Fax: +49 30 - 288746640
Contacts of the data protection officer
You can reach our data protection officer as follows:
nd Business IT GmbH
10997 Berlin, DE
+49 30 95 999 45 30
When do we process personal data
We collect personally identifiable information through the use of our website or apps when you submit data to us through your submissions to our website or apps, or when we receive them from your interaction with Fanmile's partners (such as collecting Fanmiles). These are the following operations:
- Visit of our website;
- Usage of our apps;
- Creation of an account;
- Collecting Fanmiles;
- Redemption of rewards;
- Email newsletters;
- Contacting us;
- Guard against attacks against our technical infrastructure
For details we're referring to the following paragraphs.
Visit of our website
When you visit our website, the company we use to operate the website processes and stores the public IP address of the device with which you visit our website, including the date and time of access. The IP address is a unique numeric address under which your device sends or retrieves data to the Internet. The IP address is used so that you can retrieve and use our website technically and to detect and ward off attacks against our service provider or our website. Unfortunately, attacks continue to be made to harm website operators or their users (e.g., preventing access, spying on data, distributing malware (e.g., viruses), or other unlawful purposes). Such attacks would compromise the proper functioning of the data center of the company we use, the use of our website or its functionality and the security of visitors to our website. The processing of the IP address, including the time of access, is used to ward off such attacks. Through our service provider with this processing, we have the legitimate interest to ensure the functionality of our website and to fend off unlawful attacks against us and visitors to our website. The legal basis for processing is Article 6 (1) (f) GDPR. We have commissioned Amazon Web Services EMEA SARL (AWS Europe) as a processor to operate our website.
The stored IP data is deleted (by anonymization) if it is no longer needed for the detection or defense of an attack.
Usage of our apps
Our apps retrieve the content to be displayed from our server. For this, the above statements apply to our website accordingly, as this technically corresponds to a visit to our website.
Creation of an account
To use Fanmiles, you must first set up an account. By creating an account, we process the information you provide to create, maintain and facilitate the use of Fanmiles' services associated with your customer account. The legal basis for processing is Article 6 (1) (b) GDPR.
These data stored in your customer account will be deleted when you cancel your customer account with us. Insofar as we are legally obliged to store for a longer period of time (for example to fulfill accounting obligations) or are legally entitled to longer storage (for example because of a current legal dispute against the holder of a user account), the deletion takes place after expiration of the storage obligation or legal authorization.
To verify that a user account is being set up by one person and each user has only one account, we use your mobile number to send you a verification code via text message. For this we use the service MessageBird, an offer from MessageBird B.V., Baarsjesweg 285, 1085 AE Amsterdam, The Netherlands. If you do not agree, open an account through the mobile Fanmiles app, which can be done without verification. If you use this function, the legal basis for the corresponding data processing is Art. 6 (1) (a) GDPR.
Creation of an account using Facebook Connect
You can use Facebook Connect to set up your Fanmiles account. For this, the privacy notices listed on the corresponding page of Facebook apply. We do not process personal data from your Facebook profile, but use Connect only to set up your account and register. If you use this function, the legal basis for the corresponding data processing is Art. 6 para. 1 a) GDPR.
For collecting Fanmiles on our website, in our app or at our partners, we store in your account, which offer you used when and process how many Fanmiles we have to credit your account. Legal basis for the corresponding data processing Art. 6 para. 1 b) GDPR. We also process this data to detect and ward off fraud attempts to protect us from unlawful use of our offer. The legal basis for this is Article 6 (1) (f) GDPR. These data will be deleted when the statutory retention period ceases, unless we are legally entitled to a longer storage period (for example due to an ongoing legal dispute against the holder of a user account). In this case, the deletion takes place after expiration of the legal authorization.
Redemption of rewards
For the redemption of rewards on our website and in our app, we store in your account, which redemption action you used when and process how many Fanmiles we have to deduct from your account. If a postal delivery of your reward is required, we will pass on your personal data to our appropriate service provider to the extent required. Legal basis for the corresponding data processing Art. 6 para. 1 b) GDPR. We also process this data to detect and ward off fraud attempts to protect us from unlawful use of our offer. The legal basis for this is Article 6 (1) (f) GDPR. These data will be deleted when the statutory retention period ceases, unless we are legally entitled to a longer storage period (for example due to an ongoing legal dispute against the holder of a user account). In this case, the deletion takes place after expiration of the legal authorization.
Email newsletter and anonymous collection of usage data
If you sign up for one of our e-mail newsletters, the e-mail address you provided for creating and sending the newsletter as well as proof of registration for our newsletter will be processed until your cancellation. The legal basis for processing is Article 6 (1) (a) GDPR. You can revoke your consent at any time by unsubscribing from the newsletter. You will find a corresponding link at the end of each newsletter.
We delete your data stored in connection with the newsletter subscription with unsubscription from the newsletter.
For our newsletter we use the following providers:
Mailchimp, an offer from The Rocket Science Group, LLC
675 Ponce de Leon Ave.N., Suite 5000, Atlanta, GA 30308, USA, working for us as a processor. The Rocket Science Group is a member of the PrivacyShield Convention.
intercom.com, an offer from Intercom Inc., 55 Second Street, Suite 400, San Francisco, CA 94105, USA, acting as a processor for us. Intercom is a member of the PrivacyShield Convention. Intercom itself collects and uses data to ensure the operation of the service. Further information can be found here under point 3 "Customer Data".
For each newsletter, we have anonymous statistics compiled to see if and when this was opened on which device and which links were clicked in it.
If you send us a message via one of the contact options offered, we will use the information you have provided to us to process your request. The legal basis for this is our legitimate interest in answering your request in accordance with Art. 6 para. 1 f) GDPR. If your inquiry serves the conclusion or the execution of a contract with us, further legal basis for the processing is art. 6 para. 1 b) GDPR. The data will be deleted after completion of your request. If we are legally obliged to a longer storage, the deletion takes place after expiry of the appropriate period. We use intercom.com, an offer from Intercom Inc., 55 Second Street, Suite 400, San Francisco, CA 94105, USA, to act as a processor for us. Intercom is a member of the PrivacyShield Convention. Intercom itself collects and uses data to ensure the operation of the service. Further information can be found here under point 3 "Customer Data".
A cookie is a small text file that is saved on your device when you visit our website through your browser. If you visit our website again later, we can read these cookies again. Cookies are stored for different periods of time. At any time you have the option to set in your browser, which cookies he should accept, but this may mean that our website no longer works properly. Furthermore, you can delete cookies independently at any time. If you do not do that, we can specify when saving how long a cookie should be stored on your computer. Here is a distinction between so-called session cookies and persistent cookies. Session cookies are deleted from your browser when you leave our website or when you exit the browser. Persistent cookies are stored for the duration we specify when stored.
Technically required cookies that are required to use the features of our website (for example, whether you have logged in). Without these cookies certain functions could not be provided.
Functional cookies that are used to perform certain functions that you want to use technically.
Most of the browsers that our users use allow us to set which cookies are to be stored and make it possible to delete (certain) cookies. If you restrict the storage of cookies to certain websites or do not allow cookies from third-party websites, it may in certain circumstances mean that our website can no longer be used to its full extent. Here's how to customize cookie settings for the most common browsers:
- Google Chrome (support.google.com/chrome/answer/95647?hl=en)
- Internet Explorer (https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies)
- Firefox (https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences)
- Safari (https://support.apple.com/kb/PH21411?locale=en_US)
Right of information
According to Art. 15 GDPR, you have the right to ask us for a confirmation as to whether personal data relating to you are being processed. If this is the case, you have a right to information about these personal data and to further information, which are mentioned in Art. 15 GDPR.
Right of rectification
According to Art. 16 GDPR, you have the right to demand immediate correction of inaccurate personal data concerning you. Furthermore, in consideration of the purposes of the processing, you have the right to demand the completion of incomplete personal data, including by means of a supplementary statement.
Right to delete
You have the right to demand that personal data concerning you be deleted immediately. We are obliged to delete personal data immediately, provided that the corresponding requirements of Art. 17 GDPR are met. For details please refer to Art. 17 GDPR.
Right to restriction of processing
In accordance with Art. 18 GDPR, you have the right, under certain conditions, to demand that we restrict the processing of your personal data.
Right of data portability
According to Art. 20 GDPR, you have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer this data to another person without hindrance, provided that the processing is based on a consent pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or a contract pursuant to Article 6 (1) (b) GDPR and the processing is carried out by automated means.
Right of withdrawal
According to Art. 21 GDPR, you have the right to object to the processing of personal data concerning you, which is based on Article 6 (1) (e) or (f) of the GDPR; this also applies to profiling based on these provisions.
If we process your personal data in order to operate direct mail, you have the right at any time to object to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you would like to exercise your right, please contact us as responsible person under the contact details given above.
Existence of a right of appeal to the supervisory authority
You have the right under Article 77 GDPR, without prejudice to any other administrative or judicial remedy, to complain to the supervisory authority. This right shall apply, in particular, to the Member State of your place of residence, your place of work or the place of the alleged infringement if you believe that the processing of personal data concerning you is contrary to the GDPR.