26.01.2023

A trusting and secure handling of personal data is very important to us. We observe the regulations of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other European regulations and would like to inform you in detail and transparently about the processing of your personal data in this data protection declaration.

Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses or user behaviour. With regard to the other terms used below, such as "responsible person" or "processor", we refer you to the definition catalogue of the definitions in Art. 4 GDPR.

The collection, processing and use of personal data in connection with the use of the www.sportograf.com website and other herein described data processing is carried out by

If you have any questions regarding data protection, please send us an e-mail or contact our Data Protection Officer directly. You can reach him under the following contact details:

We collect, process and/or use personal data only if you have consented or if this is permitted by law. This "prohibition without prejudice to permission" under data protection law means that processing may only be carried out on the basis of consent or a statutory basis of permission. The most important and for us relevant permissions can be found in Art. 6 para. 1 GDPR. These concern in particular the case,

• that a consent of the concerning is present, see Art. 6 para. 1 lit. a i.V.m art. 7 GDPR,
• that the processing of the personal data is necessary for the fulfilment of our contractual obligations, see Art. 6 para. 1 lit. b GDPR,
• or that the processing is based on our legitimate interests (e.g. analysis and further development of our products, increase in economic efficiency), see Art. 6 Para. 1 lit. f GDPR.

• A. Informational use

  When using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our servers.

  When you call up our website, we collect the following data on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR, which is technically necessary for us to display our website to you and to guarantee data security as well as the stability and security of our IT systems:

• IP address
• the domain name of the website from which you came
• the websites you have visited in our offer
• the names of the retrieved files
• Date and time of a retrieval
• the name of your Internet Service Provider
• and, if applicable, the operating system and browser version of your PC.

• B. Contact by e-mail

  When you contact us by e-mail, we process the data you provide us with (your e-mail address, your name, telephone number if applicable, and other details) in order to process and answer your questions; the legal basis is Art. 6 Para. 1 lit. f GDPR.

• C. Online Shop

  We process stock data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 Para. 1 lit b. GDPR.

  Users can optionally create a user account by viewing their orders in particular. In the context of the registration, the necessary compulsory data are communicated to the users. The user accounts are not public and cannot be indexed by search engines. It is incumbent upon the users to secure their data before the end of the contract in the event of termination. In the event of termination of the user account, we are entitled to irretrievably delete all user data stored during the term of the contract.

  Within the scope of registration and renewed registrations as well as use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. A passing on of these data to third parties does not take place in principle, unless it is necessary for the pursuit of our claims or there is a legal obligation according to Art. 6 para. 1 lit. c GDPR.

  Within the scope of the image search, users can upload their own photo to verify their identity. We use these uploaded photos to display and offer for sale the relevant photos with images of the user from the respective sporting event via assignment. This data is collected and stored on the basis of our legitimate interests in displaying and advertising our photos in a targeted and individual manner, as well as the user's interest in obtaining a compilation of the photos collected at the event through the simplest possible measures. The photos uploaded for identity verification purposes are not stored by us beyond the assignment.

  We process usage data (e.g., the websites visited on our website, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile in order to display the user, e.g. product information based on the services they have previously used.

• D. Newsletter/Race-letter

  We offer all interested parties the opportunity to register for the Raceletter newsletter. The newsletter appears at irregular intervals and deals with everything the race heart desires!

  Purpose of data processing, legal basis and content of consent: Within the scope of registration, only your e-mail address is required. We send our newsletter only on the basis of the consent of the recipient according to Art. 6 Para. 1 lit. a, Art. 7 GDPR. By subscribing to our newsletter, you agree to receive information and promotional materials regarding Sportograf's offers and promotions.

  Double Opt-In procedure: We use the so-called double opt-in procedure when registering for the newsletter. After registration, the interested party receives an e-mail with a confirmation link to the given e-mail address, which he must click to confirm registration for the newsletter. We log the registrations for the newsletter in order to be able to prove the registration process according to the data protection requirements. In this context, we store the time of registration and confirmation as well as the IP address.

  Information about the service provider: The newsletter is sent via "MailChimp", a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the shipping service provider here: https://mailchimp.com/legal/privacy/. Mailchimp has contractually committed to transfer and process all European data of its users in accordance with the EU Standard Contractual Clauses 2021. Furthermore, according to its own information, the shipping service provider may use this data in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for the technical optimisation of the shipping and presentation of the newsletter or for statistical purposes, in order to determine from which countries the recipients come. However, the dispatch service provider does not use the data of our newsletter recipients to contact them or pass them on to third parties. The use of the dispatch service provider, the performance of statistical surveys and analyses as well as the logging of the registration procedure are carried out on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR. Our interest is directed to the use of a user-friendly and secure newsletter system, which serves our business interests as well as the expectations of the users.

  Statistical survey and analysis: The newsletters contain a so-called "web-beacon", i.e. a file the size of a pixel, which is called up by the server of the dispatch service provider when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are first collected. This information is used for the technical improvement of the services on the basis of the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our nor the shipping service provider's intention to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.

  Termination/revocation: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. At the same time, your consent to its dispatch by the dispatch service provider and the statistical analyses will expire. A separate revocation of the dispatch by the dispatch service provider or the statistical evaluation is unfortunately not possible. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled their subscription, their personal data will be deleted.

• E. Photography at sports events

  If you take part in an event at which we have been commissioned by the organizer as an exclusive photo service, we may collect photographic material on which you can be identified personally, possibly with your participant number of the event (e.g. start number).

  We use the data collected at the sporting events to fulfil our obligation as a photo service provider under the underlying contract with the organiser and in our own economic interest to market the photos of the event to the interested participants via our website www.sportograf.com Based on our many years of experience in the field of event photography, we can state that on the one hand, the participants of sporting events will be informed transparently that Sportograf will be used as an exclusive photo service provider and, on the other hand, every participant of such an event must expect that the organiser or his cooperation partner will market photos of such events as souvenirs. We determine with the help of an algorithm, independent of the start number, whether several photos of a participant of the corresponding event can be assigned.

  Legal basis are our aforementioned legitimate interests according to Art. 6 para. 1 lit. f GDPR. You can object to this processing in accordance with section 12. Your data will not be passed on to third parties. For the collection of the corresponding photos we exclusively use photographers, whom we have obligated under data protection law according to the EU data protection basic regulation.

• F. Google Analytics

  Functionality: This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA where it will be shortened. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

  You may refuse the use of cookies, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

  This website uses Google Analytics with the extension "_anonymizeIp()". This shortens the processing of IP addresses, thus excluding the possibility of personal references. If the data collected about you is related to a person, this is excluded immediately and the personal data is deleted immediately.

  Purpose: We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained allow us to improve our services and make them more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. In the exceptional cases where personal data is transferred to the United States, Google has adopted the EU Standard Contractual Clauses 2021. The legal basis for the use of Google Analytics is Art. 6 Para. 1 Cl. 1 lit. a GDPR.

  Third party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland
  Fax: +353 (1) 436 1001
  Terms of use: www.google.com/analytics/terms/us.html
  Privacy policy: https://policies.google.com/privacy

  Right of revocation: The person concerned has the right to revoke his/her declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation. You can revoke your consent by calling up the cookie settings on our website.

• G. Sportograf search feature

  We offer various search functions that participants can use to search our databases for their pictures of a particular event. On the one hand, the search can be carried out by entering the start number. In addition, we offer the possibility that the participants can upload a selfie/picture of themselves to our platform, on the basis of which we search our database with the help of an algorithm in order to provide pictures of the participant. In this process, the anonymized hash of the uploaded face is matched with the hash values of our anonymized database of the event for the purpose of similarity analysis.

  In the case of a corresponding request via the Sportograf search function, the IP address of the user will be processed, as this is technically necessary. If you upload pictures of yourself for comparison purposes, the data will be processed solely for the purpose of identifying and providing your own pictures. Uploaded images are deleted after the request.

  The legal basis for the processing of facial data is the user's consent in accordance with Art. 9 para. 2 lit. a GDPR, which is obtained by the user before the selfies/images are uploaded. The consent can be revoked at any time with effect for the future.

Unless otherwise stated, we collect, process or use your personal data in order to fulfil our obligations under the underlying contracts (e.g. ordering goods or services, sending the newsletter, enabling access to various platforms), cf. Art. 6 Para. 1 lit. b GDPR.

In all other respects, we collect, process or use the personal data presented under point 3 lit. a on the basis of our legitimate interest to enable the use of our website and to guarantee its IT security, cf. art. 6 para. 1 lit. f GDPR.

The data stored with us will be deleted as soon as they are no longer required for their intended purpose, or the storage is no longer necessary for the execution of the contract or execution and the deletion does not conflict with any justified interests on our part or legal storage obligations. If the user's data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to user data which must be stored for commercial or tax reasons.

According to legal requirements, data is stored for 6 years in accordance with § 257 para. 1 HGB (German Commercial Code) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and for 10 years in accordance with § 147 para. 1 AO (German Tax Code) (books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation, etc.).

We treat your personal data with the utmost care. We only transfer the data to third parties if this is necessary for the execution and processing of contractual relationships, if you have given us your consent to do so, or if the transfer is otherwise permitted by relevant statutory provisions.

By means of a bundle of technical and organisational measures in accordance with the current state of the art, we protect both our website and the data stored in our area of responsibility against loss, destruction, unauthorised access, alteration or publication by unauthorised persons.

The input and transmission of personal data is encrypted using the SSL procedure (Secure Socket Layer).

• A. What is SSL?

  A website encrypted with SSL transmits personal data encrypted to the server so that it is impossible for third parties to intercept or read it. A certificate verifies our identity. Depending on your browser, you can recognize that a secure connection exists by the green address bar and/or the lock. By clicking on the lock or the green address bar you can read our online proof of identity.

• B. What does SSL do?

  By encrypting the transmission, you can assume that your entered data can only be read by us. You can see from the green address bar that you are connected to our server and that it is not a third-party site.

In addition to the previously mentioned data, technical aids are used for various functions when you use our website, in particular cookies, which can be stored on your end device. Cookies are text files or information in a database that are stored in the device memory of your mobile device. Through cookies, certain information can flow to the person who sets the cookie. Cookies cannot execute programs or transmit viruses to end devices, but are primarily used to make the Internet offer faster and more user-friendly. This website uses the following types of cookies, whose function and legal basis we will explain below.

• Transient cookies: Such cookies, especially session cookies, are automatically deleted when the mobile app is closed or by logging out. They store a so-called session ID. In this way, various requests from your browser can be assigned to the joint session and your computer can be recognized when you return to our app.
• Persistent cookies: such are deleted automatically after a predefined duration, which is set differently depending on the cookie. You can view the cookies set and the durations at any time in your browser settings and delete the cookies manually.

We have a legitimate interest in ensuring that our online offers can be used by visitors without technical problems and that all desired functions are available to them. The technical structure of the website requires us to use techniques, in particular cookies. Without these techniques, our website cannot be used (completely correctly). These are basically transient cookies that are deleted after the end of the usage process, at the latest after 30 days. You cannot deselect these cookies if you wish to use our website. The storage of necessary and functional cookies on your device is therefore based on Section 25 (2) No. 2 Telecommunications Telemedia Data Protection Act (TTDSG) and Article 6 (1) sentence 1 lit. f GDPR.

We use all other cookies on the basis of § 25 para. 1 TTDSG and Art. 6 para. 1 lit. a GDPR, provided that you have given us your consent via the Consent Manager during your first visit to our website.

The functions will only be activated in the event of your consent and may serve in particular to enable us to analyse and improve the use of our website, to make it easier for you to use it via different browsers or end devices, to recognize you when you visit it, or to serve advertising (possibly also to orient advertising to interests, to measure the effectiveness of ads, or to show you interest-oriented advertising). The legal basis for this processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The revocation of your consent is possible at any time without affecting the permissibility of the processing until the revocation.

.

Within the scope of our online offer, we act on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. of the German Civil Code). GDPR) content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third party providers of this content perceive the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. Third party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. "Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring web pages, visit times and other information about the use of our online offering, as well as may be linked to such information from other sources.

The following presentation provides an overview of third party providers and their contents, along with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possibilities of objection (so-called opt-out)

• If our customers use the payment services of third parties (e.g. PayPal or Worldpay), the terms and conditions and data protection notices of the respective third parties, which are available within the respective websites or transaction applications, apply.

• External fonts from Google, Inc., https://www.google.com/fonts ("Google Fonts"). The integration of the Google Fonts takes place by a server call with Google (usually in the USA).

  Privacy Policy: policies.google.com/privacy?hl=de/

  Opt-Out: www.google.com/settings/ads/

• Within our online presence, functions of the Instagram service may be integrated. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to assign the visit to our pages to your user account. We would like to point out that as the provider of the pages, we do not have any knowledge of the content of the transmitted data or of its use by Instagram.

  Privacy Policy: www.instagram.com/about/legal/privacy/

• Within our online presence, functions of the Twitter service may be integrated. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the transmitted data or its use by Twitter. Privacy policy of Twitter at www.twitter.com/privacy. You can change your data protection settings on Twitter in the account settings at www.twitter.com/account/settings.

You have the following rights with regard to personal data concerning you:

• Right of access according to art. 15 GDPR,
• Right to rectification or cancellation according to Art. 16 GDPR or Art. 17 GDPR,
• Right to limitation of the processing according to art. 18 GDPR,
• Right to data transferability according to Art. 20 GDPR,
• Right to object to the processing under Art. 21 GDPR.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. The competent authority is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Postfach 20 04 44, 40102 Düsseldorf, Germany.

If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation influences the permissibility of the processing of your personal data after you have given it to us.

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF THE BALANCE OF INTERESTS ACCORDING TO ART. 6 ABS. 1 LIT. F GDPR, YOU MAY OBJECT TO THE PROCESSING. IF YOU OBJECT, PLEASE EXPLAIN WHY WE SHOULD NOT PROCESS YOUR PERSONAL DATA AS WE DID. IN THE EVENT OF YOUR REASONABLE OBJECTION, WE WILL EXAMINE THE FACTS AND EITHER DISCONTINUE OR ADAPT DATA PROCESSING OR SHOW YOU OUR COMPELLING REASONS WORTHY OF PROTECTION ON THE BASIS OF WHICH WE WILL CONTINUE PROCESSING.

YOU CAN OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR ADVERTISING AND DATA ANALYSIS PURPOSES AT ANY TIME. YOU CAN INFORM US ABOUT YOUR ADVERTISING OBJECTION UNDER THE CONTACT DATA LISTED IN PARAGRAPH 1.

We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service or data processing. However, this only applies to declarations on data processing. If the user's consent is required or if elements of the data protection declaration contain provisions governing the contractual relationship with the user, the changes will only be made with the user's consent. Users are requested to inform themselves regularly about the content of the data protection declaration.

We are happy to answer your questions on the subject of data protection and look forward to receiving your comments and suggestions. Write to us by e-mail to support@sportograf.com or in writing to the following postal address: