Privacy Policy

Version: 01.12.2020

The FanID  website under www.me.fan ("Website") is operated by Intakt Beratung GbR, Am Spring 1, 31241 Ilsede, privacy@me.fan (hereinafter "Intakt"). For further details please see our imprint.

With this Privacy Policy we inform you about how we process your personal data when you access our website Website or otherwise interact with us and your rights in this respect.

1. Purposes of the data processing

1.1. Account registration

We process your data in order to create a user account on our Website. This includes, in particular, your e-mail address, phone number, a username a password and the FanID ("Account Data").  The "FanID" is a unique identifier which is created during the registration of your account.

Legal basis: Art. 6 (1) lit. b) GDPR.

1.2. Using the FanID / single sign-on

Our Website allows you to manage accounts for different fan engagement websites and provides a single sign-on service to access those accounts. Once you created an account on our Website and are granted a FanID, you can choose from various fan engagement projects and connect them with your FanID. We share your Account Data with those projects you authorize, meaning that the FanID is the single and unique place to use to interact with your fan engagement projects. 

We also manage the data with which so-called "Club Tokens" can be managed. These are a kind of virtual currency which can be used within fan engagement projects. Club Tokens are based on a so-called blockchain, a distributed ledger technology which is characterized by storing data on distributed node computers ("Nodes"). All Nodes re operated by us. The Club Tokens are linked to a public identifier on the blockchain which we connect to your account. The blockchain contains the entire transaction chain of all Club Tokens. The information on the blockchain including this public identifier and transaction data cannot be deleted or modified, but we can delete the link to this public identifier in your account, making the public identifier stored on the blockchain anonymous. See section 2.3 for more information on such blockchain.

The legal basis to process your data to provide the FanID services is Art. 6 (1) lit. b) GDPR).  

1.3. Accessing the Website 

Each time you access our Website or your device otherwise establishes an internet connection with our servers, your device transfers a couple of data to us which we store in our logfiles. This data may include:

browser type and browser version

operating system used

internet service provider 

the IP address 

hostname of the accessing computer

time of the server inquiry

websites from which you reach our solution (so-called referrer)

websites accessed 

bytes transferred

access status

We process such data temporarily to provide you with the requested content (Art. 6 (1) lit. b) GDPR) and we store and process such data for a period of ten days (unless an unusual incident requires a longer storage period (e.g. after a hacker attack)) for security reasons in order to identify potential attacks on our systems and optimize our systems (Art. 6 (1) lit. f) GDPR). Thereafter, this data is being anonymized.

1.4. Contacting us

When you send us an e-mail or otherwise contact us, for example through our ticket system on our Website, we process the personal data you provided us with, for example to answer your e-mail. We also process your data when you participate in campaigns on our social media channels (Facebook etc.) or send us inquiries or comments.

Legal basis: Art. 6 (1) lit. b) GDPR.

1.5. Use of cookies and related data processing (website optimization, analysis, advertising)  

We use cookies (small text files placed on your browser) and similar technologies such as pixel tags (hereinafter referred to as “Cookies”). 

1.5.1. Essential Cookies 

Essential Cookies are necessary for the website to function properly by providing basic features such as page navigation, access to secure areas of the website or language settings. Legal basis is Article 6 (1) lit. b) GDPR. We store these essential Cookies for up to one year. 

1.5.2. Website optimization and analysis 

Based on your consent, we set Cookies and analyze how you're using our websites. This way, we collect information about how well certain services are received and we can adjust and improve them as well our websites. Your IP address will be truncated and thus anonymized before being used for analysis purposes. 

Legal basis: Article 6 (1) lit. a) GDPR.

You may withdraw your consent with effect for the future at any time here [link].

1.6. Other

Where you give us your consent for processing your personal data, Article 6 (1) lit. a) GDPR serves as the legal basis. You can withdraw your consent at any time with effect for the future.

Article 6 (1) lit. b) GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This shall also apply to processing operations necessary for the implementation of pre-contractual measures.

We might process your personal data insofar as it is necessary for the fulfilment of a legal obligation to which our company is subject (e.g. accounting, commercial and tax law), court orders or other binding decisions of public authorities (Article 6 (1) lit. c) GDPR).

If necessary, we process your personal data to satisfy our legitimate interests (Art. 6 (1) lit. f) GDPR), including the following: 

participation in conferences and events, using business cards, etc., in case we see interesting business opportunities and you have provided us with such information,

to complete a corporate transaction (e.g., corporate restructuring, sale or assignment of assets, merger), 

to protect, enforce and defend our rights, property and interests.

2. Data transfers

We may share personal information with third parties. 

2.1. Reporting obligations 

In order to protect our rights or the rights of third parties, we may disclose data to rights holders, consultants, courts and authorities in accordance with legal provisions. 

2.2. Service providers (processors)

We work with service providers who assist us in providing our services, in particular:

sms.at mobile internet services gmbh, Graz, Austria 

The Rocket Science Group LLC d/b/a Mailchimp, Georgia, USA

These service providers process data solely on behalf of, according to our instructions and under the control of us and only for the purposes described in this Privacy Policy.

2.3. Transfer to third parties 

We transfer data to contractual partners who process data under their own responsibility and for their own purposes in particular:

We transfer your Account Data to third-party fan engagement providers if you have authorized their app in your FanID account.

The blockchain necessary for the Club Tokens is only operated by us. Since the blockchain is publicly accessible, third parties may also be able to view information on the Club Tokens, such as a unique identifier associated with your Club Tokens. However, only Intakt is currently able to link this identifier with your Account Data. This may change as soon as Club Tokens can be traded (see section 4.2 of the Terms of Use) and you make your identifier stored on the blockchain publicly available together with other data that identifies you.

 The data is transferred for the purposes described in this Privacy Policy. 

2.4. Social plugins and other third-party content

We have not implemented any tools by which information is automatically transferred to the provider of social media services when you visit our website ("Social Plugins"). 

Any forwarding to social media providers such as YouTube, Facebook, etc. takes place exclusively once you have clicked on a link or a disabled Social Plugin, so that data about your visit to our services (e.g., IP address) or data available on your end device (e.g., information stored in Cookies) is only transmitted to the respective providers when this function is actively used. 

2.5. Transfer to recipients outside the EEA

We might transfer personal data to recipients located outside the European Economic Area (EEA) into so-called third countries, for example service providers or authorities. In such cases, prior to the transfer, we ensure that the data recipient provides an appropriate level of data protection (e.g. due to a decision of adequacy by the European Commission for the respective country (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en), due to an agreement based on so-called EU standard contractual clauses with the recipient (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=en) or due to other appropriate safeguards).

3. Retention of Personal Data

We will store your personal data as long as it is necessary for the respective purposes, which is usually to provide the services you have requested. For example, we store your Account Data until you delete your account. In some cases, we are obliged to store your data for longer in order to comply with statutory retention periods.  

If we process data on the basis of legitimate interests (Art. 6 (1) lit. f) GDPR), these will be stored until you object to the processing or until your legitimate interests prevail.

We have specified retention periods for certain processing purposes. 

4. Your Rights

4.1. General Rights

You can request information about your stored personal data. If you have provided personal data based on a contract or consent, you have the right to receive this data in a commonly used and machine-readable format. 

In addition, you can also request the deletion, rectification or restriction of the processing of your data in certain cases. 

You can withdraw your consent at any time with future effect. 

If your personal data are transferred to a country outside the EU that does not offer adequate protection, you can request a copy of the contract or other means that ensure adequate protection of personal data. 

You also have a general right to complain to us or a supervisory authority in particular in the member state of your residence, place of work or place of suspected infringement of our data processing. The supervisory authority responsible for Intakt is:

Die Landesbeauftragte für den Datenschutz Niedersachsen Prinzenstraße 5 30159 Hannover

4.2. Right to object

To the extent we base the processing of your personal data on our legitimate interests  (Art. 6 (1) lit. f) GDPR, you may object to such processing at any time. In this case, we will not process such personal data any longer, unless our interests prevail. You can object to the use of data for direct marketing purposes at any time without a weighing of interests. 

4.3. Contacting us 

In order to exercise the aforementioned rights, please contact us directly in writing or via e-mail under privacy@me.fan.

Note: We may change our Privacy Policy from time to time by publishing it here. Please check this Privacy Policy regularly.

***