Data protection

DATA PROTECTION

Privacy policy – BVB FanShop

Content
I.       Name and address of the controller
II.      Contact details of the Data Protection Officer
III.     General information on data processing
IV.     Provision of the website and creation of log files
V.      Use of cookies
1.      Technically required cookies
2.      Cookies for the analysis of user behavior
3.      Cookies for advertising purposes and social media
VI.     Online Shop
VII.    Payment services
1.      PayPal
2.      Credit card
VIII.   Contact form and e-mail contact
IX.     Newsletter
X.      Transfer of data within the group of undertakings
XI.     Your rights
1.      The right to revoke the declaration of consent under data protection law (Art. 7 para. 3 GDPR)
2.      Right of access (Art. 15 GDPR)
3.      Right to rectification (Art. 16 GDPR)
4.      Right to erasure or "right to be forgotten" (Art. 17 GDPR)
5.      Right to restriction of processing (Art. 18 GDPR)
6.      Notification obligation (Art. 19 GDPR)
7.      Right to data portability (Art. 20 GDPR)
8.      Automated individual decision-making (Art. 22 GDPR)
9.      Right to object (Art. 21 GDPR)
10.    Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

I.    Name and address of the controller
The controller within the meaning of the General Data Protection Regulation (hereinafter referred to as the "GDPR") is

Borussia Dortmund GmbH & Co. KGaA
Rheinlanddamm 207-209
44137 Dortmund
Germany
Managing Directors: Hans-Joachim Watzke (Vorsitzender), Thomas Treß, Carsten Cramer
Tel.: 02 31 - 90 20 0
E-Mail: datenschutz@bvb.de
Website: www.bvb.de

II.    Contact details of the Data Protection Officer
You can reach the data protection officer at:

BHG Datenschutz Consulting
Rechtsanwalt Ulf Haumann LL.M
Kaiserstr. 21-23
44135 Dortmund
Germany
Tel.: 02 31 - 90 20 0
E-Mail: datenschutz@bvb.de
Website: www.bvb.de

III.    General information on data processing
The protection of your personal data is very important to us. We process your data primarily in order to provide you with a functional and easy-to-use website. We want to ensure that you can use our content and offers via these websites.

In addition, we only process your data if and to the extent permitted by law. Please refer to the following remarks for further information.

IV. Provision of the website and creation of log files
Every time you visit our website, our system automatically collects data and information from your computer system. We collect the following data:
(1) Information about the browser type and the version
(2) Your operating system
(3) Your IP address
(4) Date and time of access
(5) Websites from which your system accesses our Website

This data is stored in the log files of our system. The aforementioned data is not stored together with other personal data.

It is necessary for our system to temporarily store the IP address so that the website can be provided to your computer. Your IP address must remain stored for the duration of the respective use of the website. The storage in log files therefore serves the functionality of the website. We also use this data to optimise our website and secure our information technology systems. The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit f GDPR (our legitimate interest in operating the website). As part of the balancing of interests, we have weighed our legitimate interest in the processing of data for the operation of the website against your interest in the protection of personal data.

The data will be stored for as long as is necessary to achieve the purpose for which it was collected. Where data is required to provide the functionality of the website, it is not required once the respective session has ended. Your data will then be deleted automatically. If the data is stored in log files, it will be deleted after seven days at the latest. If the aforementioned data is further stored, your IP address will be deleted or pseudonymised, so that it is no longer possible refer it to the internet access used to visit our website. We only pass on data and information from your computer system to third parties under special circumstances and if the requirements for a change in the purpose of the data processing are met.  

The collection of data for the provision of the website and the storage of data in log files is necessary for the operation of the website.

V.    Use of cookies
We use so-called "cookies" on our website. These are text files that are stored in or by your Internet browser on your computer system. When you access our website, a cookie may be stored on your system. This cookie contains an individual string of characters that can be used to identify your browser the next time you visit our website.

In the following sections on point 1 ("Technically required cookies") and point 2 ("Cookies for the analysis of user behavior") we describe in detail which types of cookies we use and which data are processed in each case.

You have unrestricted control over the use of cookies. These are stored on your computer and the data are transmitted from you browser to our website. Most browsers are set by default to accept cookies, but changing your browser settings may disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. Cookies can be deleted automatically by setting your browser accordingly.

If cookies are generally deactivated for our website, it is possible that some functions of the website can no longer be used to their full extent.

When you access our website, an information banner informs you about the above-mentioned use of cookies and refers you to this data protection declaration. We ask you for your consent to the use of cookies, which you give us by clicking on the button "I agree".

You can object to the use of cookies at any time. You can do this either by not agreeing to the use of cookies in the displayed banner or by changing your browser settings accordingly.

1.    Technically required cookies
a)    Browser recognition
Some functions of our website require that the browser can be recognized even when you visit different subpages on our website. These functions could not be offered without the use of cookies.
The following data is stored and transmitted in the cookies:
(1) Session ID
(2) Login ID
(3) Shopping cart ID
For the following applications we need cookies for technical reasons:
(1) Personalized address
(2) Shopping cart content is retained over several webpage views

The legal basis for the processing of personal data using technically required cookies is Art. 6 Para. 1 lit f GDPR (our legitimate interest in the personalised addressing of users and the use of shopping cart functions).  As part of the balancing of interests, we have weighed our legitimate interest in the processing of data for the personalised addressing of users and the use of the shopping cart function against your interest in the protection of personal data.

If you object to the use of these cookies or configure your browser accordingly, our website will not recognise your browser and certain contents may not be retrievable or data (e.g. from an input mask) may be lost.

The technically necessary cookies for browser recognition are stored for the duration of the session.  

b)    Google Tag Manager
We use the Google Tag Manager on our website. The Google Tag Manager enables us to manage cookies and control the provision of relevant data to your browser. This enables us to implement, for example, your consent, a revocation of consent or an opt-out. The Google Tag Manager does not set its own cookies and does not process any data stored in cookies. The purpose of data processing by the Google Tag Manager is to control the use of cookies on our website and to ensure the security of applications.

The following data is processed by the Google Tag Manager:
(1) IP address
(2) Internet browser type and version
(3) Operating system used
(4) Webpage visited
(5) Previously visited page (referrer URL)
(6) Date and time of retrieval

The legal basis for the processing of data is Art. 6 Para. 1 lit f GDPR (our legitimate interest in the effective and reliable control of cookies). As part of the balancing of interests, we have weighed our legitimate interest in the processing of data for the simple and reliable control of cookies against your interest in the protection of personal data.

The data is automatically made available by the user's browser. The recipient of the data is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland as our processor.

Server log data collected through the Google Tag Manager will be deleted when no longer needed for processing purposes.

2.    Cookies for the analysis of the user behavior
We also use cookies on our website which enable us to analyse user behaviour. The data collected in this context is pseudonymised by technical measures. The data can therefore no longer be assigned to you. This data is not stored together with other personal data.

In this way the following data can be transmitted:
(1) Frequency of page views
(2) Use of website functions
(3) IP address
(4) Internet browser type and version
(5) Operating system
(6) Webpage visited
(7) Previously visited page (referrer URL)
(8) Date and time of retrieval

The analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies tell us how the website is used and enable us to constantly optimise our services.
When you enter our website, you will be shown a banner with which we ask for your consent to the analysis of your user behaviour through cookies. In this respect, the legal basis is Art. 6 para. 1 a) GDPR (your consent). You can revoke your consent at any time with effect for the future in accordance with Art. 7 para. 3 GDPR.
If you object to the use of these analysis cookies or configure your browser accordingly, this will not have any disadvantages for you. All functions of the website are still available.

We use the following services on our website, which are based on analysis cookies:

a)    Google Analytics
We use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). Google analytics uses cookies. The information generated by the cookie about your use of the website is generally transmitted to and stored by Google on servers in the United States.

Google will use this information on our behalf in order to evaluate the use of our Website, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and Internet use. Pseudonymous user profiles can be created from the processed data.

We use Google Analytics only with IP anonymisation. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser is not combined with other data by Google.

You can prevent the storage of cookies by setting your browser software accordingly; In addition, you can prevent the collection by Google of the data generated by the cookie and related to your use of the online service and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB .

For more information about Google's use of data for advertising purposes and about setting and objection options, please visit Google's websites:

https://policies.google.com/technologies/partner-sites?hl=en  ("Google's use of data when you use the websites or apps of our partners"), http://www.google.com/policies/technologies/ads  ("Use of data for advertising purposes"), http://www.google.com/settings/ads  ("Manage information Google uses to display advertisements") and http://www.google.com/ads/preferences/ ("Determine which advertisements Google displays to you").

As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent Google Analytics from collecting data from this website in the future. An opt-out cookie will be placed on your device. This cookie stores the fact that we are not allowed to use your data for Google Analytics. If you delete your stored cookies, you must click this link again.

The cookie for web analysis by Google Analytics is stored in your browser for a period of two years.

b)    LinkedIn Analytics
We use the LinkedIn Analytics web analytics service of the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn") on our website. The LinkedIn cookie collects information about your use of the LinkedIn website and transmits it to LinkedIn's servers.

LinkedIn will use this information on our behalf to evaluate the use of our online services, to compile reports on the activities within this online service and to provide us with other services relating to the use of this online service and the Internet. Pseudonymous user profiles can be created from the processed data.

The IP address transmitted by your browser will not be merged with any other data held by LinkedIn. The data collected via the cookie is also not merged with data from LinkedIn profiles.

You can prevent the storage of cookies by setting your browser software accordingly.

Further information on data processing by LinkedIn can be found on the LinkedIn websites:
https://privacy.linkedin.com/
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
https://www.linkedin.com/legal/cookie-policy?trk=hb_ft_cookie
https://www.linkedin.com/legal/cookie-table

The cookie for web analysis by LinkedIn Analytics is stored in your browser for a period of six months.  

3.    Cookies for advertising purposes and social media
We use third party cookies to learn more about your browsing habits (web tracking) so that we only display advertisements that you want to see.
We process the following data:
(1) Frequency of page views
(2) Use of website functions
(3) IP address
(4) Internet browser type and version
(5) Operating system used
(6) Page called up
(7) Previously visited page (referrer URL)
(8) Clicks on ads
(9) Date and time of retrieval

When you enter our website you will be shown a banner with which we ask for your consent to the analysis of your user behaviour through cookies. In this respect, the legal basis is Art. 6 para. 1 lit a GDPR (your consent), which you can revoke at any time with effect for the future in accordance with Art. 7 para. 3 GDPR.

We use the following services and cookies for this purpose:

a)    Google AdWords
On our website we use Google AdWords, an online advertising tool from Google that enables so-called "remarketing". This allows us to tailor advertising to your browsing habits on other websites in the Google Display Network (Google, so-called "Google Ads" and other websites).

Your user habits on our website are analysed so that other websites can display advertisements that match your interests. To this end, Google uses cookies to identify your browser on a particular computer, but not a person or a user. Personal information is not stored.

We only use Google AdWords with IP anonymization. This means that your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser is not merged with other Google data.

You can prevent the storage of cookies by setting your browser software accordingly; In addition, you can prevent the collection by Google of the data generated by the cookie and related to your use of the online service and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://policies.google.com/technologies/ads?hl=en-GB

We also use conversion tracking, which is also part of Google AdWords. When you click on an advertisement placed by Google, a corresponding cookie is stored on your system. Here, too, no personal data or other data is processed that can be used to identify the specific user or a person.

The cookie is used to compile statistics on conversion rates, which, to put it simply, shows the relationship between visits to a page and successful sales.

Cookies for conversion tracking by Google AdWords become inactive after 30 days. Read here how you can deactivate personalized advertising and conversion tracking by Google:
https://support.google.com/ads/answer/2662922?hl=

b)    Google Campaign Manager (formerly DoubleClick)
We use Google's online marketing tool Campaign Manager on our website. This controls the targeted playout of advertising to users. To do this, Google uses cookies to record which ads were displayed to the user and when the user clicked on the ads.

We analyse your user behaviour on our website so that other websites can display advertisements that match your interests. To this end, Google uses cookies to identify your browser on a particular computer, but not a person or a user. Personal information is not stored. Google also uses the cookie to collect information about which content you have interacted with across multiple websites. Google uses this information to target advertisements at you.   

For more information about data processing by the Google Campaign Manager, see: https://www.google.com/doubleclick
 https://policies.google.com/privacy?hl=en.

You can prevent the storage of cookies by setting your browser software accordingly; In addition, you can prevent the collection by Google of the data generated by the cookie and related to your use of the online service and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://support.google.com/adsense/answer/142293?hl=en-GB

The Google Campaign Manager cookie is stored in your browser for a period of six months.  

c)    The Reach Group GmbH
Using retargeting technology, we work with various advertising partners, including The Reach Group GmbH, Am Karlsbad 16, 10785 Berlin, Germany. When you visit our pages, the respective targeting service provider stores temporary cookies on the hard disk of your system or in your mobile device.

If you are already interested in the products of BVB Merchandising GmbH, you can also use this method on the websites of our advertising partners to advertise banners with individualised and interest-related offers from BVB Merchandising GmbH. The data collected on our websites will in no case be linked to personal data that enable identification.

The Reach Group cookies are stored in your browser for a period of 12 days. In addition, the websites of our advertising partners generally offer the opportunity to unsubscribe from interest-related advertising on this site via the links listed there or to obtain further information on the subject of retargeting.

For The Reach Group these are:
https://trg.de/datenschutzerklarung/
Opt-out Link The Reach Group (under "Opt Out")

d)    LinkedIn Ads (LinkedIn Marketing Solutions)
We use a cookie on our website from LinkedIn Ads, an advertising service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The LinkedIn cookie collects information about your use of the LinkedIn website and transmits it to LinkedIn's servers.

LinkedIn uses this information to target advertising groups. The LinkedIn Ads cookie on our website helps us and LinkedIn track whether visitors have come to our website through LinkedIn advertisements. To do this, LinkedIn uses the advertising cookie to record which website users came to our website from (referrer URL) and which advertisements they clicked on. Pseudonymous user profiles can be created from the processed data.

The IP address transmitted by your browser is not merged with other LinkedIn data. The data collected via the cookie is also not merged with data from LinkedIn profiles.
You can prevent the storage of cookies by setting your browser software accordingly. You can find out more about the use of LinkedIn data on the LinkedIn websites:

https://business.linkedin.com/ marketing-solutions/ad-targeting
https://privacy.linkedin.com/
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
https://www.linkedin.com/legal/cookie-policy?trk=hb_ft_cookie
https://www.linkedin.com/legal/cookie-table

The LinkedIn Marketing Solutions (LinkedIn Ads) advertising targeting cookie is stored in your browser for a period of six months.  

e)    Microsoft Advertising Conversion-Tracking (formerly Bing Ads Conversion)
We use the so-called "Microsoft Advertising Conversion Tracking" (formerly Bing Ads Conversion) on our website. Microsoft Advertising Conversion Tracking is a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
When you click on an ad placed through Microsoft Advertising, Microsoft stores a conversion tracking cookie on your device. If you then visit the site linked to in the ad and the cookie has not expired, Microsoft and the company that placed the ad may recognize that you clicked on the ad and were directed to the page. Microsoft advertisers can only recognize clicks on their own ads, not any clicks on ads from other customers. Microsoft uses cookies, among other things, to bill its customers for the cost of advertising. We do not receive information from Microsoft that personally identifies any of our customers.
Microsoft provides us with evaluations or other information based on the data collected only in aggregated, anonymous form. We cannot attribute the information provided to us to any natural person. We have no knowledge of the details of the processing of personal data in Microsoft's area of responsibility. Information about the processing of personal data by Microsoft can be found in the Microsoft data protection regulations: https://privacy.microsoft.com/en-us/privacystatement.
You can control data processing by Microsoft by turning Microsoft Advertising Conversion Tracking on or off in our cookie dashboard for the browser you are currently using. Alternatively, you can disable Microsoft Advertising Conversion Tracking for the browser you are currently using by disabling the storage of cookies in your browser settings.

The recipient of the information is Microsoft Ireland Operations Limited, which is responsible for the collection and processing of personal information by Microsoft Advertising Conversion Tracking.

Cookies do not contain any personally identifiable information other than the cookie ID and are not used for personal identification purposes. We do not collect or store this information ourselves. The collection and processing of this data is the responsibility of Microsoft.

The cookie for Microsoft Advertising Conversion Tracking is stored in your browser for a period of 30 days.

f)    Awin (formerly Affilinet)
The purpose of data processing is to record the number of advertising play-outs for the purpose of settling accounts with the advertiser and to display advertising in accordance with the interests of the user. Therefore Awin and we track the total number of users who clicked on our ad and were redirected to a page with a tracking tag. However, we do not receive information that personally identifies users.

The recipient of the data is Awin AG as the person responsible for the collection and processing of personal data by the Awin cookies.

The purpose of data processing is to record the number of advertising displayed for the purpose of settling accounts with the advertiser and to display advertising in accordance with the interests of the user.  Awin and we learn the total number of users who clicked on our ad and were redirected to a page with a tracking tag. However, we do not receive information that personally identifies users.

The collection and processing of this data is the responsibility of Awin. Awin provides us with evaluations or further information based on the collected data only in aggregated, anonymous form. We cannot assign the information provided to us to any natural person.

Information about the processing of personal data by Awin can be found in the data protection declaration of the Awin Group https://www.awin.com/gb/privacy.

The Awin cookie is stored in your browser for a maximum period of one year.  

g)    Snapchat for Business
We use Snapchat for Business, an online advertising tool from Snap Group Limited, 77 Shaftesbury Avenue, London W1D 5DU, United Kingdom ("Snapchat") on our website. This allows us to play you customized advertisements through Snapchat that are tailored to your interests.
Your browsing behavior on our site is analyzed so that Snapchat can display advertisements that match your interests. For this purpose, Snapchat uses a cookie to identify your browser on a particular computer, but not a person or a user. Personal information is not stored.
Snapchat's cookie also enables Snapchat to measure whether you have come to Snapchat on our website through an advertisement and to measure the effectiveness of the advertisement. This information is used to improve the advertising you receive through Snapchat.
You may refuse the use of cookies by selecting the appropriate settings on your browser, if you prefer. If you use Snapchat, you can also set directly in the app which data may be used by you to optimize advertising. You can find out how to configure the settings and which preferences you can specify here: https://support.snapchat.com/en-GB/a/advertising-preferences

For more information about Snapchat data processing, click here:
https://www.snap.com/en-GB/cookie-policy
https://www.snapchat.com/l/en-gb/
https://www.snap.com/en-GB/privacy/privacy-policy/

The Snapchat for Business advertising targeting cookie is stored in your browser for a period of six months.

VI.    Online Shop
Large parts of our fan shop and our product range can be viewed without registration or log-in, so that you can inform yourself as simply as possible about our offer and without obligations. You have the possibility to purchase our articles without creating a customer account.
In order to process your order, we need your personal data, which you enter into a designated input mask. These will be transmitted to us and stored by us.

The following data will be collected during the ordering process:
(1) Personal data (name, address, date of birth)
(2) E-mail address
In addition, the following data will be stored at the time of the order:
(1) Your IP address
(2) Date and time of the order

The processing of your data serves the conclusion and the fulfillment of purchase, work and work delivery contracts in connection with our fan articles. In this respect, Art. 6 Para. 1 lit b GDPR (fulfilment of the purchase, work or work delivery contract with you) serves as the legal basis.

In order for us to be able to fulfil our obligations under the contracts concluded with you, the processing of the above data is absolutely necessary. If you decide not to provide us with the aforementioned data, we will not be able

- To conclude contracts with you,
- To send you goods and
- To settle our services with you,
- To send you tailor-made offers,
- To inform you about promotions and discounts.

Your data will be deleted as soon as they are no longer required for the purpose of their collection. This is the case with the fulfilment of a contract or with the implementation of pre-contractual measures if the data are no longer necessary for the implementation of the contract. We store contract and booking relevant data in accordance with tax and commercial retention periods for a period of ten calendar years after the last booking.
Recipients of data may be banks and the payment service providers described in Section VII for the processing of payments and postal service providers for the dispatch of goods. Authorities and offices may be recipients within the scope of their tasks, insofar as we are obliged or entitled to transmit data.

VII.    Payment services
If you conclude contracts with us via our shop, we include third-party payment services, based on the payment method you choose. Since payment is related to the contractual relationship with you, the legal basis for all payment methods is Art. 6 Para. 1 lit b GDPR.

1.    PayPal
If you choose to pay through PayPal, we will provide PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, e-mail: impressum@paypal.com with the data collected during registration and information about the transaction and other information related to the transaction, such as the amount sent or requested, the amount paid for products or services, merchant information, including information about payment instruments used for the transaction, device information, technical user data and location data.

This presupposes that you have created an account there or have agreed to the processing of your personal data as a guest there. Please also refer to the privacy policy issued by PayPal (Europe) S.à r.l. et Cie, S.C.A..

2.    Credit card
Payment by credit card is made by entering your credit card number, expiration date and, if applicable, CVC number in the corresponding input fields of the order dialog. This data, as well as your personal details and information about the transaction and other information in connection with the transaction will be transmitted to the respective payment service provider. When (online) paying by credit card, your credit card data (MasterCard, VISA, American Express, AmEx, card number, check digit and validity period) will be collected and stored at Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA, and only passed on to the companies involved in the payment process, e.g:
- MasterCard, Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium,
- at VISA at your card-issuing bank or Visa Europe Management Services Limited,
    German Branch, Hamburger Allee 2-4 WestendGate, 60486 Frankfurt,
- American Express Services Europe Limited, Branch Office Frankfurt am Main, Branch Office of a limited liability company under the laws of the United Kingdom with registered office in London, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main,
The data is also transferred to your card-issuing bank as part of the payment process if necessary.

We use the Secure Socket Layer (SSL) encryption method, a very high security standard on the Internet. As soon as you have entered your data during payment and clicked on the confirmation button, your details will be sent in encrypted form. This means that they are not accessible to third parties.

VIII.    Contact form and e-mail contact
You can contact us via various contact forms available on our website or by e-mail.

If you enter data into the input mask of the contact form provided for this purpose, it will be transmitted to us and processed by us. This involves the following data:
(1) Topic/reason for contact
(2) Salutation
(3) First name
(4) Name
(5) Telephone number
(6) Message
As soon as your message is sent, the following other data will also be stored:
(1) Your IP address
(2) Date and time of registration

For the processing of data for the purpose of correspondence, we ask for your consent before sending the message and refer to this privacy policy. The legal basis for data processing in this respect is Art. 6 para. 1 lit a GDPR.

The processing of other data (e.g. connection data) during the sending process should prevent misuse of the contact form and guarantee the security of our information technology systems. The legal basis in this respect is Art. 6 para. 1 lit f GDPR.
If contact is established via the e-mail address provided, the personal data transmitted with your e-mail will be stored. The legal basis for the processing of your data is Art. 6 para. 1 lit f GDPR, as we have a legitimate interest in this. If the establishment of contact by form or e-mail is in connection with the initiation of a contract or the fulfilment of a contract, Art. 6 para. 1 lit b GDPR is also the legal basis for the processing.

We process personal data from the input mask or e-mails exclusively to process the establishment of contact. Data will not be passed on to third parties in this respect.

We will delete your data as soon as it is no longer required for achieving the purpose for which it was collected. For personal data from the input mask of the contact form and for data transmitted by e-mail, this is the case when the respective correspondence with you has ended. Correspondence is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified, but no later than one year after the last correspondence with you.

Personal data that was additionally collected during the sending process will be deleted after a period of seven days at the latest.

You can revoke your consent to the processing of your personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. All you have to do is send an informal message to the contact details listed above.

In these cases, however, it is not possible to process your message.

If the data are necessary for the fulfilment of a contract or for the execution of pre-contractual measures, a premature deletion can take place only, as far as contractual or legal obligations permit this.

IX.    Newsletter
You can subscribe to our free newsletter. For this purpose, you enter your data in the input mask provided and these will be transmitted to us. Your e-mail address will be collected during registration.

As soon as your message is sent, the following other data will also be stored:
(1) Your IP address
(2) Date and time of registration

Before sending your data, we ask you to give your consent to this processing of the data and we refer to this privacy policy. Your data will be processed with your consent. In this respect, Art. 6 para. 1 lit a GDPR is the legal basis.

After registration you will receive an e-mail in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with external e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time and your IP address used.

Since the processing of the data after the first registration is necessary to deliver the ordered newsletter, Art. 6 para. 1 lit b and Art. 6 para. 1 lit f GDPR also serve as a legal basis.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used. This processing is therefore also permissible on the basis of Art. 6 para. 1 lit f GDPR.
No data will be passed on to third parties in connection with data processing for the dispatch of newsletters. The data will be used exclusively for sending the newsletter.

You can cancel your subscription to the newsletter at any time or object to further newsletters being sent. Each newsletter contains a corresponding link to the unsubscribe form. This also enables us to revoke your consent to the storage of your data. However, you can also cancel your consent at any time by sending an informal letter to the above contact details.

We will delete your data as soon as they are no longer required for the purpose of their collection. Your e-mail address will be stored as long as the newsletter subscription exists. All other personal data collected as part of the registration process will generally be deleted after a period of seven days after collection.

X.    Transfer of data within the group of undertakings
If you give us your consent, address and order data will also be collected and processed for our own marketing purposes and for those of the group companies BVB Merchandising GmbH; Sports & Bytes GmbH; BVB Event & Catering GmbH; besttravel Dortmund GmbH, all located at Rheinlanddamm 207-209, 44137 Dortmund, as well as the Ballspielverein Borussia 09 e.V. Dortmund, Strobelallee 50, 44139 Dortmund. This is based on the legal basis of Art. 6 para. 1 lit a GDPR.
Under certain circumstances, we may also process your data on the basis of legitimate interest within the group. The legal basis in this respect is Art. 6 Para. 1 lit f. GDPR.

You can object to data processing on the basis of the legitimate interest by stating reasons or revoke your consent to data processing. All you have to do is send an informal message to the above-mentioned contact details.

We will delete your data as soon as they are no longer required for the purpose of their collection.

XI.    Your rights
In the following we would like to inform you about your rights according to the General Data Protection Regulation.

1.    The right to revoke the declaration of consent under data protection law (Art. 7 para. 3 GDPR)
You have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. You will be informed of this before giving your consent.

2.    Right of access (Art. 15 GDPR)
Pursuant to Art. 15 GDPR, you have the right to request confirmation from us as to whether we process personal data relating to you. If this is the case, you have the right to information about this personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- to whom this personal data has been disclosed or is still being disclosed, in particular when this is done vis-à-vis recipients in third countries or international organisations;
- if possible, the envisaged period for which the personal data will be stored, or,  if this is not possible, the criteria for determining that period;
- the existence of a right to request rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to our processing;
- the right to lodge a complaint with a supervisory authority;
- if the personal data is not collected from you, all available information about the source of the data;
- whether there is automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, if so, meaningful information on the logic involved and the scope and envisaged consequences of such processing on you.

If personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards in place to ensure that the provisions of the GDPR are complied with by those recipients.

3.    Right to rectification (Art. 16 GDPR)
You can ask us to correct any inaccurate data concerning you immediately. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary statement.

4.    Right to erasure or "right to be forgotten" (Art. 17 GDPR)
You have the right to obtain from us the erasure of data without undue delay where one of the following grounds applies:
- The data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw the consent on which the processing was based and there is no other legal basis for the processing.
- You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing.
- You object to the processing pursuant to Article 21(2) GDPR for direct marketing purposes.
- The data were unlawfully processed.
- The data have to be erased for compliance with a legal obligation in Union or German law.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR

If we have made your data public and are obliged to delete it, we will take appropriate measures, taking into account the available technology and the costs of implementation, to inform those responsible that you have requested the erasure.

5.    Right to restriction of processing (Art. 18 GDPR)
According to Art. 18 GDPR, you have the right to obtain from us restriction of processing where one of the following applies:
- you dispute the accuracy of your data, until we are able to verify its accuracy.
- the processing is unlawful and you oppose to the erasure of your data and instead request that the use of your personal data be restricted.
- we no longer need the data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims.
- You object to the processing pursuant to Article 21(1) GDPR pending the verification whether our legitimate grounds override yours.  

If processing has been restricted, we may only store this data. Any further processing is then only permitted with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

You may revoke your consent given in this context at any time.

You will be notified by us before the restriction of processing is lifted.

6.    Notification obligation (Art. 19 GDPR)
We are obliged to inform all recipients to whom your data has been disclosed of any rectification or deletion of your data or any restriction of processing, unless this proves impossible or involves disproportionate effort.  

We will inform you of these recipients if you so request.

7.    Right to data portability (Art. 20 GDPR)
You have the right to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right for us to disclose such information to a third party, provided that
- the processing of the data is based on your consent or on a contract and
- processing is carried out using automated means.
You may request that we transfer your data directly to the third party as far as this is technically feasible. This right must not impair the rights and freedoms of others.

8.    Automated individual decision-making (Art. 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing, including profiling, if that decision has legal effect on you or significantly affects you in a similar manner.

This does not apply if:
- you have expressly consented to this in advance, or
- the decision is necessary for the conclusion or performance of a contract between us or
- legislation in force permits this and that such legislation contains suitable measures to safeguard your rights and freedoms and legitimate interests.

In the first two cases, we will implement suitable measures to safeguard your rights and freedoms and your legitimate interests. This includes that you may notify us at any time using the contact details provided above if you believe that automated decision-making limits your rights and freedoms and you may appeal the automated decision at any time. In addition, you may request that the automated decision be reviewed by our employees.

9.    Right to object (Art. 21 GDPR)
If we process your data on the basis of a legitimate interest (Art. 6 para. 1 lit f GDPR), you have the right to object to this if the reasons for this arise from your particular situation. This also applies to profiling based on these provisions. In this case, we will no longer process your data unless we can prove compelling legitimate grounds for the processing. This must outweigh your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If we process your data for the purpose of direct marketing, you may object to the processing of your data. This also applies to profiling insofar as it is related to such direct marketing.

After your objection, your data will no longer be processed for these purposes.

If you wish to object, simply send an informal message to the above contact details.

10.    Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
You have the right to complain to a supervisory authority, in particular in the Member State where you are staying, at your place of work or at the place where the alleged infringement occurred, if you consider that the processing of the data concerning you is contrary to the GDPR. Other administrative or judicial remedies which you may have remain unaffected.

Viewed