PRIVACY POLICY (Website)

In this privacy policy we inform you about the processing of personal data and about the access and storage of information on your end device when using our website www.onefootball.com.

Content of this privacy policy:

  1. Responsible and contact person

  2. Data processing on our website

    1. Accessing our website / connection data

    2. Making contact

    3. Registration

    4. Orders

    5. Newsletter

    6. Existing customer acquisition by e-mail

    7. Surveys

    8. Sweepstakes

    9. Applications

  3. Use of tools

    1. Technologies used

    2. Legal basis and revocation

    3. IAB Transparency and Consent Framework

    4. Necessary tools

    5. Functional tools

    6. Analysis tools

    7. Marketing tools

  4. Processing purposes, functions and service providers

  5. Online presence in social networks

  6. Data Sharing

  7. Data transfer to third countries

  8. Storage duration

  9. Your rights

  10. Changes to the privacy policy

  1. Responsible and contact person

The contact person and so-called controller for the processing of your personal data when you visit this website within the meaning of the General Data Protection Regulation (GDPR) is:

OneFootball GmbH
Greifswalder Str. 212
10405 Berlin
Germany

If you have any questions about data protection in connection with the use of our website, OneFootball support and the OneFootball TV app (hereinafter referred to as OneFootball services), you can also contact our external data protection officer at any time. This can be contacted at the above postal address and by email at privacy@onefootball.com (keyword: "Attn. data protection officer"). We expressly point out that if you use this email address, the content will not be viewed exclusively by our data protection officer. If you wish to exchange confidential information, we therefore ask that you first contact us directly via this e-mail address.

  1. Data processing on our website

2.1 Accessing our website / connection data

Each time you use our website, we process connection data that your browser automatically transmits to enable you to visit the website. This connection data comprises the so-called HTTP header information, including the user agent, and includes in particular

  • IP address of the requesting device;

  • Method (e.g. GET, POST), date and time of the request;

  • Address of the requested website and path of the requested file;

  • if applicable, the previously accessed website/file (HTTP referrer);

  • Information about the browser and operating system used;

  • Version of the HTTP protocol, HTTP status code, size of the delivered file;

  • Request information such as language, type of content, encoding of content, character sets;

  • Cookies stored on the end device of the domain called up.

The data processing of this connection data is absolutely necessary to enable the visit to the website, to ensure the permanent functionality and security of our systems and to maintain our website in general for administrative purposes. The connection data is also stored in internal log files for the purposes described above, temporarily and limited in content to what is absolutely necessary, in order to find the cause and take action in the event of repeated or criminal calls that jeopardise the stability and security of our website.

The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, provided that the page visit is made in the course of the initiation or execution of a contract, and otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest in enabling website access and the permanent functionality and security of our systems.

2.2 Contact us

You have various options for getting in touch with us. These include the contact form and the e-mail address feedback@onefootball.com. In this context, we process your data exclusively for the purpose of communicating with you.

The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, insofar as your details are required to answer your enquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest in you contacting us and us being able to answer your enquiry.

The data collected by us when you contact us will be automatically deleted after your enquiry has been fully processed, unless we still need your enquiry to fulfil contractual or legal obligations (see section 7 "Storage duration").

2.3 Registration

You have the option of registering with an account for our login area in order to be able to use the full range of functions on our website. We have highlighted the data that you are required to enter as mandatory fields. Registration is not possible without this data.

You will need to enter your e-mail address and password.

The following data may be processed as part of the registration process:

  • Salutation, gender (optional);

  • First and last name (optional);

  • Date of birth (optional);

  • Profile picture (optional)

The legal basis for processing the data required for registration (mandatory fields) is Art. 6 para. 1 lit. b GDPR. For all other data, the legal basis is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to enable the individualisation, adaptation and modification of your account, or your consent in accordance with Art. 6 para. 1 lit. a GDPR, insofar as you have given us this.

Our website offers you the option of logging in with an existing account on the social networks listed below:

  • Facebook Login: Meta Platforms Ireland Ltd, Serpentine Avenue, Block J, Dublin 4, Ireland (for persons outside the USA and Canada) or Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA (for persons from the USA and Canada) - Privacy Policy: https://www.facebook.com/privacy/policy/;

  • Google Sign-In for Websites: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (for persons from the European Economic Area and Switzerland) or Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (for all other persons) - Privacy Policy: https://policies.google.com/privacy;

  • Register with Apple: Apple Distribution International ltd, Hollyhill Industrial Estate, Hollyhill Cork, Republic of Ireland (for persons from the European Economic Area and Switzerland) or Apple Inc, One Apple Park Way, Cupertino, CA 95014, USA (for all other persons).

Once you have logged in with one of your existing accounts, additional registration is no longer required. If you want to use the function, you will first be redirected to the relevant social network. There you will be asked to log in with your login name and password. Of course, we do not take any notice of this login data. The server to which a connection is established may be located in the USA or in other third countries.

By confirming the corresponding login button on our website, the relevant social network will be informed that you have logged in to your account on our site and will link your social network account to your account on our website. The following data is also transmitted to us:

  • Facebook login: e-mail address, public profile information (in particular Facebook ID, name, profile picture), possibly other profile information such as age, date of birth, Facebook friends, gender, place of residence, like information, profile URL, locations, posts, photos, videos; cookies used in particular: "fbsr";

  • Google Sign-In for Websites: Email address, Google ID, name, profile picture URL, gender and date of birth;

  • Sign in with Apple: E-mail address (you can also choose the e-mail address of an Apple Relay service), Apple ID

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

Your personal data may also be transferred by Meta, Google and Apple to the USA and processed there. Meta Platforms Inc. and Google LLC have joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR. Apple is obliged by standard contractual clauses to comply with the level of data protection in the EU.

2.3.1 Use without registration

You can also use essential functions of our platform without registering. However, the use of these basic functionalities, such as specifying a favourite team and tracking clubs, leagues, associations and players, as well as displaying football results and content, requires the processing of personal data.

In order to be able to use the basic functionalities, we generate a device-specific identification number (pseudonym) when the website is opened for the first time. Information such as the operating system, IP address and server request time is also processed for the technical display of content. The IP addresses are deleted or anonymised after processing, whereby the location is only determined up to the geographical level of the country.

The data in the technical logs is analysed anonymously in order to improve our platform and correct possible errors. The data processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to display your content based on your interests (namely clubs, leagues, associations and players).

2.4 Orders

During an order process (e.g. pay-per-view), we collect the mandatory data required for contract processing:

  • Salutation;

  • First name and surname;

  • Date of birth;

  • E-mail address;

  • Invoice address;

  • Payment information (e.g. IBAN, credit card, etc.);

  • Telephone number

  • GPS data, if applicable

The legal basis for processing is Art. 6 para. 1 lit. b GDPR.

2.5 Newsletter

You have the option of subscribing to our newsletter, in which we regularly inform you about new products and promotions.

2.5.1 Subscribe to the newsletter

We use the so-called double opt-in procedure to subscribe to our newsletter, i.e. we will only send you newsletters by e-mail if you confirm in our notification e-mail by clicking on a link that you are the owner of the e-mail address provided. If you confirm your e-mail address, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of this storage is to send you the newsletter and to be able to prove your registration. In addition, we measure whether our newsletter can be delivered at all.

The legal basis for processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by unsubscribing from the newsletter. A corresponding unsubscribe link can be found in every newsletter. A message to the contact details given above or in the newsletter (e.g. by e-mail or letter) is of course also sufficient.

2.5.2 Newsletter tracking

We want to share content that is as relevant as possible for our users via our newsletter and better understand what you are actually interested in. We therefore use standard market technologies in our newsletters to measure interactions with the newsletters (e.g. opening of the email, links clicked on). We use this data in pseudonymous form for general statistical evaluations and to optimise and further develop our content and customer communication. On the one hand, this is done with the help of small graphics embedded in the newsletter (so-called pixels), which establish a connection to the server of the images when the e-mail is opened. On the other hand, we use links where we first register a click on this link and only then forward it to the desired target page.

The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR. The information in the end device is then accessed on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. You can revoke your consent to the analysis of user behaviour at any time with effect for the future by unsubscribing from the newsletter. You can also prevent the measurement of the opening of an email by deactivating graphics or the output of HTML content in your email programme by default.

The data on the interaction with our newsletters is stored pseudonymously for 90 days and then completely anonymised.

2.6 Existing customer acquisition by e-mail

If you register with us or make a purchase from us, we will also use your contact details to send you further information about our products and services that is relevant to you by email ("existing customer advertising"). This may include, in particular, news, promotions and offers as well as feedback and other surveys.

The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR in conjunction with Section 7 para. 3 UWG, according to which data processing is permitted to safeguard legitimate interests, insofar as this concerns the storage and further use of data for advertising purposes. You can object to the use of your data for advertising purposes at any time by clicking on the corresponding link in the emails or by sending a message to the contact details given above (e.g. by email or letter) without incurring any costs other than the transmission costs according to the basic rates.

2.7 Surveys

You have the opportunity to take part in one of our surveys. We use the results of these surveys to improve our service.

The legal basis for data processing when participating in the survey is your consent in accordance with Art. 6 para. 1 lit. a GDPR. We base the sending of the surveys on your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided that you have given us this consent.

You can object to the sending of a satisfaction survey and the use of your data for advertising purposes at any time by clicking on the corresponding link in the e-mails or by sending a message to the above-mentioned contact details (e.g. by e-mail or letter) or revoke your consent with effect for the future without incurring any costs other than the transmission costs according to the basic rates.

2.8 Competitions

You have the opportunity to take part in our competitions.

In the context of competitions, we use your data for the purpose of organising the competition and notifying you of the prize. Detailed information can be found in the conditions of participation for the respective competition. The legal basis for processing is the competition contract in accordance with Art. 6 para. 1 lit. b GDPR. Data processing for other or further purposes, in particular for advertising, is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

We base the sending of the offer to participate in the competition on your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided you have given us this consent.

You can object to the sending of an offer to participate in competitions and the use of your data for advertising purposes at any time by clicking on the corresponding link in the emails or by sending a message to the above-mentioned contact details (e.g. by email or letter) or revoke your consent with effect for the future without incurring any costs other than the transmission costs according to the basic rates.

2.9 Applications

You can find the privacy policy for applications here:

https://static.onefootball.com/legal/recruiting-privacy-policy/en

  1. Use of tools

3.1 Technologies used

This website uses various services and applications (collectively "tools") that are offered either by us or by third parties. These include, in particular, tools that use technologies to store or access information in the end device:

  • Cookies: Information stored on the end device, consisting in particular of a name, a value, the storing domain and an expiry date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the specified expiry date. Cookies can also be removed manually.

  • Web storage (local storage / session storage): Information stored on the end device, consisting of a name and a value. Information in session storage is deleted after the session, while information in local storage has no expiry date and remains stored unless a mechanism for deletion has been set up (e.g. storage of a local storage with a time entry). Information in local and session storage can also be deleted manually.

  • JavaScript: programming codes (scripts) embedded or called up in the website that, for example, set cookies and web storage or actively collect information from the end device or about the user behaviour of visitors. JavaScript may be used for "active fingerprinting" and the creation of user profiles. JavaScript can be blocked by a setting in the browser, although most services will then no longer work.

  • Pixel: A tiny graphic automatically loaded by a service that can make it possible to recognise visitors by automatically transmitting the usual connection data (in particular IP address, information about the browser, operating system, language, address called up and time of the call) and, for example, to determine whether an email has been opened or a website visited. With the help of pixels, "passive fingerprinting" and the creation of user profiles can be carried out. The use of pixels can be prevented, for example, by blocking images, such as in emails, although the display is then severely restricted.

  • TC-String: For providers participating in the Transparency and Consent Framework ("TCF") of the Interactive Advertising Bureau ("IAB"), user preferences recorded in a content management platform are coded and stored in a sequence of letters and numbers, the so-called Transparency and Consent String ("TC-String"). Providers can use this TC string to display targeted advertising to users.

With the help of these technologies and also by simply establishing a connection on a page, it may be possible to create so-called "fingerprints", i.e. user profiles that do not require the use of cookies or web storage but can still recognise visitors. Fingerprints based on the connection setup cannot be completely prevented manually.

Most browsers are set by default to accept cookies, the execution of scripts and the display of graphics. However, you can usually adjust your browser settings so that all or certain cookies are rejected or scripts and graphics are blocked. If you completely block the storage of cookies, the display of graphics and the execution of scripts, our services may not work or may not work properly.

In the following, the tools we use are listed according to category, whereby we inform you in particular about the providers of the tools, the storage duration of cookies or information in local storage and session storage as well as the transfer of data to third parties. We also explain in which cases we obtain your voluntary consent to use the tools and how you can withdraw this consent.

3.2 Legal basis and cancellation

3.2.1 Legal basis

We use tools necessary for website operation on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in order to provide the basic functions of our website. In certain cases, these tools may also be necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

We use all other non-essential (optional) tools that provide additional functions on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. These include, for example, tools that are used to recognise users and to statistically record and analyse general user behaviour on this and other websites. With the help of these tools, we can understand usage habits and adapt and optimise this website. They also include, for example, tools that are used to create user profiles about user behaviour and the advertisements and content viewed or clicked on by users. This enables classification into advertising categories, the display of personalised advertising and content on this and other websites and retargeting with advertising on other websites. The access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. Data processing using these tools only takes place if we have received your consent for this in advance.

If personal data is transferred to third countries, we refer, also with regard to any associated risks, to Section 6 ("Data transfer to third countries"). We will inform you if an adequacy decision exists for the third country in question or if standard contractual clauses or other guarantees have been concluded for the use of certain tools. If you have given your consent to the use of certain tools and the associated transfer of your personal data to third countries, we will (also) transfer the data processed when using the tools to third countries on the basis of this consent in accordance with Art. 49 para. 1 lit. a GDPR.

3.2.2 Obtaining your consent

To obtain and manage your consent, we use the consent management platform ("CMP") tool OneTrust from OneTrust, LLC, 1200 Abernathy Rd, Suite 700, Atlanta, Georgia 30328 ("OneTrust"). This generates a banner that informs you about the data processing on our website and gives you the opportunity to consent to all, individual or no data processing using optional tools. This banner appears when you visit our website and when you call up the selection of your settings again in order to change them or revoke your consent. The banner will also appear on subsequent visits to our website if you have deactivated the storage of cookies or if the cookies or information in the local storage have been deleted or have expired.

As part of your website visit, your consent or revocation, your IP address, information about your browser, your device and the time of your visit are transmitted to OneTrust. In addition, necessary information is stored on your device to document your consents and revocations ("Cookielaw by OneTrust (formerly Optanaon)").

Data processing is necessary to provide you with the legally required consent management and to fulfil our documentation obligations. The legal basis is Art. 6 para. 1 lit. f GDPR, justified by our interest in fulfilling the legal requirements for consent management. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

3.2.3 Revoking your consent or changing your selection

You can revoke your consent for certain tools, i.e. for the storage and access to information in the end device, the processing of your personal data and the transfer of your data to third countries, at any time with effect for the future. To do this, click on the following link/button: https://onefootball.com/de/payments/profile/settings please click on "Privacy settings" on the bottom of the side. There you can also change the selection of tools you wish to consent to the use of and obtain additional information on the tools used. Alternatively, you can assert your cancellation directly with the provider for certain tools.

3.3 IAB Transparency and Consent Framework

When using OneTrust, the current version of the IAB Transparency and Consent Framework ("TCF") standard is observed, which specifies conclusive categories of processing purposes and the associated legal bases. TCF also enables your decisions made in the CMP, such as consents, revocations and objections, to be forwarded directly to the providers of the technologies in the CMP. The so-called TC string is used for this purpose. This ensures that your current request is always honoured and complied with by the providers.

The following user data is transmitted to OneTrust as part of the website visit: Consents, revocations and objections, IP address, information about the browser, end device and the time of the visit.

3.4 Necessary tools

We use certain tools to enable the basic functions of our website ("necessary tools"). These include, for example, tools to prepare and display website content, to manage and integrate tools, to provide payment processing services, to detect and prevent fraud and to ensure the security of our website. Without these tools, we would not be able to provide our service. Therefore, necessary tools are used without consent.

The legal basis for necessary tools is the necessity to fulfil our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in the provision of the respective basic functions and the operation of our website. In cases where the provision of the respective website functions is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, the legal basis for data processing is Art. 6 para. 1 lit. b GDPR. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

3.4.1 Own tools

We use our own necessary tools that access information in the end device or store information on the end device, in particular

  • for login authentication,

  • for load distribution,

  • to save your language settings,

  • to note that information placed on our website has been displayed to you - so that it will not be displayed again the next time you visit the website.

3.5 Functional tools

We also use optional tools to improve the user experience on our website and to offer you more functions ("functional tools"). Although these are not absolutely necessary for the basic functions of the website, they can bring considerable benefits to visitors, particularly in terms of user-friendliness and the provision of additional communication, display or payment channels. This can include, in particular, the integration of external content such as maps and videos as well as logging in via an existing social network account or, for example, a comment function.

The legal basis for the functional tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. To revoke your consent, see 3.2.3: "Revoking your consent or changing your selection".

In the event that personal data is transferred to third countries, in addition to the information provided below, we refer to Section 6 ("Data transfer to third countries").

3.6 Analysis tools

In order to improve our website, we use optional tools to recognise visitors and to statistically record and analyse general user behaviour based on access data ("analysis tools"). We also use analysis services to evaluate the use of our various marketing channels. The usage information collected is analysed and enables us to understand the usage habits of our visitors. This helps us to adapt and optimise the design of our website and make the user experience more pleasant.

The legal basis for the analysis tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. To revoke your consent, see 3.2.3: "Revoking your consent or changing your selection".

In the event that personal data is transferred to third countries, in addition to the information provided below, we refer to Section 6 ("Data transfer to third countries").

3.7 Marketing tools

We also use optional tools for advertising purposes ("marketing tools"). Some of the access data collected when you use our website is used to create usage profiles, which in particular store your usage behaviour, the advertisements you have viewed or clicked on and, based on this, the classification into advertising categories, interests and preferences. By analysing and evaluating this access data, we are able to show you personalised advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and on the websites and services of other providers. We also analyse your usage behaviour in order to recognise you on other sites and to address you in a personalised manner based on your use of our site (so-called "retargeting"). In addition, we analyse the effectiveness and success of our advertising campaigns (in particular so-called "conversions" and leads).

Marketing tools also include optional social network tools that are used to share posts and content via these networks ("social media plugins").

The legal basis for the marketing tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. To revoke your consent, see 3.2.3: "Revoking your consent or changing your selection".

In the event that personal data is transferred to third countries, in addition to the information provided below, we refer to Section 6 ("Data transfer to third countries").

In the following section, we would like to explain the tools and the providers used for this in more detail. The data collected may include in particular

  • the IP address of the device;

  • the information of a cookie and in local or session storage;

  • the device identifier of mobile devices (e.g. device ID, advertising ID);

  • Referrer URL (previously visited page);

  • Pages accessed (date, time, URL, title, duration of visit);

  • Downloaded files;

  • Clicked links to other websites;

  • If applicable, achievement of certain goals (conversions);

  • Technical information: Operating system; browser type, version and language;

    device type, make, model and resolution;

  • Approximate location (country and city if applicable).

However, the data collected is only stored under a pseudonym, so that no direct conclusions can be drawn about individuals.

3.8 Processing purposes, functions and service providers

Processing purposes and functions, as well as the individual providers ("suppliers") can be viewed in the CMP under the following link under "Data protection settings" https://onefootball.com/de/home.

  1. Online presence in social networks

We maintain an online presence on social networks in order to communicate with customers and interested parties and to provide information about our products and services. User data is generally processed by the relevant social networks for market research and advertising purposes. This allows user profiles to be created based on the interests of users. Cookies and other identifiers are stored on the computers of the data subjects for this purpose. These user profiles are then used, for example, to display adverts within the social networks as well as on third-party websites.

As part of the operation of our online presences, we may have access to information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may contain, in particular, demographic information (e.g. age, gender, region, country) and data on interaction with our online presence (e.g. likes, subscriptions, sharing, viewing images and videos) and the posts and content distributedvia it. This may also provide information about the interests of users and which content and topics are particularly relevant to them. This information can also be used by us to adapt the design and our activities and content on the online presence and to optimise it for our audience. Please refer to the list below for details and links to the social network data that we can access as the operator of the online presence. The collection and use of these statistics are generally subject to joint responsibility. Where this applies, the relevant contract is listed below.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in effective information and communication with users, or Art. 6 para. 1 lit. b GDPR, in order to stay in contact with our customers and inform them and to carry out pre- contractual measures with interested parties.

If you have an account with the social network, it is possible that we can see your publicly available information and media when we access your profile. In addition, the social network may allow us to contact you. This can be done, for example, via direct messages or posts. The content of communication via the social network and the processing of content data is the responsibility of the social network as a messenger and platform service. As soon as we transfer personal data from you to our own systems or process it further, we are independently responsible for this and this is done to carry out pre-contractual measures and to fulfil a contract in accordance with Art. 6 para. 1 lit. b GDPR.

The legal basis for the data processing carried out by the social networks on their own responsibility can be found in the data protection information of the respective social network. The links below will also provide you with further information on the respective data processing and the options to object.

We would like to point out that data protection requests can be made most efficiently with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. You can also contact us with your request. In this case, we will process your enquiry and forward it to the provider of the social network.

Below is a list with information on the social networks on which we have an online presence:

  1. Data sharing

The data collected by us will only be passed on if there is a legal basis for this under data protection law in the specific case, in particular if:

  • you have given your express consent in accordance with Art. 6 para. 1 lit. a GDPR,

  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,

  • we are legally obliged to disclose data in accordance with Art. 6 para. 1 lit. c GDPR, in particular if this is necessary for legal prosecution or enforcement due to official enquiries, court orders and legal proceedings, or

  • this is legally permissible and required in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are carried out at your request.

Some of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may include, in particular, data centres that store our website and databases, software providers, IT service providers that maintain our systems, agencies, market research companies, group companies and consulting firms. If we pass on data to our service providers, they may only use the data to fulfil their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us.

  1. Data transfer to third countries

As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision for these countries (Art. 45 GDPR), we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the transfer of data on exceptions under Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the fulfilment of the contract or for the implementation of pre-contractual measures.

If a transfer to a third country is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. If you obtain your consent via the consent banner, you will also be informed of this.

  1. Storage duration

In principle, we only store personal data for as long as necessary to fulfil the purposes for which we collected the data. We then delete the data immediately, unless we still need the data until the statutory limitation period expires for evidence purposes for civil law claims, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of your data in the specific individual case.

For evidence purposes, we must retain contract data in particular for three years from the end of the year in which the business relationship with you ends. Any claims expire at the earliest at this time in accordance with the statutory limitation period.

Even after this, we still have to store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.

  1. Your rights , in particular cancellation and objection

You are entitled to the data subject rights formulated in Art. 7 para. 3, Art. 15 - 21 at any time if the respective legal requirements are met:

  • Right to withdraw your consent (Art. 7 (3) GDPR);

  • Right to object to the processing of your personal data (Art. 21 GDPR);

  • Right to information about the personal data processed by us (Art. 15 GDPR);

  • Right to rectification of your incorrect personal data stored by us (Art. 16 GDPR);

  • Right to erasure of your personal data (Art. 17 GDPR);

  • Right to restriction of processing of your personal data (Art. 18 GDPR);

  • Right to data portability of your personal data (Art. 20 GDPR).

To assert your rights described here, you can contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees to demonstrate an adequate level of data protection. If the relevant legal requirements are met, we will comply with your data protection request.

Your requests to assert data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, beyond this period if there are grounds for the assertion, exercise or defence of legal claims. The legal basis is Art. 6 para. 1 lit. f GDPR, based on our interest in the defence against any civil law claims pursuant to Art. 82 GDPR, the avoidance of fines pursuant to Art. 83 GDPR and the fulfilment of our accountability obligation pursuant to Art. 5 para. 2 GDPR.

You have the right to withdraw your consent at any time. As a result, we will no longer continue the data processing that was based on this consent in the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it concerns an objection to data processing for direct marketing purposes, you have a general right to object, which we will also implement without you having to give reasons.

If you wish to exercise your right of cancellation or objection, simply send an informal message to the contact details above.

Finally, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR at. You can assert this right, for example, with a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged infringement. In Berlin, where we are based, the competent supervisory authority is Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.

  1. Changes to the privacy policy

We occasionally update this privacy policy, for example when we customise our website or when legal or regulatory requirements change.

Version: 1.0 / Status: April 2024