Privacy Policy   /  Datenschutzerklärung  /  Polìtica de Privacidad 

1. Introduction

This privacy policy informs you, as a user of our website “Football Palace,” about the nature, scope, and purpose of the processing of personal data on this website. The use of your personal data is carried out strictly in accordance with legal regulations, especially the General Data Protection Regulation (GDPR).

Responsible for the data processing on this website is:

Benjamin-Pedrito Zober

39104 Magdeburg
Germany

 

2. Overview of Data Processing

The data processing on this website is carried out by the website operator. The contact data is stored on the servers of the website operator, and the data is generally not disclosed to third parties unless expressly indicated.

The processing of your personal data is based on our legitimate interest according to Art. 6(1)(f) GDPR to improve our online offering and efficiently communicate with users. If consent for data processing is obtained, Art. 6(1)(a) GDPR serves as the legal basis.

 

3. Types of Processed Data

Various types of personal data may be processed when using our website, including:

Master Data:
We process master data (e.g., names and addresses of customers) as well as contractual data (e.g., services used, names of contact persons, payment information) to fulfill our contractual obligations and provide services according to Art. 6(1)(b) GDPR.

Contact Data:
When you contact us (e.g., via contact form, email, telephone, or social media), your information is processed to handle the contact request and its processing according to Art. 6(1)(b) GDPR.

Content Data:
All data you enter, such as text inputs, photographs, and videos, may be stored and processed.

Usage Data:
We process usage data (e.g., visited pages of our online offering, interest in our products) and content data (e.g., entries in contact forms or user profiles) for advertising purposes in a user profile to display product recommendations from our range that correspond to your previous usage behavior.

Meta-/Communication Data:
This may include, among other things, IP addresses or device information.

 

4. Categories of Data Subjects

Visitors and users of the online offering (hereinafter collectively referred to as “users”).

 

5. Purpose of Processing

Provision of the online offering, its functions, and content

Responding to contact inquiries and communicating with users

Security measures

Audience measurement/marketing

 

6. Terminology Used

“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more specific characteristics expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and includes virtually any handling of data.

“Controller” means the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.

 

7. Relevant Legal Bases

In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing. If the legal basis is not specified in this privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing to fulfill our services and carry out contractual measures and respond to inquiries is Art. 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR. If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Art. 6(1)(d) GDPR serves as the legal basis.

 

8. Security Measures

In accordance with Art. 32 GDPR, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

 

9. Cooperation with Data Processors and Third Parties

If we disclose or transmit data to other individuals and companies (data processors or third parties) within the scope of our processing, or grant them access to the data, this is only done on the basis of legal permission (e.g., if the transmission of data to third parties, such as payment service providers, is necessary for the fulfillment of a contract according to Art. 6(1)(b) GDPR), if you have given your consent, if a legal obligation provides for it, or based on our legitimate interests (e.g., when using agents, web hosts, etc.).

 

10. Transfers to Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosing/transferring data to third parties, this only takes place if it is necessary to fulfill our (pre)contractual obligations, based on your consent, a legal obligation, or our legitimate interests.

Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means that the processing takes place, for example, on the basis of specific guarantees, such as an officially recognized level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

However, we would like to point out that the Privacy Shield, a data protection agreement between the EU and the USA, was declared invalid by the European Court of Justice in July 2020. Therefore, we can no longer refer to this agreement to ensure an adequate level of data protection. Instead, we rely on other mechanisms, such as the European Commission’s standard contractual clauses, to ensure the protection of your personal data when transferring it to third countries.

 

11. Rights of Data Subjects

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and if so, to request access to this data and further information and a copy of the data according to Art. 15 GDPR.
According to Art. 16 GDPR, you have the right to request the completion of your personal data or the rectification of inaccurate data concerning you.
According to Art. 17 GDPR, you have the right to demand the immediate deletion of personal data concerning you, or alternatively, according to Art. 18 GDPR, the restriction of the processing of your data.
Furthermore, according to Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us and to request its transmission to other controllers.
In accordance with Art. 77 GDPR, you also have the right to lodge a complaint with the competent supervisory authority.

 

12. Right to Withdraw Consent

Right to Withdraw Consent
You have the right to revoke your consent at any time with future effect according to Art. 7(3) GDPR.

 

13. Right to Object

You can object to the future processing of personal data concerning you in accordance with Art. 21 GDPR at any time. The objection can be made, in particular, against processing for direct marketing purposes.

 

14. Cookies and Right to Object to Direct Marketing

“Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Cookies that are not strictly necessary to provide the services on this website are only used after consent has been given. Users can revoke or change their consent at any time by accessing the cookie declaration on our website.

If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies may result in functional limitations of this online offering.

A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that if you choose to reject cookies from third-party providers, certain content on our website may not be displayed.

 

15. Data Deletion

The data processed by us will be deleted or its processing will be restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations to the contrary. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

According to legal regulations in Germany, storage is particularly necessary for 6 years according to § 257(1) HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and for 10 years according to § 147(1) AO (books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation, etc.).

 

16. Contact

When contacting us (e.g., via contact form, email, telephone, or social media), the user’s information is processed for the purpose of processing the contact request and its handling according to Art. 6(1)(b) GDPR. The user’s information may be stored in a customer relationship management system (“CRM system”) or a similar inquiry organization.

 

17. Collection of Access Data and Log Files

We or our hosting provider collect data about every access to the server on which this service is located (server log files) based on our legitimate interests according to Art. 6(1)(f) GDPR. The access data includes the name of the accessed webpage, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user’s operating system, referrer URL (previously visited page), IP address, and the requesting provider.

 

18. Online Presence in Social Media

We maintain online presences within social networks and platforms to communicate with customers, interested parties, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

 

19. Integration of Third-Party Services and Content

Within our online offering, we use content or service offerings from third-party providers on the basis of your explicit consent in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

The use of services or content from third-party providers that set additional cookies or perceive the user’s IP address is only done if you have given your consent via our cookie banner. The consent is voluntary according to Art. 6(1)(a) GDPR and can be revoked or changed at any time by accessing the cookie settings on our website.

This always presupposes that the third-party providers of this content perceive the user’s IP address because they would not be able to send the content to the user’s browser without the IP address. The IP address is therefore required for the display of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content.

Please note that if you reject cookies from third-party providers, certain content on our website may not be displayed.

 

20. Google Analytics

We only use Google Analytics, a web analytics service provided by Google LLC (“Google”), if you have given your explicit consent via our cookie banner in accordance with Art. 6(1)(a) GDPR. The information generated by the cookie about your use of this online offering is usually transferred to a Google server in the USA and stored there.

Google is certified under the “EU-US Privacy Shield.” However, due to a ruling by the European Court of Justice in July 2020, this data protection agreement is invalid. Nevertheless, Google continues to be subject to strict Californian data protection laws and is registered under the “US Privacy Shield” (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).

However, we would like to point out that when transferring data to the USA, an adequate level of data protection may not always be guaranteed due to legal or contractual guarantees. There is a risk that authorities in the USA may access the transferred data without the data subjects being informed or being able to take legal action.

You can revoke your consent at any time with future effect by adjusting the cookie settings on our website or by generally preventing the setting of cookies in your browser settings. Please note, however, that if you reject cookies in general, not all functions of our website may be fully available.

 

21. Processing Donations via PayPal

Purpose of Data Processing:
On our website, we offer the option to make donations through the payment service provider PayPal. This option is intended for users who wish to support our work. Using PayPal enables a quick, secure, and efficient processing of your donations.

Scope of Data Processing:
If you choose to donate via PayPal, you will be redirected to PayPal’s website. Certain personal data is necessary for processing the payment and will be transmitted to PayPal. This usually includes your name, address, email address, possibly your phone number, and transaction information.

Please note that PayPal is an independent controller within the meaning of data protection law. The data processed by PayPal and the extent of this processing are determined by PayPal’s privacy policies.

Legal Basis:
The processing of your data in the context of donation transactions via PayPal is based on your explicit consent according to Art. 6(1)(a) GDPR, as well as for the fulfillment of a contract according to Art. 6(1)(b) GDPR.

Further Information:
For more information on data processing by PayPal, please refer to PayPal’s privacy policy, which you can access at https://www.paypal.com/webapps/mpp/ua/privacy-full.

 

22. E-Commerce and Payment Service Providers

We process the data of our customers as part of the order process in our online shop to enable them to select and order the chosen products and services, as well as to process their payment and delivery or execution.

 

23. Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary