Appendix – Data Processing Addendum
1. Definitions and Interpretations
1.1. For the purposes of this DPA, capitalized terms shall have the following meanings, unless defined elsewhere in the Agreement:
“Agreement” shall mean the agreement to which this DPA is attached and forms integral part of;
“Approved Jurisdiction” shall mean a member state of the European Economic Area (“EEA”), or other jurisdiction as may be approved as having adequate legal protections for personal data by the European Commission, currently available here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en;
“Business Day” shall mean any day except any Saturday, Sunday or a public holiday in the respective countries of incorporation of the Parties to the Agreement;
“CCPA” shall mean the U.S. California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CPRA”) and from time to time;
“Competent Data Protection Authority” shall mean the competent data protection authority or regulator, which, by way of example, is the Austrian Data Protection Authority [die österreichische Datenschutzbehörde];
“Data Protection Legislation” shall mean all applicable data protection legislation, including the GDPR, CCPA, any national, federal, or state data protection legislation, and any regulations, guidelines or any other documents issued by a Competent Data Protection Authority, each as amended from time to time;
“DPA” shall mean this Appendix – Data Processing Addendum;
“GDPR” shall mean Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as amended from time to time;
“Personal Data” shall mean any information relating to an identified or identifiable natural person processed under this DPA as further defined in Annex 1 – Personal Data Processing Description;
1.2. For the purposes of this DPA, the terms “data controller”, ”business”, “data processor”, “service provider”, “data subject”, “personal data”, “process”, “processing” and “data breach” shall have the meanings attributed to them in the GDPR (and as respective terms as defined under CCPA and other applicable data protection legislation).
2. Purpose of this DPA
2.1. The purpose of this DPA is to determine the roles and responsibilities of each Party during the provision of the Products and/or Services under the Agreement and the associated processing of the Personal Data in order to ensure the Parties’ compliance with the applicable Data Protection Legislation.
2.2. The categories of the Personal Data processed, the categories of data subjects to whom the Personal Data relates and the processing operations performed on the Personal Data are further detailed in Annex 1 – Personal Data Processing Description and the respective Personal Data processing will be performed by Sportradar according to the Products and/or Services chosen by the Client in the Agreement. In addition, Parties acknowledge and agree that the Annex 1 – Personal Data Processing Description contains (where applicable) additional terms related to the Products and/or Services provided under the Agreement (the “Additional Terms”) and by signing the Agreement, Parties shall comply with their respective obligations as contained in the Additional Terms.
2.3. Moreover, the Client expressly acknowledge and agree and instructs Sportradar to process personal data and other data collected and/or received as part of other Sportradar’s products and services, including the Managed Trading Services and AI Marketing Services, and provided to the Client and/or Client’s subsidiaries and affiliates under the respective separate services agreements, for the purposes of improvement and optimization of the Products and/or Services provided under the Agreement (the “Optimization”) and as further detailed in Annex 1 – Personal Data Processing Description.
2.4. The Parties agree that with regard to the processing of the Personal Data, Sportradar shall act as the data processor/service provider processing the Personal Data on behalf of the Client acting as the data controller/business.
3. Term and Termination
3.1. This DPA shall be bound to the term of the Agreement.
3.2. Upon termination of the Agreement, Sportradar shall proceed in accordance with the clause 4.13 of this DPA.
4. Obligations of Sportradar
4.1. Sportradar shall process the Personal Data in accordance with the instructions of the Client and in compliance with the Data Protection Legislation. Sportradar shall immediately inform in writing the Client if Sportradar believes that any of the instructions of the Client violate the Data Protection Legislation. For the avoidance of doubt, this notification obligation shall not mean that Sportradar is obliged to perform a comprehensive legal examination with respect to a Client’s instructions. In addition, this DPA represents the final and complete instructions from the Client and any further instructions are subject to mutual agreement between the Parties and may be subject to additional costs.
4.2. Sportradar shall keep a written record of all categories of processing operations carried out on behalf of the Client as required under the applicable Data Protection Legislation.
4.3. Sportradar shall not disclose the Personal Data to third parties, unless with the express prior written consent of the Client or when required under applicable law. For the avoidance of doubt, the Client acknowledges and agrees that Sportradar’s sub-processors, affiliates and subsidiaries shall not be considered as third parties for the purposes of this DPA.
Sportradar may disclose the Personal Data to other data processors working for the Client, pursuant to the Client’s instructions. In this case, the Client shall identify, in writing and in advance, the entity the Personal Data shall be disclosed to, the Personal Data to be disclosed, and the security measures to be applied for the disclosure.
If Sportradar shall transfer Personal Data to a third country or international organisation, pursuant to applicable European Union or Member State law, Sportradar shall inform the Client of that legal requirement beforehand, unless the law prohibits this on important grounds of public interest.
4.4. The Client authorises Sportradar to appoint – and permit each sub-processor appointed in accordance with this clause to appoint – sub-processors. The current list of sub-processors engaged by Sportradar can be provided to the Client upon request. When appointing new sub-processors, Sportradar shall perform appropriate due diligence on any sub-processor to be engaged in the processing of the Personal Data and conclude a data processing agreement with such sub-processor that provides similar level of protection to the Personal Data as this DPA. Sportradar shall be responsible for all acts and omissions of the sub-processors it engages.
4.5. Sportradar shall maintain the duty of secrecy regarding the Personal Data, even after the termination of the Agreement.
4.6. Sportradar shall ensure that the individuals authorized to process the Personal Data expressly undertake in writing to respect the confidentiality of the Personal Data and to comply with any relevant security measures, of which they shall be duly informed. In addition, Sportradar shall ensure that the individuals authorized to process the Personal Data have appropriate data protection training.
4.7. Taking into account the nature of the processing, Sportradar shall assist the Client by taking appropriate technical and organizational measures, insofar as this is possible, in meeting the Client’s obligation to respond to data subjects’ requests. The Client shall reimburse Sportradar for all reasonable costs and expenses incurred with regard to such assistance.
4.8. Sportradar shall promptly notify the Client of any data subject request received by Sportradar relating to the processing of the Personal Data under this DPA, to the extent that Sportradar can identify that a data subject request relates to the Client. The notification shall be accompanied, where appropriate, by other information that may be relevant for the Client to resolve the data subject’s request.
4.9. Sportradar shall notify the Client without undue delay of any confirmed data breach involving Personal Data processed under this DPA (the “Data Breach”) and will reasonably respond to the Client’s request for further information pertaining to the Data Breach so that the Client may fulfil its obligations under the Data Protection Legislation.
4.10. Sportradar shall provide reasonable support to the Client in sending prior consultations to Competent Data Protection Authorities and in conducting data protection impact assessments.
4.11. Sportradar shall provide the Client with all reasonable information necessary to demonstrate compliance with its obligations under the Data Protection Legislation and shall allow audits and inspections to be carried out by an independent third party auditor mutually agreed by the Client and Sportradar, at the cost of the Client. Such audit or inspection may only be undertaken once in any 12 (twelve) calendar month period upon a prior written notice during normal business hours. For the avoidance of doubt, providing to the Client information via reports, certifications or Client’s questionnaires or forms, shall be deemed as sufficient provision of information by Sportradar under this clause and on-premise audits and inspections shall be carried out by the Client only in case of a confirmed breach of Sportradar’s material obligations under this DPA.
4.12. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of individuals, Sportradar shall implement appropriate technical and organisational measures to:
a. ensure a level of security appropriate to the risk involved in order to protect the Personal Data from unauthorized use, alteration, access or disclosure, loss, theft, and damage;
b. ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
c. restore the availability and access to the Personal Data in a timely manner in the event of a physical or technical incident;
d. test, assess and evaluate the effectiveness of technical and organisational measures implemented for ensuring the security of the processing of the Personal Data;
e. pseudonymise and encrypt the Personal Data, as appropriate.
4.13. The Client instructs Sportradar, upon termination of the Agreement, to delete all Personal Data processed under this DPA from its systems in accordance with Sportradar’s internal data retention schedule, unless instructed otherwise by the Client in writing. The Client acknowledges and agrees that Sportradar shall have the right to use de-identified and/or aggregated data related to or obtained in connection with the Agreement and/or this DPA for its legitimate internal business purposes, such as analytics, reporting, and to improve, benchmark and develop its internal products and services.
5. Obligations of the Client
5.1. The Client shall provide the Personal Data or otherwise make the Personal Data available to Sportradar and shall not instruct Sportradar to process the Personal Data in violation of the Data Protection Legislation.
5.2. The Client shall comply with all requirements of the applicable Data Protection Legislation and shall notify Sportradar without undue delay of any relevant changes to the Data Protection Legislation that may have impact on the processing of the Personal Data under this DPA.
5.3. The Client shall ensure that as required by and in accordance with the requirements of the Data Protection Legislation: (i) at the time of collection, the data subjects are provided with clear and sufficient information about the collection and processing of the personal data processed under this DPA, (ii) at the time of collection, legal basis for processing of the personal data under this DPA is secured and any consents of data subjects are obtained, (iii) the data subjects are provided with the opportunity to exercise their data subject rights under the Data Protection Legislation and their requests to exercise their rights are complied with, (iv) appropriate technical and organizational measures are implemented by the Client to sufficiently protect the Personal Data and (v) the Client does not provide or otherwise make available to Sportradar Personal Data related to minors (as this term is defined in the applicable laws).
5.4. The Client shall conduct any relevant data protection impact assessments and prior consultations with respect to the processing operations to be carried out under this DPA and in relation to the Agreement.
5.5. The Client shall ensure that Sportradar complies with the Data Protection Legislation prior to and during processing of the Personal Data.
6. International Data Transfers
6.1. Sportradar may process (including transfer) the Personal Data outside of the EEA, United Kingdom (“UK”) and/or Switzerland if such transfer is made in accordance with the applicable Data Protection Legislation, i.e. (1) to an Approved Jurisdiction, (2) subject to applicable model clauses for data transfers (standard contractual clauses) or frameworks approved by a Competent Data Protection Authority, or (3) subject to other legal mechanisms for international data transfers.
6.2. To the extent that Sportradar processes the Personal Data originating from or otherwise subject to the Data Protection Legislation of any of the jurisdictions listed below, the terms specified therein with respect to the applicable jurisdiction(s) apply in addition to the foregoing terms.
6.3. To the extent that the Client transfers the Personal Data from the EEA, the UK or Switzerland to a subsidiary or affiliate of Sportradar located outside the EEA, UK or Switzerland, unless the Parties may rely on an alternative transfer mechanism or basis under the Data Protection Legislation, the Parties will be deemed to have entered into the standard contractual clauses approved by the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021 available at http://data.europa.eu/eli/dec_impl/2021/914/oj (“Clauses”) in respect of such transfer, whereby:
a. the Client is the “data exporter” and Sportradar is the “data importer”;
b. the footnotes, Clause 9(a) Option 1, Clause 11(a) Option and Clause 17 Option 1 are omitted, the time period in Clause 9(a) Option 2 is 14 days, and the applicable annexes are completed respectively with the information set out in the DPA and the Agreement;
c. to the extent that the Client acts as a data controller and Sportradar acts as a data processor, Module Two applies and Modules One, Three and Four are omitted, and to the extent that the Client acts as a data processor and Sportradar acts as a sub-processor, Module Three applies and Modules One, Two and Four are omitted;
d. the “competent supervisory authority” is the supervisory authority in Austria;
e. the Clauses are governed by the law of Austria;
f. any dispute arising from the Clauses will be resolved by the courts of Austria; and
g. if there is any conflict between the terms of the Agreement and/or the DPA, on the one hand, and the Clauses, on the other hand, the Clauses will prevail.
6.4. In relation to transfers of the Personal Data from the UK, the Clauses as implemented under clause 7.3. above will apply subject to the following modifications:
a. the Clauses are amended as specified by Part 2 of the international data transfer addendum to the European Commission’s standard contractual clauses issued under Section 119A of the UK Data Protection Act 2018, as may be amended or superseded from time to time (“UK Addendum”);
b. tables 1 to 3 in Part 1 of the UK Addendum are completed respectively with the information set out in the DPA and the Agreement (as applicable); and
c. table 4 in Part 1 of the UK Addendum is completed by selecting “neither party”.
6.5. In relation to transfers of the Personal Data from Switzerland, the Clauses as implemented under clause 7.3. above will apply subject to the following modifications:
a. references to “Regulation (EU) 2016/679” shall be interpreted as references to the Swiss Federal Act on Data Protection (“FADP”);
b. references to specific Articles of “Regulation (EU) 2016/679” shall be replaced with the equivalent article or section of the FADP;
c. references to “EU”, “Union”, “a Member State” and “Member State law” shall be replaced with references to “Switzerland” or “Swiss law”, as applicable;
d. the term “member state” shall not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of accessing their rights;
e. Clause 13(a) and Part C of Annex I are not used and the “competent supervisory authority” is the Swiss Federal Data Protection Information Commissioner;
f. the Clauses are governed by the law of Switzerland; and
g. any dispute arising from the Clauses will be resolved by the courts of Switzerland.
7. Liability and Limitation of Liability
7.1. The Client shall be liable and shall hold Sportradar harmless from and against any and all losses, fines, liabilities, damages, costs, claims, amounts paid in settlement and expenses (including legal fees, disbursements, costs of investigation, litigation, settlement, judgment, interest and penalties) that are sustained or suffered or incurred by, awarded against or agreed to be paid by, Sportradar as a result of, or arising from, (i) a breach by the Client of its obligations under this DPA and/or the Data Protection Legislation and (ii) a breach by the Client of its obligations under the Additional Terms. For the avoidance of doubt, this indemnity shall be unlimited and shall override any limitation of liability provisions contained in the Agreement or in any other agreement between the Parties.
7.2. To the fullest extent permitted by law, neither Sportradar nor any of its affiliates, shall be liable to the Client under or in connection with this DPA for any indirect, special or consequential losses or damages, loss of business or good will, profit or revenue. Notwithstanding anything to the contrary in the Agreement, the total aggregate liability of Sportradar to the Client under or in connection with this DPA (whether the liability arises because of a breach of contract, negligence, breach of statutory duty or otherwise) for any loss or damage of whatsoever nature and howsoever caused shall not exceed the lower of either (i) the total amount of fees actually paid by the Client under the Agreement during the 12 (twelve) months prior to the event giving rise to the claim, or (ii) 150,000,- (one hundred and fifty thousand) EUR.
8. Contact Point
Each Party shall nominate the following contact person within their organisation who can be contacted in respect of queries, complaints or notifications of any kind whatsoever regarding this DPA or the Data Protection Legislation:
For Sportradar:
Name and Position: Stefano Celardo (Global Data Protection Officer)
E-mail: [email protected]
For the Client:
As per the Agreement
9. Miscellaneous
9.1. Unless specifically agreed between the Parties in the Agreement or otherwise in writing, in the event of any conflict between the terms of this DPA, the Agreement and any other agreement between the Parties, this DPA shall take precedence. In the event of any conflict between the Clauses and the DPA, the Clauses shall prevail.
9.2. This DPA shall be governed by and construed in accordance with the laws chosen by the Parties in the Agreement. All disputes arising out of or in connection with this DPA shall be subject to the exclusive jurisdiction of the court(s) chosen by the Parties in the Agreement.
9.3. The provisions of this DPA are severable. If any phrase, clause or provision is invalid or unenforceable in whole or in part, such invalidity or unenforceability shall affect only such phrase, clause or provision and the rest of this DPA shall remain in full force and effect.
9.4. Clause 2.1, 4.13, 5.3 and 7 of this DPA shall survive the termination or the expiry of this DPA and the Agreement.
9.5. Any amendment to this DPA must be made in writing upon mutual agreement by the Parties.
Annex 1 – Personal Data Processing Description
| Product/Service provided under the Agreement | Programmatic Advertising (Self-Service Campaign/Managed Campaign) |
| Categories of the personal data processed | Sportradar shall process on behalf of the Client the following categories of personal data: a) IP addresses, b) Cookie IDs and other online identifiers, tracking cookies and other cookies; c) Device type (unique device identifiers), operating system, browser type, screen resolution; d) Date and time of access of Client’s digital properties (websites, apps) e) Pages visited – before, on and after an end user lands on Client’s digital properties (websites, apps); f) Language used to Client’s digital properties (websites, apps), Client’s content and/or Sportradar’s assets (if applicable), g) Geographic data (including country, region, postal code and/or GPS data (if applicable)); h) Information on the time of day and how often the Client’s end user has been viewing Client’s content and/or using Sportradar’s assets (if applicable); i) Referring URL and domain; j) Mouse events (movements, location, and clicks); k) Conversion data (e.g. registration started but not finished, registration finished); l) If applicable, other data which may be considered to be personal data; (the “Programmatic Personal Data”). |
| Categories of data subjects | The data subjects to whom the Programmatic Personal Data relates are Client’s end users. |
| Processing operations performed | As part of the Programmatic Advertising (Self-Service Campaign/Managed Campaign), Sportradar shall perform the following processing operations: · Performance of the Programmatic Advertising (Self-Service Campaign/Managed Campaign), including: i. collection of the Programmatic Personal Data via pixels or other tracking technology integrated throughout the Client’s digital properties (websites, apps); ii. storage of the Programmatic Personal Data in Sportradar’s data management platform. · Improvement of the performance of the Programmatic Advertising (Self-Service Campaign/Managed Campaign), including: i. segmentation of Client’s end users based on their interest and/or characteristics derived from Programmatic Personal Data as well as (if applicable) other personal data as per Client’s instructions; ii. optimization and improvement of the Programmatic Advertising (Self-Service Campaign/Managed Campaign) based on the interests and/or characteristics of Client’s end users derived from Programmatic Personal Data. · Detailed conversion tracking (e.g. registration started but not finished, registration finished), measurement (e.g. views, clicks), analytics and reporting. |
| Product/Service provided under the Agreement | Dynamic Display |
| Categories of the personal data processed | Sportradar shall process on behalf of the Client the following categories of personal data: A. The Programmatic Personal Data and/or (if applicable and instructed by the Client) other personal data collected as part of other advertising campaigns provided by Sportradar to the Client and stored in Sportradar’s data management platform, (together the “DMP Personal Data”); B. Personal data collected via pixels or other tracking technology integrated throughout the Client’s digital properties (websites/apps): a) IP addresses, b) Cookie IDs and other online identifiers, tracking cookies and other cookies; c) Information about end users´ activities on the Client’s digital properties (websites/apps): i. Team name; ii. Team logos, jerseys, or other graphics; iii. Odds (home win, draw, guest win); iv. MatchID; v. Sport, vi. Tournament, vii. Venue; viii. Date and time of an event; ix. Country; (the “Digital Properties Personal Data”). |
| Categories of data subjects | The data subjects to whom the DMP Personal Data and the Digital Properties Personal Data relates are Client’s end users. |
| Processing operations performed | As part of the Dynamic Display, Sportradar shall perform the following processing operations: · Collection of the Digital Properties Personal Data via pixels and or other tracking technology integrated throughout the Client’s digital properties (websites/apps). · Storage of the Digital Properties Personal Data in Sportradar’s data management platform. · Aggregation of Digital Properties Personal Data in order to extract information about the most interesting content of Client’s digital properties (websites/apps). · Creation and delivery of personalized advertisement with dynamic content based on (1) interests and/or characteristics of Client’s end users derived from DMP Personal Data and/or Digital Properties Personal Data, (2) the most interesting content on Client’s digital properties (websites/apps) derived from aggregated Digital Properties Personal Data, and/or (3) non-personalized content created independently by Sportradar. · Detailed conversion tracking (e.g. registration started but not finished, registration finished), measurement (e.g. views, clicks), analytics and reporting. |
| Product/Service provided under the Agreement | Paid Social |
| Additional Terms | The Client acknowledges and agree that (i) the provision of Paid Social under the Agreement involves engagement of social media platforms (any application or website through which individuals (internet users) are able to create and share content and find and connect with other individuals, such as Facebook, Instagram, X (formerly Twitter), Snap, TikTok) (the “Social Media Platforms”), (ii) the processing of personal data for the purpose of providing Paid Social under the Agreement is performed exclusively by the Social Media Platforms and any processors, affiliates and subsidiaries they may have, (iii) and the processing of personal data by Social Media Platforms will be performed via technologies and tool offered by Social Media Platforms which enable the collection and transmission of personal data from Client’s digital properties (websites and/or apps) to Social Media Platforms, such as, but not limited to, pixels, conversions APIs, or any other tracking technology as deployed by Social Media Platforms on Client’s digital properties (websites and/or apps) in accordance with the Social Media Platforms’ Terms (the “Social Media Platforms’ Business Tools”). In addition, (i) the Client acknowledges and agree the Social Media Platforms have their terms and conditions, including the data protection agreements and terms, available at: (A) Meta’s T&C as amended from time to time: https://www.facebook.com/legal/terms/businesstools, https://www.facebook.com/legal/terms/dataprocessing, https://www.facebook.com/legal/controller_addendum), (B) TikTok’s T&Cs as amended from time to time: https://ads.tiktok.com/i18n/official/policy/commercial-terms-of-service, https://ads.tiktok.com/i18n/official/policy/advertising-terms, https://ads.tiktok.com/i18n/official/policy/controller-to-controller, (C) Snap’s T&Cs as amended from time to time: https://www.snap.com/en-US/terms/business-services, https://www.snap.com/en-US/terms/data-processing-agreement, and (D) X’s (formerly Twitter) T&Cs as amended from time to time – https://legal.twitter.com/ads-terms/us.html, https://privacy.twitter.com/en/for-our-partners/global-dpa, (together the “Social Media Platforms’ Terms”), that were accepted by Sportradar on behalf of the Client in order to facilitate the performance of the Paid Social under the Agreement, (ii) the Client shall comply with any and all privacy and data protection obligations applicable to Sportradar under the Social Media Platforms’ Terms and (iii) the Client shall provide to Sportradar any and all information necessary to demonstrate compliance with the privacy and data protection obligations under Social Media Platforms’ Terms. |
| Categories of the personal data processed | The personal data processed by the Social Media Platforms as defined in the respective Social Media Platforms’ Terms, includes but is not limited to: a) online identifiers of Client’s end users, such as cookie ID, mobile device ID, IP address and other technical data such as device and browser type and mouse events; b) hashed information about Client’s end users, such as names, date of birth, contact details, user ID; c) information about Client’s end users’ activities on the Client’s digital properties (websites and/or apps), such as team name, odds, match ID, sport; (the “Paid Social Personal Data”). |
| Categories of data subjects | The data subjects to whom the Paid Social Personal Data relates are Client’s end users. |
| Processing operations performed | As part of the Paid Social, Sportradar shall perform the following processing operations: a) creating and/or facilitating the deployment of Social Media Platforms’ Business Tools on the Client’s digital properties (websites and/or apps) in order for the Social Media Platforms to be able to collect the Paid Social Personal Data, b) providing non-personal information to be added to the Paid Social Personal Data collected via the Social Media Platforms’ Business Tools to ensure the effectiveness of the Paid Social. For the avoidance of doubt, the Client acknowledges and agree that Sportradar does not receive or process any Paid Social Personal Data collected by the Social Media Platforms and Social Media Platforms are responsible for creating personalized advertisement, matching, detailed conversion tracking, measurement, analytics, reporting and overall performance of the Paid Social as further described in the applicable Social Media Platforms’ Terms. |
| Product/Service provided under the Agreement | Multi-Touch Attribution |
| Categories of the personal data processed | a) IP addresses, b) Cookie IDs and other online identifiers, tracking cookies and other cookies; c) Device type (unique device identifiers), operating system, browser type, screen resolution; d) Date and time of access of Client’s digital properties (websites, apps) e) Pages visited – before, on and after an end user lands on Client’s digital properties (websites, apps); f) Language used to Client’s digital properties (websites, apps), Client’s content and/or Sportradar’s assets (if applicable), g) Geographic data (including country, region, postal code and/or GPS data (if applicable)); h) Information on the time of day and how often the Client’s end user has been viewing Client’s content and/or using Sportradar’s assets (if applicable); i) Referring URL and domain; j) Mouse events (movements, location, and clicks); k) Conversion data (e.g. registration started but not finished, registration finished); l) If applicable, other data which may be considered to be personal data; (the “MTA Personal Data”). |
| Categories of data subjects | The data subjects to whom the MTA Personal Data relates are Client’s end users. |
| Processing operations performed | a) collection of the MTA Personal Data via pixels or other tracking technology integrated throughout the Client’s digital properties (websites(s), app(s)); b) storage of the MTA Personal Data in Sportradar’s data management platform; c) tracking conversions of Client’s end users (e.g. registration started, registration finished, channels from which end users arrived on Client’s digital properties (website(s), app(s)) etc.), d) creating and providing reports via Sportradar’s platform to the Client to understand its end users’ journeys and to optimize its marketing strategies. |
| Product/Service provided under the Agreement | Optimization |
| Categories of the personal data processed | a) location IDs (IP Address, ZIP/location of retail or terminal unit) of Client’s end users; b) account IDs of Client’s end users; c) device IDs of Client’s end users; d) age and gender of Client’s end users; e) signup date and other real-time and historical information about Client’s end users, such as favorite bet types, favorite sports types; f) bonus information (signup channel, source of acquisition, campaign ID, bonus ID, bonus type, reward type, award type, accepted date, restriction type (bonus, cashout, non withdrawable, etc.), wager requirements, bonus amount related to Client’s end users; g) transaction information (day and time of transaction, transaction ID, transaction type (deposit, withdrawal, etc.), amount, transaction status, payment method) of Client’s end users; h) end user’s account balance, the balance of the end user’s gaming wallet i) web analytics data (impressions, clicks, visits, user journey and click stream, bounces); j) any other personal data as shared by the Client with Sportradar or as otherwise agreed between the Parties; (the “Optimization Personal Data”). |
| Categories of data subjects | The data subjects to whom the Optimization Personal Data relates are Client’s end users and punters. |
| Processing operations performed
| a) processing the Optimization Personal Data, including combining the Optimization Personal Data with other Personal Data processed under this DPA, via Sportradar’s enhanced AI analytics and AI modelling and segmentation and otherwise in order to understand the data subjects value, including retention value and churn probability, which is derived from the profiling of data subjects based on the Optimization Personal Data; b) based on the insights and value derived from the processing of the Optimization Personal Data according to point a), optimization of the marketing strategies and targeting criteria used to provide the Products and/or Services provided under the Agreement; c) detailed conversion tracking and reporting. |
