Privacy policy of SPORTFIVE Germany GmbH
The provisions of the EU General Data Protection Regulation (hereinafter referred to as GDPR) apply throughout Europe. We would like to inform you about the
processing of personal data carried out by our company in accordance with this regulation (see Articles 13 and 14 GDPR). If you have any questions or comments about this privacy policy, you can send them at any time to the email address given in section 2 or 3.
Table of contents
I. Overview
Scope of application
Person responsible
Data Protection Officer
Data security
II. The data processing in detail
General information on data processing
Accessing the website/application
Newsletter
Customer support
Purchase of goods and services and payment processing
Tracking
Social media plugins
III. Rights of data subjects
Right of objection
Right to information
Right to rectification
Right to erasure (‘right to be forgotten’)
Right to restriction of processing
Right to data portability
Right to withdraw consent
Right to lodge a complaint
IV. Glossary
I. Overview
In this section of the privacy policy, you will find information on the scope of application, the data controller, its data protection officer and data security.
1. scope of application
Data processing by SPORTFIVE Germany GmbH can essentially be divided into two categories:
- For the purpose of contract fulfilment, all data required for the execution of a contract with SPORTFIVE Germany GmbH is processed. If external service providers are also involved in the processing of the contract, e.g. payment service providers, your data will be passed on to them to the extent necessary in each case.
- When you access the SPORTFIVE Germany GmbH website/application, various information is exchanged between your end device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimise our website or to display advertising in the browser of your end device.
This privacy policy applies to the following offers
- our online offer available at www.official-vip.com;
- whenever reference is made to this privacy policy from one of our offers (e.g. websites, subdomains, mobile applications, web services or integrations in third-party sites), regardless of how you access or use it.
All of these offers are also collectively referred to as ‘services’.
2. responsible person
The person responsible for data processing - i.e. the person who decides on the purposes and means of processing personal data - in connection with the services is
SPORTFIVE Germany GmbH
Barcastraße 5
22087 Hamburg
Phone: +49 (0)40 376 77-0
Fax: +49 (0)40 376 77-129
E-mail: de.info@sportfive.com
VAT ID No.: DE814116740
Registered office and register court: Hamburg HRB 10 22 66
Managing directors: Philipp Hasenbein, Hendrik Schiphorst
3. data protection officer
If you have any questions about our data protection measures, the processing of your data or the protection of your rights as a data subject, you can contact us and our data protection officer as follows:
External data protection officer
ePrivacy GmbH
represented by Prof. Dr Christoph Bauer
Burchardstraße 14, 20095 Hamburg
For all questions and concerns regarding your data, please contact de.info@sportfive.com
Sollten Sie direkt mit unserem Datenschutzbeauftragten kommunizieren wollen (beispielsweise, weil Sie ein besonders sensibles Anliegen haben), kontaktieren Sie diesen bitte auf dem Postweg, da die Kommunikation per E-Mail immer Sicherheitslücken aufweisen kann. Bitte geben Sie bei der Anfrage an, dass sich ihr Anliegen auf die Firma SPORTFIVE Germany GmbH und den Onlineshop „www.official-vip.com“ bezieht.
4. data security
We have established an information security management system in our company in order to develop the measures required by Art. 32 GDPR and thus achieve a level of protection appropriate to the risk.
II The data processing in detail
In this section of the privacy policy, we inform you in detail about the processing of personal data in the context of our services. For the sake of clarity, we have organised this information according to certain functionalities of our services. During normal use of the services, different functionalities and therefore also different processing operations may be carried out consecutively or simultaneously.
1. general information on data processing
Unless otherwise stated, the following applies to all processing described below:
a. No obligation to provide
There is neither a contractual nor a legal obligation to provide personal data. You are not obliged to provide data.
b. Consequences of non-provision
In the case of required data (data that is labelled as mandatory when it is entered), failure to provide it will mean that the service in question cannot be provided. Otherwise, failure to provide the data may mean that our services cannot be provided in the same form and quality.
c. Consent
In various cases, you have the option of giving us your consent to further processing in connection with the processing described below (possibly for some of the data). In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all modalities and the scope of the consent and about the purposes that we pursue with this processing.
d. Transfer of personal data to third countries
If we transfer data to third countries, i.e. countries outside the European Union, the transfer takes place exclusively in compliance with the legally regulated conditions of admissibility.
The admissibility requirements are regulated by Art. 44 -49 GDPR.
e. Hosting with external service providers
Our data processing is carried out to a large extent with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centres and also process personal data on our behalf in accordance with our instructions. These service providers either process data exclusively in the EU or we have guaranteed an appropriate level of data protection with the help of EU standard data protection clauses.
f. Transmission to state authorities
We transfer personal data to state authorities (including law enforcement authorities) if this is necessary to fulfil a legal obligation to which we are subject (legal basis: Art. 6 para. 1 c) GDPR) or if it is necessary for the assertion, exercise or defence of legal claims (legal basis Art. 6 para. 1 f) GDPR).
g. Storage period
We do not store your data for longer than we need it for the respective processing purposes. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its temporary storage is still necessary. Reasons for this may include the following:
- The fulfilment of retention obligations under commercial and tax law
- The preservation of evidence for legal disputes within the framework of the statutory limitation periods
It is also possible for us to continue to store your data with us if you have expressly given your consent for this.
h. Data categories
- Account data: Login/user ID and password
- Personal master data: Title, form of address/gender, first name, surname, date of birth
- Address data: Street, house number, address supplements if applicable, postcode, city, country
- Contact details: Telephone number(s), fax number(s), e-mail address(es)
- Registration data: Information about the service through which you have registered; times and technical information on registration, confirmation and cancellation; data provided by you during registration
- Order data: Products ordered, prices, payment and delivery information
- Payment data: Account data, credit card data, data on other payment services such as Paypal
Access data: Date and time of the visit to our service; the page from which the accessing system reached our site; pages accessed during use; session identification data (session ID); also the following information of the accessing computer system: internet protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.
i. Linking of personal data
We link your future and historical data of the various service providers if you have expressly given your consent for this.
2. Calling the website/application
This describes how we process your personal data when you access our services. We would particularly like to point out that the transmission of access data to external content providers (see b.) is unavoidable due to the technical functioning of information transmission on the Internet.
a. Information on processing
Data category
Purpose
Legal basis
Legitimate interest, if applicable
Storage period
Access data
Establishing a connection, displaying the contents of the service, detecting attacks on our site based on unusual activities, diagnosing errors
Art. 6 Para. 1 f) GDPR
Proper functioning of the services, security of data and business processes, preventing misuse, preventing damage caused by interference with information systems
7 days
b.Recipients of the personal data
Recipient category
Data affected
Legal basis for transmission
Legitimate interest, if applicable
External content providers who provide content (e.g. images, videos, embedded postings from social networks, advertising banners, fonts, update information) that is required to display the service
Access data
Order processing (Art. 28 GDPR)
Proper functioning of the services, (accelerated) display of content
IT security service provider
Access data
Order processing (Art. 28 GDPR)
Prevention of attacks by exploiting security gaps / vulnerabilities
3. Newsletter
We describe here what happens to your personal data in connection with a subscription to our newsletter:
a. Information on processing
Data category
Purpose
Legal basis
Legitimate interest, if applicable
Storage period
E-mail address
Verification of registration (double opt-in procedure), sending of newsletter
Art. 6 Para. 1 Letter a) GDPR
-
Duration of newsletter subscription
Personal master data
Personalization of the newsletter
Art. 6 Para. 1 Letter a) GDPR
-
Duration of newsletter subscription
Registration data
Traceability of newsletter registration/confirmation/unsubscription
Art. 6 Para. 1 Letter f) GDPR
Proof of newsletter registration/confirmation/unsubscription
Duration of newsletter subscription
Newsletter usage profile data
Design of the newsletter in line with interests
Art. 6 Para. 1 Letter f) GDPR
Improvement of our service, advertising purposes
Duration of newsletter subscription
b. Recipient of the personal data
Recipient category
Data affected
Legal basis for transmission
Legitimate interest, if applicable
Service provider for newsletter dispatch
all data mentioned under a.
Order processing (Art. 28 GDPR)
-
Service provider for data analysis
all data mentioned under a.
Order processing (Art. 28 GDPR)
-
The newsletter is sent using the shipping service provider “MailChimp”, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the data protection regulations of the shipping service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The shipping service provider is used on the basis of a data processing agreement in accordance with Art. 28 Para. 3 Clause 1 GDPR.
The shipping service provider can use the recipients' data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for the technical optimization of the sending and presentation of the newsletter or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them themselves or to pass the data on to third parties.
The data analysis is carried out by the service provider KORE Interactive Systems (USA) Inc., 259 W 30th St, 16th Floor New York NY 10001, USA. You can view the service provider's data protection regulations here: https://koresoftware.com/privacy-policy/. The data is only stored on servers located in a member state of the European Union. The service provider is used on the basis of a data processing agreement in accordance with Art. 28 Para. 3 Sentence 1 GDPR.
4. Customer support
You can find out how we process your personal data when you contact our customer service here:
a. Information on processing
Data category
Purpose
Legal basis
Legitimate interest, if applicable
Storage period
Personal master data, contact details, contents of inquiries/complaints
Processing of customer inquiries and user complaints
Art. 6 Para. 1 b), f)
Customer loyalty, improvement of our service
Processing of the inquiry
b. Recipients of personal data
Recipient category
Data affected
Legal basis for transmission
Legitimate interest, if applicable
Service provider for the chat function
Contact details
Order processing (Art. 28 GDPR)
-
5. Purchase of goods and services and payment processing
The following information describes how your personal data is processed when you purchase and pay for goods and services via our online offer:
a. Information on processing
Data category
Purpose
Legal basis
Legitimate interest, if applicable
Storage period
Personal master data, contact data, content of inquiries, content of offers, payment data
Processing of customer inquiries and sale of goods and services
Art. 6 Para. 1 b), f)
Proper functioning of the services
Improvement of the services offered
b. Recipients of the personal data
Recipient category
Data affected
Legal basis for transmission
Legitimate interest, if applicable
Service provider for the payment process
Payment data
Order processing (Art. 28 GDPR)
-
Service provider for data analysis
Personal master data, contact data, content of inquiries, content of offers
Order processing (Art. 28 GDPR)
-
As part of the payment processing, your data may be passed on to the following payment service providers. The credit card number or other bank details are not stored by SPORTFIVE and are forwarded directly to the payment service providers:
Payments by credit card, PayPal and instant bank transfer are processed by our partner Adyen BV, Simon Carmiggelstraat 6 - 50, 1011 DJ Amsterdam. To prevent and detect cases of fraud, we transmit your IP address to our partner Adyen BV, Simon Carmiggelstraat 6 - 50, 1011 DJ Amsterdam. Your IP address is stored by Adyen BV. All data is transmitted in encrypted form.
In cases where a contract is concluded directly between you and an organizer, we forward your billing details (name, address, service purchased) to the respective organizer.
The data analysis is carried out by the service provider KORE Interactive Systems (USA) Inc., 259 W 30th St, 16th Floor New York.
Google reCAPTCHA
In order to ensure sufficient data security when submitting forms, we use the reCAPTCHA service from Google Inc. in certain cases. This is primarily used to distinguish whether the input was made by a natural person or was misused by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. The different data protection regulations of Google Inc. apply to this. Further information on the data protection guidelines of Google Inc. can be found at https://www.google.de/intl/de/privacy
or https://www.google.com/intl/de/policies/privacy/
etracker
The provider of this website uses services from etracker GmbH from Hamburg, Germany (www.etracker.com) to analyze usage data. Cookies are used to enable statistical analysis of the use of this website by its visitors and to display usage-related content or advertising. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that enables a user to be identified.
The data generated with etracker is processed and stored exclusively in Germany by etracker on behalf of the provider of this website and is therefore subject to the strict German and European data protection laws and standards. etracker has been independently tested, certified and awarded the data protection seal of approval :#ePrivacyseal.
The data processing takes place on the legal basis of Art. 6 Para. 1 lit f (legitimate interest) of the EU General Data Protection Regulation (EU GDPR). Our legitimate interest lies in optimizing our online offering and our website. Since the privacy of our visitors is particularly important to us, the IP address is anonymized at etracker as soon as possible and login or device identifiers at etracker are converted into a unique key that is not assigned to a person. Etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.
You can object to the data processing described above at any time, provided that it is personal. Your objection will have no adverse consequences for you.
You can find more information on data protection at etracker here.
www.converify.com in conjunction with adnet.de as a technical service provider
This page includes functions from converify.com (converify GmbH, Hofmannstr. 25-27, D-81379 Munich), which enable us to make you the right offer at the right time. We want to use this to permanently improve your shopping experience and make it customer-friendly and individual for you.
www.converify.com and www.adnet.de use cookies for this purpose. These automatically record technical device and access data that is transmitted by your browser when you interact with our website. The data collected is used for so-called on-site optimization in order to be able to present you with relevant recommendations and content when you visit our website. This data is not used to personally identify you, but solely for a pseudonymous evaluation of your use of the website (e.g. scrolling, clicking, mouse-over) or leaving the page. The data is never permanently merged with other personal data stored by us about you. converify.com and adnet.de use both so-called session cookies, which are automatically deleted when you close your browser, and permanent cookies, which remain on your device until they are deleted.
Examples of information that we collect and analyze include the Internet Protocol (IP) address that connects your computer to the Internet, logins, information about computers and connections to the Internet, such as the browser type and the language used. B. Browser type, version and extensions, time zone settings, operating system and platform, including date and time, cookie or flash cookie number, products you have viewed or searched for. We may also collect technical information that makes it easier for us to identify your device and thereby prevent misuse or for error diagnosis. You can deactivate the cookies used by converify.com and adnet.de at any time via the following link:
https://www.official-vip.com#ConvOptOut
7. Social media plugins
This website may contain additional programs (plugins) from social networks such as Facebook, Google+, Twitter or Pinterest, which are operated by third parties and via which messages can be sent to the corresponding social network using a button in order to rate, recommend or share content, for example. In doing so, we pursue the purpose and legitimate interest of making our services better known. We configure our services so that data is only transmitted when you press the button. In this case, the legal basis for the data transmission is Art. 6 I f) GDPR. The respective provider is responsible for processing the transmitted data in accordance with data protection regulations.
Name of the service
Provider
Provider's privacy information
Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA
https://de-de.facebook.com/about/privacy/
Google+
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
https://www.google.com/+/policy/pagesterm.html
Twitter Inc., 539 Bryant Street, Suite 402, San Francisco, CA 94107, USA
https://twitter.com/de/privacy
a. Information on processing
Data category
Purpose
Legal basis
Legitimate interest, if applicable
Storage period
Messages and reviews via the user's own social media account
To make services better known
Art. 6 I f) GDPR
To make services better known
b. Recipient of the personal data
Recipient category
Data concerned
Legal basis for transmission
Legitimate interest if applicable
Social media service provider
all data mentioned under a.
III. Rights of the data subject
1. Right of objection
If we process your personal data in order to conduct direct advertising, you have the right to object at any time with future effect to the processing of personal data concerning you for the purpose of such advertising.
You also have the right to object at any time with future effect to the processing of personal data concerning you in accordance with Art. 6 (1) (e) or (f) GDPR for reasons arising from your particular situation.
You can exercise your right of objection free of charge.
You can contact us using the contact details provided under I.2.
2. Right to information
You have the right to know whether we process personal data concerning you, what personal data this may be, and further information in accordance with Art. 15 GDPR.
3. Right to rectification
You have the right to request that we immediately rectify any inaccurate personal data concerning you (Article 16 GDPR). Taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed - also by means of a supplementary declaration.
4. Right to erasure ("right to be forgotten")
You have the right to request that we immediately erase personal data concerning you if one of the reasons stated in Article 17 (1) GDPR applies and the processing is not necessary for one of the purposes set out in Article 17 (3) GDPR.
5. Right to restriction of processing
You are entitled to request that the processing of your personal data be restricted if one of the conditions set out in Article 18 (1) letters a) to d) GDPR is met.
6. Right to data portability
You have the right to receive the personal data concerning you that you have made available to us in a structured, common and machine-readable format. Furthermore, you have the right to transmit this data to another responsible party without hindrance from us or to have it transmitted directly by us, provided this is technically possible. This should always apply if the basis for data processing is consent or a contract and the data is processed automatically. This does not apply to data held only in paper form.
7. Right of withdrawal in the event of consent
If the processing is based on your consent, you have the right to withdraw your consent at any time. This does not affect the legality of the processing carried out on the basis of the consent until the withdrawal.
8. Right to complain
You have the right to complain to a supervisory authority.
IV. Glossar
Processor: A natural or legal person, authority, institution or other body that processes personal data on behalf of the controller.
Browser: Computer program for displaying websites (e.g. Chrome, Firefox, Safari)
Cookies: The term "cookie" actually comes from the English vocabulary and can be translated into German as "biscuit" in its original meaning. In the context of the World Wide Web, however, a cookie describes a small text file that is stored locally on the user's computer when a website is visited. This file stores data about the user's behavior. If the browser is called up and the corresponding website is visited repeatedly, the cookie is used and uses the stored data to provide the web server with information about the user's surfing behavior.
Cookies in this context are not cookies, but information that a website stores locally on the visitor's computer in a small text file. This can be settings that the user has already made on a page, but also information that the website has collected completely independently from the user. These locally stored text files can then be read again later by the same web server that created them. Most browsers accept cookies automatically. You can manage cookies using the browser functions (usually under "Options" or "Settings"). This means that the storage of cookies can be deactivated, made dependent on your consent in individual cases or otherwise restricted. You can also delete cookies at any time.
Third countries: Country that is not bound by the legal requirements of the EU Data Protection Directive (country outside the EEA)
Personal data: All information relating to an identified or identifiable natural person. A natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Pixels: Pixels are also called tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on websites. When a document is opened, this small image is loaded from a server on the Internet, and the download is registered there. This allows the server operator to see whether and when an email was opened or a website was visited. This function is usually implemented by calling a small program (Javascript). This allows certain types of information to be recognized and passed on to your computer system, such as the content of cookies, the time and date of the page view and a description of the page on which the tracking pixel is located.
Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person.
Services: Our offers to which this data protection declaration applies (see scope).
Tracking: The collection of data and its evaluation regarding the behaviour of visitors to our services.
Tracking technologies: Tracking can be carried out both via the activity logs (log files) stored on our web servers and by collecting data from your device via pixels, cookies and similar tracking technologies.
Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or linking, restriction, erasure or destruction.