Data protection

Privacy Policy as per September 2020

  1. Name and contact details of the data controller and the Data Protection Officer

This privacy policy applies to all data processing by:

Deutscher Polo Verband e.V.

Graf-Lehndorff-Straße 36 / 16
81929 München

Telefon: +49 - 151 - 54 65 88 82

Email: office@dpv-poloverband.de
www.dpv-poloverband.de

Authorized representative of the board of directors:

Oliver Winter (Präsident), Steffi von Pock (1. Vizepräsidentin) Wolfgang Gabrin (2. Vizepräsident)

Amtsgericht München VR 8929

We treat your personal data confidentially and according to the legal data protection regulations. We will inform you about the details, i.e. data processing and its legal basis (hereinafter Section II.), the storage of your data (hereinafter Section III.), the transfer of data (hereinafter Section IV), your rights of data subjects (hereinafter Section V.) and data security (hereinafter Section VI.) in the following data protection declaration.

We draw your attention to the fact that we inform our members more separately about the processing of their data within the framework of membership and data protection.

  1. PROCESSING OF PERSONAL DATA

In the interest of clarity, we have initially divided the information for data collection and data processing according to how the contact with you comes about, whether via our website (number 1.), Facebook (number 2.), otherwise, e.g. by telephone or personally, (number 3.) or as part of a PayPal payment (number 4.).

We inform our members separately about data protection.

If you have any questions, please do not hesitate to contact us.

1 Visits to the website www.poloverband.de

  • Calling up the website

When calling up our website the browser used on your terminal will automatically send information to our website server. This information will be stored temporarily in a so-called logfile. The following information will be recorded here without any actions from you and stored until it is automatically erased:

  • IP address of the requesting computer,
  • Date and time of the access,
  • Name and URL of the file called up,
  • Website from which access was made (referrer URL),
  • Browser and, if necessary, the operating system on your computer and the name of your access

We will process the data specified for the following purposes:

  • Guaranteeing a smooth connection on the website,
  • Guaranteeing convenient use of our website,
  • Evaluating system security and stability.

The legal basis for data processing is Art. 6 (1) sentence 1 f) GDPR. Our legitimate interest results from the data collection purposes listed above. In this connection, we will not use the data collected for the purposes of drawing conclusions about you.

The data will be deleted at the end of the browser session, i.e. after closing your browser.

Furthermore, we use cookies during visits to our website. You will find more detailed explanations of this under 4..

  • Using our contact form for advice requests

On our website we offer the possibility to contact us via a form provided there for the purpose of providing personal advice. In doing so, it is necessary to disclose your name as well as to disclose a valid email address so that we know where the request has come from and are able to meet your wishes accordingly.

The data processing of your telephone number for the purposes of making contact with us is done as per Art. 6 (1) sentence 1 a) GDPR on the basis of your consent.

If you also provide us with your telephone number, we assume that you are doing so in order to facilitate contact with you and recognise our legitimate interest in this respect pursuant to Art. 6 (1) sentence 1 f) GDPR. You are free to decide whether you wish to provide us with your telephone number.

  • Data processing for membership enquiries

Applicant

You can also send us your membership request via a contact form provided by us on our website. It is necessary to provide your name and a valid email address so that we know who sent the request and can respond to it.

Data processing for the purpose of contacting us is carried out in accordance with Art. 6 (1) sentence 1 b) GDPR in order to fulfil your enquiry.

If you also provide us with your telephone number, we assume that you are doing so in order to make it easier for us to contact you and recognise our legitimate interest in this respect pursuant to Art. 6 (1) sentence 1 f) GDPR. You are free to decide whether you wish to provide us with your telephone number.

If you complete one of the membership applications offered for download on our website and send it to us, the personal data you provide will be processed by us exclusively within the scope of processing your membership application. We will inform you of this separately as part of your admission as a member. If your application for membership is not accepted, we will delete the data provided by you immediately after we have informed you of the rejection.

Data processing within the framework of the examination of your membership application is carried out in accordance with Art. 6 (1) sentence 1 b) GDPR in order to fulfil our statutory duties.

Other persons concerned

If you have signed an application for membership as a legal representative - be it of the responsible polo club, be it of the applicant - we will process this date exclusively within the framework of the processing of the respective membership application. We store your data for the case of acceptance of the application until the termination of the respective membership.

If the application for membership is not accepted by us, we will delete the data provided by you immediately after we have informed the applicant of the rejection.

The processing of your data, in particular the storage of your signature, is carried out for the purpose of processing the membership application in accordance with Art. 6 (1) sentence 1 b) GDPR in order to fulfil our statutory duties.

1.4. Polo-Exchange
On our website on the "Polo Exchange" subpage, we offer members the opportunity to offer goods, horses and services free of charge not only to other members but also to third parties. For this purpose, the respective member sends us the corresponding advertisement, which we publish on the website. The Member decides for himself/herself which contact details he/she will provide in the advertisement. Contact should always be established directly between the member and the respective interested party.

We store the advertisement together with any attachments that may be present as well as the details of which member has placed the advertisement with us for publication and when. These data will be deleted by us within 6 months after removal of the advertisement. Data of interested parties will not be processed by us and in particular will not be stored.

1.5. Data processing at login

On our website, we offer selected users (persons who are granted special rights of access under our articles of association) the opportunity to log in by providing personal data in order to gain access to protected documents. In order to log in, it is necessary for the user to have provided us with his e-mail address in advance. This is then the so-called user name. After entering this user name, a temporary password is sent to the user's e-mail address. After logging in using this password, the user must enter a password of his own option. We only save the hash value of the password currently selected by the user. The original password cannot be restored from the hash value.

If you use the login option provided on our website (by entering your registered e-mail address and password), we will - in addition to the data already listed above at 1.1. - process the following personal data from you

- Username/e-mail address

- Password or corresponding hash value

- Date and time of login and log-out

The data is processed for the purpose of enabling you to log in as requested. The legal basis for data processing is therefore Art. 6 (1) sentence 1 b) GDPR.

The data will not be passed on to third parties - subject to the inevitable passing on of the same within the scope of IT support / support of our website / hosting.

1.6. Cookies

We use cookies at some points on our website. These are small items of data that your browser creates automatically and among others can be stored on your device (laptop, tablet, smartphone or similar) in a text file if you visit our site. Cookies do not damage your terminal and do not contain any viruses, Trojans or other malware.

Information is deposited in the cookies that results in connection with the device specifically used. However, this does not mean we become directly aware of your identity.

The use of cookies serves firstly, to make the use of our range more pleasant for you. Which is why we use so-called session cookies to recognise that you have already visited some pages of our website. These are automatically deleted after leaving our site.

The data processed by cookies is required for the purposes specified to safeguard our legitimate interests and those of third parties as per Art. 6 (1) sentence 1 f) GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice appears before a new cookie is placed. However, completely deactivating cookies can mean you cannot use all the functions of our website.

1.7. Analysis tools/Tracking tools – i.e. Google Maps

We do not use any other analysis/tracking tools on our website, except Google Maps.

This tool will be used on this website to display interactive maps and to create directions. Google Maps is a map service from Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data specified above under Section II.1. as well as any (start) address entered will be transmitted. This takes place regardless of whether Google provides a user account that you are logged in to or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and / or needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website - you have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

Further information on the purpose and scope of data collection and processing by Google and further information on your rights in this regard and setting options to protect your privacy can be found here:

https://www.google.de/intl/de/policies/privacy/

Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield

https://www.privacyshield.gov/EU-US-Framework

1.8. Data processing through integrated social media

We do not use social plugins from the social networks Facebook and Instagram on our website. You can only access our respective online presences by activating the link provided on our website. Data is therefore not transferred to the relevant operators when you visit our website, but only when you visit the third-party site by activating the link.

  1. Facebook page

We have set up a page on Facebook.

On our Facebook page we inform you about news and events of the DPV and its members. You can mark our page with a "Like" to stay up to date. Depending on how you have configured your privacy settings, we can see that you have given us a Like. If you mark our participation in an event on Facebook, this data will not be transmitted to us automatically.

When you visit our page, personal data is processed by Facebook and us as jointly responsible persons, Art. 26 GDPR.

Facebook as a platform operator processes personal data of its users and visitors, compiles statistics and user profiles if necessary and uses the data for advertising purposes. The data can also be used for market and opinion research. The collection of your information takes place via cookies and can be supported by the fact that you are logged on to the platform.

Facebook makes the above data available to us anonymously. This enables us to control our public relations better and more purposefully. In doing so, we can sometimes gain knowledge of Facebook profiles of individual users who like our fan page and/or use applications of the page.

In order to further improve our content on our Facebook page, we may also use the information we collect during a visit to make demographic and geographic assessments based on that information.

If you use more than one device during your visit to Facebook, we may also collect and analyse information across devices if you visit our page as a registered Facebook user with your registered Facebook profile.

Any visitor statistics that are generated will only be forwarded to us anonymously. Access to the underlying data is not possible. At no time will we be directly informed of your identity as a visitor to our page.

As part of our page, we use the Insights service on Facebook to obtain anonymous statistical data on visitors to our fan page.

When you visit our page, Facebook stores a corresponding data package on your end device, a cookie with a user code. The cookie is active for two years unless it is deleted beforehand. If you are registered as a user on Facebook, the user code contained in the cookie can be linked to your data. The information stored is processed by Facebook. It is also possible that third parties may use this information from Facebook cookies to provide services to companies advertising on Facebook.

For more information about Facebook's use of cookies, see Facebook's Cookie Policy: https://www.facebook.com/policies/cookies/

We do not pass on the personal data made available to us by Facebook to third parties.

The processing described above is based on our legitimate interest pursuant to Art. 6 (1) sentence 1 f) GDPR in communicating with users on Facebook, visitors to our profile including our company presentation and, in particular, the comprehensive best possible information about us and our members (polo clubs and polo players).

If you contact us via the chat function of the platforms, we process your information for communication with you. Basis for the data processing is a contract or a pre-contractual measure according to Art. 6 (1) sentence 1 b) GDPR.

We have no influence on the data processing by Facebook.

When you visit our page, any data collected may be forwarded to Facebook Inc. based in the USA and processed there. For data transfers to the USA, there is an adequacy decision of the EU Commission, the EU-US Privacy Shield. In this decision, the Commission has certified that the guarantees for the transfer of data to the USA on the basis of the EU-US Privacy Shield comply with the data protection standards in the EU.

Facebook Inc. is certified:

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

As a Facebook user, you have the option of using the advertising preference settings in your Facebook account to set the extent to which your user behaviour can be recorded when you visit our fan page. In addition, Facebook provides an objection form: https://www.facebook.com/help/contact/1994830130782319

We are responsible for data processing on the page together with Facebook Inc. in accordance with Art. 26 GDPR.

  1. Other methods of making contact (e.g. tel., email, events) and commissioning

If you make contact with us by email, telephone or otherwise in person, we will generally record your first name and surname, your address and any additional data required within the scope of the contact and/or commissioning. In the context of the further establishment of contact further data are raised if necessary, like for example your handicap or with business partners the company affiliation. Otherwise, data processing will depend on the content of your enquiry.

The legal basis for the processing is, depending on the content of the request, Art. 6 (1) sentence 1 b) GDPR – Fulfilling your request - or Art. 6 (1) sentence 1 f) GDPR on the basis of our legitimate interest. Our legitimate interest derives from the purpose of responding to your inquiry or, in the case of business partners, from the purpose of preparing, concluding and executing contracts.

  1. Data processing with payment by Paypal
    The data controller has integrated components of PayPal on this website. PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal offers the possibility to make virtual payments by credit card if a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there is no classic account number. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also assumes trustee functions and offers buyer protection services. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. If the person concerned selects "PayPal" as a payment option during the ordering process in our online shop, data of the person concerned is automatically transmitted to PayPal. The personal data transmitted to PayPal is usually first name, surname, address, e-mail address, IP address, telephone number, mobile phone number or other data necessary for the processing of the payment. Personal data that are necessary for the processing of the purchase contract are also those that are related to the respective order. The transmission of the data is intended for payment processing and fraud prevention. The person responsible for processing will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. Personal data exchanged between PayPal and the data controller may be transmitted by PayPal to credit reference agencies. The purpose of this transmission is to check identity and creditworthiness. PayPal may share the personal data with affiliated companies and service providers or subcontractors to the extent necessary for the performance of the contractual obligations or where the data are to be processed under contract. By selecting this payment option, the person concerned consents to the transfer of personal data required for the processing of payments. The transfer of the data is thus justified in accordance with Art. 6 Para. 1 S.1. lit. a DSGVO. The person concerned has the possibility to revoke his or her consent to the handling of personal data to PayPal at any time. Revocation does not affect personal data that must be processed, used or transmitted for the (contractual) handling of payments. The processing of this data is justified according to Art. 6 para. 1 sentence 1 lit. b DSGVO. The applicable data protection regulations of PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

III. Length of storage

Data will be erased as soon as it is no longer required for the purpose of its processing. In detail:

  1. Calling up our website

If you visit our website without using our contact form, your data will be erased within 7 days after the end of the browser session, i.e. after closing your browser. The personal data we collect for using the contact form (see above II.1.b)) or within the scope of any other request (see above II.4) will be automatically erased after the completion of the request made by you and, if no contract is concluded, after 24 months at the latest.

  1. Contact form - other inquiries

The personal data collected by us for the use of the contact forms (see II.1.5. and 1.6. above) or within the scope of any other request (see II.3. above) will be automatically deleted at the latest after 15 months after completion of the request made by you and unless you are accepted as a member.

  1. Data from business partners

We store data of our business partners for the duration of the business relation as well as up to the expiration of possible periods of limitation.

  1. Data storage for payment via PayPal

If you have made a payment to us via PayPal, the data processed in connection with this will be stored for the duration of the contractual relationship with you as well as on the basis of Article 6 (1) sentence 1 c) GDPR beyond that, if we are obliged to a longer storage (up to 11 years) due to tax and commercial storage and documentation obligations (from German Commercial Code, German Criminal Code and/or German Tax Code) or other legal obligations.

  1. Data storage with special login

If you are authorized to login, the following storage periods apply:

The data which we process within the scope of the release of the login (user name and hash value of the password) will be stored by us for the duration of the user's access authorization and then deleted.

The data that is processed on the occasion of each login, i.e. stored in log files, is stored on a server in Frankfurt for a period of 90 days and is automatically deleted after this period has expired. This period is only extended if a longer storage period is necessary for the purpose of checking unauthorised access.

  1. Transferring data

We pass on your personal data exclusively under the following conditions and only to the named recipients.

  1. Authorisation for transferral

Your personal data will not be transmitted to third parties for any purposes other than those detailed below under points 2 et seq..

We will only transmit your personal data to third parties if:

  • this is legally permissible and required as per Art. 6 (1) sentence 1 b) GDPR to execute contractual relationships with you,
  • if there is a legal obligation for the transfer as per Art. 6 (1) sentence 1 c) GDPR and/or
  • transfer is required as per Art. 6 (1) sentence 1 f) GDPR to assert, exercise or defend against legal claims and there is no reason to assume that you have an interest requiring protection in the non-transfer of your data that outweighs this.

We will only transfer your personal data for other purposes if you have given your explicit consent, Art. 6 (1) sentence 1 a) GDPR.

  1. Recipient

We will transfer your personal data to third parties, if necessary in the context of your inquiry/contact establishment, to our member clubs as well as our statutorily determined committees and/or their members. Furthermore, the transfer of your data within the scope of the legally permissible transfer to the following third parties may be considered: contract processors to whom we transfer personal data in order to carry out the business relationship with you or to whom we allow access to your data stored by us. In detail: Support/maintenance of IT applications; archiving; data destruction; collection; website management.

However, in cases where your personal data is passed on to third parties, the scope of the data transmitted is limited to the necessary minimum.

  1. Data subject rights

You are entitled to the following rights with regard to the processing of your personal data:

  1. General rights

You have the right:

  • as per Art. 15 GDPR to demand to be informed free of charge about your personal data that we process. In particular, you can demand to be informed about the purposes of processing, the category of personal data, the categories of recipients that disclosures of your data are or were made to, the planned storage period, the right to rectification, erasure, restriction of processing or objection, the right to complain, the origin of your data if we did not collect this and any automatic decision-making including profiling and, if necessary meaningful information about the details of these;
  • as per Art. 16 GDPR to demand the rectification of incorrect data or completion of your personal data that we store;
  • as per Art. 17 GDPR to demand the erasure of your personal data that we store if the processing is not required to exercise the right of freedom of speech and information, to meet a legal obligation, for reasons of public interest or to assert, exercise or defend against legal claims;
  • as per Art. 18 GDPR to demand the restriction of processing of your personal data if you dispute the accuracy of the data, processing is illegal, but you reject erasure and we no longer require the data, however, you require this to assert, exercise or defend against legal claims or as per Art. 21 GDPR you have objected to processing;
  • as per Art. 20 GDPR to demand receipt of your personal data that you have provided to us in a structured, common and machine-readable format or transmission to another controller;
  • as per Art. 7 (3) GDPR to withdraw any consent you have given us at any time. The consequence of this is that we must not continue data processing that related to this consent and
  • as per Art. 77 GDPR to complain to a supervisory authority. This will normally be the supervisory authority of your usual place of residence or workplace or at our corporate headquarters.

2 Right to object

If your personal data is processed on the basis of legitimate interests as per Art. 6 (1) sentence 1 f) GDPR, you have the right as per Art. 21 GDPR to object to the processing of your personal data if there are reasons resulting from your particular situation or you object to direct advertising. In the latter case you have a general right to object, which we will implement without disclosure of a particular situation.

Please note that in the event of an objection to the forwarding of your personal data within the scope of a credit check, delivery on account will generally no (longer) be possible (see above figure IV.4.)

If you want to exercise your right to withdraw consent or to object, just send an email to

office@dpv-poloverband.de

  1. Data security

As part of your visit to the website we use the common SSL procedure (Secure Socket Layer) in combination with the respectively highest level of encryption that is supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead.

You can recognise an encrypted connection in that the address line of the browser will change from “http://” to “https://” and from the lock symbol in your browser line.

When SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Otherwise, we use suitable technical and organisational security measures to protect your data against accidental or deliberate manipulations, partial or complete loss, destruction or against unauthorised third-party access. Our security measures will be continuously improved in accordance with technological development.

VII. Topicality and amendment of our Privacy Policy

This Privacy Policy is currently valid and is the version of June 2019.

Due to the redevelopment of our website and ranges or due to changed legal or official requirements it may be necessary to amend this Privacy Policy. The currently applicable Privacy Policy can be viewed now on the website at https://www.dpv-poloverband.de/privacy-policy/