Privacy policy

We are pleased about your visit to our website. We take the protection of your privacy in the collection, processing and use of your personal data in accordance with the statutory provisions, in particular the General Data Protection Regulation (GDPR), very seriously. On this page we have summarized for you how we intend to handle your personal data.

For reasons of better readability, the simultaneous use of masculine and feminine forms of speech has been dispensed with. All references to persons always refer to all genders.

 

Tabel of content:

  1. Controller
  2. What data we use when you visit our website and why
  3. Further Processing of Personal Data
  4. Integration of Media Plugins
  5. Usage of our Social Media Channels
  6. Storage Period
  7. Data Security
  8. Transfer of Data to Third Parties and to Non-EU Countries
  9. Children and Teenagers
  10. Data Protection Officer
  11. Your Rights as Data Subject

 

1. Controller

The controller of your personal data within the meaning of Art. 4 No. 7 GDPR is Olympiapark München GmbH, Spiridon-Louis-Ring 21, 80809 Munich, Germany, Managing Director Marion Schöne, Tel. 089/30 67-0, Fax 089/3067-2222 , E-Mail: info@olympiapark.de, AG München HRB 6971.

If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions, either in whole or for individual measures, you may address your objection to the person responsible.

 

2. What data we use when you visit our website and why

2.1 Hosting

The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating the website.

In doing so, we process contact data, content data, contract data, usage data, meta data and communication data of visitors to this website on the basis of our legitimate interests in an efficient and secure provision of our website pursuant to Art. 6 (1) p. 1 f) GDPR in conjunction with Art. 28 GDPR. All servers are located in Germany and Europe only.

We have commissioned SpaceNet AG, Joseph-Dollinger-Bogen 14, 80807 München (hereinafter referred to as “SpaceNet") for the hosting and technical provision of our website. We have concluded the data protection agreement with SpaceNet as a data processor in accordance with Art. 28 GDPR. According to this agreement, SpaceNet undertakes all measures to ensure the necessary protection of your data and to process it in accordance with the applicable data protection regulations exclusively on our behalf and in accordance with our instructions. Further information on SpaceNet can be found on the website: www.space.net 

 

2.2 Access data

We collect information about you when you use this website. We automatically collect information about your usage behavior and your interaction with us and process data about your computer or mobile device. We collect, store and use data about each access to our website in so-called server log files. The access data includes:

  • Name and URL of the retrieved file
  • Date and time of retrieval
  • Data volume transferred
  • Message about successful retrieval (HTTP response code)
  • Browser type and version
  • Operating system
  • Referrer URL (i.e. the previously visited page)
  • Websites that are called up by the user's system via our website
  • Internet service provider of the user
  • IP address and the requesting provider

We use this log data without assigning it to you personally for statistical evaluations for the purpose of operating, securing and optimizing our website, but also to anonymously record the number of visitors to our website (traffic) and the extent and type of use of our website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. This information allows us to provide personalized and location-based content and to analyze traffic, troubleshoot, and improve our services.

The data of the users collected are anonymized during the collection. Therefore, an assignment of the data to the calling user of the website is no longer possible. This anonymized data is not stored together with personal data of the users.

This is also our legitimate interest according to Art. 6 para. 1 p. 1 f) GDPR.

We reserve the right to subsequently review the log data if there is a justified suspicion of unlawful use based on concrete indications. We store IP addresses in the log files for a limited period of time (usually 14 days) if this is necessary for security purposes. We delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offense in connection with the use of our website.

 

2.3 Cookies

We use so-called session cookies to optimize our website. A session cookie is information that is sent by the respective servers when you visit a website and is temporarily stored by your browser on your hard drive. This information contains a so-called session ID, with which various requests of your browser can be assigned to the common session. These cookies are deleted after you close your browser. They are used, for example, to enable you to use the shopping cart function across multiple pages.

We also use persistent cookies (also information stored on your device), which remain on your device and allow us to recognize your browser the next time you visit. These cookies are stored on your hard drive and delete themselves after the specified time. Their lifespan is between one day and 14 months. This allows us to present our offer to you in a more user-friendly, effective and secure manner and, for example, to display information on the page that is specifically tailored to your interests.

Our legitimate interest in the use of cookies pursuant to Art 6 (1) p. 1 f) GDPR is to make our website more user-friendly, effective and secure. The following data and information are stored in the cookies:

  • Log-in information
  • Language settings
  • entered search terms
  • Information about the number of visits to our website and the use of individual functions of our website.

When the cookie is activated, it is assigned to an identification number. An assignment of your personal data to this identification number is not made. Your name, your IP address or similar data that would allow the cookie to be assigned to you are not stored in the cookie. Based on the cookie technology, we only receive pseudonymized information, for example, about which pages of our store were visited, which products were viewed, etc..

2.4. CookieBot Consent Management Platform

1. Description and scope of data processing

The website uses the tool Cookiebot of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter "Cookiebot") to provide a Consent Management Platform (in short: "CMP") or cookie banner, a system that manages the use of third-party, technical measures as well as cookies about granted or rejected consents.

 

2. Purpose and legal basis for data processing
The purpose of the data processing with Cookiebot is the provision as well as the administration of the consents granted by our website visitors in order to comply with a data protection compliant consent management. The use of Cookiebot is to provide evidence of consents given and not given as well as to manage the individual privacy settings of our website visitors. The processing is carried out for the purpose of obtaining the website visitor's consent, providing revocation and objection options, proving the consent granted and assigning the user to manage their individual data protection settings.

The use of a consent management platform and the management and storage of your consents to the processing of your personal data is based on our legal obligation to provide a website that complies with data protection requirements (Art. 6 (1) lit. c GDPR). The legal basis for the use of Cookiebot is also Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the legally compliant documentation and verifiability of consent as well as the control of our analysis campaigns based on your consent using specialised services and the associated technical implementation.

 

3. Possibility of objection and/or erasure

Browser settings

Cookies are stored on your terminal device and transmitted to us by it. Therefore, you as a user also have full control over the use of cookies. In principle, you can set your web browser so that no cookies are stored on your computer. To do this, you can deactivate the corresponding option in the system settings of your browser. However, some functions of our website may then not be usable.
Here you can find out about the setting options for the most commonly used browsers:

2.5 Web Analysis Through Matomo

We use the open source software tool Matomo on our website on the basis of Art. 6 (1) f) to analyze the surfing behavior of our users. This provides us with information about the use of the individual components of our website, which helps us to continuously improve our website and its user-friendliness. The software sets a cookie on the user's computer. If individual pages of our website are called viewed, the following data is stored in addition to the data mentioned in 3.2:

  • Two bytes of the IP address of the user's calling system.
  • The accessed website
  • The website from which the user has reached the website (referrer)
  • The subpages that are viewed
  • The time spent on the website
  • The frequency of access to the website

 

The software runs exclusively on the servers of our website. Personal data of the users is only stored there. By anonymizing the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.

The data will not be passed on to third parties.

The data is deleted as soon as it is no longer required for our recording purposes, at the latest after 180 days. Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. We offer our users the option of opting out of the analysis process on our website. To do this, you must follow the corresponding link. In this way, another cookie is set on their system, which signals to our system not to store the user's data. If the user deletes the corresponding cookie from their own system in the meantime, they must set the opt-out cookie again.

 

2.6 Sentry

We use the error analysis service "Sentry" from Functional Software Inc. dba Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105 USA on our website.

Sentry is used for the technical monitoring of the stability of our website and for the detection of programming errors on our website. This transmits data to the provider, e.g. your IP address, product and version information about the browser and operating system used (so-called user agent), the website from which your access took place (so-called referrer), the date and time of the request and possibly your Internet service provider, and data on the time of the error. The legal basis for the use of Sentry results from Art. 6 para. 1 f) GDPR. We have a legitimate interest in technical error analysis of our website that is not outweighed by the user's interest in privacy.

Functional Software Inc. fulfills the requirements of the "EU-U.S. Data Privacy Framework". The Privacy Framework Agreement regulates the protection of personal data that is transferred from a member state of the European Union to the USA. It ensures that the data transferred there is also subject to a level of data protection comparable to that of the European Union. You can access the list of certified companies here: https://www.dataprivacyframework.gov/s/participant-search.


You can find sentry's Data Privacy Addendum at https://sentry.io/legal/dpa/. Further information on data usage at Sentry can be found in the provider's privacy policy: https://sentry.io/privacy/.

 

3. Further Processing of Personal Data

3.1 Data for the fulfillment of our contractual duties

We process personal data that we need to fulfill our contractual obligations, such as name, address, e-mail address, ordered products/event services, billing and payment data. The collection of this data is necessary for the conclusion of the contract.

The deletion of the data takes place after the legal retention periods have expired. Data that is linked to a user account (see below) is retained for the duration of the management of this account.

The legal basis for the processing of this data is Art. 6 para. 1 p. 1 b) GDPR, because this data is needed so that we can fulfill our contractual obligations to you.

 

3.2 Data from Business Partners and Data that we Process within the Framework of Tenders

We process personal data that we consider to be in our legitimate business interest in order to fulfil our contract. This includes, for example, the obligations associated with our contract for awarding contracts and also the maintenance of other business relationships with business partners, such as suppliers and service providers. For this purpose, we process contact data such as e-mail addresses and telephone numbers, information about requested or ordered products and services. In some cases, we also process data of employees of our business partners, for example in order to be able to control access to our premises and events. The processing of this data is necessary for the fulfilment of our orders.
We only keep your data for as long as is necessary for the fulfilment of our tasks, taking into account statutory retention periods. After expiry of the retention period, your data will be deleted.
The legal basis for the processing of this data is Art. 6 para. 1 p. 1 b) GDPR, insofar as it is in connection with pre- and contractual measures, and Art. 6 para. 1 p. 1 f) GDPR, insofar as it is in our legitimate interest.

 

3.3 User Accounts

When using our website, we offer you the option of creating a user account for various purposes, such as ordering from our webshop or booking our SoccArena premises. This saves you having to re-enter your data for repeated purchases or bookings. The account is created with your consent, so we process your data on the legal basis of Art. 6 para. 1 p. 1 a) GDPR. Your booking data will be automatically deleted after two years. Your user account is automatically deleted after two years of inactivity.

In addition to the personal data required within the meaning of Art. 6 para. 1 p. 1 b) GDPR for the establishment and fulfilment of the contract (e.g. title, first and last name, address, e-mail address, if applicable also user names as well as billing and payment data), you can also provide us with further data on a voluntary basis; mandatory data is marked with * in each case. In the context of bookings by companies, we process your name and contact details on the basis of our legitimate interest, Art. 6 para. 1 p. 1 f) GDPR.

In addition to the data listed above, we process the time of registration and the time of login for our user accounts, for example. This is done due to legal requirements (Art. 6 para. 1 p. 1 c) GDPR) and to optimise our offer based on our legitimate interest, Art. 6 para. 1 p. 1 f) GDPR.

In our Olympiapark Webshop, you can also place orders via guest access. In this case, you will have to enter the data required for the order again for repeat orders.

For payment processing, we use service providers who, from a data protection perspective, are their own data controllers and take care of the security of the payment services provided by them accordingly. In addition, the General Terms and Conditions of Business and Data Protection of the following payment service providers apply:

 

  • If the credit card payment method is selected, the payment is made via Saferpay, an e-payment platform of SIX Payment Services (Europe) S.A., Theodor-Heuss-Allee 108, 60486 Frankfurt am Main.
  • If you select the payment method Sofortüberweisung, payment will be made via Klarna GmbH, Theresienhöhe 12, 80339 Munich.

 

3.4 Application Procedure

We process your data as part of the application process for the purpose of selecting suitable candidates. The legal basis for this data processing is the implementation of pre-contractual measures in accordance with Art. 6 para. 1 b) GDPR in conjunction with § 26 BDSG. Your data will be passed on internally to the managers involved in the decision to fill the respective positions, as well as to the staff representatives, the Equal Opportunities Officer and the representation of severely disabled persons, if applicable. Data will not be passed on to third parties or to third countries. Your data will be deleted no later than 6 months after the end of the application procedure. Retention within these time limits is necessary for legal reasons in the event of any legal action (especially possible assertion of claims under the General Equal Opportunities Act). The collection of the data is necessary for the conclusion of a contract between you and us. If you request the deletion of your application data during the application process, this will be considered as a withdrawal of your application.

 

3.5 E-mail Contact

If you contact us (e.g. via contact form or e-mail), we process your data to process the request and in case follow-up questions arise.

If the data processing is carried out for the implementation of pre-contractual measures, which are carried out upon your request, or, if you are already our customer, for the implementation of the contract, the legal basis for this data processing is Art. 6 para. 1 p. 1 b) GDPR.

We only process further personal data if you consent to this (Art. 6 para. 1 p. 1 a) GDPR) or we have a legitimate interest in processing your data (Art. 6 para. 1 p. 1 f) GDPR). A legitimate interest is, for example, to respond to your email that is not subject of contractual or precontractual measures.

 

3.6 Invitation management / participation in events

1. Description and scope of data processing

On our website and on selected invitations from Olympiapark München GmbH, you have the opportunity to register for one of our events (such as customer events, concerts, sporting events - hereinafter collectively referred to as "events"). We collect and process personal data if you also participate in our events. The scope of the personal data processed as well as which personal data is processed in each individual case may vary depending on the event. This includes the following data in particular:

  1. Your first name and surname;
  2. Your date of birth;
  3. Your contact details (e-mail address, telephone number);
  4. Your address data;
  5. if applicable, details of the company and details of your position;
  6. the fact of participation and the result of participation;
  7. correspondence about the event, if applicable.

Further details can be found in the conditions of participation of the respective event. The personal data processed by participants is also made transparent at each event. Mandatory (*) and voluntary information will be made clear in our forms when the data is collected.

We would like to point out that we use the data provided to us in connection with your registration for one of our events for direct advertising about similar products and events (in accordance with § 7 (3) UWG - Act against Unfair Competition). We send this information regardless of whether you have subscribed to one of our newsletters or not. A transfer of your provided data to third parties. If you do not wish to receive this information about similar products, you can object to this informally at any time using the contact details given above, without incurring any transmission costs. Alternatively, you can also use the unsubscribe link contained in every e-mail.

For the technical implementation of our invitation management, we currently work with Connfair GmbH, Brunnenweg 15, 64331 Weiterstadt, Germany (hereinafter "Connfair"), which processes the data provided as part of your registration for the event for us as a contractor within the meaning of Art. 28 GDPR, while complying with the necessary data security measures, and provides the software-as-a-service platform to us as the organiser for the implementation of the registration process, ticket purchase, communication with our event participants and for admission management as part of the event. The contractual relationship has been agreed.

Further information on Connfair - in particular on Connfair's data processing on the web forms provided by Connfair - can be found on the website https://connfair.com/impressum/ and at https://connfair.com/datenschutz/.

 

2. Legal basis and purpose for the data processing

If you participate in an event, you consent to us processing your provided data exclusively for the purpose of holding the event (Art. 6 (1) (a) GDPR). We process your data in connection with a specific event in order to be able to carry it out successfully (Art. 6 (1) (b) GDPR). Participation in such events is voluntary, but not possible without the processing of personal data. The legal basis for processing your e-mail address for the purpose of sending direct advertising is Art. 6 (1) (1) (f) GDPR in conjunction with § 7 (3) UWG.

 

3. Duration of the storage

The data is deleted from the system and the forms used are destroyed as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data provided to us for the event, this is the case when the respective event has ended and, in individual cases, legal retention periods have expired.

Unless there is a legal obligation to temporarily store data or you have explicitly consented to this, all personal data stored in connection with the event will be destroyed after the end of the participation phase.

 

4. Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. In the event of revocation of his or her data in the context of participation in an event, the revocation shall have the effect of terminating the service relationship entered. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time.

The revocation can be made at any time via the contact data in the imprint of the online presence, as well as under the following e-mail address dsb.extern@olympiapark.de. All personal data stored during the event will be deleted in this case.

 

4. Integration of Media Plugins

4.1 Integration of YouTube

1. Description and scope of data processing

Our website uses a plug-in from the provider YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA or Google Ireland Limited, Gordon House, 4 Barrow St, Dublin 4, Ireland (hereinafter YouTube or Google) to integrate videos.
The content of the plug-in is transmitted directly from YouTube to your browser through a connection to the YouTube servers, which then integrates it into the website. This transmits your visit to the website to YouTube.

We integrated the YouTube plugin using the no-cookie option. But if you are logged in to YouTube with your user account, YouTube can assign the information obtained to your respective account through the use of the plug-in. In this case, the information is transmitted to your personal user account at YouTube and stored there by YouTube.

Through the use of YouTube and your visit to our website, on which the plug-in for the integration of YouTube content is used, data (including date and time of your visit to our website, location information, URL of the accessed website, search terms) are generally collected, processed and stored. By calling up the YouTube video on our website, YouTube or Google can independently store cookies via your browser on your computer or mobile device. In addition, Google can store and evaluate your IP address and our website, as a starting point, via an interface. For more information on the processing of data by YouTube or Google, we refer to the privacy policy of Google. We have no influence on the data and data processing operations collected by YouTube, nor is the full extent of the data collection, the purposes of processing, the storage periods and the storage location known. There is also no information available on the deletion of the collected data by YouTube.

Further information and the applicable data protection provisions of the operator can be found at https://www.youtube.com/t/terms and https://policies.google.com/privacy?hl=en.      
In order to avoid an unauthorized and uncontrolled flow of data from the time you visit our website, we implement the integration of the plug-in with a so-called consent solution, i.e. YouTube and Google may only set cookies or receive information about your visit to our website if you have actively clicked on the plug-in to play the YouTube video or have consented to the display of YouTube videos via our cookie banner. By visiting our website without confirmation on your part by way of the consent solution, no data is transmitted to YouTube or Google.

 

2. Purpose and legal basis for the data processing

The legal basis for the processing of personal data is based on your consent in this regard by voluntarily using or clicking on the provided content or consent via the cookie banner provided by Cookiebot Art. 6 para. 1 p. 1 lit. a GDPR.

 

3. Possibility of objection and/or erasure

However, you can object to the collection, storage and use of information by YouTube or Google at any time with effect for the future by installing the deactivation add-on provided by Google or by adjusting your browser settings so that cookies cannot be stored.

You can revoke your consent to data processing by YouTube or Google via the cookie banner provided by us at any time for the future. By changing the check mark at YouTube under "Marketing" in the cookie banner, you prevent technical measures from being carried out and cookies from being set. The cookie settings can be accessed at any time via the link described under “Cookies” ("change consent") in the privacy policy.

 

4.2 Integration of Vimeo

1. Description and scope of data processing

Our website uses plug-ins from the provider Vimeo LLC, 555 West 18th Street, New York 10011 (hereinafter referred to as "Vimeo") to integrate videos. The content of the plug-in is transmitted directly from Vimeo to your browser through a connection to the Vimeo servers and integrated into the website by Vimeo.

If you are logged in to Vimeo with your user account, Vimeo can assign the information obtained to your account by using the plug-in. In this case, the information will be transmitted to your personal user account at Vimeo and stored there. Since Vimeo collects data in particular via cookies, we also recommend that you delete all cookies via the security settings of your browser.

By default, we have included our videos with the "Do-No-Track" setting. As a result, Vimeo cannot set third-party cookies via the plug-in on your device. We have no influence on the data collected by Vimeo and data processing operations, nor is the full scope of the data collection, the purposes of the processing, the storage periods and the storage location known. There is also no information available on the deletion of the collected data by the provider. Further information on the purpose and scope of data processing, as well as your rights in this regard and setting options for the protection of your privacy can be found in vimeo's terms of use and data protection at https://vimeo.com/privacy.

 

2. Purpose and legal basis for the data processing

The legal basis for the processing of personal data is based on your consent, in this regard by voluntarily using or clicking on the provided content or consent via the cookie banner (Art. 6 para. 1 p. 1 lit. a GDPR).

 

3. Possibility of objection and/or erasure

You can revoke your consent to data processing by Vimeo via the cookie banner provided by us at any time for the future. By changing the check mark at Vimeo under "Marketing" in the cookie banner, you prevent technical measures from being carried out. The cookie settings can be accessed at any time via the link described under “Cookies” ("change consent") in the privacy policy.

 

4.3 Integration of SoundCloud

1. Description and scope of data processing

Our website uses plugins of the SoundCloud social network (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, UK).

When you visit our site and consent to the use of SoundCloud, a direct connection between your browser and the SoundCloud server is established. This enables SoundCloud to receive information that you have visited our site from your IP address. This means that SoundCloud can associate visits to our pages with your user account when you are logged in into your SoundCloud account. We would like to point out that, as the provider of these pages, we have no knowledge of the content processed by SoundCloud. For more information on SoundCloud's privacy policy, please go to soundcloud.com/pages/privacy.

 

2. Purpose and legal basis for data processing

The legal basis for the processing of personal data is based on your consent, in this regard by voluntarily using or clicking on the provided content or consent via the cookie banner (Art. 6 para. 1 p. 1 lit. a GDPR).

 

3. Possibility of revocation, objection and elimination

You can revoke your consent to data processing by SoundCloud via the cookie banner provided by us at any time for the future. By changing the check mark at SoundCloud under "Marketing" in the cookie banner, you prevent technical measures from being carried out. The cookie settings can be accessed at any time via the link described under “Cookies” ("change consent") in the privacy policy.

 

5. Usage of our Social Media Channels

The logos of social media providers are displayed on our website. These logos or icons function as external links, so that no personal information is transmitted to one of these providers without clicking on one of the icons. If the user clicks on one of the logos, he or she will be redirected to the website of the respective provider. Infor