Skip to main Content
Cart
0
Login
flag.en
Cart
0
Login

Privacy policy

  1. Home
  2. Legal | OFFICIAL VIP
  3. Data protection | OFFICIAL VIP

Privacy policy of SPORTFIVE Germany GmbH

The provisions of the EU General Data Protection Regulation (hereinafter referred to as GDPR) apply throughout Europe. We would like to inform you about the
processing of personal data carried out by our company in accordance with this regulation (see Articles 13 and 14 GDPR). If you have any questions or comments about this privacy policy, you can send them at any time to the email address given in section 2 or 3.

 

Table of contents

 

I. Overview

Scope of application
Person responsible
Data Protection Officer
Data security


II. The data processing in detail

General information on data processing
Accessing the website/application
Newsletter
Customer support
Purchase of goods and services and payment processing
Tracking
Social media plugins

 

III. Rights of data subjects

Right of objection
Right to information
Right to rectification
Right to erasure (‘right to be forgotten’)
Right to restriction of processing
Right to data portability
Right to withdraw consent
Right to lodge a complaint


IV. Glossary

 

 

 I.  Overview

 

In this section of the privacy policy, you will find information on the scope of application, the data controller, its data protection officer and data security.

 

1. scope of application

 

Data processing by SPORTFIVE Germany GmbH can essentially be divided into two categories:

- For the purpose of contract fulfilment, all data required for the execution of a contract with SPORTFIVE Germany GmbH is processed. If external service providers are also involved in the processing of the contract, e.g. payment service providers, your data will be passed on to them to the extent necessary in each case.

- When you access the SPORTFIVE Germany GmbH website/application, various information is exchanged between your end device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimise our website or to display advertising in the browser of your end device.

This privacy policy applies to the following offers

- our online offer available at www.official-vip.com;

- whenever reference is made to this privacy policy from one of our offers (e.g. websites, subdomains, mobile applications, web services or integrations in third-party sites), regardless of how you access or use it.

All of these offers are also collectively referred to as ‘services’.

 

2. responsible person

 

The person responsible for data processing - i.e. the person who decides on the purposes and means of processing personal data - in connection with the services is

SPORTFIVE Germany GmbH

Barcastraße 5

22087 Hamburg

Phone: +49 (0)40 376 77-0

Fax: +49 (0)40 376 77-129

E-mail: de.info@sportfive.com

VAT ID No.: DE814116740

Registered office and register court: Hamburg HRB 10 22 66

Managing directors: Philipp Hasenbein, Hendrik Schiphorst

 

3. data protection officer

 

If you have any questions about our data protection measures, the processing of your data or the protection of your rights as a data subject, you can contact us and our data protection officer as follows:

 

External data protection officer

ePrivacy GmbH

represented by Prof. Dr Christoph Bauer

Burchardstraße 14, 20095 Hamburg

For all questions and concerns regarding your data, please contact de.info@sportfive.com  


Sollten Sie direkt mit unserem Datenschutzbeauftragten kommunizieren wollen (beispielsweise, weil Sie ein besonders sensibles Anliegen haben), kontaktieren Sie diesen bitte auf dem Postweg, da die Kommunikation per E-Mail immer Sicherheitslücken aufweisen kann. Bitte geben Sie bei der Anfrage an, dass sich ihr Anliegen auf die Firma SPORTFIVE Germany GmbH und den Onlineshop „www.official-vip.com“ bezieht.

 

4. data security

 

We have established an information security management system in our company in order to develop the measures required by Art. 32 GDPR and thus achieve a level of protection appropriate to the risk.

 

II The data processing in detail

In this section of the privacy policy, we inform you in detail about the processing of personal data in the context of our services. For the sake of clarity, we have organised this information according to certain functionalities of our services. During normal use of the services, different functionalities and therefore also different processing operations may be carried out consecutively or simultaneously.

 

1. general information on data processing

Unless otherwise stated, the following applies to all processing described below:

a.      No obligation to provide

There is neither a contractual nor a legal obligation to provide personal data. You are not obliged to provide data.

b.      Consequences of non-provision

In the case of required data (data that is labelled as mandatory when it is entered), failure to provide it will mean that the service in question cannot be provided. Otherwise, failure to provide the data may mean that our services cannot be provided in the same form and quality.

c.       Consent

In various cases, you have the option of giving us your consent to further processing in connection with the processing described below (possibly for some of the data). In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all modalities and the scope of the consent and about the purposes that we pursue with this processing.

d.      Transfer of personal data to third countries

If we transfer data to third countries, i.e. countries outside the European Union, the transfer takes place exclusively in compliance with the legally regulated conditions of admissibility.

The admissibility requirements are regulated by Art. 44 -49 GDPR.

e.      Hosting with external service providers

Our data processing is carried out to a large extent with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centres and also process personal data on our behalf in accordance with our instructions. These service providers either process data exclusively in the EU or we have guaranteed an appropriate level of data protection with the help of EU standard data protection clauses.

f.        Transmission to state authorities

We transfer personal data to state authorities (including law enforcement authorities) if this is necessary to fulfil a legal obligation to which we are subject (legal basis: Art. 6 para. 1 c) GDPR) or if it is necessary for the assertion, exercise or defence of legal claims (legal basis Art. 6 para. 1 f) GDPR).

g.      Storage period

We do not store your data for longer than we need it for the respective processing purposes. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its temporary storage is still necessary. Reasons for this may include the following:

- The fulfilment of retention obligations under commercial and tax law

- The preservation of evidence for legal disputes within the framework of the statutory limitation periods

It is also possible for us to continue to store your data with us if you have expressly given your consent for this. 

 

h.      Data categories

- Account data: Login/user ID and password

- Personal master data: Title, form of address/gender, first name, surname, date of birth

- Address data: Street, house number, address supplements if applicable, postcode, city, country

- Contact details: Telephone number(s), fax number(s), e-mail address(es)

- Registration data: Information about the service through which you have registered; times and technical information on registration, confirmation and cancellation; data provided by you during registration

- Order data: Products ordered, prices, payment and delivery information

- Payment data: Account data, credit card data, data on other payment services such as Paypal

Access data: Date and time of the visit to our service; the page from which the accessing system reached our site; pages accessed during use; session identification data (session ID); also the following information of the accessing computer system: internet protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.

i.       Linking of personal data

We link your future and historical data of the various service providers if you have expressly given your consent for this.

 

2.  Calling the website/application

This describes how we process your personal data when you access our services. We would particularly like to point out that the transmission of access data to external content providers (see b.) is unavoidable due to the technical functioning of information transmission on the Internet.

a. Information on processing

Data category

Purpose

Legal basis

Legitimate interest, if applicable

Storage period

Access data

Establishing a connection, displaying the contents of the service, detecting attacks on our site based on unusual activities, diagnosing errors

Art. 6 Para. 1 f) GDPR

Proper functioning of the services, security of data and business processes, preventing misuse, preventing damage caused by interference with information systems

7 days

b.Recipients of the personal data

Recipient category

Data affected

Legal basis for transmission

Legitimate interest, if applicable

External content providers who provide content (e.g. images, videos, embedded postings from social networks, advertising banners, fonts, update information) that is required to display the service

Access data

Order processing (Art. 28 GDPR)

Proper functioning of the services, (accelerated) display of content

IT security service provider

Access data

Order processing (Art. 28 GDPR)

Prevention of attacks by exploiting security gaps / vulnerabilities

 

3. Newsletter

We describe here what happens to your personal data in connection with a subscription to our newsletter:

a. Information on processing

Data category

Purpose

Legal basis

Legitimate interest, if applicable

Storage period

E-mail address

Verification of registration (double opt-in procedure), sending of newsletter

Art. 6 Para. 1 Letter a) GDPR

-

Duration of newsletter subscription

Personal master data

Personalization of the newsletter

Art. 6 Para. 1 Letter a) GDPR

-

Duration of newsletter subscription

Registration data

Traceability of newsletter registration/confirmation/unsubscription

Art. 6 Para. 1 Letter f) GDPR

Proof of newsletter registration/confirmation/unsubscription

Duration of newsletter subscription

Newsletter usage profile data

Design of the newsletter in line with interests

Art. 6 Para. 1 Letter f) GDPR

Improvement of our service, advertising purposes

Duration of newsletter subscription

b. Recipient of the personal data

Recipient category

Data affected

Legal basis for transmission

Legitimate interest, if applicable

Service provider for newsletter dispatch

all data mentioned under a.

Order processing (Art. 28 GDPR)

-

Service provider for data analysis

all data mentioned under a.

Order processing (Art. 28 GDPR)

-

The newsletter is sent using the shipping service provider “MailChimp”, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the data protection regulations of the shipping service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The shipping service provider is used on the basis of a data processing agreement in accordance with Art. 28 Para. 3 Clause 1 GDPR.

The shipping service provider can use the recipients' data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for the technical optimization of the sending and presentation of the newsletter or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them themselves or to pass the data on to third parties.

The data analysis is carried out by the service provider KORE Interactive Systems (USA) Inc., 259 W 30th St, 16th Floor New York NY 10001, USA. You can view the service provider's data protection regulations here: https://koresoftware.com/privacy-policy/. The data is only stored on servers located in a member state of the European Union. The service provider is used on the basis of a data processing agreement in accordance with Art. 28 Para. 3 Sentence 1 GDPR.

 

4. Customer support

You can find out how we process your personal data when you contact our customer service here:

a. Information on processing

Data category

Purpose

Legal basis

Legitimate interest, if applicable

Storage period

Personal master data, contact details, contents of inquiries/complaints

Processing of customer inquiries and user complaints

Art. 6 Para. 1 b), f)

Customer loyalty, improvement of our service

Processing of the inquiry

b. Recipients of personal data

Recipient category

Data affected

Legal basis for transmission

Legitimate interest, if applicable

Service provider for the chat function

Contact details

Order processing (Art. 28 GDPR)

-

 

5. Purchase of goods and services and payment processing

The following information describes how your personal data is processed when you purchase and pay for goods and services via our online offer:

a. Information on processing

Data category

Purpose

Legal basis

Legitimate interest, if applicable

Storage period

Personal master data, contact data, content of inquiries, content of offers, payment data

Processing of customer inquiries and sale of goods and services

Art. 6 Para. 1 b), f)

Proper functioning of the services

Improvement of the services offered

b. Recipients of the personal data

Recipient category

Data affected

Legal basis for transmission

Legitimate interest, if applicable

Service provider for the payment process

Payment data

Order processing (Art. 28 GDPR)

-
Service provider for data analysis

Personal master data, contact data, content of inquiries, content of offers

Order processing (Art. 28 GDPR)

-

As part of the payment processing, your data may be passed on to the following payment service providers. The credit card number or other bank details are not stored by SPORTFIVE and are forwarded directly to the payment service providers:

Payments by credit card, PayPal and instant bank transfer are processed by our partner Adyen BV, Simon Carmiggelstraat 6 - 50, 1011 DJ Amsterdam. To prevent and detect cases of fraud, we transmit your IP address to our partner Adyen BV, Simon Carmiggelstraat 6 - 50, 1011 DJ Amsterdam. Your IP address is stored by Adyen BV. All data is transmitted in encrypted form.

In cases where a contract is concluded directly between you and an organizer, we forward your billing details (name, address, service purchased) to the respective organizer.

The data is analyzed by the service provider KORE Interactive Systems (USA) Inc, 259 W 30th St, 16th Floor New York.

 

Google reCAPTCHA

In order to ensure sufficient data security when submitting forms, we use the reCAPTCHA service from Google Inc. in certain cases. This is primarily used to distinguish whether the input is made by a natural person or abusively by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. The deviating data protection provisions of Google Inc. apply here. Further information on the data protection guidelines of Google Inc. can be found at https://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/

 

etracker

The provider of this website uses services of etracker GmbH from Hamburg, Germany (www.etracker.com) to analyze usage data. Cookies are used to statistically analyze the use of this website by its visitors and to display usage-related content or advertising. Cookies are small text files that are stored by the Internet browser on the user's end device. etracker cookies do not contain any information that enables a user to be identified.

The data generated with etracker is processed and stored by etracker on behalf of the provider of this website exclusively in Germany and is therefore subject to the strict German and European data protection laws and standards. etracker has been independently audited and certified in this respect and has been awarded the data protection seal of approval :#ePrivacyseal.

Data processing is carried out on the legal basis of Art. 6 para. 1 lit. f (legitimate interest) of the EU General Data Protection Regulation (EU GDPR). Our legitimate interest lies in the optimization of our online offer and our website. Since the privacy of our visitors is particularly important to us, etracker anonymizes the IP address as early as possible and converts login or device identifiers into a unique key that is not assigned to a person. No other use, merging with other data or disclosure to third parties is carried out by etracker.

You can object to the data processing described above at any time, insofar as it is personal. Your objection has no negative consequences for you.

Further information on data protection at etracker can be found here.

 

converify.com in conjunction with adnet.de as technical service provider

Functions of converify.com (converify GmbH, Hofmannstr. 25-27, D-81379 Munich) are integrated on this site, which enable us to make you the right offer at the right time. In this way, we aim to constantly improve your shopping experience and make it more customer-friendly and personalized for you.

converify.com and adnet.de use cookies for this purpose. These are used to automatically collect technical device and access data that is transmitted by your browser when you interact with our website. The collected data is used for so-called onsite optimization in order to present you with relevant recommendations and content when you visit our website. This data is not used to identify you personally, but solely for a pseudonymous analysis of your use of the website (e.g. scrolling, clicking, mouse-over) or leaving the site. At no time will the data be permanently merged with other personal data we have stored about you. converify.com and adnet.de use both session cookies, which are automatically deleted when you close your browser, and persistent cookies, which remain on your device until you delete them.

Examples of information we collect and analyze include the Internet Protocol (IP) address connecting your computer to the Internet, logins, computer and Internet connection information such as browser type, version and extensions, time zone settings, operating system and platform, including date and time, cookie or Flash cookie number, products you have viewed or searched for. We may also collect technical information that helps us to identify your device and thereby prevent misuse or diagnose errors. You can deactivate the cookies used by converify.com and adnet.de at any time via the following link:

https://www.official-vip.com#ConvOptOut

 

7.  Social media plugins

This website may contain additional programs (plugins) from social networks such as: Facebook, Google+, Twitter or Pinterest, which are operated by third parties and through which messages can be transmitted to the corresponding social network with the help of a button, e.g. to rate, recommend or share content. In doing so, we pursue the purpose and legitimate interest of making our services better known. We configure our services so that data is only transmitted when you click the button. The legal basis for data transmission in this case is Art. 6 I f) GDPR. The respective provider is responsible for the data protection-compliant processing of the transmitted data.

 

Name of the service

Provider

Data protection information of the provider

Facebook Inc.

Facebook Inc, 1601 S. California Avenue, Palo Alto, CA 94304, USA

https://de-de.facebook.com/about/privacy/

Google+

Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

https://www.google.com/+/policy/pagesterm.html

Twitter

Twitter Inc, 539 Bryant Street, Suite 402, San Francisco, CA 94107, USA

https://twitter.com/de/privacy

 

a. Information on the processing

Data category

Intended purpose

Legal basis

Legitimate interest, if applicable

Storage duration

News and reviews about the user's own social media account

To make services better known

Art. 6 I f) GDPR

To make services better known

 

 

b. Recipients of the personal data

Recipient category

Data concerned

Legal basis of the transfer

Legitimate interest, if applicable

Social media service provider

All data mentioned under a.

 

 

III. rights of data subjects

 

1.  Widerspruchsrecht

If we process your personal data for direct marketing purposes, you have the right to object to the processing of your personal data for the purpose of such advertising at any time with effect for the future.

You also have the right to object, on grounds relating to your particular situation, at any time with future effect to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR.

You can exercise your right to object free of charge.

You can contact us using the contact details given under I.2.

 

2.  Right to information

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed by us and, where that is the case, which personal data is being processed, as well as further information in accordance with Art. 15 GDPR.

 

3. right to rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 

4. right to erasure ("right to be forgotten")

You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds specified in Art. 17 (1) GDPR applies and the processing is not necessary for one of the purposes specified in Art. 17 (3) GDPR.

 

5. right to restriction of processing

You are entitled to request a restriction on the processing of your personal data if one of the conditions set out in Art. 18 (1) (a) to (d) GDPR is met.

 

6.  Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us or to have it transmitted directly by us, where technically feasible. This should always apply if the basis for data processing is consent or a contract and the data is processed automatically. This therefore does not apply to data held only in paper form.

 

7  Right to withdraw consent

If the processing is based on your consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.

 

8. right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority.

 

IV. Glossary

 

Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Browser: Computer program for displaying websites (e.g. Chrome, Firefox, Safari)

 

Cookies: The term "cookie" actually comes from the English vocabulary and its original meaning can be translated into German as "Keks". In the context of the World Wide Web, however, a cookie describes a small text file that is stored locally on the user's computer when they visit a website. This file stores data about the user's behavior. If the browser is called up and the corresponding website is visited repeatedly, the cookie is used and provides the web server with information about the user's surfing behavior using the stored data.

In this context, cookies are not cookies, but information that a website stores locally on the visitor's computer in a small text file. This information can be settings already made by the user on a page, but also information that the website has collected from the user completely independently. These locally stored text files can then be read again later by the same web server that created them. Most browsers accept cookies automatically. You can manage cookies using the browser functions (usually under "Options" or "Settings"). In this way, the storage of cookies can be deactivated, made dependent on your consent in individual cases or otherwise restricted. You can also delete cookies at any time.

 

Third countries: Country that is not bound by the legal requirements of the EU Data Protection Directive (country outside the EEA)

Personal data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Pixel: Pixels are also known as tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on websites. When a document is opened, this small image is downloaded from a server on the Internet and the download is registered there. This allows the server operator to see if and when an e-mail has been opened or a website visited. This function is usually implemented by calling up a small program (Javascript). In this way, certain types of information can be recognized and passed on on your computer system, such as the content of cookies, the time and date of the page view and a description of the page on which the tracking pixel is located.

 

Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements

Services: Our services to which this privacy policy applies (see scope of application)

 

Tracking: The collection of data and its evaluation regarding the behavior of visitors on our services.

Tracking technologies: Tracking can take place both via the activity logs stored on our web servers (log files) and by means of data collection from your end device via pixels, cookies and similar tracking technologies.

 

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.