1. introduction

We are delighted you want to use our Bayer 04 app (Werkself app). Your privacy and the associated protection of your personal data are very important to us. Therefore, our business activities are conducted in accordance with the applicable legal provisions on data protection and data security (in particular: the Basic Data Protection Ordinance (DS–GVO). It is very important to us that you feel safe with us. For this reason, we and our data protection officer ensure compliance with data protection regulations.

In this data protection declaration you will find information on the handling of your personal data for the purposes of use of the app operated by Bayer 04 Leverkusen Fussball GmbH. This data protection declaration relates only to the use of the Werkself app. You can use the app without logging on. Most of the functions of the app are available to you. However, the use of certain services requires provision of personal data, e.g. for setting up a Bayer 04 account or logging into certain services on the app. If you do not want to make your data available to us then you will be unable to use the associated services.

Please read the following information carefully. If you have any questions, please contact our data protection officer, whose contact details can be found below in this data protection declaration.

2. DATA CONTROLLER And contact details of data protection officer

The controller in relation to your personal data on this website is:

Bayer 04 Leverkusen Fußball GmbH
Bismarckstr. 122 - 124
51373 Leverkusen
Telephone: +49 (0) 214/5000 1904
Fax: +49 (0) 214/8660-512
http://www.bayer04.de

You can contact our data protection officer at:

Bayer 04 Leverkusen Fußball GmbH
Datenschutz
Bismarckstr. 122 - 124
51373 Leverkusen
E-Mail:
datenschutz@bayer04.de

3. legal basis, purposes and Data categories

3.1 Data processing by app store operators

Before you can install the Bayer 04 app, you have to conclude a user agreement with an app store operator (e.g. Google or Apple) by accessing their portal (e.g. Google Play, App Store). The app store operator gathers and processes data in association with the use of the app store such as user name, email address and individual device identification numbers as the responsible organisation. We are not party to the user agreement with the app store operator and have no influence on their data handling. In this respect, the data protection declarations of the individual app store operator apply.

3.2 Use of the app without logging on

3.2.1 Required permissions for app
In principle, it is possible to use our app without providing personal data. However, the app requires certain permissions to function and communicate with your device. These permissions are stored on your device. This includes permissions required to establish a connection with the Internet.

3.2.2 Optional permissions for app
You can choose to administer, amend and optionally use certain permissions at any time in your settings.
This includes for example.:

  • Access to the camera on your device: This permission enables you to use the camera function in the Bayer 04 app.
  • Access to the internal storage on your device to store, retrieve or enable downloads for pictures taken with the camera function or other functions within the app.
  • Messages: This function enables you to set how and when you will receive messages via a counter (next the icon on the app), for example on general information on updates or events on the app when you are not actively using the app. If you have activated push notifications then these will be shown additionally on the counter
  • Access to voice commands on your device
  • Access to your device’s audio player for example to use the radio function on the app
  • Background updates: This permission enables updates for the Bayer 04 app in the background. If this function is deactivated, you can choose updates yourself.

The app also functions if you do not grant these permissions although not all functions on the app can be used.

3.2.3 Profile
You also have the opportunity to set up a profile even without logging in to the Bayer 04 app. This function is completely voluntary and does not affect the functionality of the app. You can give the following details:

  • Name: You can give yourself a nickname that then appears on your profile.
  • Shirt number: You can choose a number for your virtual shirt.
  • Depending on that, a favourite player (with that shirt number) will be displayed that you may select or skip.
  • Profile picture: You have the opportunity to set a profile picture either using the camera function on the app or alternatively using a stored picture..

The details you give will be stored on the app and are not used to set up a Bayer 04 account. You can delete or amend your profile details at any time.

3.3 Cookies

We use cookies to enable you to use the app and improve the user experience. On first opening the app and then at any time via the cookie settings (on 'Cookies' menu item) you can set your cookie preferences by setting or removing the relevant ticks. The settings are stored on your device and must be reapplied if you delete the update on your device, reset the app or change your device. Please note that blocking of cookies can lead to our app offer available to you being restricted..

Detailed information on the processing of personal data through cookies and similar technology, the legal framework and the option of making settings can be found in the cookie settings on the individual cookies (drop down).

3.4 Push notifications

If you want, and have given us your consent, you will receive push notifications on your device from us whether or not you are using the app. You can choose subjects in the settings that interest you and you want to keep up to date with (e.g. live text commentary on matches, goal alerts, news items, offers). The following categories of personal data are used for this purpose: Your push message ID, the fact you have consented to receiving push notifications, your preferred settings as well as your history of push notifications.

Push notifications can only be received with your approval. You give us consent by activating push notifications under the menu point ‘Profile’. Please note you have to be at least 16 years of age to give consent for this data processing. If you are a minor, confirm with the activation of push notifications that there is consent from your guardian to use the push notification service as well as receiving push notifications.

The legal basis for processing is Art. 6 para. 1 lit. a DS-GVO.

You can turn off or modify push notifications at any time via the settings. Your personal data is processed to complete this purpose until you withdraw your consent (by deactivating reception on the app). In addition, we only store your personal data as permitted by law and is necessary, e.g. for the assertion or defending against legal claims or as long as legal obligations apply to data retention.

3.5 Using the app with log-in

The use of certain services can however require the submission of personal data, e.g. setting up a Bayer 04 account or logging in via a Bayer 04 account to certain services on the app. If you do not want to make your data available to us then you will not be able to use the respective services.

3.5.1 Setting up a new Bayer 04 account
We process the personal data you have provided us with in the creation of your Bayer 04 account and through the use of your Bayer 04 account. The aim of this processing is to manage your Bayer 04 account (from registration to possible termination of the Bayer 04 account), to make all the functions of the Bayer 04 account available to you, to provide you with access to our services requiring a Bayer 04 account and to secure all these and to inform you of updates for the Bayer 04 account.

The legal basis for our processing of your personal data is based on this processing being required for the fulfilment of our contract with you in relation to the Bayer 04 account (Art. 6 (1) (b) DS-GVO) or that relies on the valid interests of Bayer 04 (Art. 6 (1) (f) DS-GVO).

For this purpose, the processing of the following categories of personal data are required to fulfil the contract: Your name, your email address, your date of birth, your password and the fact that you have approved the conditions of use the Bayer 04 account.

3.5.2 Logging in via a Bayer 04 account
To use the range of services on the Bayer 04 account, you have to log on with your Bayer 04 account. After registering you can use all the app services. For this purpose, the processing of the following categories of personal data are required to fulfil the contract: Email address and password.

3.5.3 My profile
If you log on with your Bayer 04 account then you have access to the extended profile functions. Please note that for the completion of memberships, ticketing or purchasing fan merchandise via the app you will be transferred to our website (www.bayer04.de). In those cases, the data protection declaration of our website plus the relevant T&C's apply.

3.5.3.1 Profile data
Logging in using your Bayer 04 account gives you the option of viewing and administrating your customer data stored with us directly on the app. Your logging on confirms your consent and enables you to use our offers with the associated data from your Bayer 04 account. If you update data on your at profile then we will receive an update. Details of the Bayer 04 account can be obtained from the T&C's as well as data protection provisions on our website or the relevant web shop.

For this purpose we process the following the categories of personal data: Bayer 04 ID (this ID serves to create a link to your membership account at Bayer 04), user data (email address, telephone number, date of birth (to validate age) and password, address details (e.g. first and last names, address, if required alternative addresses such as billing address, shipping addresses), saved payment details. The legal basis for processing is Art. 6 para. 1 lit. b DS-GVO.

3.5.3.2 Administration of your memberships
If you have membership of one of our clubs (e.g. Bayer 04 Club, Silberlöwen) then this menu point will display information on your membership (e.g. start date, membership number, club benefits). In addition, you will receive a QR code as proof of your membership and use of all the benefits. For this purpose, we process the following categories of personal data: Bayer 04 ID (this ID serves to create a link to your membership account at Bayer 04), first and last name, contact details (e.g. email address, telephone number, postal address), date of birth (to validate age), information on your membership. The legal basis for processing is Art. 6 para. 1 lit. b DS-GVO.

3.5.3.3 Administration of your tickets/season cards
If you log in with your Bayer 04 account, your tickets (e.g. after purchase from the ticket web shop) and/or season cards will be stored on the app and can be used for access to individual games via the QR code.

For this purpose we process the following the categories of personal data:

Bayer 04 ID (this ID serves to create a link to your membership account at Bayer 04). first and last names, contact details (e.g. email address, telephone number, postal address), date of birth (to validate age) product specific details is Art. 6 para. 1 lit. b DS-GVO.),

3.5.3.4 Inbox
Here you will find current content on, for example, special news about Bayer 04 and, provided we have your consent, offers and information tailored to you. For this purpose, we process the preferences you have consented to within the cookie settings. If you cancel them then you will not receive any more content.

3.5.4 Redirection from the app
At certain points there is redirection from the app, e.g. accessing external content, purchasing tickets or fan merchandise in the ticket or fan shops, accessing content from our social media networks. Here you will be taken via the app the to our website or to content from external or third parties. This is subject to our website data protection declaration as well as the applicable T&C's or directions from third parties.

3.5.5 Logging off
At any time you can log off via the relevant function on the app from the log-in section. Accordingly, unless you log in again, only the data named in points 3.1 to 3.4 will be processed according to the setting.

3.5.6 Deletion of your Bayer 04 account
You can delete your Bayer 04 account by the relevant function on the app. In this case, all personal data relating to your Bayer 04 account will be deleted providing no retention periods apply (see point 6). After the complete deletion of your Bayer 04 account by Bayer 04 you will be automatically logged off from the log-in section on the app. Accordingly, only the data named in points 3.1 to 3.4 will be processed depending on the settings.

3.6 Share functions

Your mobile device offers you the opportunity to share content from the app with third parties (e.g. via email, text message or via the share functionality on social networks or Messenger). We have no influence over the associated processing of data, e.g. through social network providers. All the relevant third parties are responsible in this case.

4. recipients of your data and categories of recipients

Access to your personal data within the framework of using the Bayer 04 app is limited to persons who have to know personal data to complete their roles. So, your personal data can be transmitted to the following categories of recipients for the relevant processing purposes:

4.1 Data processor

Data processors are certain third parties (e.g. service providers, providers of data processing services) who receive your personal data to process the appropriate instructions for the relevant processing purpose on behalf of Bayer 04. The data processors are contractually obliged, in accordance with Art. 28 DS-GVO, to take appropriate technical and organisational security measures to protect the personal data and only process the personal data according to instructions of Bayer 04.

4.2 Third parties

We only transmit your personal data to third parties (e.g. government bodies, courts, external advisers and other comparable third parties) when and as far as this is prescribed or allowed by law to assert legal claims or to investigate or prevent suspected or actual illegal activities. In these cases, you will be informed by us specifically on the relevant transmission provided that is legally required.

5. Data transmission to third countries

Certain recipients of your personal data (e.g. data processes) are based in non EU/EEA countries, in third countries where the level of data protection differs from the level of data protection in the EU and there is no adequacy decision from the European Commission. In the case of transmission to these recipients outside the EU/EEA we will make suitable guarantees available in advance in particular by concluding the European Commission data transmission contracts (e.g. standard data protection clauses) with the recipients and also take other measures to ensure a suitable data protection level. This covers third parties, e.g. data processes in the following countries: USA

You can receive an overview of the recipients in third states as well as a copy of the agreed regulations on the establishing of a suitable level of data protection. Please use the details in section 2 'Data controller and contact details of the data protection officer'.

6. retention period

Your personal data will not be retained longer by us than required for the fulfilment of our obligations and only for the length of time required for the purposes your personal data has been retrieved. If we no longer have to process your personal data we will delete it from our systems and/or our records and/or take measures to anonymise it so that you can no longer be identified (in the event that we have to store your information to fulfil legal or official requirements we are subject to. For example, personal data contained in contracts, communications and business letters that are subject to legally defined storage periods that have to be stored for up to 10 years).

7. your rights

You have the following rights in accordance with the DS-GVO providing the relevant conditions obtain.

7.1 Right to information, Art. 15 DS-GVO

Under the legal provisions you can require information whether and which of your personal data is being processed.

7.2 Right to amendment, Art. 16 DS-GVO

You have the right to require amendment of incorrect or incomplete personal details insofar as you are unable to make amendments yourself.

7.3 Right to deletion, Art. 17 DS-GVO

Under the legal provisions we are obliged to delete your personal data. The right to deletion does not exist if the processing of the personal data is required to fulfil a legal obligation we are subject to (e.g. legal retention periods) or to enforce, exercise or defend legal claims.

7.4 Right to restrict processing, Art. 18 DS-GVO

Under the legal provisions you can demand the restriction of processing of your personal data.

7.5 Right to data portability, Art. 20 DS-GVO

Under the legal provisions you can require us to hand over your personal data processed by us in a structured, accessible and machine-readable format.

7.6 Right of objection, Art. 21 DS-GVO

Under certain conditions you have the right based on your particular situation to object at any time to our processing of your personal data and we are obliged not to process your personal data any longer. If personal data is processed for direct marketing then you also have the right to object at any time to the processing of personal data relating to you for the purpose of such marketing. That also applies to profiling in connection with direct marketing. In this case the personal data will no longer be used by us for this purpose.

7.7 Automated decision in individual cases including profiling, Art. 22 DS-GVO

We also guarantee your rights according to Art. 22 DS-GVO. You and your data on our website are therefore not subject to decisions that rely solely on automatic processing – including profiling.

7.8 Right of appeal/Regulatory authority, Art. 77 DS-GVO

You have the right to appeal to a regulatory authority or appropriate body insofar as you have a reason for objection in particular if you are of the view that the processing of your personal data is not being performed in harmony with legal requirements and the provisions of this data protection declaration.

Contact details for the regulatory authority responsible for Bayer 04 Leverkusen Fußball GmbH are:

Landesbeauftragte für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-10
E-Mail:
poststelle@ldi.nrw.de

8. amendments to data protection declaration

Advances in technology, legal requirements and other changed processes can also affect this data protection declaration. We therefore reserve the right to amend this data protection declaration at any time in the future.

As at: July 2021