Privacy Policy
As of: November 2024
This privacy policy applies to the website https://theriseofwomensfootball.com/ (hereinafter “website”) offered by us.
The protection of your privacy is very important to us and a matter of course. The legal requirements demand comprehensive transparency regarding the processing of personal data. Only if the processing is comprehensible to you as the data subject you are sufficiently informed about the meaning, purpose and scope of the processing. Below, we therefore provide you with detailed and comprehensive information about how we handle your data and your rights in relation to your personal data that we process when you use our website and as part of our services. Personal data is all data with which you can be personally identified.
If you have any further questions about data protection, please contact us by email at contact@womensfootballmedia.com.
1. Name and address of the controller
Responsible for the processing of your personal data on the website within the meaning of Art. 4 No. 7 General Data Protection Regulation (hereinafter “GDPR”) is:
Women’s Football Media UG
Kardinal-Döpfner-Straße 3
80333 Munich
Germany
Email: contact@womensfootballmedia.com
2. General information on data processing
2.1 Type and scope of the processing of personal data
We process personal data only to the extent permitted by law and in particular to the extent necessary to provide a functional website and our content and services.
2.2 Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.
2.3 Deletion of data and retention period
The personal data processed by us for the purposes described below will generally be deleted or protected/blocked by technical measures (e.g. anonymization) as soon as the purpose of the processing no longer applies. This also takes place when a prescribed storage period expires, unless there is a need for further storage of the personal data for another storage purpose. Unless we are legally obliged to store the data for a longer period (e.g. due to retention obligations under tax or commercial law) or to disclose it to third parties (in particular law enforcement authorities), the decision as to which personal data we process depends on which functions of the website you use in each individual case.
2.4 Forwarding / external links
Please note that links on our website may take you to other websites that are not operated by us but by third parties. Such links are either clearly marked by us or are recognizable by a change in the address line of your browser. If these websites are not operated by us, we are not responsible for compliance with data protection regulations and the secure handling of your personal data on these websites operated by third parties.
3. Processing when using our website
3.1 Server log files
When you visit our website, the browser used on your device automatically sends information to the respective servers of our website. This information is temporarily stored in a log file (hereinafter “server log file“). The following information is collected and stored until it is automatically deleted:
- IP address of the requesting device, shortened by the last octet,
- Date and time of access,
- Name and URL of the accessed file,
- website from which the access was made (referrer URL),
- browser used and, if applicable, the operating system of your device and
- the name of your access provider.
The aforementioned data is processed by us for the following purposes:
- Ensuring a smooth connection setup of the respective website,
- Ensuring a comfortable use of our website,
- Checking and ensuring system security and stability and
- for other administrative purposes.
Your IP address is collected in particular for the detection of malware and bots, for retrospective observation and analysis of attacks and unauthorized access attempts and for blocking IP addresses that lead to a high load on our website due to a particularly high call density on a content.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the aforementioned purposes of data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. We delete this data after six (6) months, but at the latest when the purpose for the processing no longer applies. We do not merge this personal data with other data sources. Disclosure only takes place insofar as this is necessary for the operation of our website with regard to processors in accordance with Article 28 GDPR, e.g. with storage by our host provider. A transfer to a third country or to an international organization is not intended. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal or system-inappropriate use of our website.
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website (see Art. 21 para. 1 GDPR). Consequently, there is no possibility for the user to object. It is not possible to visit our website without the above-mentioned data processing.
3.2 Contact request
If you contact us using the contact details provided on our website to send us an email or to contact us by any other means, we will process the personal data you provide in this context.
In this case, the personal data transmitted with the email or the message provided by you (name, email address, your IP address and the date and time of the contact request) will be stored.
The legal basis for this data processing is our legitimate interest in responding to your request is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
If, after you have contacted us, you enter into a contract with us, the further processing of your personal data is based on the legal basis of Art. 6 para. 1 sentence 1 lit. b GDPR.
The personal data will be processed for as long as necessary to answer your request. If your request should lead to a subsequent contract conclusion, processing will take place for as long as is necessary to carry out pre-contractual measures or to fulfill the contract. If no contract is concluded, the personal data will be routinely deleted at the latest every six (6) months. We do not merge your personal data do not merge with other data sources. Disclosure of your personal data to third parties does not take place.
The provision of your personal data in connection with sending us an email or contacting us via any other communication channel is voluntary. Please therefore only provide the personal data that you consider necessary for us to answer your request.
3.3 Youtube
On our website we also provide Youtube videos. The provider is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (‘YouTube’). YouTube, LLC is a subsidiary of Google LLC, 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA (“Google”).
YouTube is a video platform that enables video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programs as well as music videos, trailers or videos made by users themselves can be accessed.
YouTube is partly based outside the EU or the EEA – an adequate level of data protection in accordance with the GDPR may therefore not exist. To ensure data protection on our website, you can only watch the provided videos if you have given your consent with the so-called “two-click” solution. This application prevents the videos implemented on our website from transmitting data to Youtube as soon as you enter our website for the first time. Only when you activate the respective Youtube start button by clicking on the associated start button in the video (implied consent), a direct connection to the Youtube’s server will be established. As soon as you activate the Youtube start button, Youtube/Google may receive the information that you have visited our website with your IP address.
In this context, Youtube will process your personal data that you provide by watching our provided videos on the basis of a Data Processing Agreement (“DPA”) pursuant to Art. 28 GDPR, which obliges the service provider to implement appropriate security measures and grants us comprehensive control powers.
Because your data may be transferred to countries outside the European Union, the aforementioned contract with Youtube/Google contains the EU standard contract clauses in accordance with Art. 46 para. 2 sentence 1 lit. c GDPR. In addition, Google is certified according to the EU-US Data Privacy Framework (Art. 45 GDPR).
For information on the purpose and scope of data collection and processing by Youtube/Google, please refer to the respective privacy policy of Google: https://www.google.de/intl/de/policies/privacy/.
3.4 Circle Community
Furthermore, on our website we provide a link to our Community on the social network Circle provided by CircleCo, Inc., 228 Park Ave S. PMB 52933 New York, NY 10003 (“Circle”). The link will automatically redirect you to the log-in area of the platform.
In this context, Circle will process your personal data that you provide by registering and visiting the platform on the basis of a Data Processing Agreement (“DPA”) pursuant to Art. 28 GDPR, which obliges the service provider to implement appropriate security measures and grants us comprehensive control powers.
Because your data may be transferred to the USA, the aforementioned contract with Circle contains the EU standard contract clauses in accordance with Art. 46 para. 2 sentence 1 lit. c GDPR.
For information on the purpose and scope of data collection and processing by Youtube/Google, please refer to the respective privacy policy of Circle: https://circle.so/dpa.
3.5 Job listings
We also provide a list of job advertisements on our website, which informs about all current job advertisements in women’s football, media or business.
By clicking on the corresponding link for each job advertisement you will automatically redirect to the corresponding website where you can apply.
Please note that these links take you to other websites that are not operated by us but by third parties. We are not responsible for compliance with data protection regulations and the secure handling of your personal data on these websites operated by third parties.
4. Social Media Buttons und Accounts
To provide up-to-date information and interact with our target groups we operate our social network accounts on Instagram (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (”Meta“)), Youtube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland („Google“)), LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (”LinkedIn“)) or X (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Irland (“Twitter”)).
4.1 Buttons on our website
Social media buttons of the social media networks LinkedIn, Instagram, X (Twitter) and YouTube, are integrated on our website.
The providers of the social platforms whose buttons we have integrated on the website may have their registered office (often via the parent company) outside the EU or the EEA – an adequate level of data protection in accordance with the GDPR may therefore not exist.
The buttons/links are clearly marked on our website. To ensure data protection on our website, we only use such buttons if you have given your consent with the so-called “two-click” solution. This application prevents the buttons integrated on our website from transmitting data to the providers as soon as you enter the website for the first time. Only when you activate the respective button by clicking on the associated button (implied consent), a direct connection to the provider’s server will be established. As soon as you activate the button, the provider of the respective social media network may receive the information that you have visited our website with your IP address. If you are logged into your respective social media account (e.g. Instagram) at the same time, the providers can assign the visit to our website to your user account. Activating the button/link constitutes implied consent. You can withdraw both express and implied consent at any time with effect for the future.
For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and setting options for data protection, please refer to the respective privacy policy of the providers of the social media networks:
- YouTube: https://policies.google.com/privacy?hl=de
- X (Twitter): https://twitter.com/privacy?lang=de
- Instagram: https://help.instagram.com/478745558852511
- LinkedIn: https://de.linkedin.com/legal/privacy-policy
4.2 Social media accounts
We also operate our own accounts on social networks and process your personal data for the purpose of safeguarding our legitimate interests in a modern means of information and interaction in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
If you visit our accounts on social networks, the respective social network provider will also process your personal data during such a visit.
If this information is used by the respective social network provider to provide us, as the operator of an account, with statistical information such as gender and age distribution regarding the use of the respective site, or to display further information or advertisements on Facebook according to your preferences, we are jointly responsible with the respective provider of the corresponding social network (Meta, Google, Twitter and LinkedIn) for the data processing operations within the meaning of Art. 26 DSGVO. We have therefore concluded a joint responsibility contract with these social network providers (Meta, Google, Twitter and LinkedIn) in accordance with Art. 26 para. 1 GDPR. Because, in particular regarding data processing by Meta, your data may be transferred to countries outside the European Union (via the parent company), the aforementioned contract with these social network providers contains the EU standard contract clauses in accordance with Art. 46 para. 2 sentence 1 lit. c GDPR. In addition, Meta’s parent company, which is based in the USA, is certified according to the EU-US Data Privacy Framework (Art. 45 GDPR).
The data subject rights under the GDPR (see Section 7 et seq.) can therefore be asserted by the user both against the two joint controllers, i.e. against us and against the respective social network providers. Please note that, despite our joint controllership with the operators of these social networks in accordance with Art. 26 GDPR, we do not have full influence over the data processing of the individual social networks. The corporate policy of the respective provider has a significant influence on our options. In the event of the assertion of data subject rights, we would only be able to forward these requests to the social network operator.
We have selected the most data protection-friendly settings possible for the use of the respective account. With regard to appropriate safeguards in accordance with Art. 44 et seq. GDPR, if needed, please see Sec. 6.
5. Use of Web Fonts
External fonts from Google Fonts are used on this website based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in a suitable presentation of our website. Google Fonts is a service of Google LLC, Mountain View, California, United States (“Google”).
When you visit our website, the fonts are loaded via the Google Fonts API. This external call transmits data to the Google servers, which may be located outside the EU (USA). In this way, Google also recognizes that you or your IP address have visited our website. The Google Fonts API was developed to reduce the use, storage and collection of end user data to what is necessary for the proper provision of fonts. According to its own information, Google generally deletes the transmitted IP addresses after one (1) year at the latest.
Google is certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection even when your IP address is transferred to Google servers outside the EU (USA) (Art. 45 GDPR). Additionally, we have concluded a data processing agreement with Google in accordance with Art. 28 GDPR, which includes the EU standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR.
More information can be found in Google’s privacy policies, which can be accessed here:
6. Transmission of data
Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:
- you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
- this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR,
- if there is a legal obligation for disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR,
- the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data, or
- it is transferred to a service provider acting on our behalf and on our exclusive instructions, whom we have carefully selected (Art. 28 para. 1 GDPR) and with whom we have concluded a corresponding contract for order processing (Art. 28 para. 3 GDPR), which obliges our contractor, among other things, to implement appropriate security measures and grants us comprehensive control powers.
Transmission to service providers in accordance with letter e) for the purpose of order processing takes place in the following areas: technical provision and programming of the website, user communication, provision of software as a service.
7. Data subject rights and right to lodge a complaint
As a data subject whose personal data is processed, you have the right to
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
- in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
- in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR ;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller; and
- to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our place of business. The supervisory authority responsible for our registered office is the Bavarian State Office for Data Protection Supervision, postal address: Postfach 1349, 91504 Ansbach, visitor address: Promenade 18, 91522 Ansbach, telephone: +49 (0) 981 180093-0, fax: +49 (0) 981 180093-800, e-mail: poststelle@lda.bayern.de.
8. Right of revocation for processing based on consent
If your personal data is processed on the basis of consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, you have the right to withdraw your consent at any time without giving reasons. As a result, we may no longer continue the data processing that was based on this consent in the future. However, the withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.
9. Right to object
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation. If your objection is directed against direct advertising, you have a general right to object; no justification is required in these cases.
10. Data security
We use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. We continuously adapt our security measures in line with technological developments. We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display 8ft he key or lock symbol in the lower status bar of your browser.
However, we would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
11. Updates and changes to this privacy policy
This privacy policy is valid as of November 2024. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this privacy policy. You can access and print out the current privacy policy at any time at https://theriseofwomensfootball.com/privacy-policy.