Personal data protection charter


AllTokenFootball GmbH, (hereinafter “ATS” – AllTokenSports, brand under which the business is operated) attaches great importance on the protection of the privacy and data of the users of its services, particularly the users of its websites, subscribers to newsletters, customers of its E-shop websites and customers and beneficiaries of its applications and services (hereinafter altogether referred to as the "ATS   Websites, Applications and Services"). Thus, ATS  ensures that a charter of personal data protection (hereinafter the "Charter") is adopted and strictly adhered to in accordance with the regulations in force, and with the 2016/679/EU General Data Protection Regulation (“GDPR”).

When the terms "you", "your" or "yours" are used, they refer to the individual users and subscribers of ATS  Websites, applications, and services.

The Charter’s purpose is to explain to you which personal data allowing to identify you (hereinafter the “Personal Data”) directly or indirectly may be collected via ATS  Websites, applications, and services, as well as the use that may be made of such Personal Data, the protection of such Personal Data and the rights that you are entitled pertaining to such Personal Data.

The Charter may be amended at any time by ATS , in particular to comply with all legislative, regulatory, jurisprudential, editorial and / or technical developments. You are advised to refer browsing or using ATS  Websites, applications, and services to the latest accessible version of the Charter.


Purposes and means of Personal Data processing are defined by AllTokenFootball GmbH, a limited liability company governed by the Swiss law, having its registered office at with its registered office at Dammstrasse 16, 6300 Zug, Switzerland.


The table below provides detailed information explaining the following:

  • What are the situations in which your Personal Data are collected?

  • What Personal Data is collected?

  • On what legal basis are Personal Data collected and processed?

  • For what purposes are Personal Data collected?

  • Who are the recipients of Personal Data?

ATS  only collects Personal Data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. These purposes are specific and legitimate, and under no circumstances will your Personal Data be further processed in a manner incompatible with these purposes, unless we obtain your prior consent.

All persons dealing with ATS  or under its responsibility who have access to Personal Data are required to maintain the confidentiality and security of the Personal Data and to implement appropriate measures.

What are the situations in which your Personal Data are collected?

Creating an online account, linked to its clients’ ecosystem (Sports Clubs, Leagues and Federations – full list available upon request)

Access ATS ’s partners applications and services (full list available upon request) 

Attend an event with a valid ticket

What are the Personal Data collected?

  • Civil Status
  • First Name
  • Last Name
  • Date of birth
  • Socio-professional category
  • Address
  • Phone number
  • Email address
  • Credit card number
  • Credit card expiry date
  • Visual cryptogram of the credit card
  • Individual image
  • Shipping addresses and name of the addressee if different
  • Data related to the shipping process (clothes or shoes sizes)
  • Facebook ID
  • Google ID

On what legal basis are Personal Data collected and processed?

  • Performance of the ticket sales contract to which you are a party (Article 6.1.b) of GDPR)
  • Legitimate interest (Article 6.1.f) of GDPR) if no sale occurs

For what purposes are Personal Data collected?

  • To create your online account and manage your identification and authentication
  • To provide you with the products and services requested
  • To process, payment, invoicing, refunding and archiving of orders
  • To contact you about your purchase or the event you are attending
  • To promote games, promotions, events, etc.… organized by ATS  

Who are the recipients of Personal Data?

  • Authorized personnel within ATS  and, more specifically, as the case may be, the marketing, communication, ticketing, sales, security and medical departments and their hierarchical superiors, each having limited access to only the data that is necessary for the purpose for which it is used
  • Service providers, agents or suppliers involved in the supply and delivery of a product or service ordered on the application (full list available upon request)
  • Service providers or agents providing IT services such as those in charge of hosting and providing the website, applications and services and analyzing customer behavior on the website and applications (full list available upon request)
  • Payment service providers
  • Any third party to which ATS  is authorized to transfer all or part of the personal data
  • The partners of the ATS  , whose direct prospecting operations you have expressly accepted
  • ATS  may communicate your Personal Data to other third parties with a view to direct canvassing operations by the latter; it will ensure that you are expressly informed of this possibility and of the identity of the third party and that you are given the opportunity to accept or refuse such operations beforehand
  • Public authorities on request, in accordance with the regulations in force

How long is Personal Data stored?

  • At the latest three years after the creation of your account or your last connection

What are the situations in which your Personal Data are collected?

Online browsing

Data collected by cookies or other tracking technologies

The use of these technical means is detailed in Article 4 below

What are the Personal Data collected?

  • IP Address
  • Technical data of the browser or device (name, operating system of the device, preferred language)
  • Authentication data (connection and usage logs, unique identifier)
  • Browsing data (websites visited, last pages consulted, advertisements clicked on, products searched for, length of visit, products placed in your basket, etc.).

On what legal basis are Personal Data collected and processed?

  • Performance of a contract (Article 6.1.b) of GDPR) or legitimate interest (Article 6.1.f) of GDPR) for session or security cookies
  • Consent (Article 6.1.a) of GDPR) for advertising and analytical cookies; Acceptance when using ATS  Websites.
    Possibility of opposition or parameter setting via a link accessible on ATS  Websites.

For what purposes are Personal Data collected?

  • To carry out (anonymously) statistics on the Websites’ activity in order to measure in particular satisfaction and quality of services and thus enable their improvement and optimization of ATS  Websites, applications and services.
  • To facilitate your use of ATS  Websites, applications and services, and to personalize your experience according to your interests and needs.
  • To offer you advertising content adapted to your consumption profile.

Who are the recipients of Personal Data?

  • Authorized personnel within ATS  and, more specifically the marketing, communication, ticketing and sales departments and their hierarchical superiors, each having limited access to only the data that is necessary for the purpose for which it is used.
  • Service providers or agents providing IT and technical services such as those in charge of hosting and providing the Websites and applications.

How long is Personal Data stored?

  • Cookies and other tracking technologies will only last for a period of thirteen months from the time they are inserted in your Internet browser
  • Data collected will be stored for three years


In accordance with the provisions of Article 8 of European Regulation 2016/679 and the Data Protection Act of January 6th, 1978, only minors aged 15 or over may consent alone to the processing of their Personal Data.

If the user is a minor under the age of 15, the agreement of a legal representative will be required so that his Personal Data can be processed.


ATS  Websites use cookies and other tracking technologies.

Cookies and tracking technologies allow, during each of your visits, and for the purposes determined in Article 2 to study your behaviour during your browsing on ATS  Websites to offer you a better experience of navigation and use of our services, to produce statistics on the Websites and to obtain your consent for the use of certain cookies.

What are cookies?

A cookie is a small text file, containing information, which is stored on the hard drive of your terminal (ex: computer, touchpad, or mobile phone) when you visit ATS  Websites using your browser software. It is transmitted by the server of ATS  Websites to your browser. The cookie file allows its issuer to identify the terminal in which it is registered during the period of validity or registration of the cookie concerned.

How to disable cookies?

ATS  obtains prior consent to store information on a subscriber's or user's equipment or to access information already stored unless such actions are strictly necessary for the provision of an information or service expressly requested by the subscriber or user.

You can oppose the registration of cookies by configuring your browser software or by clicking opening the cookie set-up window on ATS  Website concerned. You can also configure the use of cookies by opening the cookie set-up window on ATS  Website concerned.

In an event, where the user decides to disable cookies or to configure them, he may continue browsing ATS  Websites. However, any dysfunction of ATS  Websites caused by this manipulation could not be considered as being due to the ATS .


ATS  Websites have an SSL certificate to ensure that the information and the transfer of data transiting through ATS  Websites are secure.

Personal Data being confidential, ATS  limit their access only to employees of the company or service providers who need it as part of the execution of the processing.

All persons having access to the Personal Data are bound by a duty of confidentiality and expose themselves to disciplinary measures and / or other sanctions if they do not respect these obligations.

When ATS  uses sub-processor, their collaboration is the subject of a contract to ensure compliance with the GDPR.

The Personal Data is hosted and processed on secure servers located on the territory of the European Union and the United States and operated by subcontractors of ATS  acting in accordance with the requirements of the GDPR.

In the event, where the integrity, confidentiality or security of Personal Data is compromised, ATS  undertakes ( i ) to notify the CNIL of the violation within 72 hours after becoming aware of it and (ii) to

inform the person concerned as soon as possible when the violation is likely to create a high risk for the rights and freedoms of that person.


You have, subject to the limits provided for by the regulations in force, the following rights with respect to the processing of your Personal Data:

  1. Right of information

The user has the right to be informed in clear and simple terms about the conditions of use of his Personal Data.

  1. Right of access

The right of access allows you to obtain from ATS  confirmation that your Personal Data is processed by us or not, and the conditions of this treatment, as well as to receive a copy.

  1. Right of rectification

You have the right to obtain from the ATS , as soon as possible, the correction of your Personal Data that is inaccurate, incomplete, equivocal or out of date.

  1. Right to cancellation

You have the right to ask ATS  to delete your Personal Data as soon as possible if one of the following reasons applies:

  • Your Personal Data is no longer necessary for the purpose for which it was collected or otherwise processed.
  • You wish to withdraw your consent on which the processing of your Personal Data was based, if any, and there is no other basis for such processing.
  • You consider and can establish that your Personal Data has been subject to unlawful processing; or
  • Your Personal Data must be erased under a legal obligation.

  1. Right to withdrawal of consent

When ATS  processes your Personal Data based on your consent, it may be withdrawn at any time by using the means at your disposal for this purpose (see procedure in point 6K of this Charter).

On the other hand, and in accordance with the applicable law, the withdrawal of your consent is valid only for the future and cannot therefore call into question the lawfulness of the treatment carried out before this withdrawal.

  1. Right to limit the processing of Personal Data

The applicable regulations provide that this right may be invoked in certain cases, in particular the following:

  • When you dispute the accuracy of your Personal Data and for the length of time necessary to verify its accuracy.
  • When you consider and can establish that the processing of Personal Data is unlawful but that you oppose the deletion of Personal Data and instead require the limitation of processing; and
  • When ATS  no longer needs your Personal Data, but they are still necessary for the establishment, exercise or defense of legal rights.

  1. Right to oppose the processing of Personal Data

You may object at any time to the processing of your Personal Data for direct marketing purposes. You can also only oppose profiling. In this case, you will not receive more custom offers.

You will have the possibility to object, free of charge, except for those related to the transmission of the refusal, to the use of your Personal Data for the sending of newsletters, when your Personal Data are collected and each time a prospecting e-mail is sent to you, by clicking on the unsubscribe link present at the bottom of each newsletter.

  1. Right to portability of Personal Data

You have the right to request that we give you your Personal Data or that we transfer it to another service provider.

  1. Right to decide the fate of your Personal Data after your death

You have the right to organize the fate of your Personal Data post-mortem by adopting general or specific guidelines. ATS  commits to follow these guidelines.

In the absence of guidelines, ATS  recognizes to the heirs the possibility of exercising certain rights, in particular the right of access, if it is necessary for the settlement of the deceased’s estate, and the right of opposition to proceed at the closing of the user accounts of the deceased and oppose the processing of his Personal Data.

  1. Right to lodge a complaint with a supervisory authority

In case of non-compliance with one of your rights or wrongful treatment, you can complain to the national authority in charge of the protection of personal data (in France, it is the “Commission Nationale de l’Informatique  et  des  Libertés”,  the  “CNIL”  whose  contact  details  can  be  found


  1. How to exercise your rights

For any question relating to this Charter and/or to exercise your rights as described above, you may contact the Data Protection Officer ("DPO") of the ATS :

  • Contact the DPO by post: AllTokenFootball GmbH, DPO, Dammstrasse 16, 6300 Zug, Switzerland.
  • Contact the DPO by email :

Your request must be submitted in writing, and you must justify with your identity by any means. In the event of a reasonable doubt, ATS  may request a photocopy of an identity document to check your identity.

ATS  undertakes to reply to you as soon as possible and, in any event, within one month of receipt of your application.

If necessary, this period may be extended by two months given the complexity and the number of requests addressed to the ATS . In this case, you will be informed of this extension and the reasons for the postponement.

If your application is submitted electronically, the information will also be provided to you electronically where possible, unless you specifically request otherwise.


Your Personal Data may be transferred outside the borders of the European Union, in particular to the United States by the service provider Google Analytics.

Concerning this transfer of data to the United States, ATS  commits to transfer Personal Data to its sub-processors through an appropriate transfer tool, such as the Standard Contractual Clauses issued by the European Commission and, if necessary, to implement supplementary legal, technical or organizational measures in order to offer Personal Data a level of protection equivalent to the one applying within the European Union.