Data Protection Notice and Cookies

The following information shall inform users of our website about how we process personal data. These information serve us to comply with our duties imposed under the General Data Protection Regulation (GDPR). Personal data means any information relating to you by which you can be identified, directly or indirectly.

1. Who is accountable for the use of my data?

The
Bertelsmann SE & Co. KGaA
Carl-Bertelsmann-Straße 270
33311 Gütersloh
E-mail: info@bertelsmann.de
Tel: +49 (0) 5241-80-0
Fax: +49 (0) 5241-80-62321

The above indicated company is accountable for the use of personal data on this website. Every processing of personal data on this website is conducted in compliance with the GDPR as well as possibly applicable other legislation.


You can contact the company by the means indicated above and by reference of your query. Where you want to contact the responsible data protection officer directly, add “Attention Data Protection Officer” to the address.

2. What data are concerned?

If you browse our websites by your PC certain information are collected simply for technical reasons of data flows (technical data). These technical data contain server log files, infor-mation about your browser (type, version and information of access status – success or fail), operating system, your internet service provider and your IP address, date and time of the access and from where you accessed the website (prior website or search engine). Save the IP address these information do not allow an identification of you. Where the IP address is used, we comply with the provisions of the GDPR.


If you use features of our website, a pseudonymized user profile will be created and, where you provide information by your use (e.g. search words, log in data, ratings, contract details, clicks, etc.), such data will be collected.  


Some services require the provision of personal data. In these situations the respective ser-vice requested by you will be the leading purpose of our use of your data (Newsletter, member zone).

3. Which cookies are used?

This website uses cookies. Cookies are small text files which are stored on your computer when you browse our website. Upon revisit and as well during your stay on our website, the cookie enables us to (re-)identify you. Depending on the nature of the cookie, they can be persistent or non-persistent, what means they are in case of the former deleted as soon as you close your browser or, in case of the latter, remain stored even after closing your browser. All cookies have an expiration date, after which they will stop responding to browser requests and, depending on your settings, will be deleted. You can also steer how cookies are treated on your computer by adjusting the settings of your internet browser. Please note, however, that if you disable all cookies that way, you might not be able to use all our website features properly.  
In principle, cookies are only an online identification without personal reference. Cookies are personalized when other data is combined in addition to the information generated by the cookies. A distinction can be made between cookies, which are necessary for the provision of the website, and cookies, which are necessary for further purposes such as analysis of user behaviour or advertising.
In the following, we provide you with information about the cookies we use on our website.

·         Cookies used to identify or authenticate users;

·         Cookies that temporarily store certain user inputs (e.g. content of a shopping basket or an online form);

·         Cookies that store certain user preferences (e.g. search or language settings);

·         Cookies that store data to ensure the trouble-free playback of video or audio content.

Cookies, which are necessary for further purposes of the website, include the analysis cookies in order to record and statistically evaluate the usage behaviour of our users (e.g. clicked advertising banners, pages visited, search queries made).

4. Which data are used for which purpose?

The purposes for processing personal data can be found in technical, contractual, and obligations by law, as well as your consent.


We use the data listed above in sec. 2 for the following purposes:

provision of our website including measures to assure a undisturbed service, prevent fraud and hacking and to ensure the security of our systems.

to measure the geographical reach of our website, in order to streamline our technical support and the website operation.

to answer contact inquiries;

 

You can find further information about each used feature as well as the underlying purposes in the following sections.

4.1 Technical provision
4.1.1 Description and extent of the processing

For the provision of our website, including regular performance and security checks, server log files are stored as part of the information when our website is accessed. These log files contain the information and possibly personal data as indicated in section 2 above. Log files are used for the purposes of technical provision only and they are not merged with any other data. Part of the technical provision is a regular reviewing procedure that is designed to detect fraud, hacking and other forms of disruptive behavior.

4.1.2 Purposes and legal basis for the use of personal data

The legal basis for the use of server log files is to be found in Art. 6 sec. 1 lit. f GDPR. Our interest is the undisturbed, resilient and performant operation of our website.

4.1.3 Duration of storage

After accessing our website we store the server log files, including your IP address, for 7 days. Any analyses of these data are conducted only in case of a disruptive event involving these data.

4.1.4 Right to object

You are entitled to object the use of your personal data pursuant to Art. 21 GDPR on grounds that relate to your particular situation. If you want to exercise that right contact the Data Protection Officer via the means of contact indicated in section 1 above.

4.2 Contact form, E-mail or phone contact  
4.2.1 Description and extent of the processing

On our website you are offered different means to get in contact with us  If you use one of them, data affiliated with that means respectively (e.g. your E-mail address where you use the contact form or your phone number if you chose to call us) and of course your request will be recorded, so that we can provide you with a solution. Where this is necessary, some or all of the data collected under this clause can be transmitted to other entities, provided we need their support to answer your request.

4.2.2 Purposes and legal basis for the use of personal data

The legal basis for using data in this regard is to be found in Art. 6 sec. 1 lit. f GDPR. Our shared interest is that you receive an adequate answer. Hence, for the time necessary for this endeavor, there is no overriding interest that prevails and excludes the data processing. Where your contact is directed towards the conclusion of a contract, the processing is based on Art. 6 sec. 1 lit. b GDPR instead.

4.2.3 Duration of storage

After responding to your request and the end of possibly further communication, your information provided for the purpose of the query will be erased unless your query was directed towards the conclusion of a contract or where you contacted us in order to exercise one of your data subjects rights. In that situation we will keep records as long as necessary for the performance of a contract or as long as we have to demonstrate our compliance with your request for your rights.

 

4.2.4 Right to object

You are entitled to object the use of your personal data pursuant to Art. 21 GDPR on grounds that relate to your particular situation. If you want to exercise that right contact the Data Protection Officer via the means of contact indicated in section 1 above. Where you object the use of your data, we might not be able to respond to your request anymore, unless it is necessary for the performance of a contract or you want to exercise one of your rights.

 

4.3 Webtracking

Our website uses features to measure and evaluate user behavior and interaction. These features will utilize your access data (see section 2 above) and analyze your interactions with our website by means of tracking cookies (see section 3 above). This kind of analysis does usually not require personal data. Your IP address will therefore be shortened for the last octet what leads to anonymous user profiles which will not be combined with other data we store. Identifiable user profiles will only be created if you have consented to it.

Web tracking is usually conducted by involvement of external providers (Processors). With such processors we have concluded data processing agreements; contracts, which strictly bind them to our instructions and oblige them to process the collected data on our behalf and in a substantially limited way only. Where such a Processor is established outside of the EU, there might occur a so-called third country transfer. This is lawful, if the Processor offers an adequate level of data protection, which can be achieved by different means (additional safeguards). We ensure that every Processor provides at the time of his involvement such a level. Which additional safeguard is applicable respectively, is indicated below.

4.3.1 Matomo

This website uses Matomo. Provider of Matomo is die InnoCraft LtD, 150 Willis St, 6011 Wellington, New Zealand. Matomo’s software is designed in a way that it only creates pseudonymous user profiles, by deleting the last octet of your IP address. These non-personal user profiles will be subject to analysis and evaluation but they are stored locally on servers of the Controller, without any transfer to InnoCraft Ltd. InnoCraft Ltd is contractually obliged not to merge these profiles with any data they might possibly hold from other instances.

Matomo analysis cookies will be placed if you access our website and have by design an expiration date of six months, if not manually deleted earlier.

You can find more information on the data processing by Matomo in their Data Protection Statement: matomo.org/privacy/

 

 

4.3.2 Purposes and legal basis

The legal basis for the creation and utilization of pseudonymous user profiles Art. 6 sec. 1 lit. f – the legitimate interest. Our legitimate interest in creating such profiles is to increase the success of our website, measure its geographical scope and develop a better understanding of our audience. Where user profiles are capable of identifying a natural person, the legal basis is the consent of that person, Art. 6 sec. 1 lit. a, otherwise such profiles will not be created.

4.3.3 Duration of storage

Data collected by use of web tracking tools will be stored in pseudonymous form. You can object the collection with effect for the future. Where profiles do identify a natural person the duration of storage is determined by the continued existence of a valid consent. After withdrawal the data will be deleted or anonymized.

4.3.4 Right to object

You can object to the use of web tracking tools such as Matomo and their collection of personal data by adjusting your browser settings accordingly, and/or using the following link to deactivate the tools respectively:

·         Matomo: https://matomo.org/docs/privacy/#step-3-include-a-web-analytics-opt-out-feature-on-your-site-using-an-iframe

4.4. Inquiries to local health contact persons through the website

4.4.1. Process Description

To access information about local, regional and national health services quickly and easily, a network of local contact persons is available. These contact persons are specially trained on the content of available sport, exercise and health programming, as well as in related data protection obligations. For purposes of processing your inquiry, your communication data (name, email, telephone number or address) will be collected along with your request and any related data provided by you. The data you provide will not be given to any third parties unless the local contact person is legally obliged to do so. 

4.4.2. Purpose and Legal Basis of Data Processing

The legal basis for using data in this regard is to be found in Art. 6 sec. 1 lit. f GDPR. Our shared interest is that you receive an adequate answer. Our legitimate interest  lie in the transmission of information, communicating with you, and processing your request.

4.4.3. Duration of Data Storage

After responding to your request and the end of possibly further communication, your information provided for the purpose of the query will be erased unless there are legal retention periods to the contrary. These may result, for example, from the exercise of rights of affected persons

4.4.4. Right to object

You are entitled to object the use of your personal data pursuant to Art. 21 GDPR on grounds that relate to your particular situation. If you want to exercise that right contact the Data Protection Officer via the means of contact indicated in section 1 above. If you object, we can no longer communicate with you. Other rules apply if the storage of your contact data is necessary for the assertion of your rights as an affected party. 

5. Who obtains my data?

Within our company, only those departments will have access to your data who need them in order to fulfil the aforementioned purposes. This applies accordingly to any involved Processors, if any, who might process data on our behalf (e.g. hosting and operations, mail delivery, etc.). All our Processors are contractually bound to our instructions which adheres to the high standard of data protection set out under the GDPR.

Outside our company, to so-called third parties (e.g. advertisement consultants, lawyers, or other business providers), your data will be transferred only if this is mandatory from the law, based on a legal basis, or where you have consented.

6. Are my data transferred outside of the EU (Third country transfer)?

Through the use of Google Analytics in accordance with Section 4.3, third party transfers take place, as the data centers of Google Inc. are located outside the European Union or the European Economic Area ("EU or EEA"). Such a third country transfer may result in your data being transferred to a country that does not guarantee the same data protection standard as the EU or the EEA. Through certification according to the EU-US Privacy Shield, however, Google Inc. ensures that the European data protection level is guaranteed for the third country transfer. You may request a copy of these warranties under the contact details referred to in paragraph 1.

7. What are my rights?

You have all rights under Chapter III of the GDPR. They can be exercised towards every Controller handling your data. These rights are:

Right to access: You can request information about all data stored about you and how they are processed by the accountable Controller.

Rectification: You can request rectification, where data concerning you are wrong or outdated.

Erasure and to be forgotten: You can request that the Controller deletes your data. Where a deletion is conducted, the Controller shall inform any recipient about that to whom the data have been disclosed (Right to be forgotten).

Restriction: You can request a restriction of the data for the reasons set out by GDPR.

Data Portability: Where the conditions of the law are met, you can request to receive a copy of your data in a structured, machine readable and commonly used format.

Object: You can object the processing of your data for reasons that relate to your particular situation, if the processing is based on Art. 6 sec. 1 lit. f – legitimate interests – GDPR.

If you have given us your consent for the processing of your data, you can at any time withdraw this consent with effect for the future. Please address your withdrawal to the attention of our Data Protection Officer indicated in Sec. 1 above.

Your rights also apply to the above indicated cookies.

You also have the option of contacting a data protection authority and lodging a complaint there. The authority responsible for the company is the

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Telefon: 0211/38424-0
Fax: 0211/38424-10
E-mail: poststelle@ldi.nrw.de

You can also contact the data protection authority responsible for your place of residence.

8. From where are my data collected?

All data processed by us for the purposes indicated above (see section 4) are directly collected from you. We hereby provide you with the mandatory information pursuant to Art. 13 GDPR. We do not merge these data with any information we might possibly hold from other instances.

9. Is there any automated decision-making (including profiling)?

For the purposes indicated in Section 4 above, we do not use automated decision making