Data Privacy Policy

As of March 2, 2024

Table of Contents

Controller

Robin Beer
Scharnweberstr. 15
Berlin

Email address: contact@robin-beer.com Imprint: https://www.oscar-predictions.com/imprint

Summary of Processing Activities

The following summary provides an overview of the types of data processed and the purposes of their processing, and refers to the data subjects affected.

Types of processed data

  • Inventory data.
  • Contact data.
  • Content data.
  • Usage data.
  • Meta, communication and process data.

Categories of data subjects

  • Communication partners.
  • Users.

Purposes of the processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Contact requests and communication.
  • Security measures.
  • Reach measurement.
  • Management and response to inquiries.
  • Feedback.
  • Profiles with user-related information.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.

Legal Bases for Processing

Relevant legal bases according to the General Data Protection Regulation (GDPR): Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of these in the data privacy policy.

  • Fulfillment of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate interests (Art. 6(1)(f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations may apply in Germany. This includes in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains in particular special provisions on the right to access, the right to erase, the right to object, the processing of special categories of personal data, processing for other purposes, and the transfer as well as automated decision-making in individual cases, including profiling. Furthermore, it may be possible for the data protection laws of the individual states to apply.

Reference to the GDPR and Swiss Data Protection Act: These data protection notices serve to provide information in accordance with the Swiss Federal Data Protection Act (Schweizer DSG) as well as the General Data Protection Regulation (GDPR). Therefore, please note that due to the broader spatial application and understandability, the terms of the GDPR are used. In particular, the terms “processing” of “personal data,” “legitimate interest,” and “special categories of data” are used instead of the terms used in the Swiss DSG, “processing” of “personal data,” “overriding interest,” and “particularly sensitive personal data.” However, the legal meaning of these terms continues to be determined in accordance with the Swiss DSG as part of the application of the Swiss DSG.

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons.

These measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as controlling access, input, disclosure, availability, and separation of data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to the protection of data. Furthermore, we take data protection into account when developing or selecting hardware, software, and procedures, in accordance with the principle of data protection by design and data protection-friendly default settings.

TLS/SSL encryption (https): To protect user data transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.

Transmission of Personal Data

As part of our processing of personal data, it may happen that the data is transferred to other entities, companies, legally independent organizational units, or individuals or disclosed to them. These recipients of the data may include service providers or providers of services and content, such as those integrated into a website, with IT tasks. In such cases, we comply with legal requirements and, in particular, conclude the necessary contracts or agreements with the recipients of your data to protect your data.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing takes place as part of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this will only be done in accordance with legal requirements. If the level of data protection in the third country has been recognized by a decision of adequacy (Art. 45 GDPR), this decision serves as the basis for the data transfer. Otherwise, data transfers will only take place if the level of data protection is otherwise secured, in particular by means of standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent or if the transfer is necessary for the performance of a contract or the implementation of pre-contractual measures (Art. 49(1) GDPR). Furthermore, we will inform you about the legal basis for the transfer to third countries by the individual providers from third countries, whereby decisions of adequacy are given priority as a basis. Information on third-country transfers and the existence of adequacy decisions can be found in the information provided by the European Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

EU-US Trans-Atlantic Data Privacy Framework: Within the framework of the so-called “Data Privacy Framework” (DPF), the European Commission has also recognized the level of data protection as safe for certain companies from the USA in accordance with the adequacy decision of July 10, 2023. The list of certified companies as well as further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you in the context of this data privacy policy which providers we use have been certified under the Data Privacy Framework.

Rights of Data Subjects

Rights of Data Subjects under the GDPR: You have various rights as a data subject under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising, including profiling insofar as it is related to such direct marketing.
  • Right to withdraw consent: You have the right to revoke your consent at any time.
  • Right of access: You have the right to request confirmation as to whether the data in question will be processed and to be provided with information about this data as well as further information and a copy of the data in accordance with the legal requirements.
  • Right to rectification: You have the right, in accordance with the law, to request the completion of the data concerning you or the rectification of incorrect data concerning you.
  • Right to erasure and restriction of processing: You have the right, in accordance with the law, to request that data concerning you be deleted without delay, or alternatively, to request that the processing of the data be restricted in accordance with the legal requirements.
  • Right to data portability: You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to third parties in a common, machine-readable format, in accordance with the legal requirements.
  • Right to lodge a complaint: You have the right to submit a complaint to a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.

Provision of the Online Offering and Web Hosting

We process user data in order to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Types of data processed: Usage data (e.g., web pages visited, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
  • Data subjects concerned: Users (e.g., website visitors, users of online services).
  • Purposes of the processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computer, servers, etc.); Security measures.
  • Legal basis: Legitimate interests (Article 6(1)(f) GDPR).

Further information on processing procedures, procedures, and services:

  • Collection of access data and log files: Access to our online offering is logged in the form of server log files. Server log files may include the address and name of the web pages and files accessed, date and time of access, data volume transferred, notification of successful access, type and version of the browser, the user's operating system, referrer URL (previously visited page), and typically IP addresses and the requesting provider. Server log files may be used for security purposes, such as preventing server overload (especially in the case of abusive attacks, so-called DDoS attacks), and for ensuring the load capacity and stability of the servers; Legal basis: Legitimate interests (Article 6(1)(f) GDPR).Data retention: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is required for evidentiary purposes is exempt from the deletion until final clarification of the respective incident.
  • Content Delivery Network: We use a content delivery network (CDN). A CDN is a service that helps deliver the contents of an online offering, especially large media files such as graphics or program scripts, faster and more securely using regionally distributed servers connected via the internet; Legal basis: Legitimate interests (Article 6(1)(f) GDPR).

Registration, Login, and User Account

Users can create a user account. As part of the registration, we provide users with the necessary mandatory information and process it for the purpose of providing the user account on the basis of contract fulfillment. The processed data includes, in particular, the login information (username, password, and email address).

In the context of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as the users’ interests in protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users may be informed by email about processes relevant to their user account, such as technical changes.

  • Data types processed: Inventory data (e.g., names, addresses); Contact data (e.g., email, telephone numbers); Content data (e.g., entries in online forms); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
  • Data subjects concerned: Users (e.g., website visitors, users of online services).
  • Purposes of the processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Management and response to inquiries; Provision of our online offering and user-friendliness.
  • Legal basis: Fulfillment of contract and pre-contractual inquiries (Article 6(1)(b) GDPR); Legitimate interests (Article 6(1)(f) GDPR).

Further information on processing procedures, procedures, and services:

  • Registration with pseudonyms: Users may use pseudonyms instead of their real names as usernames; Legal basis: Fulfillment of contract and pre-contractual inquiries (Article 6(1)(b) GDPR).
  • User profiles are not public: User profiles are not publicly visible or accessible.

Contact and Inquiry Management

If you contact us (e.g., by post, contact form, email, telephone, or via social media) or as part of existing user and business relationships, we process the information provided by the inquiring persons to the extent necessary to respond to the inquiry and any requested measures.

  • Data types processed: Contact data (e.g., email, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., web pages visited, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
  • Betroffene Personen: Communication partners.
  • Purposes of the processing: Handling contact inquiries and communication; Management and response to inquiries; Feedback (e.g., collecting feedback via online form); Provision of our online offering and user-friendliness.
  • Legal basis: Legitimate interests (Article 6(1)(f) GDPR); Fulfillment of contract and pre-contractual inquiries (Article 6(1)(b) GDPR).

Further information on processing procedures, procedures, and services:

  • Contact form: When users contact us through our contact form, email, or other communication channels, we process the data provided to us in this context to handle the respective inquiry; Legal basis: Fulfillment of contract and pre-contractual inquiries (Article 6(1)(b) GDPR); Legitimate interests (Article 6(1)(f) GDPR).

Web Analysis, Monitoring, and Optimization

Web analysis (also known as "reach measurement") is used to evaluate the flow of visitors to our online offering and may include pseudonymous values that reflect the behavior, interests, or demographic information of visitors, such as age or gender. With the help of reach analysis, we can, for example, determine at what time our online offering or its functions or content is most frequently visited or invite reuse. We can also understand which areas require optimization.

In addition to web analysis, we may also use test procedures to test and optimize different versions of our online offering or its components, for example.

Unless otherwise stated below, profiles, i.e., data summarized for a user using a pseudonym, are created and information is stored in a browser or device and read from it for these purposes. The information collected may include, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. If users have given their consent to us or to the providers we use to collect their location data, location data may also be processed.

IP addresses of users are also stored. However, we use an IP masking method (i.e., pseudonymization by shortening the IP address) to protect users. In principle, we and the providers of the software we use do not store clear data of the users (such as email addresses or names) during web analysis, A/B testing, and optimization, but only pseudonyms. This means that we and the providers do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

  • Data types processed: Usage data (e.g., web pages visited, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
  • Data subjects concerned: Users (e.g., website visitors, users of online services).
  • Purposes of the processing: Reach measurement (e.g., access statistics, identification of recurring visitors); Profiles with user-related information (creation of user profiles).
  • Security measures: IP masking (pseudonymization of the IP address).

Change and Update of the Data Privacy Policy

Please regularly inform yourself about the content of our data privacy policy. We will adjust the data privacy policy as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this data privacy policy, please note that the addresses may change over time and please check the information before contacting us.