Privacy Policy

As of: 04. February 2019

A trusting and secure handling of personal data is very important to us. We observe the regulations of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other European regulations and would like to inform you in detail and transparently about the processing of your personal data in this data protection declaration.

Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses or user behaviour. With regard to the other terms used below, such as "responsible person" or "processor", we refer you to the definition catalogue of the definitions in Art. 4 GDPR.

1. Controller

The collection, processing and use of personal data in connection with the use of the www.sportograf.com website and other herein described data processing is carried out by

Sportograf GmbH & Co. KG

Dennewartstr. 25-27

52068 Aachen
E-Mail: info@sportograf.com

2. Data Protection Officer

If you have any questions regarding data protection, please send us an e-mail or contact our Data Protection Officer directly. You can reach him under the following contact details:

aix privacy UG (haftungsbeschränkt)
z. Hd. Burak Zurel
Aachener-und-Münchener-Allee 9
52074 Aachen
E-Mail: datenschutz.sportograf@aixprivacy.de

3. Collection, processing and use of personal data

We collect, process and/or use personal data only if you have consented or if this is permitted by law. This "prohibition without prejudice to permission" under data protection law means that processing may only be carried out on the basis of consent or a statutory basis of permission. The most important and for us relevant permissions can be found in Art. 6 para. 1 GDPR. These concern in particular the case,

* that a consent of the concerning is present, see Art. 6 para. 1 lit. a i.V.m art. 7 GDPR,
* that the processing of the personal data is necessary for the fulfilment of our contractual obligations, see Art. 6 para. 1 lit. b GDPR,
* or that the processing is based on our legitimate interests (e.g. analysis and further development of our products, increase in economic efficiency), see Art. 6 Para. 1 lit. f GDPR.

4. Type of data and purpose of collection, processing or use of personal data

A. Informational use

When using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our servers.

When you call up our website, we collect the following data on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR, which is technically necessary for us to display our website to you and to guarantee data security as well as the stability and security of our IT systems:

* IP-address
* the domain name of the website from which you came
* the websites you have visited in our offer
* the names of the retrieved files
* Date and time of a retrieval
* the name of your Internet Service Provider
* and, if applicable, the operating system and browser version of your PC.

B. Contact by e-mail

When you contact us by e-mail, we process the data you provide us with (your e-mail address, your name, telephone number if applicable, and other details) in order to process and answer your questions; the legal basis is Art. 6 Para. 1 lit. f GDPR.

C. Online Shop

We process stock data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling

Users can optionally create a user account by viewing their orders in particular. In the context of the registration, the necessary compulsory data are communicated to the users. The user accounts are not public and cannot be indexed by search engines. It is incumbent upon the users to secure their data before the end of the contract in the event of termination. In the event of termination of the user account, we are entitled to irretrievably delete all user data stored during the term of the contract.

Within the scope of registration and renewed registrations as well as use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. A passing on of these data to third parties does not take place in principle, unless it is necessary for the pursuit of our claims or there is a legal obligation according to Art. 6 para. 1 lit. c GDPR.

We process usage data (e.g., the websites visited on our website, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile in order to display the user, e.g. product information based on the services they have previously used.

D. Newsletter/Race-letter

We offer all interested parties the opportunity to register for the Raceletter newsletter. The newsletter appears at irregular intervals and deals with everything the race heart desires!

Purpose of data processing, legal basis and content of consent: Within the scope of registration, only your e-mail address is required. We send our newsletter only on the basis of the consent of the recipient according to Art. 6 Para. 1 lit. a, Art. 7 GDPR. By subscribing to our newsletter, you agree to receive information and promotional materials regarding Sportograf's offers and promotions.

Double Opt-In procedure: We use the so-called double opt-in procedure when registering for the newsletter. After registration, the interested party receives an e-mail with a confirmation link to the given e-mail address, which he must click to confirm registration for the newsletter. We log the registrations for the newsletter in order to be able to prove the registration process according to the data protection requirements. In this context, we store the time of registration and confirmation as well as the IP address.

Information about the service provider: The newsletter is sent via "MailChimp", a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the shipping service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). Furthermore, according to its own information, the shipping service provider may use this data in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for the technical optimisation of the shipping and presentation of the newsletter or for statistical purposes, in order to determine from which countries the recipients come. However, the dispatch service provider does not use the data of our newsletter recipients to contact them or pass them on to third parties. The use of the dispatch service provider, the performance of statistical surveys and analyses as well as the logging of the registration procedure are carried out on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR. Our interest is directed to the use of a user-friendly and secure newsletter system, which serves our business interests as well as the expectations of the users.

Statistical survey and analysis: The newsletters contain a so-called "web-beacon", i.e. a file the size of a pixel, which is called up by the server of the dispatch service provider when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are first collected. This information is used for the technical improvement of the services on the basis of the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our nor the shipping service provider's intention to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.

Termination/revocation: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. At the same time, your consent to its dispatch by the dispatch service provider and the statistical analyses will expire. A separate revocation of the dispatch by the dispatch service provider or the statistical evaluation is unfortunately not possible. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled their subscription, their personal data will be deleted.

E. Photography at sports events If you take part in an event at which we have been commissioned by the organizer as an exclusive photo service, we may collect photographic material on which you can be identified personally, possibly with your participant number of the event (e.g. start number).

We use the data collected at the sporting events to fulfil our obligation as a photo service provider under the underlying contract with the organiser and in our own economic interest to market the photos of the event to the interested participants via our website www.sportograf.com Based on our many years of experience in the field of event photography, we can state that on the one hand, the participants of sporting events will be informed transparently that Sportograf will be used as an exclusive photo service provider and, on the other hand, every participant of such an event must expect that the organiser or his cooperation partner will market photos of such events as souvenirs.

Legal basis are our aforementioned legitimate interests according to Art. 6 para. 1 lit. f GDPR. You can object to this processing in accordance with section 12. Your data will not be passed on to third parties. For the collection of the corresponding photos we exclusively use photographers, whom we have obligated under data protection law according to the EU data protection basic regulation.

5. Purpose of the collection, processing or use of personal data

Unless otherwise stated, we collect, process or use your personal data in order to fulfil our obligations under the underlying contracts (e.g. ordering goods or services, sending the newsletter, enabling access to various platforms), cf. Art. 6 Para. 1 lit. b GDPR.

In all other respects, we collect, process or use the personal data presented under point 3 lit. a on the basis of our legitimate interest to enable the use of our website and to guarantee its IT security, cf. art. 6 para. 1 lit. f GDPR.

6. Duration of storage of personal data or criteria for storage duration

The data stored with us will be deleted as soon as they are no longer required for their intended purpose, or the storage is no longer necessary for the execution of the contract or execution and the deletion does not conflict with any justified interests on our part or legal storage obligations. If the user's data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to user data which must be stored for commercial or tax reasons.

According to legal requirements, data is stored for 6 years in accordance with § 257 para. 1 HGB (German Commercial Code) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and for 10 years in accordance with § 147 para. 1 AO (German Tax Code) (books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation, etc.).

7. No unauthorized disclosure to third parties

We treat your personal data with the utmost care. We only transfer the data to third parties if this is necessary for the execution and processing of contractual relationships, if you have given us your consent to do so, or if the transfer is otherwise permitted by relevant statutory provisions.

8. Protection of personal data

By means of a bundle of technical and organisational measures in accordance with the current state of the art, we protect both our website and the data stored in our area of responsibility against loss, destruction, unauthorised access, alteration or publication by unauthorised persons.

The input and transmission of personal data is encrypted using the SSL procedure (Secure Socket Layer).

A. What is SSL?

A website encrypted with SSL transmits personal data encrypted to the server so that it is impossible for third parties to intercept or read it. A certificate verifies our identity. Depending on your browser, you can recognize that a secure connection exists by the green address bar and/or the lock. By clicking on the lock or the green address bar you can read our online proof of identity.

B. What does SSL do?

By encrypting the transmission, you can assume that your entered data can only be read by us. You can see from the green address bar that you are connected to our server and that it is not a third-party site.

9. Use of cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages on the basis of our legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR.

Cookies are pieces of information that are transferred from our web server or third party web servers to the user's web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.

We use "session cookies, for example, to store your login status or the shopping cart function and thus enable the use of our online services at all. In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about the e-mail address of a visitor and the language selected on our site. These cookies cannot store any other data.

Users are informed about the use of cookies within the framework of pseudonymous range measurement in the context of this data protection declaration. If the users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

You may object to the use of cookies for range measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

10. Integration of third-party services and content

Within the scope of our online offer, we act on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. of the German Civil Code). GDPR) content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third party providers of this content perceive the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. Third party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring web pages, visit times and other information about the use of our online offering, as well as may be linked to such information from other sources.

The following presentation provides an overview of third party providers and their contents, along with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possibilities of objection (so-called opt-out)

* If our customers use the payment services of third parties (e.g. PayPal or Worldpay), the terms and conditions and data protection notices of the respective third parties, which are available within the respective websites or transaction applications, apply.
* External fonts from Google, Inc., https://www.google.com/fonts ("Google Fonts"). The integration of the Google Fonts takes place by a server call with Google (usually in the USA). Privacy Policy: policies.google.com/privacy?hl=de/ Opt-Out: www.google.com/settings/ads/
* Within our online presence, functions of the Instagram service may be integrated. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to assign the visit to our pages to your user account. We would like to point out that as the provider of the pages, we do not have any knowledge of the content of the transmitted data or of its use by Instagram. Privacy Policy: www.instagram.com/about/legal/privacy/
* Within our online presence, functions of the Twitter service may be integrated. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the transmitted data or its use by Twitter. Privacy policy of Twitter at www.twitter.com/privacy. You can change your data protection settings on Twitter in the account settings at www.twitter.com/account/settings.

11. Rights of data subjects

You have the following rights with regard to personal data concerning you:

* Right of access according to art. 15 GDPR,
* Right to rectification or cancellation according to Art. 16 GDPR or Art. 17 GDPR,
* Right to limitation of the processing according to art. 18 GDPR,
* Right to data transferability according to Art. 20 GDPR,
* Right to object to the processing under Art. 21 GDPR.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. The competent authority is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Postfach 20 04 44, 40102 Düsseldorf, Germany.

12. Objection or revocation to the processing

If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation influences the permissibility of the processing of your personal data after you have given it to us.

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF THE BALANCE OF INTERESTS ACCORDING TO ART. 6 ABS. 1 LIT. F GDPR, YOU MAY OBJECT TO THE PROCESSING. IF YOU OBJECT, PLEASE EXPLAIN WHY WE SHOULD NOT PROCESS YOUR PERSONAL DATA AS WE DID. IN THE EVENT OF YOUR REASONABLE OBJECTION, WE WILL EXAMINE THE FACTS AND EITHER DISCONTINUE OR ADAPT DATA PROCESSING OR SHOW YOU OUR COMPELLING REASONS WORTHY OF PROTECTION ON THE BASIS OF WHICH WE WILL CONTINUE PROCESSING.

YOU CAN OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR ADVERTISING AND DATA ANALYSIS PURPOSES AT ANY TIME. YOU CAN INFORM US ABOUT YOUR ADVERTISING OBJECTION UNDER THE CONTACT DATA LISTED IN PARAGRAPH 1

13. Changes to the Privacy Policy

We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service or data processing. However, this only applies to declarations on data processing. If the user's consent is required or if elements of the data protection declaration contain provisions governing the contractual relationship with the user, the changes will only be made with the user's consent. Users are requested to inform themselves regularly about the content of the data protection declaration.

14. Questions, comments, hints

We are happy to answer your questions on the subject of data protection and look forward to receiving your comments and suggestions. Write to us by e-mail to info@sportograf.com or in writing to the following postal address:

Sportograf GmbH & Co. KG

Dennewartstr. 25-27

52068 Aachen

* * * * *