Privacy Declaration

Bayer 04 Leverkusen Fußball GmbH

BayArena+
Bismarckstr. 122 - 124
51373 Leverkusen

Tel.: +49 (0) 214/8660-777
Fax: +49 (0) 214/8660-778
http://www.bayarena-plus.de

We are pleased you have chosen to visit our website. Your privacy and the protection of your personal data are of the utmost importance to us. For that reason our business dealings are performed in compliance with the applicable regulations regarding data protection and data security (in particular: the General Data Protection Regulation – hereinafter GDPR - (Datenschutz-Grundverordnung) and the revised version of the Federal Data Protection Act – hereinafter FDPA – (Bundesdatenschutzgesetz). It is of utmost importance to us that you feel safe and secure on our website. For that reason, we and our Data Protection Officer uphold the data protection policies.

We fully appreciate the significance of the data you provide us with and wish to inform you in the following about:

  • the purposes for which your personal data are collected, processed and used,
  • how we handle and protect your data,
  • whom we provide your data to and
  • how you can assert your rights.

Please read the subsequent explanation carefully. For any questions you may have please contact our Data Protection Officer. The appropriate contact details can be found below.

1. Definitions

Privacy is a complex topic. In order to facilitate a better understand of our Privacy Policy we would like to define some terms. We have compiled these terms and their definitions for you here.

By order processing as per Article 28 GDPR we mean, simply put, a service for which personal data are collected, processed and/or used on behalf of and in compliance with the so-called responsible party by a service provider (a processor in keeping with the GDPR). The service provider processes the personal data according to our directives exclusively and does not gain ownership or an invested interest in your data. Prior to commissioning a carefully vetted service provider, we enter into a special contract with the service provider and ensure further measures to protect your personal data.

Cookies are small files of letters and numbers that are stored on your devices (e.g. computers and smartphones). They store certain settings and data for the data exchange with our system via your browser. A cookie usually contains the name of the visited website, which the cookie
was sent from, information about the age of the cookie and an alphanumerical identification tag. Cookies enable the systems to recognise the user's device and to make pre-settings available for use immediately.

A third party is any natural or legal person or authority, apart from the affected party, the responsible party, the processor and the persons for whom the responsible party or processor is directly responsible who is authorised to process the personal data, cl. Article 4 (10) GDPR. Hence it does not pertain to e.g. a third party when personal data are provided to the service provider as part of the order processing in accordance with Article 28 GDPR.

IP addresses are numerical sequences assigned to each IT device or group. Similar to a postal address, the IP is used to be able to assign data to the correct recipient.

By personal data we mean all information which pertains to an identified or identifiable natural person especially the name & surname, the date of birth, the email address, the place of residence as well as bank and payment details but also health data, cl. Article 4 (1) GDPR.

The responsible party in accordance with Article 4 (7) GDPR is every person or authority which alone or jointly with others determines the purposes and means of the processing of personal data (in the matter at hand: the website operator).

2. Responsible party

The responsible party with regard to personal data on this website is:

Bayer 04 Leverkusen Fußball GmbH
Bismarckstr. 122 - 124
51373 Leverkusen

Tel.: +49 (0) 214/8660-777
Fax: +49 (0) 214/8660-778
http://www.bayarena-plus.de

In the event that the responsible party differs from the aforementioned responsible party in keeping with the General Data Protection Regulation (GDPR) and/or the Federal Data Protection Act (FDPA), this will be expressly and separately indicated insofar as it is not obvious.

3. Contact details of the data protection officer

The Data Protection Officer of Bayer 04 Leverkusen Fußball GmbH
Brands Consulting

Mr Bernhard Brands
Auf dem Hahn 11
D-56412 Niedererbach (Westerwald)

Website: www.brands-consulting.eu
Email: bayer04@brands-consulting.eu

4. Use of the website/login data

When you access our website, the data are logged automatically. This is also true of the data you use (log data). When we do so, we collect and use the necessary technical data to make the website available to you. By the necessary technical data we mean the data transferred to our web-server from your browser such as: the browser type / browser version, the operating version, the referrer UR, the host-name of the accessing computer (IP address), date and time of the server request.

We require these data to ensure the website's functionality so as to make your visit to our website as user-friendly as possible. We reserve the the right to analyse the logged data for data protection reasons as required. We do not create an individual profile based on said necessary technical data which provides information about your personal user behaviour. The log data are not linked to or merged with other data sources.

The legal grounds for the processing of the mentioned data – insofar as they are personal data – are set out in Article 6(1)(f) GDPR. It is our legitimate interest to provide you with an appealing, user-friendly and technically sound website.

5. Cookies

Our website uses so-called cookies to make our online presence more user-friendly. On the one hand the cookies we use are so-called 'session cookies'. On conclusion of your visit session cookies are deleted automatically. On the other hand we also use cookies which remain on your device until deleted. These cookies enable us to recognise your browser on your next visit by saving you and your preferences in terms of our website. The collected information refers to technical information e.g. your browser, a time stamp and a unique identifier. Almost all browsers provide a setting to block cookies, to delete cookies or a notification function to prevent and/or control the setting of cookies. For further information and your browser settings please refer to your browser's help file or further instructions of your browser provider. There you can learn how to control the settings and to tailor cookies. Please note that the deactivation of cookies can restrict or the functionality of this website.

6. Use of our services

We collect and process personal data when and if it is necessary to create, execute or terminate obligations arising from the respective transaction and/or to set up a customer account. To do so we collect and process the necessary personal data (form of address, name & surname, email address, postal address, payment details, product-related data, past orders) which are required to render the service for you. The legal ground for the processing are set out in Article 6 (1)(b) GDPR.

7. Information dispatch by Bayer 04/contact

If you provide us with personal data in order to contact us or to obtain information about Bayer 04 Leverkusen or BayArena+ we use the data you have provided without special consent exclusively for the purpose of fulfilling and rendering the services associated with your request and to provide you with information. In addition, we inform you about specific offers and content based on your past orders.

7.1 Information dispatch by BayArena+

Newsletter
We give you the opportunity to subscribe to our newsletter for current information about Bayer 04 Leverkusen, BayArena+ and our attractive offers, So that we can deliver our newsletter to you, we need your consent to use your personal data. We require the following data to deliver our newsletter: form of address, name & surname, email address. To confirm that you wish to subscribe to our newsletter you then receive an email that includes a link by means of which you can confirm that you wish to subscribe to the newsletter (double opt-in). So as to optimise and analyse the system performance and to optimise the content on offer the records are also used for statistical analysis. Provided you have granted consent for this separately, we collect and use further analysis to provide customised content in the newsletter.

You may revoke your consent allowing us to use your data with regard to the dispatch of our newsletter at any time informally by simply using the appropriate opt-out link/unsubscribe link found at the bottom of the newsletter or by sending an informal email to info@bayarena- plus.de requesting that your data be deleted from the newsletter data bank.

Legal grounds for the processing are your consent as per Article 6(1)(a) GDPR.

Insofar as your subscription for the newsletter for the newsletter services occurred prior to 25 May 2018, we process your data on the basis of the consent granted at the time of the subscription.

Product recommendations
If you provided us with personal data as part of your booking or by using one of our services, we use these data (form of address, name & surname, email address, if required telephone number and address) in order to inform you about similar offers which may be of interest to you.

You may revoke your consent allowing us to use your personal data to send you product recommendations at any time by using the link at the bottom of page of the virtual product recommendation or by sending an email to info@bayarena-plus.de.

Legal grounds for the use of your contact details to send you product recommendation are set out in Article 6(1)(f) GDPR in conjunction with § 7(3) Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb).

7.2 Contact/communication with BayArena+

Contact by email, telefax, telephone or post
Should you contact us by email, fax, telephone or by post, we use the data you have provided to contact you and for the purpose of fulfilling and rendering the services associated with your request. Your data are not transferred to third parties. Your data are deleted within an appropriate period of time on conclusion of your request, unless this is precluded by other legal regulations.

The legal grounds for processing are set out in Article 6(1)(f) GDPR. Our legitimate interest consists in the appropriate reply and processing of your request. If the request made pertains to the preparation/initiation of a contract of which you are a party, the alternate legal grounds are set out in Article 6(1)(b) GDPR.

Contact by contact form
Personal data you provide when making inquiries you make with the aid of the contact form is used solely to process your enquired and saved so as to handle any follow-up questions. These data are not shared with your consent.

You also have the opportunity to contact us by using the contact form provided on our website. If you use the contact form, we collect and save your personal data which you have entered in the given fields (e.g. name & surname, email address, telephone number). We use the data for the sole purpose of fulfilling and rendering the services associated with your request. Your data are not transferred to third parties. Your data are deleted within an appropriate period of time on conclusion of your request, unless this is precluded by other legal regulations or your data are used within the scope of a contract preparation.

The legal grounds for processing are set out in Article 6(1)(f) GDPR. Our legitimate interest consists in the appropriate reply and processing of your request. If the request made pertains to the preparation/initiation of a contract of which you are a party, the alternate legal grounds are set out in Article 6(1)(b) GDPR.

8. Transfer of your data, use by service providers

We collect and use your data in accordance with legal provisions and solely for our own use. Your data are not transferred to third parties unless there is a legal obligation to do so, you granted consent to do so or the transfer of said data is necessary to render the contract between you and us or we have a legitimate interest in data transfer.

In the event that we have made advance payment, e. g. in the case of a purchase on account or by direct debit, we reserve the right to carry out a solvency check on the basis of mathematical statistical means if necessary in order to safeguard our legitimate interests. The legal grounds for the transfer of data are in this case set out in Article 6(1)(f) GDPR. Our legitimate interest consists in avoiding breaches of payment and the sound handling of payments.

8.1 Transfer of data in order to render services

We do not transfer data to third parties, unless it is necessary to render the contractual obligations toward you. Where applicable, this may include the transfer of data to a shipping agent (e.g. Deutsche Post) to dispatch relevant documents or to forward the required payment data to payment services provider to handle the payment. In addition, we also provide your personal data to service providers to the extent necessary if you wish to avail of their services through us (e.g. to book a hotel or to provide catering) or whose services is a component of the offer. We only provide the data required to render the respective service or task to the commissioned service provider. The further use of the data by the service provider is not permitted.

The legal grounds for the data transfer are set out in Article 6(1)(b) GDPR.

8.2 Use of service providers

Insofar as we avail of service providers to facilitate and provide our offer or to manage and organise our organisation who may be granted necessary access to your data, we have an order processing contract in place as per Article 28 GDPR with our service providers for the order processing. We also remain responsible for the protection of your data. The conclusion of the contract means that the commissioned service providers are not viewed as third parties.

9. Participation of online services and third-party content

9.1 General

As part of our online presence, we offer content and services of third parties such as videos from other websites and related services. Insofar as this content or the third-party services are a direct component of the website, the data are processed directly by the third-party provider as a rule (e.g. your IP address). We do our utmost to only use services and content which forego the direct transfer of your data and/or use the IP address solely for the purpose of transferring the content. However, we cannot determine if the third-party provider saves the IP address for statistical purposes. To the extent that we are aware of such, we advise our users of it.

9.2 External services

YouTube
We use the video service YouTube on our website. YouTube is provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube is a subsidiary of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter Google.

Google and its subsidiaries (such as YouTube) are certified under the EU-US Privacy Shield. Hereby Google guarantees that it complies with the EU privacy provisions. This also applies to the processing of data in the USA.

You may view the certification under the following link:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

We use YouTube in order to be able to display videos on our website. The legal grounds are set out in Article 6(1)(f) GDPR. Our legitimate interest consists in the optimised display of our website content by incorporating videos.

Each time you access one of our pages with an integrated YouTube video, you are connected to the YouTube servers in the USA. This connection is necessary to retrieve the respective video on our website via your browser. In the course of this, YouTube connects and processes your IP address, the date and time of your access connection as well as accessed website. In addition, each connection to a website with an integrated YouTube video also results in a connection to the Google advertising network 'DoubleClick'.

Insofar as you have a YouTube account and are logged on to such at the time of your visit to our website, YouTube assigns your connection information to your YouTube account. To prevent this, you have to log out at YouTube prior to you visit to our website or adjust the corresponding settings in your YouTube account.

YouTube saves cookies through your internet browser on your device for the purposes of functionality as well as analysis and user behaviour. In the event that you object to this processing, you have the option of preventing this. Using the corresponding setting in your internet browser you may prevent that cookies are saved on your device.

The privacy regulations and further information about this service provider can be found under the following external link: https://policies.google.com/privacy.

reCAPTCHA
In order to verify the fact that you are a human and not a web bot, when you use the contact form to contact us, we use the CAPTCHA service by Google. The privacy regulations and further information about this service provider can be found at: https://policies.google.com/privacy?hl=de.

Adobe Fonts
This website uses Adobe Fonts. Adobe Fonts is operated by Adobe, Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA. Adobe Fonts allows access to the Font Library. On using a website your browser uploads the required Web Fonts to your browser to display the text elements correctly. Each time you access one of our sites your browser loads the required Web Fonts to your browser cache to display texts and fonts correctly. This service is provided without the use of cookies via your browser on your device. However, Adobe may save your IP address, information about the implemented font, the visited website and technical properties of your device.

Adobe is certified under the EU-US Privacy Shield. Hereby Adobe guarantees that it complies with the EU privacy provisions. This also applies to the processing of data in the USA.

You may view the certification under the following external link:
https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG

We use Adobe Fonts to be able to present our website in a standard and appealing manners. The legal grounds are set out in Article 6(1)(f) GDPR. Our legitimate interest consists in the optimised display of our web content by incorporating external fonts.

The privacy regulations and further information about this service provider can be found under the following external link:
https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

10. Analysis of the website use

Data Protection for the use of Google Analytics:

Google Analytics
This website uses functions of Google Analytics, a web analysis service operated by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Google Analytics uses cookies. The information about the website use generated by the cookies is generally transferred to a Google server in the USA and stored there.

We use Google Analytics with active IP anonymisation so that the visitor's IP address is shortened by Google within member states of the European Union or in other treaty states of the Agreement on the European Economic Area prior to the transfer to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and then shortened there. On behalf of the operator of this website, Google will use information to analyse your use of the website in order to prepare reports on the web activities, and provide additional services associated with the website use and Internet usage for the website operator. The IP address transmitted by your browser within the course of Google Analytics, will not be linked to or merged with any other data by Google.

Google and its subsidiaries (such as YouTube) are certified under the EU-US Privacy Shield. Hereby Google guarantees that it complies with the EU privacy provisions. This also applies to the processing of data in the USA.

You may view the certification under the following link:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

The legal grounds for the processing are set out in Article 6(1)(f) GDPR. Our legitimate interest consists in the statistical analysis of your user behaviour in order to optimise our web content.

You can prevent the storage of cookies using the corresponding setting in your browser software; we would, however, like to point out that in this event you may not be able to make full use of all the functions of this website.
Furthermore, you can also prevent the recording of data relating to your use of the website (incl. your IP address) generated by the cookie being sent to and/or processed by Google by downloading and installing the browser plug-in available on the following link (http://tools.google.com/dlpage/gaoptout?hl=de).

This is where so-called Client-IDs come into use. They serve to create pseudonymous user profiles, which record the use of the website by desktop computers and mobile terminals by one user. The information generated by the cookie about your use of the website is usually transmitted to a Google server in the USA and stored there. In the case of the activation of the IP-anonymisation on this website, Google will first shorten your IP address within member states of the European Union or in other treaty states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and then shortened there. On behalf of the operator of this website, Google will use information to analyse your use of the website in order to prepare reports on the web activities, and provide additional services associated with the website use and Internet usage for the website operator. The IP address transmitted by your browser within the course of Google Analytics, Google will not combine it with any other data. You can prevent the storage of cookies using the corresponding setting in your browser software; we would however like to point out that in this event you may not be able to make full use of all the functions of this website.
You can also prevent the recording of data relating to your use of the website (incl. your IP address) generated by the cookie being sent to and/or processed by Google by downloading and installing the browser plug-in available on the following link:
https://tools.google.com/dlpage/gaoptout?hl=de.

You may also prevent the Google Analytics from recording your data by clicking the following text: Google-Opt-Out. By doing so, you activate a so-called opt-out cookie which prevents the collection of data by Google Analytics on this website. This opt-out cookie only works for this browser and for this domain. Should you delete the cookies in the browser, you have to click the link again.

For more information about how Google Analytics handles user data please view the following external link:
https://policies.google.com/technologies/partner-sites?hl=de

11. Azure app service web apps

We use Web Apps, a Cloud service by Microsoft Corporation and operated by data trustees, T-Systems International GmbH, Hahnstraße 43d, 60528 Frankfurt on Main, to incorporate various web resources on our website (e.g. images and graphics). Your browser loads the required elements in your browser cache when you access a website. Cookies are not stored on your device in this process. The Privacy Policy of this service can be viewed under the following external link: https://www.microsoft.com/de-de/TrustCenter/Privacy/default.aspx

The legal grounds for the processing of the described data – provided that they are personal data – are set out in Article 6(1)(f) DS-GVO. Our legitimate interest consists in providing you with an appealing, user-friendly and technically sound website.

12. Period of data use/storage

Upon full completion of task arising from the request, for which your provided us with the information and provided the provisions according to tax and commercial laws allow it, your personal data are deleted if you assert your right of deletion or it is impermissible to save your data for other legal reasons.

13. Place of the data use

As a rule your data are processed in Germany. In rare cases the information you have provided us with may be stored on servers within the European Union (EU). Should we deviate from this as 'the responsible party' and/or 'responsible body', we will notify you accordingly.

14. Data security/secure data transfer

We wish to inform you that security breaches may occur when transferring data on the internet (e.g. by email). Complete protection from the third-party access is accordingly not possible. We secure our IT systems (including the website) with the aid of so-called technical and organisational measures against unwanted: entry, access, transfer, input, loss and distribution as well as destruction and alteration by unauthorised parties.

15. Rights of the affected party

The contact person responsible for safeguarding the rights of the affected party is our Data Protection Officer (contact details below).

15.1 Right of information

As per the legal requirements of Article 15 GDPR you have the right to obtain information about whether we process information about you at any time. This right also applies to circumstances and the configuration of the processing and more detailed information about the processed data.

15.2 Right of correction

As per Article 16 GDPR you may also assert your right of correction for incorrect personal details, unless you are in a position to amend the information of your own accord.

15.3 Right of deletion

As per the legal requirements of Article 17 GDPR you are entitled to assert a right of deletion for relevant personal data. Consequently, these data are to be deleted promptly. The right of deletion does not apply if among other things it is necessary to process the personal data so as to practise the right of free speech and freedom to information, to comply with a legal provision, we are subject to (e.g. legal record keeping requirements) or to assert, execute or defend against legal claims.

15.4 Right of restriction of processing

As per Article 18 GDPR you can assert your right of restriction in terms of how we process your personal data.

15.5 Right of data portability

As per the legal requirements of Article 20 GDPR you are entitled to assert a right of portability by which you obtain from us the relevant personal data we processed in a structured, common and machine-readable format.

15.6 Right of objection

As per the legal requirements of Article 21 GDPR you have a right of objection to the processing of your personal data. By lodging this objection, you may require us to discontinue the processing of your data. The right of objection only applies to the extent stipulated by law. Your objection may be contrary to legitimate interests which render a further processing necessary.

15.7 Right of revocation

The consent granted by you to process your personal data (e.g. as part of the newsletter subscription) may be revoked as per Article 7(3) GDPR at any time and with future effect without incurring any expenses other than the transmission costs in accordance with the basic tariffs.

15.8 Disclosure requirement

As per Article 19 GDPR we are obligated to inform all recipients to whom personal data has been exposed about corrections, deletions and restrictions of the processing of personal data. This obligation is subject to exceptions if it is impossible or entails unreasonable effort. On request we can inform you about said recipients.

15.9 Automated decisions in specific cases including profiling

We safeguard your rights as per Article 22 GDPR. Hence you and/or your data on our website are not subject to decisions, which are processed automatically – including profiling.

15.10 Right of appeal/ supervisory authority

As per Article 77 GDPR you have the right of appeal by which you may complain to a supervisory authority and/or to a responsible body, provided you have grounds for a complaint especially if you believe that the processing of your personal data is not in keeping with the legal provisions and the privacy policy provisions.

For any question you may have about the collection, processing and use of your personal data, for information, corrections, restriction or deletion of data or the revocation of consent previously granted please contact the Data Protection Officer of Bayer 04 Leverkusen Fußball GmbH. The contact details are as follows:

State Official for Data Protection and Freedom of Information Nordrhein-Westfalen
PO Box 20 04 44
40102 Düsseldorf

Tel.: 0211/38424-0
Fax: 0211/38424-10
Email: poststelle@ldi.nrw.de

16. External links and information on the website

We use external links on our website but cannot prescribe how the operators of the linked websites uphold the data protection regulations. Furthermore, we ask you to note that the information on this website is not by any means legally binding in character but solely for informational purposes.

17. Amendments to the Privacy Policy

Advances in technology, legal requirements and changing procedures may have an effect on the Privacy Policy. We reserve the right to amend the Privacy Policy at any time effective immediately. The current version may be found on our website. Please refer to the sub-site of our homepage regularly to remain informed about the applicable regulations.

As of 03.12.2018

Note: This translation is for information purposes only. The German text as of December 2018 shall prevail in the event of any discrepancy between this version and the original.