Misc

Privacy Policy

When it comes to football and data protection: fairness first!

The protection and security of your personal data is of the utmost importance to the Deutscher Fußball-Bund e.V. and DFB GmbH & Co. KG (hereinafter together the “DFB”). To ensure that you can feel safe with us when it comes to data protection, the DFB and its contracted service providers use your personal data in strict compliance with data protection regulations.

It is only fair that you know at all times which personal data is collected during your visit to our online services and when you use our services and offers, and how we use it afterwards. The following information is intended to provide you with this information and also to inform you how we protect your personal data from manipulation, loss, destruction or misuse.

If you have any further questions about data protection, please feel free to contact the DFB data protection officers by e-mail.

1. Identity and the contact details of the controller

Responsible for the processing of personal data are respectively the

DFB e.V., DFB-Campus, Kennedyallee 274, 60596 Frankfurt am Main, represented by the President Bernd Neuendorf and the treasurer Stephan Grunwald, info@dfb.de, Telefon: 069-67 88 0, Telefax: 069-67 88 266

or the

DFB GmbH & Co. KG, DFB-Campus, Kennedyallee 274, 60596 Frankfurt am Main, the shareholder authorized to represent the company is the DFB-Verwaltungsgesellschaft mbH, DFB-Campus, Kennedyallee 274, 60596 Frankfurt am Main, represented by the managing directors Dr. Frank Biendara, Dr. Holger Blask, Manuel Hartmann, Telefon: 069-67 88 0, Telefax: 069-67 88 266

hereinafter referred to as the "DFB“.

The data protection officers of the DFB companies can be contacted at: datenschutz@dfb.de

2. Data processing when visiting our website

When visiting our website, the browser used on your terminal device automatically sends infor-mation to the server of our website. We process your IP address and the information transmitted by your browser (type of browser used, operating system used) to deliver the data you have requested. In addition, this information is temporarily stored in a log file. The following information is recorded and stored until automated deletion:

  • Date/Time of access,
  • IP-Address,
  • Referrer-URL,
  • Request type,
  • Browser type/version
  • Session ID,
  • URL,
  • Response Code.

The collection of data for the provision of online services and the storage of data in log files is mandatory for the operation of our website. The temporary storage of the IP address by the system is necessary to enable the delivery of the Internet pages to your respective terminal device. The storage in log files takes place to ensure the functionality of the website. A comfortable use of our online services shall be guaranteed to you. In addition, the data is used to ensure the security and stability of our information technology systems as well as for other administrative purposes. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest arises from the aforementioned purposes of data collection.

3. Data processing while using "DFB Play"

We make our streaming platform DFB Play available to you. Users of DFB Play can watch current DFB matches live or recorded. In order for us to be able to offer the stream, we need to process personal data

  • Device ID
  • IP-Address
  • Connection type HTTP (is secured)
  • Stream name/details
  • Stream duration
  • Player/Stream ID

The legal basis on which we collect and use personal data described in this Privacy Policy depends on the personal data concerned and the specific context in which we collect and use it. Normally, we will collect personal data from you when we need it to perform a contract with you (for example, to provide you with our service) Art. 6 para. 1 lit. b GDPR, when the processing is based on our legitimate interest and is not overridden by your data protection interests or fundamental rights and freedoms (for example, our direct marketing activities according to your preferences) or when we have your consent for those activities.

4. Queries and Forms

In order to organize, conduct surveys, and carry out our activities, it is sometimes necessary to register in advance or to submit certain information. For this purpose, we use the offer of Microsoft Forms ("MS Forms"). The data is processed exclusively for the purposes specified in the form/survey. The Data processing is based on consent pursuant to Art. 6 (1) p. 1 lit. a GDPR or for the performance of a contract pursuant to Art. 6 (1) p. 1 lit. b GDPR.

The following data is collected in the course of conducting the survey:

  • Feedback on the survey/form
  • Date and time
  • User IDs and associated data (if logged in)
  • Technical log data and logs (including audit logs).

The user IDs and technical data are not evaluated for the surveys, nor are the answers assigned to an individual person. The data can only be viewed by the administrators of the DFB and not by the creators of the surveys. When the Microsoft form is submitted, the data provided in the surveys may be processed by Microsoft in the US. In order to ensure an appropriate level of protection for the transfer of personal data to the US, we have concluded a so-called order processing agreement with the service provider. Data processing should be carried out as far as possible exclusively in the EU area. Since there is nevertheless the theoretical possibility of access from a third country (here: US), so- called standard contractual clauses in accordance with the GDPR were concluded with the service provider. While Microsoft is also certified under the European Union-U.S. Data Privacy Framework, the SCC have been included for years as part of the standard contracts between Microsoft and its customers. They apply to all transfers from EU member states. In addition, Microsoft provides further guarantees to prevent unauthorized access wherever possible. For more information, see Microsoft's privacy policy. All data will be deleted when it is no longer required for the purposes for which it was collected or you have revoked your consent, unless the DFB is entitled or obliged by law to store it for a longer period.

5. Recipients of your personal data

A transfer of your personal data to third parties does only take place to service providers acting on our behalf and on our exclusive instructions, whom we have carefully selected (Art. 28 para. 1 GDPR) and with whom we have concluded a corresponding contract for order processing (Art. 28 para. 3 GDPR), which obliges our contractor, among other things, to implement appropriate safety measures and grants us comprehensive control powers.

Further exceptions may apply if:

  • you have given your explicit consent to this pursuant to Art. 6 para. 1 lit. a GDPR,
  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  • in the event that there is a legal obligation to pass on the data pursuant to Art. 6 para. 1 lit. c GDPR,
  • it is legally permissible and necessary for the execution of contractual relationships with you pursuant to Art. 6 para. 1 lit. b GDPR.

6. Use of cookies

Our websites use a variety of technologies to provide you with an optimal user experience, in particular cookies, scripts and embedded content (hereinafter: technologies). We use cookies on our website, to provide our services to you. Cookies are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device and do not contain viruses, Trojans or other malware. Information in connection with the specifically used terminal device is stored in the cookie. This does not mean, however, that we will necessarily become aware of your identity. The use of cookies serves on the one hand to make the use of our offer more pleasant and more functional for you. We use so-called session cookies, for example, to keep track of any information that is stored for that session. These are automatically deleted after leaving our site.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your terminal for a specific period of time. If you visit our site again to make use of our services, it is automatically recognised that you have already been with us and which entries and settings you have made so that you do not have to enter them again. We use these cookies on the basis of Art. 6 para. 1 lit. a GDPR.

The aforementioned technologies have various functions. Many technologies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other technologies are used to evaluate user behaviour or display advertising. Technically necessary technologies are stored on the basis of Art. 6 para. 1 lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in the use of these technologies for the technically error-free and optimised provision of its services.

Consent (Art. 6 para. 1 lit. a DSGVO) is obtained for technologies that are not technically necessary. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent. The consent can be revoked at any time with effect for the future. Further information on cookie consent can be found in chapter 6.1.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited. You can find out about this option for the most commonly used browsers via the following links:

6.1 Consent Manager: Usercentrics

This website uses the Consent Management Platform (CMP) from Usercentrics to enable data protection-compliant use of certain cookies, scripts or embedded content. In particular, various technologies can be integrated via Usercentrics and managed on the basis of a legitimate interest or consent. Information on the technologies used on our websites can also be integrated via Usercentrics.

The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").

When you enter our website, the following personal data is transferred to Usercentrics:

  • Your consent(s) or revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your terminal device
  • Time of your visit to the website

7. Web analytics

We use various web analytics services, which use cookies, to statistically record the use of our website, to evaluate it for the purpose of optimization and to further develop our web-based offers. In this respect, the processing of these cookies is covered by your consent Art. 6 Para. 1 lit. a GDPR.

a) Google Analytics

This website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The purpose of our use of the tool is to enable the analysis of your user interactions on websites and in apps and to use the statistics and reports obtained to improve our offer and make it more interesting for you as a user.

We collect the interactions between you as a user of the website and our website primarily with the help of cookies, device/browser data, IP addresses and website or app activities. Google Analytics also collects your IP addresses to ensure the security of the service and to provide us as the website operator with information about the country, region or location from which the respective user originates (so-called "IP location determination"). For your protection, however, we naturally use the anonymization function ("IP masking"), i.e. that Google truncates the IP addresses by the last octet within the EU/EEA.

Google acts as an order processor and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are usually transferred to a Google server in the USA and processed there. For these cases, Google has, according to its own information, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws in the international transfer of data. We have also agreed to so-called standard contractual clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.

The legal basis for the collection and further processing of the information (which takes place for a maximum of 14 months) is your given consent (Art. 6 para. 1 lit. a GDPR). The revocation of your consent is possible at any time without affecting the permissibility of the processing until the revocation. In apps, you can reset the advertising ID under the Android or iOS settings. The easiest way to revoke your consent is via our Consent Manager or by installing the Google browser add-on, which can be accessed via the following link: tools.google.com/dlpage/gaoptout?hl=en/.

For more information on the scope of services provided by Google Analytics, please visit marketingplatform.google.com/about/analytics/terms/en. Google provides information on data processing when using Google Analytics at the following link: support.google.com/analytics/answer/6004245?hl=en/. General information on data processing, which according to Google should also apply to Google Analytics, can be found in Google's privacy policy at www.google.de/intl/de/policies/privacy/.

b) Adobe Analytics

We use the web analytics service Adobe Analytics to analyze and regularly improve the use of our website and to make it more interesting for you as a user. We perform reach analyses, a performance measurement of our online marketing measures as well as test procedures, e.g. to test and optimize different versions of our online offer or its components.

The collected data is stored and analyzed pseudonymously. Cookies are stored on your computer for this analysis. This website uses Adobe Analytics with the settings "Before Geo-Lookup: Replace visitor's last IP octet with 0" and "Obfuscate IP-Removed", which shortens your IP address by the last octet and replaces it with a generic IP address, i.e. one that can no longer be assigned. A personal reference can thus be ruled out. The legal basis for the use of Adobe Analytics is Art. 6 para. 1 lit. a GDPR.

The information collected in this way is stored on Adobe servers, including in the USA. For these cases, Adobe has, according to its own statements, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws in the international transfer of data. We have also agreed to so-called standard data protection clauses with Adobe, the purpose of which is to maintain an adequate level of data protection in the third country. You may revoke your consent at any time without affecting the permissibility of the processing until revocation. The easiest way to revoke your consent is to use our Consent Manager or to click the "Unsubscribe" button at www.adobe.com/de/privacy/opt-out.html.

Third-party vendor information: Adobe Systems Software Ireland Limited, Ireland, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland; privacy@adobe.com; privacy notice: www.adobe.com/de/privacy/policy.html.

8. Data subject’s rights and right to lodge a complaint

As data subject, you have the right to,

  1. request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the purposes of the processing, the cat-egories of personal data, the categories of recipients to whom your data has been or will be transferred, the planned period for which personal data will be stored, the existence of a right of rectification, erasure, restriction of processing or objection, the existence of a right of lodge a complaint with a supervisory authority, the origin of your data, unless it has been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details;
  2. in accordance with Art. 16 GDPR, to immediately request the rectification of inaccurate or in-complete personal data stored by us;
  3. to demand the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right to freedom of expression and in-formation, for compliance with a legal obligation, for reasons of public interest in the area of public health or for the establishment, exercise or defence of legal claims;
  4. to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the accuracy of the personal data is contested by you, the processing is unlawful but you oppose the erasure, if we no longer need the data but you need it for the establishment, exercise or defence of legal claims, or if you objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject;
  5. in accordance with Art. 20 DSGVO, to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request the transfer to another data controller, and
  6. to lodge a complaint with a supervisory authority pursuant to Art. 77 DSGVO. In general, you can contact the supervisory authority of your usual place of residence or place of work or our place of business. The supervisory authority responsible for our registered office is the Hessian Commissioner for Data Protection and Freedom of Information, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany.

To exercise your rights as a data subject, simply send an e-mail to datenschutz@dfb.de.

9. Right of withdrawal in the case of processing on the basis of consent

If your personal data is processed on the basis of a consent pursuant to Art. 6 para. 1 lit. a) GDPR, you have the right at any time to revoke your consent without giving reasons. As a result, we may no longer continue the data processing based on this consent in the future. However, the revocation of your consent does not affect the lawfulness of the processing which took place on the basis of your consent up to the time of revocation.

If you would like to exercise your right of withdrawal, simply send an e-mail to datenschutz@dfb.de.

10. Right to object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR if there are reasons for doing so which arise from your particular situation. If your objection is di-rected against direct advertising, you have a general right of objection; a justification is not necessary in these cases.

If you would like to exercise your right to object, simply send an e-mail to datenschutz@dfb.de.

11. Data security

We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. In general, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognise whether a page of our website is transmitted in encrypted form by the closed lock symbol in the lower status bar of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. We continuously adapt our security measures in line with technological developments.

12. Actuality and updates of this data protection declaration

This data protection declaration is dated September 2022 and may be amended as a result of further development of our website and offers or due to changes in legal or official requirements. You can print out the current data protection declaration as shown on this webpage at any time.