Bayer 04 Leverkusen Fußball GmbH
Bismarckstr. 122 - 124
51373 Leverkusen
Telephone: +49 (0) 214/5000 1904
Fax: +49 (0) 214/8660-512
http://www.bayer04.de
We are delighted that you have visited our website. Your privacy and the associated protection of personal data are important to us. Therefore, our business activities are conducted in accordance with the applicable legal provisions on data protection and data security (in particular: Basic Data Protection Ordinance (DS-GVO) and Federal Data Protection Act in the new version (BDSG-neu)). It is very important to us that you feel safe with us. For this reason, we and our data protection officer ensure compliance with data protection regulations.
We are aware of the importance of the data entrusted to us and would like to inform you below:
Please read the following explanations carefully. If you have any questions, please contact our data protection officer, whose contact details can be found in this data protection declaration below.
Data protection is a complex issue. In order to facilitate your understanding of this privacy statement, we have compiled a few basic terms for you.
"Order processing" (AV) within the meaning of Art. 28 of the Basic Data Protection Ordinance (DS-GVO) is simply understood as a service in which personal data is collected, processed and/or used by a service provider (contract processor in accordance with DS-GVO) on behalf of and under the instructions of the so-called data controller. The service provider processes the personal data exclusively in accordance with our instructions and does not acquire any ownership of, or own interest in your data. Before such a contract is awarded to a carefully selected service provider, we conclude a special contract with the service provider and ensure further measures to protect your personal data.
"Cookies" are small text files that are stored on your terminal device (e.g. computer or Smartphone) and that store certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the website visited, from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier. Cookies enable the systems to recognise the user's device and to make possible pre-settings available immediately.
A third party is any natural or legal person or body other than the data subject, the data controller, the data processor and the persons authorised to process the personal data under the direct responsibility of the data controller or the data processor, see Art. 4 No. 10 DS-GVO. It is therefore not, for example, a third party if personal data is given to a service provider in the course of order processing in accordance with Art. 28 DS-GMO.
IP addresses are sequences of digits that can be assigned to individual IT devices or a group. The IP is used, similar to postal addresses, to assign data to the correct recipient.
"Personal data" means all information relating to an identified or identifiable natural person, in particular first and last name, date of birth, e-mail address, home address, bank and payment data, but also health data, cf. Art. 4 No. 1 DS-GVO.
"Controller" under Art. 4 NO. 7 DS-GVO means any person or body which, alone or jointly with others, determines the purposes and means of the processing of personal data (in this case the Website operator).
The controller in relation to your personal data on this website is:
Bayer 04 Leverkusen Fußball GmbH
Bismarckstr. 122 - 124
D-51373 Leverkusen
Telephone: +49 (0) 214/5000 1904
Fax: +49 (0) 214/8660-512
http://www.bayer04.de
If any person other than the aforementioned body is "responsible" within the meaning of the Basic Data Protection Ordinance (DS-GVO) or the Federal Data Protection Act (BDSG-neu), you will be explicitly and separately notified, save where this is obvious.
Data protection officer of Bayer 04 Leverkusen Fußball GmbH
Bayer 04 Leverkusen Fußball GmbH
Data protection
Bismarckstr. 122-124
D-51373 Leverkusen
E-Mail: datenschutz@bayer04.de
www.bayer04.de
Every time you access this website, data is automatically logged, which also applies to calling up files (log data). We collect and use the data technically necessary to make the website available to you. The technically required data that is transmitted to our web server by your browser includes, for example: the browser type/version, the operating system used, the referrer URL, the pages accessed, the IP address, as well as the date and time of the request.
We need this data to ensure the functionality of the website and to make your visit to this website as pleasant as possible. We reserve the right to analyse the logged data for data security reasons. We do not create an individual profile that provides information about your personalised usage behaviour based on the data technically necessary. The log data is not linked or merged with other data sources.
The legal basis for the processing of the described data - insofar as they are personal - is Art. 6 para. 1 lit. f DS-GVO. Our legitimate interest is to offer you an attractive, user-friendly and technically functional website.
We use cookies to make it easier for you to use our pages. For this purpose, we use so-called session cookies, which are automatically deleted at the end of the browser session. On the other hand, we also use cookies that remain stored on your end device for a longer period of time and which serve to save you and your preferences regarding our website in the event that you visit our pages again in the future. The information collected relates to technical information such as your browser, a time stamp and a unique identifier. Almost all browsers allow the general blocking of cookies, the deletion of set cookies or a warning function to prevent/control the setting of a cookie. For more information on the browser settings that you can make to control the setting and management of cookies, please refer to your browser's help file or further instructions provided by your browser provider. Please note that blocking cookies may prevent or limit your use of our website. You can adjust your cookie settings here or using the link "Settings COOKIES" on top of this data protection page.
If you provide us with personal data in order to use one of our services, obtain a product or a ticket from us, we will use your details to enable you to use/make the purchase. Below we inform you of the individual services and offers and the associated data processing including their respective legal basis.
If you are a member of one of our club offers (Bayer 04 Club, Teens club, Lions club), we collect and process the personal data required for membership (including verification of membership requirements) and the services we offer to members[title, first and last name, e-mail address, telephone number, postal address data, date of birth (for age validation), payment data]. The legal basis for processing is Art. 6 para. 1. lit. b. DSGVO. The use of the form of address you request is made for the purpose of a friendly and customer-appropriate form of address and communication based on Section 6, Sub para 1, Clause 1 lit. f) GDPR.
We collect and process personal data, if and as far as this is necessary for the establishment, execution or termination of the respective legal transaction (purchase) and/or for the establishment of a customer account. For this purpose we collect and process the necessary personal data (title, first and last name, e-mail address, postal address, payment data, product-specific data, order history) which is necessary to fulfil the order. The legal basis for processing is Art. 6 para. 1. lit. b. DSGVO. The use of the form of address you request is made for the purpose of a friendly and customer-appropriate form of address and communication based on Section 6, Sub para 1, Clause 1 lit. f) GDPR.
We collect and process personal data, if and as far as this is necessary for the establishment, execution or termination of the respective legal transaction (purchase). For this purpose we collect and process the necessary personal data (titlefirst and last name, e-mail address, postal address, payment data, product-specific data, order history), which is necessary in order to fulfil the order. The legal basis for processing is Art. 6 para. 1. lit. b. DSGVO. The use of the form of address you request is made for the purpose of a friendly and customer-appropriate form of address and communication based on Section 6, Sub para 1, Clause 1 lit. f) GDPR. The use of the form of address you request is made for the purpose of a friendly and customer-appropriate form of address and communication based on Section 6, Sub para 1, Clause 1 lit. f) GDPR.
When you create a customer account (Fanshop/Ticketshop), we permanently store the personal data you provide. We use the data collected to make the repeated purchase/order process as pleasant as possible for you.
The legal basis for processing is Art. 6 para. 1. lit. b. DSGVO.
If you provide us with personal data in order to contact us or to receive information about Bayer 04 Leverkusen, we use your data to enable us to process your inquiry and to send you information. In addition, we will inform you about specific offers and contents in connection with your orders and/or memberships.
Newsletter
If you decide to receive the latest information on Bayer 04 Leverkusen, our attractive offers and offers from our official partners on the website, we will use the personal data you have shared with us to provide you with the relevant newsletter offer. To subscribe to our newsletter, we require your approval for the use of your personal data.
We process the following personal data from you to provide our newsletter service:
In order to ensure that you really want the newsletter and that you have registered, you will receive a confirmation message with a link to the final registration (so-called double opt-in procedure). The data sets are used for statistical evaluations to optimise and analyse the system performance and to optimise the content offered. If you have given your separate consent, we collect and use further analysis data in order to be able to offer you the display of personalised newsletter content. You can informally revoke your consent to the use of your data for sending newsletters at any time by clicking on the corresponding opt-out link/unsubscribe link in one of the newsletters received (at the bottom of the page). Alternatively, you can send an informal e-mail to info@bayer04.de and request the deletion of your data from our newsletter database. The legal basis for processing is your consent under Art. 6 para. 1. lit. a. DSGVO.
If you have registered to receive our newsletter services before May 25th 2018, we will process your data on the basis of the consent you gave at the time of registration.
Product recommendations
you have provided us with personal information when ordering a product from our fan shop or when ordering tickets in our ticket shop, we will use this information (title, first and last name, e-mail address, telephone number and address if applicable, and date of birth for age verification) to inform you of similar attractive offers.
You can object to the use of your details for sending product recommendations at any time by clicking on the link at the bottom of the page of the electronic product recommendation or by sending an e-mail to info@bayer04.de.
The legal basis for the use of your contact data for sending product recommendations is Art. 6 para. 1 lit. f DS-GVO in conjunction with § 7 para. 3 UWG.
Member service
If you are a registered member of our club or have a specific membership of other offers (such as lion club, teen club, football school) or are registered with us as a (VIP) season ticket holder, you will receive specific information from us as a service for members. To provide this information, we process your personal data (first and last name, e-mail address, telephone number and address if applicable, and date of birth for age verification). You can object to the use of your details for sending specific membership information at any time by clicking on the link at the bottom of the page of the electronic information or by e-mail to info@bayer04.de. In this case, we will not provide you with any further information as a service and will limit communication with you to the minimum necessary (transitory communication).
The legal basis for processing is Art. 6 para. 1. lit. b. f DSGVO. The use of the form of address you request is made for the purpose of a friendly and customer-appropriate form of address and communication based on Section 6, Sub para 1, Clause 1 lit. f) GDPR.
Contact us by e-mail, fax, telephone or postal mail
If you contact us by e-mail, fax, telephone or postal mail, we will use your details to contact you and to process and reply to your enquiry for the purpose for which it is intended. Your data will not be passed on to third parties. Unless otherwise provided by law and if your request does not serve to prepare for the conclusion of a contract, your details will be deleted by us within a reasonable period after completion of processing.
The legal basis for processing is Art. 6 para. 1. lit. f DSGVO. It is in our legitimate interest to answer and process your request appropriately. If your request to prepare/initiate a contract with you is made, Art. 6 para. 1 lit. b DS-GVO is an alternative legal basis.
Contact us via contact form
You can contact us by using the contact form provided on our website. If you use the contact form, we collect and store your personal data that you have entered in the input mask (e.g. last name, first name, e-mail address, telephone number). We use your data exclusively for the purpose-related processing and answering of your inquiry. Your data will not be passed on to third parties. Unless otherwise provided by law and if your request does not serve to prepare for the conclusion of a contract, your details will be deleted by us within a reasonable period after completion of processing.
The legal basis for processing is Art. 6 para. 1. lit. f DSGVO. If your request to prepare/initiate a contract with you is made, Art. 6 para. 1 lit. b DS-GVO is an alternative legal basis.
We collect and use your data in accordance with legal requirements and only for our own purposes. A transfer to so-called third parties does not take place, unless there is a legal obligation to do so, you have consented to the transfer or the transfer is necessary to fulfil a contract between you and us.
We will only pass on your data to third parties if this is necessary for the fulfilment of our contractual obligations towards you. This includes passing on your data to the shipping service provider (e.g. Deutsche Post) for delivery of the orders placed or passing on the necessary payment data to the payment service provider for processing the payment. We only pass on the data required for the respective task fulfilment to the service provider used. The service provider will not use your data for any other purpose.
The legal basis for passing on data is Art. 6 para. 1. lit. b. DSGVO..
As far as we access other service providers to make our offer possible and grant them possibly necessary access to your data, we have of course concluded a contract for order processing (short CP contract) according to Art. 28 DS-GVO with our service providers for order processing (short contract processor). We also remain responsible for the protection of your data. Through the conclusion of the contract, the service providers used are not regarded as so-called third parties.
8.3 External consultants and legal service providers
For the purpose of our business operations and in certain cases also to protect our interests or to exercise our rights, we are entitled to pass on your personal data to external consultants or legal service providers (Art. 6 para. 1 f) GDPR). These are, for example, tax consultants, auditors, accountants, legal advisors and other external consultants such as debt collection service providers. These recipients generally process the personal data concerned as independent controllers.
Your personal data will be deleted if this is not contrary to statutory retention obligations, if the data is no longer required to fulfil the purpose for which it was stored, if you have asserted a deletion claim or if its retention is inadmissible for other legal reasons.
Your data will normally be processed in Germany. In exceptional cases, information that you transmit to us may be stored on servers within the European Union (EU). Should we, as "person responsible" or "body responsible", deviate from this, we will inform you of this.
11.1 General
We use third party content within this on-line offer, such as videos and maps from other websites or integrated services. If these contents or services of third parties are directly integrated into the website, your data is usually processed directly by the third party provider (e.g. your IP address). We endeavour to use only those services and contents which do not require any direct transmission of your data or which only use the IP address for the delivery of the contents. However, we have no influence on this if the third party providers store the IP address, e.g. for statistical purposes. Where we are aware of this, we inform the users.
11.2 Social Media content
We do not integrate any social media plug-ins that require an immediate transfer of your personal data to the social media provider when you visit our website. However, by clicking on the social media buttons, you can go directly to our website at the respective provider. Since you leave our website and start a connection with the respective social media provider as soon as you press the button, we would point out that the processing of your personal data by the social media provider is outside our data protection responsibility.
To display social media content on our website we use the service Flockler, Flockler Oy Rautatienkatu 26 B 32, 33100, Tampere
Finland, which aggregates relevant social media channels and displays them on our website. The data protection regulations and further information about this service provider can be found under: (external link) https://flockler.com/privacy-policy.
11.3 Cookie consent tool - Usercentrics
To ensure that only those cookies are set on our website for which there is a legal basis, we use the consent management tool from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany.
This service is used to obtain the website visitor's consent to the storage of certain cookies in their browser or the use of certain technologies and to document them in accordance with data protection regulations. When this website is accessed, the consent given by the website visitor or the revocation of consent is stored as a Usercentrics cookie in the browser of the website visitor. A connection to the Usercentrics servers is established for this purpose. The legal basis is Art. 6 para. 1 lit. c GDPR. Usercentrics is used to obtain the legally required consent for the use of cookies.
The data collected will be stored until the website visitor requests its deletion or Usercentrics deletes it itself or the purpose for storing the data no longer applies. The mandatory statutory retention periods remain unaffected by this.
11.4 Affiliate marketing - Awin
Affiliate marketing enables us as a provider of online advertising campaigns ("advertiser") to track which third-party provider of websites, apps or other technologies ("publisher") has referred potential customers to our website through the advertising we have placed.
For this purpose, we process your personal data, which, if you have given your consent, is collected via the tracking cookies set. Furthermore, to validate transactions that come about on the basis of this brokerage cooperation, there is a feedback of the transaction data in the context of tracking, as the affiliate partners only receive their commission if the transaction is successfully concluded.
In doing so, we pursue the legitimate interest of carrying out online advertising campaigns that can be remunerated based on performance using the tracking model implemented by Awin. To carry out affiliate marketing, we work together with the service provider Awin, which supports us in the implementation of the advertising campaigns (e.g. by selecting publishers or tracking the reach of the campaigns).
Tracking:
Awin and Bayer 04 are joint controllers within the meaning of Art. 26 GDPR for the processing of personal network data." The privacy policy with information about the data processed by Awin and your rights in relation to Awin's data processing can be found here: https://www.awin.com/de/rechtliches/privacy-policy-DACH. In some cases, Awin may maintain a pseudonymised user profile. However, this will not reveal your identity, online behaviour or other personal characteristics. The sole purpose of this profile is to track whether a forwarding was started on one device and completed on another device ("cross-device tracking").
The subject matter, type and purpose of the processing are tracking, cross-device tracking and reporting.
The personal data processed in this context is information relating to cookies, information about consumers' IP addresses, information about consumers' transactions (including consumers' interactions with advertisers and publishers), device identifiers and device attributes.
The legal basis for this is with regard to the collection of data/setting of tracking cookies: Art. 6 para. 1 lit. a GDPR, § 25 TTDSG (consent) and with regard to processing: Art. 6 para. 1 lit. f GDPR (legitimate interest in the implementation of commission-based online advertising campaigns).
Advertising:
Awin acts as a processor within the meaning of Art. 28 GDPR. The following processing activities take place in the context of advertising:
The subject matter, nature and purpose of the processing are the collection of consumer data as part of the advertiser's lead generation, business analytics (business intelligence), plugin integration, transaction queries.
The personal data processed in this context is information relating to cookies, information about IP addresses of consumers, pseudonymised transaction data (e.g. product type, generated shopping basket turnover), device identifiers and device attributes.
The legal basis for this is with regard to the collection and processing of data/setting of cookies: Art. 6 para. 1 lit. a GDPR, § 25 TTDSG (consent) and with regard to processing: Art. 6 para. 1 lit. f GDPR (legitimate interest in the implementation of commission-based online advertising campaigns). Further information on the cookies set with your consent (e.g. exact storage times) and the option to manage your consent can be found in the cookie settings.
Bounce Commerce:
In connection with AWIN's affiliate marketing service, this website uses the plugin of the professional bounce management service provider Bounce Commerce GmbH, Lindenallee 39, 47608 Geldern, Germany.
No additional personal or personally identifiable data is transferred to the technical service provider. Technically necessary data, which contains purely technical information but no personal data, is stored and transmitted in the browser's localStorage.
Further information on data protection at Bounce Commerce GmbH can be found at https://www.bounce-commerce.de/en/data-protection.
11.5 Google Ads
By using Google Ads, an online advertising tool from Google, which we use on our website, so-called "remarketing" is made possible. This makes it possible to display customised advertising based on your surfing habits on other websites. Your surfing behaviour on our website is analysed so that you can be shown advertising that matches your interests on other websites.
For this purpose, Google uses cookies that can identify your browser on a specific computer, smartphone or tablet - but not a person or user. Personal data is not stored.
We only use Google Ads with activated IP anonymisation. This means that your IP address is anonymised by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area by shortening it. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
We also use so-called "Converison Tracking" as part of Google Ads. This ensures that when you click on an advert placed by Google, a cookie is stored on your system. This cookie is used to create statistics on the "conversion rates" - i.e. an overview of the relationship between visits to a page and successful sales as well as the advertising material clicked on by you as a user. Here too, no personal data or other data is processed that can be used to identify the specific user or a person. Further information on Google Ads (e.g. on the storage time or lifespan of the respective cookies), as well as the option to manage your consent, can be found in the cookie settings.
11.6 Load Balancing - Queue-it
We use a so-called "load balancer", a service of Queue-it ApS, Skelbækgade 2-4, 1717 Copenhagen V, Denmark, for the proper provision of the contents of our website.
Queue-it is a virtual waiting room service for controlling website and app traffic (so-called "load balancing"). This service allows us to offload users to an online queue in high demand situations to ensure that our online services are not overloaded. When you access content, you may connect to Queue-it ApS servers within the EU/EEA, whereby your IP address and possibly browser data such as your user agent will be transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain security and functionality.
The use of Queue-it is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimisation of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR. Further information on the cookies set by Queue-it can be found in the cookie settings.
11.7 Google Tag Manager
We use Google Tag Manager on this website. Google Tag Manager is a web analysis service. This service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager does not store cookies and does not analyse data independently. It is only used to manage the tools integrated via it. However, the IP address of the website visitor is recorded, which may be transferred to Google's parent company in the USA.
The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in integrating and managing various tools on our website in an uncomplicated manner. Further details: https://policies.google.com/privacy?hl=en
11.8 Other services
We use the service calovo, calovo GmbH, Grafenberger Allee 32, 40237 Düsseldorf, to integrate appointment data on our website. If you would like to subscribe to the service (e.g. to add the Bayer 04 games to your Smartphone calendar), you will be taken to a website of the service provider where you can complete the subscription. The data protection regulations and further information about this service provider can be found under (external link) https://calovo.de/datenschutz.
To verify you as a human communication partner when you contact us via the contact form, we use the service reCAPTCHA from Google, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data protection regulations and further information about this service provider can be found under: (external link) https://policies.google.com/privacy?hl=de.
To protect our website from spam and bots and to verify you as a human communication partner, we use the Friendly Captcha service from the service provider Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. For this purpose, the following personal data is processed when accessing some sub-services of our website: technical connection data of the server access (the anonymised IP address of the requesting computer, information about the browser used and the operating system) as well as data about the use of the website (an anonymised counter per IP address to control the cryptographic tasks and the referrer URL). The legal basis for this processing is Art. 6 para. 1 lit. f GDPR; our legitimate interest here is to prevent misuse of our services by human and automated input and to enable the secure and functioning operation of the technical systems.
We use Content Delivery Network services to optimise the display of content. The data protection declarations of the services used can be viewed under the following external links.
We use social networks and platforms to inform current and prospective customers using these networks about our offers and to communicate with them.
Processing of personal data in the context of social media services usage also includes processing for market research and advertising purposes and for the collection of statistical data. The social media services providers can employ usage behavior data to create usage profiles (tracking) and also for other purposes, including, without being limited to displaying interest-based advertising and providing the operator of a social media channel with statistical information on the usage of their website. To collect information about user behavior and create and store usage profiles, cookies of the social media service provider are generally placed and stored on user devices. If you have an account with a social media service provider and are logged in, usage data can be collected and stored regardless of the device you use.
The processing of your personal user data and of the data collected for the purpose of statistical usage evaluation is based on legitimate interest (in accordance with Article 6 (1) lit. f GDPR) in an effective information of users and user communication. If you, as the user of the respective social media service, have provided your consent to the above-described processing of data, the legal basis of processing is Art. 6 (1) lit. a. GDPR.
For additional information on the scope of processing of personal data by social media providers, the purposes of such processing, erasure periods, legal basis of processing and your rights as well as options of making specific settings (opt-out), please see the privacy policies of the respective social media services providers below.
Should you wish to receive information about the processing of personal data concerning you by social media services or to assert your rights as a data subject in this regard, we would like to point out that the most effective way of addressing your request would be to directly contact the service provider in this regard. If you choose to request this information or assert other rights with us, we will be happy to forward your request to the service provider, who has access to the relevant user data and can take action in accordance with your rights as a user.
When using social media services, processing of the personal data of users outside the territory of the European Union (EU) cannot be ruled out. Processing of personal data outside the EU involves fundamental risks regarding the enforcement of data subjects’ rights and data privacy. The social media services providers we use regularly process personal data in the USA, i. e. outside the EU. Where necessary, we have concluded specific data processing agreements with the US providers to ensure that an appropriate level of data protection is maintained with regard to the processing of personal data. You can manage the external content/services of these social media providers via the cookie settings (gear icon on this page).
For additional information on data privacy (external links) provided by the social media services providers we use, please see:
We use the link management tool from Rebrandly, 31 Westland Square, Dublin 2, Ireland, for our website to provide you with short and memorable URLs (website addresses). This will redirect you to the full URL on websites. The personal data used for the redirection (such as IP address, browser settings) are not stored and are not used for other purposes. The legal basis is legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR). Further information on data protection at Rebrandly can be found at https://rebrandly.com/privacy-policy.
To analyse website usage, we use a technology for statistical evaluation of usage behaviour. We have concluded an agreement with the service provider used, Webtrekk GmbH, Robert-Koch Platz 4, 10115 Berlin, on order processing in accordance with Art. 28 DS-GVO. The technology used processes usage data on our behalf and evaluates it for us. Where personal data is recorded by the processing, this is immediately anonymised (e.g. by shortening the IP address by a hashing algorithm). The data collected for analysis purposes is not merged with other data sources nor is a profile formed on the basis of the data collected. The data is not passed on to third parties.
The legal basis for processing is Article 6, para. 1, lit f. Our legitimate interest is the statistical analysis of usage behaviour to optimise our website.
We would like to inform you that security gaps can occur during data transfer on the Internet (e.g. via e-mail). Complete protection against access by third parties is therefore not possible for us. We protect our IT systems (including the website(s)) against unwanted access by means of so-called technical and organisational measures (TOM for short): entry, access, disclosure, input, loss and distribution as well as destruction and alteration by unauthorised persons.
Your personal data is transmitted securely over the Internet using the Secure Socket Layer coding system (256 Bit SSL encryption). Access to your customer account is only possible after you enter your personal password. You should always keep your access information confidential and close the browser window as soon as you have finished communicating with us and logged out, especially if you share your computer with others.
We use a web application firewall (WAF for short) to protect against attacks on our website. The processor for this service is F5 Inc, 801 5TH AveSeattle, WA 98104. In particular, the WAF protects us against the infiltration of SQL code, the infiltration of files (file injection / file inclusion), cross-website scripting and the infiltration of commands. For this purpose, every visit to our websites is filtered by the F5 servers. The WAF then attempts to identify malicious web traffic and prevents it from reaching our websites. F5 does not store any personal data, but the data flow does include personal data. The transfer to F5 Inc takes place, among other places, in the USA and thus in a country outside the EU or the EEA. We have agreed the standard contractual clauses of the European Union with F5 Inc. for this data transfer in accordance with Art. 46 para. 2 lit. c GDPR. F5 Inc. is also certified in accordance with the EU-US Data Privacy Framework (DPF). The legal basis for data processing is our legitimate interest in protecting our websites and platforms and the content and data stored on them from attacks and unauthorised access through technical measures (Art. 6 para. 1 lit. f GDPR).
On our website, we use, among other things, tools from providers that are based in non-EU/EEA countries. These are third parties or processors in the following countries: USA
We would like to point out that the USA, as a secure third country, generally has a level of data protection comparable to that of the EU. Data transfer to the USA is therefore permitted if the recipient is certified under the "EU-US Data Privacy Framework" (DPF) or has suitable additional guarantees.
If, in exceptional cases, we make use of recipients located in third countries where the level of data protection differs from the level of data protection in the EU and there is no adequacy decision by the European Commission (or this is not applicable to the service provider due to lack of certification under the "EU-US Data Privacy Framework" (DPF)), we provide adequate safeguards in advance, in particular by entering into the data transfer agreements adopted by the European Commission (e.g. standard data protection clauses) with the recipients and further taking measures to ensure an adequate level of data protection.
You can obtain an overview of the recipients in third countries as well as a copy of the concretely agreed regulations to ensure the appropriate level of data protection. Please use the information in section 2 "Person responsible and contact details of the data protection officer" for this purpose.
The contact person for the protection of your rights as a data subject is our data protection officer (see above for contact details).
16.1 Right to information
Under the legal requirements of Art. 15 DS-GVO, you can of course and at any time request information on whether we process any your personal data. If we process any of your personal data, you can also request information about the circumstances and structure of the processing and more detailed information about the data processed.
16.2 Right to correction
Under Article 16 of the DS GVO, you may request that inaccurate information about yourself be corrected if you are unable to make a change yourself.
16.3 Right to deletion
Under the statutory requirements of Art. 17 DS-GVO, you are entitled to demand that we delete personal data concerning you immediately. The right of deletion does not exist, among other things, if the processing of personal data is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation to which we are subject (e.g. statutory retention obligations) or for the assertion, exercise or defence of legal claims.
16.4 Right to restriction of processing
In accordance with Art. 18 DS-GVO, you may request that the processing of your personal data be restricted.
16.5 Right to data transferability
You are entitled, under the conditions of Art. 20 DS-GVO, to require us to provide you with the personal data concerning you that we process in a structured, common and machine-readable format.
16.6 Right to object
Under the conditions of Art. 21 DS-GVO, you have the right to object to the processing of your personal data and to request us to stop processing. The right of objection exists only to the extent provided for by law. Your objection may be opposed by legitimate interests, which require further processing.
Objections in the context of spectator images of events within the meaning of Point 11 of the General Ticketing Terms and Conditions
Ticket holders can opt out of the use of their spectator images (photo and sound recordings) at any time and free of charge. You can submit your objection to the contacts named in Points 2 and 3.
16.7 Right of cancellation
You can revoke your consent to the processing of your personal data (e.g. as part of a newsletter subscription) at any time and with effect for the future in accordance with Art. 7 para. 3 DS-GVO, without incurring costs that exceed the transfer costs in accordance with the basic tariffs.
16.8 Disclosure requirement
Under Art. 19 DS-GVO, we are obliged to inform all recipients to whom personal data has been disclosed about corrections, deletions and restrictions of the processing of your personal data. Exceptions may be made if this is impossible or involves a disproportionate effort. We will be happy to inform you about these recipients on request.
16.9 Automated decision in individual cases including profiling
We also ensure your rights in accordance with Art. 22 DS-GVO. You and/or your data are therefore not the subject of decisions on our website that are based exclusively on automated processing - including profiling.
16.10 Right of appeal/supervisory authority
You have the right under Art. 77 DS-GMO to complain to a supervisory authority or a competent body if you have a reason for complaint, in particular if you believe that the processing of your personal data does not comply with the statutory provisions and the requirements of this data protection declaration
The contact details of the supervisory authority responsible for Bayer 04 Fußball GmbH are as follows:
Landesbeauftragte für Datenschutz und Informationsfreiheit (State Commissioner for Data Protection and Freedom of Information)
Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-10
Email: poststelle@ldi.nrw.de
We assume no liability for external links and the offers of third parties made accessible through them. Furthermore, we would like to point out that the information on this website is for information purposes only and is not legally binding.
Progressive technology, legal requirements or even changed processes can have an impact on this data protection declaration, among other things. We therefore reserve the right to change this data protection declaration at any time with effect for the future. You will find the current version of the data protection declaration on this website. Please visit this sub-page of the homepage regularly to keep up to date with the applicable regulations.
Version: 20.01.2022