Privacy Policy

We process Personal Data in the countries in which we are established, including the United States, the United Kingdom, APAC region, and the European Economic Area (“EEA”), and in other countries where our Third‑Party service providers are located.

SPORTFIVE complies fully with the principles and requirements established by GDPR, including safeguarding the rights of individuals located in the EU, the UK, and Switzerland. In the event SPORTFIVE, acting as a Data Controller, transfers Personal Data to a Third-Party processor, SPORTFIVE retains full responsibility to ensure such processing aligns with GDPR principles and framework.

Additionally, SPORTFIVE ensures compliance with applicable data protection laws by executing appropriate Intragroup Data Sharing Agreement within SPORTFIVE entities and groups by implementing robust Data Processing Agreements (DPAs), and Standard Contractual Clauses (SCCs) where applicable. Adequate decision-making processes and compliance mechanisms are consistently employed to guarantee full adherence to legal and regulatory standards.

This Privacy Notice applies to Personal Data collected through: 

• Our websites and digital platforms 

• Newsletters and marketing communications 

• Job application forms and recruitment portals linked from our website 

• Events, programs, and services managed by SPORTFIVE 

This Privacy Notice refers to “SPORTFIVE”, “we”, “us”, or “our”, it refers to the specific SPORTFIVE Group Company or Companies that act as a Data Controller and are responsible for processing your personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (EU-GDPR), General Data Protection Regulation (UK-GDPR) , and other regional privacy regulations. 

This may include the SPORTFIVE entity that: 

• Operates the website or digital platform you are accessing 

• Provides newsletters or other digital communications 

• Engages or recruits you (e.g., through job applications submitted via careers page or linked portals) 

• Requests or uses testimonials from you 

• Sends you marketing or promotional content 

• Hosts an event you attend 

• Organizes or manages a program or Service in which you participate 

Depending on the specific interaction and geographic location, one or more SPORTFIVE Group Companies will be responsible for determining the purposes and means of processing your Personal Data. 

We collect, process, and store Personal Data relating to the following categories of individuals: 

4.1 Website Visitors 

When you visit our website or contact us through online forms (e.g.,event registration form, press media registration form, and hospitality experience inquiry form ), we collect and process your Personal Data to respond to your inquiry, ensure proper website functionality, and analyze usage for optimization purposes. 

4.2 Users of our Online Services 

If you use our Online Services such as our website or mobile applications, we process your Personal Data to operate, secure, and improve these Online Services. This includes activities such as usage analytics, troubleshooting, and Service improvement. 

4.3 Marketing Recipients 

If you are an existing Customer or a prospective lead, we may process your Personal Data to send you relevant marketing communications, updates, offers, and promotional materials, subject to applicable marketing laws and communication preferences. 

4.4 Event Participants 

If you register for or attend our events, webinars, contests, or similar engagements, we process your Personal Data in relation to your participation. This may include registration details, feedback forms, or other documentation connected to the event. 

4.5 Representatives of Customers, Partners, and Suppliers 

We process Personal Data of individuals who work for or represent our business partners, Customers, suppliers, subcontractors, freelancers, or contractors. This includes individuals whose organizations: 

• Receive Services from SPORTFIVE, 

• Provide products or services to us, or 

• Collaborate with us in any business capacity. 

We may collect, process and store your Personal Data in connection with our provision of those Services to you, our receipt of services from you and/or our partnership. This may include Personal Data included in any email or telephone communications or recorded on any document relating to an order for the Services.

4.6 Job Applicants: If you apply for a job with us, whether through our website or otherwise, we will collect, process and store your Personal Data in connection with your application. 

5.1 Personal Data We Collect Directly from You (collected data) 

5.1.1 Website Access and Log Files 

(a) Description and Scope of Data Processing: when you access our website, certain technical data is automatically collected by our system for the purpose of delivering and maintaining the functionality and security of the site. This includes: 

• Browser type and version 

• Operating system 

• Internet service provider 

• IP address 

• Date and time of access 

• Referrer URL (the website from which you accessed ours) 

• Pages accessed on our website 

(b) Legal Basis: the legal basis for processing is our legitimate interests pursuant to Art. 6(1)(f) GDPR, which include:  

• Ensuring the stability and security of our website 

• Preventing misuse or fraudulent activity 

• Generating anonymized usage statistics 

• Managing technical communications related to your access 

(c) Purpose of Data Processing: the temporary storage of the IP address is technically necessary to deliver the website content to your device. This data also helps us optimize website performance and ensure system security. 

(d) Duration of Storage: log data is deleted or anonymized when it is no longer required for the purposes for which it was collected. Typically, this occurs at the end of your session unless further retention is required for security or troubleshooting purposes.  

5.1.2 Use of Cookies 

(a) Description and Scope of Data Processing: our website uses cookies. Cookies are small text files stored by your web browser on your device. When you visit our website, a cookie may be placed on your operating system. This cookie contains a unique identifier that allows your browser to be recognized when you return to the site. 

We use both technically necessary cookies and cookies for analytical purposes. 

(b) Technically Necessary Cookies 

These cookies are essential for the basic functionality of our website. Some elements of our website require that your browser be recognized even after navigating to a different page. These cookies enable core site functions such as: 

• Storing cookie consent preferences 

• Maintaining session status 

(c) Analytical Cookies 

We also use cookies that allow us to analyze user behavior to improve our website. These cookies may collect and transmit the following information: 

• Duration of website visit 

• Pages visited 

• Frequency of visits 

• Use of specific website functions 

• Browser type and version 

• User region (approximate) 

• Type of device used 

When you first access our website, you are informed about the use of cookies for analytical purposes. We obtain your explicit consent for the processing of Personal Data related to these cookies in accordance with Art. 6(1)(a) GDPR. A link to this Privacy Notice is also provided at that time. 

You may withdraw or adjust your consent at any time via our [cookie settings tool]  

(d) Legal Basis  

Technically necessary cookies: Processed on the basis of our legitimate interest in providing a functional website under Art. 6(1)(f) GDPR. 

Analytical cookies: Processed only after obtaining your consent in accordance with Art. 6(1)(a) GDPR. 

(e) Purpose of Data Processing 

• Ensure website functionality and navigation 

• Save your cookie preferences 

• Analyze usage patterns to improve user experience and content 

• Measure reach and conduct statistical evaluations 

These purposes also constitute our legitimate interest in the processing of Personal Data under Art. 6(1)(f) GDPR, where applicable. 

(f) Duration of Storage 

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the storage of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website in full. 

Detailed information about the individual cookies used on our website, including their purpose and storage duration, can be found in our Cookie Policy. 

5.1.3 Newsletters 

(a) Description and Scope of Data Processing 

On our website, there is the option to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us. 

The data are specifically 

• Salutation 

• First name 

• Last name 

• E-mail address 

• Company 

• Telephone number 

• Country 

• Preferences 

• In addition, the following data is collected during registration: 

• The IP address of the user 

• Date and time of registration 

For the processing of data, your consent is obtained during the registration process, and reference is made to this Privacy Notice. 

If you purchase goods or Services on our website and provide your e-mail address, this may subsequently be used by us to send a newsletter. In such a case, only direct advertising for our own similar goods or Services will be sent via the newsletter. 

No data will be passed to third parties in connection with the processing of data for the dispatch of newsletters. The data is used exclusively for sending newsletters. 

(b) Legal Basis 

The legal basis for the processing of the data is Art. 6 (1) lit. a GDPR if the user has given consent. 

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. 

(c) Purpose of Data Processing 

The collection of the user's e-mail address serves to deliver the newsletter. The collection of other Personal Data during the registration process serves to prevent misuse of the Services or the e-mail address used. 

(d) Duration of Storage 

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's e-mail address is stored as long as the subscription to the newsletter is active. 

The other Personal Data collected during the registration process is usually deleted after a period of seven days. 

5.1.4 Contact form and Email Contact 

(a) Description and Scope of Data Processing 

Contact forms are available on our website, which can be used for electronic contact. If a user takes this option, the data entered in the entry form is transmitted to us and stored. These data are: 

• Salutation 

• First name 

• Last name 

• E-mail address 

• Company 

• Telephone number 

• Country 

• Preferences 

• The IP address of the user 

• Date and time of registration 

For the processing of the data, your consent is obtained during the sending process, and reference is made to this Privacy Notice. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's Personal Data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing conversations. 

(b) Legal Basis 

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given his consent. 

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. 

(c) Purpose of Data Processing 

The processing of Personal Data from the entry form serves us solely for the purpose of processing the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. 

The other Personal Data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems. 

(d) Duration of Storage 

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the Personal Data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends when it is clear from the circumstances that the matter in question has been conclusively clarified. 

The additional Personal Data collected during the sending process will be deleted after a period of seven (7) days at the latest. 

We process Personal Data in the countries in which we are established, including the United States, the United Kingdom and the European Economic Area (“EEA”) and in other countries where third parties that we may use are based. 

When processing your Personal Data, we may need to share it with other Third Parties (including other entities within our Group Companies), as set out below. This list is non-exhaustive and there may be circumstances where we need to share Personal Data with other third parties: 

• Third party Service providers provide us with services, such as research and analytics, anti-spamming and anti-phishing Services, marketing and data enrichment. 

• With third party payment processors who process your credit card and other payment information for SPORTFIVE but who are otherwise not permitted to store, retain or use such information; 

• With Third-Party Service providers that assist us with the operation and administration of events. If we are running an event in partnership with other organizations, we will share your Personal Data with such organizations for use in relation to the event; 

• With third-party social media networks, advertising networks and websites; 

• With auditors, lawyers, accountants and other professional advisers who advise and assist us in relation to the lawful and effective management of our organization and in relation to any disputes we may become involved in; 

• With Affiliates within SPORTFIVE and companies that we will acquire in the future when they are made part of the SPORTFIVE Group, this may be for Customer support, marketing, technical operations, account management or organizational purposes and to provide, enhance and improve the Services; 

• If we are involved in a merger, reorganization or other fundamental corporate change with a third party, or sell/buy a business unit to/from a third party, or if all or a portion of our business, assets or stock are acquired by a third party, with such third party including at the due diligence stage; 

• Other third parties - Occasionally, we may receive requests from third parties with authority to obtain disclosure of Personal Data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for Personal Data where we are permitted to do so in accordance with applicable law or regulation. 

• Where necessary (such as when we transfer data to Service providers) we put in place appropriate contractual arrangements and security mechanisms to protect the Personal Data shared and to comply with our data protection, confidentiality and security standards and obligations. 

We may transfer your Personal Data to other companies within the SPORTFIVE Group, including affiliates, subsidiaries, and branch offices, for the purposes described in this Privacy Notice. These transfers may take place within your country of residence or to countries outside the European Economic Area (“EEA”) and/or the United Kingdom (“UK”). 

To protect your Personal Data in such circumstances, we have implemented appropriate safeguards in accordance with applicable data protection laws. In particular: 

• Intragroup transfers are governed by an Intragroup Data Sharing Agreement, incorporating the European Commission’s Standard Contractual Clauses (“SCCs”) and/or the UK International Data Transfer Agreement (“IDTA”), as applicable. 

• Third-party transfers (e.g., to Service providers, business partners, or professional advisers) are subject to legally recognized safeguards such as SCCs, IDTA, or other contractual protections approved under applicable law. 

• Where the European Commission or UK government has issued an adequacy decision for a country, we may rely on that decision for transfers to recipients in that jurisdiction. 

Where required, we will ensure that such transfers occur only with your consent or where another lawful transfer mechanism applies under the General Data Protection Regulation (“GDPR”), the UK GDPR, or other applicable laws. 

We use appropriate technical and organizational measures (TOMs) to protect the Personal Data that we collect and process. We have implemented information security policies, rules and technical measures to protect the Personal Data under our control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. In addition, all our employees and Data Processors (i.e. those who process your Personal Data on our behalf) are obliged to respect the confidentiality of the Personal Data of all users of our website and those who use our Services. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data. 

We will retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Notice, and as required to: 

• Comply with legal and regulatory obligations. 

• Maintain accurate financial and operational records. 

• Address complaints and manage disputes. 

• Enforce our agreements. 

9.1 Service-Related Data 

For Personal Data processed in connection with the provision of our Services. We generally retain such data for up to six (6) years from the date the relevant Services were supplied, in compliance with applicable data protection laws. After this period, we may securely delete or destroy the data without further notice or liability. 

9.2 Other Personal Data 

Where we process Personal Data for purposes other than the supply of our Services, we generally retain it for up to three (3) years from the date of our last interaction with you. After this period, we may securely delete or destroy the data without further notice or liability. 

9.3 Short-Term Use Data 

If Personal Data is only required for a short period (e.g., for a specific activity, promotion, or marketing campaign), we will not retain it beyond the period necessary for that purpose. 

9.4 Marketing Suppression Lists 

If you opt out of marketing communications, we will retain limited Personal Data indefinitely on a suppression list to ensure you are not contacted again for marketing purposes. This data will not be used for marketing unless you opt back in. 

9.5 Recruitment Data 

If you apply for a role with us, we will retain application data for a limited period for recordkeeping and legal compliance. Subject to local law, we may also retain your details to contact you regarding future opportunities, with your consent where required. Further details will be provided during the application process. 

9.6 Local Law and Exceptions 

Retention periods may vary due to local legal requirements, liability periods, or mandatory retention obligations. Where applicable law requires longer retention, we will retain the relevant data for the necessary period. 

Right to Information 

You may request confirmation from the Data Controller as to whether personal data concerning you are being processed by us. If such processing is taking place, you may request information from the Data Controller about the following: 

• the purposes for which the personal data are processed; 

• the categories of personal data which are processed; 

• the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed; 

• the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period; 

Right to Rectification 

You can request correction or completion of inaccurate or incomplete personal data. 

Right to Delete 

You can request deletion of your data when it is no longer needed; consent is withdrawn, processing is unlawful, or other GDPR conditions apply. Deletion must occur upon a valid request or proactively when retention is no longer justified. 

Data subject has the right to request the deletion of their personal data (or right to be forgotten), when one of the following conditions applies: 

• Data subject objects to the processing of personal data and there are no overriding legitimate reasons justifying that SPORTFIVE 

must continue processing your personal data (e.g., legal obligation); 

• Data Subject object to marketing activities; 

• Data subject decides to withdraw consent on which the processing is based; 

• Personal data are no longer useful for the original purposes for which it was collected or for any other type of processing 

Deletion Exception 

Deletion may be refused when processing is required for freedom of expression, legal obligations, public interest, research, or legal claims. 

Right to Restriction of Processing 

You may request restricted processing if accuracy is contested; processing is unlawful, data is needed for legal claims, or an objection is pending. 

Right to Withdraw your Consent 

Consent given by a data subject to the processing of their data may be freely withdrawn at any time 

Right to Object 

You may object to processing based on legitimate or public interest. Direct marketing objections must always stop processing immediately. 

Name and address of the responsible person 

The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is: 

11.1 Data Controller 

SPORTFIVE Global Holding GmbH 

Barcastraße 5, 22087 Hamburg, Germany 

Tel.: +49 40 37 67 70 

E-Mail: [email protected]  

Website: www.sportfive.com 

11.2 External Data Protection Officer 

ePrivacy GmbH 

represented by Prof. Dr. Christoph Bauer 

Große Bleichen 21, 20354 Hamburg, Germany 

Tel.: +49 40 60 94 51 80 

Customer 

Customer refers to any individual who interacts with SPORTFIVE in the context of SPORTFIVE’s commercial services, including representatives of brands, rights owners, sponsors, partners, or agencies receiving consulting, marketing support, activation, or related services 

-- 

Data Controller 

A natural or legal person, public authority, agency, or other body that determines the purposes and means of the processing of personal data. 

Art. 4(7) 

Data Processor 

A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller. 

Art. 4(8); Art. 28 

DPA (Data Processing Agreement) 

A binding contract between a controller and processor outlining obligations, instructions, security measures, sub-processing rules, and compliance requirements. 

Art. 28 

GDPR 

The General Data Protection Regulation (EU) 2016/679 lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. 

This Regulation protects fundamental rights and freedoms of natural persons, and particularly their right to the protection of personal data. 

Art.1 GDPR 

Group Companies 

refers to a company that is part of a larger corporate group, which typically includes multiple affiliated companies. A group of companies can include parent companies, subsidiaries, and other entities within a single corporate structure. These companies often operate under the same corporate umbrella but may focus on different business functions or sectors. 

-- 

Intragroup Data Sharing Agreement 

A contract between affiliated entities within the same corporate group establishing rules and safeguards for internal personal data sharing. 

Art. 46 GDPR; Recitals 48, 109 

Personal Data 

Any information relating to an identified or identifiable physical person (‘data subject’) (i.e. not a legal entity); an identifiable physical person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person 

Art. 4(1) GDPR 

Processing 

Any operation performed on personal data, such as collection, storage, retrieval, and disclosure. It's any operation or set of operations which are performed on personal data or on sets of personal data, whether or not by automated means. 

Art. 4(2) GDPR 

Privacy Notice 

Communication to data subjects describing how their personal data is collected, used, stored, transferred, and their rights. 

Art. 12–14 

SCC (Standard Contractual Clauses) 

EU-approved safeguards for transferring personal data to third countries, lacking adequacy decisions. 

Art. 46(2)(c); 46(2)(d) 

Online Services 

Online Services means our websites, mobile applications, and any related digital features or platforms that we operate. 

-- 

Sub-processor 

is a third-party data processor engaged by a Data Processor who has or will have access to or process personal data from a Data Controller.  

Art.28 (3) GDPR 

Third Party  

is the natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data. 

Art.4 (10) GDPR