Skip to content

Last updated 4 June 2026

Privacy Policy

DE EN

Section 1 Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection provisions is Kersten Lorenz, Lübecker Str. 34, 44135 Dortmund. Contact: [email protected].

A separately appointed data protection officer does not currently exist, as the legal requirements for this under Art. 37 GDPR and Section 38 of the German Federal Data Protection Act (BDSG) are not met. Please direct enquiries regarding data protection matters to the email address stated above.

Section 2 Scope

This privacy policy applies to the processing of personal data in connection with

  • the website bettl.es,
  • the Bettles platform (web application and any future mobile applications),
  • the competitions conducted via it (in particular “Bettle One”),
  • contact by email.

Section 3 Definitions

This privacy policy uses the terms of the GDPR (in particular “personal data”, “processing”, “controller”, “processor”, “recipient”, “consent”) within the meaning of Art. 4 GDPR.

Section 4 Categories of data and purposes of processing

(1) When visiting the website

When the website is accessed, information that your device transmits is automatically recorded. This data includes in particular:

  • IP address (shortened where technically possible),
  • date and time of access,
  • browser and operating system used,
  • page accessed, referrer URL,
  • volume of data transferred.

This data is processed for the purpose of providing and ensuring the stability of the website (Art. 6(1)(f) GDPR; legitimate interest in the stable and secure operation of the website). The data is not merged with other data sources.

(2) On registration and use of the platform

Registration is required to use the Bettles platform. During registration, the following data is processed:

  • email address,
  • player name (nickname, freely chosen),
  • full name (private, only mutually visible within private clubs),
  • date of birth (for age verification; self-declaration),
  • an avatar generated by the system (Multiavatar) or an optionally uploaded profile picture,
  • login and session data (for authentication),
  • activities within the platform (membership in clubs, participation in bettles, tips placed, scores).

This data is processed for the purpose of performing the contract (Art. 6(1)(b) GDPR; provision of the platform functions) as well as to comply with legal obligations (Art. 6(1)(c) GDPR; in particular age verification).

(3) On participation in Bettle One or other prize competitions

In the event of a win in a competition conducted by the organiser, the following data is additionally processed:

  • contact data required for payout (name, address),
  • bank details (for cash prizes) or delivery address (for prizes in kind),
  • where applicable, proof of identity to verify majority age.

The legal basis is Art. 6(1)(b) GDPR (performance of the terms of participation).

(4) On contact

If you contact us by email, the data transmitted (in particular email address, name, request) is stored to process the enquiry. The legal basis is Art. 6(1)(b) GDPR for contractual enquiries and Art. 6(1)(f) GDPR for other enquiries (legitimate interest in proper processing).

Section 5 Cookies and local storage

(1) The platform uses technically necessary cookies and your browser’s local storage (local storage / session storage) to provide functions such as login, session management and individual preferences. This processing takes place on the basis of Section 25(2) no. 2 TDDDG (German Telecommunications-Telemedia Data Protection Act; strictly necessary for the digital service expressly requested by the user) and, as applicable, Art. 6(1)(b) and (f) GDPR.

(2) Cookies or stored content for tracking, analysis or advertising purposes are not used. Should this change in the future, integration will take place exclusively on the basis of the user’s express consent (Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG).

Section 6 Hosting

(1) The website bettl.es is hosted by Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA (hereinafter “Cloudflare”). As part of the hosting and the provision of the content delivery network (CDN) and the security functions, Cloudflare processes technical access data, in particular the IP address of the visitor.

(2) A data processing agreement (DPA) under Art. 28 GDPR has been concluded with Cloudflare. Cloudflare processes the data exclusively in accordance with the controller’s instructions. Further information can be found in the Cloudflare privacy policy.

(3) The transfer to Cloudflare as a US company is permissible under the EU-US Data Privacy Framework (DPF), in which Cloudflare is certified to participate. Standard contractual clauses additionally apply (Art. 46(2)(c) GDPR).

(4) Beyond hosting, we use Cloudflare Web Analytics / Real User Monitoring (“RUM”) to measure and improve the technical performance of the website (in particular load times and so-called Core Web Vitals). For this purpose a script is embedded that collects performance data from your browser’s interfaces. According to Cloudflare, this script does not set cookies and does not read any data stored in your browser (in particular local storage and session storage); the IP address is discarded upon receipt at the nearest data centre and is not stored permanently. There is no cross-site recognition. The legal basis is Art. 6(1)(f) GDPR; our legitimate interest lies in the analysis and optimisation of the technical performance of the website. For any transfer to the USA, the safeguards referred to in paragraph 3 and in Section 9 apply.

Section 7 Provision of the platform through backend services

(1) The platform functions are provided by the controller’s own backend system (referred to internally as “PAM”). All player data, memberships, tips and scores are processed on servers operated by the controller or by processors engaged within the meaning of Art. 28 GDPR.

(2) The backend is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, in German data centres. A data processing agreement under Art. 28 GDPR has been concluded with Hetzner; no transfer to a third country takes place.

Section 8 Third-party services and processors

The following categories of service providers are engaged in connection with the operation of the platform:

(1) Authentication service

Logging in to the platform takes place via a Keycloak service operated by the controller itself (OpenID Connect / OAuth 2.0), hosted on the Hetzner infrastructure in Germany referred to in Section 7. Email address, a login identifier, session data and authentication metadata are processed. The legal basis is Art. 6(1)(b) GDPR.

(2) Sports data and betting odds

To provide fixtures, odds from real bookmakers and official match results, the platform obtains data from external sports data providers. This data contains exclusively sports-related information (teams, match times, odds, results) and no personal data of the participants. No personal data of participants is therefore transferred to these third-party providers.

(3) Avatars

If you do not upload your own avatar, a randomly generated avatar image is assigned to you via the Multiavatar method. The generation takes place server-side on the controller’s systems; no personal data is transferred to external providers for this purpose.

(4) Sending transactional emails

To send transactional and system emails (e.g. registration confirmation, password reset, win notification), webgo GmbH, Hamburg, is used. Your email address, your player name and the respective content of the message are processed. A data processing agreement under Art. 28 GDPR has been concluded with webgo; processing takes place within Germany.

Section 9 Transfer to third countries

(1) A transfer of personal data to countries outside the European Economic Area (EEA) takes place in connection with hosting by Cloudflare (see Section 6).

(2) Any transfer to third countries beyond this only takes place insofar as an adequacy decision by the EU Commission exists or appropriate safeguards within the meaning of Art. 46 GDPR are in place (in particular standard contractual clauses, EU-US Data Privacy Framework).

Section 10 Storage period

(1) Personal data is only stored for as long as is necessary for the respective purposes or as required by statutory retention periods.

(2) Account data is stored for the duration of your membership on the platform. After deletion of the account, your personal data is deleted or anonymised, unless statutory retention obligations preclude this (in particular commercial and tax retention periods under Section 257 of the German Commercial Code (HGB) and Section 147 of the German Fiscal Code (AO)).

(3) Server log files are generally deleted or anonymised after 14 days. In the event of security-relevant incidents, longer storage may be necessary.

(4) Win determination and payout data is stored for the duration of the statutory retention periods.

Section 11 Recipients of personal data

(1) Personal data is passed on to the following recipients or categories of recipients:

  • processors within the meaning of Art. 28 GDPR (see Section 6, Section 7 and Section 8),
  • other platform users, insofar as visibility initiated by the user or provided for in the terms and conditions exists (e.g. player name in member lists, tips within a bettle after evaluation),
  • state bodies and authorities, insofar as there is a legal obligation to transfer.

(2) No disclosure for advertising or market research purposes takes place.

Section 12 Rights of the data subject

You have the following rights vis-à-vis the controller with regard to the personal data concerning you:

  • right of access (Art. 15 GDPR),
  • right to rectification (Art. 16 GDPR),
  • right to erasure (Art. 17 GDPR),
  • right to restriction of processing (Art. 18 GDPR),
  • right to data portability (Art. 20 GDPR),
  • right to object to processing (Art. 21 GDPR).

To exercise your rights, please contact [email protected].

Insofar as the processing of your personal data is based on consent (Art. 6(1)(a) GDPR), you can withdraw this at any time with effect for the future. The lawfulness of the processing carried out up to the withdrawal remains unaffected.

Section 14 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by the controller (Art. 77 GDPR). The authority responsible is in particular the data protection supervisory authority of the federal state in which the controller is based:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia)
Kavalleriestraße 2–4
40213 Düsseldorf

Section 15 Data security

The controller takes appropriate technical and organisational measures under Art. 32 GDPR to protect your data against unauthorised access, loss, manipulation and unlawful processing. These include, among other things, the transmission of your data over an encrypted TLS connection, secured servers, regular security updates and a restriction of internal access to personal data to the necessary minimum.

Section 16 Validity and amendment of this privacy policy

This privacy policy is adapted as soon as statutory requirements make this necessary or changes in processing make it necessary. The current version applies on each renewed visit.

Last updated: 4 June 2026.