Compliance with data protection laws is important to us.
In order to safeguard your personal data, we use suitable technical and organisational security measures in order to protect this against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised third party access.
- “Personal data” is all information which relates to an identified or identifiable natural person (hereinafter referred to as “affected person”). A natural person is considered to be identifiable if he or she can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, ID number, location data, online profile or one or more special characteristics which express the physical, physiological, genetic, psychiatric, economic, cultural or social identity of this natural person.
- An “affected person” is any identified or identifiable legal person whose personal data is processed
- “Processing” is any process carried out with or without the assistance of automated procedures or any such group of processes in connection with personal data, such as gathering, recording, organisation, filing, saving, adjustment or alteration, reading, retrieval, use, disclosure by transfer, distribution or other form of making available, comparison or combination, restriction, deletion or destruction.
- “Restriction of processing” is the marking of saved personal data with the aim of restricting its future processing.
- “Profiling” is any type of automated processing of personal data which means that this personal data is used in order to evaluate specific personal aspects which relate to a natural person, in particular to analyse or forecast work performance, economic position, health, personal preferences, interests, reliability, behaviour, place of residence or change of location of this natural person.
- “Pseudonymisation” is the processing of personal data in a way that the personal data can no longer be assigned to a specific affected person without consulting additional information, should this additional information be stored separately and be subject to technical and organisational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.
- “File system” is any structured collection of personal data which is accessible in accordance with defined criteria, regardless of whether this collection is managed centrally, in a decentralised manner or in accordance with functional or geographical criteria.
- “Order processor” is a natural or legal person, authority, institution or other body which processes personal data on behalf of the responsible body.
- “Recipient” is a natural or legal person, authority, institution or other body to whom personal data is disclosed, regardless of whether this is a third party or not. Authorities which may receive personal data within the framework of a specific investigation order under EU law or the laws of the Member States are not however considered to be recipients; the processing of this data by the named authorities takes place in line with the applicable data protection regulations and in accordance with the purposes of the processing.
- “Third party” is a natural or legal person, authority, institution or other body apart from the affected person, the responsible body, the order processor and the persons who are authorised under the direct responsibility of the responsible body or order processor to process the personal data.
- “Consent” of the affected person is any statement of intent issued voluntarily for the specific case in an informed manner and without misunderstanding in the form of a declaration or other clear confirming action which makes clear that the affected person agrees to the processing of the personal data relating to him or her.
- “International processing” either
- processing of personal data which takes place within the framework of the activities of branches of a responsible body or order processor in the EU in one or more Member States, should the responsible body or order processor be present in more than one Member State or
- processing of personal data which takes place within the framework of the activities of a single branch of a responsible body or order processor in the EU which has or may have significant effects on the affected person in more than one Member State.
2. Name and address of the responsible body
“The responsible body” ie the natural or legal person, authority, institution or other body which takes decisions concerning the purpose and means of the processing of personal data alone or with others is:
MÜNCHEN MARATHON GmbH
Internet site: generalimuenchenmarathon.de
3. Recording of general data and information; server logfiles
When accessing our Internet site, our system automatically records data and information from the system of the accessing computer. During this process, the following data is gathered:
- Information concerning the Internet browser type and the version used
- The operating system of the user
- The IP address of the user
- Date and time of the access
- Referrer URL
The recorded information is required in order to:
- deliver the contents of our Internet site back to your Internet browser
- ensure the technical functional capability of our Internet site
- optimise the contents of our Internet site
- optimise the advertising for our Internet site
- recognise and defend against manipulations and attacks to our systems
- provide the information to the criminal prosecution authorities to the extent set out by law which is required in order to bring prosecutions.
The saving of the information referred to above in server logfiles takes place separately from any personal data which is provided by the affected person. The information is not assigned to a specific person.
Should personal data be processed, the legal basis of this is Article 6 Paragraph 1 Letter a) Letter b) or Letter f) GDPR.
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
5. Social media / marketing instruments (Facebook plugin, Google+ plugin, Twitter plugin, Instagram)
On our Internet site, so-called social plugins (“plugins”) of the social networks Facebook and Google+, as well as the micro blogging services Twitter and Instagram are used. These services are provided by the companies Facebook Inc, Google Inc, Twitter Inc and Instagram LLC (“providers”).
Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). You can find an overview of the Facebook plugins and their appearance here: https://developers.facebook.com/docs/plugins
Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“). You can find an overview of the Google plugins and their appearance here: https://developers.google.com/+/web/
Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter“). You can find an overview of the Twitter buttons and their appearance here: https://about.twitter.com/en_us/company/brand-resources.html
Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram“). You can find an overview of the Instagram buttons and their appearance here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges
Should you access a page of our Internet site which contains such a plugin, your Internet browser establishes a direct connection to the browser of the provider. The content of the plugin is transferred directly to your Internet browser by the respective provider and integrated into the page. By means of the integration of the plugins, the providers are informed that your Internet browser has accessed the corresponding page of our Internet presence, even if you do not own a profile and even if you are not currently logged in. This information (including your IP address) is transferred by your Internet browser directly to a server of the respective provider in the USA and saved there. Should you be logged in to one of the services, the providers can directly assign the visit to our Internet site to your profile on Facebook, Google+, Twitter or Instagram. Should you interact with the buttons, for example the “like”, the “+1”, the “Twitters” or the “Instagram” button, the corresponding information is also transferred directly to a server of the providers and saved there. The information is also published in the social network, in your Twitter or Instagram account and displayed to your contacts there. The purpose and scope of the data gathering and the subsequent processing and use of the data by the providers, as well as your rights and settings options in this respect in order to protect your private sphere can be found in the data protection notices of the providers.
Data protection notice of Facebook: http://www.facebook.com/policy.php
Data protection notice of Google: http://www.google.com/intl/de/+/policy/+1button.html
Data protection notice of Twitter: https://twitter.com/privacy
Data protection notice of Instagram: https://help.instagram.com/155833707900388/
Should you not wish for the providers to directly assign the data which is gathered via our web presence to your profile with the respective service, you need to log out from the respective service prior to visiting our Internet site. You can also completely prevent the loading of the plugins also by means of add ons for the Internet browser, for example with the script blocker “NoScript” (http://noscript.net/).
We use Google Analytics, a web analysis service of Google Inc (“Google”). Google Analytics uses so-called “cookies, see Number 5. The information concerning your use of this Internet site which is generated by the cookie is generally transferred to a server of Google in the USA and saved there. In case of the activation of IP anonymisation on this Internet site, your IP address will however first be shortened first by Google in Member States of the European Union or in other Member States of the European Economic Area. Only in exceptional cases will the full IP address be transferred to a server of Google in the USA and saved there. On behalf of the operator of this Internet site, Google will use this information in order to evaluate your use of the Internet site, to compile reports concerning the Internet activities and to provide further services to the Internet sites operator connected to the use of the Internet sites and the use of the Internet. The IP address transferred by your Internet browser in the course of Google Analytics will not be combined with other data by Google. You can prevent the saving of the cookies by setting your Internet browser software accordingly; however we wish to point out that in such a case, you may not be able to fully use all functions of this Internet site. You can also prevent the recording of the data generated by the cookie which relates to your use of the Internet site (including your IP address) by Google, as well as the processing of this data by Google by downloading and installing the Internet browser plugin which is available via the following link. The current link is http://tools.google.com/dlpage/gaoptout?hl=de
We use Google Analytics with the “_anonymizeIp() extension, so that IP addresses are only further processed in shortened form, in order to avoid a direct assignment to a specific person. More information concerning terms and conditions of use and data protection can be found at https://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/
The processing takes place on the basis of Article 6 Paragraph 1 Letter f) GDPR in accordance with our legitimate interest in optimising our Internet site and in targeted advertising. You have the right at any time to object to this processing of the personal data relating to you which takes place in accordance with Article 6 paragraph 1 Letter f) GDPR. You can prevent the saving of the cookies in this respect by selecting the corresponding technical settings in your Internet browser software (see Number 5 “cookies”). You can also prevent the processing by Google of the data recorded with the assistance of the cookies by downloading and installing the Internet browser plugin which is available via the following link [https://tools.google.com/dlpage/gaoptout?hl=de]. In order to prevent the recording by Google Analytics, you can also set a so-called opt out cookie, which prevents the future recording of your data when you visit our Internet site. If you click here, the opt out cookiewill be set on the device being used: Google Analytics deaktivieren.
The following are used:
Google Web Fonts
Fonts.com/net (Font integration)
MailChimp (Newsletter registration)
6. Necessary data; legal or contractual obligation to provide personal data
The necessity of the processing of personal data and your obligation to provide it can arise under legislation (for example tax laws) or under a contractual provision. In order to conclude a contract, it is necessary to process the data which is required to perform the agreement. Without this data, it is not possible to conclude a contract. The processing takes place in accordance with Article 6 Paragraph 1 Letter f) Letter b) or Letter c) GDPR. You have the right at any time to object to this processing of the personal data relating to you which takes place in accordance with Article 6 paragraph 1 Letter f) GDPR. Your data is only passed on to our service partners who we use in order to perform the contractual relationship (for example shipping, logistics and payment providers, web hosting companies, IT service providers and shop system operators). The data which is transferred in the course of the race registration may be passed onto an events service provider, photographer and engraving company. In all cases, the data is only passed on to the extent that is necessary to fulfil the respective contract.
7. User accounts
You have the option of setting up a user account on our website when placing orders in our online shop or registering for a race. The data which is entered tells you which personal data is transferred to us for the respective user account. We also save your IP address at the time of the registration, as well as the date and time of the registration. The saving of this data takes place in order to prevent misuse of our services and for proof purposes. The personal data which is entered by you is only gathered and saved for the respective purpose. Should you set up a user account, you no longer need to re-enter the necessary information for the respective purpose and we can provide you with additional functions and individual information. Please bear in mind that the user accounts for the online shop and race registration are separate. The processing takes place in accordance with Article 6 Paragraph 1 Letter a) or Letter f) GDPR. You are free at any time to fully delete the personal data which you entered when setting up the user account. This does not apply to data which is necessary to perform the contract which has been concluded, or if a statutory obligation to save the data exists.
You have the option of subscribing to the newsletter of our company on our Internet site. For this purpose, we only gather and process your email address. In the newsletter, we inform you of developments and important event information concerning the GENERALI MUNICH MARATHON. This does not generally take place more frequently than twice a month. Our newsletter will only be sent to you if you provide a valid email address and confirm this. An email with a confirmation link will be sent to the email address which you provided. The purpose of this email is to check that the owner of the email address has authorised the receipt of the newsletter (“double opt in”). When registering for the newsletter, we also save your IP address at the time of the registration, as well as the date and time of the registration. The saving of this data takes place in order to prevent misuse of the provided email address and in order to cover ourselves legally.The email address gathered at the time of registration for our newsletter will only be used to send our newsletter and to provide information in connection with the newsletter. Your data will be passed on to an email marketing service provider in the course of order processing. Your data will not be passed onto any other third parties. The sending of the newsletter takes place by means of “MailChimp”, a newsletter sending platform of the American provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The email addresses of our newsletter recipients and their other data described in this notice is saved on the servers of MailChimp in the USA.
The newsletters contain so-called number pixels. A number pixel is a miniature graphic which is integrated in emails sent in HTML format in order to enable a log file recording and log file analysis. By means of this, a statistical evaluation of the success or lack of success of online marketing campaigns can be carried out. On the basis of the integrated number pixel, the sample can recognise whether and when an email was opened by a data subject and what links contained in the email were clicked on by him or her. MailChimp uses this information in order to send and evaluate the newsletter on our behalf. In addition, MailChimp has stated that it can use this data in order to optimise or improve its own services, for example for technical optimisation of the sending and display of the newsletter or the economic purposes in order to determine which countries the recipients come from. MailChimp does not however use the data of our newsletter recipients in order to contact them directly and does not pass this on to third parties. We have confidence in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU “Privacy Shield” data protection treaty and is therefore obliged to comply with the EU data protection regulations. In addition, we have concluded a “data processing agreement” with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process this on our behalf in accordance with its data protection provisions and, in particular, not to pass this on to third parties. The data protection provisions of MailChimp can be viewed here (https://mailchimp.com/legal/privacy/).
You can revoke your consent to the saving of your email address for the sending of the newsletter at any time and can therefore terminate the subscription. For this purpose, each newsletter contains a corresponding de-registration link; your email address is then deleted from the newsletter distributor. However, you also have the option of ending the saving by means of the submission of a declaration to us in another way. The processing takes place in accordance with Article 6 Paragraph 1 Letter a) GDPR on the basis of your consent.
9. Contact via the website
When you use the contact form, we only collect the personal data (name, email address, message text) specified by you. Data is processed for the purpose of establishing contact with you. We will store the message that you submit as business correspondence. When you send a message, you consent to the processing of your transmitted data. None of this personal data will be disclosed to third parties. The processing of personal data takes place in accordance with Art. 6 para 1 (a), (b) or (c) of the General Data Protection Regulation.
10. Duration of the saving, blocking and deletion of personal data
We process and save the personal data of the affected person only for the period of time which is necessary in order to attain the purpose of the saving or for longer, should a legal basis exist for this. Otherwise, the personal data is routinely blocked or deleted in accordance with the statutory regulations. In case of the data which is gathered within the framework of conclusion of a contract, this is for example the case following the complete performance of the contract and expiry of the warranty periods, as well as following the expiry of the retention periods under commercial law and tax laws.
11. Rights as an affected person
- Each affected person has the right to request confirmation from the responsible body as to whether personal data relating to him or her is being processed; should this be the case, he or she has a right to information concerning this personal data and the information under Article 15 Paragraph 1 GDPR.
- In accordance with Article 16 GDPR, each person affected by the processing of personal data has the right to request immediate correction of incorrect personal data relating to him or her. In addition, taking the purposes of the processing into account, the affected person has the right to request the completion of incorrect personal data, also by means of a supplementary declaration.
- Each person affected by the processing of personal data has the right to request that the responsible body immediately deletes the personal data relating to him or her, should the requirements under Article 17 Paragraph 1 GDPR be met and the responsible body is obliged to immediately delete personal data.
- Each person affected by the processing of personal data has the right to request that the responsible body restricts the processing, should the requirements under Article 18 Paragraph 1 GDPR be met.
- Each person affected by the processing of personal data has the right to receive the personal data which he or she has provided to a responsible body in a structured, up-to-date and machine readable format and he or she has the right to transfer this data to another responsible body without hindrance by the responsible body to whom the personal data was provided, should the requirements under Article 20 Paragraph 1 GDPR be met.
- Each person affected by the processing of personal data has the right to raise an objection at any time for reasons connected to his or her specific situation to the processing of personal data relating to him or her which takes place in accordance with Article 6 Paragraph 1 Letter e) or Letter f) GDPR; this also applies to profiling which takes place under these provisions. In case of an objection, we will no longer process your personal data, unless we can prove mandatory defendable reasons for the processing which outweigh the interests, rights and freedoms of the affected person or the purpose of the processing is the assertion, exercising or defence of legal claims.
- Each person affected by the processing of personal data has the right to revoke their consent to the processing of personal data at any time.
- In accordance with Article 77 GDPR and regardless of legal remedies under administrative laws or before a court elsewhere, each affected person has the right to complain to a supervisory authority, in particular in the Member State of his or her usual place of residence, place of employment or the location of the alleged breach, should the affected person be of the opinion that the processing of the personal data relating to him or her breaches this regulation.
12. Legal basis of the processing
Unless otherwise stated in the sections below, the following regulations form the legal basis of the processing:
For processing procedures where we have received consent for a specific processing purpose, the legal basis is Article 6 Paragraph 1 Letter a) GDPR.
Should the processing of personal data be necessary in order to fulfil a contract with the affected person, the legal basis is Article 6 Paragraph 1 Letter b) GDPR. This also applies to the processing of personal data in order to carry our pre-contractual measures (enquiries etc). Should the processing of personal data take place in accordance with a legal obligations, such as in order to fulfil obligations under commercial law or tax laws for example, the legal basis of Article 6 Paragraph 1 Letter c) GDPR.
Article 6 Paragraph 1 Letter d) GDPR is the legal basis for the processing of personal data, should this be necessary in order to protect vital interests of the affected person or of another natural person. Should the processing be necessary in order to safeguard our legitimate interests or those of a third party and should the interests, basic rights and basic freedoms of the affected persons not outweigh these, the legal basis is Article 6 Paragraph 1 Letter f) GDPR.