Skip to content
Close
en-us
de-de
Request Live Demo
en-us
de-de
Request Live Demo

GENERAL TERMS AND CONDITIONS (GTC) for business customers (B2B)

Move Republic GmbH, Version 10-2024

TABLE OF CONTENTS
loading...

MySports Rewards offers a healthy exercise promotion program for employees of companies

(hereinafter referred to as the "Promotion Programˮ).

The Promotion Program aims to improve a company's positioning as a credible and attractive employer, increase team spirit and employee loyalty, and contribute to talent recruitment and retention, thereby increasing the company's productivity by reducing sick leave.

The customer is a company that is interested in making the development program available to its employees.

to make the development program available to its employees.

1. scope of services

1.1MySports Rewards grants the customer the right to use the promotion program by the customer's employees in accordance with the provisions of this contract.

1.2The support program includes the ongoing conception, administration and implementation of various measuresaimedat increasing and maintaining the motivation of the employees designated by the customer to take advantage of the measures of the support program (hereinafter referred to as "eligible person") for healthy exercise and thereby increasing the physical and mental performance of the eligible persons.

The measures include in particular

  • the implementation of campaigns in the context of which eligible persons are rewarded for achieving exercise-based goals (e.g. non-cash prizes, vouchers, participation in events),

  • the organization of individual and/or team competitions (challenges) for eligible persons with the possibility of winning,

  • the regular evaluation of data collected from various sources on the exercise activities (hereinafter "activity data") of authorized persons

  • the provision of digital advisory services for customers and authorized persons with regard to healthy exercise and ways to motivate them to do so, and

  • the organization of information events on topics relating to healthy exercise.

As part of these measures, as many types of exercise and activity as possible are promoted for eligible persons (e.g. walking, cycling, visits to fitness and sports facilities). In addition, the promotion program includes the control and adaptation of the measures to the individual needs of the customer and the eligible persons, active motivation-oriented communication with eligible persons and statistical evaluations.

MySports Rewards determines the specific content of the promotion program at its reasonable discretion. In particular, MySports Rewards will take into account the specific needs of the customer and eligible persons communicated to it by the customer, the number of eligible persons and the amount of the exercise investment (as defined in section 6.1) owed by the customer.

1.3The customer has the right to nominate employees to MySports Rewards to whom MySports Rewards must grant the right to use the promotional program (hereinafter referred to as the "right to participate").

The prerequisite for the use of the right to participate by the respective authorized person is that (i) the respective authorized person has registered for the promotion program, (ii) the respective authorized personhas acceptedthe General Terms and Conditions of MySports Rewards for MySports Rewards (hereinafter in the respective valid version "MySports Rewards GTC"), (iii)has taken noteof the MySports Rewards Privacy Policy for MySports Rewards (hereinafter referred to asthe "MySports Rewards Privacy Policy" as amended from time to time), (iv) has granted and not revoked all data protection consents required to exercise the right to participate, and (v) the customer is not in default of payment of any amount owed under this agreement.

The relationship between the respective authorized person and MySports Rewards is otherwise governed by the provisions of the MySports Rewards GTC.

MySports Rewards is entitled to amend the MySports Rewards GTC and the MySports Rewards Privacy Policy at any time in relation to the customer. The current version of both documents can be accessedat https://www.mysports-rewards.com/de/de/agb or athttps://www.mysports-rewards.com/de/de/datenschutz or at another Internet address provided to the customer.

1.4Each right to participate is only valid for a single natural person.

The entitlement of a person to participate in the support program ends at the point in time at which the person concerned is no longer an employee of the customer. Immediately after becoming aware that a person is no longer an employee of the customer, MySports Rewards will terminate this person's right to participate in the program at the next permissible date. Furthermore, the customer is entitled to instruct MySports Rewards to terminate the right to participate of an authorized person at the next permissible date.

The (formerly) eligible person loses the right to use the promotional program upon termination of their right to participate by MySports Rewards. In this case, the customer may nominate another employee to MySports Rewards as the authorized person, who must grant MySports Rewards the right to participate that has become vacant in accordance with the provisions of section 2.3.

1.5MySports Rewards provides the customer and the authorized persons with an electronic platform accessible via a web browser (hereinafter "service platform"). The service platform contains various functions in connection with the use of the promotional program, whichcan be accessedvia a personal area set up for the customer or the respective authorized person (hereinafter "user account"), e.g.

a)for the customer:

  • Provision and administration of lists detailing the employees participating in the support program and the participation rights (hereinafter "participant lists"),

  • Provision of overviews for the competitions organized as part of the sponsorship program,

  • Provision of statistical evaluations of the activity performance of groups of eligible persons,

  • Communication options with the employees participating in the sponsorship program,

  • Provision of a dashboard overview with important key figures.

b)for an authorized person:

-Recording of exercise activities,

-Evaluation of target achievement,

-recording of reward points earned (STARS),

-use of reward points for rewards.

Each authorized person can alsoaccess their user accountvia a mobile application operated by MySports Rewards (hereinafter "MySports Rewards App"). The MySports Rewards App is available for download from the Google and Apple app stores.

1.6 MySports Rewards willassign the customer an individual company code (program ID) (hereinafter "company code"). The Company Code is used by MySports Rewards to verify a person's eligibility to use the promotional program.

1.7MySports Rewards is entitled to use third parties as vicarious agents to fulfill its obligations under this contract.

2. AVAILABILITY OF THE SERVICE PLATFORM

MySports Rewards guarantees availability of the service platform for the customer and authorized persons of 98% on an annual average. When calculating availability, periods of temporary unavailability due to routine or necessary maintenance, data backup or updating measures shall not be taken into account. Also not to be taken into account when calculating availability are downtimes (i) which are due to a lack of technical prerequisites for access to the service platform to be provided by the respective authorized person or the customer, (ii) which are due to faults in the general telecommunications infrastructure or are the responsibility of the data transmission company or (iii) which are due to force majeure.

3. OBLIGATIONS OF THE CUSTOMER

3.1The customer will only nominate to MySports Rewards employees who are at least 16 years old as authorized persons. The customer shall inform MySports Rewards immediately if the employment relationship between the customer and an employee designated as an authorized person is terminated.

3.2The customer shall inform MySports Rewards of the promotion program to the employees nominated by the customer as eligible persons at the latest immediately after their nomination. In this context, the customer will inform the authorized persons that registration with MySports Rewards is a prerequisite for using the promotion program. The customer shall inform the authorized persons about the significance of the company code and shall oblige them to maintain confidentiality with regard to the company code.

3.3The customer will inform the authorized persons together with the notification in accordance with section 4.2 that the customer is entitled to instruct MySports Rewards to terminate participation rights granted and that MySports Rewards is obliged to comply with the customer's instruction. The customer will also inform the authorized persons that MySports Rewards will terminate the participation rights if their employment relationship with the customer or this contract ends. The customer will also inform the eligible persons that they will lose their right to use the promotional program when the termination of their right to participate takes effect.

3.4The customer is obliged to continuously check the participant lists made available to him via the service platform and to inform MySports Rewards immediately in the manner provided for in the service platform if a person listed there (i) is no longer an employee of the customer or (ii) should no longer have the right to participate. A notification within the meaning of the preceding sentence shall be deemed to be an instruction from the customer to MySports Rewards within the meaning of section 2.4 sentence 4.

3.5The customer shall ensure that he/she is authorized

a)to process the surname, first name and date of birth of the respective authorized person in the context of granting and maintaining participation rights,

b)to pass on information to MySports Rewards that an authorized person is not (or no longer) an employee of the customer or that the right to participate is to be terminated in respect of an authorized person, and

c)to receive the message that the respective authorized person has not actively participated in the promotional program for a defined period of time (usually one month) (inactivity message).

The customer is responsible not only for the permissibility of the processing of the respective data point in accordance with Art. 6 para. 1 of the General Data Protection Regulation (hereinafter "GDPR"), but also for safeguarding the rights of the persons affected by the customer's data processing in accordance with Art. 12 et seq. GDPR.

3.6The customer may not use the contractual services of MySports Rewards for any purpose that is unlawful or immoral or is not in accordance with the content of this contract. The customer also undertakes (i) not to send or receive any messages via the service platform that are not related to the promotional program and (ii) not to send any incorrect information (in particular incorrect personal data).

3.7The customer is responsible for backing up the content provided to him/her by MySports Rewards via the service platform or in any other way in connection with this contract in such a way that it can be restored by the customer with reasonable effort.

3.8The customer is obliged to keep the access data to his user account secret.

4. ADMINISTRATION OF PARTICIPATION RIGHTS/LICENSES

4.1The customer is responsible for determining, monitoring and managing the number of participation rights.

4.2Every new participant who joins the program immediately receives an active license and can receive rewards. The respective program manager will be informed of this by e-mail. The customer is obliged to check each new participant to ensure that they are entitled to actively participate in the program, receive rewards and, if necessary, deactivate sponsorship.

5. REMUNERATION

5.1The customer owes MySports Rewards the remuneration agreed in the contract for the provision of the contractually owed services, which is calculated in arrears on the basis of the participation rights/licenses used.

5.2The exercise investment and motivation fee are payable in full for each commenced calendar month of the contract term.

5.3The one-off initial fee is due for payment immediately upon conclusion of this contract.

5.4The customer is entitled to change the amount of the monthly exercise investment with a notice period of one week to the end of a calendar month with effect from the beginning of the respective following month by declaration in text form to MySports Rewards.

5.5All MySports Rewards prices are subject to the applicable statutory value added tax.

5.6The customer is obliged to issue MySports Rewards with a SEPA direct debit mandate immediately after conclusion of this contract for the purpose of collecting the remuneration owed under this contract. MySports Rewards is entitled to collect the remuneration owed under this contract after the due date by direct debit from the account specified by the customer. MySports Rewards must notify the customer of the direct debit (i) in the case of the first direct debit and (ii) in the case of subsequent direct debits in the event of changes to the monthly direct debit amount at least 3 calendar days prior to the direct debit. The customer undertakes to provide a valid SEPA direct debit mandate for the entire term of the contract and not to revoke it. MySports Rewards must be informed immediately of any changes affecting payment transactions.

5.7The customer's obligation to pay the one-off initial fee, the exercise investment and the motivation fee exists irrespective of whether and to what extent the customer or the authorized persons use the agreed participation rights, measures within the framework of the promotional program, the service platform and/or the MySports Rewards app.

5.8In the event that the customer defaults on a payment in whole or in part, all of the customer's existing payment obligations to MySports Rewards shall become due immediately and the promotional program shall be paused. This also applies to other services not yet fully performed by MySports Rewards. In the event of late payment, MySports Rewards is entitled to perform outstanding services only against advance payment or the provision of security or to withdraw from other services that have not yet been fully performed. In addition, MySports Rewards retains the right to claim damages for breach of duty.

6. CONTRACT TERM AND TERMINATION

6.1The contract commences on the date agreed in the contract.

6.2This contract is concluded for an indefinite period.

6.3Either party may terminate this Agreement by giving one (1) month's notice to the end of a calendar month.

6.4This contract may be terminated by either party for good cause without notice. Good cause shall be deemed to exist if facts exist on the basis of which the terminating party, taking into account all circumstances of the individual case and weighing the interests of both parties, cannot reasonably be expected to continue this contract until the expiry of the notice period in accordance with clause 7.3.

6.5Good cause for termination without notice exists for each party in particular if

a)the other party or a third party has applied for the opening of insolvency proceedings in relation to the other party or the other party intends to file such an application within the next fourteen (14) days;

b)insolvency proceedings have been opened against the assets of the other party or have been dismissed for lack of assets;

c)a significant deterioration in the financial circumstances of the other party has occurred or threatens to occur;

d)the other party has culpably breached material contractual obligations in a more than insignificant manner and a reasonable grace period has elapsed without success or a warning has remained unsuccessful;

e)the performance of this contract has been objected to by a competent authority and a deadline set by this authority to remedy the relevant defects has expired without success or at least one of the parties has been prohibited from further performance of this contract by a competent authority.

6.6Termination must be in writing to be effective.

6.7 Inthe event of termination of this contract, MySports Rewards will terminate the participation rights of all eligible persons with effect from the date of termination of this contract or, if this is not possible, at the next permissible date after the date of termination of this contract. Upon termination of the right to participate, the eligible person concerned loses the right to use the promotional program.

7. RIGHTS TO THE FUNDING PROGRAM AND THE SERVICE PLATFORM

7.1No intellectual property rights are transferred to the customer under this contract in relation to the promotional program, measures under the promotional program, the service platform, the content of the service platform or the MySports Rewards app.

7.2MySports Rewards grants the Customer a non-exclusive, non-sublicensable and non-transferable right to use the Service Platform and its content during the term of the Agreement in accordance with the terms of this Agreement.

8 LIABILITY

8.1The customer is aware that errors may occur in the use of software, computers and telecommunications systems and that downtimes may occur. MySports Rewards therefore does not guarantee that the MySports Rewards service will be uninterrupted, secure or free from the aforementioned errors. Insofar as the service platform contains hyperlinks to platforms operated by persons other than MySports Rewards, MySports Rewards is not responsible for the content published on these platforms.

8.2MySports Rewards is not liable for the fact that the activity data of authorized persons, which is transmitted from the IT systems of third parties (e.g. fitness studios) or from other sources used by the authorized persons to record the activity data (e.g. fitness watches) to MySports Rewards or the service platform and used by MySports Rewards for display to the customer or the authorized persons and/or for the creation of evaluations, accurately and completely reflect the activities actually performed by the authorized persons.

8.3The liability of MySports Rewards towards the customer for damages is regulated as follows:

a) MySports Rewards is liable without limitation in the event of intent and in the event of injury to life, limb or health and within the scope of the Product Liability Act. The same applies in the absence of warranted characteristics and for damages covered by a guarantee granted by MySports Rewards.

b) In the event of gross negligence on the part of MySports Rewards' legal representatives or executives, MySports Rewards has unlimited liability. In the event of a grossly negligent breach of obligations by MySports Rewards' vicarious agents, liability is limited to compensation for foreseeable damages typical for this type of contract.

c)In the event of simple negligence, MySports Rewards is only liable for damages that are attributable to material breaches of duty that jeopardize the achievement of the purpose of the contract or to the breach of duties whose fulfilment is essential for the proper performance of the contract. Liability is limited to the foreseeable damage typical of the contract. This applies to all claims for damages regardless of their legal basis, including claims in tort.

d)Insofar as MySports Rewards is liable in accordance with letter c) above, liability is limited to an amount of EUR 2,000 per damage event, up to a maximum of EUR 10,000 per contractual year.

e)Strict liability on the part of MySports Rewards for errors in the promotional program or the service platform that already existed at the time the contract was concluded in accordance with Section 536a (1) of the German Civil Code (hereinafter "BGB") is expressly excluded.

f)If the customer uses the promotional program or service platform contrary to the terms of the contract, or if the customer fails to follow instructions issued by MySports Rewards, MySports Rewards shall not be liable. The customer is free to prove that the damage claimed (i) is based on a culpable breach of duty by MySports Rewards and (ii) would also have occurred in the event of lawful use of the promotional program or service platform by the customer or if the customer had followed the instructions of MySports Rewards.

g)MySports Rewards is not liable for any unauthorized or improper use of the promotional program or the service platform by third parties (e.g. authorized persons or other users of the promotional program). § Section 278 BGB does not apply in this respect.

h)The above provisions apply accordingly to claims by the customer for reimbursement of futile expenses.

9. DATA PROTECTION

9.1When processing personal data within the scope of this contract, the parties must comply with all applicable data protection regulations, in particular the provisions of the GDPR and the relevant national data protection laws.

9.2Details on the processing of the customer's personal data can be found in MySports Rewards' privacy policy, which can be viewed and downloadedat https://www.mysports-rewards.com/de/de/datenschutz. The privacy policy is not part of the contractual agreement between MySports Rewards and the customer and may be subject to change. The use of the service platform by the customer to maintain the list of participants (see section 2.5 sentence 2 letter a. above) is subject to the existence of a non-terminated agreement on order processing between the customer and MySports Rewards in accordance with Art. 28 GDPR.

10. CONFIDENTIALITY

10.1All information that relates to the customer, an authorized person or MySports Rewards and (i) is marked as confidential or (ii) is reasonably considered confidential due to its nature and content, is considered "Confidential Information".

10.2The following information shall not be considered Confidential Information for the purposes of this Agreement:

(a)any information that is generally known or available to the public or becomes known without the cooperation of the other party;

(b)any information already possessed by the other party prior to its disclosure under this Agreement without any obligation of confidentiality;

(c)any information received by a party from a third party and the party is not aware that the third party is under an obligation of confidentiality in respect of the information provided;

(d)any information that has been or will be developed by a party independently of the Confidential Information of the other party; and

(e)any information which has been exempted in writing by the disclosing party from this confidentiality obligation.

10.3Each party undertakes,

a)keep the Confidential Information received from the other party in strict confidence at all times and protect it from unauthorized access, use or disclosure by third parties,

b)only make it accessible to those employees, service providers, freelancers, consultants, auditors and affiliated companies and their employees who require the respective Confidential Information of the other party to fulfill their respective tasks. The aforementioned persons shall be bound to confidentiality in accordance with the provisions of this clause 11, unless they are already bound to confidentiality by virtue of their profession; and

c)to use all Confidential Information of the other party exclusively for the performance of this Agreement and not to use the Confidential Information of the other party for any other purpose.

10.4A party shall be entitled to disclose Confidential Information of the other party to the extent required by mandatory law or by order of a competent court or authority. In the cases described in the preceding sentence, the party concerned is obliged to inform the other party of the disclosure in good time - insofar as this is legally permissible - so that the other party can take appropriate additional measures to protect the Confidential Information.

10.5The receiving party undertakes, at its own expense, to immediately (i) upon request of the disclosing party and (ii) upon termination of this Agreement, either return or irretrievably destroy all Confidential Information received, including the originals and any copies, records or other reproductions thereof, at the discretion of the disclosing party. The Receiving Party shall confirm to the Disclosing Party upon request that it has complied with its obligations under this Section 11.5. The foregoing obligations shall not apply to the extent and for as long as the Confidential Information is required to be retained by the Receiving Party under applicable law. Excluded from the obligation to return and destroy is Confidential Information that is stored electronically as part of routine backup or archiving procedures and cannot be destroyed or deleted for technical reasons or only with unreasonable effort.

10.6 Theconfidentiality obligation set out in this clause 11 shall continue for a period of 5 years after termination of this Agreement.

11. CONTACT PERSONS AND COMMUNICATION

11.1Each party shall designate a contact person (hereinafter referred to as "Contact Person") and a deputy whoare authorizedto receive all declarations within the scope of the execution of this Agreement (hereinafter referred to as "Communications") and who can make decisions in all day-to-day matters of cooperation. If, in exceptional cases, a contact person or their deputy is unable to assess or decide on an issue, they shall ensure that the assessment or decision is made without delay. The other party shall be notified immediately in text form of any changes to the contact persons, deputies or their contact details. Alternatively, the signatories to this contract shall be deemed to be the contact persons.

11.2MySports Rewards operates a service for receiving and responding to inquiries and messages from the customer and authorized persons in connection with the promotional program and the service platform, which can be reached via chat function and e-mail. The respective service times and contact details of the hotline shall be communicated to the customer and the authorized persons via the service platform.

11.3Unless expressly stipulated otherwise in this contract, notifications from one party to the other must be sent in text form. Verbal or telephone communications must be confirmed in text form upon request by the other party.

12. OTHER PROVISIONS

12.1MySports Rewards is not a party to the legal relationship between the customer and the respective authorized person and assumes no obligations or responsibility in this regard. In particular, MySports Rewards is not responsible for any claims made by eligible persons against the customer due to the customer's instruction to MySports Rewards to terminate an eligible person's right to participate. The same applies to consequences arising from the termination of this contract for the legal relationship between the customer and the respective authorized person. The legal relationship between the customer and the respective authorized person is the sole responsibility of the customer and the respective authorized person.

12.2The customer is not entitled (i) to offset his claims against MySports Rewards against claims to which MySports Rewards is entitled against the customer arising from or in connection with this contract, or (ii) to refuse to fulfil obligations incumbent on him arising from or in connection with this contract by invoking a right of retention, unless the customer's underlying claims have been recognized in writing by MySports Rewards or have been established by a final and binding decision of a competent court.

12.3This contract does not create any rights in favor of third parties in accordance with §§ 328 ff. BGB, in particular not for the authorized persons. Likewise, this contract is not a contract with protective effects in favor of third parties.

12.4Neither party is entitled to transfer its rights or obligations under or in connection with this contract to a third party without the prior written consent of the other party.

12.5This contract shall be governed by the substantive law of the Federal Republic of Germany, excluding the application of international private law and the UN Convention on Contracts for the International Sale of Goods.

12.6The exclusive place of jurisdiction for all disputes arising from or in connection with this contract is the court at the registered office of MySports Rewards.

12.7 There are no verbal collateral agreements. Amendments or additions to this contract must be made in writing (a simple electronic signature is sufficient). The written form requirement also applies to any amendment to this written form clause. The written form requirement shall also be satisfied if a document signed by hand or by electronic signature is sent by e-mail.

12.8Should one or more provisions of this contract be or become invalid, this shall not affect the validity of the remaining provisions of this contract. The parties are obliged to replace the invalid and/or unenforceable provision with a provision that achieves the economic purpose of the invalid or unenforceable provision as far as possible. The above provision shall apply accordingly in the event of an unrecognized gap in this contract.

12.9Insofar as this contract and/or the agreement on commissioned processing is concluded via an online procedure, either party may at any time request that the contract or the agreement on commissioned processing be replaced by a written document or confirmed by a written document signed manually or electronically by an authorized representative of the respective party. If a party fails to comply with such a request within 30 days of receipt of the request, the other party shall have the right to suspend the performance of its obligations in whole or in part until the other party has complied with the request.

12.10The place of performance for all obligations arising from this contract is the registered office of MySports Rewards.

Data processing agreement (DPA) for business customers (B2B) pursuant to Art. 28 GDPR

The customer and MySports Rewards have concluded an agreement ("contract") on the use of the service offered by MySports Rewards of a healthy exercise promotion program for employees.

The fulfillment of the services owed by MySports Rewards on the basis of the Agreement requires MySports Rewards to handle the customer's personal data (hereinafter also referred to as "user data"). User data is processed by MySports Rewards as a processor on behalf of the customer in accordance with the provisions of Art. 28 of the EU General Data Protection Regulation ("GDPR").

This contract specifies the rights and obligations under data protection law applicable between the customer and MySports Rewards in this respect.

§ 1 Subject matter of the contract, type of data, group of data subjects

1 MySports Rewards provides the customer with the services owed under the main contract (hereinafter also referred toas the "service"), in particular

(i)Provision of a process that enablesthe customer to independently maintain and update lists of authorized persons named by the customer ("participant lists") and to independently manage the participation rights of these persons within the participant list;

(ii)provision of a process for comparing the authorized persons on the Participant List with the request data of potentially authorized persons transmitted by MySports Rewards to the customer, in order to verify an existing right to participate.

In the course of the customer's use of the aforementioned functionalities of the MySports Rewards service, the user data is collected, processed and deleted for the customer in accordance with the main contract, taking into account all data protection regulations and with the help of processes established at MySports Rewards.

2. data of the following groups of persons may be affected by the commissioned data processing:

(i) Customer and employees of the customer;

(ii) Authorized persons designated by the customer;

(iii) persons who have identified themselves to MySports Rewards as authorized persons without being named by the customer.

Without exception, this concerns the following personal data of the aforementioned group of data subjects:

(i) With regard to the customer and employees of the customer:

  • Name, contact details,

  • Registration processes for the use of the MySports Rewards service,

  • consent opt-ins.

(ii) With regard to authorized persons named by the customer:

  • Surname, first name, date of birth, email,

  • Participation status (including request for termination vis-à-vis MySports Rewards),

  • Company code ("Program ID"),

  • Inactivity messages,

  • consent opt-ins.

(iii) With regard to persons who have identified themselves to MySports Rewards as authorized persons without being named by the customer:

  • Surname, first name, date of birth, email,

  • company code ("program ID").

(3) The purpose of processing the user data is to provide technical support to the customer in managing the authorized persons named by the customer and to check the authorization of a person.

4. processing operations of the type described in Art. 4 para. 2 GDPR are carried out. This means that user data is collected, recorded, organized, arranged, stored, adapted and modified, read out, queried, used and disclosed by transmission. User data is also compared, linked and deleted in accordance with regulations.

§ 2 Responsibilities and authority of the customer to issue instructions

  1. The customer is solely responsible for the permissibility of data processing in accordance with Art. 6 GDPR and for safeguarding the rights of the persons whose data is processed (the data subjects) in accordance with Art. 12 to 22 GDPR.

  2. MySports Rewards shall cooperate to the extent necessary in the fulfillment of the rights vis-à-vis the data subjects pursuant to Art. 12 to 22 GDPR by the customer, in the preparation of the records of processing activities and in any necessary data protection impact assessments of the customer and shall provide the customer with appropriate support as far as possible (Art. 28 para. 3 sentence 2 lit. e and f GDPR). MySports Rewards will immediately forward all requests from data subjects to the customer, provided that they are recognizably directed exclusively to the customer.

  3. MySports Rewards processes the user data exclusively in accordance with the provisions of the main contract concluded with the customer and within the framework of the instructions issued by the customer, unless there is an exceptional case within the meaning of Art. 28 para. 3 lit. a GDPR. MySports Rewards does not use the user data provided for data processing for any other purpose and does not store it for longer than specified by the customer.

  4. The customer generally issues all instructions using special functionalities of the MySports Rewards service set up for this purpose. The use of the functionalities for issuing instructions by the customer is documented by MySports Rewards. Outside the service, the customer generally issues instructions by e-mail or in writing.

  5. If MySports Rewards is of the opinion that an instruction from the customer violates the GDPR or other data protection regulations, MySports Rewards will inform the customer immediately. MySports Rewards is entitled to suspend the implementation of the relevant instruction until it is confirmed or amended by the customer's controller following a review.

  6. The customer shall inform MySports Rewards immediately if the customer discovers errors or irregularities when checking the processing results.

§ Section 3 Data protection officer of MySports Rewards, list of processing activities

  1. At MySports Rewards, the management is responsible for data protection. The management appoints a data protection coordinator internally.

  2. The data protection coordinator must ensure compliance with the GDPR and other data protection regulations with regard to the contractual relationship. To this end, the data protection coordinator carries out regular checks. A record is kept of the checks. If the data protection coordinator discovers irregularities in data processing in the course of his/her duties, he/she shall inform the management of MySports Rewards immediately.

§ 4 Confidentiality

  1. MySports Rewards must treat all records, documents and other information carriers provided within the scope of this contractual relationship as confidential. This also applies to all other information that becomes known to MySports Rewards during the execution of this contract. This obligation applies - subject to deviating legal provisions, court or official orders - during and after termination of this contract.

  2. MySports Rewards undertakes to maintain confidentiality within the meaning of Art. 28 para. 3 b) GDPR when processing the customer's personal user data in accordance with the contract. MySports Rewards warrants that MySports Rewards will familiarize the employees engaged in the performance of the work with the relevant data protection provisions before they commence their work and that they will be bound to secrecy in an appropriate manner for the duration of their employment and after termination of the employment relationship. The contractor shall monitor compliance with the data protection regulations in his company.

  3. The customer is obliged to treat all knowledge of business secrets and data security measures of MySports Rewards obtained within the scope of this contractual relationship as confidential. This obligation shall remain in force even after termination of this contract.

§ 5 Correction, deletion, restriction of processing of data

MySports Rewards must correct, delete or restrict the processing of user data if the customer requests this by means of an instruction and this does not conflict with the legitimate interests of MySports Rewards. Irrespective of this, MySports Rewards must rectify, erase or restrict the processing of user data if the customer's instruction is based on a legitimate claim of the data subject under Art. 16, 17 and 18 GDPR. If a data subject contacts MySports Rewards directly regarding the rectification, erasure or restriction of the processing of their data, MySports Rewards will forward this request to the customer without delay.

§ Section 6 Third country transfer, subcontracting relationships

  1. The provision of the contractually agreed data processing takes place without exception on servers located within a member state of the European Union or in another state party to the Agreement on the European Economic Area. Data processing in third countries results exclusively from subcontracting relationships with subcontractors in third countries (see section 2 below). Details can be foundinAppendix 1.

  2. At the time of the conclusion of this agreement, the companies listed in Annex 1 are subcontractors for partial services for MySports Rewards and also process user data directly in this context. For the subcontractors named therein, consent to act is deemed to have been granted. Subcontractors in third countries may only be commissioned if the special requirements of Art. 44 ff GDPR are met (e.g. adequacy decision of the Commission, standard data protection clauses including Transfer Impact Assessment (TIA), approved code of conduct).

  3. MySports Rewards shall inform the customer of any intended change to the subcontractors named in Appendix 1, regardless of whether additional subcontractors are added or existing subcontractors are replaced, stating the name and address as well as the intended activity of the subcontractor concerned, and shall make the intended change to the version of Appendix 1 available online; this gives the customer the opportunity to object to the change in question within one week of receipt of the notification. MySports Rewards will inform the customer of this deadline in the notification. If the customer does not raise an objection, the online version will replace the previous version of Appendix 1.

  4. If the customer raises an objection for reasons other than good cause, MySports Rewards may terminate this contract and the main contract with the customer at the time of the planned deployment of the subcontractor without notice, without the customer being entitled to claim damages or other payment claims against MySports Rewards in this connection. An important reason for an objection on the part of the customer exists in particular if the use of the subcontractor's services violates the provision in Art. 28 para. 3 sentence 2 lit. d) GDPR.

  5. MySports Rewards must contractually ensure that the provisions agreed between the customer and MySports Rewards also apply to subcontractors. The contract with the subcontractor must specify the details in such a way that the responsibilities of MySports Rewards and the subcontractor are clearly delineated. If several subcontractors are used, this also applies to the responsibilities between these subcontractors.

  6. MySports Rewards must verify compliance with data protection obligations by the respective subcontractor. Upon written request, the client is entitled to obtain information from MySports Rewards about the subcontractor's data protection obligations, if necessary also by inspecting the relevant contractual documents. Under the conditions set out in § 7 of this contract, on-site inspections of the subcontractor by the customer or third parties commissioned by the customer must be possible.

  7. The contract with the subcontractor must be drawn up in writing, which may also be in an electronic format (Art. 28 (4) and (9) GDPR).

  8. The transfer of data to the subcontractor is only permitted if the subcontractor has fulfilled the obligations under Art. 29 and Art. 32 para. 4 GDPR with regard to its employees.

  9. MySports Rewards is liable to the customer for ensuring that the subcontractor complies with the data protection obligations contractually imposed on it by MySports Rewards in accordance with this section of the contract.

  10. A subcontracting relationship requiring consent does not exist if MySports Rewards commissions third parties as an ancillary service to the main service. However, MySports Rewards is obliged to make appropriate and legally compliant contractual agreements and to take control measures to ensure the protection and security of personal data from this contractual relationship, even in the case of ancillary services provided by third parties. The ancillary services must be specified in detail at the customer's request.

§ 7 Control by the customer and obligations to cooperate and tolerate

  1. The customer is entitled to check compliance with the technical and organizational measures for data protection and data processing by MySports Rewards and its subcontractors through an authorized representative bound to confidentiality before the start of the service and regularly during the duration of the service at appropriate intervals. The customer shall give reasonable notice of on-site inspections and shall take into account the business operations and operational procedures of MySports Rewards when carrying them out. Persons or third parties entrusted by the customer with the inspection must be demonstrably obliged to maintain confidentiality upon commissioning. Third parties within the meaning of this provision may not be representatives of competitors of MySports Rewards or its group companies. Any costs incurred by MySports Rewards for an on-site inspection shall be borne by the customer.

  2. The customer declares to exercise the control rights described in paragraph 1 by instructing MySports Rewards to provide proof of compliance with the technical and organizational measures by submitting a suitable current audit report from independent persons (e.g. auditors, data protection officers or quality auditors) or a suitable certification through an IT security or data protection audit - e.g. in accordance with BSI basic protection - ("audit report") instead of an on-site inspection. The audit report must enable the customer to satisfy itself of compliance with the technical and organizational measures in an appropriate manner.

  3. If the customer comes to the conclusion that the information provided by MySports Rewards in accordance with paragraph 2 gives rise to an on-site inspection, in particular because it is incomplete, contradictory or otherwise incorrect, or if the customer considers an on-site inspection to be necessary for other reasons, the customer may change the instruction described in paragraph 2 by issuing written instructions to MySports Rewards. If MySports Rewards refuses to comply with a corresponding instruction from the client with regard to audits or inspections, the client is entitled to terminate the main contract and this agreement with immediate effect.

§ 8 Determination of technical and organizational measures

  1. MySports Rewards shall take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk to the rights and freedoms of data subjects. The state of the art, the implementation costs and the nature, scope and purposes of the processing as well as the different probability of occurrence and severity of the risk within the meaning of Art. 32 para. 1 GDPR must be taken into account. The specific technical and organizational measures taken by MySports Rewards are listedinAppendix 2.

  2. MySports Rewards shall inform the customer of any changes to Appendix 2. As the technical and organizational measures are subject to technical progress and technological development, MySports Rewards may implement other and equivalent measures, provided that the security level of the measures set out in Appendix 2 is not undercut. Decisions regarding the organization of data processing and the procedures used that are significant for security and are likely to reduce the level of security must be agreed with the customer in advance in documented form (in writing, electronically). Such agreements must be retained for the duration of this contract.

  3. MySports Rewards supports the customer with its technical and organizational measures to comply with its obligation to respond to requests to exercise the rights of data subjects referred to in Art. 12 et seq. of the GDPR.

§ 9 Notification and support obligations of the contractor in the event of data security incidents

  1. MySports Rewards supports the customer to the extent required by law in fulfilling the obligations under Art. 32 to 36 GDPR.

  2. MySports Rewards shall inform the customer immediately if MySports Rewards or a person employed by MySports Rewards has violated regulations on the protection of personal data, provisions under this contract or instructions issued by the customer, if there are indications that a third party may have unlawfully gained knowledge of user data - for whatever reason - or if the integrity or confidentiality of the user data has otherwise been compromised ("data security incident").

  3. The information on the data security incident must contain details of the time and nature of the incident (including information on which order data is affected and in what form), the IT system affected, the data subject, the time of discovery, any conceivable adverse consequences of the data security incident, the measures taken by MySports Rewards and all other information specified in Art. 33 (3) GDPR. MySports Rewards must also provide specific information as to whether a breach of the protection of user data is likely to result in a risk to the rights and freedoms of natural persons within the meaning of Art. 33 para. 1 sentence 1 GDPR and whether the risk is likely to be high within the meaning of Art. 34 para. 1 GDPR.

  4. Initial information must be provided to the customer immediately, and specific information must be provided within 24 hours of becoming aware of the data security incident. If MySports Rewards is unable to provide all information in accordance with paragraph (3) above within 24 hours, this information will be provided in stages without unreasonable further delay.

  5. Upon becoming aware of a data security incident, MySports Rewards will immediately take all reasonable measures to minimize and eliminate the resulting risks to the integrity or confidentiality of the user data, to secure the user data and to prevent possible adverse consequences for those affected or to limit their impact as far as possible.

  6. In the event of a data security incident, MySports Rewards is obliged to support the customer in its efforts to clarify and remedy the incident, including all actions to fulfill legal obligations, upon first request and within reasonable limits.

  7. MySports Rewards is obliged to carry out an analysis of the causes immediately after becoming aware of a data security incident, to document this and to hand over the documentation to the customer on request. If MySports Rewards determines in the course of the analysis that the technical and organizational measures taken to date to protect user data are not sufficient to ensure an adequate level of protection, MySports Rewards will implement the necessary additional technical and organizational measures at its own expense.

  8. MySports Rewards is obliged to inform the customer immediately of any investigations, checks and measures carried out by the supervisory authority(ies) where user data is concerned.

§ 10 Term of this contract

  1. This contract commences upon signing and is concluded for the duration of the term of the main contract (time limit in lieu of notice).

  2. The parties' rights of termination without notice remain unaffected by this. The customer is entitled to terminate this contract without notice if MySports Rewards commits a serious breach of the applicable data protection regulations or of obligations arising from this contract, if MySports Rewards is unable or unwilling to carry out an instruction from the customer or if the customer refuses to exercise control rights in breach of the contract.

  3. Each party is entitled to terminate this contract with a notice period of two weeks to the end of a calendar month if the performance of the main contract and/or the performance of this contract is objected to by a competent supervisory authority (in particular the competent data protection authority) and a deadline set by this authority to remedy any deficiencies identified expires without success or at least one of the parties is prohibited by the competent authority from continuing to perform the main contract and/or this contract.

  4. Any termination must be in writing.

  5. With regard to the user data stored at the time of termination of this contract, MySports Rewards undertakes to comply with Art. 28 para. 3 lit. g GDPR. MySports Rewards is entitled to retain such documentation beyond the termination of this contract as MySports Rewards requires to prove that data processing has been carried out properly and in accordance with the contract. Upon expiry of the respective retention periods, MySports Rewards is also obliged to delete such documentation in accordance with data protection regulations.

§ 11 Miscellaneous

  1. If MySports Rewards' ownership or user data is jeopardized by third-party measures (such as seizure or confiscation), insolvency or composition proceedings or other events, MySports Rewards must inform the customer immediately.

  2. The defense of the right of retention within the meaning of § 273 BGB is excluded with regard to the user data and the associated data carriers.

  3. No verbal collateral agreements have been made. Amendments and supplements to this contract require the form regulated in Section 28 (9) GDPR. This also applies to a change to the form requirement itself.

  4. Should a provision of the contract be or become invalid, the parties undertake to replace the invalid provision with a valid provision that comes as close as possible to the economic intention of the parties. The same shall apply in the event of a loophole.

  5. The exclusive place of jurisdiction for all disputes arising from and in connection with this contract is Hamburg. The parties agree that German law shall apply.

Attachments

Annex 1: Approved subcontractors

The current version of Annex 1 is available at https://www.mysports-rewards.com/de/de/zugelassene-subunternehmen - Version 1.2024

Annex 2: Technical and organizational measures (TOM)

The current version of Annex 2 can be found at https://www.mysports-rewards.com/de/de/tom- Version 1.2024