Choose your region

North America
SpanishBrazilian PortugueseEnglish
EuropeAfricaMiddle EastAsia Pacific

How we help

How we help

Products
Sports Data Odds Engagement Tools Live Streams Gaming Products Casino Solutions
Trading & Risk Management
Managed Trading Services Operational Insights
Marketing Services
Acquisition & Awareness Retention & Personalisation
Platforms
ORAKO Platform ORAKO Sportsbook SEVEN Platform SEVEN Sportsbook
Data & Content
Sports Data API Storytelling Tools Sports Insights Broadcast Solutions Editorial & Imagery
Audiovisual Services
Media Rights Production Services OTT Solutions
Marketing Services
Sportradar FanID Sponsorship Engagement Tool
Audiovisual Services
Media Rights Representation Production Services OTT Solutions
Marketing Services
Sportradar FanID Sponsorship Engagement Tool
Synergy Coaching & Scouting
Video Capturing Solutions Coaching Solutions Scouting Tools
Integrity Services
Anti-Match-Fixing Compliance, Risk & Governance Anti-Doping Safe Sport
Regulatory Services

Let us know what you want to achieve

Get in touch with our team and find out what our products and services can do for you.

Contact Us

Content & News

Content & News

Content Hub

Discover the latest Sportradar news, content, case studies, and much more

Find out more

News

Stay up to date on the latest news and media coverage from Sportradar

Find out more

Featured content

Latest Case Study

Case Study: Bilyoner
Latest eBook

eBook: The Integrated Sportsbook

About Us

About Us

About us

Partners & Clients

Locations
Investors

Relations
apis

for developers
Futures Hub

For Scale-Ups

Careers

Contact Us

Dark decorative background Dark decorative background

DATA
COOPERATION
AGREEMENT

Appendix 4 Data Cooperation Agreement

1. Definitions

For the purposes of this Data Cooperation Agreement (the “DCA“) the capitalized terms have the following meanings, unless defined elsewhere in this DCA or in the Agreement:

Approved Jurisdiction” shall mean a country from the European Economic Area (the “EEA“), or other jurisdiction as may be approved as having adequate legal protections for personal data by the European Commission or the UK Government;

Business Day” shall mean any day except any Saturday, Sunday or a public holiday in the respective countries of incorporation of the Parties to this DCA;

CCPA” shall mean the US California Consumer Privacy Act of 2018, as amended from time to time;

Competent Data Protection Authority” shall mean the competent data protection regulator which, by way of example, is the Austrian Data Protection Authority [die österreichische Datenschutzbehörde];

Data Protection Legislation” shall mean all applicable data protection legislation, including the GDPR, the CCPA and any national data protection legislation, and any regulations, guidelines or any other documents issued by a Competent Data Protection Authority, each as amended from time to time;

EU Standard Contractual Clauses” shall mean the standard contractual clauses for the transfer of personal data approved by the European Commission, available here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en;

GDPR” shall mean Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as amended from time to time;

MTS Personal Data” shall have the meaning given to it in clause 3.1. of this DCA;

Marketing Services Personal Data” shall have the meaning given to it in clause 5.1. of this DCA;

BSS Personal Data” shall have the meaning given to it in clause 6.1. of this DCA;

’Live-booking Calendar Personal Data’’ shall have the meaning given to it in the clause 7.1. of this DCA;

UK Addendum” shall mean the international data transfer addendum to the EU Standard Contractual Clauses issued by the UK Information Commissioner’s Office, as amended from time to time;

UK IDTA” shall mean the international data transfer agreement issued by the UK Information Commissioner’s Office, as amended from time to time.

For the purposes of this DCA the terms “controller”, “joint controllers”, “business”, “processor”, “service provider”, “data subject”, “personal data”, “personal information”, “process”, “processing” and “data breach” shall have the meanings attributed to them in the Data Protection Legislation.

2. Purpose of the Data Cooperation Agreement

2.1. The purpose of the DCA is to determine the roles and responsibilities of the Parties during the provision of the Services under the Agreement in order to ensure the Parties´ compliance with the applicable Data Protection Legislation.

2.2. This DCA shall apply if and only to the extent that the Customer choses in the Agreement any or all of the following Services:

a) Managed version of Sportradar’s Managed Trading Services:
b) Betting Stimulation Services,
c) Marketing Services,
d) any other Services that require access to Sportradar’s Live-booking Calendar through which the Customer selects those other Services.

For the avoidance of doubt, clauses in this DCA regarding a Service mentioned above shall not apply if the Customer did not chose that service in the Agreement.

2.3. For the purpose of the DCA, the Parties shall act as:

a) joint controllers under the GDPR or businesses under the CCPA with regards to the MTS Personal Data, and
b) Customer shall act as data controller under the GDPR or business under the CCPA and Sportradar as data processor under the GDPR or service provider under the CCPA with regards to the Marketing Services Personal Data, BSS Personal Data and Live-booking Calendar Personal Data.

3. MTS Personal Data

3.1. If the Customer choses in the Agreement managed version of Sportradar’s MTS, the Parties shall enjoy joint controllership over the following categories of personal data of the following data subjects in the course of their commercial relationship:

(a) personal data of Customer´s end users shared between the Parties that is necessary for the Ticket Integration and which includes but is not limited to the personal data contained within the list attached to the Agreement as Appendix 2 (e.g. date/time of each bet, account ID, language, device ID, location (location ID – IP address, ZIP/location of retail or terminal unit), sport, tournament, match, bet´s currency, etc.);
(b) in case of suspicious activity – and only if mutually agreed – any additional personal data of Customer´s end users shared between the Parties for fraud detection and prevention purposes (e.g. name, address, telephone number, date account open, IP address usage (i.e. if the bets are continuously coming from a specific IP address), betting history of an end user, etc.);

(the “MTS Personal Data”).

3.2. The processing of the MTS Personal Data shall consist of:

(a) risk management of the Customer´s bookmaking services;
(b) in case of suspicious activity – and only if mutually agreed – for fraud detection and prevention.

4. Obligations of the Parties regarding MTS Personal Data

4.1. Rights of the Data Subjects

4.1.1. The Parties shall cooperate in responding to data subjects’ requests to exercise rights under the Data Protection Legislation to:
a. to access, rectification, erasure and object;
b. to restriction of processing;
c. to data portability;
d. in relation to automated decision making and profiling,
e. opt out of the sale of the personal information.

4.1.2. The Parties agree that the responsibility for complying with a data subject request falls to the Customer. The Parties agree to provide reasonable and prompt assistance to each other (within 5 (five) Business Days of such request for assistance) as is necessary to enable them to comply with data subject requests and to respond to any other queries or complaints of any kind whatsoever from data subjects.

4.2. Information Duty

4.2.1. The Customer shall be responsible to inform the data subjects about the MTS Personal Data collection and processing under this DCA and shall obtain any consent of data subjects (where necessary) as required under the Data Protection Legislation. The Customer shall, in respect of the MTS Personal Data, ensure that its privacy notices and any other form of communication relating to the collection and processing of the MTS Personal Data are clear and provide sufficient information to the data subjects in order for them to understand what of their personal data is collected and shared with other recipients, the circumstances in which it will be shared and the purposes for the data sharing. In particular, the Customer shall include in its privacy notices an explicit reference to Sportradar as an entity with whom their personal data is shared for the purposes under this DCA.

4.3. Complaints

4.3.1. In the event of a dispute or claim brought by a data subject or a Competent Data Protection Authority concerning the processing of the MTS Personal Data against either or both Parties to this DCA, the Parties shall inform each other about any such disputes or claims without delay and shall cooperate with a view to settling them amicably in a timely manner.

5. Marketing Services Personal Data

5.1. If the Customer choses in the Agreement the Marketing Services, Sportradar shall process on behalf of the Customer some or all of the following types of personal of the following data subjects and collected as part of the Ticket Integration:

a) Location IDs (IP Address, ZIP/location of retail or terminal unit) of the Data Controller´s end users
b) Account IDs of the Data Controller´s end users,
c) Device ID of the Data Controller´s end users,
d) Age o of the Data Controller´s end users,
e) Gender of the Data Controller´s end users,
f) Signup date of the Data Controller´s end users,
g) Real-time and historical information about of the Data Controller´s end users,
h) Bonus information (signup channel, source of acquisition, campaign ID, bonus ID, bonus type, reward type, award type, accepted date, restriction type (bonus, cashout, non withdrawable, etc.), wager requirements, bonus amount,
i) Transaction information (day and time of transaction, transaction ID, transaction type (deposit, withdrawal, etc.), account ID of Data Controller´s end users, amount, transaction status, payment method,
j) Web analytics data (impressions, clicks, visits, bounces),

(the “Marketing Services Personal Data”).

5.2. The processing of the Marketing Services Personal Data shall consist of:

a) analysing via AI real-time and historical information about each end user (Favorite Bet types, Favorite Sport types, average stakes, etc.)
b) serving the end user with:
1) if applicable, personalized content based on analyzed player life time value of each end user in order to define the best acquisition/retention strategy and to recommend the best promotion/bonus to provide to each end user (e.g. suitable promotions),
2) if applicable, personalized content based on analysed data in order to provide personalized betting recommendations to each end user (e.g. betting recommendations/up-sell),
c) based on the analysed information according to the point a), providing to the Data Controller predictions on the end user´s value and inactivity.

6. BSS Personal Data

6.1. If the Customer choses in the Agreement Betting Stimulation Services, Sportradar shall process on behalf of the Customer some or all of the following types of personal data of the following data subjects:

a) IP addresses and geolocation of Customer´s end users;
b) Geolocation;
(the “BSS Personal Data”).

6.2. The processing of the BSS Personal Data shall consist of:

a) collection and processing of IP addresses and geolocation of Customer´s end users in order:
i. to perform analytics (to control and develop the Services);
ii. to ensure security and for debugging; and
iii. to verify that the end user is from an allowed country or if applicable from an allowed subdivision or region of a country;

7. Live-booking Calendar Personal Data

7.1. If the Customer choses in the Agreement other Services that require access to Sportradar’s Live-booking Calendar through which the Customer selects those other Services, Sportradar shall process on behalf of the Customer some or all of the following types of personal data of the following data subjects:

a) IP addresses, names, email addresses, user IDs, usernames of Customer´s employees;
(the “Live-booking Calendar Personal Data”).

7.2. The processing of the Live-booking Calendar Personal Data shall consist of:

a) collection and processing of IP addresses, names, email addresses, user IDs and usernames of Customer´s employees in order to:
i. to manage access to Sportradar´s portals;
ii. to create and provide changelogs with autobooking rules and history.

8. Sportradar´s obligations regarding Marketing Services Personal Data, BSS Personal Data and Live-booking Calendar Personal Data

8.1. Sportradar shall process the Marketing Services Personal Data, the BSS Personal Data and Autobooking Calendar Personal Data on behalf of the Customer in accordance with this DCA and only for the business purpose of provision of the Services under the Agreement.

8.2. Sportradar shall process the Marketing Services Personal Data, the BSS Personal Data and Live-booking Calendar Personal Data in accordance with the instructions of the Customer and in compliance with the Data Protection Legislation. Sportradar shall immediately notify in writing the Customer if Sportradar believes that any of the instructions of the Customer violate the Data Protection Legislation. For the avoidance of doubt, this notification obligation shall not mean that Sportradar is obliged to perform a comprehensive legal examination with respect to Customer´s instructions.

8.3. Sportradar shall keep a written record of all categories of processing operations carried out on behalf of the Customer in accordance with the Data Protection Legislation.

8.4. Sportradar shall not disclose the Marketing Services Personal Data, the BSS Personal Data and Live-booking Calendar Personal Data to third parties, unless with the express prior written consent of the Customer or when legally required. For the avoidance of doubts, Sportradar´s affiliates, subsidiaries or subprocessors/service providers shall not be considered third parties.

Sportradar may disclose the Marketing Services Personal Data, the BSS Personal Data and Live-booking Calendar Personal Data to other processors working for the Customer, pursuant to the Customer’s instructions. In this case, the Customer shall identify, in writing and in advance, the entity the Marketing Services Personal Data, the BSS Personal Data and Live-booking Calendar Personal Data shall be disclosed to, the Marketing Services Personal Data, the BSS Personal Data and Live-booking Calendar Personal Data to be disclosed, and the security measures to be applied for the disclosure.

8.5. The Customer authorises Sportradar to appoint – and permit each sub-processor appointed in accordance with this clause to appoint – sub-processors.

Sportradar may continue to use those sub-processors already engaged by Sportradar as at the date of this DCA.

If any processing operation shall be subsequently subcontracted, Sportradar shall notify in writing the Customer 10 (ten) Business Days in advance, indicating the processing operations to be subcontracted and clearly and unequivocally identifying the subcontractor and its contact details. If, within 10 (ten) days of receipt of the notice, the Customer notifies Sportradar in writing of any objections on reasonable grounds to the proposed appointment:

a. Sportradar shall work with the Customer in good faith to make available a commercially reasonable change in the provision of the data processing services agreed under the DCA;

b. where such a change cannot be made within 90 (ninety) days as of the receipt of the Customer´s notice by Sportradar, the Customer may, by written notice to Sportradar, terminate with immediate effect the Agreement to the extent that it relates to the services which require the use of the proposed sub-processor and this termination right is Customer´s sole and exclusive remedy if the change cannot be made.

Sportradar shall only engage a sub-processor under a written contract that provides similar level of protection as this DCA.

8.6. Sportradar guarantees that the individuals authorised to process the Marketing Services Personal Data, the BSS Personal Data and Live-booking Calendar Personal Data have the necessary data protection training.

8.7. Sportradar shall assist the Customer in meeting its obligations in relation to data subjects’ requests to exercise rights under the Data Protection Legislation, e.g.: (i) to access, rectification, erasure and object; (ii) to restriction of processing; (iii) to data portability; (iv) in relation to automated decision making and profiling and (v) to opt out of the sale of personal information. The Customer shall reimburse Sportradar for all reasonable costs and expenses incurred with regard to such assistance.

When data subjects exercise their rights under items under the Data Protection Legislation before Sportradar, Sportradar shall notify the Customer immediately but in any event not later than 5 (five) Business Days following the receipt of the request. The notification shall be accompanied, where appropriate, by other information that may be relevant to resolve the request.

8.8. Sportradar shall support the Customer in sending prior consultations to Competent Data Protection Authorities, when appropriate.

8.9. Sportradar shall support the Customer in conducting data protection impact assessments, when appropriate.

8.10. Sportradar shall provide the Customer with all the information necessary to demonstrate compliance with its obligations under the Data Protection Legislation and shall allow audits and inspections to be carried out by an independent auditor mutually agreed by the Customer and Sportradar, at the cost of the Customer. Such audit and inspections may only be undertaken once per calendar year on a reasonable prior notice during normal business hours. Sportradar shall give all necessary assistance to the conduct of such audits and inspections.

8.11. Sportradar shall promptly delete all the Marketing Services Personal Data, the BSS Personal Data and Live-booking Calendar Personal Data from its systems in accordance with its internal retention policy, unless and to the extent that Sportradar is required to retain copies in accordance with the applicable law.

9. Customer´s obligations regarding the Marketing Services Personal Data, the BSS Personal Data and Live-booking Calendar Personal Data

9.1. Customer shall comply with all applicable requirements of the Data Protection Legislation and shall notify Sportradar of any relevant changes to the Data Protection Legislation that may have impact on the processing of the Marketing Services Personal Data, the BSS Personal Data and Live-booking Calendar Personal Data.

9.2. The Customer shall provide or otherwise make available the Marketing Services Personal Data, the BSS Personal Data and Live-booking Calendar Personal Data to Sportradar and shall not instruct Sportradar to process the Marketing Services Personal Data, the BSS Personal Data and Live-booking Calendar Personal Data in violation of the Data Protection Legislation.

9.3. The Customer shall, at the time when the Marketing Services Personal Data, the BSS Personal Data and Live-booking Calendar Personal Data is obtained, provide the data subjects with all information about the collection and processing of the Marketing Services Personal Data, the BSS Personal Data and Live-booking Calendar Personal Data and (where necessary) obtain unambiguous consent of data subjects as required by the Data Protection Legislation.

9.4. The Customer shall conduct any relevant data protection impact assessments and prior consultations with respect to the processing operations to be carried out by Sportradar.

9.5. The Customer shall ensure that Sportradar complies with the Data Protection Legislation prior to and during processing of the Marketing Services Personal Data, the BSS Personal Data and Live-booking Calendar Personal Data .

9.6. The Customer shall supervise the processing operations performed by Sportradar. The Customer may issue instructions about the type, scope and method of processing of the Marketing Services Personal Data, the BSS Personal Data and Live-booking Calendar Personal Data in writing.

10. Term and Termination

10.1. This DCA shall be bound to the term of the Agreement.

11. Data Security

11.1. The Parties to this DCA shall implement appropriate technical and organisational measures to:
a. ensure a level of security appropriate to the risk involved to protect all personal data from unauthorized use, alteration, access or disclosure, and loss, theft, and damage;
b. ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
c. restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
d. test, assess and evaluate the effectiveness of technical and organisational measures implemented for ensuring the security of the processing of the personal data;
e. pseudonymise and encrypt the personal data, as appropriate;
f. prevent a personal data security breach.
11.2. The Parties to this DCA shall keep accurate records of the security measures which they have in place and shall make such records available to the other Party upon request.

12. Data Breach

12.1. The Parties to this DCA shall notify any potential or actual losses of any personal data processed under this DCA to the other Party as soon as possible and, in any event, within 3 (three) Business Days of identification of any potential or actual loss in order to consider what action is required to resolve the issue in accordance with the Data Protection Legislation.

13. Confidentiality

13.1. The Parties to this DCA shall maintain the duty of secrecy regarding any personal data processed under this DCA, even after the termination of the Agreement.

13.2. The Parties to this DCA guarantee that the individuals authorised to process any personal data under this DCA expressly undertake in writing to respect confidentiality and to comply with the relevant security measures, of which they must be duly informed.

13.3. For the avoidance of any doubt, Parties to this DCA acknowledge and agree that they may share the MTS Personal Data, the Marketing Services Personal Data, the BSS Personal Data and Live-booking Calendar Personal Data with their affiliates, subsidiaries, processors and subprocessors for the purpose of providing the Services under the Agreement.

14. International Data Transfers

14.1. The Customer acknowledges and agrees that Sportradar may transfer MTS Personal Data, Marketing Services Personal Data, BSS Personal Data and Live-booking Calendar Personal Data outside the EAA and the UK (the “International Data Transfer“) subject to the International Data Transfer be made in compliance with the requirements under the Data Protection Legislation, i.e. (1) to an Approved Jurisdiction, or (2) subject to the EU Standard Contractual Clauses, the UK Addendum and/or the UK IDTA, where applicable, or (3) subject to other legal mechanisms for personal data transfer.

14.2. If Sportradar shall transfer Personal Data to a third country or international organisation, pursuant to applicable European Union or Member State law, Sportradar shall inform the Customer of that legal requirement beforehand, unless the law prohibits this on important grounds of public interest.

15. Use of de-identified and aggregated data

15.1. The Customer acknowledges and agrees that Sportradar shall have the right to use de-identified and/or aggregated data related to or obtained in connection with Services provided under the Agreement for its legitimate internal business purposes, such as analytics, reporting, and to improve, benchmark and develop its internal products and services.

16. Indemnity and Limitation of Liability

16.1. Each party (the “Indemnifying Party”) shall indemnify and hold harmless the other party (the “Indemnified Party”) in respect of all costs, claims, fines, losses, damages or expenses incurred by the Indemnified Party, or for which the Indemnified Party may become liable, due to any failure by the Indemnifying Party to comply with any of its obligations set out in this DCA.

16.2. To the fullest extent permitted by law, neither Sportradar nor any of its affiliates, shall be liable to the Customer under or in connection with this DCA for any indirect, special or consequential losses or damages, loss of business or good will, profit or revenue. Sportradar´s total aggregate liability arising out of or in relation to this DCA, whether the liability arises because of a breach of contract, negligence or for any other reason, shall be strictly limited to the amount of fees actually paid by the Customer under the Agreement during the 12 (twelve) months preceding the event giving rise to the damages.

17. Contact Point

Each Party shall nominate the following contact person within their organisation who can be contacted in respect of queries, complaints or notifications of any kind whatsoever regarding this DCA or the Data Protection Legislation:

For the Sportradar:
Name and Position: Stefano Celardo (Data Protection Officer)
Tel.: +43 1 256 31 41 548
E-mail: [email protected]

For the Customer:
As per the Main Agreement

18. Miscellaneous

18.1. In the event of any conflict between the terms of this DCA, any provision of the Agreement and any other agreement between the Parties, this DCA shall take precedence solely with respect to any data protection matters.

18.2. This DCA shall be governed by and construed in accordance with the Austrian laws.

18.3. All disputes arising out of or in connection with this DCA shall be subject to the exclusive jurisdiction of the Austrian court(s).

18.4. The provisions of this DCA are severable. If any phrase, clause or provision is invalid or unenforceable in whole or in part, such invalidity or unenforceability shall affect only such phrase, clause or provision and the rest of this DCA shall remain in full force and effect.

18.5. Sportradar may make changes to this DCA at any time by giving 30 days´ written notice to the Customer. The changes to the DCA will not apply retroactively.

Contact Decorative Stadium background

GET IN TOUCH WITH OUR TEAM

Contact us