Privacy Statement and Cookie Directive
for the Official Fantasy Bundesliga APP (“APP“) of the DFL Deutsche Fußball Liga GmbH, Guiollettstrasse 44-46, D-60325 Frankfurt am Main ( “DFL“).
DFL processes and uses personal data which are collected and stored when installing and using the APP in compliance with the applicable data privacy provisions in the Federal Republic of Germany. This Privacy Statement and Cookie Directive (hereinafter together: the “Statement”) sets out which data of the User is captured and how this information is processed and used.
1. Personal data
Personal data are all information which relate to an identified or identifiable natural person. A natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, for example, the name, personalized email addresses, the residential address, the telephone number or the date of birth.
2. Data collection, processing and use during installation and when accessing the APP
The following data are automatically protocolled on the server of DFL when installing the APP and each time the User later accesses the APP:
· IP address of the end device
· date and time of installation
· date and time of access
· name and URL of accessed page
· transferred data volume
· access status (data file transferred, data file not found etc.)
· recognition data of the used browser software and operating system of the User’s end device
· name of the User's Internet service provider
· information about the website visited by the User before
The collection, processing and use of these data occur for the purpose of enabling the use of the APP, system security as well as technical administration of the network infrastructure. A comparison with other data sets or communication to third parties, including in excerpts, does not take place.
The legal basis for processing is Art. 6 para. 1 a) of the European General Data Protection Regulation (“GDPR”).
Additional reference is made to Clause 5 with regard to the collection, processing and use of data for the purposes of analyzing the use of the APP and its optimization through web analysis.
3. Data collection, processing and use in the context of registration and login
3.1 Registration and Login
DFL uses the Customer Identity Management Platform provided by Gigya Inc. (USA) ("Gigya“) for the registration for the Official Bundesliga Fantasy Manager and the login. The use of these data will only be processed for the purposes of enabling the use and the technical administration of the Official Bundesliga Fantasy Manager. The legal basis for processing is Art. 6 para. 1 a) GDPR and Art. 6 para. 1 b) GDPR.
3.2 Social Logins
The social login function which is also provided by Gigya allows the User to log in with his/her social media account at Facebook or Twitter. The legal basis for processing is Art. 6 para. 1 a) GDPR. The following privacy notices regarding the data transmission apply in addition to Clause 7 for sharing the APP’s content.
If the User logs in using Facebook, the following data transfers will take place:
· The transmission of information and user data (visited pages, activated fields) to Facebook, with the possibility for Facebook to merge these data with the data relating to the User. Data will then also be transmitted to the US with possible data access by national security authorities without ensuring an European level of data protection. Facebook is a registered member of the EU-US Privacy Shield .
· The transmission of certain information from the User’s Facebook account to DFL with the consequence that in addition to the data outlined in this Statement (IP address), the following information is transmitted to DFL:
- Profile picture,
- first name and last name,
- email address,
- language and
- time zone.
IF THE USER DOES NOT WANT TO SHARE THIS INFORMATION, THE USER SHOULD USE THE REGULAR LOGIN VIA THE PASSWORD GENERATED BY HIM OR HER.
If the User logs in using Twitter, the following data transfers will take place:
· The transmission of information and user data (visited pages, activated fields) to Twitter with the possibility for Twitter to merge these data with the data relating to the User. Data will then also be transmitted to the US with possible data access by national security authorities without ensuring an European level of data protection. Twitter is a registered member of the EU-US Privacy Shield.
· The transmission of certain information from the User’s Twitter account to DFL with the consequence that in addition to the data (IP address) outlined in this Statement (IP address) the following information is transmitted to DFL:
- Profile picture, as well as
- first name and last name.
IF THE USER DOES NOT WANT TO SHARE THIS INFORMATION THE USER SHOULD USE THE REGULAR LOGIN VIA THE PASSWORD GENERATED BY HIM OR HER.
3.3 "Keep me logged in" Function
When the User selects the function “Remember me”, his/her login (email address, password) will be stored. After the end of a session (either through logging out or by clearing the User’s browser’s history and cache) or at least after six months, the User must log in again. In order to prevent unauthorized account access, the User should not choose this function on an end device also used by others. If the User does not select this function, the User will be logged out automatically when closing the APP.
3.4 Publication of information
The User has agreed that in a case of winning, his/her first name and the first letter of his/her surname, as well as the country will be published in the official tele-media and/or social media of DFL, as well as that the ranking lists of the Official Fantasy Bundesliga are publicly available on the official website www.bundesliga.com and in the APP.
4. Push Notifications
DFL uses the technology provided by Urban Airship Inc., 1417 NW Everett St, Suite 300, Portland OR 97209, USA ("Urban Airship") to send the push notifications to the User. The User can activate and deactivate push notifications in the settings of the APP at any time. More information can be found in Urban Airship's privacy statement. The legal basis for processing is Art. 6 para. 1 a) GDPR.
5.Data collection, processing and use in the context of web analysis with Google Analytics
The information about the use of this APP by a User produced by the cookie is normally transmitted to a server of Google in the USA and stored there.
However, DFL has expanded Google Analytics with the code “gat._anonymizeIp();“ in order to assure anonymized collection of IP addresses (so-called IP masking). This means that the IP addresses of Users of Google are shortened within the Member States of the European Union or in other States which are a party to the Convention on the European Economic Area before the transmission to the USA. So, the full IP address is only transmitted to a server of Google in the USA and shortened there only in exceptional situations. Google is a registered member of the EU-US Privacy Shield.
Upon request of DFL, Google will use this information in order to analyze the use of the APP by the Users for the purpose of compiling reports about the APP activity and to provide additional services to DFL which are related to the use of the APP and Internet use. Google does not merge the IP address of a User’s browser with other data under Google Analytics.
The User can prevent the storage of cookies with a corresponding setting on the User's browser software. The User can also prevent the collection by Google Analytics by opting-out below or in the settings sections of the APP. Opting-out prevents the future collection of the User's data when using the APP.
Tracking by Google Analytics
However, DFL hereby informs the User that in this case it is possible that the User cannot completely use all functions of this APP.
Further information about the terms and conditions of use and data protection are available in the Google Analytics Terms of Service and Google Analytics Overview.
The legal basis for processing is Art. 6 para. 1 f) GDPR, whereby the legitimate interest for DFL results from the fact that, in the first place, DFL has an interest in evaluating the APP data for purposes of its optimization. Secondly, a data subject can reasonably foresee that data might possibly be processed for this purpose at the time the personal data is collected and in light of the circumstances under which this occurs (especially the above-mentioned measures).
6. Special terms and conditions for the Bundesliga Newsletter
The users of the Bundesliga Newsletter are assigned a UserID, which allows DFL to determine when the respective Bundesliga Newsletter was opened and which links or functions from the respective Bundesliga Newsletter were activated. This tracking (tracing) takes place for the internal optimization of the Bundesliga Newsletter. These data will not be disclosed. The legal basis for this data processing is Art. 6 para. 1 f) GDPR, whereby the legitimate interest for DFL results from the fact that, in the first place, DFL has an interest in optimizing such services. Secondly, the User will not incur any particular disadvantages when comparing the User’s reasonable expectations based on his or her relation to DFL as the APP operator and newsletter provider. If the User of the Bundesliga Newsletter does not want this tracking to take place, he/she can unsubscribe from the Bundesliga Newsletter.
7. Sharing of content
DFL provides users of the APP with the opportunity to share the APP's content. The legal basis for the following processing is Art. 6 para. 1 a) GDPR.
7.1 Use of social media platforms Facebook, Twitter, Google+, Instagram and WhatsApp
Users can share the APP's content on the social media services provided by Facebook, Twitter, Google+, Instagram and WhatsApp.
The use of these plugins will normally result in the transfer of data to Facebook, Twitter, Google+ or WhatsApp with each content visited without the User's explicit permission. Along with the web address of the content visited, an identifier will also be transmitted which enables a direct connection to be made between the User and his/her profile on the respective platform.
The platform operators do not pass on any specific details pertaining to what other data is transmitted. The platform operators are moreover constantly developing their services and make available information about how the accompanying data is used. The currently valid data protection regulations of the platform providers can be found here: Facebook, Twitter, Google+ , Instagram and WhatsApp.
In order to prevent any unwanted transmission of Users' data to Facebook, Twitter, Google+, Instagram and WhatsApp, and to give Users a choice as to whether they wish to use social media services, DFL only offers social sharing links. This ensures that no data will be transferred to third parties without the permission of the User. Only when the User activates the social media services, therefore consenting to connect with Facebook, Twitter, Google+, Instagram and WhatsApp, the connection with their services will be established and the social sharing links be provided.
7.2 Email forwarding
The User can also share content of this APP via email by clicking on the email logo button and recommend this content. The email addresses of the recipients entered by the User will not be used, processed or stored by DFL.
7.3 Android and iOS
In case an User uses an android or iOS device and clicks on the share button, the APP will - in addition to the aforementioned social media platforms and email forwarding function- show all applications which are installed on the User's end device and which offer a share function.
8. Feedback service
9. Limited purpose for processing and using personal data
All processing or use of personal data of the User occurs only for the purposes mentioned in this Statement and to the extent necessary to achieve the respective purpose.
Personal data are not published by DFL or disclosed to unauthorized third parties.
Transmissions of personal data to government agencies and public authorities occur only in accordance with mandatory national provisions in the law or if the disclosure is necessary in the case of attacks on the network infrastructure in order to pursue rights and for purposes of criminal prosecution. The legal basis for this processing is Art. 6 para. 1 c) GDPR in conjunction with § 24 para. 1 no. 1 b) German Data Protection Act [Bundesdatenschutzgesetz, "BDSG"].
10. Storage and deletion of personal data
All stored personal data and pseudonymized usage data are deleted immediately and permanently as soon as the data are no longer needed for the purposes for which they were collected or if the User demands this unless DFL is required by law to preserve the data. If DFL is required on the basis of provisions in the law to preserve the data, the stored personal data and pseudonymized usage data will be permanently deleted upon expiration of the time periods for preserving data required by law.
DFL uses technical and organizational security measures, in order to protect personal data of the Users against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security measures are continuously adapted in accordance with technological developments.
12. Links to other websites
The APP may contain links to other websites. This Statement applies solely to the APP. DFL has no influence over, and does not control whether other providers comply with applicable data protection provisions.
13. Rights of the User
The User has a right to information with regard to the stored personal data of the User. The User also has a right to have incorrect data corrected and to restriction of the processing and to have data deleted, as well as a right to object against the processing as well as the right for data transferability.
The User can contact DFL at firstname.lastname@example.org. The data privacy officer of DFL can be contacted at email@example.com. Please not that only data privacy-related messages will be answered at this email address. For all other inquiries please use the email address firstname.lastname@example.org.
It is pointed out that there is a right to file an objection with the supervisory authority.
14. Applicability, validity and timeliness of this Statement
The provisions in this Statement on collection, processing and use of the User’s data apply for the User when using the APP. This Statement is current and is dated as of 25 May 2018. DFL reserves the right to amend this Statement at any time with effect for the future, especially for the purposes of adaption to a further development of the APP or the implementation of new technologies.