Privacy policy

 

We are delighted that you are visiting our website. We take the protection of your privacy very seriously when it comes to the collection, processing and use of your personal data in accordance with legal requirements. On this page, we have summarised how we intend to handle your personal data.

We attach great importance to data protection. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the Datenschutzgrundverordnung (DSGVO).

1. Responsible party

The party responsible for the collection, processing and use of your personal data within the meaning of Article 4(7) of the GDPR is Olympiapark München GmbH, Spiridon-Louis-Ring 21, 80809 Munich, Managing Director Marion Schöne, Tel. 089/30 67-0, Fax 089/3067-2222, Email: info@olympiapark.de, Munich Local Court HRB 6971.

If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions, either in full or in relation to specific measures, you may address your objection to the data controller.

2. General purposes of processing

We use personal data for the purposes of operating the website, sending out newsletters and fulfilling contractual obligations.

3. What data we use and why

3.1. Hosting

The hosting services we use are intended to provide the following: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services, which we utilise for the purpose of operating the website.
In doing so, we, or our hosting provider, process inventory data, contact details, content data, contractual data, usage data, meta data and communication data relating to customers, prospective customers and visitors to this website on the basis of our legitimate interests in the efficient and secure provision of our website in accordance with Article 6(1)(f) of the GDPR in conjunction with Article 28 of the GDPR.
Servers are located exclusively in Germany or Europe.

3.2. Access data

We collect information about you when you use this website. We automatically collect information about your usage behaviour and your interaction with us, and record data about your computer or mobile device. We collect, store and use data relating to every visit to our website (known as server log files). This access data includes:

• Name and URL of the retrieved file
• Date and time of retrieval
• Data volume transferred
• Message about successful retrieval (HTTP response code)
• Browser type and version
• Operating system
• Referrer URL (i.e. the previously visited page)
• Websites that are called up by the user's system via our website
• Internet service provider of the user
• IP address and the requesting provider

We use this log data without assigning it to you personally for statistical evaluations for the purpose of operating, securing and optimizing our website, but also to anonymously record the number of visitors to our website (traffic) and the extent and type of use of our website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. This information allows us to provide personalized and location-based content and to analyze traffic, troubleshoot, and improve our services.

This is also our legitimate interest according to Art. 6 para. 1 p. 1 f) GDPR.

We reserve the right to subsequently review the log data if there is a justified suspicion of unlawful use based on concrete indications. We store IP addresses in the log files for a limited period of time (usually 14 days) if this is necessary for security purposes. We delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offense in connection with the use of our website.

3.3. Cookies

We use so-called session cookies to optimize our website. A session cookie is information that is sent by the respective servers when you visit a website and is temporarily stored by your browser on your hard drive. This information contains a so-called session ID, with which various requests of your browser can be assigned to the common session. These cookies are deleted after you close your browser. They are used, for example, to enable you to use the shopping cart function across multiple pages.

We also use persistent cookies (also information stored on your device), which remain on your device and allow us to recognize your browser the next time you visit. These cookies are stored on your hard drive and delete themselves after the specified time. Their lifespan is between one day and 14 months. This allows us to present our offer to you in a more user-friendly, effective and secure manner and, for example, to display information on the page that is specifically tailored to your interests.

Our legitimate interest in the use of cookies pursuant to Art 6 (1) p. 1 f) GDPR is to make our website more user-friendly, effective and secure. The following data and information are stored in the cookies:

• Log-in information
• Language settings
• entered search terms
• Information about the number of visits to our website and the use of individual functions of our website.

When the cookie is activated, it is assigned to an identification number. An assignment of your personal data to this identification number is not made. Your name, your IP address or similar data that would allow the cookie to be assigned to you are not stored in the cookie. Based on the cookie technology, we only receive pseudonymized information, for example, about which pages of our store were visited, which products were viewed, etc.

3.4. CookieBot Consent Management Platform

1. Scope of data collection, processing and use

The website uses the Cookiebot tool provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter ‘Cookiebot’) to provide a Consent Management Platform (abbreviated to ‘CMP’) or a cookie banner, a system that manages the use of third-party providers, technical measures and cookies based on consent granted or refused.

2. Purpose and legal basis of the processing

The purpose of data processing using Cookiebot is to provide and manage the consents given by our website visitors in order to ensure that consent management complies with data protection regulations. Cookiebot is used to record consents that have been given and those that have not, and to manage the individual privacy settings of our website visitors. The processing is carried out for the purpose of obtaining the website visitor’s consent, providing options to withdraw consent and object, verifying the consent given, and assigning the user to manage their individual data protection settings.

The use of a consent management platform, as well as the management and storage of your consents to the processing of your personal data, is based on our legal obligation to provide a website that complies with data protection regulations (Art. 6(1)(c) GDPR). The legal basis for the use of Cookiebot is also Art. 6(1)(f) GDPR. Our legitimate interest lies in the legally compliant documentation and verifiability of consents, as well as in the management of our analytics campaigns based on your consent through the use of specialised services and the associated technical implementation.

3. Opting out and removal options

Browser settings: Cookies are stored on your device and transmitted to us from there. As a user, you therefore have full control over the use of cookies. You can generally configure your web browser so that no cookies are stored on your computer. To do this, you can disable the relevant option in your browser’s settings. However, this may mean that certain features of our website are unavailable.

Here you can find out about the settings options for the most commonly used browsers:

• Edge: https://support.microsoft.com/de-de/microsoft-edge/ 
• Firefox: http://support.mozilla.org/de/kb/cookies-informationen-websites-auf-ihrem-computer 
• Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&answer=95647 
• Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac 
• Opera: https://help.opera.com/de/latest/web-preferences

3.5. Web analytics using Matomo (formerly PIWIK)

On the basis of Article 6(1)(f), we use the open-source software tool Matomo (formerly PIWIK) on our website to analyse our users’ browsing behaviour. This provides us with information about the use of the individual components of our website, which helps us to continuously improve our website and its user-friendliness. The software places a cookie on the user’s computer. When individual pages of our website are accessed, the following data is stored in addition to the data mentioned in 3.2:

1. Two bytes of the IP address of the user’s accessing system
2. The website accessed
3. The website from which the user arrived at the accessed page (referrer)
4. The subpages accessed from the website visited
5. The length of time spent on the website
6. The frequency of visits to the website
7. The search terms entered by users into our search field

The software runs exclusively on our website’s servers. Users’ personal data is stored only there. By anonymising IP addresses, we take sufficient account of users’ interest in the protection of their personal data.

The data is not disclosed to third parties.

The data will be deleted as soon as it is no longer required for our record-keeping purposes, at the latest after 180 days. Cookies are stored on the user’s computer and transmitted from there to our website. As a user, you therefore have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your web browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. We offer our users the option to opt out of the analytics process on our website. To do this, you must follow the relevant link. This will set an additional cookie on your system, which signals to our system not to store the user’s data. If the user deletes the relevant cookie from their own system in the meantime, they must set the opt-out cookie again. 

3.6. Sentry

We use the error analysis service “Sentry” provided by Functional Software Inc. dba Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA, on our website.

Sentry is used for the technical monitoring of our website’s stability and for identifying programming errors on our website. This results in data being transmitted to the provider, e.g. your IP address, product and version information regarding the browser and operating system used (so-called user agent), the website from which you accessed our site (so-called referrer), the date and time of the request and, where applicable, your internet service provider, and data relating to the time of the error. The legal basis for the use of Sentry is Article 6(1)(f) of the GDPR. We have a legitimate interest in the technical error analysis of our website, which does not override the users’ interest in privacy.

Functional Software Inc. complies with the requirements of the ‘EU-US Data Privacy Framework’. The Privacy Framework Agreement governs the protection of personal data transferred from a Member State of the European Union to the USA. It ensures that the data transferred is subject to a level of data protection in the USA that is comparable to that of the European Union. You can view the list of certified companies here: https://www.dataprivacyframework.gov/s/participant-search.


Sentry’s Data Privacy Addendum can be found at https://sentry.io/legal/dpa/. Further information on data usage at Sentry can be found in the provider’s privacy policy: https://sentry.io/privacy/.

4.  Further data processing

4.1 Data for the fulfillment of our contractual duties

We process personal data that we need to fulfill our contractual obligations, such as name, address, e-mail address, ordered products/event services, billing and payment data. The collection of this data is necessary for the conclusion of the contract.

The deletion of the data takes place after the legal retention periods have expired. Data that is linked to a user account (see below) is retained for the duration of the management of this account.

The legal basis for the processing of this data is Art. 6 para. 1 p. 1 b) GDPR, because this data is needed so that we can fulfill our contractual obligations to you.

4.2 Data from Business Partners and Data that we Process within the Framework of Tenders

We process personal data that we consider to be in our legitimate business interest in order to fulfil our contract. This includes, for example, the obligations associated with our contract for awarding contracts and also the maintenance of other business relationships with business partners, such as suppliers and service providers. For this purpose, we process contact data such as e-mail addresses and telephone numbers, information about requested or ordered products and services. In some cases, we also process data of employees of our business partners, for example in order to be able to control access to our premises and events. The processing of this data is necessary for the fulfilment of our orders.
We only keep your data for as long as is necessary for the fulfilment of our tasks, taking into account statutory retention periods. After expiry of the retention period, your data will be deleted.
The legal basis for the processing of this data is Art. 6 para. 1 p. 1 b) GDPR, insofar as it is in connection with pre- and contractual measures, and Art. 6 para. 1 p. 1 f) GDPR, insofar as it is in our legitimate interest.

4.3 User Accounts

When using our website, we offer you the option of creating a user account for various purposes, such as ordering from our webshop or booking our SoccArena premises. This saves you having to re-enter your data for repeated purchases or bookings. The account is created with your consent, so we process your data on the legal basis of Art. 6 para. 1 p. 1 a) GDPR. Your booking data will be automatically deleted after two years. Your user account is automatically deleted after two years of inactivity.

In addition to the personal data required within the meaning of Art. 6 para. 1 p. 1 b) GDPR for the establishment and fulfilment of the contract (e.g. title, first and last name, address, e-mail address, if applicable also user names as well as billing and payment data), you can also provide us with further data on a voluntary basis; mandatory data is marked with * in each case. In the context of bookings by companies, we process your name and contact details on the basis of our legitimate interest, Art. 6 para. 1 p. 1 f) GDPR.

In addition to the data listed above, we process the time of registration and the time of login for our user accounts, for example. This is done due to legal requirements (Art. 6 para. 1 p. 1 c) GDPR) and to optimise our offer based on our legitimate interest, Art. 6 para. 1 p. 1 f) GDPR.

In our Olympiapark Webshop, you can also place orders via guest access. In this case, you will have to enter the data required for the order again for repeat orders.

For payment processing, we use service providers who, from a data protection perspective, are their own data controllers and take care of the security of the payment services provided by them accordingly. In addition, the General Terms and Conditions of Business and Data Protection of the following payment service providers apply:

 

• If the credit card payment method is selected, the payment is made via Saferpay, an e-payment platform of SIX Payment Services (Europe) S.A., Theodor-Heuss-Allee 108, 60486 Frankfurt am Main.
• If you select the payment method Sofortüberweisung, payment will be made via Klarna GmbH, Theresienhöhe 12, 80339 Munich.

4.4 Application Procedure

We process your data as part of the application process for the purpose of selecting suitable candidates. The legal basis for this data processing is the implementation of pre-contractual measures in accordance with Art. 6 para. 1 b) GDPR in conjunction with § 26 BDSG. Your data will be passed on internally to the managers involved in the decision to fill the respective positions, as well as to the staff representatives, the Equal Opportunities Officer and the representation of severely disabled persons, if applicable. Data will not be passed on to third parties or to third countries. Your data will be deleted no later than 6 months after the end of the application procedure. Retention within these time limits is necessary for legal reasons in the event of any legal action (especially possible assertion of claims under the General Equal Opportunities Act). The collection of the data is necessary for the conclusion of a contract between you and us. If you request the deletion of your application data during the application process, this will be considered as a withdrawal of your application.

4.5 E-mail Contact

If you contact us (e.g. via contact form or e-mail), we process your data to process the request and in case follow-up questions arise.

If the data processing is carried out for the implementation of pre-contractual measures, which are carried out upon your request, or, if you are already our customer, for the implementation of the contract, the legal basis for this data processing is Art. 6 para. 1 p. 1 b) GDPR.

We only process further personal data if you consent to this (Art. 6 para. 1 p. 1 a) GDPR) or we have a legitimate interest in processing your data (Art. 6 para. 1 p. 1 f) GDPR). A legitimate interest is, for example, to respond to your email that is not subject of contractual or precontractual measures.

4.6 Invitation management / participation in events

1. Description and scope of data processing

On our website and on selected invitations from Olympic Park Munich GmbH, you have the opportunity to register for one of our events (e.g. customer events, concerts, sporting events - hereinafter collectively referred to as ‘events’). We collect and process personal data if you also participate in our events. The scope of the personal data processed and which personal data is processed in individual cases may vary depending on the event. This includes the following data in particular:

1. Your first name and surname;
2. Your date of birth;
3. Your contact details (e-mail address, telephone number);
4. Your address data;
5. if applicable, details of the company and details of your position;
6. the fact of participation and the result of participation;
7. correspondence about the event, if applicable.

Further information can be found in the conditions of participation for each event. The personal data processed from participants is also made transparent at each event. Mandatory information (*) and voluntary information will be made recognisable when the data is collected in our forms.

We would like to point out that we use the data provided to us in connection with your registration for one of our events for direct advertising about similar products and events (in accordance with Section 7 (3) UWG). We send this information regardless of whether you have subscribed to our newsletter or not. Your data will not be passed on to third parties. If you do not wish to receive this information about similar products, you can informally object to this at any time using the contact details given above without incurring any transmission costs. Alternatively, you can also use the unsubscribe link contained in every e-mail.

For the technical implementation of our invitation management, we currently work together with the service provider listed below, which processes the data provided to us as part of your registration for the event in compliance with the necessary data security measures as a contractor within the meaning of Art. 28 GDPR and provides us as the organiser with the software-as-a-service platform for the implementation of the registration process, ticket purchase, communication with our event participants and admission management during the event. The contractual relationship has been agreed.

• doo GmbH, Hultschiner Straße 8, 81677 Munich. Further information on the processing of personal data by doo GmbH can be found here.

2. Legal basis and purpose of data processing

We process your data in connection with your registration for one of the events in order to enable participation (Art. 6 para. 1 lit. b GDPR). Participation in such events is voluntary, but not possible without the processing of personal data. The legal basis for the processing of your email address for the purpose of sending direct advertising is Section 7 (3) UWG.

3. Duration of storage

The data is deleted from the system and the forms used are destroyed as soon as they are no longer required to fulfil the purpose for which they were collected. For the personal data provided to us for the event, this is the case when the respective event has ended and, in individual cases, statutory retention periods have expired.

Unless there is a legal obligation to temporarily store data or you have explicitly consented to this, all personal data stored in connection with the event will be destroyed after the end of the participation phase.

5. Integration of Media Plugins

5.1 Integration of YouTube

1. Description and scope of data processing

Our website uses a plug-in from the provider YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA or Google Ireland Limited, Gordon House, 4 Barrow St, Dublin 4, Ireland (hereinafter YouTube or Google) to integrate videos.
The content of the plug-in is transmitted directly from YouTube to your browser through a connection to the YouTube servers, which then integrates it into the website. This transmits your visit to the website to YouTube.

We integrated the YouTube plugin using the no-cookie option. But if you are logged in to YouTube with your user account, YouTube can assign the information obtained to your respective account through the use of the plug-in. In this case, the information is transmitted to your personal user account at YouTube and stored there by YouTube.

Through the use of YouTube and your visit to our website, on which the plug-in for the integration of YouTube content is used, data (including date and time of your visit to our website, location information, URL of the accessed website, search terms) are generally collected, processed and stored. By calling up the YouTube video on our website, YouTube or Google can independently store cookies via your browser on your computer or mobile device. In addition, Google can store and evaluate your IP address and our website, as a starting point, via an interface. For more information on the processing of data by YouTube or Google, we refer to the privacy policy of Google. We have no influence on the data and data processing operations collected by YouTube, nor is the full extent of the data collection, the purposes of processing, the storage periods and the storage location known. There is also no information available on the deletion of the collected data by YouTube.

Further information and the applicable data protection provisions of the operator can be found at https://www.youtube.com/t/terms and https://policies.google.com/privacy?hl=en.      
In order to avoid an unauthorized and uncontrolled flow of data from the time you visit our website, we implement the integration of the plug-in with a so-called consent solution, i.e. YouTube and Google may only set cookies or receive information about your visit to our website if you have actively clicked on the plug-in to play the YouTube video or have consented to the display of YouTube videos via our cookie banner. By visiting our website without confirmation on your part by way of the consent solution, no data is transmitted to YouTube or Google.

2. Purpose and legal basis for the data processing

YouTube is embedded on our website to enable the display and playback of videos or similar YouTube content.
The legal basis for the processing of personal data is your consent in this regard, given through voluntary use or by clicking on the content provided, or the consent given via the cookie banner provided by Cookiebot (Art. 6(1)(a) GDPR).

3. Possibility of objection and/or erasure

However, you can object to the collection, storage and use of information by YouTube or Google at any time with effect for the future by installing the deactivation add-on provided by Google or by adjusting your browser settings so that cookies cannot be stored.

You can revoke your consent to data processing by YouTube or Google via the cookie banner provided by us at any time for the future. By changing the check mark at YouTube under "Marketing" in the cookie banner, you prevent technical measures from being carried out and cookies from being set. The cookie settings can be accessed at any time via the link described under “Cookies” ("change consent") in the privacy policy.

5.2 Integration of Spotify

1. Description and scope of data processing

Our website uses plugins or embedded content from the music streaming service Spotify (Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden).

When you visit our website and consent to the use of Spotify, a direct connection is established between your browser and Spotify’s servers. This informs Spotify that you have visited our site via your IP address. In addition, technical information, such as browser and device details, the time of the visit, and information regarding the use of the embedded content, may be transmitted to Spotify.

This means that Spotify can associate your visit to our site with your Spotify user account if you are logged into your Spotify account. Please note that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Spotify.

Further information on data processing by Spotify can be found in Spotify’s privacy policy at: https://www.spotify.com/de/legal/privacy-policy/.

2. Purpose and legal basis for data processing 

The legal basis for the processing of personal data is your consent, either through voluntary use or by clicking on the content provided, or through consent via the cookie banner (Art. 6(1)(a) GDPR)

3. Right to object and right to erasure 

You can withdraw your consent to data processing by Spotify at any time with future effect via the cookie banner provided by us. By changing the tick next to Spotify under ‘Marketing’ in the cookie banner, you prevent the technical measures from being carried out. The cookie settings can be accessed at any time via the link described in the privacy policy under ‘Cookies’ (‘Change consent’).

5.3 Integration of Vimeo

1. Description and scope of data processing

Our website uses plug-ins from the provider Vimeo LLC, 555 West 18th Street, New York 10011 (hereinafter referred to as "Vimeo") to integrate videos. The content of the plug-in is transmitted directly from Vimeo to your browser through a connection to the Vimeo servers and integrated into the website by Vimeo.

If you are logged in to Vimeo with your user account, Vimeo can assign the information obtained to your account by using the plug-in. In this case, the information will be transmitted to your personal user account at Vimeo and stored there. Since Vimeo collects data in particular via cookies, we also recommend that you delete all cookies via the security settings of your browser.

By default, we have included our videos with the "Do-No-Track" setting. As a result, Vimeo cannot set third-party cookies via the plug-in on your device. We have no influence on the data collected by Vimeo and data processing operations, nor is the full scope of the data collection, the purposes of the processing, the storage periods and the storage location known. There is also no information available on the deletion of the collected data by the provider. Further information on the purpose and scope of data processing, as well as your rights in this regard and setting options for the protection of your privacy can be found in vimeo's terms of use and data protection at https://vimeo.com/privacy.

2. Purpose and legal basis for the data processing

Vimeo is integrated into our website to enable the display and playback of videos or similar Vimeo content.
The legal basis for the processing of personal data is your consent in this regard, given through voluntary use or by clicking on the content provided, or the consent given via the cookie banner provided by Cookiebot (Art. 6(1)(a) GDPR).

3. Possibility of objection and/or erasure

You can revoke your consent to data processing by Vimeo via the cookie banner provided by us at any time for the future. By changing the check mark at Vimeo under "Marketing" in the cookie banner, you prevent technical measures from being carried out. The cookie settings can be accessed at any time via the link described under “Cookies” ("change consent") in the privacy policy.

5.4 Integration of SoundCloud

1. Description and scope of data processing

Our website uses plugins of the SoundCloud social network (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, UK).

When you visit our site and consent to the use of SoundCloud, a direct connection between your browser and the SoundCloud server is established. This enables SoundCloud to receive information that you have visited our site from your IP address. This means that SoundCloud can associate visits to our pages with your user account when you are logged in into your SoundCloud account. We would like to point out that, as the provider of these pages, we have no knowledge of the content processed by SoundCloud. For more information on SoundCloud's privacy policy, please go to soundcloud.com/pages/privacy.

2. Purpose and legal basis for data processing

SoundCloud is integrated into our website to enable the display and playback of audio content, podcasts or similar SoundCloud content.
The legal basis for the processing of personal data is your consent in this regard, given through voluntary use or by clicking on the content provided, or the consent given via the cookie banner provided by Cookiebot (Art. 6(1)(a) GDPR).

3. Possibility of revocation, objection and elimination

You can revoke your consent to data processing by SoundCloud via the cookie banner provided by us at any time for the future. By changing the check mark at SoundCloud under "Marketing" in the cookie banner, you prevent technical measures from being carried out. The cookie settings can be accessed at any time via the link described under “Cookies” ("change consent") in the privacy policy.

6. Usage of our Social Media Channels

The Olympiapark München GmbH (following referred to as “Olympiapark München” or “we”) is active and present within social networks and platforms in order to communicate with interested parties and users and to inform them about activities and events at the Olympiapark München. We operate pages (following referred to as “profile” or “social media profile”) in social networks for the purpose of information, communication and interaction. When visiting our profiles, the user's personal data is processed, including the content shared by the user, user behavior, the name provided and other information provided by the user in their profile in a publicly visible manner. The data entered by the user, in particular the user name and the content published under the user's account, such as comments, videos, likes, public messages, etc., are published by the respective provider of the social media platform.

In order to comply with the required transparency obligation, we provide information about the processing and use of your personal data for each social media platform, as we are aware of it and can influence it.

Note: The social media profiles are not for persons under the age of 16. We ask persons under the age of 16 to not provide us with any personal data. If we have collected personal data from persons under the age of 16, we will immediately take steps to delete this data. If you become aware that a user of our profiles is under the age of 16, please contact us at dsb.extern@olympiapark.de. We will treat this information as strictly confidential.

The logos of social media providers are displayed on our website. These logos or icons function as external links, so that no personal information is transmitted to one of these providers without clicking on one of the icons. If the user clicks on one of the logos, he or she will be redirected to the website of the respective provider. Information on the processing of personal data by the respective providers can be found in their privacy policies: