Protecting your privacy is very important to DFB-Fanshop. Below we will inform you in detail about how your data is handled and your rights regarding your personal data, which you have provided as part of your purchase in the DFB Fanshop.
If personal data is collected on our site (e.g. by purchase), this is done on a voluntary basis.
1. Collection, processing and use of personal data
The sale of items via the DFB-Fanshop is carried out on behalf of and for the account of DFB GmbH, Otto-Fleck-Schneise, 660528 Frankfurt / Main; in the context of data processing during sales it is thus the responsible company in terms of Art. 4 (Nr.7) of the General Data Protection Regulation (GDPR).
You can contact the external data protection officer of DFB GmbH at:
Prof. Dr. Tina Krügel, LL.M.
lexICT UG (haftungsbeschränkt)
In case you wholly or partially want to object to collection, processing and use of your personal data, forward your objection via e-mail, fax or letter to:
60528 Frankfurt/ Main
Furthermore you can receive free information regarding the collected data at any time (see sec. 11).
Pursuant to Art. 4 (Nr. 1) GDPR personal data is any information relating to an identified or identifiable natural person. Including for example your name, your address, your phone number and any other information you provide us when you register for a customer account.
- communication data
- dates of birth
- Contract and order data
- Account details (optional)
Your data shall be processed in compliance with the data protection provisions applicable to this contract pursuant to Art. 32 GDPR. At the same time, respective agreements will be entered into with select service providers (e.g. forwarders) to perform individual services under the contract. To the extent that processing personal Purchaser data is necessary to do this as well, compliance with the applicable data protection provisions is contractually guaranteed pursuant to Art. 32 GDPR.
The data provided by you is collected, processed and used for the following purposes in an automated process:
- Allocation of the customer account
- Making your customer account available
- Use of the DFB Fanshop
- Inquiries regarding your customer account and/or orders
- Information about changed general terms and conditions/ data protection
The legal basis for processing your data pursuant to Art. 6 (1)(b) GDPR is the performance and fulfillment of the contract. The use for other purposes must be named separately and therefor legal basis is each during the purchase process given consent pursuant to Art. 6 (1)(a) GDPR. For example:
- Credit check within the purchase process in case of uncertain payment methods, e.g. direct debit (see sec. 5)
- Internal statistical market research, advertising or market and opinion research (see sec. 6)
- Mailing the newsletter and further information
- Examination and optimisation of procedures for direct customer approach
- Measures for business management and further development of services and products.
Ultimately, processing can be based on Art. 6 (1) (f) GDPR, if none of the aforementioned legal bases are applicable. That’s the case if processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. Such processing is permitted in particular because it has been specifically mentioned by the European legislator.
Your data will be transferred to the company charged for the shipping of your ordered delivery to the extent necessary to fulfill the ordering process. For the procurement of payments DFB-Fanshop processes your payment data within several payment methods (e.g. debit, credit card, PayPal, paydirekt) to the bank charged with the payment as well as to the charged Payment Service Provider within the contract data processing.
After complete execution of the contract and complete payment of the purchase price, your data will be blocked for further use and will be deleted after expiration of all retention periods according to tax and commercial law, unless you have expressively given permission for continued use of your data. You may visit our site without providing personal information. We only store access data without a person-specific reference, such as the name of your internet service provider, the site from which you visit us or the name of the file requested. This data is analyzed exclusively to improve our offers and does not permit an inference as to your person.
Personal data will also be collected when you register for the DFB-Fanshop newsletter, if you voluntarily provide them to us, and agree to further processing. You can refuse to receive our newsletter at any time. When subscribing to the newsletter your e-mail address will be used for our own advertising purposes with your consent until you unsubscribe from the newsletter. Please unsubscribe buy using the link at the bottom of the newsletter sent to you.
You shall exercise your right to object at any time without stating reasons and modify or revoke your given consent with effect for the future. You can send your objection either by post, by e-mail or fax to the DFB-Fanshop under the contact details mentioned in sec. 1. No further costs other than the usual postage or transmission costs arise. Your objection will be processed without undue delay, at the latest within one month from the receipt of the request.
To provide the visitors of the DFB-Fanshop with the best possible customized information, the DFB-Fanshop uses in particular Google AdWords Remarketing, Google’s Double Click cookie, Google AdWords Conversion, Google Dynamic Remarketing, Google Analytics, Facebook Conversion Tracking, Facebook Remarketing (see sec. 4.) and Google Tag Manager.
Cookies may be partially used to adapt the website of DFB-Fanshop to your personal customized interests, e.g. customized advertisement overlays adapted for your personal interests and needs may appear on the website. The randomly generated number contained in the cookie (ID-Number) will be amended with the help of your postal adress with spatial data, this means nonpersonalized data, sociodemographic data and transferred to our partner Mark & Mini. These data are anonymized and pseudonymized and may not be referred to you as a person.
This consent for the use of not required cookies may be revoked at any time. Please send a message to the contact indicated under sec. 1 (e.g. via e-mail, fax or ordinary mail) which is sufficient.
4. Third-Party Cookies:
We also use Google Analytics to analyze data from AdWords and the Double-Click-Cookie for statistical purposes. If you don’t want this, you can disable this by using the Ads Preferences Manager (http://www.google.com/settings/ads/onweb/?hl=en ) (“opt-out procedures).
Facebook-Pixel: To provide the visitors of DFB-Fanshop a broad offer of services and information tailored on the individual interest of the visitor, DFB-Fanshop uses Facebook Remarketing Technology of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) which is implemented as a Facebook pixel within our website. Users having visited our website will be addressed with tailormade advertisement within the social network of Facebook. The insertion of advertisement will be processed through a pixel. This pixel tool allows to analyze consumer behavior on the website and may be used for product recommendation and interest based advertisement.
Further information on the purpose and intent of data collection, the further use and processing of the data by Facebook as well as your respective rights and options for privacy settings can be found at https://www.facebook.com/about/privacy/.
In case you are not interested in the delivery of content for marketing purposes, you may disable this function visiting (http://www.facebook.de/settings/ads ) and enable remarketing-advertisements. Same result may be reached by visiting the website of the internet advertisement initiative under http://www.networkadvertising.org/choices/ (“opt-out procedures”).
BingAds: These websites use the Conversion Tracking from Microsoft. Microsoft Bing Ads will place a Cookie on your Computer as long as you have reached our website through a Microsoft Bing Ad. In this way Microsoft and we can see, that someone clicked on our ad, was transferred to our website and has reached a predetermined target page or action (conversion page). We will only receive information about the total number of users who clicked on a Bing Ad and were transferred to the conversion page. No personal information about the identity of the user is communicated. If you do not wish to participate in the tracking procedure, you can refuse the necessary placing of a cookie, e.g. via your browser settings, which can generally disable the automatic placing of cookies. You may refuse to receive interest-based advertisements from Microsoft at http://choice.microsoft.com/de-DE/opt-out.
You may find further information related to data protection and on the cookies used by Microsoft Bing at http://privacy.microsoft.com/de-de/privacystatement.
Social Plugins: This website uses so-called Social Plugins ("Plugins") from the social networks Facebook, Google+, Twitter, and vk.com ("Networks"). You can recognize the plugins by the corresponding network logo and/or the additions "like", "Recommend, "+1". Usually, the plugin buttons integrated into the pages transfer data to the network operators already when the page is loaded. In addition to the URL of the website visited, an ID can be transmitted which can be directly linked to a person, at least for users logged on to the respective network. If you interact with plug-ins, the corresponding information is also transmitted directly to a server of the respective network and stored there. This information is also published on the respective network. This allows network operators to create complete surf profiles of their users. A link with a person or the transmission of information regarding the interaction can only be prevented by logging out of the respective network before using the plugin.
5. Credit check
In the interest of all Purchasers we shall check the creditworthiness of our Purchasers when we deliver merchandise before payment is made in full. To do so, we obtain personal data related information on your credit history from GFKL Financial Services GmbH, Am EUROPA-CENTER 1b, 45145 Essen (Payprotect), which stores data for the provision of information as a credit bureau. In addition, we also obtain creditworthiness information from GFKL Financial Services GmbH on the basis of mathematical-statistical procedures using your address data.
This transmission is only made in accordance with the legal requirements of the GDPR and after your submission of the following separate consent. The consent may be refused.
I can object at any time without stating reasons and modify or revoke my given consent to the use of my e-mail address for advertising purposes with effect for the future by clicking the “unsubscribe” link at the end of the newsletter or removing the checkmark beside the respective newsletter in my purchaser account. You can send your objection either by post, by e-mail or fax to the DFB-Fanshop under the contact details mentioned in sec. 1. No further costs other than the usual postage or transmission costs arise.
In addition, the DFB-Fanshop also obtains credit information from GFKL Financial Services GmbH on the basis of mathematical-statistical procedures using your address. Your address is also included in the calculation of the probability value. The DFB-Fanshop uses the information received on the statistical probability of non-payment ("probability value") for a balanced decision on the payment options to be granted to you.
In the event you do not agree with this standardized proceeding related to a payment method you may address this to DFB-Fanshop under the contact details mentioned in sec. 1. The DFB-Fanshop points out that in this case only the payment method prepayment is available.
6. Consent to e-mail advertising
Any use of personal data that goes beyond the fulfilment and processing of your order shall only be made in accordance with the legal requirements of the European GDPR and after the submission of the following separate consent. Consent may be refused.
7. Data circulation in the event of payment default
If payment default occurs (payment of an invoice not on time or charge back on debit) we shall commission our collections partner Creditreform Wiesbaden Hoffmann & Nikbakht KG, Adolfsallee 34, D-65185 Wiesbaden, to collect the debt.
For the purpose of collecting the debt all information related to the claim in default (address and invoice data) shall be forwarded to our collections partner Creditreform Wiesbaden. Creditreform Wiesbaden is officially registered with the Regional Court of Wiesbaden (Mainzer Str. 124, 65189 Wiesbaden) which is the competent controlling authority.
8. Use of service providers
DFB GmbH uses service providers to fulfil and process your order and to process your data. These service providers process the data exclusively on the instructions of the DFB GmbH and have been obliged to comply with the applicable data protection regulations. All service providers and contract data processors have been carefully selected and will only have access to your data to the extent and for the time required to provide the services or to the extent to which you have consented to the processing and use of your data.
The following service providers of DFB GmbH have access to your data:
- The service provider responsible for customer support, snt Deutschland AG
- The provider of the merchandise management system eFulfilment Transaction Services GmbH
- DHL Paket GmbH and DHL Home Delivery GmbH, the shipping company commissioned to deliver goods
- The bank entrusted with the payment, Commerzbank AG
- The payment service providers commissioned within the scope of an order data processing
- paydirect GmbH
- PayPal (Europe) S.à r.l. et Cie, S.C.A.
- CommDoo Ltd
- GFKL Financial Services GmbH, which was entrusted with the credit assessment
- The collection partner Creditreform Wiesbaden Hoffmann & Nikbakht KG, which was commissioned to collect the receivables in the event of payment arrears
9. Data security
Your personal data is encrypted when transmitted over the internet during the ordering process. This applies to your order and also the Purchaser log-in. We utilise the encryption system SSL (Secure Sockets Layer). We protect our website and other systems against loss, destruction, access, alteration or disclosure of your data by unauthorised persons through technical and organizational measures. Your Purchaser account can only be accessed after your personal password is entered. You should always treat your access information confidentially and close the browser window when you have ended communication with us, especially if you share the computer with others.
The servers of some of the service providers used by DFB GmbH and in particular of some third-party cookie providers (e.g. Facebook) are located in countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as is the case in the member states of the European Union. If your data are processed in a country that does not have a recognised high level of data protection such as the European Union, the DFB GmbH uses contractual regulations or other recognised instruments to ensure that your personal data are adequately protected.
Some of your data will be processed automatically in order to evaluate certain personal aspects (profiling). We analyse your data using mathematical-statistical methods in order to tailor advertising to your individual interests.
11. Right of access, Art. 15 GDPR
You shall request confirmation, whether the DFB-Fanshop is processing your personal data. DFB-Fanshop shall require proof of identity in accordance with its security procedures, before disclosing information.
The DFB Fanshop shall provide you with the following information without undue delay, at the latest within one month:
- the purposes of the processing,
- the categories of personal data concerned,
- the recipients or categories of recipient to whom the personal data have been or will be disclosed,
- the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
- the right of rectification or erasure of personal data or restriction of processing of personal data or to object to such processing,
- the right to lodge a complaint with a supervisory authority,
- where the personal data are not collected from the data subject, any available information as to their source,
- the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you,
- where personal data are transferred to a third country or to an international organization: information of the appropriate safeguards relating to the transfer.
At any time you shall request information under the contact details mentioned in sec. 1 (by post, e-mail, fax) free of charge. There are no other costs than the postage or usual transmission costs. The DFB-Fanshop shall provide you with a copy of all data processed by the DFB-Fanshop in a common electronic format (e.g. PDF, DOC, RTF, etc.). The processing of inquiries shall be refused if they are offensive/annoying, endanger the personal rights of others, are extremely impracticable or otherwise if the provision of information is not provided for under the respective legal system. If the DFB-Fanshop refuses to provide you with information, you will be informed of the reasons for this refusal.
12. Right to rectification, Art. 16 GDPR
You shall have the right to obtain without undue delay the rectification of inaccurate personal data. Furthermore you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement (by e-mail, fax).
If you contest the accuracy of the personal data, the DFB-Fanshop is obliged to restrict the processing of the respective data ("restriction"). The restriction continues until the DFB-Fanshop has determined whether the respective data is correct or incorrect.
13. Right to restriction of processing, Art. 18 GDPR
You shall have the right to obtain restriction of processing where one of the following applies:
- the accuracy of the personal data is contested (see sec. 12),
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead,
- the DFB-Fanshop no longer needs the personal data for the purposes of the processing, but they are required for the establishment, exercise or defence of legal claims,
- You objected to processing pursuant to sec. 14 (Article 21(1) GDPR) pending the verification which legitimate grounds override.
For the duration of the restriction, personal data may only be processed with your consent, with the exception of storage. Consent may be refused. For the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest, the data can be processed without consent. The DFB-Fanshop will inform you before the restriction of processing is lifted.
14. Right to erasure (“right to be forgotten”), Art. 17 GDPR
You shall have the right to obtain the erasure of personal data without undue delay where the personal data are no longer necessary in relation to the purposes for which they were processed. The same applies, where you withdraw consent, and where there is no other legal ground for the processing. You also can object to the processing. The personal data have to be erased if they have been unlawfully processed or for compliance with a legal obligation in European Union or Member State law.
You shall have a right to access (see sec. 11). You can request the erasure by post, e-mail or fax from the DFB-Fanshop under the contact details mentioned in sec. 1. There are no further costs than the usual postage or transmission costs.
If the DFB-Fanshop has published personal data, it will also inform third parties about the request for erasure.
The right to erasure shall not apply to the extent that processing is necessary for exercising the right of freedom of expression and information, or for reasons of public interest in the area of public health. There is also no obligation to erasure for compliance with a legal obligation which requires processing by Union or Member State law or for the performance of a task carried out in the public interest. Also there shall be no erasure for the establishment, exercise or defence of legal claims. As well as for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, if it is likely to render impossible or seriously impair the achievement of the objectives of that processing.
15. Right to data portability, Art. 20 GDPR
You shall have the right to receive the personal data, which you have provided to the DFB-Fanshop, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, e.g. by a direct download. The DFB-Fanshop shall not interfere with data transmission. You can request data transmission by post, e-mail or fax. There are no further costs than the usual postage or transmission costs. The DFB Fanshop shall process your application without undue delay, at the latest within one month after receipt of the application. In case of rejection, you shall receive a reason.
16. Right to object, Art. 21 GDPR
You shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data. The DFB-Fanshop shall no longer process the personal data unless there is a real threat of serious harm. Where you object to processing for direct marketing purposes (e-mail advertising), the personal data shall no longer be processed for such purposes. You can object by post, e-mail or fax. There are no further costs than the usual postage or transmission costs. The DFB-Fanshop shall process your application without undue delay, at the latest within one month after receipt of the application. In case of rejection, you shall receive a reason.
17. Right to lodge a complaint with a supervisory board, Art. 77 GDPR
You shall have the right to lodge a complaint with a supervisory authority, if you consider that the processing of personal data infringes the regulations of GDPR. In case of the DFB GmbH:
The Hessian Commissioner for Data Protection and Freedom of Information
PO Box 3163
Phone: +49 611 1408 - 0
Fax: +49 611 1408 - 611
18. Changes of Terms and Conditions
DFB-Fanshop has the right to unilaterally change the data protection terms as far as this is legally necessary. DFB-Fanshop shall inform all customers and Purchasers by giving written notice about the specific content of the changes. Then you are able to check the changed terms before the next use of the shop.
Version: July 2018