Privacy Policy

As of: 18. may 2018

A trustful and secure handling of personal data is very important to us. We observe the provisions of the EU Data Protection Ordinance (DS-GMO), the Federal Data Protection Act (BDSG) and other European regulations and would like to inform you in detail and transparently about the processing of your personal data in this data protection declaration.

Personal data are all data that are personally identifiable to you, e.g. name, address, e-mail addresses or user behavior. With regard to the other terms used below, such as "responsible person" or "contract processor", we refer to the definition catalogue of the definitions in article 4 GDPR.

1. Person in charge

The collection, processing and use of personal data in connection with the use of the website operated under http://www.sportograf.com/ is carried out by the

Sportograf GmbH & Co. KG

Dennewartstr. 25-27

52068 Aachen

2. Data protection officer

You can reach our data protection officer at the following contact details:

Sportograf GmbH & Co. KG

z. Hd. Datenschutzbeauftragter
Dennewartstr. 25-27

52068 Aachen
datenschutz@sportograf.com

3. collection, processing and use of personal data

We only collect, process and/or use personal data if you have given your consent or if this is permitted by law. This "prohibition with reservation of permission", which applies in data protection law, means that processing may only be carried out on the basis of consent or a legal exception. The most important and for us relevant facts of permission can be found in article 6 paragraph 1 GDPR. These relate in particular to the case,

* that the data subject has given his or her consent, cf. Article 6 paragraph 1 lit. a in conjunction with Article 7 GDPR,
* that the processing of personal data is necessary to fulfil our contractual obligations, cf. Article 6 paragraph 1 lit. b GDPR,
* or that the processing is based on our legitimate interests (e.g. analysis and further development of our products, increase in economic efficiency), cf. Article 6 paragraph 1 lit. f GDPR.

4. type of data and purpose of collection, processing or use of personal data

a. informational use

When you simply use our website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our servers.

When you visit our website, we collect the following data, which are technically necessary for us to display our website and to guarantee data security as well as the stability and security of our IT systems, on the basis of our legitimate interests pursuant to article 6 paragraph 1 lit. f GDPR:

* IP address
* the domain name of the website you came from
* the websites you have visited in our offer
* the names of the files retrieved
* Date and time of a request
* the name of your Internet Service Provider
* and, if necessary, the operating system and browser version of your PC.

b. Contact us by e-mail

If you contact us by e-mail, we will process the data you provide (your e-mail address, if applicable your name, telephone number and other details) in order to process and answer your questions; the legal basis is article 6 paragraph 1 lit. f GDPR.

c. Online Shop

We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to article 6 paragraph 1 lit b. GDPR.

Users can optionally create a user account, in particular by viewing their orders. During the registration process, the required information will be communicated to the users. The user accounts are not public and cannot be indexed by search engines. It is up to the users to save their data before the end of the contract if they have given notice of termination. In the event of termination of the user account, we are entitled to irretrievably delete all user data stored during the term of the contract.

When registering, re-registering and using our online services, we store the IP address and the time of the respective user action. The data is stored on the basis of our legitimate interests as well as the user's protection against misuse and other unauthorized use. A passing on of this data to third parties does not take place in principle, unless it is necessary to pursue our claims or there is a legal obligation in accordance with article 6 paragraph 1 lit. c GDPR.

We process usage data (e.g., the visited websites of our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile in order to show the user e.g. product information based on their previously used services.

d. Newsletter Race-letter

We offer all interested parties the opportunity to register for the Raceletter newsletter. It appears at irregular intervals and deals above all with everything the racing heart desires!

Purpose of data processing, legal basis and content of consent: When registering, only your e-mail address is required. We send our newsletter only on the basis of the consent of the recipients in accordance with article 6 paragraph 1 lit. a in connection with article 7 GDPR. By subscribing to our newsletter, you agree to receive information and promotional materials regarding Sportograf offers and promotions.

Double Opt-In procedure: When registering for the newsletter, we use the so-called double opt-in procedure. After registration, the interested party receives an e-mail with a confirmation link to the e-mail address provided, which he/she must click to confirm the registration for the newsletter. We log the registrations for the newsletter in order to be able to prove the registration process in accordance with the data protection requirements. In this context, we store the time of registration and confirmation as well as the IP address.

Service provider information: The newsletter is sent via "MailChimp", a newsletter mailing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection regulations of the shipping service provider can be viewed here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). Furthermore, the shipping service provider can use this data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for technical optimization of the dispatch and presentation of the newsletter or for statistical purposes in order to determine from which countries the recipients come. However, the shipping service does not use the data of our newsletter recipients to write them down or pass them on to third parties. The use of the shipping service provider, performance of statistical surveys and analyses as well as logging of the registration procedure are carried out on the basis of our legitimate interests pursuant to article 6 paragraph 1 lit. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of users.

Statistical data collection and analysis: The newsletters contain a so-called "web-beacon", that is a pixel-sized file that is retrieved from the mail-order company's server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our intention, nor that of the shipping service provider, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.

Cancellation/Revocation: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. At the same time, your consents to their dispatch by the shipping service provider and the statistical analyses expire. A separate revocation of the dispatch by the dispatch service provider or the statistical evaluation is unfortunately not possible. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled their subscription, their personal data will be deleted.

5. Purpose of the collection, processing or use of personal data

Unless otherwise stated, we collect, process or use your personal data provided in order to fulfil our obligations arising from the underlying contracts (e.g. ordering goods or services, sending the newsletter, access to various platforms), cf. article 6 paragraph 1 lit. b GDPR.

In addition, we collect, process or use the personal data described in section 3 lit. a. on the basis of our legitimate interest to enable the use of our website and to guarantee its IT security, cf. article 6 paragraph 1 lit. f GDPR.

6. Duration of the storage of personal data and/or criteria for the storage period

The data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to keep it in safekeeping. If the user's data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax reasons.

In accordance with statutory requirements, the records are kept for 6 years in accordance with § 257 (1) German Commercial Code (HGB) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with paragraph 147 (1) Tax Code (§147 AO Abgabenordnung, Bundesrecht) (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

7. No unauthorized passing on to third parties

We treat the personal data transmitted by you with the utmost care. We transmit the data to third parties only if this is necessary for the execution and processing of entered contractual relationships, if you have given us your consent to this or if the transfer is otherwise permitted by relevant statutory provisions.

8. Protection of personal data

We protect our website as well as the data stored in our area of responsibility against loss, destruction, unauthorized access, changes or publication by unauthorized persons by a bundle of technical and organizational measures in accordance with the current state of technology.

The input and transmission of personal data is encrypted according to the SSL procedure (Secure Socket Layer).

a. What is SSL?

A website encrypted with SSL transmits personal data encrypted to the server so that it is impossible for third parties to intercept or read it. A certificate verifies our identity. Depending on the browser, you can see that a secure connection exists through the green address bar and/or the lock. By clicking on the lock or the green address bar you can read our online proof of identity.

b. What does SSL do?

By encrypting the transmission you can assume that the data you enter can only be read by us. You can see from the green address bar that you are connected to our server and that it is not a third-party site.

9. Use of cookies

In order to make your visit to our website attractive and to enable the use of certain functions, we use cookies on various pages on the basis of our legitimate interests pursuant to article. 6 paragraph 1 lit. f GDPR.

Cookies are information that is transferred from our web server or third party web servers to the user's web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.

We use "session cookies”, e.g. to store your login status or the shopping basket function and thus enable the use of our online offer at all. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about a visitor's email address and the language selected on our site. These cookies cannot store any other data.

Users will be informed about the use of cookies in the context of pseudonymous range measurement within the scope of this data protection declaration. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

You may opt-out of the use of cookies for range measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

10. Integration of third-party services and content

Within our online offer, based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6 paragraph 1 lit. f. GDPR) we use any kind of content or service offerings of third parties to incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third party providers of this content perceive the IP address of the users, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We make every effort to use only those contents whose respective providers use the IP address only for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. “Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offer, as well as may be linked to such information from other sources.

The following presentation provides an overview of third-party providers and their contents, together with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possibilities of objection (so-called opt-out):

* If our customers use the payment services of third parties (e.g. PayPal or Worldpay), the terms and conditions and the privacy policy of the respective third party providers, which can be accessed within the respective websites or transaction applications, apply.
* External fonts from Google, Inc, https://www.google.com/fonts ("Google Fonts"). The integration of the Google Fonts takes place via a server call with Google (usually in the USA). Privacy Policy: https://policies.google.com/privacy?hl=en/, Opt-Out: https://www.google.com/settings/ads/.
* Functions of the Instagram service are integrated in our online offer. These functions are provided by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that, as the provider of these pages, we are not aware of the content of the submitted data or its use by Instagram. Privacy Policy: http://instagram.com/about/legal/privacy/.
* Within our online offer, functions of the Twitter service can be integrated. These functions are provided by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter. We would like to point out that, as the provider of the pages, we are not aware of the content of the data transmitted or how it is used by Twitter. Twitter's privacy policy at http://twitter.com/privacy. You can change your Twitter privacy settings in your account settings at http://twitter.com/account/settins .

11. Rights of the persons concerned

You have the following rights towards us with regard to personal data concerning you:

* Right to information according to Article 15 GDPR,
* Right to correction or deletion pursuant to Article 16 GDPR or Article 17 GDPR,
* Right to restrict processing in accordance with Article 18 GDPR,
* Right to data transferability in accordance with Article 20 GDPR,
* Right of objection to processing under Article 21 GDPR.

You also have the right to complain to a data protection supervisory authority about our processing of your personal data. The responsible authority is Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Postfach 20 04 44, 40102 Düsseldorf, Germany.

12. opposition or revocation against the processing

If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation influences the permissibility of processing your personal data after you have given it to us.

TO THE EXTENT THAT WE CONSIDER THE PROCESSING OF YOUR PERSONAL DATA IN ACCORDANCE WITH ARTICLE 6 ABS. 1 LIT. F GDPR, YOU CAN OBJECT TO THE PROCESSING. IN THE EVENT OF SUCH A CONTRADICTION, PLEASE EXPLAIN THE REASONS WHY WE SHOULD NOT PROCESS YOUR PERSONAL DATA AS WE HAVE DONE. IN THE EVENT OF YOUR JUSTIFIED OBJECTION, WE WILL EXAMINE THE SITUATION AND EITHER DISCONTINUE OR ADAPT DATA PROCESSING OR POINT OUT TO YOU OUR COMPELLING REASONS WORTHY OF PROTECTION, ON THE BASIS OF WHICH WE WILL CONTINUE PROCESSING.

YOU MAY AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF ADVERTISING AND DATA ANALYSIS. YOU CAN INFORM US ABOUT YOUR ADVERTISING CONTRADICTION UNDER THE CONTACT DATA LISTED IN NUMBER 2.

13. Changes to the data protection declaration

We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service or data processing. However, this only applies with regard to declarations on data processing. If user consents are required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the users' consent. Users are asked to inform themselves regularly about the contents of the data protection declaration.

14. Questions, comments, suggestions

We will be pleased to answer your questions relating to the topic of data protection and to receive any comments and suggestions. Send us an email to info@sportograf.com or write to us at the following postal address:

Sportograf GmbH & Co. KG

Dennewartstr. 25-27

52068 Aachen

* * * * *