General Data Protection Regulation (GDPR / DSGVO) Statement
We take the protection of your personal data seriously. Therefore we process your data exclusively on the basis of the legal regulations and only for our own purposes. In this statement we inform you about which data we store, how we process it and which rights and claims you are entitled to under the data protection regulations.
If you visit any of our websites without providing any personal information, we will not store any personal information. If there is the possibility to submit personal or business data (like your name, email address, address, telephone numbers, etc.) this information is provided by you on a voluntary basis.
Below we inform you about all details:
The GDPR responsible can be found in the imprint. Our imprint can be found on any page of our websites by following the link “Imprint” in the menu or the footer.
You can contact the responsible via this email address:
1. REASONS FOR DATA COLLECTION
We collect and process your information to provide our website and to provide you with the best possible service and convenient access to our services.
2. WHAT DATA WILL BE COLLECTED, PROCESSED OR UTILIZED?
2.1VISITS ON OUR WEBSITE
When you access one of our websites, our servers automatically collect general information, especially for the purposes of connection, functionality and security. This includes the type of browser used, the operating system used, the domain name of your Internet service provider, the connection data of the device used (IP address), the website from which you visit us (referrer URL), the pages you visit as well as the date and the duration of the visit. Conclusions from this data on certain persons are not possible for us due to a pseudonymization. We will not merge this data with other data sources.
2.2 CONTACT FORMS
If you contact us via a contact form, personal data will be collected. Which data is collected depends on the form fields of the contact form. The data will be stored to process your request. Mandatory information is indicated by an asterisk (*). Any other details are optional. We delete the data resulting from the contact form after the data is no longer required, or restrict the processing if there are statutory retention requirements. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b GDPR, if the reason for your contacting is the conclusion of a contract. It is our legitimate interest to answer your inquiries, in this case Art. 6 para. 1 lit. f GDPR is the legal basis..
At irregular intervals, we send out newsletters to all persons who have registered to receive our newsletter. In order to be able to send the newsletter, we store and process your name and your e-mail address until you unsubscribe from the newsletter by clicking on the unsubscribe link at the end of each newsletter. The deregistration causes the deletion of your data. A correction of the data is possible at any time by unsubscribing and re-subscribing again with the corrected data. Each newsletter contains your submitted name and email address, meaning a separate information possibility is not necessary and not provided. Your data will not be used for any other purpose than sending the newsletter and will not be disclosed to third parties. The person responsible for the processing of the newsletter is identical with the GDPR responsible.
2.4 REGISTRATIONS FOR EVENTS AND RACES
We may offer the option on our websites to sign up for events and races. Personal data collection is necessary for a successful registration. Your participation and registration for any events and races is voluntary. Which data is collected depends on the form fields of the registration form. Mandatory fields are indicated by an asterisk (*), all other fields are to be completed on a voluntary basis. We commit ourselves to the principle of data minimization and only collect data which is absolutely necessary for the organisation of the race or event. During races, the data submitted also serves to provide emergency services with necessary data in case of an emergency.
2.5 INTEGRATION OF GOOGLE MAPS
On this website we integrate map services of Google Maps. This allows us to show you interactive maps directly on the website. By visiting a page that contains Google Maps, Google receives the information that you have accessed the corresponding page of our website. In addition, the following information may be transmitted: IP address, date and time of the request, time zone difference to the Greenwich Mean Time (GMT), content of the request (page URL), access status / HTTP status code, amount of data transferred, referrer URL, browser and version, operating system and version, language setting. This is done regardless of whether you are logged in to your Google user account or not. When you’re logged in to your Google user account, your data will be assigned directly to this account. If you do not want to associate your web page visits with your user account at Google, you will need to log out of your Google Account before your visit. Google stores your data as usage profiles and uses them for purposes of advertising, market research and / or tailored website content. Such an evaluation will be carried out in particular (even for non-logged-in users) to provide appropriate advertising and to inform other users of the Google+ social network about your activities on our website, if your privacy settings at Google+ are set this way.
You have the right to object to the creation of these user profiles, and you must submit any objection directly to Google. For more information on the purpose and scope of the data collection and its processing by the Google, please refer to the respective privacy statements. You will also find more information about your rights and settings options for protecting your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal information in the US and has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
The legal basis for processing is Art. 6 para. 1 lit. f GDPR.
Personal data will be deleted or blocked as soon as the purpose of the storage is omitted or you demand the deletion. A deletion of the data takes place even if a storage period prescribed by the above-mentioned standard expires, unless there is a need for further storage of the data for a contract or fulfillment of the contract or you have given your consent in this regard.
Our website uses so-called “cookies” to improve your usage experience, make our online services more user-friendly and enable certain features. Cookies are small text files that are stored on your device via the browser. Some of these cookies are deleted after closing your browser (session cookies), others remain stored on your device until you delete them yourself or they expire. These allow us to recognise your browser the next time you visit our website (persistent cookies). If you do not want this, you can set your browser to notify you about cookies and you will be able to only allow them on a case by case basis. Disabling cookies may limit the functionality of our website.
If cookies are set, they collect and process individual user information such as browser and location data as well as IP address values on an individual basis. Persistent cookies are automatically deleted after a specified period (expiration), which may differ depending on the cookie.
If personal data is also processed through individual cookies, this is carried out in accordance with Art. 6 para. 1 lit. f GDPR in order to safeguard our legitimate interest in the best possible functionality of the website, as well as to make your website visit as customer-friendly and effective as possible. Each browser differs in the way it manages the cookie settings and storage. This is described in the Help menu of each browser, which explains how to change your cookie settings. You can find these for the respective browsers by visiting the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
The legal basis for the processing of cookies is Art. 6 para 1 lit. f GDPR.
Further information about cookies used by Google Analytics can be found in Section 7.
5. DATA SECURITY
We take all necessary precautions to protect your personal information. We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or dissemination of your data by unauthorized persons. Depending on the browser used, the data is transmitted using 128-bit to 256-bit SSL encryption. This makes the data unreadable for outsiders. In our efforts to protect your privacy, you can actively support us by never sharing your password (if you have one to sign up for on one of our websites) and by using an up-to-date browser that supports modern SSL encryption. Please do not forget to update your browser regularly, as this will close important security holes.
Despite regular checks and continuous improvement of our security measures, complete protection against all dangers is not possible and can therefore not be guaranteed.
6. USE OF SOCIAL MEDIA PLUGINS
6.1 USE OF FACEBOOK PLUGINS AND THE “F”-BUTTON
Our websites may use plugins from the social network facebook.com operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins can be recognized by one of the Facebook logos (white “f” on a blue tile or a “thumbs up” sign), are marked with the addition “Facebook Social Plugin” or may appear as a “Facebook Like” or “Like” button. The list and appearances of Facebook Social Plugins can be found here: https://developers.facebook.com/docs/plugins/. If you view page on our website that contains such a plugin, your browser will connect to the Facebook servers and display the plugin. This will tell the Facebook server which of our websites you have visited. We have no control over the amount of data Facebook collects using these plugins.
6.2 USE OF INSTAGRAM PLUGINS
Our websites may use Instagram social plugins operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). These plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. An overview of the Instagram plugins and their appearances can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
When you visit a page on our website that contains such a plugin, your browser connects directly to Instagram’s servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are currently not logged in to Instagram. This information (including your IP address) is sent from your browser directly to an Instagram server in the US and stored there. If you are logged in to Instagram, Instagram can instantly associate your visit to our website with your Instagram account. If you interact with the plugins, for example, by pressing the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there. The information may also be posted on your Instagram account and displayed there to your contacts, if your Instagram privacy settings are set this way.
https://help.instagram.com/155833707900388/. If you do not want Instagram to directly map the data collected through our website to your Instagram account, you will need to log out of Instagram before visiting our website. You can completely prevent the loading of Instagram plugins even with add-ons for your browser, eg. with the script blocker “NoScript” (http://noscript.net/).
6.3 NO INFLUENCE THROUGH US
In the case of social media plugins, we have no control over the collected data and data processing operations, nor are we aware of the full scope of data collection, the purpose of the processing or the retention periods. We also have no means to delete the data collected by the plugin provider.
6.4 DATA USE BY PLUGIN PROVIDERS
Any plugin provider stores the data collected about you as usage profiles and uses these for purposes of advertising, market research and / or tailored website content. Such an evaluation may be carried out in particular (also for non-logged-in users) to display tailored advertising and to inform other users of any connected social network about your activities on our website. You have the right to object to the formation of these user profiles, and you must contact the respective plugin provider for any objections. Through the plugins we offer the possibility to interact with social networks and other users, so that we can improve our service and make it more interesting for you as a user. The legal basis for the use of social plugins is Art. 6 para. 1 sentence 1 lit. f GDPR.
6.5 SHARING OF DATA / DATA TRANSFER
The data transfer takes place regardless of whether you have an account with any of the mentioned plugin providers and are logged in there. If you are logged in to the plugin provider’s online services, your data collected from us will be assigned directly to the logged-in account with the plugin provider. Any interaction with a social plugin may be automatically shared publicly with your contacts if your privacy settings are set this way. We recommend to log out on a regular basis after using any social network, but especially before interacting with any social media plugins, as this will avoid any association with your logged-in profile.
7. USE OF GOOGLE ANALYTICS FOR WEB ANALYSIS
Our websites may use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics is used to understand the visitor behavior of our websites and to tailor it to your needs.
Google Analytics uses so-called “cookies”, text files that are stored on your device and that allow an analysis of the use of the website by you.
The information generated by the cookie about your use of our websites is usually transmitted to and stored by Google on servers in the United States. Our websites use Google Analytics exclusively with the extension “gat._anonymizeIp ()”, which ensures anonymization of your IP address by curtailment and disallows a direct personal identification. This guarantees the anonymous collection of IP addresses (so-called IP masking). The extension will truncate your IP address beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.
Google will use this information on our behalf to evaluate your use of our websites, to compile reports on website activity, and to provide us with other services related to website activity and internet usage. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser accordingly. We point out, however, that in this case may not be all the features of our websites will be fully available. You may also prevent the collection of the cookie-generated and website-related data (including your IP address) to Google and the processing of such data by Google by downloading and installing a browser add-on available at this link: http://tools.google.com/dlpage/gaoptout?hl=en
For more information about Google’s terms of service and privacy, please visit http://www.google.com/analytics/terms/en.html or https://www.google.com/analytics/learn/privacy.html or https://support.google.com/analytics/answer/6004245?hl=en
The data processing takes place on the basis of the legal regulations of the § 96 Abs 3 TKG as well as the Art. 6 para. 1 a (consent) and / or f (legitimate interest) of the GDPR.
The data will be deleted after 26 months.
8. GOOGLE ADWORDS CONVERSION-TRACKING
If on one of our websites online advertising is being used, we use “Google AdWords” and its conversion tracking. Google Conversion Tracking is an analytics service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”).
This feature is designed to show interest-based ads to visitors of our websites through the Google Network. When you click on a Google-served ad, conversion tracking will place a cookie on your device. These cookies are of limited validity and contain no personal data. Personal identification is therefore not possible. Each Google AdWords advertiser gets a different cookie, this prevents cookies can be tracked and identified across websites and advertisers.
9. GOOGLE WEB FONTS
Our websites use unified font representation known as “Web Fonts”, in particular “Google Web Fonts” provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). When you visit a page, your browser loads the required web fonts into its browser cache to display texts and fonts in the correct typeface.
To do this, the browser you’re using must connect to Google’s servers. This will inform Google that your website has been accessed through your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If your browser does not support web fonts, a default font will be used by your device. US-based Google LLC is certified under the US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework), which ensures compliance with the level of data protection in the EU.
10. RAFFLES / SWEEPSTAKES
On certain occasions, there is the opportunity to participate in raffles / sweepstakes on our website. Within the framework of these raffles, personal data (e-mail address, name, address and possibly further data necessary for the raffle) may also be collected and stored for the purpose of processing. The personal information you provide to us will only be used for processing, such as for the determination of winners, winners notification and the transfer of the prize. As part of the raffle, we will inform the participant about data processing on the occasion of the specific raffle. After completion the data of the participants will be deleted.
11. RIGHTS OF THE AFFECTED PERSON
If personal data is processed by you, you are affected in terms of the general data protection regulation (GDPR) and you have the following rights to the GDPR responsible:
11.1 RIGHT OF ACCESS
You may ask the GDPR responsible to confirm if personal data concerning you is being processed by us. If processing of your data is being done, you can request information from the GDPR responsible about the following:
- the purposes for which the personal data are processed;
- the categories of personal data that are processed;
- the recipients or the categories of recipients to whom the personal data relating to you has been disclosed or are still being disclosed;
- the planned duration of storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
- the existence of a right to rectification or deletion of your personal data, a right to restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information on the source of the data if the personal data are not collected from the data subject;
11.2 RIGHT TO RECTIFICATION
You have a right to rectification and / or completion and to the GDPR responsible, if the processed personal data relating to you is incorrect or incomplete. The GDPR responsible must complete the correction without delay.
11.3 RIGHT TO RESTRICTION OF PROCESSING
You may request the restriction of the processing of your personal data under the following conditions:
- if you deny the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
- the processing is unlawful and you reject the deletion of personal data and instead demand the restriction of the use of personal data;
- the GDPR responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims; or
- if you have filed an objection against the processing according to Art. 21 para. 1 GDPR and it is not certain yet if the legitimate reasons of the GDPR responsible outweigh your own reasons.
If the processing of your personal information has been restricted, such data may only be stored, but processed only with your consent for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for important public interest Union or a Member State.
If the limitation of the processing according to the mentioned conditions are restricted, you will be instructed by the GDPR responsible before the restriction is lifted.
11.4 RIGHT OF DELETION / ‘RIGHT TO BE FORGOTTEN’
- DELETION DUTY
You may require the GDPR responsible to delete your personal information without delay, and the GDPR responsible is required to delete that information immediately if one of the following is true:
- Your personal information is no longer necessary for the purposes for which it was collected or otherwise processed.
- You revoke your consent to the processing in terms of Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
- You object to the processing in terms of Art. 21 para. 1 GDPR and there are no prior justifiable reasons for processing, or you submit opposition to processing in terms of Art. 21 para. 2 GDPR.
- Your personal information has been processed unlawfully.
- The deletion of your personal data is required to fulfill a legal obligation under European Union or national law to which the GDPR responsible is subject.
- The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
- INFORMATION TO THIRD PARTIES
If the person in charge has made the personal data relating to you public and is required to delete them in terms of Art. 17 (1) of the GDPR, the GDPR responsible will take appropriate measures, including technical means, to inform third parties who process the personal data that affect you about the deletion request.
The right of deletion does not exist if the processing is necessary,
- to exercise the right to freedom of expression and information;
- to fulfill a legal obligation required by the law of the European Union or of the member states to which the GDPR responsible is subject, or to carry out a task of public interest or in the exercise of official authority conferred on the GDPR responsible;
- for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h) and i) and Art. 9 (3) GDPR;
- to assert, exercise or defend legal claims.
11.5 RIGHT OF INFORMATION
If you have asserted the right of rectification, erasure or restriction of the processing to the controller, he / she is obliged to notify all recipients to whom the personal data relating to you have been corrected or deleted or processing restricted, unless: this proves to be impossible or involves a disproportionate effort. You have a right to the GDPR responsible to be informed about these recipients.
11.6 RIGHT TO DATA PORTABILITY
You have the right to receive the personal information that you provide to the GDPR responsible in a structured, common and machine-readable format. You also have the right to transfer this information to another person without hindrance by the person responsible for the personal data, provided that
– the processing on a consent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract in accordance with. Art. 6 para. 1 lit. b) DSGVO is based and
– the processing is done using automated procedures.
In exercising this right, you also have the right to obtain that personal data relating to you be transmitted directly from one person responsible to another person responsible, as far as this is technically feasible. Freedoms and rights of other persons may not be affected.
11.7 RIGHT TO OBJECT TO PROCESSING
You have the right at any time, for reasons that arise from your particular situation, to object against the processing of personal data concerning you pursuant to Art. 6 para. 1 lit. e) or f) GDPR; this also applies to profiling based on these provisions. The GDPR responsible will no longer process the personal data concerning you unless he can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to opt-out by means of automated procedures that use technical specifications.
You have the right to revoke your privacy statement at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
11.9 RIGHT TO OBJECT AND AUTOMATED INDIVIDUAL DECISION-MAKING
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision
- is required for the conclusion or performance of a contract between you and the controller,
- is permissible on the basis of Union or Member State legislation to which the controller is subject, and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
- is made with your explicit consent.
However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a) or g) GDPR and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
11.10 RIGHT OF COMPLAINT AT A SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.