German version | Spanish version

Privacy Statement and Cookie Directive

for the official Bundesliga APP ("APP") of DFL Deutsche Fußball Liga GmbH, Guiollettstrasse 44-46, D-60325 Frankfurt am Main (the "DFL").

DFL processes and uses personal data which are collected and stored when installing and using the APP in compliance with the applicable data privacy provisions in the Federal Republic of Germany. This Privacy Statement and Cookie Directive (hereinafter together: the "Statement") sets out which data of the User is captured and how this information is processed and used.

 

1. Personal data

Personal data are all information which relate to an identified or identifiable natural person.  A natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, for example, the name, personalized email addresses, the residential address, the telephone number or the date of birth.

 

2. Data collection, processing and use during the installation and when accessing the APP, as well as with regard to system crashes and defects

2.1 Data collection, processing and use during the installation and when accessing the APP

The following data are automatically protocolled on the server of the DFL when installing the APP and each time the User later accesses the APP:

 

·         date and time of installation

·         date and time of access

·         name of accessed page

·         transferred data volume

·         access status (data file transferred, data file not found etc.)

·         recognition data for the used browser and operating system of the User's end device

·         name of the User's Internet service provider

 

The collection, processing and use of these data occur for the purpose of enabling the use of the APP, system security as well as technical administration of the network infrastructure. A comparison with other data sets or communication to third parties, including in excerpts, does not take place.

 

The legal basis for processing is Art. 6 para. 1 a) General Data Protection Regulation (“GDPR”) (consent).

 

2.2 Data collection, processing and use with regard to system crashes and defects

DFL uses Crashlytics, a service of Crashlytics Inc. (USA) („Crashlytics“) with ist APP. Crashlytics collects user data when using the APP on Android or iOS. Information about the end device, the installed version oft he APP and further helpful information for debugging, especially with regard to the User’s software and hardware are collected, processed and used. 

 

Further information are available in the data privacy statement of Crashlytics.

 

The legal basis for processing is Art. 6 para. 1 f) GDPR, whereby the authorization for DFL results from the fact that, in the first place, DFL has an interest in stabilizing the APP and in debugging. Secondly, a data subject can reasonably foresee that data might possibly be processed for this purpose at the time the personal data is collected and in light of the circumstances under which this occurs (especially the above-mentioned measures).

 

2.3 Data collection, processing and use in the context of web analysis

Additional reference is made to Clause 4 with regard to the collection, processing and use of data for the purposes of analyzing the use of the APP and its optimization through web analysis.

 

3. Authorizations, location data

The APP uses the respectively current GPS position of the User's end device (the „Location“) for the GEO blocking function of the videos. At the point in time when the User clicks on a video, the APP determines the countries in which the relevant video can be played and compares this to the current location of the User's end device. The APP then checks whether the video can be played in the country in which the User's end device is then located or whether this cannot occur due to legal reasons. The location data remain in the end device only for the duration of this examination and are then deleted; the location data are otherwise not stored or forwarded to a backend system.

 

In addition, the APP uses the geo location for the function “Locate Me“ under the tab in the APP “TV Partners“. This function “Locate Me“ is only carried out if the User clicks on the corresponding button. This function is also only used once at the time of the click in order to select the appropriate country from the list of countries. This information about the country is then locally stored in the User's end device as a setting until the User again changes this or deletes the APP. This occurs for the purpose of directly forwarding the User to the broadcaster with whom the User can watch the Bundesliga live with the User's end device in the country in which the User is then located. This information is not transmitted to the servers of DFL or to third parties. Aside from this, the location data and movement data of the User are not stored with this function.

 

The legal basis for processing is Art. 6 para. 1 f) GDPR, whereby the authorization for DFL results from the fact that, in the first place, DFL has an interest in complying with the agreements with the national and international licensees of the media rights of the matches of Bundesliga and Bundesliga 2. Secondly, a data subject can reasonably foresee that data might possibly be processed for this purpose at the time the personal data is collected and in light of the circumstances under which this occurs (especially the above-mentioned measures).

 

4. Data collection, processing and use in the context of web analysis

4.1 Google Analytics 

DFL also uses Google Analytics with its APP, a web analysis service provided by Google LLC (USA) (“Google“). Google Analytics uses cookies. Cookies are text data files which are stored on the User's end device and make it possible to analyze the use of the APP by its Users.

 

The information about the use of this APP by a User produced by the cookie is normally transmitted to a server of Google in the USA and stored there.

 

However, DFL has expanded Google Analytics with the code “gat._anonymizeIp();“ in order to assure anonymized collection of IP addresses (so-called IP masking). This means that the IP addresses of Users of Google are shortened within the Member States of the European Union or in other States which are a party to the Convention on the European Economic Area before the transmission to the USA. So, the full IP address is transmitted to a server of Google in the USA and shortened there only in exceptional situations. Google is a registered member of the EU-US Privacy Shield.

 

Upon request of DFL, Google will use this information in order to analyze the use of the APP by the Users for the purpose of compiling reports about the activity with the APP and to provide additional services to the DFL which are related to the use of the APP and Internet use. Google does not combine the IP address of a User's browser with other data under Google Analytics.

 

The User can prevent the storage of cookies with a corresponding setting on the User's browser software. The User can also prevent the collection by Google Analytics by opting-out below or in the settings sections of the APP. Opting-out prevents the future collection of the User's data when using the APP.

 

Tracking by Google Analytics [Opt Out in App]

However, the DFL hereby informs the User that in this case it is possible that the User cannot completely use all functions of this APP.

 

Further information about the terms and conditions of use and data protection are available in the Google Analytics Terms of Service and Google Analytics Overview

The legal basis for processing is Art. 6 para. 1 f) GDPR, whereby the authorization for DFL results from the fact that, in the first place, DFL has an interest in evaluating the APP data for purposes of its optimization. Secondly, a data subject can reasonably foresee that data might possibly be processed for this purpose at the time the personal data is collected and in light of the circumstances under which this occurs (especially the above-mentioned measures).

 

4.2 DoubleClick for Publishers (Small Business) for the insertion of online advertising

DFL uses DoubleClick for Publishers (Small Business) by Google to insert online advertising in the APP. This helps DFL to serve online advertisements to Users. DFL does only insert advertising marketed directly by DFL and no interest-related advertising of third party networks.

 

Google uses cookies which do not contain or store any personal data. Further information are available under the following link. The use of cookies by Google can be objected under the following link.

 

The legal basis for processing is Art. 6 para. 1 f) GDPR, whereby the authorization for DFL results from the fact that, DFL also wants to use its invest for operating the APP for direct advertising. The User - after weighing his reasonable expectations based on his relationship with the DFL as the APP operator - will not incur any particular disadvantages.

 

4.3 Other cookies

Other cookies are not set.

 

5. Sharing of content

DFL provides users of the APP with the opportunity to share the APP's content. The legal basis for the following processings is Art. 6 para. 1 a) GDPR (consent).

5.1 Use of social media platforms Facebook, Twitter, Google+ and WhatsApp

Users can share the APP’s content on social media services provided by Facebook, Twitter, Google+ and WhatsApp.

 

The use of these plugins will normally result in the transfer of data to Facebook, Twitter, Google+ or WhatsApp with each content visited, without the user's explicit permission. Along with the web address of the content visited, an identifier will also be transmitted which enables a direct connection to be made between the User and his/her profile on the respective platform. The platform operators do not pass on any specific details pertaining to what other data is transmitted. The platform providers are moreover constantly developing their services and make available information as to how the accompanying data is used. The currently valid data protection regulations of the platform providers can be found here: Facebook, Twitter, Google+ and WhatsApp.

In order to prevent any unwanted transmission of Users' data to Facebook, Twitter, Google+ and WhatsApp and to give Users a choice as to whether they wish to use social media services, DFL only offers social sharing links. This ensures no data will be transferred to third parties without the express permission of the User. Only when the User activates the social media services, therefore consenting to connect with Facebook, Twitter, Google+ and WhatsApp, the contact with their services will be established and the social sharing links provided.

5.2 Email forwarding

The User can also share content of this APP via email by clicking on the email logo button or recommend this content. The email addresses of the recipients entered in by the User will not be used, processed or stored by DFL.

 

5.3 Android and iOS

In case an User uses an android or iOS device and clicks on the share button, the APP will - in addition to the aforementioned social media platforms and email forwarding function - show all applications which are installed on his end device and which offer a share function.

6. Further online services

6.1 Push notifications

DFL sends push notifications about clubs and selected events (news, videos, match day- and match-related information, e.g. goals, cards, players substitutions, as well as beginning and end of a match) to the User upon his or her selection during the first use of the APP or in the settings sections of the APP. The User can change his or her selection in the settings sections of the APP at any time.

 

The legal basis for processing is Art. 6 para. 1 a) GDPR (consent).

6.2 Zendesk

DFL uses the ticket system from Zendesk Inc. (USA) (“Zendesk”) for processing submitted requests and problems.

 

Further information are available in the data privacy statement of Zendesk. Data will be transmitted to the United States under the terms of Zendesk's approved Zendesk Binding Corporate Rules, which have been approved by the European Data Protection Authority on 19 May 2017 and are available online.

 

The legal basis for processing is Art. 6 para. 1 a) GDPR (consent).

 

7. Limited purpose for processing and using personal data 

All processing or use of personal data of the Users of the APP occurs only for the purposes mentioned in this Statement and to the extent necessary to achieve the respective purpose.

 

Personal data are not published by DFL or disclosed to unauthorized third parties.

 

Transmissions of personal data to government agencies and public authorities occurs only in accordance with mandatory national provisions in the law or if the disclosure is necessary in the case of attacks on the network infrastructure in order to pursue rights and for purposes of criminal prosecution.

 

The legal basis for processing is Art. 6 para. 1 c) GDPR in conjunction with § 24 para. 1 no. 1 b) German Data Protection Act [Bundesdatenschutzgesetz, "BDSG"].

 

8. Storage and deletion of personal data 

All stored personal data and pseudonymized usage data are deleted immediately and permanently as soon as the data are no longer needed for the purposes for which they were collected or the User demands this unless DFL is required by law to do preserve the data. If DFL is required on the basis of provisions in the law to preserve the data, the stored personal data and pseudonymized usage data will be permanently deleted upon expiration of the time periods for preserving data required by law.

 

9. Security 

DFL uses technical and organizational security measures in order to protect personal data of the Users against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security measures are continuously adapted in accordance with technological developments.

 

10. Links to other websites

The APP may contain links to other websites. This Statement applies solely to the APP. DFL has no influence over, and does not control whether other providers comply with applicable data protection provisions.

11. Rights of the User

The User has a right to information with regard to the stored personal data of the User. The User also has a right to have incorrect data corrected and to restriction of the processing and to have data deleted, as well as a right to object against the processing as well as the right for data transferability.

 

The User can contact DFL at info@bundesliga.com. The data privacy officer of DFL can be contacted at dataprivacy@bundesliga.com. Please not that only data privacy-related messages will be answered at this email address. For all other inquiries please use the email address info@bundesliga.com. 

 

It is pointed out that there is a right to file an objection with the supervisory authority.

12.   Applicability, validity and timeliness of this Statement

The provisions in this Statement on collection, processing and use of the User’s data apply for the User when using the Website. This Statement is current and is dated as of 25 May 2018. DFL reserves the right to amend this Statement at any time with effect for the future, especially for the purpose of adaption to a further development of the APP or application of new technologies.