Provider identification (acc. to Sect. 6 TMG, German Telemedia Act)
The European Outdoor Film Tour (E.O.F.T) is a project of Mammut Sports Group, W. L. Gore and Associates and Moving Adventures Medien GmbH.
Updated: 4 June 2018
1. Subject Matter and Scope
2. Responsible Entity
Moving Adventures Medien GmbH
Thalkirchner Straße 58
Phone +49 (0)89 383 967 80
Fax +49 (0)89 383 967 40
3. Certified Data Protection Officer
Attorney at Law, IT Law Specialist
Contact our data protection officer directly at any time with any questions or comments regarding data protection.
4. Visiting Our Websites
Our system automatically collects data and information from any device used to access our websites. In order for the website pages to be displayed in your browser, the IP address of the device you are using must be processed. Information about your operating system and browser are also collected.
We are legally obligated to ensure the confidentiality and integrity of the personal data processed with our IT systems. The data will also be used to correct errors on the websites.
For these purposes, the following data is logged:
• IP address of the accessing device
• Operating system of the accessing device
• Browser version of the accessing device
• Name of the retrieved file
• Date and time of retrieval
• Amount of data transferred
• Referring URL
This data is automatically deleted after seven days.
Our websites are hosted by a service provider in the European Economic Area. The applicable data processing terms are in accordance with Art. 28 DSGVO.
The legal basis for processing this information is Art. 6, 1f DSGVO. Our primary interest is the operation of our websites and the implementation of protection measures to ensure the confidentiality, integrity, and availability of such data.
We also use your IP address to conduct a geolocation to determine from which region you are visiting our websites and, based on this information, to be able to show you events relevant to you. For the geolocation, we use the ip-api.com service.
The legal basis for this geolocation is Art. 6, 1f DSGVO. Our primary interest is to optimize our websites and our customer interactions.
5. Contact Information und Customer Database
If you contact us to request information, the information you provide will be stored for the purpose of processing the request. The information collected in the website’s contact form is needed to process your request, address you correctly, and send you an answer.
The legal basis for processing this data is Art. 6, 1f DSGVO. Our primary interest is communication with customers and interested parties.
If the aim of establishing contact is to conclude a contract, the additional legal basis is Art. 6, 1b DSGVO.
Inquiries and orders are typically stored in our CRM system. This data may be used for direct marketing purposes. You can object to such use for direct marketing at any time. Details on your right to object can be found in the section below entitled "Your Rights".
The CRM system is routinely monitored to determine whether data can be deleted. Should data no longer be required in the context of a customer or prospective customer relationship or should the customer's interests to the contrary prevail, we will delete the relevant data, provided that this does not conflict with any statutory storage obligations.
The legal basis for the storage and processing of this data is Art. 6, 1f DSGVO. Our primary interest is the implementation of direct marketing campaigns.
6. Online Shopping
When you place orders in our online shop, we process inventory data (e.g., names, contact addresses, delivery addresses) and contractual data (e.g., services used, payment information) to fulfil our contractual obligations.
We only share personal data with third parties if it is necessary within the framework of fulfilling the contract. This is the case with logistics companies entrusted with the delivery of goods and with banks and payment service providers entrusted with payment processing.
When paying with the Sofort bank transfer service, the billing data is shared with Sofort GmbH. Information on data protection at Sofort GmbH is available here: https://www.klarna.com/sofort/privacy-policy/.
When making a purchase in our online shop with a credit card, we use the payment service Sparkasse Internetkasse of the service provider BS PAYONE GmbH, Lyoner Strasse 9, 60528 Frankfurt/Main, Germany.
We do not collect billing data. The entities above are solely responsible for the data management of payment processing services within the scope of the DSGVO. The legal basis for processing the data required for a contractual payment agreement is Art. 6, 1b DSGVO.
In order to verify that the actual owner of the email address has registered to receive a newsletter, we use the double-opt-in (DOI) procedure, wherein a confirmation email is sent to the registered address after registration. Registration for the newsletter is only completed when the link in the confirmation email is activated. The IP address of the requesting device and the date and time of activation of the confirmation link will also be transmitted to us.
Subscription to the newsletter can be terminated at any time by using the unsubscribe link provided in each newsletter or by contacting us using the details above for the Responsible Entity. The legal basis for processing newsletter registration data with your consent is in accordance with Art. 6, 1a DSGVO.
7.2 Newsletter—Existing Customers
If you purchase goods or services from us and provide us with your email address, we may use this address to send you an email newsletter, provided you have not objected to such use. In this case, the email newsletter will only send direct mailings for similar goods or services from our company. You can withdraw the use of your email address at any time without incurring any costs (other than the standard transmission rates incurred by using the unsubscribe link contained in each newsletter) by unsubscribing from the newsletter. You can also unsubscribe via the settings in your customer account or by contacting us using the details provided above for the Responsible Entity.
The legal basis for sending a newsletter as a result of the sale of goods or services is in accordance with Art. 6, 1f DSGVO in conjunction with § 7 para. 3 UWG.
7.3 Newsletter—Service Provider
To send our newsletter, we use a distribution tool—MailChimp—by The Rocket Science Group LLC (USA), an external service provider. Personal data is shared with a third party outside the EU. The service provider has a Privacy Shield certification. Protections are in place for the transmission of data pursuant to Art. 46 DSGVO. We will provide you with proof of the service provider's Privacy Shield certification upon request at any time. To request this information, please contact us using the details provided above for the Responsible Entity. The appropriate measures are taken to ensure that processing this data is carried out in accordance with the requirements of Art. 28 DSGVO.
MailChimp’s data protection policy is available here: https://mailchimp.com/legal/privacy.
7.4 Newsletter—Data Analytics
A statistical analysis of usage data may be conducted via our newsletters. For this purpose, we may record the initial opening of the email, clicks on internal links, and additional information about the time of opening and the IP address. The purpose of collecting this information is to measure and optimize the success of our newsletter campaigns by making its content more relevant to our target group and optimizing its technical presentation. For this, we use Google Analytics, provided by Google LLC. Please refer to section 10. Web Analytics below.
The legal basis for conducting this analysis is Art. 6, 1f DSGVO. Our primary interest is the evaluation and optimization of communication with customers and interested parties.
8. Prize Drawings and Other Contests
When participating in one of our offline or online contests, we collect and process the following data: surname, first name, address, email address, and signature. We collect this data in order to deliver potential prize winnings.
If you provide any additional information in connection with your participation, you do so on a voluntary basis.
We process participants’ personal data in order to carry out the competition and to determine and notify the winners by email. If you do not provide us with the data required, you will not be able to participate in the competition and we will not be able to notify you regarding any prize winnings.
The legal basis is for processing this data is in accordance to Art. 6, 1b DSGVO.
We also use temporary cookies, called first-party cookies, that we store on your device for a certain period of time. When you revisit our site, the system will automatically recognize which entries and settings you have made so that you do not have to enter them again.
The legal basis for processing personal data using cookies is Art. 6, 1f DSGVO. Our primary interest is the operation, analysis, and optimization of our websites and our customer interactions.
10. Web Analytics
We use web analytics on our websites to monitor how they are used by visitors, to optimize the websites as a whole, and to improve the presentation.
We use Google Analytics with IP anonymization. Google Analytics is a web analytics service offered by Google Inc, USA ("Google"). Cookies are enabled within the framework of Google Analytics. In the context of IP anonymization, the IP addresses of users within the European Economic Area are truncated by Google before being transmitted to the United States. In exceptional cases, the unabridged IP address is transmitted to Google in the USA and is truncated there. The transmitted IP addresses will not be merged with other Google data.
For further information, please refer to Google's data protection policy: https://www.google.com/policies/privacy.
When using Google Analytics, personal data is transferred to a third party outside the EU. The service provider’s Privacy Shield certification is available here: https://www.privacyshield.gov/participant?id=a2zt00000000001L5AAI&status=Active. The appropriate protections for data transmission are in place pursuant to Art. 46 DSGVO.
The legal basis for processing data for the purpose of web analytics is Art. 6, 1f DSGVO. Our primary interest is the analysis, optimization, and economic operation of our websites and our customer interactions.
11. Conversion Tracking und Retargeting/Remarketing Services
External service providers use conversion tracking tools on our websites. We also use marketing and remarketing/retargeting services (hereinafter referred to collectively as "marketing services") from external service providers.
These marketing services make it possible to display advertisements for our site and on our site targeted specifically to your interests. They also measure user engagement to determine the effectiveness of the advertisements.
With the help of a cookie, web beacon, or tracking pixel, your browser records which websites (where such marketing services are active) you have visited and what content interested you. Moreover, additional information such as IP address, browser, operating system, time stamp, and the referring website are collected. If you subsequently visit other websites where such marketing services are active, advertisements tailored to your interests may be displayed.
The legal basis for processing data within a marketing services framework is Art. 6, 1f DSGVO. Our primary interest is the analysis, optimization, and economic operation of our websites and our customer interactions.
11.1 Facebook Custom Audience
We use the retargeting service Facebook Custom Audiences (Facebook Inc., USA), which uses a tracking pixel. When you visit our websites, this pixel is retrieved by a Facebook URL that has certain parameters and transmits information to Facebook, which Facebook uses to display targeted advertising. However, no individual persons are targeted; only groups of users with similar behavior. Facebook uses a hashing algorithm in which personal data is encrypted in such a way that Facebook cannot assign it to individual users.
You can object to the analysis of your usage behavior by Facebook and the display of interest-based recommendations here: https://www.facebook.com/ads/website_custom_audiences/.
When using Facebook Custom Audiences, personal data is transferred to a third party outside the EU. This service provider has a Privacy Shield certification. The appropriate protections for data transmission are in place pursuant to Art. 46 DSGVO. We will provide you with proof of the service provider's Privacy Shield certification upon request at any time. To request this information, please contact us using the details above for the Responsible Entity.
11.2 Google Marketing Services
Further information on Google’s data usage, settings, and opt-out tools can be found via the following:
• Google's data usage policy when using our partners' websites or apps: www.google.com/intl/de/policies/privacy/partners
• Google’s data usage policy for advertising purposes: www.google.com/policies/technologies/ads
• How to manage the information Google uses to show you ads: http://www.google.de/settings/ads
When using Google marketing services, personal data is transferred to a third party outside the EU. The service provider’s Privacy Shield certification is available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The appropriate protections are in place for the transmission of data pursuant to Art. 46 DSGVO.
We use Quantcast technology services on our websites. A service of Quantcast International Limited in Ireland, this technology enables interest-based advertising using cookies that forward data to Quantcast. If you wish to opt out of Quantcast interest-based advertising, use the opt-out function provided here: https://www.quantcast.com/opt-out/.
Since the opt-out function is also cookie based, your browser must be set to accept cookies from third parties. If you use multiple devices or browsers, you must log out of each one individually. If you delete the cookies on your browser history, you must log out again.
12. Google Maps
We use the Google Maps (API) service (Google LLC, USA) on our websites. Google Maps enables the display of interactive maps. When you access the websites’ subpages that are using Google Maps, information about your use of our websites (such as your IP address) is transmitted to and stored by Google on servers in the United States.
When using Google Maps, personal data is transferred to a third party outside the EU. Google’s Privacy Shield certification is available at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The appropriate protections for data transmission are in place pursuant to Art. 46 DSGVO.
The legal basis for processing data with the use of web analytics is Art. 6, 1f DSGVO. Our primary interest is the analysis, optimization, and economic operation of our websites and our customer interactions.
YouTube videos are embedded on our websites. These are made available by YouTube LLC in the USA ("YouTube") via a plugin.
We use the advanced privacy settings for embedded YouTube videos. YouTube does not set cookies. However, when you visit a website using the YouTube plugin, your IP address is transmitted to YouTube. When you are logged in to YouTube, the information you submit can be linked to your account.
For more information, please visit YouTube's Privacy and Safety Center at https://support.google.com/youtube/topic/2803240?hl=en&ref_topic=6151248.
YouTube is a subsidiary of Google and is therefore certified under the Privacy Shield in compliance with European data protection law: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
The legal basis for processing data in relation to YouTube is Art. 6, 1f DSGVO. Our primary interest is the optimization and economic operation of our websites.
We use reCAPTCHA (Google LLC, USA), a service that determines whether the data entered into a form is made by an actual human or by an automated bot or other malicious software. With reCAPTCHA, your IP address and other data required by Google for the reCAPTCHA service are transmitted to Google.
When reCAPTCHA is used, personal data is transferred to a third party outside the EU. The service provider’s Privacy Shield certification is available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
The appropriate protections for data transmission are in place pursuant to Art. 46 DSGVO. The legal basis for processing data when using reCAPTCHA is Art. 6, 1f DSGVO. Our primary interest is the security of our websites and the protection against spam.
15. Google Fonts
In order to display the content of our websites in a correct and graphically appealing manner across all browsers, we use the Google Fonts library from Google LLC in the USA (https://www.google.com/webfonts/).
Google Fonts are transferred to your browser's cache to avoid repeated downloads. If your browser does not support Google Fonts or does not allow access, content will be displayed in a default font.
Google’s Privacy Shield certification is available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The appropriate protections for data transmission are in place pursuant to Art. 46 DSGVO.
The legal basis for transmission of this type of data is Art. 6, 1f DSGVO. Our primary interest is the optimization and economic operation of our websites and our customer interactions.
16. Social Media
Various social media links for Facebook, Twitter, Instagram, Pinterest, and YouTube are integrated into our websites, recognizable by their respective logos. Clicking on one of these social media links, redirects you to our respective social media profile. In this case, the social media network provider will be informed that your browser has accessed the corresponding page of our websites, even if you do not have a profile on, or are logged into, that social media network. This information (including your IP address) is transmitted directly from your browser to a server of the respective social media network provider. If you click on a social media link and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your social media account on that network.
For information on the purpose and scope of data collection and processing by social media network providers, the provider identification, contact details, and your rights and ability to set privacy options, please refer to the privacy policies of each social media network provider.
The legal basis for the integration and use of social media links is in accordance with Art. 6, 1f DSGVO. Our primary interest is marketing our offers and our websites.
17. Employment Applications
We collect and process the personal data of employment applicants for the purpose of conducting the application process. If an applicant submits his or her application documents to us electronically, this processing is carried out electronically.
If we enter into an employment contract with an applicant, the data transmitted will be processed in compliance with the statutory provisions for the purposes of the employment relationship. If no employment contract is entered into with the applicant, the application documents will be deleted immediately after of the application process has been completed, provided that deletion does not conflict with a prevailing legal interest, such as the defense against a claim or preservation of evidence according to the General Act on Equal Treatment (Allgemeinen Gleichbehandlungsgesetz, AGG).
18. Age Restrictions
The websites are not intended or designed for use by children under the age of 16. We do not knowingly collect personal information from or about anyone under the age of 16.
19. Receiving Data
In order to carry out certain tasks, our company’s internal departments or organizational functions may receive your data. This data may be used to fulfil contracts with you, to process data with your consent, or to safeguard our legal interests.
Data will only be shared with third parties within the framework of legal requirements. We only share your data to third parties when necessary, e.g., on the basis of Art. 6, 1f DSGVO for contractual purposes or to safeguard our legal interests pursuant to Art. 6, 1f DSGVO in the effective execution of our business operations.
If we use service providers or third parties in order to offer our websites and/or our services, we take the appropriate legal precautions and technical and administrative measures to ensure the protection of your personal data.
If we use content or tools from service providers or third party providers within the scope of offering the websites and/or our services, and if the named location is in a third country, data is typically transferred to a third country. Third countries are countries in which the DSGVO laws are not directly applicable (i.e., countries outside the EU or the European Economic Area). Data will only be transferred to third countries if either an appropriate level of data protection or consent or other legal permission—specifically, an applicable guarantee in accordance with Art. 46 DSGVO)—is available.
20. Fair and Transparent Processing
20.1 Your Rights
You have the right to free access to information about your stored personal data—its origin, recipients, and the purpose of processing your data—and a right to correct, block, or delete this data. You also have the right to limit and/or opt out of the processing of your data.
Additionally, you have the right to have your data, which we process automatically, transferred to you or to a third party in a standard, machine-readable format.
To assert your rights, please contact us using the details provided above for the Responsible Entity.
You also have a right of appeal through the data protection supervisory authority. The supervisory authority for data protection in Bavaria, Germany, is the Bavarian Data Protection Authority (BayLDA) (https://www.lda.bayern.de/en/index.html/).
Many data processing transactions are only possible with your express consent. You can revoke your consent at any time simply by sending us an informal email. The legality of processing the data before the revocation remains unaffected by the revocation.
You are only entitled to this right to object if there are reasons arising from your particular situation (Art. 21, 1 DSGVO). After exercising your right to object, we will not process your personal data further for these purposes, unless we can provide evidence of compelling reasons worthy of protection for the processing that outweigh your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.
If the processing takes place for the purpose of direct marketing, you can exercise your right to object to this at any time (Art. 21, 2 DSGVO). At that point, irrespective of the reasons for the objection, we will no longer process your personal data for the purpose of direct marketing.
20.2 Mandatory Information
Providing personal data is neither required by law nor by contract, nor are you obligated to provide personal data. However, personal information is required for the fulfillment of a contract insofar as certain details are absolutely necessary in order to be able to fulfill a contract.
20.3 Automated Individual Decision Making
We do not carry out automated decision making, including profiling.
21. Storage and Deletion
We adhere to the principles of data avoidance and reduction. Therefore, we only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for in the storage periods as stipulated by law.
If the purpose of storage ceases to apply or if a storage period as stipulated by law expires, the personal data will be rendered inaccessible or deleted in accordance with the statutory provision.
22. Technical and Administrative Measures of Data Security
We meet administrative, legal, and operational security measures in accordance with the latest technology in order to ensure that privacy and data protection laws are observed, thereby protecting the data we process against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.
Our websites use SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, inquiries, or payment data that you send to us.