Information You Provide Us Directly
2.2.1. Personal data of “users/ athletes “
This policy describes the types of personal data that we collect, including data that you give us access to with your consent. The user who wishes to register and create a personal profile on our application/website (hereinafter “user/athlete”), as well as to use the messaging service, is invited to create an account by entering, with their consent, the following information that identify them personally:
- Name / Username
- Email address (e- mail )
- Password
- Country of residence
- Date of birth
- Preferred language of communication
- Height & Weight
Furthermore, by creating a profile and using our application, we automatically collect and process the following data and information:
- What actions you take while using our app, such as your posts, photos, messages you send, which users or other profiles you follow, which profiles you choose to access, and which posts or photos you choose to like.
- Your list of friends and followers in the app.
- Resume, sport of interest
To create an account, the “user/athlete” is asked to accept this policy.
2.2.2. Personal data of “users/ professionals “
For the online registration of users/professionals who wish to make use of our website and its services (hereinafter “users/ professionals “) and specifically to have a professional online profile, upon selection of one of the subscription packages which we provide, users/professionals are invited to complete the relevant registration form, upon submission of which we collect and process the personal information below:
- Full name
- Username and password
- Email address (e- mail )
- Mobile phone
- Specialty
- Area, address, postal code and telephone number
- Individual information concerning the user/professional, such as the existence of a professional license, in order to verify the exact professional status of the user/professional in the field of sports.
Furthermore, by creating a profile and using our website, we automatically collect and process the following data and information:
- What actions you take while using our website, such as your sport of interest, your posts, photos, messages you send, which users or other profiles you follow, which profiles you choose to access and which posts or photos you choose that you like.
- The list of athletes who are registered in our application.
- Curriculum vitae
To create an account, the “user/professional” is asked to accept this policy.
2.2.3. Email / Contact Form
All internal emails and communication with our customers are stored on our servers. Customers who email us or use the contact forms on our websites will have the email address, IP address and data provided in the contact form or email stored in our Mail Servers. We retain all communication made via e-mail as well as via contact forms indefinitely, so that we can provide ongoing support and improve our services .
We also use European servers for shipping transactional emails that are sent automated by a cloud service such as Mailgun, encrypted with SSL / TLS from our own server as well as from the servers of the service. The reason we use the service is to make sure that all the emails we send go to your inbox and not your SPAM. You can see the privacy policy of mailgun here .
2.2.4. Hosting and backups
All servers web and their hosting is managed by its team Qbrains Complete Digital Agency. This includes web hosting, web databases, file storage, APIs and logs. Qbrains Privacy Policy Complete Digital Agency is available here .
All backups are managed by her team Qbrains Complete Digital Agency and stored on the Amazon service platform Web Services located in various regions around the world as well as in third-party Private units N. A. S. Farms. You can view Amazon’ s policy here While you can see and here for the service concerning the organization of back – up data.
2.2. 5. Personal data collected automatically from filling out the contact form
The visitor/user who wishes to contact us on any matter, is invited to fill in the relevant contact form, upon submission of which, we collect and process the following data:
- Email address (e- mail )
- First name (optional field)
- Phone (optional field)
- Message content (free text)
2.2. 6. Minors
When collecting information directly from you, we take reasonable care to determine which of the personal information collected is about minors. In any case, if we find that we have collected any personal information from a minor under the age of 16 without verifiable parental consent, (in accordance with Article 8 of the EU General Data Protection Regulation 679/2016), we will delete the information from our database as soon as possible. If you believe that we may have collected information from a minor under the age of 16, please contact us at [email protected] .
3. How we use the personal data we collect
3.1. Processing purposes
The personal data of users of our online services is processed for the following purposes:
- To view the profile of users/athletes and network users/professionals of our app/website.
- For users/athletes’ access to sports teams, their communication with other users/athletes.
- For users/professionals to access profiles of users/athletes, for the purpose of finding new talents in sports, communicating with them, and promoting sports.
- To post photos and videos exclusively related to sports by users/athletes, for the purpose of promoting their talents and their sport.
- To provide users with personalized sports-related information.
- For statistical purposes, analyzing the information we collect to help improve our user profile, monitor and analyze website usage , enhance its functionality, and to better shape its content and design.
- For the general communication of users on sports matters.
- In compliance with our legal obligations and to fulfill our legitimate interests, we may use and disclose the information we collect to prevent illegal activities, enforce compliance with our app/website terms of use, and in any way protect our rights and the rights of our users.
3.2. Profile preparation
Profiling means the automated processing of personal data that consists in using it to evaluate certain personal aspects of a natural person, by virtue of which decisions can be made that produce legal results for the natural person. We profile users/athletes and users/professionals who use our online services for the purposes described below:
- To send users who create an account informative sports material as well as suggestions on interesting sports topics according to their needs and choices.
- So that users can have their own personal secure page where they can see the pages and profiles they follow, the posts and photos they post and their chat history.
- To display on the user/athlete’s online profile the score, ratings and comments of users/professionals and other users/athletes
We take all the necessary measures to protect the rights and legal interests of our users in the context of profiling , on the one hand providing in an automated way the right to object to users who receive personalized automated informational material of sports content, on the other hand taking all the necessary measures to exercise the right to object.
4. Legal bases of processing
The processing of your personal data is necessary to fulfill the aforementioned purposes. Unless otherwise specified at the time of collection of personal data, the legal basis for its processing is one of the following:
- your express consent has been given for the processing of personal data (Article 6 par. 1 para . a’ of the GDPR).
- the processing is necessary for the execution of the contractual relationship with you (Article 6 par. 1 para . b of the GDPR),
- processing is necessary to comply with a legal obligation of the company (Article 6 par. 1 para . c of the GDPR
- the processing is necessary for the purposes of the legal interests pursued by the company (Article 6 par. 1 para . f of the GDPR),
5. Processing of personal data – Recipients
We respect your privacy and only share your information under certain circumstances. We make information about you available to other companies, applications or persons in the circumstances listed below:
- We may transfer your personal data to other companies or third parties, but only if and to the extent that such transfer is strictly required for the purposes mentioned above.
- We may transfer your personal data to judicial, administrative, tax, customs, arbitration or other public authorities, regulatory bodies and lawyers if this is necessary to comply with the law or to establish, exercise or defend legal claims.
- We may use third parties to provide services related to our website and/or database management, provide maintenance services, carry out online marketing activities. These third parties will only have access to your information to perform their above duties on our behalf. In these cases, we ensure through contractual terms and regular audits that, if and when they have access to personal data, the legislation to protect it is sufficiently respected.
- We may share information about you in the event that our website is acquired or merged with another company or a similar business transaction occurs. However, our website will notify you by placing a prominent notice or sending a notice to the primary email address specified in your account before your information is transferred and subject to a different privacy policy.
- We may share information about you to investigate, prevent, or take action regarding illegal activities, if fraud is suspected, if there are circumstances involving potential threats to the physical integrity or other rights and interests of any person, or if required by law as well as in other cases in which we believe in good faith that disclosure of the information is necessary.
- We may share information about you to respond to subpoenas, search warrants, court proceedings, court orders, legal proceedings or other law enforcement action by any competent authority, including the Personal Data Protection Authority and the Data Protection Supervisory Authorities of other countries members of the European Union, as well as to assert and defend our legal rights or to counter claims against us.
- In addition to the above, we may use the information we collect for any other purposes that will be disclosed to you at the time the information is collected and with your consent, if required.
- Please note that third parties may independently collect data about you, including your IP address and information about the web pages you visit and the links you click, through cookies , link clicks or other means during your visit or the display of advertisements on our application/website. For more information, see below in the ” Cookies ” section.
Recipients of personal data may be located outside the European Economic Area. In these cases, the Company takes measures to implement sufficient and appropriate guarantees for the protection of personal data by other means mainly by using the standard binding clauses from the EU.
6. Transmission of personal data to third parties
The company may transmit the personal data of the subjects, only to third party service providers who perform work on behalf of the Company, regarding the purposes described in this Policy, to the extent that this is necessary for the implementation of the purpose of the processing and providing of its online services. In this case, the Company takes all the necessary measures so that the above service providers are specifically authorized for this purpose and are fully bound by the confidentiality and obligations provided for in the legislation regarding the collection and processing of personal data.
In addition, your data may be transmitted to public authorities as well as other third parties when this is required by applicable law, in accordance with the above-mentioned provisions of this Policy.
7. Data Retention Time
The Company will keep your personal data for as long as is necessary to fulfill the purposes of processing described in this policy, unless the applicable law requires or allows a longer period and for as long as it becomes necessary to comply with a legal obligation us or for the defense of our legal interests before Courts..
8. Technical and organizational security measures
The Company effectively implements, both at the time of determining the means of processing and at the time of processing, appropriate technical and organizational measures for the security of your personal data from accidental or non-destruction, loss, unauthorized modification, disclosure or access and from any other illegal processing of the personal data it manages, which it checks at regular intervals. In particular, measures are adopted, designed to implement data protection principles, such as the minimization of data, and the integration of the necessary guarantees in this processing in such a way as to meet the requirements of the applicable legislation and to protect the rights of natural persons.
We invest heavily in training our staff and infrastructure to ensure best practice is followed in everything we do. Prevention is better when it comes to security, and as a first step, we have internal review processes in place as well as quality assurance procedures specifically designed to prevent potential security risks in our services. Every employee and contractor goes through background checks and an onboarding process, which includes a probationary period where access to customer data is only granted when they are working under the supervision of another staff member.
All staff have access only to systems that are directly required to complete their duties. We use two-factor authentication for all critical systems and communication services. We automatically record all staff activity using internal logging tools.
Wherever personal data is entered on our website (address, email , name, telephone numbers, etc.) these are encrypted through a secure security certificate with 2048Bit Encryption (SSL). Personal data such as ( passwords , & email accounts ) are stored in our database encrypted ( hashed ).
However, despite every effort to store users’ personal data in a secure operating environment, which is not open to the public, the user must immediately notify the company, in the event that their contact information is lost, stolen or used without his permission. In such event we will remove your contact information from your account and update our records accordingly.
When a visitor/user sends information to our website by filling in the relevant online forms or sending an e – mail , in order to service a request from our company, the information must be provided correctly and accurately. The information provided – completed by the visitor/user to service their request is considered confidential and is transmitted only to the directly interested party and to the competent authority or authorities in accordance with the law, in case the use by the visitor is contrary to the rules of use of the application/ our website and in general the current legislation. Especially the latter may be considered appropriate when the use of our website by a visitor/user violates its operating rules. In this case, all the information of the visitor/user as well as his IP address can be part of any investigation, if this is required to protect the rights of our company. In case of sending data to our application/website, these should not contradict the legislation and good manners for the use of the internet in general, as well as not be altered by the visitor/user who publishes them or knowingly by others. This data can be used by our company without any claim from the visitor/user who provides it.
Each visitor/user is responsible for the use of our application/website and may use its services only for legal and legitimate purposes and specifically only for purposes related to the field of sports. The visitor/user may not use the application/website in a way that could damage, disable or damage our servers or networks, or in ways that interfere with anyone else’s use and exploitation of our services.
It is also prohibited to the visitor/user to create fake accounts with fraudulent intent, collect or store personal data of other users in any way; The company reserves the right to seek remedy for any damage caused by the violation of the above prohibitions by the visitor/user and to take any relevant legal action, procedure and take legal corrective out-of-court or judicial measures with the aim of preventing a violation of these terms.
The company reserves the right to take indicatively and not restrictively any of the following actions: a) to record and store every communication of the visitor/user with the application/website, including e- mail communication and questions – answers to the other users/athletes and users/professionals, b) to investigate any complaint in the event that a communication does not comply with the terms and conditions of its use and to decide at its discretion to withdraw or require the withdrawal of such communication, c) to withdraw communications, data and information sent by the visiting user, which are considered offensive, illegal or disturbing or which do not comply with the terms and conditions of use of the application/website d) to delete registered members, when they do not comply with the terms and conditions use of the application/website after a relevant warning to them.
9. Right to withdraw consent
By using our application/website and without prejudice to the provisions of more specific legislation, such as for example the legislation on the protection of personal data in the context of electronic communications, as applicable from time to time, you provide your express consent for all the above cases of processing of your personal data. In case you have given your consent to the processing of specific personal data by the Company, you have the right to withdraw the consent at any time, with future effect. Withdrawal of consent does not affect the lawfulness of processing that was based on consent before it was withdrawn. In case of withdrawal of consent, the Company may further process the personal data, only in cases where there is another legal reason for the processing. Regarding the information that is automatically collected from your browsing on our website, please refrain from visiting it if you do not wish for this information to be collected and processed.
10. Rights of data subjects
Visitors/users generally have all the rights provided for in Chapter III of the GDPR, namely:
- Right of access: you have the right to know whether we are processing your data and, if so, to receive a copy of it. The data subject has the right to access the data concerning him, by submitting a relevant request.
- Right to portability : you have the right to receive the above data concerning you in a structured, commonly used and machine-readable format .
- Right to rectification: you have the right to request the correction of your data if it is not accurate.
- Right to restriction: you have the right to ask us to restrict the processing, such as not to delete data that you consider necessary to establish, exercise or support legal claims.
- Right to object: you have the right to object to the processing of your data.
- Right to deletion: you have the right to request that we delete your data, unless retention is required by law. You can delete your personal data by going to your profile and selecting “Delete Account”.
You can exercise your rights by sending an e – mail to [email protected] or to the postal address Wingertstr 14, 60316 Frankfurt am Main, Germany. We also point out that the exercise of the right to object or deletion does not imply the immediate deletion of data or the modification of processing. In any case, we will answer you in detail as soon as possible, within the deadlines set by the GDPR.
In particular, with regard to the right to access and delete personal data, the following procedure is followed: The respective subject can address a written request to the company, requesting in principle access to his recorded personal data, and if they wish, they can request the delete them. The company will respond to the said request of the subject within thirty (30) days, at which time it will inform the subject of the course of their request as well as its implementation. In the event of a request by the subject to delete their personal data, the Company deletes the recorded personal data of the requesting subject, as long as there is no law or any applicable regulatory framework, obligation or provision that mandates the preservation of personal data.
If any of the above rights (except the right to access and delete the data, as stated above ) of each subject is exercised, the Company will take every possible measure to satisfy the said request within thirty (30) days of receiving it, in which case there will be relevant information on the course of this. These rights are exercised at no cost to the subject, unless they are repeated frequently and due to volume entail administrative costs for the company, in which case the applicant will bear the relevant costs. The Company reserves the right not to satisfy your request, in the event that it is deemed manifestly unfounded or excessive, informing you about the reasons for not satisfying it.
In the event that an event occurs where customer data has been lost, stolen or potentially compromised, it is our policy to notify our customers via email no later than 24 hours after our team becomes aware of the occurrence of the event. We will also report this incident to the relevant data protection authority, while we will take all necessary actions to assist our members in issuing new security codes.
11. Right to file a complaint
In the event that you consider that the processing of your data violates Regulation (EU) 2016/679 or you consider that your rights regarding the processing of your personal data are infringed and you are not satisfied with the response of the company as controller, you have right to file a complaint with the competent supervisory authority.
12. Cookies Policy
The primary objective of this policy is to provide general guidance on the use of cookies on our website and application.
12.1. What are cookies and why do we use them?
Cookies are small text files that are stored by the browser on the computer, tablet , mobile phone and generally on the device with which someone browses the website .
Each cookie contains information such as the name of the Website it comes from, its “lifetime” (ie how long it will remain on the device), and a value, which is usually a number. A cookie may remain on the device for up to one (1) year.
Cookies are unique to each web browser (eg Google Chrome, Mozilla Firefox, Apple Safari etc.) and contain anonymous information, which concerns the websites visited by the user as well as the devices used. They also allow websites to save the visitor’s preferences (such as login details , language, etc.).
The law states that we can store cookies on the user’s device, as long as they are absolutely necessary for the operation of the website. For all other types of cookies we need the user’s permission, basically the user’s consent is necessary. The respective user/visitor/subscriber can change or withdraw their consent at any time through the Cookie Statement on our website.
In paragraph 5 of article 4 of Law 3471/2006, as amended by Law 4070/2012, it is defined that the installation of cookies is allowed only if the subscriber or user has given his consent after clear and extensive information.
This system is also known as ” opt – in “, in contrast to the ” opt – out ” system that was in force before the amendment of Directive 2002/58/EC and allowed the installation of ” cookies ” without the consent of the subscriber or user, as long as the latter has previously been informed and had not objected to the processing.
Therefore, according to the above, the provider of an internet service (e.g. an online store) or a third party (e.g. an advertising network that promotes its products through the website of an online store) can install a cookie only if they secured the consent of the subscriber or user after prior appropriate information.
The use of cookies makes it easier for the website to remember information about the user’s visit, collecting useful information about the search preferences they have already made in previous visits to the Website. Thus, the search experience will be improved the next time the user visits the site. In addition, cookies help to control the performance and traffic of the website, improving its presentation and content, according to the preferences of its visitors.
12.2. Types of Cookies
The main types of cookies that websites usually use are described below:
- Necessary Cookies
The role of these cookies is to store information or to gain access to information already stored on your device with the sole purpose of carrying out the transmission of a communication via an electronic communications network or, to the extent absolutely necessary for the provision of an information society service, the which you have expressly requested. According to the relevant legal framework, you do not have the possibility to choose whether to reject the installation of these legal cookies , as without them it would not be technically possible to provide services from our website.
- Performance Cookies
We use third-party cookies ( Google Analytics ) for the sole purpose of analyzing traffic and improving website performance, while we take appropriate technical and organizational measures for the secure processing of your data (e.g. IP address anonymization ). These cookies collect information about how you use the website, such as, for example, the pages you visit most often, the page from which your visit originated, the type of browser you use, etc. Performance cookies collect aggregated anonymous statistical information that cannot lead to the identification of the visitor on our part.
- Advertising cookies (third-party cookies)
We use the so-called third – party cookies ( Google analytics / Search console ) to display personalized ads tailored to your preferences. Information such as your IP address , the browser you are using, which advertisement has already been displayed in your browser and whether you have accessed a website through an advertisement is recognized through a unique number ( ID ). You have the possibility to reject the installation of these cookies , while our policy provides detailed information about their operation and how you can manage them. However, since advertising revenue enables us to provide you with valid, timely and independent services, we ask that you accept their use by us.
12.3 . When the use of cookies is not desired
If you choose to disable cookies , some parts of the website may not work properly. To manage and disable them, the relevant instructions are provided per browser :
13. Changes to this policy
The Company reserves the right to modify this Policy at any time. Changes to this Policy will be posted on the website www.onetwothreehigh.com . The subject should review the Policy for any changes or additions, and the Company has no obligation to inform each subject separately of their rights. As long as visitors/users continue to use our app/website they are implicitly presumed to accept the amended terms and conditions and give their consent, consent, agreement and approval. Otherwise, they must refrain from using – visiting our application/website and using the services it offers. The revised version will be effective from the time it is posted on the website www.onetwothreehigh.com. When changes to the privacy policy are published, the company will also revise the “last updated” date at the beginning of this one.
14. Contact
If you have any questions regarding this policy or in general, regarding the activities of the company and our application/website, you can contact us at the email address [email protected] or at the postal address Wingertstr . 14, 60316 Frankfurt am Main , Germany.