DFL Deutsche Fußball Liga GmbH, Guiollettstrasse 44-46, D-60325 Frankfurt am Main (“DFL“) collects, processes and uses personal data which has been captured from visits to the website www.dfl.de (the “Website“) in compliance with the applicable data privacy provisions in the Federal Republic of Germany. This Privacy Statement and Cookie Directive (hereinafter together: the “Statement”) sets out which data of the visitor (“User“) is captured on the Website and how this information is processed and used.
1. Personal data
Personal data are all information which relate to an identified or identifiable natural person. A natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, for example, the name, personalized email addresses, the residential address, the telephone number or the date of birth.
2. Data collection, processing and use when accessing the Website
Each time a User accesses the Website, the User’s Internet browser, for technical reasons, automatically supplies the following data to DFL’s web server:
- IP address of the end device
- date and time of access
- name and URL of accessed page
- transferred data volume
- access status (data file transmitted, data file not found, etc.)
- recognition data of the used browser and operating system of the User’s end device
- name of the User’s Internet service provider
- website from which the access was made
The collection, processing and use of these data occur for the purposes of enabling the use of the Website (connection set-up), system security and technical administration of the network infrastructure. A comparison with other data sets or a transmission to third parties, even in excerpts, does not take place.
The legal basis for processing is Art. 6 para. 1 b) General Data Protection Regulation (“GDPR”)].
With regard to data collection, processing, and use for the purpose of optimizing the Website through web analytics, additional reference is made to Section 4 of this Statement.
3. Data collection, processing and use in the context of the subpage tomorrow.dfl.de and the DFL Focus: Tomorrow newsletter
3.1 Registration for DFL Focus: Tomorrow newsletter
3.1.1 In order to receive the DFL Focus: Tomorrow Newsletter, the User must subscribe to it including entering his or her personal data (first and last name, email address). The collection, processing and use of these personal data are solely for the purpose of offering the User information and services requested by him/her and only in the nature and extent of the prior consent of the User.
The legal basis for processing is Art. 6 para. 1 a) GDPR.
The User may withdraw his or her consent prospectively at any time, without this affecting the legitimacy of the processing done prior to the withdrawal of the consent.
3.1.2 The DFL uses the Customer Identity Management Platform provided by Gigya Inc. (USA) (“Gigya“) for the registration for the DFL Focus: Tomorrow newsletter. The use of these data will only be processed for the purposes of enabling the use and the technical administration of this newsletter. The legal basis for processing are Art. 6 para. 1 a) GDPR and Art. 6 para. b) GDPR.
3.1.3 The social login function which is also provided by Gigya allows the User to also subscribe for the DFL Focus: Tomorrow newsletter with his/her social media account at Facebook. If the User signs up using Facebook, the following data transfers will take place:
• The transmission of information and user data (visited pages, activated fields) to Facebook, with the possibility for Facebook to merge these data with the data relating to the User. Data will then also be transmitted to the US with possible data access by national security authorities without ensuring an European level of data protection. Facebook is a registered member of the EU-US Privacy Shield
• The transmission of certain information from the User’s Facebook account to the DFL with the consequence that in addition to the data outlined in this Privacy Statement (IP address), the following information is transmitted to the DFL:
– First name and last name
– email address
IF THE USER DOES NOT WANT TO SHARE THIS INFORMATION, THE USER SHOULD USE THE EMAIL REGISTRATION AND ENTER THE DATA MANUALLY.
The legal basis for processing is Art. 6 para. 1 a) GDPR.
3.2 Analytics of the use of the DFL Focus: Tomorrow newsletter
The Users of the DFL Focus: Tomorrow newsletter are assigned a UserID, which allows the DFL to determine when the respective DFL Focus: Tomorrow newsletter was opened and which links or functions from the respective DFL Focus: Tomorrow newsletter were activated. This tracking (tracing) takes place for the internal optimization of the DFL Focus: Tomorrow newsletter. These data will not be disclosed.
The legal basis for processing is Art. 6 para. 1 f) GDPR, whereby the legitimate interest for DFL results from the fact that, in the first place, DFL has an interest in optimizing such services. Secondly, the User will not incur any particular disadvantages when comparing the User’s reasonable expectations based on his or her relation to the DFL as the Website operator and newsletter provider. If the User of the DFL Focus: Tomorrow newsletter does not want this tracking to take place, he/she can unsubscribe from the DFL Focus: Tomorrow newsletter.
4. Data collection, processing and use in the context of web analytics
The information about the use of the Website by a User produced by the cookie is normally transmitted to a server of Google in the USA and stored there.
However, DFL has expanded Google Analytics with the code “gat._anonymizeIp();” in order to assure anonymized collection of IP addresses (so-called IP masking). This means that the IP addresses of Users are shortened within the Member States of the European Union or in other States which are a party to the Convention on the European Economic Area before the transmission to the USA. So, the full IP address is transmitted to a server of Google in the USA and shortened there only in exceptional situations. Google is a registered member of the EU-US Privacy Shield.
Upon request of DFL, Google will use this information in order to analyze the use of the Website by the Users for the purpose of compiling reports about the Website activity to provide additional services to DFL which are related to the use of the and Internet use. Google does not combine the IP address of a User’s browser with other data under Google Analytics.
The User can prevent the storage of cookies with a corresponding setting on the User’s browser software. Furthermore, the User can prevent Google from collecting the data generated by the cookie and relating to his/her use of the Website (including the User’s IP address) by downloading and installing the browser plugin available via the following link. The User can also refuse the use of Google Analytics by clicking on the following link. An opt-out cookie which prevents the future collection of his/her data when visiting the Website will be placed: Disable Google Analytics. However, DFL hereby informs the User that in this case it is possible that the User cannot completely use all functions of the Website.
The legal basis for processing is Art. 6 para. 1 f) GDPR, whereby the legitimate interest for DFL results from the fact that, in the first place, DFL has an interest in evaluating the Website data for purposes of its optimization. Secondly, a data subject can reasonably foresee that data might possibly be processed for this purpose at the time the personal data is collected and in light of the circumstances under which this occurs (especially the above-mentioned measures).
5. Data collection, processing and use in the context of the registration for and use of the media center
The use of parts of the media center requires a prior registration including entering personal data (name, company address, contact information, etc.)
The legal basis for processing are
– Art. 6 para. 1 a) GDPR for data for which the User has issued his or her consent to DFL. Insofar as the processing is based on the consent of the User, the User has the right to withdraw the consent at any time without affecting the legality of the processing on the basis of the consent done prior to the withdrawal.
– Art. 6 para. 1 b) GDPR for data which are necessary for fulfilling the obligations resulting from the registration and use of the media center.
– Art. 6 para. f) GDPR because of legitimate interests to monitor of the compliance with the provisions in these Terms and Conditions for Use and Data Privacy for the Media Center, as well as for any correction of errors of the media center.
6. Limited purpose for processing and using personal data
All processing or use of personal data of the User occurs only for the purposes mentioned in this Statement and to the extent necessary to achieve the respective purpose.
Personal data are not published by DFL or disclosed to unauthorized third parties.
Transmissions of personal data to government agencies and public authorities occur only in accordance with mandatory national provisions in the law or if the disclosure is necessary in the case of attacks on the network infrastructure in order to pursue rights and for purposes of criminal prosecution. The legal basis for this processing is Art. 6 para. 1 c) GDPR in conjunction with § 24 para. 1 no. 1 b) German Data Protection Act [Bundesdatenschutzgesetz, “BDSG”].
7. Storage and deletion of personal data
All stored personal data and pseudonymized usage data are deleted immediately and permanently as soon as the data are no longer needed for the purposes for which they were collected or the User demands this unless DFL is required by law to do preserve the data. If DFL is required on the basis of provisions in the law to preserve the data, the stored personal data and pseudonymized usage data will be permanently deleted upon expiration of the time periods for preserving data required by law.
DFL uses technical and organizational security measures in order to protect the personal data of the Users against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security measures are continuously adapted in accordance with technological developments.
9. Links to other websites
The Website may contain links to other websites. This Statement applies solely to the Website of DFL. DFL has no influence over, and does not control whether other providers comply with applicable data privacy provisions.
10. Rights of the User
The User has a right to information with regard to the stored personal data of the User. The User also has a right to have incorrect data corrected and to restriction of the processing and to have data deleted, as well as a right to object against the processing and the right for data transferability.
The User can contact DFL by using the contact form which is available under the following link: https://mediacenter.dfl.de/en/mc/info/. The data privacy officer of DFL can be contacted at firstname.lastname@example.org. Please note that only data privacy-related messages will be answered at this email address. For all other inquiries please use the afore mentioned contact form.
It is pointed out that there is a right to file an objection with the supervisory authority.
11. Applicability, validity and timeliness of the Statement
The provisions in this Statement on collection, processing and use of the User’s data apply for the User when using the Website. This Statement is current valid and is dated as of 25 May 2018. DFL reserves the right to amend this Statement at any time as needed with effect for the future, especially for the purposes of adaption to a further development of the Website or the implementation of new technologies.