top of page
1. General Information
The following information gives a simple overview of what happens to your personal data when you visit this website. Personal data means any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in the full privacy policy set out below.
2. Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. The operator’s contact details can be found in the section “Information on the Controller” in this privacy policy.
How do we collect your data?
On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter into a contact form.
Other data is collected automatically or – where required by law – based on your consent by our IT systems when you visit the website. This is primarily technical data (for example browser type, operating system or time of page access). This data is collected automatically as soon as you access this website.
What do we use your data for?
Part of the data is collected in order to ensure the error-free provision of the website. Other data may be used to analyse your user behaviour. Where contracts can be concluded or initiated via the website, the data transmitted is also processed for contract offers, orders or other business enquiries.
What rights do you have regarding your data?
You have the right at any time to obtain information, free of charge, about the origin, recipients and purpose of your stored personal data. You also have the right to request the rectification or erasure of this data. If you have given consent to data processing, you may withdraw this consent at any time with effect for the future. Furthermore, you have the right, under certain conditions, to request the restriction of processing of your personal data.
You also have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time regarding this and any other questions on the subject of data protection.
Analytics tools and tools from third parties
When visiting this website, your browsing behaviour may be statistically evaluated. This is primarily done using analytics programs.
Detailed information on these analytics programs can be found in this privacy policy below.
3. Hosting and Content Delivery Networks (CDN)
WIX
We host the content of our website with the following provider:
WIX
Provider is Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (“WIX”).
WIX is a tool for creating and hosting websites. When you visit our website, WIX analyses user behaviour, visitor sources, region of website visitors and visitor numbers. WIX stores cookies in your browser that are necessary for displaying the website and for ensuring security (necessary cookies).
The data collected via WIX may be stored on various servers worldwide.
The WIX servers are located, among other places, in the United States.
For details, please refer to WIX’s privacy policy:
https://de.wix.com/about/privacy
According to WIX, data transfers to the United States and other third countries are based on the European Commission’s Standard Contractual Clauses or comparable safeguards in accordance with Article 46 GDPR. Details can be found here
https://de.wix.com/about/privacy-dpa-users
The use of WIX is based on Article 6(1)(f) GDPR. We have a legitimate interest in the most reliable possible presentation of our website. Where appropriate consent has been requested, processing takes place exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications Digital Services Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz – TDDDG), insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (for example device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the United States. Each company certified under the DPF undertakes to comply with these data protection standards. Further information is available here:
https://www.dataprivacyframework.gov/participant/5626
Processor agreement
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law to ensure that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Cloudflare
We use the service “Cloudflare”. Provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (“Cloudflare”).
Cloudflare provides a globally distributed content delivery network with DNS services. Technically, the information transfer between your browser and our website is routed through Cloudflare’s network. This enables Cloudflare to analyse the data traffic between your browser and our website and to act as a filter between our servers and potentially malicious data traffic from the internet. In this context, Cloudflare may also use cookies or other technologies for user recognition, which are used solely for the purposes described here.
The use of Cloudflare is based on our legitimate interest in the most error-free and secure provision of our web offering (Article 6(1)(f) GDPR).
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. Details and further information on security and data protection at Cloudflare can be found here:
https://www.cloudflare.com/privacypolicy/
The company is certified under the EU-US Data Privacy Framework (DPF). Further information is available here:
https://www.dataprivacyframework.gov/participant/5666
Processor agreement
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This contract required by data protection law ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Google Cloud CDN
We use the content delivery network Google Cloud CDN. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google provides a globally distributed content delivery network. The information transfer between your browser and our website is routed via Google’s network. This enables us to improve the global availability and performance of our website.
The use of Google Cloud CDN is based on our legitimate interest in the most error-free and secure provision of our web offer (Article 6(1)(f) GDPR). Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses.
Details can be found here:
https://cloud.google.com/terms/eu-model-contract-clause
Further information on Google Cloud CDN can be found here:
https://cloud.google.com/cdn/docs/overview?hl=de
The company is certified under the EU-US Data Privacy Framework (DPF). Further information is available here:
https://www.dataprivacyframework.gov/participant/5780
Processor agreement
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This contract required by data protection law ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
4. General Information and Mandatory Information
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this privacy policy.
When you use this website, various personal data are collected. Personal data means data that can be used to identify you personally. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this happens.
We would like to point out that data transmission over the internet (for example communication by email) can have security gaps. Complete protection of the data from access by third parties is not possible.
Information on the Controller
The controller responsible for data processing on this website is:
FC Viktoria 1889 Berlin Frauen-Fußball GmbH
Krahmerstraße 15
12207 Berlin
Germany
Telephone: +49 (30) 75 44 48 98 00
Email: info@fcviktoria.com
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (for example names, email addresses etc.).
Storage period
Unless a more specific storage period is stated in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for erasure or withdraw your consent to data processing, your data will be erased unless we have other legally permissible grounds for storing your personal data (for example retention periods under tax or commercial law); in the latter case, erasure takes place after these grounds cease to apply.
General information on the legal bases for data processing on this website
Where you have given consent to data processing, we process your personal data on the basis of Article 6(1)(a) GDPR or, in the case of the processing of special categories of data within the meaning of Article 9(1) GDPR, on the basis of Article 9(2)(a) GDPR. In the event of explicit consent to the transfer of personal data to third countries, processing is also based on Article 49(1)(a) GDPR. Where you have consented to the storage of cookies or to access to information in your terminal device (for example via device fingerprinting), processing is additionally based on Section 25(1) TDDDG. Consent may be withdrawn at any time.
If your data is required for the performance of a contract or for pre-contractual measures, we process your data on the basis of Article 6(1)(b) GDPR. Where data is required for compliance with a legal obligation, we process it on the basis of Article 6(1)(c) GDPR.
Furthermore, data processing may take place on the basis of our legitimate interest in accordance with Article 6(1)(f) GDPR. The relevant legal bases in each individual case are explained in the following paragraphs of this privacy policy.
Data Protection Officer
We have appointed a Data Protection Officer:
MUNAS Consulting
Dr. Markus Schneider
Flotowstraße 3
15370 Fredersdorf-Vogelsdorf
Germany
Telephone: +49 1556 3093279
Email: datenschutz@fcviktoria.com
Recipients of personal data
In the course of our business activities, we work with various external parties. In some cases, this also involves the transfer of personal data to such external parties.
We only pass on personal data to external parties where this is necessary for performance of a contract, where we are legally obliged to do so (for example transfer of data to tax authorities), where we have a legitimate interest in the transfer in accordance with Article 6(1)(f) GDPR, or where another legal basis permits the transfer of data. Where we use processors, we only transfer personal data of our customers on the basis of a valid data processing agreement. In the case of joint processing, a joint controller agreement is concluded.
Data transfers to third countries
Where we process data in a third country (that is, outside the European Union (EU) or the European Economic Area (EEA)) or where data processing takes place in the context of the use of services of third parties or the disclosure or transfer of data to other persons, entities or companies, this only occurs in accordance with the statutory provisions.
Subject to explicit consent, contractual or legal necessity, we only process data in third countries with a recognised level of data protection, on the basis of contractual obligations through so-called Standard Contractual Clauses of the European Commission, where certifications or binding internal data protection rules exist (Articles 44 to 49 GDPR; information page of the European Commission:
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
Note on data transfer to the United States
Tools from companies based in the United States are integrated into our website. If you consent to the use of these tools, your personal data may be transferred to the US servers of the respective companies. We point out that the United States is not a “safe third country” in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you, as the data subject, being able to take sufficient legal action against this. We have no influence on these processing activities.
Withdrawal of your consent to data processing
Many data processing operations are only possible with your explicit consent. You may withdraw consent previously granted at any time. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by the withdrawal.
Right to object to data processing in specific cases and to direct marketing (Article 21 GDPR)
IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ARTICLE 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA, INCLUDING PROFILING BASED ON THOSE PROVISIONS. THE RELEVANT LEGAL BASIS FOR PROCESSING IN EACH CASE IS SET OUT IN THIS PRIVACY POLICY. IF YOU LODGE AN OBJECTION, WE WILL NO LONGER PROCESS YOUR RELEVANT PERSONAL DATA, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ARTICLE 21(1) GDPR).
WHERE YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ARTICLE 21(2) GDPR).
Right to lodge a complaint with the competent supervisory authority
In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to receive data which we process on the basis of your consent or in performance of a contract in a structured, commonly used and machine-readable format and to have this data transmitted to yourself or to a third party. Where you request the direct transfer of the data to another controller, this will only be carried out where technically feasible.
Access, rectification and erasure
Within the scope of the applicable statutory provisions, you have the right at any time to obtain information free of charge about your stored personal data, its origin and recipients and the purpose of data processing, and, where appropriate, a right to rectification or erasure of these data. You can contact us at any time regarding this and any other questions on the subject of personal data.
Right to restriction of processing
You have the right to request the restriction of processing of your personal data. You can contact us at any time to this end. The right to restriction of processing exists in the following cases:
-
If you contest the accuracy of your personal data stored by us, we usually need time to verify this. For the period of verification, you have the right to request restriction of processing of your personal data.
-
If the processing of your personal data was or is unlawful, you may request restriction of data processing instead of erasure.
-
If we no longer need your personal data, but you require it for the establishment, exercise or defence of legal claims, you have the right to request restriction of processing instead of erasure.
-
If you have lodged an objection pursuant to Article 21(1) GDPR, a balance must be struck between your interests and ours. As long as it has not been determined whose interests prevail, you have the right to request restriction of processing of your personal data.
Where you have restricted the processing of your personal data, such data may – apart from storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
SSL and TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the website operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the browser’s address line changing from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is enabled, data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If, after conclusion of a paid contract, there is an obligation to transmit your payment data (for example account number in the case of direct debit authorisation), this data is required for processing payments.
Payment transactions via the common payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the browser’s address line changing from “http://” to “https://” and by the lock symbol in your browser line.
With encrypted communication, your payment data that you transmit to us cannot be read by third parties.
Objection to unsolicited marketing emails
We hereby object to the use of contact details published in the context of the legal notice obligations for the purpose of sending unsolicited advertising and information material. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, for example through spam emails.
5. Data Collection on This Website
Cookies
Our internet pages use so-called “cookies”. Cookies are small data packets which do not cause any damage to your terminal device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.
Cookies may originate from us (“first-party cookies”) or from third-party companies (“third-party cookies”). Third-party cookies allow the integration of certain services from third-party companies within websites (for example cookies for processing payment services).
Cookies have different functions. Many cookies are technically necessary, since certain website functions would not work without them (for example shopping cart function or display of videos). Other cookies can be used for analysing user behaviour or for advertising purposes.
Cookies that are required for carrying out the electronic communication process, for providing certain functions requested by you (for example shopping cart function), or for optimising the website (for example cookies for measuring the web audience) (necessary cookies) are stored on the basis of Article 6(1)(f) GDPR unless another legal basis is stated. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services. Where consent has been requested for the storage of cookies and comparable recognition technologies, processing takes place exclusively on the basis of this consent (Article 6(1)(a) GDPR and Section 25(1) TDDDG); consent may be withdrawn at any time.
You can configure your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies in certain cases or in general, and enable automatic deletion of cookies when closing the browser. If cookies are disabled, this website’s functionality may be limited.
Which cookies and services are used on this website can be found in this privacy policy.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes:
-
browser type and browser version
-
operating system used
-
referrer URL
-
hostname of the accessing computer
-
time of the server request
-
IP address
This data is not merged with other data sources.
The collection of this data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website; for this, the server log files must be recorded.
Contact form
If you send us enquiries via the contact form, the information you provide in the enquiry form, including the contact data you enter there, will be stored by us for the purpose of processing your enquiry and in case of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Article 6(1)(b) GDPR, where your enquiry relates to the performance of a contract or is necessary in order to take steps prior to entering into a contract. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries submitted to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), if this has been requested; consent may be withdrawn at any time.
The data you enter in the contact form remains with us until you request erasure, withdraw your consent to storage or the purpose for data storage no longer applies (for example after your enquiry has been fully processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.
Enquiry by email, telephone or fax
If you contact us by email, telephone or fax, your enquiry, including all resulting personal data (name, enquiry), will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is based on Article 6(1)(b) GDPR, where your enquiry relates to the performance of a contract or is necessary in order to take steps prior to entering into a contract. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries submitted to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), if this has been requested; consent may be withdrawn at any time.
The data you send to us via contact enquiries will remain with us until you request erasure, withdraw your consent to storage or the purpose for data storage no longer applies (for example after your request has been processed in full). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Communication via WhatsApp
We use, among other things, the instant messaging service WhatsApp for communication with our customers and other third parties. Provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Communication takes place using end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the content of the communication. However, WhatsApp obtains access to metadata that arise in the course of the communication process (for example sender, recipient and time). We also point out that, according to WhatsApp’s own statements, WhatsApp shares personal data of its users with its US-based parent company Meta.
Further details on data processing can be found in WhatsApp’s privacy policy:
https://www.whatsapp.com/legal/#privacy-policy
The use of WhatsApp is based on our legitimate interest in the fastest and most effective possible communication with customers, prospective customers and other business and contractual partners (Article 6(1)(f) GDPR). Where corresponding consent has been requested, processing takes place exclusively on the basis of consent; this can be withdrawn at any time with effect for the future.
The communication content exchanged between you and us via WhatsApp remains with us until you request erasure, withdraw your consent to storage or the purpose for data storage no longer applies (for example after your request has been fully processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.
The company is certified under the EU-US Data Privacy Framework (DPF). Further information is available here:
https://www.dataprivacyframework.gov/participant/7735
We have concluded a data processing agreement (DPA) with the above-mentioned provider.
Registration on this website
You can register on this website to use additional functions on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full; otherwise we will reject the registration.
For important changes, for example changes to the scope of the offer or technically necessary changes, we use the email address provided during registration in order to inform you by this means.
The processing of the data entered during registration is carried out for the purpose of performing the user relationship established by registration and, where applicable, to initiate further contracts (Article 6(1)(b) GDPR).
The data collected during registration is stored by us as long as you are registered on this website and is then deleted. Statutory retention periods remain unaffected.
6. Social Media
Functions of the service Instagram are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
If the social media element is active, a direct connection is established between your terminal device and the Instagram server. Instagram thus receives information that you have visited this website.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to this website with your user account. We point out that we, as the provider of the pages, do not have knowledge of the content of the transmitted data or of how it is used by Instagram.
The use of this service is based on your consent under Article 6(1)(a) GDPR and Section 25(1) TDDDG. Consent may be withdrawn at any time.
To the extent that personal data is collected on our website using the tool described here and transmitted to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for such data processing (Article 26 GDPR). Joint responsibility is limited to the collection of data and its transfer to Facebook or Instagram. The subsequent processing by Facebook or Instagram is not part of the joint responsibility.
The jointly responsible obligations have been set out in an agreement on joint processing. The wording of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum
According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for implementing the tool in a manner compliant with data protection law on our website. Facebook is responsible for data security of the Facebook and Instagram products. You may assert data subject rights (for example access requests) with regard to the data processed by Facebook or Instagram directly with Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. Details are available at:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://privacycenter.instagram.com/policy/
https://de-de.facebook.com/help/566994660333381
Further information can be found in Instagram’s privacy policy:
https://privacycenter.instagram.com/policy/
The company is certified under the EU-US Data Privacy Framework (DPF). Further information is available at:
https://www.dataprivacyframework.gov/participant/4452
This website uses elements of the LinkedIn network. Provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Each time you access a page on this website that contains LinkedIn elements, a connection is established to LinkedIn servers. LinkedIn is informed that you have visited this website with your IP address. If you click LinkedIn’s “Recommend” button while logged into your LinkedIn account, LinkedIn is able to associate your visit to this website with your user account. We note that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.
The use of this service is based on your consent under Article 6(1)(a) GDPR and Section 25(1) TDDDG. Consent may be withdrawn at any time.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses.
Details can be found here:
https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-undder-schweiz?lang=de
Further information is available in LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy
The company is certified under the EU-US Data Privacy Framework (DPF). Further information is available at:
https://www.dataprivacyframework.gov/participant/5448
Social media posts from fans
We embed social media posts from fans (for example from Instagram or Twitter) on our website in our blog, in which we or our social media channel have been tagged.
The legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interest lies in sharing posts from fans on our website with other fans.
We only process your social media posts if no persons can be clearly identified in the posts. If you are depicted in the post, we will only process the post with your prior consent. We will contact you for this purpose and ask whether we may publish the post on our website.
The data will be deleted as soon as it is no longer required for the purpose for which it was collected.
Embedded videos
To make the content on our website more attractive and to provide it with an appropriate loading time, we embed videos from the platforms Vimeo and YouTube.
YouTube
Provider of the social media platform YouTube is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a company of the Google group. As a rule, when you access a page with embedded videos, your IP address is sent to YouTube/Google and cookies are installed on your device, provided you have consented in accordance with Article 6(1)(a) GDPR and Section 25(1) TTDSG. The following data is also transmitted to YouTube/Google in this context, over which we have no influence:
IP address, date and time, time zone difference from Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred, website from which the request originates, browser used as well as operating system and its interface, language and version of the browser software, device used (PC, smartphone etc.) and location (if Google Maps is activated).
YouTube/Google also receives information that you have accessed the corresponding sub-page of our website when you play the video. If you are logged into your YouTube or Google account, this data will be directly associated with your user account. If you do not wish such association, you must log out prior to playing the video. YouTube/Google also stores data if you do not have a Google user account, in particular: IP address, search queries, browser and operating system version.
YouTube/Google stores this data as user profiles and uses it for advertising, market research and/or tailoring its own website to user needs. You have the right to object to the creation of these user profiles, which must be exercised with YouTube.
Further information can be found in Google’s privacy policies:
https://policies.google.com/technologies/product-privacy?hl=de
Please note that the information collected by cookies is usually transmitted to a server in the United States and stored there. In the event of data transfer to the United States, the transfer is based on the existence of Standard Contractual Clauses.
The disclosure of personal data by YouTube/Google, in particular to third countries, is outside our area of responsibility and we have no influence on it.
Vimeo
Provider of Vimeo is Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. For technical reasons, embedding Vimeo videos results in calls being made to Vimeo servers. When you access a page with embedded videos, your IP address, technical details about your device (for example browser type, operating system, basic device information) and the website you visited are transmitted to Vimeo and cookies are stored on your device, provided you have consented in accordance with Article 6(1)(a) GDPR and Section 25(1) TTDSG.
Vimeo is responsible for the data processing associated with playing a video from your browser or device. Further information on data processing and data protection by Vimeo can be found at:
https://vimeo.com/privacy
Please note that data processed by Vimeo may be transmitted to a server in the United States and stored there. In the event of data transfer to the United States, the transfer is based on the existence of Standard Contractual Clauses.
The disclosure of personal data by Vimeo, in particular to third countries, is outside our area of responsibility and we have no influence on it.
Music and podcasts
We use hosting and analytics services from service providers to offer our audio content for streaming and download and to obtain statistical information on the retrieval of audio content. For technical reasons, data is already transmitted to the respective provider. Such data includes usage data (for example visited websites, interest in content, access times) and meta/communication data (for example device information, IP addresses).
The legal basis is Article 6(1)(f) GDPR. Our legitimate interest is being able to present audio content on our website.
We use the following service providers (further information can be found in the respective provider’s privacy policy):
-
Podigee – music and podcast hosting; Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany (https://www.podigee.com/de/about/privacy)
-
Spotify – music hosting and widget; Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden (https://www.spotify.com/de/legal/privacy-policy/)
-
Acast – music hosting and widget; Acast AB, Kungsgatan 12, SE-111 35 Stockholm, Sweden (https://www.acast.com/en/privacy-us)
-
Apple Podcast – music hosting and widget; Apple Inc., One Apple Park Way, Cupertino, California, USA, 95014 (https://www.apple.com/de/legal/privacy/)
Please note that data processed by these providers may be transferred to servers in third countries and stored there. In the event of data transfer to third countries, the transfer is based on the existence of Standard Contractual Clauses.
The disclosure of personal data by these providers, in particular to third countries, is outside our area of responsibility and we have no influence on it.
Media recordings of spectators in the context of home matches of the FC Viktoria Berlin women’s regional league team
At home matches of the FC Viktoria Berlin women’s regional league team, which are played at the Stadion Lichterfelde, Ostpreußendamm 3-17, 12207 Berlin, media recordings (photos, videos, audio) are regularly made. These media recordings are used exclusively for public relations, for the purposes of external presentation and appropriate reporting. The legal basis for data processing is our legitimate interest pursuant to Article 6(1)(f) GDPR. The media recordings will be broadcast live on Sport1 for the purpose of public relations and appropriate reporting, and published online (on our website and/or in social media such as Instagram, Twitter, YouTube etc.) as well as in print/online media and other publications of FC Viktoria Berlin. The recordings are only passed on to the extent necessary in connection with the creation and publication of the recordings, in particular in print and online media. Recipients in this case are employees, external service providers, partners, sponsors and web hosts of FC Viktoria Berlin. We have ensured that these parties are selected and monitored in compliance with statutory provisions and are likewise obliged to comply with data protection law. Beyond this, no further transfer of your data takes place unless you have expressly agreed to such transfer. In this case, the legal basis is your consent in accordance with Article 6(1)(a) GDPR. This consent may be withdrawn at any time without giving reasons by contacting us (using the contact details above). Media recordings created by us for the purposes of public relations, external presentation and appropriate reporting are deleted as soon as you exercise your right to object, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or statutory duties of storage and retention or the establishment, exercise or defence of legal claims require further storage. Media recordings processed on the basis of your consent in accordance with Article 6(1)(a) GDPR will be deleted as soon as you withdraw your consent, unless statutory duties of storage and retention or the establishment, exercise or defence of legal claims require further storage. Consent to the processing of media recordings may be withdrawn at any time in writing for the future by contacting us at the above address. The lawfulness of processing based on consent before its withdrawal remains unaffected.
7. Analytics Tools and Advertising
Google Tag Manager
We use Google Tag Manager. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate and manage tracking or analytics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies or perform independent analyses. It only serves to manage and execute the tools integrated via it. However, Google Tag Manager collects your IP address, which may also be transmitted to the US parent company of Google.
The use of Google Tag Manager is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. Where consent has been requested, processing takes place exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information in the user’s terminal device (for example device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.
The company is certified under the EU-US Data Privacy Framework (DPF). Further information is available here:
https://www.dataprivacyframework.gov/participant/5780
Google Analytics
This website uses functions of the web analytics service Google Analytics. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. These data may be aggregated in a user ID and assigned to the respective user device.
We can also use Google Analytics to record mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics applies various modelling approaches to supplement the collected data and uses machine learning technologies in data analysis.
Google Analytics uses technologies that allow the recognition of the user for the purpose of analysing user behaviour (for example cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the United States and stored there.
The use of this service is based on your consent under Article 6(1)(a) GDPR and Section 25(1) TDDDG. Consent may be withdrawn at any time.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses.
Details can be found here:
https://business.safety.google/adscontrollerterms/sccs/
The company is certified under the EU-US Data Privacy Framework (DPF). Further information is available here:
https://www.dataprivacyframework.gov/participant/5780
IP anonymisation
IP anonymisation is activated on this website for Google Analytics. This means that your IP address will be truncated by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide other services relating to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de
Further information on how Google Analytics handles user data can be found in Google’s privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de
Google Signals
We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history as well as demographic data (visitor data). These data can be used by Google Signals for personalised advertising. If you have a Google account, the visitor data from Google Signals will be linked to your Google account and used for personalised advertising messages. The data is also used to create anonymised statistics on user behaviour of our users.
Processor agreement
We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Google Analytics e-commerce measurement
This website uses the “e-commerce measurement” function of Google Analytics. With the help of e-commerce measurement, the website operator can analyse the purchasing behaviour of website visitors in order to improve its online marketing campaigns. In this context, information such as orders placed, average order values, shipping costs and the time from viewing a product to purchase are recorded. These data can be aggregated by Google under a transaction ID that is associated with the respective user or their device.
Meta Pixel (formerly Facebook Pixel)
This website uses the visitor action pixel from Meta for conversion measurement. Provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, the collected data is also transferred to the United States and other third countries.
This makes it possible to track the behaviour of site visitors after they click on a Meta ad and are redirected to the provider’s website. This allows the effectiveness of Meta ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.
The collected data is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Meta, making a connection to the respective user profile on Facebook or Instagram possible, and Meta may use the data for its own advertising purposes in accordance with the Meta Data Policy (https://de-de.facebook.com/about/privacy/). This allows Meta to place advertisements on Facebook, Instagram and other channels. We cannot influence this use of data.
The use of this service is based on your consent under Article 6(1)(a) GDPR and Section 25(1) TDDDG. Consent may be withdrawn at any time.
We use the “advanced matching” function within Meta Pixel. Advanced matching allows us to transmit various types of data (for example place of residence, federal state, postal code, hashed email addresses, names, gender, date of birth or telephone numbers) of our customers and prospective customers, which we collect on our website, to Meta. This enables us to tailor our advertising campaigns on Facebook and Instagram more precisely to persons who are interested in our offers. Advanced matching also improves the attribution of website conversions and expands custom audiences.
To the extent that personal data is collected on our website using the tool described here and transmitted to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Article 26 GDPR).
Joint responsibility is limited to the collection of data and its transfer to Meta. The subsequent processing by Meta is not part of the joint responsibility. The jointly responsible obligations have been set out in an agreement on joint processing.
The wording of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum
According to this agreement, we are responsible for providing the data protection information when using the Meta tool and for implementing the tool on our website in a manner compliant with data protection law. Meta is responsible for the data security of the Meta products. You may assert data subject rights (for example access requests) regarding the data processed by Facebook or Instagram directly with Meta. If you assert data subject rights with us, we are obliged to forward them to Meta.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses.
Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://de-de.facebook.com/help/566994660333381
Further information on privacy at Meta can be found here:
https://de-de.facebook.com/about/privacy/
You can also disable the “Custom Audiences” remarketing function in the ad settings section at:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
You must be logged into Facebook to do so.
If you do not have a Facebook or Instagram account, you can disable usage-based advertising by Meta on the website of the European Interactive Digital Advertising Alliance:
http://www.youronlinechoices.com/de/praferenzmanagement/
The company is certified under the EU-US Data Privacy Framework (DPF). Further information is available here:
https://www.dataprivacyframework.gov/participant/4452
Meta Custom Audiences
We use Meta Custom Audiences. Provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
When you visit or use our websites and apps, make use of our free or paid offers, transmit data to us or interact with our Facebook or Instagram content, we collect your personal data. If you have given us consent to use Meta Custom Audiences, we will transmit this data to Meta, which can use it to show you suitable advertising. Target groups (lookalike audiences) may also be defined with your data.
Meta processes this data as our processor. Details can be found in Meta’s usage terms:
https://www.facebook.com/legal/terms/customaudience
The use of this service is based on your consent under Article 6(1)(a) GDPR and Section 25(1) TDDDG. Consent may be withdrawn at any time.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses.
Details can be found here:
https://www.facebook.com/legal/terms/customaudience
https://www.facebook.com/legal/terms/dataprocessing
The company is certified under the EU-US Data Privacy Framework (DPF). Further information is available here:
https://www.dataprivacyframework.gov/participant/4452
LinkedIn Insight Tag
This website uses the LinkedIn Insight Tag. Provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Data processing by LinkedIn Insight Tag
With LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyse their professional key data (for example career level, company size, country, location, industry and job title) and better tailor our site to the respective target groups. Furthermore, we can use LinkedIn Insight Tag to measure whether visitors to our website perform a purchase or another action (conversion measurement). Conversion measurement may take place across devices (for example from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that enables us to show targeted advertising to visitors to our website outside the website, whereby, according to LinkedIn, the person being targeted is not identified.
LinkedIn also collects so-called log files (URL, referrer URL, IP address, device and browser characteristics and time of access). IP addresses are truncated or – if they are used to reach LinkedIn members across devices – hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is deleted within 180 days.
We, as the website operator, cannot assign the data collected by LinkedIn to specific individuals. LinkedIn will store the collected personal data on its servers in the United States and use it for its own advertising purposes. Details can be found in LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy#choices-oblig
Legal basis
Where consent (consent) has been obtained, the use of the above service is based exclusively on Article 6(1)(a) GDPR and Section 25 TDDDG. Consent may be withdrawn at any time. Where consent has not been obtained, this service is used on the basis of Article 6(1)(f) GDPR; the website operator has a legitimate interest in effective advertising measures including via social media.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses.
Details can be found here:
https://www.linkedin.com/legal/l/dpa
https://www.linkedin.com/legal/l/eu-sccs
The company is certified under the EU-US Data Privacy Framework (DPF). Further information is available here:
https://www.dataprivacyframework.gov/participant/5448
Objection to the use of LinkedIn Insight Tag
You can object to the analysis of user behaviour and targeted advertising by LinkedIn at the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
In addition, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking the data collected on our website with your LinkedIn account, you must log out of your LinkedIn account before visiting our website.
Processor agreement
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This contract required by data protection law ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
8. Newsletter
Newsletter data
If you wish to subscribe to the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered in the newsletter registration form takes place exclusively on the basis of your consent (Article 6(1)(a) GDPR). You may withdraw your consent to the storage of the data, the email address and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The lawfulness of data processing operations already carried out remains unaffected by the withdrawal.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe or after the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the framework of our legitimate interest pursuant to Article 6(1)(f) GDPR.
Data that has been stored by us for other purposes remains unaffected.
After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data in the blacklist is only used for this purpose and is not combined with other data. This serves both your interest and our interest in complying with statutory requirements for sending newsletters (legitimate interest within the meaning of Article 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You may object to storage if your interests outweigh our legitimate interest.
9. Plugins and Tools
Google Maps
This site uses the Google Maps map service. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This service enables us to integrate map material on our website.
To use the functions of Google Maps it is necessary to store your IP address. This information is generally transmitted to a Google server in the United States and stored there.
The provider of this site has no influence on this data transfer. When Google Maps is activated, Google may use Google Fonts for uniform display of fonts. When you call up Google Maps, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offers and of making the locations stated on the website easy to find. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. Where consent has been requested, processing takes place exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (for example device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses.
Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/
Further information on how user data is handled can be found in Google’s privacy policy:
https://policies.google.com/privacy?hl=de
The company is certified under the EU-US Data Privacy Framework (DPF). Further information is available here:
https://www.dataprivacyframework.gov/participant/5780
10. E-Commerce and Payment Providers
Processing of customer and contract data
We collect, process and use personal customer and contract data for the establishment, content design and amendment of our contractual relationships. We only collect, process and use personal data about the use of this website (usage data) to the extent necessary to enable the user to make use of the service or to bill for it.
The legal basis for this is Article 6(1)(b) GDPR.
The collected customer data will be deleted after completion of the order or termination of the business relationship and expiry of any statutory retention periods.
Statutory retention periods remain unaffected.
Which data is processed when ordering tickets?
When you order tickets from us, we process your personal data that you provide when ordering tickets. This data is used for the purpose of contract or order processing and to process your enquiries and bookings. The legal basis is Article 6(1)(b) GDPR. Where you have ordered tickets from us, we also wish to use your email address in order to send you similar suitable offers (Article 6(1)(f) GDPR in conjunction with Section 7(3) of the German Unfair Competition Act – UWG). Our legitimate interest lies in informing you about our offers for marketing purposes. If you do not wish to receive such emails, you may object by sending a brief message to datenschutz@fcviktoria.com.
Where data processing takes place within the context of an order or purchase process, the data is stored in accordance with statutory duties of storage and retention and deleted thereafter. With regard to marketing communications toward existing customers, your data is stored until you object to its use. In the event of an objection, we retain the relevant email address in a block list in order to be able to permanently respect your objection (legal basis is Article 6(1)(c) GDPR).
Data transfer for contract fulfilment for online shops, traders and shipping of goods
If you order goods from us, we transfer your personal data to the transport company commissioned to deliver the goods and to the payment service provider commissioned to handle the payment. Only those data will be disclosed that the respective service provider requires in order to perform its task. The legal basis for this is Article 6(1)(b) GDPR, which permits data processing for the performance of a contract or in order to take steps prior to entering into a contract. Where you have given your consent in accordance with Article 6(1)(a) GDPR, we will additionally pass on your email address to the transport company entrusted with the delivery so that it can inform you by email about the shipping status of your order; you can withdraw this consent at any time.
Data transfer for contract fulfilment for services and digital content
We only transfer personal data to third parties where this is necessary in the context of contract processing, for example to the credit institution entrusted with processing the payment.
Any further transmission of data does not take place or only takes place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The legal basis for data processing is Article 6(1)(b) GDPR, which permits data processing for the performance of a contract or in order to take steps prior to entering into a contract.
Payment services
We integrate payment services from third-party companies on our website. When you make a purchase with us, your payment data (for example name, payment amount, bank details, credit card number) is processed by the payment service provider for the purpose of processing the payment. For these transactions, the terms and conditions and privacy policies of the respective providers apply. The use of payment service providers is based on Article 6(1)(b) GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Article 6(1)(f) GDPR). Where consent has been requested for certain actions, Article 6(1)(a) GDPR is the legal basis for data processing; consent may be withdrawn at any time with effect for the future.
We use the following payment services/payment service providers on this website:
PayPal
Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”).
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses.
Details can be found here:
https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full
Further details can be found in PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Apple Pay
Provider of the payment service is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Apple’s privacy policy can be found at:
https://www.apple.com/legal/privacy/de-ww/
Google Pay
Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google’s privacy policy can be found here:
https://policies.google.com/privacy
Klarna
Provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (“Klarna”). Klarna offers various payment options (for example instalment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimise the use of the Klarna checkout solution. Details on the use of Klarna cookies can be found here:
https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf
Details can be found in Klarna’s privacy policy at:
https://www.klarna.com/de/datenschutz/
Paydirekt
Provider of this payment service is Paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, Germany (“Paydirekt”). If you make a payment using Paydirekt, Paydirekt collects various transaction data and passes it on to the bank at which you are registered with Paydirekt. In addition to the data required for the payment, Paydirekt may collect further data such as delivery address or individual items in the shopping cart in the course of transaction processing.
Paydirekt then authenticates the transaction using the authentication procedure stored at the bank for this purpose. The payment amount is then transferred from your account to our account. Neither we nor third parties have access to your account details. Details regarding payment with Paydirekt can be found in Paydirekt’s general terms and conditions and privacy information at:
https://www.paydirekt.de/agb/index.html
Sofortüberweisung (Sofort bank transfer)
Provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (“Sofort GmbH”). With the “Sofortüberweisung” procedure, we receive a payment confirmation in real time from Sofort GmbH and can immediately begin fulfilling our obligations. If you have chosen the “Sofortüberweisung” payment method, you transmit your PIN and a valid TAN to Sofort GmbH, which can use them to log into your online banking account. Sofort GmbH then automatically checks your account balance and carries out the transfer to us using the TAN you have provided. It then sends us an immediate transaction confirmation. After logging in, your turnover, the credit limit of your overdraft facility and the existence of other accounts and their balances are also automatically checked.
In addition to the PIN and TAN, the payment data you have entered as well as data concerning your person will be transmitted to Sofort GmbH. The data concerning your person include your full name, address, telephone number(s), email address, IP address and any other data necessary for payment processing. The transmission of this data is necessary in order to clearly establish your identity and prevent attempts at fraud. Details on payment with Sofortüberweisung can be found at:
https://www.klarna.com/sofort/
Shopify Payment
Provider of this payment service in the EU is Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify Payment”).
Details can be found in Shopify Payment’s privacy policy:
https://www.shopify.de/legal/datenschutz
American Express
Provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (“American Express”).
American Express may transfer data to its parent company in the United States. Data transfers to the United States are based on Binding Corporate Rules. Details can be found here:
https://www.americanexpress.com/en-cz/company/legal/privacy-centre/binding-corporate-rules/
Further information can be found in American Express’ privacy policy:
https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklarung/
Mastercard
Provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (“Mastercard”).
Mastercard may transfer data to its parent company in the United States. Data transfers to the United States are based on Mastercard’s Binding Corporate Rules. Details can be found here:
https://www.mastercard.de/de-de/datenschutz.html
https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf
VISA
Provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (“VISA”).
The United Kingdom is considered a “safe third country” from a data protection perspective. This means that the United Kingdom has a level of data protection equivalent to that of the European Union.
VISA may transfer data to its parent company in the United States. Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. Details can be found here:
https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zuzustandigkeitsfragen-fur-den-ewr.html
Further information can be found in VISA’s privacy policy:
https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html
11. Audio and Video Conferences
Data processing
We use, among other things, online conference tools to communicate with our customers. The tools we use are listed below. When you communicate with us via video or audio conference over the internet, your personal data are collected and processed by us and by the provider of the respective conference tool.
The conference tools collect all data that you provide or use in the course of using the tools (email address and/or telephone number). In addition, the conference tools process the duration of the conference, the start and end times of participation, number of participants and other “context information” related to the communication process (metadata).
Furthermore, the provider of the tool processes all technical data required for handling online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone and loudspeakers and the type of connection.
Where content is exchanged, uploaded or provided in any other way within the tool, this is likewise stored on the servers of the tool provider. Such content includes, in particular, cloud recordings, chat or instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared during use of the service.
Please note that we do not have full influence over the data processing processes of the tools used. Our options are largely determined by the corporate policies of the respective providers. For further information on data processing by the conference tools, please refer to the privacy policies of the respective tools used, which we have listed below.
Purpose and legal bases
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Article 6(1)(b) GDPR). In addition, the use of the tools serves to simplify and accelerate communication with us or our company (legitimate interest within the meaning of Article 6(1)(f) GDPR). Where consent has been requested, the tools are used on the basis of this consent; consent may be withdrawn at any time with effect for the future.
Storage period
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request erasure, withdraw your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence over the storage period of your data that is stored by the operators of the conference tools for their own purposes. For details, please refer directly to the operators of the conference tools.
Conference tools used
We use the following conference tool:
Google Meet
We use Google Meet. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on data processing can be found in Google’s privacy policy:
https://policies.google.com/privacy?hl=de
The company is certified under the EU-US Data Privacy Framework (DPF). Further information is available here:
https://www.dataprivacyframework.gov/participant/5780
Processor agreement
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This contract required by data protection law ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
12. Own Services
Handling applicant data
We offer you the opportunity to apply to us (for example by email, by post or via an online application form). Below we inform you about the scope, purpose and use of your personal data collected in the context of the application process. We assure you that the collection, processing and use of your data takes place in accordance with applicable data protection law and all other statutory provisions and that your data will be treated strictly confidentially.
Scope and purpose of data collection
If you send us an application, we process your associated personal data (for example contact and communication data, application documents, notes taken in the course of interviews etc.) to the extent necessary to decide whether to establish an employment relationship. The legal bases for this are Section 26 of the German Federal Data Protection Act (BDSG) under German law (data processing for the purposes of the employment relationship), Article 6(1)(b) GDPR (general contract initiation) and – where consent has been given – Article 6(1)(a) GDPR. Consent may be withdrawn at any time. Your personal data will be passed on within our company only to persons involved in processing your application.
Where the application is successful, the data you submit will be stored in our data processing systems for the purpose of implementing the employment relationship on the basis of Section 26 BDSG and Article 6(1)(b) GDPR.
Storage period for data
Where we are unable to make you an offer, where you reject an offer or withdraw your application, we reserve the right to retain the data you have transmitted on the basis of our legitimate interests (Article 6(1)(f) GDPR) for up to six months after the end of the application process (rejection or withdrawal of the application). The data is then deleted and physical application documents are destroyed. Storage serves, in particular, as evidence in the event of a legal dispute. If it becomes apparent that the data will be required after expiry of the six-month period (for example due to a pending or threatened legal dispute), erasure will not take place until the purpose for further storage no longer applies.
Longer storage may also take place if you have given your consent (Article 6(1)(a) GDPR) or if statutory retention requirements prevent erasure.
Inclusion in the applicant pool
If we are unable to make you a job offer, we may offer to include you in our applicant pool. In the event that you are included, all documents and information from your application will be stored in the applicant pool in order to contact you in the event of suitable vacancies.
Inclusion in the applicant pool is based exclusively on your explicit consent (Article 6(1)(a) GDPR). The granting of consent is voluntary and is not related to the ongoing application procedure. The data subject may withdraw their consent at any time. In this case, the data from the applicant pool will be irrevocably deleted where no statutory retention reasons exist.
The data from the applicant pool will be irrevocably deleted no later than two years after consent is given.
Google Drive
We have integrated Google Drive on this website. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Drive allows us to integrate an upload area on our website where you can upload content. When you upload content, it will be stored on Google Drive’s servers. When you visit our website, a connection to Google Drive is also established so that Google Drive can determine that you have visited our website.
The use of Google Drive is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in a reliable upload area on its website.
Where consent has been requested, processing takes place exclusively on the basis of Article 6(1)(a) GDPR; consent may be withdrawn at any time.
The company is certified under the EU-US Data Privacy Framework (DPF). Further information is available here:
https://www.dataprivacyframework.gov/participant/5780
Processor agreement
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This contract required by data protection law ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Changes to This Privacy Policy
We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, for example when introducing new services.
Status: December 2025
Data Privacy
bottom of page