In this Privacy Policy you will learn:
This Privacy Policy applies to your use of the “CUJU” App (the “App”).
Controller for the purposes of the GDPR, other data protection laws applicable in member states of the European Union and other provisions related to data protection is: ROGON Technologies GmbH Mahlastrasse 21, D-67227 Frankenthal, Germany
Represented by: (Managing Director) Roger Wittmann
Register Court and -number: Ludwigshafen HRB 66189
Contact: Email: hello@cuju.pro, Phone: +49 6233 304280
You can contact the Data Protection Officer appointed by us at:
comp/lex – Datenschutzbeauftragte (Data Protection Officers)
Dr. Jochen Notholt, German-qualified Lawyer (“Rechtsanwalt“)
Lindwurmstrasse 10, D-80337 Munich, Germany
Contact: Email: dsb@comp-lex.de, Phone: +49 89 41614295-0
Unless this Privacy Policy contains or implies a different definition, reference is made to the definitions in Art. 4 GDPR with regard to the terms used.
If you want to use the CUJU Service we provide via the App, you must register at our CUJU Service. Please see for more information our Terms of Service in the App. (To reach the Terms of Services, return to menu and click on “Terms and Services”). Whenever you register for and use our online platform, certain personal data is transmitted to us or collected and stored directly by us as part of the registration process:
You can also use an alias or a nickname. We need that information in order to create your account with us; the legal basis is Art. 6 (1) lit. b GDPR. We use Amazon Web Services / AWS (Amazon Web Services EMEA S.à.r.l., 38 Avenue John F. Kennedy L-1855 Luxemburg) as a hosting service provider. In this respect, all uploads that are processed by us in the context of your use of CUJU are processed on the systems of AWS. Servers or systems at the server location Frankfurt, Germany, are used to process personal data. In the course of using the services of AWS, data may nevertheless be also transferred to Amazon Web Services Inc. in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. We have agreed to the EU standard contractual clauses with AWS https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. The legal basis for the transfer is Art. 46 (2) lit. c GDPR. The processing of this data is necessary for the use of the CUJU Service. If you do not wish to share this data with us, we will not be able to offer you the CUJU Service.
The indication of further personal data, such as:
is wholly voluntary. The processing of the data that you voluntarily provide us serves to shape your personal CUJU experience. The legal basis for this processing of personal data is also Art. 6 (1) lit. b GDPR.
In order to facilitate your registration on our website and in the mobile apps, you have the option to register through the so-called single sign-on solution at the beginning of the registration process via:
‘Single sign-on’ or ‘single sign-on authentication’ are procedures that allow users to log in to a provider of single sign-on procedures (e.g. a social network), including our online offer, with the help of a user account.
As a user, you must either register with the respective single sign-on provider and enter the required access data in a designated online form, or you must already be registered with the single sign-on provider and confirm the single sign-on registration via a button.
The data protection and terms of use of the respective providers apply to registration and use. Your account details are always entered directly on the provider's server. We do not see your account details. The respective providers will inform you whether and which data from your social media account will be made accessible to us.
If you have expressly given your consent to the respective provider (Google, Instagram/Meta) in accordance with Art. 6(1)(a) of the GDPR, your personal data (first name, last name, email address) will be provided to us as part of the registration via the provider.
You can cancel the connection within your account with the respective provider.
For the purpose and scope of the data collection and the further processing and use of the data by the respective provider (Google, Instagram/Meta) as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection notices of Google, Instagram/Meta.
The respective provider is responsible under data protection law for the respective single sign-on solution. The data provided to us by the provider is used to set up your user account and to check the plausibility of the data entered.
The user's data will be deleted upon deletion of the user account. The legal basis for the processing is the implementation of the user relationship between us and the users, the consent of the users pursuant to Art. 6(1)(a) of the GDPR, or our interest and that of the users to securely authenticate access through established services, Art. 6(1)(f) of the GDPR.
AppleID Single Sign-On: Authentication service; Service provider: Apple Operations Europe, Holly Hill Industrial Estate, Holly Hill, Cork, Ireland; Parent company: Apple Inc, One Apple Park Way, Cupertino, CA 95014, USA; Website: https://www.apple.com; Privacy policy: https://www.apple.com/de/legal/privacy/data/de/apple-id.
Google Single Sign-On: Authentication service; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.google.com; Privacy policy: https://policies.google.com/privacy; Opt-out: Settings for the display of advertisements: https://adssettings.google.com/authenticated.
TikTok Single Sign-On: Authentication service; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland; Parent company: Bytedance Ltd, P.O. Box 31119 Grand Pavilion, Hibiscus Way, 802 West Bay Road, Grand Cayman, KY1 - 1205 Cayman Islands; Website: https://www.tiktok.com; Privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en.
Instagram/Facebook Single Sign-On: Authentication service; Service provider: https://www.facebook.com, Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Parent company: Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Opt-out: https://www.facebook.com/settings?tab=ads.
When you access our App we collect some information such as:
When using these access data and information, the CUJU Service does not draw any conclusions about the data subject. Rather, this information is needed to deliver the content of our CUJU Service correctly, optimize the content of App, ensure the long-term viability of our information technology systems, and provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the CUJU Service analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject. We do that in order to make the CUJU Service accessible for users; the legal basis is Art. 6 (1) lit. b GDPR.
We may also collect information you voluntarily add to your profile, such as city and country, your height, weight, preferred foot, nationality, place you live, club history and your preferred position. This enables you to create your personal football identity. Via your profile and with the data in your public profile you also become visible for other users, which means that this information helps other users to find you.
While using our App, you are further invited to publish specific information e.g.:
You can decide for yourself whether and which data you want to publish there. Your indication of personal data while using the CUJU Service is wholly voluntary.
Certain information about you may be publicly available to other users of the CUJU Service by default (i.e. your name, your profile picture). No information about you will be available to internet users that are not registered users of the CUJU Service.
The App also provides you the possibility to follow other users (via the button “Follow”). For this purpose, you can search for other users by the name registered in the public profile.
Information such as your profile, may be re-shared or linked to by others on the CUJU Service.
The processing of the data serves to perform our contractual obligations. The legal basis for this processing of personal data is Art. 6 (1) lit. b GDPR.
You can also optionally share an email address, phone number or Instagram handle with CUJU, for us to contact you regarding competitions, events or getting in touch with a scout. This information will not be visible to any other app users and only be available to authorised CUJU employees.
The processing of contact data is legally justified by consent. The legal basis for processing this data is Art. 6 (1) lit. a GDPR.
The data you provide us when participating in a Challenge in the form of videos will also be used to express your individual performance within the scope of a Score. This Score will be displayed to you and other users within your profile. CUJU can also give you virtual Badges based on your Score. These Badges will also be published in your profile.
To calculate your Score we use artificial intelligence, which evaluates the videos and thus calculates your Score based on your individual performance. For these purposes the following data will be processed by the CUJU Coach:
In case you do not have an own device to record your videos, you can have your Videos uploaded with the help of a CUJU Coach. For that the CUJU Coach will send you a request in the CUJU App which you can accept or decline. If you accept the request, the CUJU Coach can see your current progress, your public profile information and can record your Challenge Videos and upload them into your profile. The CUJU Coach can access all Videos in your profile, that were recorded by him/her. Videos that you recorded yourself cannot be accessed by the CUJU Coach. To manage multiple players we allow the CUJU coach to create an additional short note about you.
For this processing of personal data we need your consent, which you gave us during registration. The legal basis for this processing of personal data is Art. 6 para. 1 lit. a GDPR.
You can upload Videos of your training progresses on CUJU. The legal basis for the processing is Art. 6 (1) 1 lit. b GDPR.
In this context, we transmit the following data to AWS:
Your entered profile data (including your body height and all other data entered during registration) and the recorded video.
We use Amazon Web Services / AWS (Amazon Web Services EMEA S.à.r.l., 38 Avenue John F. Kennedy L-1855 Luxemburg) as a hosting service provider. In this respect, all uploads that are processed by us in the context of your use of CUJU are processed on the systems of AWS. Servers or systems at the server location Frankfurt, Germany, are used to process personal data. In the course of using the services of AWS, data may nevertheless be also transferred to Amazon Web Services Inc. in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. We have agreed to the EU standard contractual clauses with AWS https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. The legal basis for the transfer is Art. 46 (2) lit. c GDPR. The processing of this data is necessary for the use of the CUJU Service. If you do not wish to share this data with us, we will not be able to offer you the CUJU Service.
We will store this data for the period that you use the CUJU Service.
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
We use Google Firebase Cloud Messaging as a service for the secure sending of mobile notifications (so-called Push Notifications), which inform the user about e.g. new events. To send you push notifications your Firebase Installation ID and the push token of your device is stored.e You find information about the functionality of Cloud Messaging and the collected device data: https://firebase.google.com/support/privacy#crash-stored-info
Firebase is a Google company and part of the Google Cloud Platform. We therefore transmit the data listed above to Google Firebase in the USA (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). During the transmission process, your IP address becomes known to the service. The data may be stored on servers in the USA.
We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. We have agreed to the EU standard contractual clauses with Google Firebase https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en . The legal basis for the transfer is Art. 46 (2) lit. c GDPR.
Push-Notifications are only sent to you after your consent, the legal bais is Art 6 (1) lit a GDPR. The legal basis for gathering data as for example the time stamp, push-token and device ID is Art 6 (1) lit b GDPR.
We use Pushy LLC, 30 N Gould St Ste R, Sheridan, WY, 82801, USA, as a service for the secure sending of mobile push notifications (so-called Push Notifications), which inform the user about e.g. new events. To send you push notifications your Android ID and device related data such as device manufacturer name are stored. The service is located in the USA and personal information may be transferred to, stored, and processed in facilities in the United States. We would like to point out that , in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. Your personal data is processed based on a data processing agreement. We have agreed to the EU standard contractual clauses with Pushy LLC https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-ssc_en. The legal basis for the transfer is Art. 46(2) lit.c GDPR. You can find mor information to the processing of data by Pushy here https://pushy.me/terms-and-privacy and here https://pushy.me/data-processing-addendum . Push-Notifications are only sent to you after your consent, the legal basis is Art 6 (1) lit a GDPR. The legal basis for gathering data as for example the time stamp, push-token and device ID is Art 6 (1) lit b GDPR.
You can revoke your consent for Push Notifications any time as follows:
iOS:
Android:
We use Google Analytics Firebase to collect general data about the usage of the app. We gather and store the following data: Frequency of screen views , button clicks, uration of visit. A detailed description of information gathered and processed can be found here:
https://firebase.google.com/support/privacy#dataprocessinginformation Firebase is a Google company and part of the Google Cloud Platform. We therefore transmit the data listed above to Google Firebase in the USA (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). During the transmission process, your IP address becomes known to the service. The data is stored on servers in the USA.
We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. We have agreed to the EU standard contractual clauses with Google Firebase https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en . The legal basis for the transfer is Art. 46 (2) lit. c GDPR.
The legal basis for the use of Google Analytics Firebase is our legitimate interest according to article 6 (1) lit f. GDPR. As far as your consent is asked for, which includes Google Analytics Firebase, the legal basis is article 6 (1) lit a GDPR Firebase’s privacy policy is available at https://www.firebase.com/terms/privacy-policy.html
We use the AppsFlyer analytics service provided by AppsFlyer Ltd, 100 First Street San Francisco, California 94105, USA to measure the success of our marketing efforts. The information is provided to us by AppsFlyer in aggregated form. In order to understand the use of the CUJU App, we provide AppsFlyer with information regarding downloads and installations as well as in-app events such as in-app purchases, among other things. The legal basis for the use of AppsFlyer is our legitimate interest according to Art. 6 para. 1(f) of the General Data Protection Regulation. The collection and storage of data by AppsFlyer can be refused at any time, with effect for the future, by following the instructions at https://www.appsflyer.com/optout .
AppsFlyer receives information from the data sent to the servers by the SDKs (Software Development Kit) in a mobile end-user application. The data collected by the SDK includes information such as IP addresses (anonymized), browser, platform, SDK version, anonymized user ID, time key, developer key, application version and device identifiers (such as Identifier For Advertisers), Google advertising ID, device model, device manufacturer, operating system version, in-app events and network status (Wi-Fi/3G).
We use Google Firebase Crashlytics to track app crashes as they occur and to prevent future crashes. Firebase Crashlytics is used to generate and analyze crash reports when the App CUJU crashes. The crash reports may contain information related to the use of our app, such as device type, operating system, app version, time of crash. This serves exclusively to further develop the app in a user-oriented manner. The legal basis for this is Art 6 (1) lit.f GDPR.
Firebase is a Google company and part of the Google Cloud Platform. We therefore transmit the data listed above to Google Firebase in the USA (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). During the transmission process, your IP address becomes known to the service. The data is stored on servers in the USA.
We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. We have agreed to the EU standard contractual clauses with Google Firebase https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. The legal basis for the transfer is Art. 46 (2) lit. c GDPR.
Information about the functionality of Crashlytics and the collected device data: https://firebase.google.com/support/privacy#crash-stored-info
For the performance of the contractual relationship (i.e. in particular to provide the services owed to you) making accessible your personal data to third parties is necessary, if we make we recommend your profile to our Affiliate company ROGON GmbH&Co. KG because of your football performances for a Scouting. Scouts from Rogon can view your information and performance via a dashboard within the App.
The data processed by us will be deleted in accordance with Art. 17 GDPR or its processing will be restricted in accordance with Art. 18 GDPR. Unless otherwise provided for in this privacy policy, the data processed by us will be deleted as soon as it is no longer necessary for its intended purpose and the deletion does not conflict with any statutory retention obligations. We review the necessity every six months. If the data is not deleted because it is required for other, legally permissible purposes, its processing is restricted. I.e. the data is blocked and not used. This applies, for example, to data that must be retained for reasons of commercial or tax law.
According to legal requirements in Germany, the retention or storage of, in particular, commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc. is carried out for six years in accordance with Section 257 (1) of the German Commercial Code (HGB) and, in particular, of books, records, management reports, accounting vouchers, commercial and business letters as well as documents relevant for taxation, etc. for ten years in accordance with Section 147 (1) of the German Fiscal Code (AO).
Data transmissions to third countries outside the EU and the European Economic Area take place exclusively in compliance with the relevant regulations of the GDPR. In particular, to fulfill our contract with you, we make certain data available to other users or third parties worldwide. The legal basis for this transmission is Art. 49 (1) lit. b GDPR. In addition, we will only transfer your data to a third country if an adequacy decision in accordance with Art. 45 GDPR or suitable guarantees in accordance with Art. 46 GDPR are available. In order to guarantee the protection of the personal rights of the users we make use of the standard contractual clauses of the EU Commission pursuant to Art. 46 (2) lit. c) GDPR when drafting the contractual relationships with the recipients [service providers] in third countries. You can request these documents from us using the contact options listed below.
You have the right
The App is a general interest mobile application. We do not knowingly collect any personal information from children. If you are under 13 (in some countries under 16), you are not permitted to use the App. Consistent with the GDPR and other laws on children’s protection, e.g. the Children's Online Privacy Protection Act ("COPPA") applicable to users in the USA, the App is not intended for use by anyone under the age of 13 (in some countries under 16). CUJU does not knowingly collect personal information from children through the App.
If you are a parent or legal guardian and you believe your child under the age of 13 (in some countries under 16) has provided information to the CUJU Service without your consent, please contact us so that we may take appropriate action by deleting their personal data immediately.
If we process 'personal data on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR, you have the right to revoke any consent granted to us pursuant to Art. 7 para. 3 GDPR with effect for the future. If you wish to exercise your right of revocation, you can notify us by e-mail to dsb@cuju.pro. Alternatively, you can also use the contact details mentioned above in section 2.
If we process your personal data on the basis of our legitimate interests pursuant to Article 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
If you wish to exercise your right of objection, you can notify us by e-mail to dsb@cuju.pro. Alternatively, you can also use the contact details mentioned above under point 2.
We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. The security measures include in particular the encrypted transmission of data between your browser and our server.
We reserve the right to change our privacy policy if this should be necessary due to new technologies or changes in our data processing procedures or in order to adapt it to changes in the legal situation applicable to us. However, this only applies to this privacy policy. If we process your personal data on the basis of your consent or if parts of the data protection declaration contain provisions of the contractual relationship with you, any changes will only be made with your consent.
The current version of our data protection declaration and its history of changes can be found in your App menu “Privacy Policy”.