Thank you for visiting our website. We take the protection of your privacy very seriously when collecting, processing, and using your personal data, in accordance with the statutory provisions. This page gives you an overview of how we intend to handle your personal data. Data protection is a matter of great importance to us. Your personal data is collected and processed in compliance with the data protection regulations as applicable, in particular the General Data Protection Regulation (GDPR).
The controller of the processing of your personal data within the meaning of Art. 4 (7) GDPR is Olympiapark München GmbH, Spiridon-Louis-Ring 21, 80809 München, Managing Director Marion Schöne, phone +49-89-30-670, fax +49-89-3067-2222, e-mail email@example.com, Munich Local Court HRB 6971. If you wish to object to your data being collected, processed, or used by us in accordance with these data protection provisions, either wholly or in relation to individual measures, please direct your objection to the controller.
2. General purposes of processing
We use personal data for the purpose of operating the website and for processing contractual relations.
3. Which data we use and why
The hosting services utilized by us serve to make the following services available: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services used by us for the purpose of operating the website. This entails our processing inventory data, contact details, content data, contractual data, usage data, metadata, and the communication data of visitors to this website on the basis of our legitimate interests in the efficient and secure provision of our website pursuant to point (f) sentence 1 of Art. 6 (1) GDPR in conjunction with Art. 28 GDPR. The servers used are located in Germany/Europe only.
3.2 Access data
We collect information on you when you use this website. We automatically collect information on your user behavior and your interactions with us and register data concerning your computer or mobile device. We collect, store, and use data regarding every instance of our website being accessed (so-called server log files). This access data includes:
- Name and URL of the file retrieved
- Date and time of the retrieval
- Data volume transmitted
- Notification of successful retrieval (HTTP response code)
- Browser type and browser version
- Operating system
- Referrer URL (i.e. the page you were redirected from)
- Websites accessed by the user’s system via our website
- The user’s Internet service provider
- IP address and the inquiring provider
We use these log files without their being attributed to you and without any other form of profile creation for statistical analysis for the purposes of the operation, security, and optimization of our website, for anonymously logging the number of visitors to our website (traffic) and the scope and type of use of our website and services, and for billing purposes to measure the number of clicks received from cooperative partners. Based on this information, we are able to provide customized and location-based content as well as analyze the data traffic, find and rectify errors, and improve our services. Here, too, we have a legitimate interest pursuant to point (f) sentence 1 of Art. 6 (1) GDPR. We reserve the right to subsequently check the log files if, based on concrete indications, there is the legitimate suspicion of illegal usage. We record IP addresses in the log files for a limited period (generally for seven days) if this is necessary for security purposes or is required for service performance or for the billing of a service, e.g. if you avail yourself of one of our offerings. We shall delete your IP address if an order process is aborted or upon receipt of payment if it is no longer required for security purposes. We shall additionally log IP addresses if we have concrete suspicions of a criminal offense in relation to the use of our website.
- Login details
- Language settings
- Search terms entered
- Information on the number of page views on our website and regarding the use of individual features on our website
A cookie is assigned an identification number upon being activated. This identification number is not attributed to your personal data. Your name, IP address, and similar data which would allow the cookie to be attributed to you are not stored in the cookie. Based on cookie technology, we only receive pseudonymized information such as which of our website pages were visited, which products were viewed, etc. You can alter your browser settings such that you are notified in advance whenever cookies are to be set and can decide whether you wish to deny cookies on a case-by-case basis or in general, or prevent them from being set altogether. 3.4 Web analytics performed by Matomo (formerly Piwik) In accordance with point (f) of Art. 6 (1) GDPR, we use the open-source software tool Matomo (formerly Piwik) on our website for analysis of our users’ surfing behavior. This provides us with information on use of the individual components of our website and this helps us continuously improve our website and its user-friendliness. The software sets a cookie on the user’s computer. When individual pages of our website are viewed, the following data is logged in addition to the data listed in 3.2:
- (1) Two bytes of the IP address of the user’s accessing system
- (2) The website viewed
- (3) The website from which the user came (referrer URL)
- (4) The subpages accessed from the viewed website
- (5) The website use time
- (6) The frequency of the website being viewed
- (7) The search terms entered into the search field by users
3.5 Data for the fulfillment of our contractual duties
We process the personal data we need in order to fulfill our contractual duties, for example the user’s name, address, e-mail address, ordered products/event services, and invoicing and payment data. Collection of this data is necessary for the conclusion of a contract. The data shall be erased upon expiration of the warranty and the statutory retention periods. Data linked to a user account (see below) is retained for as long as the account is maintained. The legal basis for the processing of this data is point (b) sentence 1 of Art. 6 (1) GDPR as this data is needed in order for us to fulfill our contractual duties toward you.
3.6 User accounts
When you use our website, we offer you the opportunity to create a user account to serve various purposes such as placing orders in our online shop or booking courts at the SoccArena. This saves you having to enter your data anew when making subsequent purchases or bookings. An account is created subject to your consent and entails our processing your data, with point (a) sentence 1 of Art. 6 (1) GDPR as the legal basis for this. Your booking data shall be automatically erased after two years. Your user account shall be automatically erased following two years of inactivity.
You may voluntarily provide us with data which is additional to the personal data required for the conclusion and performance of a contract within the meaning of point (b) sentence 1 Art. 6 (1) GDPR (e.g. form of address, first name and family name, address, e-mail address, if applicable also username and invoicing and payment data); all mandatory information is marked with an *. In the case of company bookings, we shall process your name and your contact details on the basis of our legitimate interest pursuant to point (f) sentence 1 of Art. 6 (1) GDPR.
In addition to the data stipulated above, we process information such as the time of registration and the time of login for our user accounts. This occurs on the basis of the statutory requirements (point [c] sentence 1 of Art. 6  GDPR) and to optimize our services in accordance with our legitimate interests (point [f] sentence 1 of Art. 6  GDPR).
You may alternatively place orders in our Olympiapark online shop using a guest account. In this case, you must enter the necessary data anew when placing subsequent orders.
We use service providers for payment processing who are themselves controllers from a data protection perspective and who accordingly attend to the security of the payment services they provide. The terms and conditions of business and the data privacy policies of the following payment service providers additionally apply:
- If a credit card is selected as the payment method, payment is effected via Saferpay, an e-payment platform belonging to SIX Payment Services (Europe) S.A., Theodor-Heuss-Allee 108, 60486 Frankfurt am Main.
- If SOFORT instant bank transfer is selected, payment is effected via Klarna GmbH, Theresienhöhe 12, 80339 München.
3.7 Application process
We process your data in the course of the application process in order to select suitable candidates. The legal basis for this data processing is the taking of steps prior to entering into a contract in accordance with point (b) Art. 6 (1) GDPR in conjunction with Section 26 of the Federal Data Protection Act (BDSG). Your data shall be shared internally with the managers involved in making recruitment decisions regarding the vacancies in question and, if applicable, with the employee representative, the gender equality officer, and the disabled persons representative. It shall not be passed on to third parties or third countries. Your data shall be erased at the latest six months after conclusion of the application process. Retention of data during these periods is necessary for legal reasons in the event of any lawsuits (in particular the assertion of claims on the basis of the General Act on Equal Treatment [AGG]). Data collection is required in order for a contract to be concluded by and between you and us. If you request that your application data be deleted during the application process, this shall be interpreted as a retraction of your application.
3.8 E-mail contact
When you contact us (for example, via a contact form or by e-mail), we shall process your details in order to process your inquiry and to address any follow-up questions which may arise. If data is processed to take steps at your request prior to entering into a contract or, if you are already a customer, for performance of the contract, the legal basis for this data processing is point (b) sentence 1 of Art. 6 (1) GDPR. We shall only process other personal data if you give your consent to this (point [a] sentence 1 of Art. 6  GDPR) or if we have a legitimate interest in your data being processed (point [f] sentence 1 of Art. 6  GDPR). Our responding to your e-mail is an example of a legitimate interest.
3.9 Google Fonts
We use Google Fonts on the basis of our legitimate interest in the graphically appealing presentation of our website in accordance with point (f) sentence 1 of Art. 6 (1) GDPR.
4. Data retention period
Unless specified otherwise, we shall only log your personal data for as long as is necessary for the fulfillment of the purposes pursued. The law prescribes the retention of personal data in certain instances, for example in relation to tax law and commercial law. In these instances, the data continues to be stored by us solely for these statutory purposes and is not processed in any other way and is erased upon expiration of the statutory retention period.
5. Your rights as the data subject
In accordance with the GDPR, you have various rights as the user of our Internet services. These relate in particular to Art. 15 to 18 and 21 GDPR:
5.1 Right of access:
Pursuant to Art. 15 GDPR, you may demand access to your personal data which is processed by us. You should be precise in your application for access in order to facilitate our gathering of the necessary data. Please note that your right of access may be limited under certain circumstances subject to legal provisions (in particular Section 34 BDSG).
5.2 Right to rectification:
If the information relating to you is not or is no longer accurate, you may demand that this be rectified pursuant to Art. 16 GDPR. If your data is incomplete, you may demand that it be completed.
5.3 Right to erasure:
In accordance with the conditions of Art. 17 GDPR, you can demand that your personal data be erased. Your entitlement to data erasure depends among other things on whether the information related to you is still needed by us for the fulfillment of our statutory duties.
5.4 Right to restriction of processing:
The provisions of Art. 18 GDPR afford you the right to demand that processing of the data related to you be restricted.
5.5 Right to object:
In accordance with Art. 21 GDPR, you have the right to object anytime to your personal data being processed on grounds relating to your particular situation. We cannot, however, always comply with such a demand, for example if legislation obligates us to process data in order to fulfill our official duties.
5.6 Right to lodge a complaint:
If you are of the opinion that we have failed to comply with data protection regulations in the processing of your data, you have the right to lodge a complaint with the Bavarian Data Protection Commissioner (Bavarian DPC), Wagmüllerstrasse 18, 80538 München, phone: +49-89-212-6720, Internet: https://www.datenschutz-bayern.de
5.7 Automated decision-making, including profiling:
You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.
No automated decision-making is effected on the basis of the personal data collected.
6. Data security
We make every effort to ensure that your data is secure in line with the applicable data protection laws and the technical possibilities. Your personal data is encrypted when transmitted by us. This applies both to orders placed and customer logins. While we use state-of-the-art, secure transfer protocols, please bear in mind that online data transmission (e.g. e-mail communication) can entail security vulnerabilities and data cannot be fully protected against third-party access. We employ technical and organizational safeguards to secure your data in accordance with Art. 32 GDPR and regularly bring these up to date. Additionally, we offer no guarantee that our services will be available at certain times; malfunctions, disruptions, and downtimes cannot be ruled out. The servers we use are carefully secured on a regular basis.
7. Disclosure of data to third parties, no data transfer to non-EU countries
As a rule, we only use your personal data within our company. If and insofar as we engage third parties in the course of contractual performance (such as logistics service providers), these are provided with personal data only to the extent necessary for the service they provide. In the event that we outsource parts of data processing (“commissioned processing”), we contractually obligate the processors to use personal data exclusively in accordance with data protection legislation and to guarantee the protection of the rights of data subjects. Data is not transferred to bodies or persons outside of the EU, nor are there plans for this to be the case.
8. Children and adolescents
Persons under the age of 16 may not submit personal data to us without the authorization of a parent or legal guardian. Likewise, we do not request information from them, collect information on them, or share information on them with third parties.
9. Social media
Our website also features the logos of social media service providers. These logos/icons serve as external links. No personal data is transferred to these service providers without these being clicked on. If the user clicks on one of these logos, they are redirected to the website of the service provider in question. Information on the processing of personal data can be found in the respective providers’ privacy policies:
- a) Facebook: Facebook’s data policy can be found here: https://www.facebook.com/policy.php
- b) Instagram: Instagram’s data policy can be found here: https://help.instagram.com/519522125107875
If you do not wish the above-mentioned social networks to process your personal data, please do not click on the logos/icons.
10. Integration and use of YouTube
The data processing controller has incorporated YouTube components into this website. YouTube is an online video portal which allows video publishers to upload video clips free of charge and other users to view, rate, and comment on said videos, likewise free of charge. YouTube permits any kind of video to be published. Consequently, entire movies and TV shows, music videos, trailers, and clips made by the users themselves can be accessed via the online portal. The company that operates YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.
Whenever an individual page of this website run by the data processing controller and featuring an integrated YouTube component (YouTube video) is viewed, the Internet browser within the data subject’s information technology system is automatically prompted by the YouTube component to download a presentation of the YouTube component in question from YouTube. More information on YouTube can be found at https://www.youtube.com/intl/en-US/about/ In the course of this technical process, YouTube and Google learn which specific subpage of our website was visited by the data subject. If the data subject is already logged in to YouTube, YouTube will recognize which specific subpage of our website the data subject has visited upon their viewing a subpage featuring a YouTube video. This information is gathered by YouTube and Google and is attributed to the data subject’s YouTube account.
11. Data Protection Officer
If you still have questions or concerns regarding data protection, please contact our Data Protection Officer, either by mail or electronically: Olympiapark München GmbH, f.a.o. Data Protection Officer, Spiridon-Louis-Ring 21, 80809 München, firstname.lastname@example.org.
Last updated: 8/20/19