Data Policy

Data Policy

The protection of personal data is a high priority for us. We want users to know which data is processed by us, on what basis and for what purpose. In addition, we have taken technical and organizational measures to ensure that the regulations on data protection are observed by us and by our order processors.

The tasks of the INVICTUS GAMES DÜSSELDORF 2023 include public relations work and, in doing so, the provision of information to the public within the framework of this website. The use of the www.invictusgames23.de website is generally possible without disclosing personal data. Personal data will only be processed by us to the extent necessary. Insofar as the processing of personal data is necessary, it is carried out in accordance with the requirements of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Under the data protection settings, you can select various options and set functionalities.

1. what is personal data?

According to Article 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly (in particular by means of association with an identifier such as a name, an identification number, location data or an online identifier).

2. data processing

a) Access to the website

Every time the website is accessed and every time a file is retrieved, data on this process is processed for a limited time in a log file for backup purposes and, with your consent, also for statistical purposes.

For the collection of data for statistical purposes, the explanations to point 4a) apply. In addition, we are entitled to store data for protection against attacks on the Internet infrastructure of INVICTUS GAMES DÜSSELDORF 2023 and the communication technology of the federal government beyond the time of your visit on the basis of Article 6 (1) lit. e GDPR in conjunction with Section 5 of the Federal Office for Information Security Act. This data is used to initiate legal and criminal prosecution in the event of attacks on the communications technology.

In detail, the following data is processed about each access/retrieval:

• domain/appearance called up
• IP address (automatically deleted after 90 days at the latest)
• date and time
• HTTP method (e.g. GET/POST)
• Resource that was accessed (URLUniform Resource Locator)
• HTTP protocol version
• Message whether the access was successful (HTTP status code)
• Amount of data transferred
• Referrer URLUniform Resource Locator (referring website/address)
• Browser (user agent sent along, usually browser type, version and language, operating system, device type, model and brand)
• Call from the Internet or intranet
• Calling protocol (https/http)

b) Contacting us by e-mail

Insofar as you contact us by e-mail, the data you provide (primarily your surname, first name, address, but at least your e-mail address and the information/personal data contained in the e-mail) will be processed in accordance with the Guideline for the Processing and Management of Written Material in the Federal Ministries. This is done on the basis of Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG. Processing of the personal data you provide is necessary for the purpose of contacting you and processing your request.

At the same time, the IP address is recorded. The use of the IP address takes place exclusively in the context of state law enforcement and security measures in compliance with the legal requirements.

c) Use of the contact form

If you wish to use the contact form, we will ask you for personal information so that we can process your request. The specification of your name and your e-mail address is required; without this data, your request transmitted via the contact form cannot be processed. The other information is optional and makes it easier for us to process your request. In addition, the date and time of your request and your IP address are transmitted.

Acknowledgement of this data protection declaration is a mandatory prerequisite for the use of the form. By activating the checkbox and submitting, you agree to the processing of the personal data, the content, which may also contain personal data transmitted by you, and the IP address. The processing is based on Article 6 (1) a) GDPR for the purpose of responding to your request. The use of the IP address takes place exclusively in the context of state law enforcement and security measures in compliance with the legal requirements. If you do not agree, the process will be aborted. In this case, the contact form will not be sent. If we are contacted by you via the contact form, we assume that we are entitled to reply by e-mail or by telephone (if indicated). If you do not agree to a response by e-mail/telephone, please indicate another method of communication in the text field of the contact form.

There is no automated decision making. Your information will be processed by e-mail. The transmission of the contents of the contact form is done by SMTP/TLS encryption. The contact e-mail address stores your data on protected servers in Germany. For technical reasons, the encrypted transmission of a confirmation e-mail cannot be guaranteed. Therefore, only an anonymized confirmation is transmitted. We would like to point out that communication via e-mail can always have security gaps. For example, e-mails can be intercepted and viewed by other Internet users on their way to the addressee.

Requests in electronic form are processed and stored in accordance with the Guidelines for the Processing and Management of Documents in the Federal Ministries.

d) Contact by letter

If you write us a letter, the data you provide (for example, surname, first name and address) and any personal data you may have provided in the letter will be processed for the purpose of contacting you and dealing with your request in accordance with the Guidelines for the Processing and Management of Written Material in the Federal Ministries. The data is processed on the basis of Article 6(1)(e) GDPR in conjunction with Section 3 BDSG.

e) Visitors

INVICTUS GAMES DÜSSELDORF 2023 regularly receives groups for an informational visit as well as individual visitors on an ad hoc basis. In order to be able to grant access to the INVICTUS GAMES DÜSSELDORF 2023 premises, the first name and surname, date and place of birth, and contact details of the person responsible for the visitor group must be provided in advance of the appointment for security reasons. The processing is based on consent in accordance with Article 6 (1) a GDPR. Without consent to the processing of personal data, access cannot be granted.

After completion of the follow-up to the respective event, but no later than 14 days after the visit has been carried out, the personal data will be deleted.

f) Accreditation of members of the press

In the context of press accreditation, the following personal data are requested: first and last name, date and place of birth, nationality, press card number and contact details. These data are necessary for the accreditation procedure.

The processing of the data submitted with a form is based on consent pursuant to Article 6 (1) a GDPR. Accreditation cannot take place without consent to the processing of personal data.

Accreditation will be processed by the media relations department of INVICTUS GAMES DÜSSELDORF 2023. The data will be stored for a maximum of three months after the respective event has taken place.

3. disclosure of personal data to third parties

The personal data you provide will be passed on to the responsible body, insofar as this is necessary for the processing of your request, and externally only to order processors in accordance with Article 4 No. 8 GDPR. In addition, the transfer of personal data to other federal or state public bodies may be necessary in the course of the performance of public duties.

Data that is logged when accessing the website is only transmitted to third parties if we are legally obligated to do so or if the transmission is necessary for legal or criminal prosecution in the event of attacks on the federal government’s communications technology. We do not pass on this data in other cases or combine it with other data sources.

4. statistical evaluation, use of cookies and integration of third-party offers Statistical evaluation and use of cookies

a) Statistical evaluation/web analysis

Based on your consent (Article 6 (1) a) GDPR), we evaluate usage information for statistical purposes in order to provide information according to your needs. For the statistical evaluation of visitor accesses, we use Matomo. This is an open source tool for web analysis. The data collected for this purpose is used in anonymized form to analyze the use of the bmvg.de website and to improve it.

The tool uses cookies. These cookies allow us to count visits. These text files are stored on your computer and make it possible for us to analyze the use of the website.

If our website is accessed, you can activate the corresponding cookie and consent to the processing of the following data for statistical purposes:

• anonymized IP address of the requesting computer,
• date and time of access,
• Title of the page or file accessed,
• URLUniform Resource Locator of the accessed page or file,
• message whether the access was successful (HTTP status code)
• Amount of data transferred
• URLUniform Resource Locator of the previously accessed page (Referrer URLUniform Resource Locator),
• Screen resolution,
• time of the user in his time zone,
• clicked and downloaded files (download),
• clicked outgoing references (links),
• page creation time (the time taken for the server to create the page and retrieve it, i.e. page speed),
• user’s location (country and region),
• requested language of the browser,
• loading time of the website at the user’s site
• browser and browser version (if applicable, with operating system, terminal device, make, model, if transmitted by the browser) and
• internal search queries (terms and hits).

The data is collected and analyzed exclusively anonymously with the open source web analytics software Matomo, so that no conclusion can be drawn about the user.

If, on the other hand, you select the “Privacy settings” button when accessing the website, the cookie is deactivated for statistical purposes or you can deactivate it at any time after activation. The explanations to point 4.b) apply accordingly to the functioning of cookies.

Users can object to the anonymized data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie is stored in their browser, which means that Matomo no longer collects any session data. If users delete their cookies, however, this has the consequence that the opt-out cookie is also deleted and must therefore be reactivated by the users.