We collect, process, and use your data in accordance with statutory requirements.
Data protection information on all further processing operations can be found here.
68766 Hockenheim, Germany
Tel.: 06205 950 0
Fax: 06205 950 199
EXTERNAL DATA PROTECTION OFFICER
Neustadter Str. 5
68766 Hockenheim, Germany
Personal data are individual details about the personal or material circumstances of an identified or identifiable natural person. This covers information such as your name, address, telephone number and date of birth. We collect, process and use your personal data only for the purposes for which you provide them to us. The personal data you transfer to us will not be passed on to third parties without your consent. Exceptions are cases in which we are obliged to release data on the basis of mandatory statutory regulations.
Every web server automatically registers access to websites. When you visit our homepage, our webserver temporarily stores each instance in a logfile (server logfiles). The following data are recorded and stored until such time as they are erased automatically:
The processing of these data facilitates your use of the website (establishment of a connection) and is used for system security, the technical administration of the network infrastructure and optimisation of the website.
By default, our web server is configured to erase the logfiles automatically every 14 days. However, we reserve the right to temporarily extend the storage period for logfiles (manually) or individual IP addresses (manually or automatically) if this is necessary for legitimate reasons of security.
The recipient of the data is our web hosting provider. No data is transferred to third countries. The basis for the temporary storage of data and logfiles is Art. 6 (1) point (f) GDPR.
You can contact us via the email addresses provided by us. In this case, the personal details of the user transmitted with the email are stored. No data are transferred to third parties in this connection. The data are used exclusively to process the conversation.
The legal basis for processing the data connected with sending an email is Art. 6 (1) point (f) GDPR. If the aim of the email contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) point (b) GDPR.
The data are erased as soon as they are no longer required to achieve the purpose of their collection. For personal data that are sent with the email, this is the case when the conversation with the user has ended. The conversation has ended when the circumstances indicate that the issue involved has been resolved conclusively. If you send us queries via the contact form, your details, including the contact data you provide there, are stored by us for the purpose of processing the query and in case there are any follow-up questions.
We use the data for the purposes specified in your consent and store them for the statutory retention period. The only other use of the data from the contact form is in anonymised form for statistical purposes (e.g. number of queries, success rate for queries, etc.).
We process photographs and video recordings and, if necessary, first and last names taken/obtained during open events, e.g. promotions, festivals, competitions, etc. The photographs are taken during the events, usually by our employees. In some cases, we also hire external photographers who are obliged to comply with data protection law and who are prohibited from using the photographs for their own purposes.
We use the photographs and video recordings to report on our events. The photographs taken during open events may be published:
The legal basis for taking general photographs as well as group photographs during events that do not specifically depict individual persons or children is our legitimate interest in reporting on our activities in accordance with Art. 6 Para. 1 lit. f GDPR.
The legal basis for the publication of the photographs and video recordings is our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR in conjunction with Sections 22 and 23 KunstUrhG (German Art Copyright Act). We will only publish photographs and video recordings of you without your consent if this is in our overriding legitimate interest in the documentation and reporting of our activities, which is the case with photographs in which individual persons are only “accessories” or if we publish general or group photographs of the events in which you have participated.
Your data will be assorted and classified internally by the relevant departments for the aforementioned purposes. If we have used the services of external photographers, we will receive the photo files from them.
Our data processing takes place in Germany and in the EU, and there is no transfer of the data to a third country or an international organisation.
The photograph and, if applicable, video recording data and personal data are stored indefinitely, as this is the only way we can achieve permanent documentation of our activities, which is also done for historical reasons.
There is no obligation to provide us with your data, i.e. you do not have to have your picture and/or video of you taken by us and you do not have to give us your first and last name. If you do not wish to be photographed, please inform the photographer immediately.
DATA PROTECTION IN THE CASE OF JOB APPLICATIONS AND IN THE APPLICATION PROCESS
You have the option to apply for a job through our website. The application documents you submit in this context are collected and processed by us electronically to deal with your application. The legal basis for this processing is Art. 6 (1) point (a) GDPR in combination with Art. 6 (1) point (b) GDPR for the decision about establishing an employment relationship.
The data required to process the application include your personal data and contact information, along with a description of your education and training, professional experience and skills. In addition, you have the option to send us documents such as certificates and covering letters.
If an employment contract is concluded at the end of the application process, we store the data you have sent us with your application in your personnel file for the purposes of the employment relationship. The legal basis for this processing is also Art. 6 (1) point (b) GDPR.
If we cannot consider your application in the subsequent process, we erase the data that you have sent to us at the end of the application process. Exceptions may include statutory provisions, such as the German Equal Opportunities Act (AGG), which requires longer storage of up to six months or until the conclusion of legal proceedings. The legal basis in this case is Art. 6 (1) point (f) GDPR. Our legitimate interest lies in our legal defence.
If you expressly consent to longer storage of your data, for inclusion in an applicant or potential applicant database for example, processing will continue on the basis of your consent. The legal basis then is Art. 6 (1) point (a) GDPR. Of course, you can withdraw your consent at any time in accordance with Art. 7 (3) GDPR by notifying us, with effect from that point forward.
CONTENT AND SERVICES OF THIRD-PARTY PROVIDERS
Our website may also include content and services from other providers, which under certain circumstances complement our service. Examples of such services are maps provided by Google Maps, YouTube videos and graphical images from third parties. Accessing these third-party services regularly requires transmission of your IP address. These providers can access and store your user IP address.
We make every effort to involve only those third-party providers who use IP addresses exclusively to deliver content. However, we do not have any control over which third-party providers may store your IP address.
It may be stored, for example, for statistical purposes. If we gain knowledge of storage processes by third-party providers, we draw the attention of our users to this fact immediately. Please also note in this connection the specific privacy policies of the individual third-party providers and service providers whose services we use on our website. You can find further information under the following links:
The session ID is stored and transmitted in the cookies.
The legal basis for processing the data connected with the use of technically essential cookies is Art. 6 (1) point (f) GDPR.
We require cookies for the following applications:
(1) Noting access to pages
(2) Application of language settings
The user data collected by technically essential cookies are not used to create user profiles. These purposes also involve our legitimate interest in processing personal data in accordance with Art. 6 (1) point (f) GDPR.
Our website makes use of SSL encryption to transmit confidential or personal content of our users. Encryption is activated, for example, to process payment transactions and for queries that you submit via our website. Please ensure that SSL encryption is activated on your side for the corresponding activities.
Use of encryption is easy to recognise: The display in your browser bar changes from “http://” to “https://”. Data encrypted by SSL cannot be read by third parties. Transmit your confidential information only with SSL encryption activated and contact us if you are in any doubt.
We send out newsletters and emails with marketing information only with the express consent of the recipient or with statutory permission. Our newsletters contain information about offers, events and news.
Your email address is required to subscribe to the newsletter. As an option, we ask you to provide your first name and surname. These details are used solely to personalise the newsletter.
Subscription to the newsletter is logged to safeguard the subscription process in accordance with evidentiary obligations. This includes logging of the time of subscription and confirmation and of the IP address.
The newsletter is distributed by MailPoet, 6 rue Dieudé, 13006, Marseille, France. The email addresses of our recipients and the data specified above are stored on the servers of
CONTINUM AG, Bismarckallee 7b-d, 79098 Freiburg, Germany. The distribution service provider uses this information to distribute and evaluate the newsletters within the framework of commissioned data processing pursuant to Art. 28 GDPR.
The newsletters are provided with a so-called web beacon, i.e. a one-pixel file that is accessed by the shipping service provider’s server when the newsletter is opened. When you open the newsletter, technical information about your browser and system, your IP address and the time at which you access it is collected. The purpose of data collection of this sort is to make technical improvements to the service. Data to establish whether the newsletters are opened, when they were opened and which links you click on are also collected.
You can cancel your subscription to our newsletter at any time, i.e. withdraw your consent to receive it. There is a link to cancel your subscription at the end of every newsletter.
USE OF GOOGLE ANALYTICS
As a result of activation of IP anonymisation within the Google Analytics tracking code on this website, your IP address is anonymised by Google Analytics before it is transmitted. This website uses a Google Analytics tracking code that has been extended to include the operator “gat.anonymizeIp()” to ensure that only anonymised recording of IP addresses is possible (so-called IP masking).
The legal basis for the processing of personal data is Art. 6 (1) point (a) GDPR (if you have registered with Google) and Art. 6 (1) point (f) GDPR (if you have not registered with Google). If processing is on the basis of Art. 6 (1) point (f) GDPR, the legitimate interest of the site operator consists in obtaining anonymised information about the visitors to the website and using it to optimise and improve the website.
Google uses this information on our behalf to anonymously evaluate your visit to this website, compile reports about website activities and provide other services to us related to website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not combined with other data held by Google LLC.
Google saves the data relevant to the provision of web tracking as long as it remains necessary to provide the web service commissioned. Data collection and storage are carried out anonymously. If, however, there is a personal reference, the data are erased immediately, provided that they are not subject to any statutory retention obligations. In all cases, the data are erased at the end of the retention obligation.
You can prevent collection and forwarding of your personal data to Google (in particular your IP address) and processing of those data by Google by deactivating execution of script codes in your browser, installing a script blocker in your browser (you can find examples of these at www.noscript.net and www.ghostery.com) or activating the “Do Not Track” setting in your browser. In addition, you can prevent collection of the data generated by the Google cookie and relating to your use of the website (including your IP address) and processing of those data by Google by downloading and installing the browser plugin available under http://tools.google.com/dlpage/gaoptout?hl=de. You can find the security and data protection policies of Google Analytics at https://policies.google.com/privacy?hl=en.
USE OF GOOGLE TAG MANAGER
This website uses Leaflet API, a map service that makes it possible to integrate OpenStreetMap – the open source alternative to Google Maps – into the website. For correct presentation, it is necessary from a technical point of view to make requests to other servers. These queries mean that, in principle, information about your use of this website (including your IP address) can be transmitted to other servers and stored there. The other servers are restricted after analysis by the developer tools on maps.wikimedia.org (map layers) and unpkg.com (leaflet files).
OpenStreetMap is used in the interests of enhancing our online service. This constitutes a legitimate interest within the meaning of Art. 6 (1) point (f) GDPR.
ONLINE BOOKING PROCESS & REGISTRATION
We offer users of our website the option to register by providing their data. The data are entered on an input screen and transmitted to and saved by us. Recipients of the data are internal departments and commissioned data processors pursuant to Art. 28 GDPR.
The following data are collected in the course of the registration process:
The consent of the user to the processing of this data is obtained in the course of the registration process. The legal basis for processing the data is the provision of the user’s consent in accordance with Art. 6 (1) point (a) GDPR.
If the aim of registration is to conclude a contract with the user as one of the contracting parties or to take steps prior to entering into a contract, the additional legal basis for processing is Art. 6 (1) point (b) GDPR.
Registration of the user is necessary to fulfil a contract with the user or to take steps prior to entering into a contract.
We are obliged on the basis of mandatory regulations of commercial and tax law to retain your address, payment and order data for a period of ten years.
RESERVATION OF ROOMS IN THE HOTEL MOTODROM
You have the option to make bookings for the Hotel Motodrom. When you do so, you are taken to a separate bookings website. Here we collect your data including your first name, surname, address, contact details, billing address, payment method and information about your date of arrival and departure.
The mandatory information required for order and contract processing are marked specifically; other information is provided voluntarily. We process your data to fulfil your booking. In particular, we forward payment details to the payment service provider you choose. Personal details are also forwarded to internal departments (e.g. hotel service personnel) and commissioned data processors pursuant to Art. 28 GDPR. Beyond this, data is transferred only if it is necessary to fulfil the contract.
Without this information, we are unable to provide quotations or make bookings. Processing is based on Art. 6 (1) point (b) GDPR to take steps prior to entering into a contract or to fulfil a contract.
Accommodation providers, in particular hotels, are obliged under Section 30 of the German Federal Registration Act (BMG) to collect the following data from guests on the day of their arrival and to require the guest to sign the registration form by hand:
We are obliged under the BMG to collect, process and pass on these data. The legal basis for processing is Art. 6 (1) point (c) GDPR.
We erase these data or restrict their processing as soon as permitted by the provisions of the BMG, provided that you have not given any consent (Art. 6 (1) point (a) GDPR) to their further processing and we do not have any legitimate interest in doing so.
We are obliged on the basis of mandatory regulations of commercial and tax law to retain your address, payment and order data for a period of ten years. Two years after the contract comes to an end, we impose a restriction on processing and reduce it to the level that complies with the applicable statutory obligations.
The legal basis for processing the data is the provision of the user’s consent in accordance with Art. 6 (1) point (a) GDPR.
The legal basis for processing the data transmitted in connection with purchasing a voucher is fulfilment of a contract pursuant to Art. 6 (1) point (b) GDPR.
We are obliged on the basis of mandatory regulations of commercial and tax law to retain your address, payment and order data for a period of ten years.
PAYMENT SERVICE PROVIDERS
External payment service providers are used to fulfil contracts for the purchase of vouchers, tickets and fan items and for completion of the booking process, in accordance with Art. 6 (1) point (b) GDPR.
At the same time, our legitimate interest pursuant to Art. 6 (1) point (f) GDPR lies in offering our visitors a wide variety of secure payment options.
As a matter of principle, your personal data are passed on only insofar as is necessary to process the contract. For payment processing, in particular, we pass on the payment data required to the financial institution appointed to make the payment or to any payment and billing service provider commissioned by us.
You can find further information about the relevant data protection provisions at:
The data required to process the payment are transferred securely via the “SSL” process and are processed exclusively to carry out the payment. We erase the data collected in this connection when we no longer need to store it or we restrict its processing if statutory retention obligations apply.
We monitor the site of the Hockenheim Ring by video recording. Everyone who enters the Hockenheim Ring site is captured on video camera. We draw attention to the video monitoring by means of clear notices before the entrance to the site so that everyone has the opportunity to avoid it by not entering the site.
Video monitoring is carried out in the context of our house rules pursuant to Art. 6 (1) point (f) GDPR in conjunction with Section 4 of the German Federal Data Protection Act (BDSG) (new version) and serves in particular to safeguard the lives and health of individuals while they are at the Hockenheim Ring, to protect the property and to secure evidence.
We store the video recordings for 10 working days (see ruling of Lüneburg Upper Administrative Court, file ref. 11 LC 114/13) and erase them unless they are required to investigate a relevant incident.
You have the right to obtain from the controller confirmation as to whether personal data concerning you are being processed. If this is the case, you have a right to information about this personal data and to the details specified in Art. 15 GDPR.
You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and the completion of any incomplete personal data (Art. 16 GDPR).
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay if one of the grounds specified in Art. 17 GDPR applies, e.g. if the data are no longer required for the purposes pursued (right to erasure).
You also have the right to obtain from the controller restriction of processing where one of the conditions listed in Art. 18 GDPR applies, e.g. you have objected to processing, pending verification by the controller.
You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you based on point (e) or (f) of Art. 6 (1) GDPR. The controller shall no longer process the personal data unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is for the establishment, exercise or defence of legal claims (Art. 21 GDPR).
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also includes profiling to the extent that it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Art. 77 GDPR). The data subject can exercise this right with a supervisory authority in the Member State of his or her habitual residence, place of work or place of the alleged infringement. The responsible supervisory authority is in Baden-Württemberg:
The Regional Data Protection and Freedom of Information Officer
Dr Stefan Brink
PO Box 10 29 32
70025 Stuttgart, Germany
70173 Stuttgart, Germany
Tel.: 0711 615541-0
Fax: 0711 615541-15
You can contact us on this and any other matter relating to data protection at the address given in the Legal Notice. Alternatively, our data protection coordinator is available for any issues you may have relating to the protection of your rights (email@example.com).