Privacy policy

Hockenheim-Ring GmbH attaches a great deal of importance to the protection of your personal data. We treat your personal data confidentially, taking account of the relevant statutory requirements. This Privacy Policy explains how we handle your personal data and data about your usage which we obtain from you.

Controller

Hockenheim-Ring GmbH
Am Motodrom
68766 Hockenheim, Germany
Email:
info@hockenheimring.de
Tel.: 06205 950 0
Fax: 06205 950 199

External data protection officer

Mr. Tobias Riemenschneider
aubex GmbH
Neustadter Str. 5
68766 Hockenheim, Germany
Email:
datenschutz@aubex.de

Personal data

Personal data are individual details about the personal or material circumstances of an identified or identifiable natural person. This covers information such as your name, address, telephone number and date of birth. We collect, process and use your personal data only for the purposes for which you provide them to us. The personal data that you transfer to us will not be passed on to third parties without your consent. Exceptions are cases in which we are obliged to release data on the basis of mandatory statutory regulations.

Usage-related data

Every web server automatically registers access to websites. When you visit our homepage, our webserver temporarily stores each instance in a logfile (server logfiles). The following data are recorded and stored until such time as they are erased automatically:

  • IP address of the accessing computer
  • Date and time of access
  • Name and URL of the file accessed
  • Data volume transmitted
  • Notification of whether access was successful
  • Identification data of the browser and operating system used
  • Website from which access originates
  • Name of your Internet service provider

Processing of these data facilitates your use of the website (establishment of a connection) and is used for system security, technical administration of the network infrastructure and optimisation of the website.

By default, our web server is configured to erase the logfiles automatically every 14 days. However, we reserve the right temporarily to extend the storage period for logfiles (manually) or individual IP addresses (manually or automatically) if this is necessary for legitimate reasons of security.

The recipient of the data is our web hosting provider. No data is transferred to third countries. The basis for the temporary storage of data and logfiles is Art. 6 (1) point (f) GDPR.

Contact

You can contact us via the email addresses provided by us. In this case, the personal details of the user transmitted with the email are stored. No data are transferred to third parties in this connection. The data are used exclusively to process the conversation.

The legal basis for processing the data connected with sending an email is Art. 6 (1) point (f) GDPR. If the aim of the email contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) point (b) GDPR.

The data are erased as soon as they are no longer required to achieve the purpose of their collection. For personal data that are sent with the email, this is the case when the conversation with the user has ended. The conversation has ended when the circumstances indicate that the issue involved has been resolved conclusively. If you send us queries via the contact form, your details, including the contact data you provide there, are stored by us for the purpose of processing the query and in case there are any follow-up questions.

We use the data for the purposes specified in your consent and store them for the statutory retention period. The only other use of the data from the contact form is in anonymised form for statistical purposes (e.g. number of queries, success rate for queries, etc.).

Data protection in the case of job applications and in the application process

You have the option to apply for a job through our website. The application documents you submit in this context are collected and processed by us electronically to deal with your application. The legal basis for this processing is Art. 6 (1) point (a) GDPR in combination with Art. 6 (1) point (b) GDPR for the decision about establishing an employment relationship.

The data required to process the application include your personal data and contact information, along with a description of your education and training, professional experience and skills. In addition, you have the option to send us documents such as certificates and covering letters.

If an employment contract is concluded at the end of the application process, we store the data you have sent us with your application in your personnel file for the purposes of the employment relationship. The legal basis for this processing is also Art. 6 (1) point (b) GDPR.

If we cannot consider your application in the subsequent process, we erase the data that you have sent to us at the end of the application process. Exceptions may include statutory provisions, such as the German Equal Opportunities Act (AGG), which requires longer storage of up to six months or until the conclusion of legal proceedings. The legal basis in this case is Art. 6 (1) point (f) GDPR. Our legitimate interest lies in our legal defence.

If you expressly consent to longer storage of your data, for inclusion in an applicant or potential applicant database for example, processing will continue on the basis of your consent. The legal basis then is Art. 6 (1) point (a) GDPR. Of course, you can withdraw your consent at any time in accordance with Art. 7 (3) GDPR by notifying us, with effect from that point forward.

Content and services of third-party providers

Our website may also include content and services from other providers which under certain circumstances complement our service. Examples of such services are maps provided by Google Maps, YouTube videos and graphical images from third parties. Accessing these third-party services regularly requires transmission of your IP address. These providers can access and store your user IP address.

We make every effort to involve only those third-party providers who use IP addresses exclusively to deliver content. However, we do not have any control over which third-party providers may store your IP address.

It may be stored, for example, for statistical purposes. If we gain knowledge of storage processes by third-party providers, we draw the attention of our users to this fact immediately. Please also note in this connection the specific data protection policies of the individual third-party providers and service providers whose services we use on our website. You can find further information under the following links:

Facebook: http://www.facebook.com/policy.php
Instagram:
https://help.instagram.com/155833707900388
LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
Twitter: https://twitter.com/privacy
YouTube: https://policies.google.com/privacy?hl=en

Cookies

Our website uses cookies. Cookies are text files that are stored on or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored in the user’s operating system. These cookies have a characteristic sequence of characters that allows unique identification of the browser next time you visit the website. We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be recognised even after a change of site.

The session ID is stored and transmitted in the cookies.

When accessing our website, users are informed about the use of cookies for analytical purposes and their consent is obtained for processing of the personal data used in this connection. Reference is also made to this Privacy Policy.

The legal basis for processing the data connected with the use of technically essential cookies is Art. 6 (1) point (f) GDPR.

The purpose of technically essential cookies is to make use of the websites easier for users. Some functions of our website are not available without the use of cookies. For these functions it must be possible to recognise the browser even after a change of site.

We require cookies for the following applications:

(1) Noting access to pages

(2) Application of language settings

The user data collected by technically essential cookies are not used to create user profiles. These purposes also involve our legitimate interest in processing personal data in accordance with Art. 6 (1) point (f) GDPR.

Cookies are stored on the user’s computer and transmitted by it to our site. As a user, you therefore have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may be that some of the functions of the website are not available to their full extent.

SSL encryption

Our website makes use of SSL encryption to transmit confidential or personal content of our users. Encryption is activated, for example, to process payment transactions and for queries that you submit via our website. Please ensure that SSL encryption is activated on your side for the corresponding activities.

Use of encryption is easy to recognise: the display in your browser bar changes from "http://" to "https://". Data encrypted by SSL cannot be read by third parties. Transmit your confidential information only with SSL encryption activated and contact us if you are in any doubt.

Newsletters

We send out newsletters and emails with marketing information only with the express consent of the recipient or with statutory permission. Our newsletters contain information about offers, events and news.

Your email address is required to subscribe to the newsletter. As an option, we ask you to provide your first name and surname. These details are used solely to personalise the newsletter.

Your consent to processing the data is obtained in the course of the subscription process, during which reference is also made to this Privacy Policy. Subscription to our newsletter involves a double opt-in procedure, i.e. following registration you receive a confirmation email in which you are asked to confirm your subscription. This process is essential to ensure that no one can subscribe with other people’s email addresses.

Subscription to the newsletter is logged to safeguard the subscription process in accordance with evidentiary obligations. This includes logging of the time of subscription and confirmation and of the IP address.

The newsletter is distributed by MailPoet, 6 rue Dieudé, 13006, Marseille, France. The email addresses of our recipients and the data specified above are stored on the servers of CONTINUM AG, Bismarckallee 7b-d, 79098 Freiburg, Germany. The distribution service provider uses this information to distribute and evaluate the newsletters within the framework of commissioned data processing pursuant to Art. 28 GDPR.

The newsletters are provided with a so-called web beacon, i.e. a one-pixel file that is accessed by the shipping service provider’s server when the newsletter is opened. When you open the newsletter, technical information about your browser and system, your IP address and the time at which you access it is collected. The purpose of data collection of this sort is to make technical improvements to the service. Data to establish whether the newsletters are opened, when they were opened and which links you click on are also collected.

You can cancel your subscription to our newsletter at any time, i.e. withdraw your consent to receive it. There is a link to cancel your subscription at the end of every newsletter.

Use of Google Analytics

On our website we use the web tracking service of the company Google LLC, 1600 Amphitheatre Parkway in CA 94043 Mountain View, USA (hereinafter: Google Analytics). In the course of web tracking, Google Analytics uses cookies that are stored on your computer and allow analysis of your use of our website and your surfing behaviour (so-called tracking). We carry out this analysis on the basis of the tracking service of Google Analytics for ongoing optimisation of our website and improvement of its availability. In the course of your use of our website, data – in particular your anonymised IP address and your user activities – are sent to servers of the company Google LLC and are processed and stored outside the European Union, e.g. in the USA.

As a result of activation of IP anonymisation within the Google Analytics tracking code on this website, your IP address is anonymised by Google Analytics before it is transmitted. This website uses a Google Analytics tracking code that has been extended to include the operator “gat.anonymizeIp()” to ensure that only anonymised recording of IP addresses is possible (so-called IP masking).

The legal basis for the processing of personal data is Art. 6 (1) point (a) GDPR (if you have registered with Google) and Art. 6 (1) point (f) GDPR (if you have not registered with Google). If processing is on the basis of Art. 6 (1) point (f) GDPR, the legitimate interest of the site operator consists in obtaining anonymised information about the visitors to the website and using them to optimise and improve the website.

Google uses this information on our behalf to evaluate your visit to this website anonymously, compile reports about website activities and provide other services to us related to website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not combined with other data held by Google LLC.

Google saves the data relevant to the provision of web tracking as long as it remains necessary to provide the web service commissioned. Data collection and storage are carried out anonymously. If, however, there is a personal reference, the data are erased immediately, provided that they are not subject to any statutory retention obligations. In all cases, the data are erased at the end of the retention obligation.

You can prevent collection and forwarding of your personal data to Google (in particular your IP address) and processing of those data by Google by deactivating execution of script codes in your browser, installing a script blocker in your browser (you can find examples of these at www.noscript.net and www.ghostery.com) or activating the “Do Not Track” setting in your browser. In addition, you can prevent collection of the data generated by the Google cookie and relating to your use of the website (including your IP address) and processing of those data by Google by downloading and installing the browser plugin available under http://tools.google.com/dlpage/gaoptout?hl=de. You can find the security and data protection policies of Google Analytics at https://policies.google.com/privacy?hl=en.

Use of Google Tag Manager

Google Tag Manager is a solution by means of which website operators can manage tags (marking of databases with additional information) via an interface. The Tag Manager tool itself (which implements the tags) is a domain that does not use cookies and does not record any personal data. The tool triggers other tags, which record data under certain circumstances. Google Tag Manager does not access these data. If deactivation is implemented at domain or cookie level, this applies to all tracking tags that are implemented with Google Tag Manager. You can learn more about Google Tag Manager at: https://www.google.com/analytics/tag-manager/use-policy/

OpenStreetMap

This website uses Leaflet API, a map service that makes it possible to integrate OpenStreetMap – the open source alternative to Google Maps – into the website. For correct presentation, it is necessary from a technical point of view to make requests to other servers. These queries mean that, in principle, information about your use of this website (including your IP address) can be transmitted to other servers and stored there. The other servers are restricted after analysis by the developer tools on maps.wikimedia.org (map layers) and unpkg.com (leaflet files).

You have the option to deactivate OpenStreetMap and thus to prevent data transfer to third parties by deactivating JavaScript in your browser. Please note, however, that in this case the display of maps on our pages may be available to you only to a limited extent, if at all.

OpenStreetMap is used in the interests of enhancing our online service. This constitutes a legitimate interest within the meaning of Art. 6 (1) point (f) GDPR.

You can find more information about OpenStreetMap at https://www.openstreetmap.org. You can find more information about the API leaflet used at https://www.leafletjs.com.

Online booking process & registration

We offer users of our website the option to register by providing their data. The data are entered on an input screen and transmitted to and saved by us. Recipients of the data are internal departments and commissioned data processors pursuant to Art. 28 GDPR.

The following data are collected in the course of the registration process:

  • data required to book tickets and driving experiences or to purchase fan items (e.g. name, address, contact details, billing address, bank details, etc.)
  • data required for accreditation in the media area (services for journalists and photographers) (e.g. name, address, contact details, etc.)

The consent of the user to processing of this data is obtained in the course of the registration process. The legal basis for processing the data is the provision of the user’s consent in accordance with Art. 6 (1) point (a) GDPR.

If the aim of registration is to conclude a contract with the user as one of the contracting parties or to take steps prior to entering into a contract, the additional legal basis for processing is Art. 6 (1) point (b) GDPR.

Registration of the user is necessary to fulfil a contract with the user or to take steps prior to entering into a contract.

We are obliged on the basis of mandatory regulations of commercial and tax law to retain your address, payment and order data for a period of ten years. Two years after the contract comes to an end, we impose a restriction on processing and reduce it to the level that complies with the applicable statutory obligations.

Reservation of rooms in the Hotel Motodrom

You have the option to make bookings for the Hotel Motodrom. When you do so, you are taken to a separate booking website. Here we collect your data including your first name, surname, address, contact details, billing address, payment method and information about your date of arrival and departure.

The mandatory information required for order and contract processing are marked specifically; other information is provided voluntarily. We process your data to fulfil your booking. In particular, we forward payment details to the payment service provider you choose. Personal details are also forwarded to internal departments (e.g. hotel service personnel) and commissioned data processors pursuant to Art. 28 GDPR. Beyond this, data is transferred only if it is necessary to fulfil the contract.

Without this information, we are unable to provide quotations or make bookings. Processing is based on Art. 6 (1) point (b) GDPR to take steps prior to entering into a contract or to fulfil a contract.

Accommodation providers, in particular hotels, are obliged under Section 30 of the German Federal Registration Act (BMG) to collect the following data from guests on the day of their arrival and to require the guest to sign the registration form by hand:

  • Date of arrival and probable date of departure
  • Surname, first name, data of birth, nationality, address
  • Number of additional people travelling and their nationality in cases of Section 29 (2) sentence 2 and 3 BMG, serial number of the recognised and valid passport or alternative identification document for foreign nationals
  • Any other data required for the collection of tourist or spa taxes.

We are obliged under the BMG to collect, process and pass on these data. The legal basis for processing is Art. 6 (1) point (c) GDPR.

We erase these data or restrict their processing as soon as permitted by the provisions of the BMG, provided that you have not given any consent (Art. 6 (1) point (a) GDPR) to their further processing and we do not have any legitimate interest in doing so.

We are obliged on the basis of mandatory regulations of commercial and tax law to retain your address, payment and order data for a period of ten years. Two years after the contract comes to an end, we impose a restriction on processing and reduce it to the level that complies with the applicable statutory obligations.

Vouchers

A form is set up on our website that can be used for electronic online orders for vouchers. If a user uses this option, the data entered on the input screen such as surname, first name, address, contact details, billing address, payment method, etc. are transmitted to and stored by us. Your consent to processing the data is obtained in the course of the submission process, during which reference is also made to this Privacy Policy.

The legal basis for processing the data is the provision of the user’s consent in accordance with Art. 6 (1) point (a) GDPR.

The legal basis for processing the data transmitted in connection with purchasing a voucher is fulfilment of a contract pursuant to Art. 6 (1) point (b) GDPR.

We are obliged on the basis of mandatory regulations of commercial and tax law to retain your address, payment and order data for a period of ten years. Two years after the contract comes to an end, we impose a restriction on processing and reduce it to the level that complies with the applicable statutory obligations.

Payment service providers

External payment service providers are used to fulfil contracts for the purchase of vouchers, tickets and fan items and for completion of the booking process, in accordance with Art. 6 (1) point (b) GDPR.

At the same time, our legitimate interest pursuant to Art. 6 (1) point (f) GDPR lies in offering our visitors a wide variety of secure payment options.

As a matter of principle, your personal data are passed on only insofar as is necessary to process the contract. For payment processing, in particular, we pass on the payment data required to the financial institution appointed to make the payment or to any payment and billing service provider commissioned by us.

You can find further information about the relevant data protection provisions at:

The data required to process the payment are transferred securely via the “SSL” process and are processed exclusively to carry out the payment. We erase the data collected in this connection when we no longer need to store it or we restrict its processing if statutory retention obligations apply.

Video monitoring

We monitor the site of the Hockenheim Ring by video recording. Everyone who enters the site of the Hockenheim Ring is captured on video camera. We draw attention to the video monitoring by means of clear notices before the entrance to the site so that everyone has the opportunity to avoid it by not entering the site.

Video monitoring is carried out in the context of our house rules pursuant to Art. 6 (1) point (f) GDPR in conjunction with Section 4 of the German Federal Data Protection Act (BDSG) (new version) and serves in particular to safeguard the lives and health of individuals while they are at the Hockenheim Ring, to protect the property and to secure evidence.

We store the video recordings for 10 working days (see ruling of Lüneburg Upper Administrative Court, file ref. 11 LC 114/13) and erase them unless they are required to investigate a relevant incident.

Your rights

You have the right to obtain from the controller confirmation as to whether personal data concerning you are being processed. If this is the case, you have a right to information about this personal data and to the details specified in Art. 15 GDPR.

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and the completion of any incomplete personal data (Art. 16 GDPR).

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay if one of the grounds specified in Art. 17 GDPR applies, e.g. if the data are no longer required for the purposes pursued (right to erasure).

You also have the right to obtain from the controller restriction of processing where one of the conditions listed in Art. 18 GDPR applies, e.g. you have objected to processing, pending verification by the controller.

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6 (1) GDPR. The controller shall no longer process the personal data unless the controller can demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is for the establishment, exercise or defence of legal claims (Art. 21 GDPR).

Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Art. 77 GDPR). The data subject can exercise this right with a supervisory authority in the Member State of his or her habitual residence, place of work or place of the alleged infringement. The responsible supervisory authority is in Baden-Württemberg:

The Regional Data Protection and Freedom of Information Officer

Dr. Stefan Brink
PO Box 10 29 32
70025 Stuttgart, Germany

or:

Königstraße 10a
70173 Stuttgart, Germany
Tel.: 0711 615541-0
Fax: 0711 615541-15
Email:
poststelle@lfdi.bwl.de

Homepage: http://www.baden-wuerttemberg.datenschutz.de

You can contact us in this connection, and on any other matter relating to data protection, at the address given in the Legal Notice. Alternatively, our data protection coordinator is at your disposal for any issues relating to protection of your rights (info@hockenheimring.de).