Data Policy

Data Policy

The protection of personal data is a high priority for us. We want users to know which data is processed by us, on what basis and for what purpose. In addition, we have taken technical and organizational measures to ensure that the regulations on data protection are observed by us and by our order processors.

The tasks of the INVICTUS GAMES DÜSSELDORF 2023 include public relations work and, in doing so, the provision of information to the public within the framework of this website. The use of the website is generally possible without disclosing personal data. Personal data will only be processed by us to the extent necessary. Insofar as the processing of personal data is necessary, it is carried out in accordance with the requirements of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Under the data protection settings, you can select various options and set functionalities.

1. what is personal data?

According to Article 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly (in particular by means of association with an identifier such as a name, an identification number, location data or an online identifier).

2. data processing

a) Access to the website

Every time the website is accessed and every time a file is retrieved, data on this process is processed for a limited time in a log file for backup purposes and, with your consent, also for statistical purposes.

For the collection of data for statistical purposes, the explanations to point 4a) apply. In addition, we are entitled to store data for protection against attacks on the Internet infrastructure of INVICTUS GAMES DÜSSELDORF 2023 and the communication technology of the federal government beyond the time of your visit on the basis of Article 6 (1) lit. e GDPR in conjunction with Section 5 of the Federal Office for Information Security Act. This data is used to initiate legal and criminal prosecution in the event of attacks on the communications technology.

In detail, the following data is processed about each access/retrieval:

  • domain/appearance called up
  • IP address (automatically deleted after 90 days at the latest)
  • date and time
  • HTTP method (e.g. GET/POST)
  • Resource that was accessed (URLUniform Resource Locator)
  • HTTP protocol version
  • Message whether the access was successful (HTTP status code)
  • Amount of data transferred
  • Referrer URLUniform Resource Locator (referring website/address)
  • Browser (user agent sent along, usually browser type, version and language, operating system, device type, model and brand)
  • Call from the Internet or intranet
  • Calling protocol (https/http)

b) Contacting us by e-mail

Insofar as you contact us by e-mail, the data you provide (primarily your surname, first name, address, but at least your e-mail address and the information/personal data contained in the e-mail) will be processed in accordance with the Guideline for the Processing and Management of Written Material in the Federal Ministries. This is done on the basis of Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG. Processing of the personal data you provide is necessary for the purpose of contacting you and processing your request.

At the same time, the IP address is recorded. The use of the IP address takes place exclusively in the context of state law enforcement and security measures in compliance with the legal requirements.

c) Use of the contact form

If you wish to use the contact form, we will ask you for personal information so that we can process your request. The specification of your name and your e-mail address is required; without this data, your request transmitted via the contact form cannot be processed. The other information is optional and makes it easier for us to process your request. In addition, the date and time of your request and your IP address are transmitted.

Acknowledgement of this data protection declaration is a mandatory prerequisite for the use of the form. By activating the checkbox and submitting, you agree to the processing of the personal data, the content, which may also contain personal data transmitted by you, and the IP address. The processing is based on Article 6 (1) a) GDPR for the purpose of responding to your request. The use of the IP address takes place exclusively in the context of state law enforcement and security measures in compliance with the legal requirements. If you do not agree, the process will be aborted. In this case, the contact form will not be sent. If we are contacted by you via the contact form, we assume that we are entitled to reply by e-mail or by telephone (if indicated). If you do not agree to a response by e-mail/telephone, please indicate another method of communication in the text field of the contact form.

There is no automated decision making. Your information will be processed by e-mail. The transmission of the contents of the contact form is done by SMTP/TLS encryption. The contact e-mail address stores your data on protected servers in Germany. For technical reasons, the encrypted transmission of a confirmation e-mail cannot be guaranteed. Therefore, only an anonymized confirmation is transmitted. We would like to point out that communication via e-mail can always have security gaps. For example, e-mails can be intercepted and viewed by other Internet users on their way to the addressee.

Requests in electronic form are processed and stored in accordance with the Guidelines for the Processing and Management of Documents in the Federal Ministries.

d) Contact by letter

If you write us a letter, the data you provide (for example, surname, first name and address) and any personal data you may have provided in the letter will be processed for the purpose of contacting you and dealing with your request in accordance with the Guidelines for the Processing and Management of Written Material in the Federal Ministries. The data is processed on the basis of Article 6(1)(e) GDPR in conjunction with Section 3 BDSG.

e) Visitors

INVICTUS GAMES DÜSSELDORF 2023 regularly receives groups for an informational visit as well as individual visitors on an ad hoc basis. In order to be able to grant access to the INVICTUS GAMES DÜSSELDORF 2023 premises, the first name and surname, date and place of birth, and contact details of the person responsible for the visitor group must be provided in advance of the appointment for security reasons. The processing is based on consent in accordance with Article 6 (1) a GDPR. Without consent to the processing of personal data, access cannot be granted.

After completion of the follow-up to the respective event, but no later than 14 days after the visit has been carried out, the personal data will be deleted.

f) Accreditation of members of the press

In the context of press accreditation, the following personal data are requested: first and last name, date and place of birth, nationality, press card number and contact details. These data are necessary for the accreditation procedure.

The processing of the data submitted with a form is based on consent pursuant to Article 6 (1) a GDPR. Accreditation cannot take place without consent to the processing of personal data.

Accreditation will be processed by the media relations department of INVICTUS GAMES DÜSSELDORF 2023. The data will be stored for a maximum of three months after the respective event has taken place.

3. disclosure of personal data to third parties

The personal data you provide will be passed on to the responsible body, insofar as this is necessary for the processing of your request, and externally only to order processors in accordance with Article 4 No. 8 GDPR. In addition, the transfer of personal data to other federal or state public bodies may be necessary in the course of the performance of public duties.

Data that is logged when accessing the website is only transmitted to third parties if we are legally obligated to do so or if the transmission is necessary for legal or criminal prosecution in the event of attacks on the federal government’s communications technology. We do not pass on this data in other cases or combine it with other data sources.

4. statistical evaluation, use of cookies and integration of third-party offers Statistical evaluation and use of cookies

a) Statistical evaluation/web analysis

Based on your consent (Article 6 (1) a) GDPR), we evaluate usage information for statistical purposes in order to provide information according to your needs. For the statistical evaluation of visitor accesses, we use Matomo. This is an open source tool for web analysis. The data collected for this purpose is used in anonymized form to analyze the use of the website and to improve it.

The tool uses cookies. These cookies allow us to count visits. These text files are stored on your computer and make it possible for us to analyze the use of the website.

If our website is accessed, you can activate the corresponding cookie and consent to the processing of the following data for statistical purposes:

  • anonymized IP address of the requesting computer,
  • date and time of access,
  • Title of the page or file accessed,
  • URLUniform Resource Locator of the accessed page or file,
  • message whether the access was successful (HTTP status code)
  • Amount of data transferred
  • URLUniform Resource Locator of the previously accessed page (Referrer URLUniform Resource Locator),
  • Screen resolution,
  • time of the user in his time zone,
  • clicked and downloaded files (download),
  • clicked outgoing references (links),
  • page creation time (the time taken for the server to create the page and retrieve it, i.e. page speed),
  • user’s location (country and region),
  • requested language of the browser,
  • loading time of the website at the user’s site
  • browser and browser version (if applicable, with operating system, terminal device, make, model, if transmitted by the browser) and
  • internal search queries (terms and hits).

The data is collected and analyzed exclusively anonymously with the open source web analytics software Matomo, so that no conclusion can be drawn about the user.

If, on the other hand, you select the “Privacy settings” button when accessing the website, the cookie is deactivated for statistical purposes or you can deactivate it at any time after activation. The explanations to point 4.b) apply accordingly to the functioning of cookies.

Users can object to the anonymized data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie is stored in their browser, which means that Matomo no longer collects any session data. If users delete their cookies, however, this has the consequence that the opt-out cookie is also deleted and must therefore be reactivated by the users.

b) Use of cookies

We also use cookies on our site for the demand-oriented provision of information regarding the tasks assigned to INVICTUS GAMES DÜSSELDORF 2023 on the basis of Article 6 (1) e) GDPR in conjunction with Section 3 BDSG, which are technically necessary to provide you with the basic functions.

Cookies are small files that are automatically created by the user’s browser and stored on the end device when you visit our site. Information is stored in the cookie that is related to the end device used, but this does not mean that we thereby gain knowledge of the identity of the user.

The technically necessary cookies cannot be deactivated. Most browsers accept cookies automatically. However, the browser can be configured in such a way that no cookies are stored on the end device or only for the duration of the connection or that a notice always appears before a new cookie is created. The complete deactivation of cookies can lead to the fact that not all functions of our website can be used.

In addition, temporary cookies are used for technical service provision when calling up individual pages. These so-called session cookies do not contain any personal data and expire at the end of the session.

c) Integration of third-party providers / social media

Our online offer contains links to services of other providers. You can make adjustments to this in the data protection settings and view information about the respective offer.

We take the discussion about data protection in social networks very seriously. It is currently not finally clarified in legal terms whether and to what extent all networks offer their services in compliance with European data protection regulations. We therefore expressly draw attention to the fact that the services we also integrate, such as YouTube, Facebook, Instagram, LinkedIn and Twitter, store their users’ data in accordance with their data usage guidelines and use it for business purposes. We have no influence on whether these providers comply with the statutory data protection provisions. There is no knowledge of the extent to which, where and for how long the data is stored, the extent to which the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. You should therefore always also check the privacy policy of the relevant providers.

5. declaration on accessibility

For INVICTUS GAMES DÜSSELDORF 2023, the idea of inclusion is of paramount importance. Therefore, we attach great importance to making all content available barrier-free. The website includes its own barrier-free page that provides accessible content, such as plain language, sign language for navigation, screen reader capability and high-contrast images. The legal basis for this is the Barrier-free Information Technology Ordinance (BITV 2.0).

6. your rights

You have the right to revoke consent given in accordance with Article 6 (1) a) GDPR at any time with effect for the future (for example, when using the contact form); the lawfulness of the processing until revocation remains unaffected (Article 7 (3) GDPR). In addition to the right of revocation, you are entitled to the following data subject rights: information about the data (Article 15 GDPR), right to rectification (Article 16 GDPR), right to erasure (Article 17 GDPR), right to restriction of processing (Article 18 GDPR), right to data portability (Article 20 GDPR), right to object to processing (Article 21 GDPR), right to individual examination (Article 22 GDPR).

In addition, you have the right of complaint to the Federal Commissioner for Data Protection and Freedom of Information, Graurheindorfer Straße 153, 53117 Bonn (Article 77 GDPR).

7. responsibility under data protection law

Responsible body under data protection law for the website

Federal Ministry of Defense
Stauffenbergstrasse 18
10785 Berlin

Further processing of personal data (e.g., in connection with contacting a department) is the responsibility of the respective authority under data protection law.

8. official data protection officer

If you have specific questions about the protection of your personal data, please contact the data protection officer:

Commissioner for Data Protection in the German Armed Forces
Federal Ministry of Defense
Fontainengraben 150
53123 Bonn