Data Privacy Statement
The following Data Privacy Statement applies for the use of all services available at
[www.isb-data.com] and
[www.isb-data.net], hereinafter “Website”.
We consider your data privacy to be of utmost importance. The collection and processing of your data occurs in accordance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data to enable us to provide the above portal. This Data Privacy Statement describes how and for what purposes your data is collected and used and what options are available to you in connection with the management of your personal data.
By using this website, you agree to the collection, use and transmission of your data in accordance with this Data Privacy Statement.
The Data Privacy Statement provides information about the nature, scope and purpose of the processing of personal data (hereinafter referred to as “Data”) within our online offering and its associated web pages, functions and content (hereinafter collectively referred to as “Online Offering”). For explanations of specific terms used in this Data Privacy Statement (e.g. “processing” or “data controller”), please refer to the definitions given in Art. 4 of the EU General Data Protection Regulation (GDPR).
Data Controller
ISB - International Soccer Bank GbR
Am Hacklberg 2
92660 Neustadt / WN
Phone: + 49 (0) 96 02 - 91 82 68
Fax: + 49 (0) 96 02 - 91 84 38
Email: info@isb-data.com
Represented by:
Jürgen Kost, Thomas Kost
Types of Data We Process:
- User-related data (e.g. names, addresses).
- Contact data (e.g. email, telephone number).
- Content data (e.g. text inputs, photographs, videos).
- Usage data (e.g. web pages visited, interest in content, access times).
- Meta / Communication data (e.g. device information, IP addresses).
Purpose of Processing
- Provision of the Online Offering, its functions and content.
- Responding to contact requests and communicating with users.
- Security measures.
- Advertising performance / Marketing
Terms Used
“Personal data” is defined as any information relating to an identified or identified natural person (hereinafter “Data Subject”), whereby a natural person is considered as identifiable if they can be directly or indirectly identified, particularly by reference to an identifier such as a name, an ID number, location data, an online identifier (e.g. cookie) or one or more particular characteristics that are indicative of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
“Processing” is defined as any operation or set of operations performed on personal data, whether or not by automated means. The term is wide-ranging and encompasses virtually any way of handling or engaging with data.
A “Data Controller” is defined as a natural or legal person, authority, institution or other body who – either alone or jointly in common with other persons – determines the purposes and the manner of the processing of personal data.
Legal Basis
Pursuant to the provisions of Art. 13 GDPR, we are required to disclose the legal basis for our data processing activities. Insofar as the legal basis is not explicitly stated in this Data Privacy Statement, the following applies: the legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR; the legal basis for processing for the purpose of rendering services, implementing contractual measures and/or responding to requests is Art. 6 para. 1 lit. b GDPR; the legal basis for processing for the purpose of fulfilling our legal obligations is Art. 6 para. 1 lit. c GDPR; and the legal basis for processing in conjunction with the protection of our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that the vital interests of the Data Subject or another natural person necessitate the processing of personal data, Art. 6 para. 1 lit. d GDPR applies.
Security Measures
Please check back regularly for updates to the content of this Data Privacy Statement. We will modify the Data Privacy Statement whenever this becomes necessary as a result of changes to type of data processing we carry out. We will notify you of these changes if they involve any need for action on your part (e.g. the granting of consent) or if personal notification is otherwise required.
Furthermore we inform that a passing on of access-data is strictly forbidden. A disregard follows an immediate account lockout and legal actions.
Cooperation with Joint Processors and Third Parties
Insofar as we disclose data to other persons (joint processors or third parties) within the scope of our processing activities, or where we transmit data to these persons or otherwise grant them access to data, this will occur exclusively on the basis of our legal authorisation to do so (e.g. when the transmission of data to third parties such as payment providers is required for the performance of a contract pursuant to Art. 6 (1) lit. c GDPR), where you have given your consent, where a legal obligation exists in this regard or on the basis of our legitimate interests.
Transmission to Third Countries
Insofar as we process data in a third country (outside the European Union (EU) or the European Economic Area (EEA)) or disclose or transmit data to third parties in connection with our engagement of third party services, this will only be carried out for the purpose of fulfilling our (pre-)contractual duties, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will process the data (or have it processed) in third countries only in situations where one of the conditions laid out in Art. 44 ff GDPR applies – in other words, if the processing is carried out on the basis of special guarantees (e.g. “Privacy Shield” in the USA) or in order to adhere to standard contractual clauses.
Rights of Data Subjects
You have the right to request confirmation about whether or not personal data relating to you is being processed. You also have the right to request the disclosure of information about this data, further information and copies of this data pursuant to Art. 15 GDPR.
Pursuant to Art. 16 GDPR, you have the right to obtain completion of incomplete data or the rectification of personal data pertaining to you which is inaccurate.
Pursuant to Art. 17 GDPR, you have the right to obtain the immediate erasure of personal data pertaining to you or, alternatively, to restrict the processing of personal data pursuant to the provisions of Art. 18 GDPR.
Pursuant to Art. 20 GDPR, you have the right to receive any personal data concerning you that you that has been provided to us as the controller and to request its transmission to another controller.
Pursuant to Art. 77 GDPR, you also have the right to lodge a complaint with a supervisory authority.
Right to Withdraw Consent
Pursuant to Art. 7 (3) GDPR, you have the right to withdraw your consent at any time with effect for the future.
Right to Object
Pursuant to Art. 21 GDPR, you have the right, at any time, to object to the future processing of data concerning you. In particular, you may object to processing for direct marketing purposes.
Cookies and the Right to Object to Direct Marketing
“Cookies” are small files that are saved on the user’s computer and can be used to store a variety of information. Cookies serve primarily to store information about a user (or the user device on which the cookie is stored) during or after the respective user session with the Online Offering. “Temporary cookies” (also known as “session cookies” or “transient cookies”) are cookies that are deleted as soon as a user leaves the Online Offering and closes their browser. This type of cookie might, for example, be used to store the contents of a user’s shopping basket or to remember their login status during a session. “Permanent” or “persistent” cookies are cookies that remain stored even once the browser is closed. They may be used to remember the user’s login status when they return to the website after several days, or to store information about the user’s interests for tracking advertising effectiveness or carrying out marketing activities. “Third-party cookies” are cookies set by external providers – i.e., by providers other than the data controller who operates the Online Offering. Cookies set by the data controller are referred to as “first-party cookies”.
Our Online Offering makes use of both temporary and permanent cookies. Our use of these cookies is explained within this Data Privacy Statement.
If a user does not wish cookies to be stored on their computer or device, they are kindly requested to deactivate the corresponding option in their browser settings. Previously stored cookies can also be deleted there. Please note that the blocking of cookies can lead to limitations in the functionality of the Online Offering.
If you wish to object generally to the use of cookies for online marketing purposes, primarily for tracking, you can do so by visiting the US website
http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. You can also prevent the storage of cookies by deactivating the corresponding option in your browser settings. Please keep in mind that if you choose to do this, it may not be possible to access all functions of this Online Offering.
Deletion of Data
The data processed by us will be deleted, or its processing restricted, according to the provisions of Art. 17 and Art. 18 GDPR. Insofar as nothing to the contrary is specified in this Data Privacy Statement, data stored by us will be deleted as as soon as it is no longer necessary in relation to the purposes for which it is collected and there is no legal requirement for it to be retained. Where data is not deleted because its retention is necessary for legally permissible purposes, its processing will be restricted – that is, the data will be blocked and not processed for other purposes. This also applies for data that is required to be retained for reasons under commercial or tax law.
In accordance with statutory requirements in Germany, data is, in particular, required to be retained for ten years pursuant to §§ 147 (1) AO (German Fiscal Code) and 257 (1) Nos. 1 and 4, (4) HGB (German Commercial Code) (accounts, records, management reports, accounting vouchers, trading books, tax-related documents, etc.) and for six years pursuant to § 257 (1) Nos. 2 and 3, (4) HGB (German Commercial Code) (commercial letters).
In accordance with statutory requirements in Austria, data is, in particular, required to be retained for seven years in accordance with § 132 (1) BAO (Austrian Federal Fiscal Code) (accounting documents, vouchers/invoices, accounts, commercial documents, statements of revenue and expenditure, etc.) and for 22 years in connection with real property. Data pertaining to the provision of electronically rendered telecommunication, radio and TV services to non-commercial entities in EU countries for which the EU VAT Mini One Stop Shop (MOSS) scheme has been invoked must be stored for ten years.
Business-Related Processing
We also process
- Contractual data (e.g., subject matter, duration, customer category), and
- Payment data (e.g. bank details, payment history)
pertaining to our customers, prospective customers and business partners for the purpose of carrying out contractual services, customer care, marketing, advertising and market research.
Hosting
We make use of hosting services in order to provide the following services: infrastructure & platform services, computing capacity, storage capacity & database services, security services and technical maintenance services, the last of which are deployed for the purpose of operating this Online Offering.
Within this context, we and/or our hosting provider process user-related data, contact data, content data, contractual data, usage data and meta and communication data pertaining to our customers, prospective customers and visitors to this Online Offering on the basis of our legitimate interests in the efficient and secure provision of this Online Offering pursuant to Art. 6 (1) lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of data processing contracts).
Collection of Access Data and Log Files
On the basis of our legitimate interests within the meaning of Art. 6 (1) lit. f GDPR, we and/or our hosting provider collect information about every request to the server that takes place on this service (“Server Log Files”). This access data includes the name of the webpage being requested, the file, the time and date of the request, the volume of data transmitted, a notification about the successful retrieval of data, the browser type and version, the user’s operating system, the referrer URL (the webpage visited immediately beforehand), the IP address and the requesting provider.
Log file information is stored for a maximum of 12 months for security purposes (e.g. to review issues relating to misuse or fraud) and then deleted. Any data required to be retained for evidentiary purposes is exempted from the deletion requirement until the respective matter has been concluded.
Administration, Financial Accounting, Office Management, Contact Management
We process data within the framework of our administrative activities as well as for the organisation of our business operations and financial accounting and to ensure compliance with statutory obligations (e.g. archiving). The data we process in this regard is the same as the data processed for the purpose of rendering our contractual services. The basis for processing is Art. 6 (1) lit. c GDPR and Art. 6 (1) lit. f GDPR. The data subjects for the processing of this data are customers, prospective customers, business partners and website visitors. The purpose of processing and our interest herein lies in the administration of our business, financial accounting, office management and the archiving of data – that is, tasks that facilitate the ongoing pursuit of our business activities, the performance of our duties and the rendering of our services. …
As part of these activities, we disclose or transmit data to financial authorities, advisors (e.g. tax advisors) or auditors as well as to other billing offices and payment providers.
On the basis of our commercial interests, we also store information about suppliers, promoters and other business partners, e.g. for the purpose of contacting them at a later date. This predominantly business-relevant data is generally stored on a long-term basis.
Establishment of Contact
If a user establishes contact with us (e.g. via the contact form, email, telephone or via social media), the user’s information is processed for the purpose of handling and following up the contact request pursuant to Art. 6 (1) lit. b) GDPR. The user’s information can be stored in a customer relationship management system (“CRM system”) or in a comparable system for the management of customer inquiries.
We delete these inquiries at such time as they are no longer necessary. We review the necessity of continued storage every two years. In all other regards, statutory retention obligations apply.
Newsletter
The following section provides information about the content of our newsletter and the registration process, dispatch process, statistical evaluation process and your right to object. By signing up for our newsletter, you declare your consent to receive it and for the processes described below.
Content of the newsletter: We send newsletters, emails and other electronic communications with promotional information (hereinafter “Newsletter/s”) only with the recipient’s consent or on the basis of legal authorisation. Insofar as the the content of the Newsletters is described in detail as part of the signup process, this forms the basis for the user’s consent. Where this is not the case, Newsletters can be assumed to contain general information about us and our services.
Double opt-in and logging: Signup occurs in the form of a so-called “double opt-in procedure”. This means that after you sign up, you will receive an email asking you to confirm your registration. This confirmation is required to ensure that users not able to sign up using another person’s email address. The signup process is logged to enable us to prove that it has been carried out in accordance with legal requirements. The information stored as part of the logging process includes the time of signup and confirmation and the user’s IP address. We also log any changes to the data concerning you that is stored with the newsletter sending provider. Signup data: The only data required for you to sign up to our Newsletters is your email address. You also have the option to provide your name, which will allow us to address communications to you personally.
The sending of Newsletters and the monitoring of newsletter performance occur on the basis of your consent pursuant to Art. 6 (1) lit. a, Art. 7 GDPR in conjunction with § 107 (2) TKG (German Telecommunications Act) or on the basis of legal authorisation pursuant to § 107 (2) and (3) TKG.
The logging of the signup procedure occurs on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f GDP. In this case, our interest lies in the use of a user-friendly yet secure newsletter system that serves our commercial interests, corresponds to the expectations of our users and enables us to provide that consent has been granted.
Cancellation/Revocation – You can cancel the receipt of our Newsletters (revoke your consent) at any time. A link to cancel your subscription can be found at the end of every Newsletter. We are permitted to store the email address you supplied to us for up to three years prior to deletion in order to prove that consent was previously granted. The processing of this data is restricted to the purpose of defending ourselves against possible claims. An individual application for deletion may be made at any time, as long as the former granting of consent is documented at the same time.
Integration of Third-Party Services and Content
On the basis of our legitimate interests (e.g. in the analysis, optimisation and economic operation of our Online Offering within the meaning of Art. 6 (1) lit. f GDPR), we integrate some third-party content and services (e.g. videos and typefaces, hereinafter “Content”) into our website.
This requires that the third-party providers of this content have knowledge of the user’s IP address, since without it, they would not be able to transmit the content to the user’s browser. As such, the IP address is necessary for delivering this content. We endeavour only to use such content where the respective provider of the content will use the IP address solely to deliver the content. Third-party providers may also make use of “pixel tags” (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These “pixel tags” enable the analysis of information including visitor traffic on the website. The pseudonymised information can be stored in cookies on the user’s device and contain technical information about the browser and operating system, referring website, time of visit and other information about the use of the Online Offering. This information may also be linked with similar information from other sources.
Data Protection Officer
If you have unanswered questions or concerns about data protection, please consult our Data Protection Officer:
Dr. jur. Maximilian Erras
maximiliam.erras@isb-data.com