Data protection

DATA PROTECTION

Privacy policy – BVB FanShop

国際的なボルシア・ドルトムント・ファンショップでは、英語に翻訳されたプライバシーポリシーが適用されます。

Content
I.       Name and address of the controller
II.      Contact details of the Data Protection Officer
III.     General information on data processing
IV.     Provision of the website and creation of log files
V.      Use of cookies
1.      Technically required cookies
2.      Cookies for the analysis of user behavior
3.      Cookies for advertising purposes and social media
VI.     Online Shop
VII.    Payment services
1.      PayPal
2.      Credit card
VIII.   Contact form and e-mail contact
IX.     Newsletter
X.      Transfer of data within the group of undertakings
XI.     Your rights
1.      The right to revoke the declaration of consent under data protection law (Art. 7 para. 3 GDPR)
2.      Right of access (Art. 15 GDPR)
3.      Right to rectification (Art. 16 GDPR)
4.      Right to erasure or "right to be forgotten" (Art. 17 GDPR)
5.      Right to restriction of processing (Art. 18 GDPR)
6.      Notification obligation (Art. 19 GDPR)
7.      Right to data portability (Art. 20 GDPR)
8.      Automated individual decision-making (Art. 22 GDPR)
9.      Right to object (Art. 21 GDPR)
10.    Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

I.    Name and address of the controller
The controller within the meaning of the General Data Protection Regulation (hereinafter referred to as the "GDPR") is

Borussia Dortmund GmbH & Co. KGaA
Rheinlanddamm 207-209
44137 Dortmund
Germany
Managing Directors: Hans-Joachim Watzke (Vorsitzender), Thomas Treß, Carsten Cramer
Tel.: 02 31 - 90 20 0
E-Mail: [email protected]
Website: www.bvb.de

II.    Contact details of the Data Protection Officer
You can reach the data protection officer at:

Rechtsanwalt Ulf Haumann LL.M
Kaiserstr.
21-23
44135 Dortmund
Germany
Tel.: 02 31 - 90 20 0
E-Mail: [email protected]
Website: www.bvb.de

III.   
General information on data processing
The protection of your personal data is very important to us. We process your data primarily in order to provide you with a functional and easy-to-use website. We want to ensure that you can use our content and offers via these websites.

In addition, we only process your data if and to the extent permitted by law. Please refer to the following remarks for further information.

IV. Provision of the website and creation of log files
Every time you visit our website, our system automatically collects data and information from your computer system. We collect the following data:
(1) Information about the browser type and the version
(2) Your operating system
(3) Your IP address
(4) Date and time of access
(5) Websites from which your system accesses our Website

This data is stored in the log files of our system. The aforementioned data is not stored together with other personal data.

It is necessary for our system to temporarily store the IP address so that the website can be provided to your computer. Your IP address must remain stored for the duration of the respective use of the website. The storage in log files therefore serves the functionality of the website. We also use this data to optimise our website and secure our information technology systems. The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit f GDPR (our legitimate interest in operating the website). As part of the balancing of interests, we have weighed our legitimate interest in the processing of data for the operation of the website against your interest in the protection of personal data.

The data will be stored for as long as is necessary to achieve the purpose for which it was collected. Where data is required to provide the functionality of the website, it is not required once the respective session has ended. Your data will then be deleted automatically. If the data is stored in log files, it will be deleted after seven days at the latest. If the aforementioned data is further stored, your IP address will be deleted or pseudonymised, so that it is no longer possible refer it to the internet access used to visit our website. We only pass on data and information from your computer system to third parties under special circumstances and if the requirements for a change in the purpose of the data processing are met.  

The collection of data for the provision of the website and the storage of data in log files is necessary for the operation of the website.

V. Use of cookies and other technologies (website analysis / tracking)

We use so-called "cookies" on our website. These are text files that are stored in or by your Internet browser on your computer system. When you visit our website, a cookie may be stored on your system. These contain an individual character string that allows us to retain information for a certain period of time and to identify your terminal device.This allows easier navigation and a high level of user-friendliness. Cookies also help us to identify particularly popular areas of our website.

In the following sections on Item 1 ("Necessary Cookies"), Item 2 ("Statistical Technologies") and Item 3 ("Marketing Technologies"), we explain in detail which types of cookies we use, and which data is processed there in each case. Insofar as the following explanations do not specify different deletion periods, the following applies in summary to the storage period, irrespective of the type and purpose of the cookies:

You have unlimited control over the use of cookies. They are stored on your computer and the data is transmitted from it to our site. Most browsers are set by default to accept cookies, but by changing the browser settings, the transmission of cookies can be disabled or restricted. Cookies that have already been stored can be deleted at any time. This can also be done automatically by setting your browser accordingly. If cookies are generally deactivated for our website, it may no longer be possible to fully use all functions of the website. When you access our website, you will be informed by an info banner about the above-mentioned use of cookies and referred to this privacy policy. We ask you here for your consent to the use of cookies, which you give us by clicking on the button "I agree". You can object to the use of cookies at any time. You can do this by either not agreeing to the use of cookies in the displayed banner in the first place or by changing your browser settings accordingly.

1. Necessary cookies

These services, technologies and cookies are necessary to ensure central functions of the portal as well as the fulfillment of contracts with customers and cooperation partners. The following data is stored and transmitted in the cookies:

(1) Session ID
(2) Login ID
(3) Shopping cart ID

For the following applications we need cookies for technical reasons:

(1) Personalized address

(2) Shopping cart content is retained over several browser sessions. The data collected through technically necessary cookies are not used to create user profiles.

The use is based on the legal basis Art. 6 para. 1 p. 1 lit. b) (contract initiation or performance), lit. c) (if legal obligations exist) and / or lit. f) GDPR (overriding legitimate interests). The latter interests are in particular the monitoring of the technical performance of the website as well as our interest in the economic use of partner sales channels. They can therefore not be disabled via our Consent Management System as well as by you as a website user. If you object to the use of these cookies or configure your browser accordingly, our website will not recognize your browser and certain content may not be retrievable or data (e.g. from an input mask) may be lost. For the storage period of technically necessary cookies, the same applies as described in section II..

1.1 Tag Management System

The processing operations within this category control the playout of services, technologies and cookies, without storing the data collected as part of these services. Similarly, no data is collected or stored by the tag management systems themselves. The system is used to technically implement your choice regarding privacy settings. The following technologies and service providers are used:

- Google Tag Manager

- Easy Marketing Tag Manager

1.2 Technically required website technologies

The processing operations within this category are used to ensure the smooth use of the website and its functions. Without their use, it is not possible to use functions such as the shopping cart compilation.

The following technologies and service providers are used:

- Own website cookies

1.3 Consent Management Platform (CMP)

The processing procedures within this category allow users to individually control their data transfer. The Consent Management Platform is used to query and document the user's decision and to transfer it to other systems.

The following technologies and service providers are used:

- e.g. Cookiebot (https://www.cookiebot.com/de/privacy-policy/)

1.4 Basic web analytics (excl. customer IDs)

The processing operations within this category are used for the following purposes: for non-personal traffic analysis, incident monitoring & alerting, fraud detection, IT management, reach measurement, product development and improvement, and navigation tracking.

The following technologies and service providers are used:

- Google Analytics - https://policies.google.com/technologies/partner-sites?hl=en

- Easy Marketing - https://easy-m.de/datenschutz

 2. Statistics technologies

We also use cookies on our website that enable an analysis of your surfing behavior. The data collected in this context is pseudonymized by technical precautions. The data can then no longer be assigned to you. This data is not stored together with your other personal data.

In this way, the following data can be transmitted:

(1) Frequency of page views

(2) Use of website functions

The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer. In these purposes also lies our legitimate interest in the processing of personal data according to Art. 6 para. 1 lit. f GDPR.

If you object to the use of these cookies or configure your browser accordingly, there will be no disadvantages for you. All functions of the website are still given.

For the storage period of cookies for the analysis of surfing behavior, the same applies as mentioned under II.

2.1 Website statistics and analysis

In addition to the basic web analysis, pseudonymous usage profiles are also collected in the extended web analysis after your consent. Pseudonymous usage profiles" are profiles that are pseudonymized via IP anonymization and can be linked to online transaction data from the online store.

2.1.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"), which usescookies. The information generated by the cookie about your use of the website is generally transmitted to a Google server in the USA and stored there.

Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. In doing so, pseudonymous usage profiles can be created from the processed data.

We only use Google Analytics with IP anonymization enabled. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser will not be merged with other data from Google.

You can prevent the storage of cookies by selecting the appropriate settings on your browser software; you can also prevent the collection of data generated by the cookie and related to your use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

For more information about Google's use of data for advertising purposes, settings and opt-out options, please visit Google's websites: https://policies.google.com/technologies/partner-sites?hl=en ("Google's use of data when you use our partners' websites or apps"), https://policies.google.com/technologies/ads?hl=en ("Use of data for advertising purposes"), https://adssettings.google.de/authenticated?hl=en ("Manage information Google uses to show you ads") and https://adssettings.google.com/authenticated?hl=en ("Determine what ads Google shows you").

As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent the collection by Google Analytics within this website in the future. This will place an opt-out cookie on your device. In this is stored that we may not use your data for Google Analytics. If you delete your saved cookies, you must click this link again.

For the storage period of the cookies, the same applies as mentioned under point II. Said.

2.1.2 Easy Marketing

We use the tracking technology of easy Marketing GmbH, Asselner Hellweg 124, 44319 Dortmund, on this site to measure and visualize insights into partnerships and advertising channels. This is a function to measure the efficiency of the corresponding advertising measures. Furthermore, the information enables us to assign advertising successes for billing purposes with corresponding advertising partners. When you click on an advertising integration, cookies are set in your browser, which are read in the event of a transaction. At each touch point, your browser sends an HTTP request to the easy Marketing server, with which certain information is transmitted. This information includes the URL of the website on which advertising material is placed (referrer URL), the browser ID (user agent) of your end device (including information about the device type and operating system), the IP address of the end device (this IP address is anonymized and hashed by us before storage), HTTP headers (data package with various technical information automatically transmitted by your browser), the time of the request and, if already stored on the end device, the cookie with its content. A cookie is a small data packet that is exchanged between your browser and the server. Information relevant to the web application can be stored and transmitted in this data packet, e.g. the contents of a virtual shopping cart.

The tracking technology stores cookies on your terminal device to document actions. A 24- digit, anonymous ID is stored in the cookie. Linked to this ID, the data is stored in encrypted form in our database on the server. This contains information about the last touch points (i.e. when a particular advertising medium was displayed or clicked on by an end device). If necessary, the stored touch points can be combined to form a sequence chain (user journey). In the case of a promotion request, the order number and the shopping cart value of your order are usually also transmitted and stored by easy Marketing. In addition, the following values may be transmitted and stored: Your customer number, new customer characteristic, your age and gender as well as the information provided by you in a customer survey.

The cookies stored by easy Marketing are deleted after 30 days at the latest. The information transmitted to easy Marketing and the cookies serve the sole purpose of correctly assigning the success of an advertising medium and the corresponding billing and is justified with our legitimate interests according to Art. 6 para. 1 p. 1 lit. f GDPR.

If you do not wish cookies to be stored in your browser, you can do this by setting your browser accordingly. You can deactivate the storage of cookies in your respective browser under Tools/Internet Options, restrict it to certain websites or set your browser to notify you as soon as a cookie is sent. Please note, however, that in this case you must expect a restricted display of the online offers and a restricted user guidance. You can also delete cookies at any time. In this case, the information stored in them will be removed from your end device.

The collection and processing of tracking data can also be disabled by clicking on this tracking opt-out link:

https://trck.easy-m.de/privacy-optout.do

Viewing your data:

https://trck.easy-m.de/privacy-mydata.do

You can see which cookies are used in detail by our tracking technology in the following overview:

TRS: Unique, 24-digit identifier (ID) for tracking partnerships. This cookie is stored in the client browser and identifies database records that contain the touchpoint data.

TRSCJ: Fallback cookie with the rudimentary touchpoint data for tracking partnerships. This cookie contains encrypted all touchpoint data at the client browser.

trs_db_optout When you click the tracking opt-out link, a special cookie is written, which disables tracking in the current web browser of the end device. However, tracking will be enabled again once you delete tracking opt-out cookie.

3. Marketing technologies

We use cookies from third-party providers to learn more about your surfing behavior (webtracking), so that we only show you advertising that you want to see. In this respect, the processing of your data is based on a legitimate interest and on the basis of Art. 6 (1) lit. f GDPR.

When you enter our website, you will be shown a banner with which we ask for your consent. In this respect, additional legality basis is Art. 6 para. 1 lit a) GDPR.

3.1 Personal advertising and remarketing on third-party sites, social channels, search engines or sites of cooperation partners

The processing operations within this category are used to display interest-based advertising to the user on third-party sites, social media, search engines, or sites of cooperation partners. This is intended to increase the content relevance of the advertising for our visitors.

3.1.1 Google Ads

We use Google AdWords on our website, an online advertising tool from Google that enables so-called "remarketing". This enables tailored advertising based on your browsing habits on other websites in the Google Display Network (Google, so-called "Google Ads" and other websites).

Your surfing behavior on our website is analyzed so that you can be shown advertising on other websites that matches your interests. For this purpose, Google uses cookies that can be used to identify your browser on a specific computer - but not a person or a user. Personal data is not stored in the process.

We only use Google AdWords with IP anonymization enabled. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser will not be merged with other data from Google.

You can prevent the storage of cookies by selecting the appropriate settings in your browser software; you can also prevent the collection of data generated by the cookie and related to your use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://policies.google.com/technologies/ads?hl=en

We also use the so-called "conversion tracking", which is also part of Google Ads. When you click on an advertisement placed by Google, a corresponding cookie is stored on your system. Here, too, no personal details or other data are processed that can be used to identify the specific user or a person.

The cookie is used to create statistics about so-called "conversion rates", which, in simple terms, maps the relationship between visits to a page and successful sales.

Cookies for conversion tracking by Google Ads become inactive after 30 days. How to disable personalized advertising and conversion tracking by Google, read here:

3.1.2 Facebook

We use another conversion tracking and "remarketing" tool, the so-called Facebook Pixel, a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, to evaluate our advertising activities on Facebook.

The service allows us, but also Facebook, to track users' actions after they have clicked on a Facebook ad. This allows us to record and evaluate the effectiveness of advertisements for statistical and market research purposes in order to optimize future advertising measures.

The data collected is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/). You may allow Facebook and its partners to serve ads on and off Facebook. Furthermore, a cookie may be stored on your computer for these purposes.

We only use Facebook - Pixel if and to the extent that you have given us your express consent for its use. Consent to the use of the visitor action pixel may only be declared by users older than 13 years. If you are younger, we ask you to ask your parent or guardian for permission. If you give your consent, the data processing is based on Art. 6 (1) a) GDPR.

You have the right to revoke your consent at any time with effect for the future.

3.2 Forwarding to social media services

On our website you will find links to the social media services of Facebook, Twitter, YouTube, Pinterest and Instagram. You can recognize links to the websites of the social media services by the respective company logo. If you follow these links, you will reach Borussia Dortmund's corporate presence on the respective social media service. When you click on a link to a social media service, a connection to the servers of the social media service is established. This transmits to the servers of the social media service that you have visited our website. In addition, further data is transmitted to the provider of the social media service. These are, for example:

- Address of the web page where the activated link is located
- Date and time when the website was called up or the link was activated - Information about the browser and operating system used
- IP address

If you are already logged in to the corresponding social media service at the time the link is activated, the provider of the social media service may be able to determine your username and possibly even your real name from the transmitted data and assign this information to your personal user account with the social media service. You can exclude this possibility of assignment to your personal user account if you log out of your user account beforehand.

The servers of the social media services are located in the USA and other countries outside the European Union. The data may therefore also be processed by the provider of the social media service in countries outside the European Union. Please note that companies in these countries are subject to data protection laws that do not protect personal data in general to the same extent as they do in the member states of the European Union.

Please note that we have no influence on the scope, type and purpose of the data processing by the provider of the social media service. For more information on the use of your data by the social media services integrated on our website, please refer to the privacy policy of the respective social media service.

VI.    Online Shop
Large parts of our fan shop and our product range can be viewed without registration or log-in, so that you can inform yourself as simply as possible about our offer and without obligations. You have the possibility to purchase our articles without creating a customer account.
In order to process your order, we need your personal data, which you enter into a designated input mask. These will be transmitted to us and stored by us.

The following data will be collected during the ordering process:
(1) Personal data (name, address, date of birth)
(2) E-mail address
In addition, the following data will be stored at the time of the order:
(1) Your IP address
(2) Date and time of the order

The processing of your data serves the conclusion and the fulfillment of purchase, work and work delivery contracts in connection with our fan articles. In this respect, Art. 6 Para. 1 lit b GDPR (fulfilment of the purchase, work or work delivery contract with you) serves as the legal basis.

In order for us to be able to fulfil our obligations under the contracts concluded with you, the processing of the above data is absolutely necessary. If you decide not to provide us with the aforementioned data, we will not be able

- To conclude contracts with you,
- To send you goods and
- To settle our services with you,
- To send you tailor-made offers,
- To inform you about promotions and discounts.

Your data will be deleted as soon as they are no longer required for the purpose of their collection. This is the case with the fulfilment of a contract or with the implementation of pre-contractual measures if the data are no longer necessary for the implementation of the contract. We store contract and booking relevant data in accordance with tax and commercial retention periods for a period of ten calendar years after the last booking.
Recipients of data may be banks and the payment service providers described in Section VII for the processing of payments and postal service providers for the dispatch of goods. Authorities and offices may be recipients within the scope of their tasks, insofar as we are obliged or entitled to transmit data.

VII.    Payment services
If you conclude contracts with us via our shop, we include third-party payment services, based on the payment method you choose. Since payment is related to the contractual relationship with you, the legal basis for all payment methods is Art. 6 Para. 1 lit b GDPR.

1.    PayPal
If you choose to pay through PayPal, we will provide PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, e-mail: [email protected] with the data collected during registration and information about the transaction and other information related to the transaction, such as the amount sent or requested, the amount paid for products or services, merchant information, including information about payment instruments used for the transaction, device information, technical user data and location data.

This presupposes that you have created an account there or have agreed to the processing of your personal data as a guest there. Please also refer to the privacy policy issued by PayPal (Europe) S.à r.l. et Cie, S.C.A..

2.    Credit card
Payment by credit card is made by entering your credit card number, expiration date and, if applicable, CVC number in the corresponding input fields of the order dialog. This data, as well as your personal details and information about the transaction and other information in connection with the transaction will be transmitted to the respective payment service provider. When (online) paying by credit card, your credit card data (MasterCard, VISA, American Express, AmEx, card number, check digit and validity period) will be collected and stored at Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA, and only passed on to the companies involved in the payment process, e.g:
- MasterCard, Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium,
- at VISA at your card-issuing bank or Visa Europe Management Services Limited,
    German Branch, Hamburger Allee 2-4 WestendGate, 60486 Frankfurt,
- American Express Services Europe Limited, Branch Office Frankfurt am Main, Branch Office of a limited liability company under the laws of the United Kingdom with registered office in London, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main,
The data is also transferred to your card-issuing bank as part of the payment process if necessary.

We use the Secure Socket Layer (SSL) encryption method, a very high security standard on the Internet. As soon as you have entered your data during payment and clicked on the confirmation button, your details will be sent in encrypted form. This means that they are not accessible to third parties.

VIII.    Contact form and e-mail contact
You can contact us via various contact forms available on our website or by e-mail.

If you enter data into the input mask of the contact form provided for this purpose, it will be transmitted to us and processed by us. This involves the following data:
(1) Topic/reason for contact
(2) Salutation
(3) First name
(4) Name
(5) Telephone number
(6) Message
As soon as your message is sent, the following other data will also be stored:
(1) Your IP address
(2) Date and time of registration

For the processing of data for the purpose of correspondence, we ask for your consent before sending the message and refer to this privacy policy. The legal basis for data processing in this respect is Art. 6 para. 1 lit a GDPR.

The processing of other data (e.g. connection data) during the sending process should prevent misuse of the contact form and guarantee the security of our information technology systems. The legal basis in this respect is Art. 6 para. 1 lit f GDPR.
If contact is established via the e-mail address provided, the personal data transmitted with your e-mail will be stored. The legal basis for the processing of your data is Art. 6 para. 1 lit f GDPR, as we have a legitimate interest in this. If the establishment of contact by form or e-mail is in connection with the initiation of a contract or the fulfilment of a contract, Art. 6 para. 1 lit b GDPR is also the legal basis for the processing.

We process personal data from the input mask or e-mails exclusively to process the establishment of contact. Data will not be passed on to third parties in this respect.

We will delete your data as soon as it is no longer required for achieving the purpose for which it was collected. For personal data from the input mask of the contact form and for data transmitted by e-mail, this is the case when the respective correspondence with you has ended. Correspondence is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified, but no later than one year after the last correspondence with you.

Personal data that was additionally collected during the sending process will be deleted after a period of seven days at the latest.

You can revoke your consent to the processing of your personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. All you have to do is send an informal message to the contact details listed above.

In these cases, however, it is not possible to process your message.

If the data are necessary for the fulfilment of a contract or for the execution of pre-contractual measures, a premature deletion can take place only, as far as contractual or legal obligations permit this.

IX.    Newsletter
You can subscribe to our free newsletter. For this purpose, you enter your data in the input mask provided and these will be transmitted to us. Your e-mail address will be collected during registration.

As soon as your message is sent, the following other data will also be stored:
(1) Date and time of registration

Before sending your data, we ask you to give your consent to this processing of the data and we refer to this privacy policy. Your data will be processed with your consent. In this respect, Art. 6 para. 1 lit a GDPR is the legal basis.

After registration you will receive an e-mail in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with external e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time.

Since the processing of the data after the first registration is necessary to deliver the ordered newsletter, Art. 6 para. 1 lit b and Art. 6 para. 1 lit f GDPR also serve as a legal basis.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used. This processing is therefore also permissible on the basis of Art. 6 para. 1 lit f GDPR.
No data will be passed on to third parties in connection with data processing for the dispatch of newsletters. The data will be used exclusively for sending the newsletter.

You can cancel your subscription to the newsletter at any time or object to further newsletters being sent. Each newsletter contains a corresponding link to the unsubscribe form. This also enables us to revoke your consent to the storage of your data. However, you can also cancel your consent at any time by sending an informal letter to the above contact details.

We will delete your data as soon as they are no longer required for the purpose of their collection. Your e-mail address will be stored as long as the newsletter subscription exists.

X.    Transfer of data within the group of undertakings
If you give us your consent, address and order data will also be collected and processed for our own marketing purposes and for those of the group companies BVB Merchandising GmbH; BVB Event & Catering GmbH; besttravel Dortmund GmbH, 
BVB Fußballakademie GmbH, all located at Rheinlanddamm 207-209, 44137 Dortmund, as well as the Ballspielverein Borussia 09 e.V. Dortmund, Strobelallee 50, 44139 Dortmund. This is based on the legal basis of Art. 6 para. 1 lit a GDPR.
Under certain circumstances, we may also process your data on the basis of legitimate interest within the group. The legal basis in this respect is Art. 6 Para. 1 lit f. GDPR.

You can object to data processing on the basis of the legitimate interest by stating reasons or revoke your consent to data processing. All you have to do is send an informal message to the above-mentioned contact details.

We will delete your data as soon as they are no longer required for the purpose of their collection.

XI.    Your rights
In the following we would like to inform you about your rights according to the General Data Protection Regulation.

1.    The right to revoke the declaration of consent under data protection law (Art. 7 para. 3 GDPR)
You have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. You will be informed of this before giving your consent.

2.    Right of access (Art. 15 GDPR)
Pursuant to Art. 15 GDPR, you have the right to request confirmation from us as to whether we process personal data relating to you. If this is the case, you have the right to information about this personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- to whom this personal data has been disclosed or is still being disclosed, in particular when this is done vis-à-vis recipients in third countries or international organisations;
- if possible, the envisaged period for which the personal data will be stored, or,  if this is not possible, the criteria for determining that period;
- the existence of a right to request rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to our processing;
- the right to lodge a complaint with a supervisory authority;
- if the personal data is not collected from you, all available information about the source of the data;
- whether there is automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, if so, meaningful information on the logic involved and the scope and envisaged consequences of such processing on you.

If personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards in place to ensure that the provisions of the GDPR are complied with by those recipients.

3.    Right to rectification (Art. 16 GDPR)
You can ask us to correct any inaccurate data concerning you immediately. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary statement.

4.    Right to erasure or "right to be forgotten" (Art. 17 GDPR)
You have the right to obtain from us the erasure of data without undue delay where one of the following grounds applies:
- The data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw the consent on which the processing was based and there is no other legal basis for the processing.
- You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing.
- You object to the processing pursuant to Article 21(2) GDPR for direct marketing purposes.
- The data were unlawfully processed.
- The data have to be erased for compliance with a legal obligation in Union or German law.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR

If we have made your data public and are obliged to delete it, we will take appropriate measures, taking into account the available technology and the costs of implementation, to inform those responsible that you have requested the erasure.

5.    Right to restriction of processing (Art. 18 GDPR)
According to Art. 18 GDPR, you have the right to obtain from us restriction of processing where one of the following applies:
- you dispute the accuracy of your data, until we are able to verify its accuracy.
- the processing is unlawful and you oppose to the erasure of your data and instead request that the use of your personal data be restricted.
- we no longer need the data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims.
- You object to the processing pursuant to Article 21(1) GDPR pending the verification whether our legitimate grounds override yours.  

If processing has been restricted, we may only store this data. Any further processing is then only permitted with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

You may revoke your consent given in this context at any time.

You will be notified by us before the restriction of processing is lifted.

6.    Notification obligation (Art. 19 GDPR)
We are obliged to inform all recipients to whom your data has been disclosed of any rectification or deletion of your data or any restriction of processing, unless this proves impossible or involves disproportionate effort.  

We will inform you of these recipients if you so request.

7.    Right to data portability (Art. 20 GDPR)
You have the right to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right for us to disclose such information to a third party, provided that
- the processing of the data is based on your consent or on a contract and
- processing is carried out using automated means.
You may request that we transfer your data directly to the third party as far as this is technically feasible. This right must not impair the rights and freedoms of others.

8.    Automated individual decision-making (Art. 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing, including profiling, if that decision has legal effect on you or significantly affects you in a similar manner.

This does not apply if:
- you have expressly consented to this in advance, or
- the decision is necessary for the conclusion or performance of a contract between us or
- legislation in force permits this and that such legislation contains suitable measures to safeguard your rights and freedoms and legitimate interests.

In the first two cases, we will implement suitable measures to safeguard your rights and freedoms and your legitimate interests. This includes that you may notify us at any time using the contact details provided above if you believe that automated decision-making limits your rights and freedoms and you may appeal the automated decision at any time. In addition, you may request that the automated decision be reviewed by our employees.

9.    Right to object (Art. 21 GDPR)
If we process your data on the basis of a legitimate interest (Art. 6 para. 1 lit f GDPR), you have the right to object to this if the reasons for this arise from your particular situation. This also applies to profiling based on these provisions. In this case, we will no longer process your data unless we can prove compelling legitimate grounds for the processing. This must outweigh your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If we process your data for the purpose of direct marketing, you may object to the processing of your data. This also applies to profiling insofar as it is related to such direct marketing.

After your objection, your data will no longer be processed for these purposes.

If you wish to object, simply send an informal message to the above contact details.

10.    Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
You have the right to complain to a supervisory authority, in particular in the Member State where you are staying, at your place of work or at the place where the alleged infringement occurred, if you consider that the processing of the data concerning you is contrary to the GDPR. Other administrative or judicial remedies which you may have remain unaffected.

 

Viewed