PRIVACY POLICY

Hello, welcome to the OTRO Privacy Policy. At OTRO, we are committed to keeping your personal information safe and secure, and handling it in accordance with our legal obligations. This Privacy Policy sets out in detail the purposes for which we process your personal information, what rights you have in relation to that information, who we share it with and everything else we think is important for you to be aware of.

Please make sure you check it carefully and if you don’t agree with it, then (although we hate to turn you away) you shouldn’t use our digital products or services. This is because by accessing our Digital Products or services, you confirm that you accept the way in which we process your personal information. This Privacy Policy forms part of our Terms, and capitalised words and phrases in it have the same meaning as those in our Terms.

If you have any concerns, please feel free to contact us at help.otro.com.

ABOUT OTRO

OTRO Global Limited, trading as OTRO (referred to as OTRO, we, our or us) is a limited company incorporated in England and Wales, with registered company number 11234419 and registered at 2nd Floor, 45 Whitfield Street, London, W1T 4HD. We are the data controller for the purposes of the personal information processed in accordance with this Privacy Policy.

Our Data Protection Officer is responsible for our approach to data protection and protecting your privacy. You can contact our Data Protection Officer via help.otro.com or by email at: DPO@otro.com.

Contents of this Privacy Policy:

  1. About this Privacy Policy
  2. The personal information we collect, how we collect it, and why
  3. Our legal basis for processing personal information
  4. When do we share your personal information?
  5. Communications
  6. How long do we store your personal information?
  7. Security of your personal information
  8. Links
  9. Children
  10. Your rights and choices
  11. Contacting us
  12. Browser and device local storage


1) About this Privacy Policy

This Privacy Policy applies to the personal information we collect about you through our Digital Products, by telephone, by post, through our social media platforms, from third parties and when you otherwise communicate with us.

This Privacy Policy may change from time to time and, if it does, the up-to-date version will always be available on our Website. We will also tell you about any important changes to our Privacy Policy.

2) The personal information we collect, how we collect it, and why

This section informs you of what information we collect about you and why.

Personal information means any information about an individual from which that individual can be identified. The following shows information we process about you, and the purpose for which we process that information. There may be more than one reason for which we collect such information and we have only listed the main reasons. If you would like further information, please contact us via help.otro.com.

We have also included the legal basis on which we rely on to legitimately process your personal information, see section 3 for more information.

Information you provide to us

INFORMATION

WHY WE COLLECT IT

LEGAL BASIS FOR PROCESSING

Name

Your name enables us to personally communicate with you, both within the Digital Products, and externally in emails, SMS messages and other forms of communication. It also makes you visible to other members.

Performance of a contract with you.

Email address

Phone number

These are unique identifiers for sign up and allow us to personally communicate with you (e.g. sending marketing communications, service updates and send customer satisfaction surveys). Each one is always stored privately against your profile, so that only you and us can see it.

Performance of a contract with you.

City and country of residence

Address or postal code

We use this information to customise your experience and to ensure your browser and App settings are appropriately localised. We also collect this information for billing purposes, in particular as a security measure when collecting payments. Your address or postal code is always kept private, although you can show other members your city and country of residence if your profile is set to public.

Performance of a contract with you.

Nationality

We collect your nationality to populate your personal profile, and to understand the nationalities of our members around the world. You can show other members your nationality if your profile is set to public.

Necessary for our legitimate interests (to study how members use our services, to develop them and grow our business).

Date of birth

We collect this to confirm that you are old enough to access our Digital Products and consent to the processing of your personal information. We keep this information private.

Performance of a contract with you.

Gender

We collect your gender to populate your personal profile and to understand the gender split of our members around the world. This is optional and you do not need to tell us if you don’t wish to.

Necessary for our legitimate interests (to study how members use our services, to develop them and grow our business).

Username

A username enables you to be uniquely identified within our Digital Products with other members, for example on your member profile and when posting comments.

Performance of a contract.

Member profile information (e.g. personal biography, personal photo, personal interests)

We ask our members to fill in their profile with a little bit about them because we want our members to understand and connect with each other as part of our global community. Plus, if we can learn more about our members, we can try to create content to suit their interests.

Necessary for our legitimate interests (to study how members use or wish to use our services, to develop them, to grow our business and to inform our marketing strategy).

Membership status

We store whether each member is a free, pay-as-you-go recurring paying member or previously a paying member. That way, we can keep a record of transactions and gear our communications accordingly.

Performance of a contract.

Your preferences for receiving communications and notifications

We store your preferences so we know exactly how to communicate with you (e.g. for marketing or sending service communications), and in some cases, how not to communicate with you.

Consent; and

Necessary for our legitimate interests (to ensure that we are not at risk of breaching data protection laws by communicating with you where you have asked us not to).

Information we collect automatically

INFORMATION

WHY WE COLLECT IT

LEGAL BASIS FOR PROCESSING

Unique identifier

Customer number

When a member signs up, we generate this as a mechanism to identify a member across our technical systems, and to link that member with their product preferences, billing records, service interaction analytics and customer service history.

Necessary for our legitimate interests (to study how members use our services, to develop them and grow our business).

Your interactions with our service

When you interact with our website or app, for example when you watch a video or leave a comment, we record and track this information, so that we can analyse how our members are enjoying our service and use that information to create improvements. When you post a comment, it will be visible to all others members.

In particular, we also timestamp your content so you can resume watching, keep a record of your purchased and downloaded content and mark where you have watched content. We hope this helps you to better navigate our content libraries.

Necessary for our legitimate interests (to define types of members for our services, to keep the Digital Products updated and relevant, to study how members use our services, to develop our business and inform our marketing strategy).

Payments information (e.g. records of transactions, payment tokens)

We record payment and transaction data to keep financial and security records for our business and to comply with our legal obligations to retain financial and transaction information. Specifically, when a member purchases content with a credit card, a token is generated and stored against that member’s details in our systems, but we do not store your credit card number.

We also keep a record of where payments have been successful or have failed against a member’s details in our systems.

Necessary for our legitimate interests (to recover debts due to us, to pay refunds owed to you and to prevent us facilitating fraud); and

Performance of a contract.

IP address

This enables us to uniquely identify you as a member and to distinguish you from other members. In turn, it enables us to deliver you a more personalised service (e.g. more relevant Website content and advertisements and measure or understand the effectiveness of the advertising we serve to you).

Necessary for our legitimate interests (to define types of customers for our Digital Products, to keep our Digital Products updated and relevant, to develop our business and to inform our marketing strategy).

Records of competitions, rewards and prizes

Whenever we hold competitions and/or give away rewards or prizes, we keep an internal record of how they have been distributed. We collect data around competitions, how members interact with them, and we use that data to improve the way we hold competitions and give away rewards or prizes in future.

Necessary for our legitimate interests (to study how members use or wish to use our services, to develop them, to grow our business and to inform our marketing strategy).

Information we collect from other sources

INFORMATION

WHY WE COLLECT IT

LEGAL BASIS FOR PROCESSING

Social media information

As part of the sign-up process, we import some of the information you have disclosed to your social media pages, such as Facebook (if you choose to connect to OTRO via a social network). Equally, certain parts of our service enable you to share our content or information by email, text (SMS) message or other social applications.

Necessary for our legitimate interests (to study how members use or wish to use our services, to develop them, to grow our business and to inform our marketing strategy).


We may also use all of the above information to establish, exercise and defend our legal rights. The lawful bases on which we rely upon to do such are where it is necessary for compliance with a legal obligation and where it is in our legitimate interest to establish, exercise or defend our legal rights.

In respect of all the above information, our overarching purpose is to enable us to generate a trusted, secure, engaged and international community of the world’s top footballers and their fans. We want all of our members’ information to be secure, but also visible to us so that we can provide them personalised customer service and a customised member experience. For any questions or queries, please feel free to get in touch via help.otro.com.

3) Our legal basis for processing personal information

We only ever use your information in line with applicable data protection laws - in particular, the EU General Data Protection Regulation (GDPR). In short, this means we only use it where we have a legal basis to do so. Under GDPR, these are the general legal bases for which we process your personal information, as detailed in the table above:

  • Consent - you have given us consent to process your personal information for a specific purpose that we have told you about.
  • Performance of our contract - processing your personal information is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.
  • Legitimate interests - processing your personal information is necessary for our legitimate interests or those of a third party, provided those interests are not outweighed by your rights and interests (including where processing is required to comply with or enforce a legal obligation).

4) When do we share your personal information?

We may disclose your information for certain purposes and to third parties, as described below:

  • The OTRO group of companies: we share your information within the OTRO group of companies as required for: providing you with access to our services according to our agreement, data storage and processing, providing customer support, making internal choices around business improvements, content development, and for the other purposes set out in this Privacy Policy.
  • Third Party Providers: We use certain companies, agents or contractors (Third Party Providers) to perform services on our behalf or to help deliver our services to you. We contract with Third Party Providers, for example to provide advertising, marketing, communications, infrastructure and IT services, to process credit card transactions or other payment methods, to personalise and enhance our services, to provide customer service, to collect debts, to analyse and action data (including data about our members' interactions with our Digital Products), and to process and administer consumer surveys. In the course of providing such services, these Third Party Providers may have access to your personal information. We do not authorise them to use or disclose your personal information except in connection with providing their services to us.
  • Promotions with our partners: We may offer joint promotions, schemes or incentives with our selected partners that, in order for you to participate, will require us to share your information with the relevant partner. In fulfilling these types of promotions, we may share your name and other information in connection with fulfilling the relevant incentive. Please note that our partners are responsible for their own privacy and data protection methods and if applicable you should refer to their relevant privacy policy.
  • To protect legitimate interests: There are certain circumstances where OTRO and our Third Party Providers may disclose and/or make use of your information where a disclosure would be necessary to: (a) satisfy any applicable law, regulation, legal process, or other legal or governmental request or requirement, (b) enforce applicable terms of use, including investigation of any actual or alleged breaches, (c) detect, prevent, or otherwise address illegal or suspected illegal activities (including payment fraud), security or technical issues, or (d) protect against harm to the rights, property or safety of OTRO, its members or the public, as required or permitted by law.
  • Transfers of our business: In connection with any corporate reorganisation, restructuring, merger or sale, or other transfer of assets, we will transfer information, including personal information, provided that the receiving party agrees to comply with our requirements as set out in this Privacy Policy relating to your personal information.

5) Communications

This section is to explain how we will ensure that you only receive communications that you wish to receive.

MARKETING COMMUNICATIONS:

We want to ensure that you are informed and aware of the best services and promotions that we can offer you. By consenting to receive additional communications (by mail, telephone, text/picture/video message or email) from us and any named third parties that feature at the point of obtaining consent in respect of such information, we will process your personal information in accordance with this Privacy Policy.

You can change your marketing preferences and unsubscribe at any time by accessing the settings within our Digital Products. If you choose not to receive this information we will be unable to keep you informed of new services and promotions of ours, or the OTRO group of companies, that may interest you.

Whatever you choose, you'll still receive other important information, for example service updates, as described below.

SERVICE COMMUNICATIONS:

As detailed in the table at section 2, we may send you communications such as those which relate to any service updates (e.g. service availability) or provide customer satisfaction surveys. We consider that we can lawfully send these communications to you as we have a legitimate interest to do so, namely to effectively provide you with the best service we can and to grow our business.

6) How long do we store your personal information?

This section explains the length of time that we will retain your personal information.

We keep your personal information for only as long as is necessary to provide you with our service and for our legitimate and necessary business purposes. Such purposes might include maintaining the high standards of service which we strive to uphold, making decisions on how progress our offering, complying with applicable legal obligations, and resolving any disputes which arise in the course of our business.

In accordance with this Privacy Policy, you have the right to request that we delete your personal information, except where we are legally permitted or required to maintain certain personal information. For example:

  • We are legally required to retain financial and transaction data for a minimum period of 7 years for tax, audit and accounting purposes. This includes keeping a record of the amount of each transaction, what it related to, and who we transacted with.
  • If there is an unresolved issue relating to your account, for example relating to outstanding credit or an unresolved dispute, then we will retain your personal information until the issue is resolved.
  • There may be other situations where we have legitimate business interests to retain personal information, such as to prevent fraud or protect security of our other members.

Any Third Party Providers that we engage will keep your personal information stored on their systems for as long as is necessary to provide the relevant services to you or us. If we end our relationship with any third party providers, we will make sure that they securely delete or return your personal information to us.

We may retain personal information about you for statistical purposes. Where information is retained for statistical purposes it will always be anonymised, meaning that you will not be identifiable from that information.

7) Security of your personal information

This section explains how we keep your personal information safe and where it will be held.

We are committed to securing and protecting your personal information, and we make sure to implement appropriate technical and organisational measures to help protect the security of your personal information. We have implemented various policies including anonymisation, pseudonymisation, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal information in our systems. We use password-less authentication to protect your account. We email or message you a link with an encrypted secure token that you can click to authenticate your account in our App. You can log out of the App on your browser or device at any time.

The information that we collect from you may be transferred to, and stored at, a destination outside of the European Economic Area (EEA). When we transfer and store your personal information outside of the EEA we will take steps to ensure that the information is transferred in accordance with this Privacy Policy and applicable data protection laws. In particular, we will ensure that appropriate contractual, technical, and organisational measures are in place with any parties outside the EEA such as the Standard Contractual Clauses approved by the EU Commission.

Unfortunately, the transmission of your personal information via the internet is not completely secure and although we do our best to protect your personal information, we cannot guarantee the security of your information transmitted to us over the internet and you acknowledge that any transmission is at your own risk.

8) Links

This section explains the risks of clicking on any link within our Digital Products.

Our Digital Products may, from time to time, contain links to websites operated by third parties, which will usually be those of our commercial partners. This Privacy Policy only applies to the personal information that we collect from you and we cannot be responsible for personal information collected and stored by third parties. If you click on a link, please understand that the relevant third party websites have their own terms and conditions and privacy policies, and we do not accept any responsibility for the content of those third party websites or third party terms and conditions or policies. Please check these policies before you submit any personal information to these websites.

9) Children

This section explains the age limit of our Digital Products.

You must be 13 years of age or older to use the Digital Products. In some countries, you may need to be older than 13 to consent to the processing of your personal information.

We do not knowingly collect personal information from children under 13 years of age, or under the relevant age limit for consent in your country. If you are under that age limit, then please do not use OTRO or provide any personal information to us.

If you are a parent or legal guardian of a child under the applicable age limit, and you become aware that your child has provided his/her personal information to us, please contact us at DPO@otro.com. If we learn that we have collected personal information of a child under the age of 13, then we will take all reasonable steps to delete that information from our systems, and if required, delete the relevant member account.

If you are under 18 years of age, then we will only process the basic information which we require from you for so that you can use our Digital Products.

10) Your rights and choices

This section explains that you have a number of rights in relation to your personal information.

Under the GDPR, as a user of our Digital Products, you are entitled to certain rights. There are circumstances in which your rights may not apply. You have the right to request that we:

  • provide you with a copy of the information we hold about you;
  • update any of your personal information if it is inaccurate or out of date;
  • delete the personal information we hold about you - if we are providing services to you and you ask us to delete personal information we hold about you then we may be unable to continue providing those services to you;
  • restrict the way in which we process your personal information;
  • stop processing your data if you have valid objections to such processing; and
  • transfer your personal information to a third party.

For more information on your rights and how to use them, or if you would like to make any of the requests set out above, please contact us via help.otro.com.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

As explained in the section on Communications, even if you consented to the processing of your personal information for marketing purposes (by ticking the relevant box or by requesting information about services), you have the right to ask us to stop processing your personal information for such purposes. You can exercise this right at any time by contacting us at DPO@otro.com or adjusting your privacy and notification settings within the Digital Products. Please note that we reserve the right to charge a fee for responding to requests where we reasonably determine that they are manifestly unfounded or onerous or being made in bad faith.

11) Contacting us

If you have any questions or concerns about how we handle your personal information, please contact our Data Protection Officer (DPO), by email at DPO@otro.com or via help.otro.com.

If you are unsatisfied with our response to any data protection issues you raise with us or our DPO, you have the right to make a complaint to the Information Commissioner’s Office (ICO). The ICO is the authority in the UK which is tasked with the protection of personal information and privacy.

12) Browser and Device local storage

Our Digital Products use browser and device local storage files – the browser files are for if you are using the progressive web app and the device local storage files are if you are using the iOS or Android app. Browser local storage files are files containing small amounts of information which are downloaded to your personal computer, mobile or other device when you visit an app or website. In particular, our browser and device local storage files generate a unique identification number for each user which we use to collect certain information on that user.

We use browser and device local storage to store data locally on your device to enhance the user experience on our Digital Products. For example, browser and device local storage allows us to save the state of your current page so that when you return at a later time or refresh the browser or app, the page will remain the same. We may also use browser and device local storage to: (i) save a list of items a user last accessed on the Digital Products (such as events and properties the user selected) so we can display “recently viewed items”; or (ii) marking once a user has seen a tutorial, video, tooltip or onboarding flow so that the user only sees the content one time.