Data protection declaration
Responsible person for data processing:
Thank you for your interest in our online shop. The protection of your personal data is very important to us. Below you will find all information regarding handling of your personal data.
1. ACCESS DATA AND HOSTING
You can visit our websites without providing personal information. With every visit of a website the webserver automatically stores a server logfile which contains for example the name of the requested data file, your IP address, date and time of retrieval, data volume transmitted and requested provider (access data) and records retrieval. These access data will only be evaluated to ensure an interference-free operation of the website as well as to improve the experience we offer. This serves to protect our legitimate interests in the correct presentation of our offer, which outweigh our interests in the context of a balancing of interests pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO. All access data will be deleted at the latest seven days after visiting the page.
Hosting and presentation service of the website are partially made by our service providers within the scope of processing on our account. If nothing to the contrary has been stated in the framework of the present privacy statement, all access data as well as all data which will be collected by means of the intended forms on this website are processed on the server. Regarding questions about our service providers and the basis of our cooperation please refer to the contact opportunity offered in this data protection declaration.
2. DATA PROCESSING FOR THE PROCESSING OF CONTRACTS, CONTACT ESTABLISHMENT AND OPENING OF CUSTOMER ACCOUNT
Data is only collected if you provide them voluntarily when making an order or when contacting us (for example via contact form or e-mail). Obligatory fields are labeled as such, as we need the data for contract processing for example to process your establishment of contact as we cannot send an order respectively establishment of contact without the requested data. All data collected will be apparent in the respective input form. Data collected will be used for contract processing (as well as for contacting you via telephone or e-mail with regard to evaluate our service provided), forwarding to relevant authorities (particularly health authorities) in case of a positive test report and processing of your requests in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO as well as in case of booking a free (citizen) test to forward (and settle costs) to the responsible authority for cost reimbursement (KVB).
All data will also be used in the framework of transmitted information letters regarding related services. You can contradict to this application at any time. No further transmission costs than the basic rate will arise.
In case you should declare your approval in accordance with Art. 6 para. 1 lit. a DSGVO when creating a customer account, all data will be used for the purpose of creating a customer account. You will find further information regarding processing your data, especially relating to forwarding data to our service provider for the purpose of processing an order, payment or dispatch, in the following paragraphs of this data protection declaration. After completion of the contract or deletion of your customer account all data will be limited for further processing and deleted after the expiration of tax- and commercially-based safekeeping periods (in accordance with Art. 6 para. 1 lit. c DSGVO) unless you have explicitly approved further processing of your data according to Art. 6 para. 1 lit. a DSGVO or in case we reserve further data processing which is permitted by law and will be explained in this declaration. A deletion of a customer account is always possible and can either be made by means of a message to the contact opportunity stated in this data protection declaration or by means of a provided option in the customer account. Deviating from this, data which was collected based on booking a test appointment in accordance with TestV from 08.03.2021 being the basis for invoicing free tests, will be stored and saved due to compulsory legal provisions of TestV respectively § 105 III SGB V until 31.12.2024.
I hereby give consent for my following personal data to be processed with respect to my coronavirus SARS-CoV-2 test carried out by TestNow!:
- Presence of an infection with Coronavirus SARS-CoV-2
- Name and surname, gender, nationality, date of birth, address of main residence or permanent address and in case of divergence: address of current residence respectively holiday address / current residence of next 14 days
- Telephone number (mobile), e-mail address
- Vaccination and convalescence status
My consent explicitly extends to the processing of health-related data within the meaning of Art. 9 data protection basic regulation (DSGVO) by means of B&K Emergency Training GbR und us (hereinafter TestNow!). I declare that I agree that TestNow! sends me information concerning my test result via the contact data I have submitted and via unencrypted e-mail. I agree that my test result contains personal details.
The consent is voluntary. It can be refused without any reasons given without having disadvantages. The consent can be revoked at any time; in this case, all data will be immediately deleted by TestNow! and I won’t be informed about my test result by TestNow!.
In case of a positive test result, I will be informed by the responsible health authority. Revocation of consent is not possible in this respect, as it concerns a notifiable disease according to the Infection Protection Act. Furthermore, the revocation does not extend to data processing that takes place within the scope of fulfilling the tasks of the competent authorities following a notification to them (cf. No. 4 of the information pursuant to Art. 13 of the GDPR / DSGVO).
For the case that I buy tests for several people, I hereby declare that I got the approval for the DSGVO agreement of all further test persons. They have agreed that I am allowed to transmit the test results and thereby gain insight to the test result. A revocation of these test persons is always possible.
Information in accordance with Art. 13 Data Protection Basic Regulation (DSGVO)
- 1. Name and contact data of responsible person is Test Now GmbH, Schloßstraße 19, 82031 Grünwald
- 2. Contact data of data protection officer: Alexander Spierer, Schloßstraße 19, 82031 Grünwald
- 3. Processing of your data will be carried out for the purpose of prevention and combating of Coronavirus SARS-CoV-2 pursuant to Art. 9 para. 2 letter a) in conjunction with Art. 6 para. 1 UAbs.1 letter a) DSGVO. Art. 6 para. 1 subpara. 1 letter a) DSGVO based on your consent.
- 4. Recipient of personal data, reason for disclosure, responsible health authority within the scope of registrants is submitted to Art. 9 of the Infection Protection Act (IfSG).
- 5. Duration of storing of personal data until revocation of consent, test result will be deleted after a maximum of 4 weeks.
- 6. Rights of individuals affected: you have the right at any time to information about the data stored about you (Art. 15 DSGVO)
In case of processing incorrect personal data, you have the right of adjustment (Art. 16 DSGVO). When legal requirements are met, you can demand deletion or limitation of processing (Art. 17 and 18 DSGVO). If you have agreed to a processing or if a data processing contract was made and data processing is carried out by means of automized procedures, you may have the right for data portability (Art. 20 DSGVO). In case of reasons based on your particular situation, you have the right to appeal against a processing of data if processing of data is carried out exclusively on the basis of Art. 6(1)(e) or (f) DSGVO (Art. 21(1) sentence 1 DSGVO).
If you have agreed to the processing of your data and the processing of data is based on this consent, you have the right to always revoke the consent for the future. Legality based on the given consent to process your data until revocation of consent is not affected. Revocation does not affect data processing carried out as part of task fulfillment of responsible authorities. Furthermore, there is the right to appeal to the commissioner for data protection.
3. DATA PROCESSING FOR VERIFICATION OF PROOF OF VACCINATION OR CONVALESCENCE BY DFB EURO GMBH
We collect personal data when you provide it to us as part of your appointment booking for verification of your proof of vaccination or recovery by DFB EURO GmbH for admission to UEFA EURO 2020 matches. Mandatory fields are marked as such, as we require this data to carry out the appointment you have requested, i.e. to process the contract. Which data is collected can be seen from the respective entry forms; as a rule, this is a form of address, name, address, date of birth and e-mail address and/or mobile number. We use the data you provide to process the appointment you have booked, i.e. to process the contract within the meaning of Art. 6 Para. 1 S. 1 lit. b DSGVO.
We pass on the above-mentioned appointment booking data to eTermin GmbH (Im Wiesengrund 8, 8304 Wallisellen, Switzerland), through whose software the appointment booking is made. We have concluded an order data agreement with eTermin GmbH. The booking data is anonymized after four weeks and deleted after three years at the latest.
Furthermore, we will pass on your name and date of birth to DFB EURO 2020 Volunteers, regularly anonymised with the help of a QR code, in order to carry out the appointment you have booked. This data transfer also takes place on the basis of Art. 6 Para. 1 Sentence 1 lit. b DSGVO, as you have made the appointment booking as a ticket holder for the purpose of admission to the stadium and DFB EURO GMBH is your contractual contact in this respect.
The DFB EURO 2020 volunteers will carry out a visual check of your vaccination or recovery certificate during the appointment booked by you. This visual inspection by the DFB EURO 2020 Volunteers is carried out for the purpose of ensuring public health in the stadium with regard to the Covid 19 pandemic in accordance with Art. 9 Para. 2 i) DSGVO or Art. 9 Para. 2 j) DSGVO in conjunction with the BayIfSMV. Upon presentation of the relevant proof of vaccination or recovery, your legitimation for admission to the stadium will be determined by the respective DFB EURO 2020 Volunteer digitally (usually within the Luca App or the Corona-Warn App) or analogously (by handing out a wristband), without storing the specific information as to why admission is granted; rejected if not. Other data besides authorisation or refusal, in particular, for example, the actual (non-)presence of vaccination or convalescence, are not recorded after the visual inspection. DFB EURO GMBH is solely responsible under data protection law for the data processing described in this section.
4. DATA PROCESSING FOR PAYMENT TRANSACTIONS
Payment processing of payments made via our online shop is carried out in cooperation with our partners: technical service providers, financial institutions, payment service providers.
4.1 DATA PROCESSING FOR TRANSACTION HANDLING
Depending on method of payment and insofar this is necessary, we transmit data necessary to process payment to our technical service providers working for us in the course of an order management process, or to commissioned financial institutions or selected payment service providers. This ensures performance of contract in accordance with Art. 6 para. 1 lit. b DSGVO. Payment service providers partially collect data requested for payment processing themselves for example on their own website or by means of a technical integration in the ordering process. The data protection regulation of the respective payment service provider shall apply.
In case of questions regarding our payment processing partners please refer to the contact opportunity mentioned in this data protection regulation.
4.2 DATA PROCESSING FOR THE PURPOSE OF FRAUD PREVENTION AND OPTIMIZATION OF OUR PAYMENT PROCESS
If necessary, we transmit further data which is used along with data needed to process payment for the purpose of fraud prevention and optimization of our payment processes (for example invoicing, processing of contested payments, accounting support) to our service providers. Pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, this serves to protect our legitimate interests in our protection against fraud and in efficient payment management, which outweigh our interests in the context of a balancing of interests.
5. ADVERTISING BY E-MAIL
5.1 E-MAIL NEWSLETTER WITH SUBSCRIPTION
If you subscribe to our newsletter, we use required or separately given data to regularly send you our e-mail newsletter based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO.
A deregistration is always possible and can be either made by a message to the contact opportunity mentioned in this data protection declaration or by means of the link provided in the newsletter.
After the deregistration your e-mail address is deleted from the list of recipients insofar you have not explicitly agreed to a further use of your data or if we reserve the right to use the data in accordance with legal requirements explained in this data protection regulation.
5.2 NEWSLETTER DISPATCH
The newsletter will possibly be sent via our service providers in the course of a processing on our account. Regarding questions concerning our service providers and the basis of the cooperation please refer to the contact opportunity mentioned in this data protection declaration.
6. COOKIES AND OTHER TECHNOLOGIES
6.1 GENERAL INFORMATION
In order to make visiting our website attractive and to enable the use of certain functions, we use technologies including so-called cookies on various pages. Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and allow us to recognize your browser the next time you visit (persistent cookies).
We use such technologies that are absolutely necessary for the use of certain functions of our website (e.g. shopping cart function). Through these technologies, IP address, time of visit, device and browser information as well as information about your use of our website (e.g. information about the contents of the shopping cart) are collected and processed. In the context of a balancing of interests, this serves overriding legitimate interests in an optimized presentation of our offer in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO.
You can find the cookie settings for your browser under the following links:
Microsoft Edge™ [https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies] / Safari™ [https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14] / Chrome™ [https://support.google.com/chrome/answer/95647?hl=de&hlrm=en] / Firefox™ [https://support.mozilla.org/de/products/firefox/protect-your-privacy/cookies] / Opera™ [https://help.opera.com/de/latest/web-preferences/#cookies]
6.2 COOKIEBOT CONSENT MANAGEMENT PLATFORM
On our website, we use Cookiebot to inform you about the cookies and the other technologies we use on our website, as well as to obtain, manage and document your consent, if required, to the processing of your personal data by these technologies. Pursuant to Art. 6 (1) p. 1 lit. c DSGVO, this is necessary to fulfill our legal obligation under Art. 7 (1) DSGVO to be able to prove your consent to the processing of your personal data, to which we are subject. Cookiebot is an offering of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, which processes your data on our behalf.
After you submit your cookie declaration on our website, Cookiebot's web server stores your anonymized IP address, the date and time of your declaration, browser information, the URL from which the declaration was sent, information about your consent behavior, and an anonymous random key. In addition, a cookie is used that contains the information about your consent behavior and the key. Your data will be deleted after twelve months, unless you have expressly consented to further use of your data pursuant to Art. 6 (1) p. 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
7.1 THE USE OF GOOGLE SERVICES
We use the below-mentioned technologies of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland („Google“). Information automatically collected by Google technologies about your use of our website are normally transmitted to a server of Google LLC, 1600 Amphittheatre Parkway Mountain View, CA 94043, USA and stored. There is no adequacy regulation for the USA made by the European Comission. Our cooperation is based on standard privacy clauses of the European Comission. If your IP address is collected by Google technologies, it will be reduced by means of the activation of the IP anonymization before being stored on Google servers. Only in exceptional cases, a complete IP address will be transmitted to a Google server and reduced there. Unless otherwise stated, data processing is carried out based on an agreement referring to the technology between the responsible parties in accordance with Art. 26 DSGVO. All information concerning data processing by Google can be found in the Google data protection notice [https://policies.google.com/privacy?hl=de].
For website analysis, Google Analytics automatically collects and stores data (IP address, time of website visit, device and browser information as well as information about your use of our website) by means of which usage profiles are created. Cookies can be used for this purpose. Your IP address will not be merged with other Google data. Data processing is carried out based on an agreement concerning order processing by Google.
For website analysis and incident tracking, your subsequent usage behavior will be measured by means of Google Ads Conversion if you were forwarded to our website via Google Ads advertising. Cookies can be used for this purpose as well as data being collected (IP address, time of website visit, device and browser information as well as information about your use of our website) by means of which usage profiles are created.
To visualize geographical information Google Maps collects and transmits data about your usage of Maps-functions, especially the IP address as well as location data to Google. We have no influence on any further data processing.
7.2. APPLICATION OF FACEBOOK SERVICES
APPLICATION OF FACEBOOK PIXEL
We use Facebook Pixel within the scope of subsequently mentioned technologies of Facebook Ireland Ltd [https://de-de.facebook.com/facebookdublin/]., 4 Grand Canal Square, Dublin 2, Irland („Facebook“). Facebook Pixel automatically collects and stores data (IP address, time of website visit, device and browser information as well as information regarding your usage of our website based on events given by us, as for example the visit of a website or subscription to newsletter) by means of which usage profiles can be created. For this purpose, when visiting our webpage, Facebook Pixel automatically puts a Cookie which, by means of a pseudonymous Cookie ID, automatically enables a recognition of your browser when visiting other websites. Facebook will merge the information with further data from your Facebook account und will use this to create reports about the website activities and to provide additional services such as personalized and group-based advertising.
Information automatically collected by Facebook technologies about your use of our website are normally transmitted to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored. There is no adequacy regulation for the USA made by the European Comission. Our cooperation is based on standard privacy clauses of the European Comission. All information concerning data processing by Facebook can be found in the Facebook data protection notice [https://de-de.facebook.com/policy.php].
We use Facebook Ads to advertise for our website on Facebook and other platforms. We determine all parameters of the respective advertising campaign. Facebook is responsible for implementing and placement of the advertisement concerning individual users. Unless otherwise stated, data processing is carried out based on an agreement between responsible parties in accordance with Art. 26 DSGVO. Shared responsibility is restricted to the collection of data and its transmission to Facebook Ireland. A subsequent data processing by Facebook Ireland is not included in this.
Based on statistics about visitor activities on our website which were created by Facebook Pixel, we publish group-based advertisement on Facebook via Facebook Custom Audience by determining characteristics of the respective target audience.
Based on the Cookie ID put by Facebook Pixel and collected data about usage behavior on our website, we publish personalized advertisement via Facebook Pixel Remarketing.
8. SOCIAL MEDIA
8.1. SOCIAL PLUGINS BY FACEBOOK, INSTAGRAM, WHATSAPP
Our website uses Social Buttons from social networks. These are solely embedded as HTML-links on the website and therefore no connection to the server of the respective service provider will be made when accessing our website. When clicking on one of the buttons, the website of the respective social network will open in a new browser window. You have the option to press the Like- or Share-Button on these pages.
8.2 OUR ONLINE VISIBILITY ON FACEBOOK, INSTAGRAM, LINKEDIN, XING
Insofar as you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presences on the social media mentioned above, from which usage profiles are created using pseudonyms. These can be used to e.g. place an advertisement both inside and outside the platforms which presumably comply to your interests. Cookies are normally used for this purpose. Detailed information concerning processing and utilization of data by means of a particular social media provider as well as a contact opportunity and your rights and configuration options to protect privacy can be found in the below linked data protection notice of the provider. If further questions occur, please refer to us.
Facebook [https://www.facebook.com/about/privacy/]ist is part of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Irland („Facebook Ireland“). Information automatically collected by Facebook technologies about your use of our online presence are normally transmitted to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored. There is no adequacy regulation for the USA given by the European Comission. Our cooperation is based on standard privacy clauses of the European Comission. Data processing when visiting a Facebook fanpage is carried out based on an agreement of all responsible parties in accordance with Art. 26 DSGVO. Further information (information about Insight data) can be found here:
Instagram [https://help.instagram.com/519522125107875] is part of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Irland („Facebook Ireland“). Information automatically collected by Facebook technologies about your use of our Instagram are normally transmitted to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored. There is no adequacy regulation for the USA given by the European Comission. Our cooperation is based on standard privacy clauses of the European Comission. Data processing when visiting a Instagram fanpage is carried out based on an agreement of all responsible parties in accordance with Art. 26 DSGVO. Further information (information about Insight data) can be found here:
LinkedIn [https://www.linkedin.com/legal/privacy-policy] is part of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland („LinkedIn“). Information automatically collected by LinkedIn technologies about your use of our Pinterest presence are normally transmitted to a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA and stored. There is no adequacy regulation for the USA given by the European Comission. Our cooperation is based on standard privacy clauses of the European Comission.
Xing [https://privacy.xing.com/de/datenschutzerklaerung] is part of New Work SE, Dammtorstraße 30, 20354 Hamburg.
9. CONTACT OPTIONS AND YOUR RIGHTS
As a data subject, you have the following rights:
* in accordance with Art. 15 DSGVO, you have the right to request information about your personal data processed by us to the extent specified therein;
* in accordance with Art. 16 DSGVO, you have the right to request the correction of incorrect or incomplete personal data stored by us without delay;
* in accordance with Art. 17 DSGVO, you have the right to request deletion of personal data we store;
* to fulfil a legal obligation;
* for reasons of public interest or
* establishment, exercise, defense of legal claims or litigation;
* in accordance with Art. 18 DSGVO: the right to request the limitation of processing your personal data as long as the correctness of data is contested by the data subject
* data processing is illegitimate; but deletion is rejected by you;
* we no longer need the data, but you need it to assert, exercise or defend legal claims
* you have appealed against the processing of your data in accordance with Art. 21 DSGVO
* pursuant to Art. 20 DSGVO, the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
* in accordance with Art. 77 DSGVO, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
For questions regarding the collection, processing or use of personal information, the disclosure, correction, blocking or deletion of data and revocation of consents granted, please contact us
via the contact details in our imprint. Data protection officer:
RIGHT OF OBJECTION
Insofar as we process personal data as explained above in order to protect our legitimate interests that prevail in the context of a balancing of interests, you may object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you will only have the right to object if there are grounds arising from your particular situation.
After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
This does not apply if the processing is for direct marketing purposes. Then we will not further process your personal data for this purpose.