Phone: 06205-950 0
Fax: 06205-950 199
EXTERNAL DATA PROTECTION OFFICER
Neustadter Str. 5
Personal data are individual details about the personal or material circumstances of an identified or identifiable natural person. This covers information such as your name, address, telephone number and date of birth. We collect, process and use your personal data only for the purposes for which you provide them to us. The personal data that you transfer to us will not be passed on to third parties without your consent. Exceptions are cases in which we are obliged to release data on the basis of mandatory statutory regulations.
Every web server automatically registers access to websites. When you visit our homepage, our webserver temporarily stores each instance in a logfile (server logfiles). The following data are recorded and stored until such time as they are erased automatically:
- IP address of the accessing computer
- Date and time of access
- Name and URL of the file accessed
- Data volume transmitted
- Notification of whether access was successful
- Identification data of the browser and operating system used
- Website from which access originates
- Name of your Internet service provider
Processing of these data facilitates your use of the website (establishment of a connection) and is used for system security, technical administration of the network infrastructure and optimisation of the website.
By default, our web server is configured to erase the logfiles automatically every 14 days. However, we reserve the right temporarily to extend the storage period for logfiles (manually) or individual IP addresses (manually or automatically) if this is necessary for legitimate reasons of security.
The recipient of the data is our web hosting provider. No data is transferred to third countries. The basis for the temporary storage of data and logfiles is Art. 6 (1) point (f) GDPR.
ONLINE BOOKING PROCESS & REGISTRATION
We offer users of our website the option to register by providing their data. The data are entered on an input screen and transmitted to and saved by us. Recipients of the data are internal departments and commissioned data processors pursuant to Art. 28 GDPR.
The following data are collected in the course of the registration process:
- data required to book tickets and driving experiences or to purchase fan items (e.g. name, address, contact details, billing address, bank details, etc.)
- data required for accreditation in the media area (services for journalists and photographers) (e.g. name, address, contact details, etc.)
- The consent of the user to processing of this data is obtained in the course of the registration process. The legal basis for processing the data is the provision of the user’s consent in accordance with Art. 6 (1) point (a) GDPR.
If the aim of registration is to conclude a contract with the user as one of the contracting parties or to take steps prior to entering into a contract, the additional legal basis for processing is Art. 6 (1) point (b) GDPR.
Registration of the user is necessary to fulfil a contract with the user or to take steps prior to entering into a contract.
We are obliged on the basis of mandatory regulations of commercial and tax law to retain your address, payment and order data for a period of ten years. Two years after the contract comes to an end, we impose a restriction on processing and reduce it to the level that complies with the applicable statutory obligations.
You can contact us via the email addresses provided by us. In this case, the personal details of the user transmitted with the email are stored. No data are transferred to third parties in this connection. The data are used exclusively to process the conversation.
The legal basis for processing the data connected with sending an email is Art. 6 (1) point (f) GDPR. If the aim of the email contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) point (b) GDPR.
The data are erased as soon as they are no longer required to achieve the purpose of their collection. For personal data that are sent with the email, this is the case when the conversation with the user has ended. The conversation has ended when the circumstances indicate that the issue involved has been resolved conclusively. If you send us queries via the contact form, your details, including the contact data you provide there, are stored by us for the purpose of processing the query and in case there are any follow-up questions.
We use the data for the purposes specified in your consent and store them for the statutory retention period. The only other use of the data from the contact form is in anonymised form for statistical purposes (e.g. number of queries, success rate for queries, etc.).
PAYMENT SERVICE PROVIDERS
External payment service providers are used to fulfil contracts for the purchase of vouchers, tickets and fan items and for completion of the booking process, in accordance with Art. 6 (1) point (b) GDPR.
At the same time, our legitimate interest pursuant to Art. 6 (1) point (f) GDPR lies in offering our visitors a wide variety of secure payment options.
As a matter of principle, your personal data are passed on only insofar as is necessary to process the contract. For payment processing, in particular, we pass on the payment data required to the financial institution appointed to make the payment or to any payment and billing service provider commissioned by us.
You can find further information about the relevant data protection provisions at:
American Express (https://www.americanexpress.com/uk/legal/online-privacy-statement.html)
The data required to process the payment are transferred securely via the “SSL” process and are processed exclusively to carry out the payment. We erase the data collected in this connection when we no longer need to store it or we restrict its processing if statutory retention obligations apply.
You have the right to obtain from the controller confirmation as to whether personal data concerning you are being processed. If this is the case, you have a right to information about this personal data and to the details specified in Art. 15 GDPR.
You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and the completion of any incomplete personal data (Art. 16 GDPR).
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay if one of the grounds specified in Art. 17 GDPR applies, e.g. if the data are no longer required for the purposes pursued (right to erasure).
You also have the right to obtain from the controller restriction of processing where one of the conditions listed in Art. 18 GDPR applies, e.g. you have objected to processing, pending verification by the controller.
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6 (1) GDPR. The controller shall no longer process the personal data unless the controller can demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is for the establishment, exercise or defence of legal claims (Art. 21 GDPR).
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Art. 77 GDPR). The data subject can exercise this right with a supervisory authority in the Member State of his or her habitual residence, place of work or place of the alleged infringement. The responsible supervisory authority is in Baden-Württemberg:
The Regional Data Protection and Freedom of Information Officer
Dr. Stefan Brink
PO Box 10 29 32
Phone: 07 11/61 55 41-0
Fax: 07 11/61 55 41-15
You can contact us in this connection, and on any other matter relating to data protection, at the address given in the Legal Notice. Alternatively, our data protection coordinator is at your disposal for any issues relating to protection of your rights (email@example.com).