Data protection

The data controller is:

FC Gelsenkirchen-Schalke 04 e.V.
Ernst-Kuzorra-Weg 1
45891 Gelsenkirchen
post@schalke04.de

Directors with representation rights

Matthias Tillmann, Christina Rühl-Hamers

Data protection officer

The data controller has appointed a data protection officer:
The data protection officer can be contacted at the following email address datenschutz@schalke04.de.

Type of data processed

• Web access metadata (IP address and log data)
• Usage data for access statistics (see Google Analytics)
• Contact details in the registration process or newsletter subscription
• Telephone number for registration for the messenger service
• Login data for the S04 account
• Ticket data for displaying e-tickets

Categories of data subjects

Visitors and users of the online offering (hereinafter collectively “users”).

Legal basis and purpose of the processing

We process data on the basis of our legitimate interest within the meaning of Art. 6 para. 1 f) GDPR for the following purposes:

• Provision of the website
• Answering contact requests and communicating with users
• Facilitation of the ordering process for customers
• Provision of a login functionality for the Schalke 04 account
• Display of e-tickets
• Security measures
• Marketing and statistical evaluation

We process data on the basis of your consent within the meaning of Art. 6 para. 1 a) DGVO for the following processing operations:

• Subscription to the newsletter
• Subscription to the Whatsapp broadcast

You can revoke your consent at any time:

• Consent to receive advertising by clicking on the Preference Centre link contained in each newsletter
• You can delete your S04 account by sending a message to our customer service (post@schalke04.de)
• The messenger service can be stopped at any time by sending a message with the text “DELETE ALL DATA” and having your data there deleted

Within the context of order processing, we process your data for the purpose of contract fulfilment or pre-contractual measures in the sense of Art. 6 para. 1 b) GDPR:

• Display of ordered tickets as e-tickets in the S04 app (for IPhone and Android)

Duration of storage

The storage periods are listed in the relevant sections of this privacy policy as far as possible. Reference is made to the relevant sections.

Right of complaint

If you think that our processing of your personal data is unlawful, you have the right to complain.
The body responsible for this within the Federal State of North Rhine-Westphalia is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (https://www.ldi.nrw.de/metanavi_Kontakt/index.php).

Information, deletion, blocking, correction and revocation

You have the right to receive information about the personal data stored by us at any time.

You have the right to have your personal data corrected, blocked or deleted (unless we are required to store it due to other regulations or obligations).

You can request changes or corrections to your personal data at any time.

You can revoke your consent at any time by notifying us accordingly with effect for the future.

Processing carried out on the website

In what follows we list the specific processing operations.

Processing of personal data on the basis of your consent

With the exception of your IP address (see below), personal data is only collected if you provide us with it

• when registering for the Schalke 04 newsletter
• when registering for the messenger service

of your own accord.

The information you provide when registering for the newsletter will be used to verify your email address and you will then receive an email containing a consent form and a link – this double opt-in process is designed to ensure that we send you only the information you want.

If you do not agree to the consent, the email address will be deleted after 30 days.

The data for the newsletter or Schalke 04 account will be stored by us until you either close your account yourself or exercise your right to deletion of personal data and request us to delete it.

When you subscribe to the messenger service, your phone number will be stored with a service provider (see next section).

Processing of personal data on the basis of our legitimate interests

The data provided when registering for a Schalke 04 account is used to simplify ordering processes, to manage your newsletter subscriptions and to authenticate the services you have ordered. We will not use your data for any other purpose without your consent. In your account you can optionally agree to receive advertisements.

Processing of personal data within the scope of contract fulfilment

In the context of the “e-tickets” functionality, your data regarding the tickets you have purchased will be stored by a service provider and may be displayed on smartphones (Android and IPhone) using the S04 app.

The e-ticket data will be deleted from the e-ticket database of the service provider 7 days after the event has taken place and will be kept until then for the purpose of tracking and solving technical problems.

Messenger service

By sending a start message to FC Schalke 04 e.V. (hereinafter the sender), the user consents under Art. 6 para. 1 lit. a GDPR to the sender using personal data (e.g. surname and first name, telephone number, Messenger ID, profile picture, messages) for direct communication and the necessary data processing using the selected messenger. To use this service, an existing messaging account with the respective provider is required.

The responsible suppliers of the messenger are for

• Whatsapp, WhatsApp, Inc., 1601 Willow Road, Menlo Park, California 94025, USA with the privacy policy downloadable at https://www.whatsapp.com/legal/#privacy-policy
• Insta News, Pylba Inc., 314 27th Avenue, San Mateo, CA, 94403, USA with the privacy policy callable downloadable at pylba.com/privacy

It must be clear to the user that the respective provider receives personal data (in particular metadata of the communication) which are also processed on servers in countries outside the EU (e.g. the USA) where an adequate level of data protection cannot be guaranteed. However, Whatsapp Inc is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law. Further information can be found in the above data protection guidelines of the respective messenger. The sender has neither exact knowledge nor influence on the data processing by the respective provider.

Your consent to this data processing is freely revocable at any time by entering “STOP” in the respective messenger.

To have all data stored by you with our service provider deleted, please send a message with the text “DELETE ALL DATA” through your messenger.

For the provision of this service, the technical service provider WhatsBroadcast GmbH, Herzog-Heinrich-Str. 9, 80336 Munich, is the sender’s data processor.

Web server access logs

For hazard prevention, access to the web server is stored for a period of 7 days in the access log of the web server and then automatically deleted.

The time, IP address and page called up (URL) are stored here.

The purpose of storage is to detect hacker attacks.

Cookies

Cookies are small text files that the web browser can store.

The browser can be set so that no cookies are stored on the hard drive or cookies that have already been stored are deleted. However, in order to be able to use all the functions of the website, we recommend that you consent to the use of cookies, as this enables us to better analyse the range and use of our website.

We use cookies to statistically evaluate the use of our website with the help of Google Analytics (see Google Analytics) or to improve our advertising presence on the Internet.

PingDom’s performance measurement is also carried out using cookies, which are explained in the PingDom section.

We also use a cookie that records whether the user has already been informed about the use of cookies.

This statistic is completely anonymous, because Google Analytics only stores the data anonymously.

Cookies are also used to record whether the user has already consented to cookie use.

Cookies are small text files which are stored on your computer by your browser.

Storage periods: The cookies are automatically deleted from your computer after a predefined period of time. The storage periods of Google cookies are managed by Google and can be downloaded here:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

The cookie which records consent to the use of cookies has a storage period of 2 months.

PingDom

We use website performance and availability monitoring by the PingDom service of SolarWinds Worldwide, LLC, 3711 South MoPac Expressway, Building Two, Austin, TX 78746, USA.

For further details reference is made to their privacy policy: https://www.solarwinds.com/legal/privacy.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. “(“Google”). It is used on the basis of Article 6(1)(f) of the GDPR. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users are using the site. See also the Cookies section of this privacy policy. The information generated about your use of the website such as

browser type/version,

operating system used,

referrer URL (the previously visited page),

host name of the accessing computer (IP address),

time of the server request,

is usually transferred to a Google server in the USA and stored there. The IP address transmitted by your browser in the context of Google Analytics is not combined with other data from Google. We have also added the code “anonymizeIP” to Google Analytics on this website. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. You may refuse the use of cookies by selecting the appropriate settings on your browser, but please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and also prevent Google from processing this data by downloading and installing the browser plug-in available from the following link: https://tools.google.com/dlpage/gaoptout?hl=en. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from capturing data by clicking on this link. An opt-out cookie is set to prevent your data from being collected in the future when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must reset the opt-out cookie. Instructions on how to activate the opt-out cookie can be found at: https://developers.google.com/analytics/devguides/collection/gajs/?hl=en#disable].

We also use Google Analytics to evaluate data from double-click cookies and AdWords for statistical purposes. If you do not want us to do this, you can deactivate it using the Ad Preferences Manager (https://www.google.com/settings/ads/onweb/?hl=en).

You can find further information on data protection in connection with Google Analytics in Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).

Google-Re/Marketing-Services

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services within the meaning of Art. 6 para. 1 letter f of the GDPR), we use the marketing and remarketing services (“Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google is certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google’s marketing services allow us to display advertisements for and on our website in a more targeted manner to show users only ads that potentially match their interests. If, for example, a user is shown ads for products in which he has shown interest on other websites, this is referred to as “remarketing”. For these purposes, when you visit our and other websites on which Google marketing services are active, Google directly runs a code from Google and incorporates so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted what websites the user is visiting, what content he is interested in and on what offers he has clicked. In addition technical information is recorded about the browser and operating system, referring websites, visiting time as well as further information about the use of the online offer. The IP address of the user is also recorded, in which context within the scope of Google Analytics it should be noted that the IP address within member states of the European Union or in other contracting states of the Agreement on the European Economic Area is abbreviated and only in exceptional cases completely transmitted to a Google server in the USA and abbreviated there. The IP address is not merged with user data within other Google offers. Google may also link the above information to such information from other sources. If the user subsequently visits other websites, the ads tailored to the user’s interests may be displayed.

User data is processed pseudonymously within the context of Google marketing services. This means that Google does not store and process the name or email address of the user, but only processes the relevant data cookie-related under pseudonymous user profiles. This means that, from Google’s point of view, the ads are not administered and displayed for a specifically identified person, but for the cookie holder, irrespective of who that cookie holder actually is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information Google Marketing Services collects about users is transmitted to Google and stored on Google’s servers in the United States.

One of the Google marketing services we use is the online advertising program “Google AdWords”. With Google AdWords, each AdWords customer receives a different “conversion cookie”. So cookies cannot be tracked through the websites of AdWords customers. The information collected through the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who have clicked on their ad and have been redirected to a page with a conversion tracking tag. However, they will not receive any information that personally identifies users.

We may use the Google marketing service “AdSense” to include advertisements from third parties. AdSense uses cookies to enable Google and its partner sites to provide ads based on users’ visits to that site or other sites on the Internet.

We may also use the “Google Tag Manager” to integrate and manage the Google analytical and marketing services into our website.

For more information about Google’s use of data for marketing purposes, please see the overview page: https://www.google.com/policies/technologies/ads, while the privacy policy of Google can be downloaded at https://www.google.com/policies/privacy.

If you wish to opt out of interest-based advertising through Google marketing services, you can use the settings and opt-outs provided by Google: https://www.google.com/ads/preferences.

Details on the purpose and scope of the data collection as well as the further processing and use of the data by the networks and also your related rights and setting options to protect your privacy can be found in the data protection information from the operator of the relevant network:

Facebook Inc.
1601 S. California Ave
Palo Alto, CA 94304 USA
https://www.facebook.com/about/privacy/

Twitter Inc.
795 Folsom St., Suite 600
San Francisco, CA 94107 USA
https://twitter.com/privacy

Google Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043, USA
https://www.google.com/intl/de/privacy/privacy-policy.html

Instagram Inc.
1 Hacker Way
Menlo Park
CA 94025
USA
https://help.instagram.com/477434105621119/

Tracking measures and cookies

We want to provide you with an optimal user experience on our websites, in our online shop and with our advertisements, which is tailored to your individual needs. For this purpose, we work together with various service providers and technology providers and use cookies and tracking methods. You will find detailed information below:

Web and app analysis with “econda Analytics”.

In order to design and optimise this website in line with demand, pseudonymised data is collected and stored by solutions and technologies of econda GmbH (Zimmerstraße 6, 76137 Karlsruhe, www.econda.de) and usage profiles are created from this data using pseudonyms. econda works on our behalf. A transfer of the data to third parties or a transfer to third countries is excluded.

Data processing purposes:

• Analytics
• Optimisation

Without your opt-in, econda solutions work in anonymous mode on the basis of the current session. The IP address is anonymised using a hash procedure recommended by the BSI and thus forwarded to econda in coded form. Due to the anonymisation, it is no longer possible to establish a personal reference. No personal data, such as the IP address, customer or order numbers, are stored. No cookies are set. You will not be recognised in later visits and profiling is not possible.

With your opt-in, cookies are used for the purpose described above, which enable the recognition of an internet browser. However, usage profiles are not merged with data about the bearer of the pseudonym without the explicit consent of the visitor. In particular, IP addresses are made unrecognisable immediately after receipt, which means that it is not possible to assign usage profiles to IP addresses. You can of course revoke your consent at any time.

Technologies used with opt-in:

• Cookie
• Local storage

Technologies used without opt-in:

• No persistent storage of data on the end devices.

Personalised tracking is only carried out if you have given your consent to this, in accordance with Article 6(1)(a) DSGVO.

We base anonymisation as data processing on the legal basis of Article 6(1)(f) DSGVO. The company has a legitimate interest in carrying out reach measurement in order to continuously optimise the online presence.

The following data is collected upon consent:

• Information on the device used
• Information on pages viewed within the website visit
• Information within the framework of the ordering process
• Information on access data
• Customer data during login or entry

The following data is collected in anonymous mode (without consent):

• Information on viewed pages within the website visit
• Anonymised information within the ordering process
• Anonymised information on access data

Visitors to this website can object to the collection and storage of data at any time for the future here. <Button with opt-out = set Privacy Mode to “1”>.

The objection only applies to the device and browser on which it was set, please repeat the process on all devices if necessary. If you delete the opt-out information from the cookie and local memory, requests are transferred to econda again.

The processing and storage of the data only takes place for the period of time required to achieve the respective processing purpose or as long as a legal retention period (in particular commercial and tax law) exists. After the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.

Data processing partner:

econda GmbH

Zimmerstr. 6

76137 Karlsruhe, Germany

www.econda.de