Thank you for visiting our website. We take the protection of your privacy very seriously when collecting, processing, and using your personal data, in accordance with the statutory provisions. This page gives you an overview of how we intend to handle your personal data.
Data protection is a matter of great importance to us. Your personal data is collected and processed in compliance with the data protection regulations as applicable, in particular the General Data Protection Regulation (GDPR).
Tabel of content:
The controller of the processing of your personal data within the meaning of Art. 4 (7) GDPR is Olympiapark München GmbH, Spiridon-Louis-Ring 21, 80809 München, Managing Director Marion Schöne, phone +49-89-30-670, fax +49-89-3067-2222, e-mail email@example.com, Munich Local Court HRB 6971. If you wish to object to your data being collected, processed, or used by us in accordance with these data protection provisions, either wholly or in relation to individual measures, please direct your objection to the controller.
We use personal data for the purpose of operating the website and for processing contractual relations.
The hosting services utilized by us serve to make the following services available: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services used by us for the purpose of operating the website. This entails our processing inventory data, contact details, content data, contractual data, usage data, metadata, and the communication data of visitors to this website on the basis of our legitimate interests in the efficient and secure provision of our website pursuant to point (f) sentence 1 of Art. 6 (1) GDPR in conjunction with Art. 28 GDPR. The servers used are located in Germany/Europe only.
We collect information on you when you use this website. We automatically collect information on your user behavior and your interactions with us and register data concerning your computer or mobile device. We collect, store, and use data regarding every instance of our website being accessed (so-called server log files).
This access data includes:
We use these log files without their being attributed to you and without any other form of profile creation for statistical analysis for the purposes of the operation, security, and optimization of our website, for anonymously logging the number of visitors to our website (traffic) and the scope and type of use of our website and services, and for billing purposes to measure the number of clicks received from cooperative partners. Based on this information, we are able to provide customized and location-based content as well as analyze the data traffic, find and rectify errors, and improve our services.
Here, too, we have a legitimate interest pursuant to point (f) sentence 1 of Art. 6 (1) GDPR.
We reserve the right to subsequently check the log files if, based on concrete indications, there is the legitimate suspicion of illegal usage. We record IP addresses in the log files for a limited period (generally for seven days) if this is necessary for security purposes or is required for service performance or for the billing of a service, e.g. if you avail yourself of one of our offerings. We shall delete your IP address if an order process is aborted or upon receipt of payment if it is no longer required for security purposes. We shall additionally log IP addresses if we have concrete suspicions of a criminal offense in relation to the use of our website.
We use so-called session cookies to optimize our website. A session cookie is a small text file which is sent by a server to your hard drive and stored there temporarily when you visit a website. This file contains a so-called session ID, which allows various requests from your browser to be identified as being part of the same session. These cookies are deleted when you close your browser. The purpose includes enabling users to use a shopping cart function across multiple pages.
To a small extent, we additionally use persistent cookies (likewise small text files which are stored on your device) that remain on your device and enable us to recognize your browser when you next visit our website. These cookies are stored on your hard drive and are deleted automatically after a specified period. They have a lifespan of between one day and 14 months. These enable us to make our services more user-friendly, more efficient, and securer, and to present you with information which is specifically tailored to your interests.
A cookie is assigned an identification number upon being activated. This identification number is not attributed to your personal data. Your name, IP address, and similar data which would allow the cookie to be attributed to you are not stored in the cookie. Based on cookie technology, we only receive pseudonymized information such as which of our website pages were visited, which products were viewed, etc. You can alter your browser settings such that you are notified in advance whenever cookies are to be set and can decide whether you wish to deny cookies on a case-by-case basis or in general, or prevent them from being set altogether.
In accordance with point (f) of Art. 6 (1) GDPR, we use the open-source software tool Matomo (formerly Piwik) on our website for analysis of our users’ surfing behavior. This provides us with information on use of the individual components of our website and this helps us continuously improve our website and its user-friendliness. The software sets a cookie on the user’s computer. When individual pages of our website are viewed, the following data is logged in addition to the data listed in 3.2:
The software runs exclusively on our website’s servers. Users’ personal data is only logged there. The users’ interest in the protection of their personal data is appropriately accounted for with the anonymization of their IP addresses.
The data is not passed on to any third parties.
We process the personal data we need in order to fulfill our contractual duties, for example the user’s name, address, e-mail address, ordered products/event services, and invoicing and payment data. Collection of this data is necessary for the conclusion of a contract.
The data shall be erased upon expiration of the warranty and the statutory retention periods. Data linked to a user account (see below) is retained for as long as the account is maintained.
The legal basis for the processing of this data is point (b) sentence 1 of Art. 6 (1) GDPR as this data is needed in order for us to fulfill our contractual duties toward you.
We process personal data which we consider to be in our legitimate business interest in order to fulfill our order. This includes, for example, the obligations in connection with our contract to award procedures and also the maintenance of other business relationships with business partners, such as suppliers and service providers. For this purpose, we process contact data of contact persons such as e-mail address and telephone numbers, information about products and services requested or ordered. In some cases, we also process the data of employees of our business partners, for example to control access to our premises and events. The processing of this data is necessary for the fulfillment of our orders.
We only store your data for as long as is necessary for the fulfillment of our tasks in compliance with legal retention periods. Your data will be deleted after expiry of the obligation to retain data.
The legal basis for the processing of this data is Art. 6 para. 1 p. 1 b) DSGVO, if it is in connection with pre- and contractual measures and Art. 6 para. 1 p. 1 f) DSGVO, if it is in our legitimate interest.
When you use our website, we offer you the opportunity to create a user account to serve various purposes such as placing orders in our online shop or booking courts at the SoccArena. This saves you having to enter your data anew when making subsequent purchases or bookings. An account is created subject to your consent and entails our processing your data, with point (a) sentence 1 of Art. 6 (1) GDPR as the legal basis for this. Your booking data shall be automatically erased after two years. Your user account shall be automatically erased following two years of inactivity.
You may voluntarily provide us with data which is additional to the personal data required for the conclusion and performance of a contract within the meaning of point (b) sentence 1 Art. 6 (1) GDPR (e.g. form of address, first name and family name, address, e-mail address, if applicable also username and invoicing and payment data); all mandatory information is marked with an *. In the case of company bookings, we shall process your name and your contact details on the basis of our legitimate interest pursuant to point (f) sentence 1 of Art. 6 (1) GDPR.
In addition to the data stipulated above, we process information such as the time of registration and the time of login for our user accounts. This occurs on the basis of the statutory requirements (point [c] sentence 1 of Art. 6  GDPR) and to optimize our services in accordance with our legitimate interests (point [f] sentence 1 of Art. 6  GDPR).
You may alternatively place orders in our Olympiapark online shop using a guest account. In this case, you must enter the necessary data anew when placing subsequent orders. We use service providers for payment processing who are themselves controllers from a data protection perspective and who accordingly attend to the security of the payment services they provide. The terms and conditions of business and the data privacy policies of the following payment service providers additionally apply:
We process your data in the course of the application process in order to select suitable candidates. The legal basis for this data processing is the taking of steps prior to entering into a contract in accordance with point (b) Art. 6 (1) GDPR in conjunction with Section 26 of the Federal Data Protection Act (BDSG). Your data shall be shared internally with the managers involved in making recruitment decisions regarding the vacancies in question and, if applicable, with the employee representative, the gender equality officer, and the disabled persons representative. It shall not be passed on to third parties or third countries. Your data shall be erased at the latest six months after conclusion of the application process. Retention of data during these periods is necessary for legal reasons in the event of any lawsuits (in particular the assertion of claims on the basis of the General Act on Equal Treatment [AGG]). Data collection is required in order for a contract to be concluded by and between you and us. If you request that your application data be deleted during the application process, this shall be interpreted as a retraction of your application.
When you contact us (for example, via a contact form or by e-mail), we shall process your details in order to process your inquiry and to address any follow-up questions which may arise.
If data is processed to take steps at your request prior to entering into a contract or, if you are already a customer, for performance of the contract, the legal basis for this data processing is point (b) sentence 1 of Art. 6 (1) GDPR.
We shall only process other personal data if you give your consent to this (point [a] sentence 1 of Art. 6  GDPR) or if we have a legitimate interest in your data being processed (point [f] sentence 1 of Art. 6  GDPR). Our responding to your e-mail is an example of a legitimate interest.
We are legally obligated to collect the contact details of one person from each household which visits an Olympiapark facility. Purpose of processing, legal basis, legal obligation to collect data: guaranteeing the effective traceability of infections; we are obligated to collect contact details pursuant to point (c) of Art. 6 (1) GDPR in conjunction with Section 6 of the Sixth Bavarian Infection Protection Measures Ordinance (BayIfSMV) as well as the hygiene concepts of the Olympiapark facilities:
Recipient of the contact details collected: the contact details must be submitted to the competent authority (health authority) upon request insofar as this is necessary in order to track potential infection pathways.
The contact details are stored for a period of one month, after which they are erased.
Unless specified otherwise, we shall only log your personal data for as long as is necessary for the fulfillment of the purposes pursued. The law prescribes the retention of personal data in certain instances, for example in relation to tax law and commercial law. In these instances, the data continues to be stored by us solely for these statutory purposes and is not processed in any other way and is erased upon expiration of the statutory retention period.
In accordance with the GDPR, you have various rights as the user of our Internet services. These relate in particular to Art. 15 to 18 and 21 GDPR:
Pursuant to Art. 15 GDPR, you may demand access to your personal data which is processed by us. You should be precise in your application for access in order to facilitate our gathering of the necessary data. Please note that your right of access may be limited under certain circumstances subject to legal provisions (in particular Section 34 BDSG).
If the information relating to you is not or is no longer accurate, you may demand that this be rectified pursuant to Art. 16 GDPR. If your data is incomplete, you may demand that it be completed.
In accordance with the conditions of Art. 17 GDPR, you can demand that your personal data be erased. Your entitlement to data erasure depends among other things on whether the information related to you is still needed by us for the fulfillment of our statutory duties.
The provisions of Art. 18 GDPR afford you the right to demand that processing of the data related to you be restricted.
In accordance with Art. 21 GDPR, you have the right to object anytime to your personal data being processed on grounds relating to your particular situation. We cannot, however, always comply with such a demand, for example if legislation obligates us to process data in order to fulfill our official duties.
If you are of the opinion that we have failed to comply with data protection regulations in the processing of your data, you have the right to lodge a complaint with the Bavarian Data Protection Commissioner (Bavarian DPC), Wagmüllerstrasse 18, 80538 München, phone: +49-89-212-6720, Internet: www.datenschutz-bayern.de.
You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you. No automated decision-making is effected on the basis of the personal data collected.
We make every effort to ensure that your data is secure in line with the applicable data protection laws and the technical possibilities.
Your personal data is encrypted when transmitted by us. This applies both to orders placed and customer logins. While we use state-of-the-art, secure transfer protocols, please bear in mind that online data transmission (e.g. e-mail communication) can entail security vulnerabilities and that data cannot be fully protected against third-party access. We employ technical and organizational safeguards to secure your data in accordance with Art. 32 GDPR and regularly bring these up to date.
Additionally, we offer no guarantee that our services will be available at certain times; malfunctions, disruptions, and downtimes cannot be ruled out. The servers we use are carefully backed up on a regular basis.
As a rule, we only use your personal data within our company. If and insofar as we engage third parties in the course of contractual performance (such as logistics service providers), these are provided with personal data only to the extent necessary for the service they provide.
In the event that we outsource parts of data processing (“commissioned processing”), we contractually obligate the processors to use personal data exclusively in accordance with data protection legislation and to guarantee the protection of the rights of data subjects. Data is not transferred to bodies or persons outside of the EU, nor are there plans for this to be the case.
Persons under the age of 16 may not submit personal data to us without the authorization of a parent or legal guardian. Likewise, we do not request information from them, collect information on them, or share information on them with third parties.
Our website also features the logos of social media service providers. These logos/icons serve as external links. No personal data is transferred to these service providers without these being clicked on. If the user clicks on one of these logos, they are redirected to the website of the service provider in question. Information on the processing of personal data can be found in the respective providers’ privacy policies:
a) Facebook: Facebook’s data policy can be found here: https://www.facebook.com/policy.php
b) Instagram: Instagram’s data policy can be found here: https://help.instagram.com/519522125107875
If you do not wish the above-mentioned social networks to process your personal data, please do not click on the logos/icons.
The data processing controller has incorporated YouTube components into this website. YouTube is an online video portal which allows video publishers to upload video clips free of charge and other users to view, rate, and comment on said videos, likewise free of charge. YouTube permits any kind of video to be published. Consequently, entire movies and TV shows, music videos, trailers, and clips made by the users themselves can be accessed via the online portal.
YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.
Whenever an individual page of this website run by the data processing controller and featuring an integrated YouTube component (YouTube video) is viewed, the Internet browser within the data subject’s information technology system is automatically prompted by the YouTube component to download a presentation of the YouTube component in question from YouTube. More information on YouTube can be found at https://www.youtube.com/intl/en-US/about/. In the course of this technical process, YouTube and Google learn which specific subpage of our website was visited by the data subject.
If the data subject is already logged in to YouTube, YouTube will recognize which specific subpage of our website the data subject has visited upon their viewing a subpage featuring a YouTube video. This information is gathered by YouTube and Google and is attributed to the data subject’s YouTube account.
YouTube and Google always receive notification of the data subject having visited our website from the YouTube component if the data subject is already logged in to YouTube at the time of visiting our website; this occurs irrespective of whether the data subject clicks on a YouTube video or not. If the data subject does not wish this information to be divulged to YouTube and Google, they can prevent this data transfer by logging out of their YouTube account prior to visiting our website.
If you still have questions or concerns regarding data protection, please contact our Data Protection Officer, either by mail or electronically: Olympiapark München GmbH, f.a.o. Data Protection Officer, Spiridon-Louis-Ring 21, 80809 München, firstname.lastname@example.org.
Last updated: 07.10.2020