Data privacy policy ART
Aachener Reitturnier GmbH
Albert-Servais-Allee 50, 52070 Aachen / P.O. Box 50 01 01, 52085 Aachen, Germany, legally represented by the Managing Director Dipl.-Kfm. Michael Mronz, Commercial Register: AG Aachen HRB 1201
Office – T: (49) 241-88927-0, F: (49) 241-88927-199, E: info@chioaachen.de, www.chioaachen.com
The Aachener Reitturnier GmbH (ART), Albert-Servais-Allee 50, 52070 Aachen takes the protection of your personal data very seriously. We process your personal data exclusively within the legal framework of the laws and regulations applicable in the Federal Republic of Germany. Hereinafter, we explain the type, extent and purpose of processing thereof. We protect our website and other systems against the access of unauthorised persons using suitable technical and organisational measures. The responsible party within the meaning of the GDPR shall be ART. You can contact the Data Protection Supervisor of the ART by email datenschutz@chioaachen.de, at any time regarding this issue and any possible further queries on the topic of the protection of personal data. In addition, you as well may contact a surveillance authority acc. to Art. 77 GDPR, this being in general the surveillance authority of your regular place of residence or pace of work or our company’s registered business seat.
Your Data Protection Rights – the collection, processing and use of personal data by ART is based on the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG). You shall be entitled to the following rights at any time:
- to request information about the personal data processed in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom the data have been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to file a complaint with a surveillance authority, the origin of the data if they have not been collected by ART, as well as the existence of automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR and significant information about its details;
- to demand the correction of inaccurate or incomplete personal data stored in accordance with Art. 16 GDPR without undue delay;
- to demand the deletion of the stored personal data in accordance with Art. 17 GDPR. The right to deletion shall not apply to the extent that the processing is required for exercising of the fundamental right to freedom of expression, for compliance with legal obligations, for reasons of public interest with respect to public health or for the enforcement, pursuit or defence of legal claims;
- in accordance with Art. 18 GDPR, to request restriction on processing of personal data in case the accuracy of the personal data is in dispute, the processing is unlawful and the participant refuses the deletion of the personal data and instead requests the restriction of the use of the personal data or the personal data is no longer required for the purposes of processing but the participant requires them for the enforcement, pursuit or defence of legal claims or the participant has filed an objection to the processing in accordance with Art. 21 (1) GDPR;
- to receive the personal data in a structured, common and machine-readable format or to request the transfer to another responsible party in accordance with Art. 20 GDPR;
- at any time to withdraw the consent once given vis-à-vis ART in accordance with Art. 7 (3) GDPR. As a result, the processing of data that was based on this consent may no longer be continued for the future.
Changes to this data privacy policy – Due to legal and/or organisational and/or jurisdictional reasons, amendments or adjustments to our data privacy policy may become necessary from time to time. In this regard, please make sure you refer to the current version of our data privacy policy.
Fan-Shop – Our fan shop is embedded in the website www.chioaachen.de, whose operator is the Aachen-Laurensberger Rennverein e.V. (ALRV), whose privacy policy you can find under the link: https://www.chioaachen.de/de/datenschutz_erklaerung/.
Articles of the CHIO Aachen Fan-Shop can be purchased in our office entirely without providing personal data. The provider of the CHIO Aachen Fan-Shop is the Aachener Reitturnier GmbH (ART), Albert-Servais-Allee 50, 52070 Aachen, Germany.
Personal data is only collected (pursuant to Art. 6 S. 1 (a), (b), (c) GDPR) if you provide it to us of your own accord, for example to process your orders, to register for personalised services or to receive information via post, fax, e-mail or other channels.
The processing of your personal data takes place in countries of the European Economic Area. If we pass on personal data, we do so exclusively to service and partner companies that support us in processing orders and providing Customers with information. These companies may only use your personal data to fulfil their tasks on our behalf and are obliged to comply with the data protection regulations applicable in the Federal Republic of Germany. Sometimes we may be forced to disclose your data due to legal regulations or legal processes. In all other respects, however, personal data will not be passed on to third parties.
Purchase of tickets – VIP tickets can usually be requested from ART by telephone or in text form (e.g. e-mail). We collect and process personal data in this context if and insofar as this is necessary for the justification, execution or termination of the respective legal transaction (purchase). For this purpose, we collect and process the necessary personal data (title, first and last name, e-mail address, postal address, payment data, product-specific data, order history) that are required to fulfil the order. The legal basis for the processing is Art. 6 S. 1 (b) GDPR. The data provided by the Customer will also be collected, processed and used in an automated procedure for the purpose of legal prosecution (“ticket enforcement”) of violations of the GTC for the purchase of tickets and the stay at the Show Ground.
Personal data is only collected beyond this (in accordance with Art. 6 S. 1 (a), (b), (c) GDPR) if you provide it to us of your own accord, for example to process your orders, to register for personalised services or to receive information and newsletters via post, e-mail or other channels. This personal data will be stored until you withdraw your consent or for as long as required by law. The processing of your personal data takes place in countries of the European Economic Area or in countries with a level of data protection that is not comparable to the level of data protection within the EEA. Such transfer is then subject to the standard contractual clauses as set out in EU Commission Decision 2021/914/EU or any successor version, in order to contractually ensure protection of your personal data by a level of protection applicable within the EEA. You can request an edited version of these standard contractual clauses (excluding commercial content and information that is not relevant) at datenschutz@chioaachen.de. When we share personal data, we do so only with service and partner companies that help us process orders and provide information to Customers. These companies may only use your personal data to fulfil their tasks on our behalf and are obliged to comply with the data protection regulations applicable in the Federal Republic of Germany. Sometimes we may be forced to disclose your data due to legal regulations or legal processes. In all other respects, however, personal data will not be passed on to third parties.
For the possible processing of your orders with certain payment methods (such as MasterCard, Visa Card, ec-Card), we use the services of third parties to whom we provide the payment information of the orders and who carry out the settlements for us. Our service providers for this are: BS Payone GmbH with registered office in 60528 Frankfurt/Main, Germany, Lyoner Straße 9 (you can view their data protection declaration here: https://www.bspayone.com/de/privacy), Computop Wirtschaftsinformatik GmbH with registered office in 96050 Bamberg, Schwarzenbergstr. 4, Germany (https://www.computop. com/en/datenschutz/), SOFORT GmbH with registered office in 80339 Munich, Germany, Theresienhöhe 12, which is part of the Klarna Group, Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden (https://www.klarna.com/sofort/datenschutz) and American Express Services Europe Limited with registered office in, 60486 Frankfurt am Main, Germany, Theodor-Heuss-Allee 112 (https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html).
Purchase of tickets and contact tracing – To the extent that ART is obliged to do so by law or on the basis of protective or hygiene measures prescribed by the authorities or associations, ART will inform the competent authority in the event of suspected infection or proven infection of the ticket holder or a contact person of the ticketholder with a virus associated with a force majeure event in order to comply with its obligations in this regard with regard to tracing and containing possible sources of infection. The collection and subsequent transfer of data is based on Art. 6 (1) S. (c) GDPR, Art. 9 (2) (i) GDPR. If personal data are requested by the competent authority, the latter is responsible for the further processing of the data.
The data transmitted to ART in connection with the purchase, (re)personalisation and activation of tickets (see above ticket purchase) will be kept by ART and, if necessary, transmitted to the competent authority in accordance with the aforementioned paragraph.
All aforementioned personal data will be deleted when it is no longer required for the purposes for which it was collected. As a rule, this personal data will be deleted no later than four (4) weeks after the end of the event, unless ART is obliged to store it for a longer period of time due to legal regulations or due to protective or hygiene measures stipulated by the authorities or associations.
Websites/Internet presence – If personal data (i.e. names, addresses, or email addresses) is collected on our site, this only occurs where possible on a voluntary basis. This data will only be passed on to third parties without your explicit consent in the following cases: (i) if an explicit consent has been granted in accordance with Art. 6 (1) S. 1 (a) GDPR, (ii) if the transfer in accordance with Art. 6 (1) S. 1 (f) GDPR is necessary for the assertion, exercise or defence of legal claims (e.g. ticket enforcement) and there is no reason for the assumption that there is an overriding legitimate interest in the nontransfer of the respective data, (iii) if the transfer in accordance with Art. 6 (1) S. 1 (c) GDPR, (iv) if this is legally admissible and required pursuant to Art. 6 (1) S. 1 (b) GDPR for the execution of contractual obligations with the Customer, or (v) if the transfer is conducted to a carefully selected service provider (Art. 28 (1) GDPR) with whom a contract for order processing (Art. 28 (3) GDPR) has been concluded (e.g. for the shipping of entrance tickets). We would like to point out that data transmission via the Internet (i.e. when communicating per email) is subject to security breaches. It is not possible to guarantee complete protection against the data being accessed by third parties.
Cookies – The websites partly use so-called cookies. Cookies do not cause any damage to your computer and they contain no viruses. Cookies serve to make our contents more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer, which your browser saves. Most of the cookies we use are so-called “session cookies”. These are automatically deleted after the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser the next time you visit our site. In some cases, cookies from third-party companies may also be stored on your end device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for range measurement or integration of third-party content).
Cookies have various functions. Some cookies are technically necessary, as certain website functions would not work without them (e.g. language settings and cookie consent). Other cookies are used to evaluate user behaviour or display advertising (performance cookies). Technically necessary cookies are stored on the basis of Art. 6 (1) S. 1 (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services.
Consent (Art. 6 (1) S. 1 (a) GDPR) is obtained for cookies that are not technically necessary. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent. The consent can be withdrawn at any time with effect for the future.
We use the “Borlabs cookie” as a so-called consent tool to request consent for data processing or the use of cookies or comparable functions. With the help of the consent tool, you have the possibility to give or refuse your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, range measurement and personalised advertising. You can use the consent tool to give or refuse your consent for all functions or to give your consent for individual purposes or individual functions. The settings you have made can also be changed by you afterwards or the consents can be completely revoked. The purpose of integrating the consent tool is to allow users of our website to decide on the aforementioned matters and, in the course of further use of our website, to offer them the opportunity to change settings they have already made. In the course of using the consent tool, we regularly process the following personal data: Your consent(s) or revocation of your consent(s), your IP address, information about your browser, information about your terminal device, time of your visit to the website.
The legal basis for the use of the Consent Tool is Art. 6 (1) S. 1 (c) GDPR, as this obtains the legally required consents for the use of certain technologies.
You can find an overview of the cookies we use, information about them and setting options HERE in our consent tool.
You can set your browser so that you are informed about the placement of cookies, can enable cookies only in each individual case, accept cookies in certain cases or generally block them as well as activate the automatic deletion of cookies on closing the browser. Deactivating cookies can limit the functionality of the website.
Server log files – The provider of the site automatically collects and saves information in so-called server log files, which your browser automatically transmits to us. These are: The browser type/browser version, the operating system used, the referrer URL, the host name of the accessing computer, the time of the server enquiry. This data is not directly assignable to specific persons. We reserve the right to check this data subsequently, if we become aware of any concrete evidence of unlawful use.
Newsletter data – If you would like to subscribe to the newsletter offered on this website, we require an email address from you as well as information that allows us to check that you are the owner of the stated email address and that you consent to receiving the newsletter. No further data is collected. We solely use this data to dispatch the requested information and do not pass it on to third parties. You can withdraw the consent given to store data, including the email address and the usage thereof to send out the newsletter, for instance by clicking on the unsubscribe link in the newsletter.
Data privacy policy for the use of Google Analytics – Insofar as you have given your consent, Google Analytics, a web analysis service by Google LLC, is used on this website. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google Analytics uses “cookies”, which enable an analysis of your usage of our websites. The information on your utilisation of this website that is generated by the cookies is generally transferred on to a Google server in the USA and stored there. The anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. During your visit to the website, your user behaviour is recorded in the form of “events”. Events collected may include: page views, first visit to the website, start of session, your “click path”, interaction with the website, scrolls (whenever a user scrolls to the bottom of the page (90%)), clicks on external links, internal searches, interaction with videos, file downloads, ads seen / clicked, language preference. Also recorded: Your approximate location (region), your IP address (in shortened form), technical information about your browser and the end devices you use (e.g. language setting, screen resolution), your internet provider, the referrer URL (via which website/ via which advertising medium you came to this website). On behalf of the operator of this website, Google will use this information for the purpose of evaluating your anonymous use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website.
Recipients of the data are/could be: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR); Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. It cannot be ruled out that US authorities will access the data stored by Google. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities.
The data sent by us and linked to cookies are automatically deleted after 30 days. Data whose retention period has been reached is automatically deleted once a month.
The legal basis for this data processing is your consent pursuant to Art. 6 (1) S. 1 (a) GDPR. You can withdraw your consent at any time with effect for the future by calling up the settings HERE and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until withdrawal remains unaffected.
Data privacy policy for the use of Google Maps – On our orientation page to the “CHIO Aachen Village”, we use services of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”), in order to facilitate your orientation in the “CHIO Aachen Village”. The responsibility for the data protection compliant operation of this service is guaranteed by Google. Google has its place of business partly outside the EU or the EEA – an adequate level of data protection according to the GDPR may therefore not exist. In order to ensure data protection on our website, we only use Google Maps together with the so-called “two-click” solution. This application prevents the use of Google Maps integrated on our website from transmitting data to Google when you first enter the page. Only when you activate Google Maps by clicking on the associated button (“Discover the CHIO Aachen Village”), a direct connection to the provider’s server will be established (consent). As soon as you activate the plugin, Google receives the information that you have visited our site with your IP address. At the same time, Google may place cookies on your terminal device, unless you have prohibited the use of cookies in your browser, or read cookies. Location data may also be collected if you allow this in your browser. Activating the plug-in constitutes consent within the meaning of Art. 6 (1) S. 1 (a) GDPR. You can withdraw this consent at any time with effect for the future. The purpose and scope of data collection by Google and the further processing and use of your data there, as well as your rights in this regard and setting options for protecting your privacy, can be found in Google’s privacy policy at: https://policies.google.com/privacy?hl=de.
Data privacy policy for the use of Facebook plug-ins (Like button) – Plug-ins of the social network Facebook, provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Meta“) are integrated into our website. The Facebook plug-ins on our website can be recognised by the Facebook logo or the “Like button”. An overview of the Facebook plug-ins can be found here: http://developers.facebook.com/docs/plugins/ . To ensure data protection on our website, we only use these plugins with your consent. The integration of our consent tool prevents the plugins integrated on our website from transmitting data to the respective provider when you first enter the page. Only with your consent to the use of the plugin (and, if applicable, by activating the plugin), a direct connection to the provider’s server is established. In this way, Meta receives the information, that you have visited our site from your IP address. If you click on the Facebook “Like button” while you are logged in to your Facebook account, the contents of our site can be linked to your Facebook profile. This enables Meta to assign your visit to our site to your user account. At the same time, Meta may place cookies on your terminal device, unless you have prohibited the use of cookies in your browser, or read cookies. Location data may also be collected if you allow this in your browser. The legal basis for the processing of your personal data within the scope of the use of Facebook plug-ins is Art. 6 (1) S. 1 (a) GDPR. You can withdraw your consent at any time with effect for the future by accessing the settings HERE and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until withdrawal remains unaffected by this. We point out that in our capacity as provider of the site we receive no knowledge about the contents of the transmitted data and its usage by Meta. Further information on this subject can be found in the data privacy policy of Facebook/Meta at http://de-de.facebook.com/policy.php. If you do not want Meta to be able to assign your visit to our site to your Facebook user account, please log out of your Facebook user account.
Data privacy policy for the use of X– Functions of the Xservice are integrated into our website. These functions are offered by XInc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. On using X and the “Re-tweet” function the websites you visit are linked to your X account and made known to other users. Hereby data is also transmitted to X. To ensure data protection on our website, we only use these functions with your consent. The integration of our Consent tool prevents the Xfunctions integrated on our website from transmitting data to the provider when you first enter the page. A direct connection to the provider’s server is only established with your consent to the use of the X functions (and, if applicable, by activating the function). X thereby receives the information that you have visited our site with your
IP address. At the same time, X may place cookies on your terminal device, unless you have prohibited the use of cookies in your browser, or read cookies. Location data can also be collected if you allow this in your browser. The legal basis for the processing of your personal data within the scope of using X is Art. 6 (1) S. 1 (a) GDPR. You can withdraw your consent at any time with effect for the future by accessing the settings HERE and changing your selection there. The lawfulness of the processing carried out on the basis of the consent up to withdrawal remains unaffected by this. We point out that in our capacity as provider of the site we receive no knowledge about the contents of the transmitted data and its usage by X. Further information on this subject can be found in the data privacy policy of Xat http://x.com/privacy.
You can change your data privacy settings on X under the account settings at http://X.com/account/settings
Data privacy policy for the use of Instagram – Functions of the Instagram service are integrated into our website. These functions are offered by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Meta“).If you are logged in to your Instagram account you can link the contents of our website to your Instagram profile by clicking on the Instagram button in the following. This enables Instagram to assign your visit to our site to your user account. To ensure data protection on our website, we only use these functions with your consent. The integration of our consent tool prevents the Instagram functions integrated on our website from transmitting data to the provider when you first enter the page. A direct connection to the provider’s server is only established with your consent to the use of the Instagram functions (and, if applicable, by activating the function). Meta thereby receives the information that you have visited our site with your IP address. At the same time, Meta may place cookies on your end device, unless you have prohibited the use of cookies in your browser, or read cookies. Location data may also be collected if you allow this in your browser. The legal basis for the processing of your personal data in the context of the use of Instagram is Art. 6 (1) S. 1 (a) GDPR. You can withdraw your consent at any time with effect for future by accessing the settings HERE and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until withdrawal remains unaffected. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram/Meta. You can find more information on this in the privacy policy of Instagram/Meta: http://instagram.com/about/legal/privacy/.
Data privacy policy for the use of YouTube – Our website uses plug-ins of YouTube, which is operated by Google. The operator of the website is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. To ensure data protection on our website, we only use these plugins on pages equipped with a YouTube plugin. The integration of our consent tool prevents the plugins integrated on our website from transmitting data to the respective provider when you first enter the page. Only with your consent to the use of the plugin (and, if applicable, by activating the plugin), a direct connection to the servers of YouTube to the server of the provider is established. In the process, the YouTube server is informed which of our pages you have visited. At the same time, YouTube may place cookies on your terminal device, unless you have prohibited the use of cookies in your browser, or read cookies. Location data may also be collected if you allow this in your browser. If you are logged in to your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this from happening by logging out of your YouTube account. Further information on the handling of user data can be found in the data privacy policy of YouTube at https://www.google.de/intl/de/policies/privacy. The legal basis for the processing of your personal data within the scope of using YouTube plug-ins is Art. 6 (1) S. 1 (a) GDPR. You can withdraw your consent at any time with effect for the future by accessing the settings HERE and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until withdrawal remains unaffected.
Aachen, April 2023
Aachener Reitturnier GmbH (ART)