This English translation is provided for convenience only. In the event of any discrepancy, the German version is legally binding.
This privacy policy informs you about the nature, scope and purpose of the processing of personal data on this website. It is based on the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Act on Data Protection and Privacy in Telecommunications and Digital Services (TDDDG). In the context of insurance mediation, the German Insurance Mediation Ordinance (VersVermV) and the Insurance Contract Act (VVG) additionally apply.
1. Controller
The controller responsible for data processing on this website is:
Beyond Sports GmbHHammfelddamm 4A
41460 Neuss
Germany
Phone: +49 2131 228144
Email: hello@beyond-sports.de
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2. General information and mandatory disclosures
Data protection
We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy. Please note that data transmission over the internet (e.g. communication by email) can have security gaps. Complete protection of data against access by third parties is not possible.
General legal bases for processing
Where you have consented to processing, we process your personal data on the basis of Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR where special categories of personal data are processed. Where your data is required to fulfil a contract or to carry out pre-contractual measures, we process it on the basis of Article 6 (1) (b) GDPR. Where processing is necessary to comply with a legal obligation, it takes place on the basis of Article 6 (1) (c) GDPR. Processing may further take place on the basis of our legitimate interest pursuant to Article 6 (1) (f) GDPR. Where consent covers the storage of, or access to, information on your device, processing additionally takes place on the basis of Section 25 (1) TDDDG. The legal bases applicable in each case are referred to in the following sections of this policy.
Storage period
Unless a more specific storage period is stated within this privacy policy, your personal data remains with us until the purpose for the processing no longer applies. If you assert a legitimate request for deletion or withdraw consent to data processing, your data will be deleted unless we have other legally permissible grounds for storing it (e.g. tax or commercial retention periods); in the latter case, deletion takes place once those grounds cease to apply.
Transfers to third countries
Where we use services from providers based in the USA, we base any transfer of personal data primarily on the adequacy decision on the EU-US Data Privacy Framework (DPF) pursuant to Article 45 GDPR, provided the respective provider is certified. In addition, or on a subsidiary basis, we agree on Standard Contractual Clauses of the EU Commission (Article 46 GDPR). Details can be found in the sections on the individual services.
SSL / TLS encryption
For security reasons and to protect the transmission of confidential content, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the browser's address line changes from „http://" to „https://". When SSL or TLS encryption is active, the data you transmit to us cannot be read by third parties.
3. Your rights
Withdrawal of your consent to data processing (Article 7 (3) GDPR)
Many data processing operations are only possible with your express consent. You can withdraw consent already given at any time with effect for the future. The lawfulness of the data processing carried out until withdrawal remains unaffected. An informal message to the contact details given under „Controller" is sufficient to withdraw consent.
Right to object (Article 21 GDPR)
WHERE DATA PROCESSING IS BASED ON ARTICLE 6 (1) (E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THOSE PROVISIONS. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ARTICLE 21 (1) GDPR).
WHERE YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ARTICLE 21 (2) GDPR).
Access, rectification, erasure and restriction
Within the scope of the applicable statutory provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of the processing (Article 15 GDPR), to rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18 GDPR). To exercise these rights, an informal message to the contact details given under „Controller" is sufficient.
Right to data portability (Article 20 GDPR)
You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Right to lodge a complaint with the supervisory authority (Article 77 GDPR)
Without prejudice to any other legal remedy, you have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-WestfalenPostfach 20 04 44
40102 Düsseldorf, Germany
ldi.nrw.de
Automated decision-making
Automated decision-making, including profiling, within the meaning of Article 22 GDPR does not take place.
4. Data collection on this website
Cookies
This website does not use cookies for analytics, marketing or tracking purposes. Should technically necessary cookies be used in the future that are required to provide certain functions you have requested, these are stored on the basis of Section 25 (2) no. 2 TDDDG in conjunction with Article 6 (1) (f) GDPR. Cookies or comparable technologies that are not technically necessary are only used with your consent pursuant to Article 6 (1) (a) GDPR and Section 25 (1) TDDDG.
Server log files
When this website is accessed, technical information is automatically collected and stored in server log files (IP address, browser type and version, operating system used, referrer URL, date and time of the server request). This data is not merged with other data sources. It serves to ensure trouble-free operation and the security of our systems and is anonymised or deleted after 30 days at the latest. The legal basis is Article 6 (1) (f) GDPR (legitimate interest in the technically error-free presentation and the security of the website).
Contact (contact form, email, phone)
If you contact us via the contact form, by email or by phone, your details (name, company or club/advisory agency where applicable, email address, phone number, message) are stored by us for the purpose of processing your enquiry. We do not pass on this data without your consent. Providing this data is neither legally nor contractually required; without it, however, we cannot process your enquiry.
Processing takes place on the basis of Article 6 (1) (b) GDPR where your enquiry relates to the performance of a contract or is necessary to carry out pre-contractual measures; otherwise on the basis of our legitimate interest in the effective handling of enquiries addressed to us (Article 6 (1) (f) GDPR) or your consent (Article 6 (1) (a) GDPR), where this has been requested. The data is deleted once your request has been finally dealt with, unless a statutory retention obligation applies or an advisory relationship is established (see section 5).
Note on health data
No health data (e.g. pre-existing conditions, injury history, ongoing treatments) should be transmitted via the contact form. Such special categories of personal data are only collected in the context of a personal advisory meeting on the basis of separate consent. Should you nevertheless provide health information in the contact form unprompted, it will be treated separately and deleted at your request.
5. Note on insurance mediation
No insurance advice or mediation takes place via this website itself; it serves to provide information about our offering and to enable contact. If your enquiry results in a concrete advisory relationship, your contact and enquiry data is transferred into a jointly controlled data processing operation with Milkereit & Co. Assekuranzmakler GmbH, Hammfelddamm 4A, 41460 Neuss (licence holder pursuant to Section 34d (1) GewO). Beyond Sports GmbH and Milkereit & Co. Assekuranzmakler GmbH are joint controllers within the meaning of Article 26 GDPR in this respect.
Beyond Sports GmbH operates the platform, customer communication and advisory documentation; Milkereit & Co. Assekuranzmakler GmbH is responsible for the processing steps attributable to mediation under supervisory law, in particular communication with insurers and the submission of applications. The central contact point for all data subject rights is Beyond Sports GmbH, hello@beyond-sports.de; however, you may assert your rights against either of the two controllers.
Before advice begins, you will receive separate privacy information on insurance mediation. It contains all details on the categories of data processed during advice (including health data on the basis of separate consent), the legal bases, storage periods, recipients and the essence of the joint controller agreement (Article 26 (2) GDPR). It can be requested at any time at hello@beyond-sports.de.
6. Hosting and third-party services
Hosting (Vercel)
This website is hosted externally. The personal data collected on this website is stored on the host's servers. This may include, in particular, IP addresses, contact requests, meta and communication data, contact data, names, website access data and other data generated via a website. External hosting takes place for the purpose of fulfilling the contract with our potential and existing customers (Article 6 (1) (b) GDPR) and in the interest of the secure, fast and efficient provision of our online offering by a professional provider (Article 6 (1) (f) GDPR). We use the following host:
Vercel Inc.440 N Barranca Ave #4133, Covina, CA 91723, USA
EU representative: c/o EDPO, Avenue Huart Hamoir 71, 1030 Brussels, Belgium
We have concluded a data processing agreement (DPA, Article 28 GDPR) with the provider, which ensures that the personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR. Vercel Inc. is based in the USA and is certified under the EU-US Data Privacy Framework (DPF); any transfer of personal data to the USA is based on this framework (Article 45 GDPR), supplemented by Standard Contractual Clauses (Article 46 GDPR).
Plausible Analytics
This website uses Plausible Analytics, a cookie-free and privacy-friendly web analytics service provided by Plausible Insights OÜ (Västriku tn 2, 50403 Tartu, Estonia). No personal data is stored, no cookies are set and no cross-site tracking is carried out. Aggregated metrics such as page views, time on page and referrer are recorded in anonymised form. The data is hosted on servers in the EU. The legal basis is Article 6 (1) (f) GDPR (legitimate interest in reach-related analysis and optimisation of our online offering without intruding on visitors' privacy). Further information: plausible.io/data-policy.
Fonts (locally hosted)
For uniform display, this website exclusively uses fonts hosted locally on our server. When the page is accessed, no connection is established to servers of font providers (e.g. Google Fonts, Adobe Fonts); no personal data is transmitted to third parties in the process.
Database infrastructure (Supabase)
The data submitted via the contact form (name, company where applicable, email address, phone number, message, time of the enquiry) is stored in a database of the Supabase service provided by Supabase, Inc. (970 Toa Payoh North #07-04, Singapore / USA) for the purpose of processing and following up on your enquiry. Storage takes place on servers within the European Union (Frankfurt am Main region). Supabase processes this data as a processor exclusively on our instructions; a data processing agreement pursuant to Article 28 GDPR is in place. Insofar as access from third countries cannot be ruled out in the context of support or maintenance services, it is safeguarded by the EU Standard Contractual Clauses (Article 46 GDPR, Implementing Decision (EU) 2021/914). The legal basis for the processing is Article 6 (1) (b) GDPR (handling of your enquiry or implementation of pre-contractual measures) and Article 6 (1) (f) GDPR (legitimate interest in the structured and secure management of enquiries addressed to us). The deletion periods stated in the „Contact" section apply. Further information: supabase.com/privacy.
Email delivery (Resend)
To send the messages submitted via the contact form and a confirmation of receipt to you, we use Resend, a service provided by Plus Five Five, Inc. (2261 Market Street #5039, San Francisco, CA 94114, USA). The data you provide (name, company where applicable, email address, phone number, message) is transmitted so that your enquiry can be delivered and answered by email. Resend processes this data as a processor exclusively on our instructions; a data processing agreement pursuant to Article 28 GDPR is in place. The transfer to the USA is based on the EU-US Data Privacy Framework (DPF), under which the provider is certified (Article 45 GDPR), and additionally on Standard Contractual Clauses (Article 46 GDPR). The legal basis for the processing is Article 6 (1) (b) GDPR (handling of your enquiry) and Article 6 (1) (f) GDPR (legitimate interest in a reliable delivery channel). Further information: resend.com/legal/privacy-policy.
7. Changes to this privacy policy
We reserve the right to amend this privacy policy in order to adapt it to changed legal situations or changes to our offering (e.g. new services). The current version published on this page applies in each case.
