Privacy

01

Introduction

As of: Februrary 2024

We, Rhine-Ruhr 2025 FISU Games gGmbH, Nördlicher Zubringer 9- 11, 40470 Düsseldorf, Tel: +49 15160665001, E- Mail: info@rhineruhr2025.com as the responsible body, would like to explain to you below which of your data we process and how.

In addition, you will find further information on the subject of data protection and further processing in the following PDF files:

• Data protection information

• Processing of your personal data as a volunteer

02

Data protection officer

If you have any questions about data protection, please contact our data protection officer Thomas Werning. He can be contacted at:

werning.com GmbH - Dieselstraße 12 - 32791 Lage, dsb-rhineruhr2025-d@werning.com, Tel.: +49 5232 980-4700

Below you will find information on which personal data (this is all data that identifies you as a natural person (hereinafter "data subject") or makes you identifiable, such as name, address, e-mail address or user behaviour) we collect during your visit to our site and how it is used. Data subjects are visitors to our website and users of our online offering.

2.1 Data security/encryption

This website uses "Hypertext Transfer Protocol Secure" (https). The connection between your browser and our server is encrypted.

03

Rights of data subjects

Your rights as a data subject affected by data processing

3.1 right to lodge a complaint

If you believe that the processing of your personal data violates the General Data Protection Regulation, you have the right to lodge a complaint with the data protection supervisory authority responsible for us (State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, https://www.ldi.nrw.de/) and any other data protection supervisory authority.

3.2 right of cancellation

You can revoke any consent you have given with effect for the future in accordance with Art. 7 GDPR.

3.3 right to information, erasure and rectification

In accordance with Art. 15 GDPR, you have the right to obtain information about the personal data stored about you - including any recipients and the planned storage period. If incorrect personal data is processed, you have the right to rectification in accordance with Art. 16 GDPR. If the legal requirements are met, you can request the erasure or restriction of processing and object to processing (Art. 17, 18 and 21 GDPR).

If you wish your data to be deleted but we are still legally obliged to retain it, access to your data will be restricted (blocked). The same applies in the event of an objection. You can exercise your right to data portability insofar as the technical possibilities are available to the recipient and to us.

Mr Thomas Werning will be happy to assist you with your rights as a data subject using the contact details above.

3.4 obligation to provide information

Without correct information from you, it is generally not possible to conclude a contract.

3.5 Automated decision-making and profiling

Does not currently take place.

3.6 intention to process in third countries

Does not currently take place.

3.7 Categories of recipients

As part of the provision of special services, we use service companies that we have separately obligated to confidentiality and data protection. Access to personal data cannot be ruled out here.

These categories of recipients are:

• Processors employed by us (Art. 28 GDPR), particularly in the areas of IT services, taxes, logistics and printing services, who process your data for us in accordance with our instructions;

• Public bodies and institutions (tax authorities) in the event of a legal or official obligation;

• Other bodies for which you have given us your consent to transfer data.

Data will only be passed on to authorities if there are overriding legal provisions.

04

Information about data processing on our website

4.1 general information

Purposes of the processing
Presentation of the company, provision of services and/or sale of products and communication via the Internet. The purpose of data processing on this website is to provide information about our company's products and services.

General information
If you have provided us with personal data, we will use it to answer your enquiries, to advise and process contracts concluded with you and for technical administration. Your personal data will only be passed on or transmitted to third parties if this is necessary for the purpose of processing the contract, for billing purposes or if you have given your prior consent. You have the right to revoke your consent at any time with effect for the future, see "Right of revocation".

The legal basis for the collection, processing and transfer of the data is Art. 6 para. 1 lit. b) GDPR in the context of contract processing.

This data will be deleted after expiry of the applicable statutory retention obligations. If we are not subject to any statutory retention obligations, the data will be deleted when the purpose no longer applies.

You have the right to access and object to your data stored by us at any time. Further information can be found under "Rights of data subjects" and "Right to cancellation".

4.2 server data collection

Purpose of the processing
When you visit our website, various data (server statistics) are automatically stored, which your browser transmits to our provider's server: Among other things, the IP address of your device, date and time of access, name and URL of retrieved files, website (from which the access is made or from which you were directed to our site (referrer URL)), browser used and, if applicable, the operating system of your device and the name of your provider are logged.

The aforementioned data is processed by us for the purposes of smooth connection establishment and system security. This data is not merged with other data sources. The IP address is stored in anonymised form and generally deleted after a maximum of 190 days. If the website is misused, log data whose further storage is required for evidence purposes will be retained until the incident has been clarified.

The legal basis is Art. 6 para. 1 lit. f) GDPR and § 25 para. 2 TTDSG (here, however, only data which, like browser or header information, is transmitted inevitably or due to (browser) settings of the terminal device when accessing our website). This is not to be regarded as "access to information that is already stored in the terminal equipment". Our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR arises from the fact that we want to ensure the secure operation of the website and recognise any attacks.

4.3 contact form and enquiry by e-mail

Purpose of the processing
When you use our contact form, we collect and store your name and email address for the purpose of responding to your enquiry. The telephone number for a callback is optional. If you send us a contact enquiry by email, we collect and store the email address and the data contained in the email.

The legal basis is Art. 6 para. 1 lit. a) GDPR, as you consent to the above-mentioned processing of your data when using the form as well as when sending an e-mail. In addition, the legal basis also arises from Art. 6 para. 1 lit. b) GDPR, as the storage of the data is necessary for the fulfilment of a pre-contractual or possibly later contractual relationship.

The data will be deleted when the purpose of the storage no longer applies, i.e., after your email/contact form enquiry has been answered or when the matter relating to the enquiry has been finally clarified.

You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

You can find information on the right to cancellation and information under "Data subject rights".

4.4 Data protection information about our presence on social networks and platforms

We have a presence on various social networks and platforms.

As this is sometimes discussed differently - and very justifiably - in the area of data protection, we would like to inform you accordingly here.

We operate these presences on the basis of our legitimate interest in communicating with the users active there and offering information on the networks/platforms.

Legitimate interests (Art. 6 para. 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

As this always involves data processing by the providers of the networks (usually for market research and advertising purposes) and some of this processing takes place outside the European Union, our presences are only aimed at the respective users active there who have consciously agreed to the terms of use of the respective providers.

The US providers undertake to offer comparable guarantees of a secure level of data protection as the data protection standards of the EU.

When weighing up and implementing these measures, we take particular account of the following:

• No exclusive information in the social networks and platforms, but only information about posts and events on our own website.

• No advertising and publicising of our presence outside the respective networks/platforms - i.e., no explicit recruitment of users who have not agreed to the terms of use.

• No plug-ins or integration of scripts from providers.

• Regular evaluation of presences in the social networks/platforms and risk assessments.

The relevant information on data protection and the data protection declarations can be found below:

Facebook:
Facebook Ireland Limited has changed its name to Meta Platforms Ireland Limited.
Meta Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Parent company: Meta Platforms, 1 Hacker Way, Menlo Park, CA 94025, USA
Privacy policy: https://www.facebook.com/about/privacy
Possibility of objection (Opt-Out) / Advertisements: https://www.facebook.com/settings?tab=ads
Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum
Data protection information for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data

Instagram:
Instagram is part of the Meta companies and is closely linked to Facebook.
The entity responsible for your data is Meta Platforms Ireland Ltd.
Meta Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Parent company: Meta Platforms, 1 Hacker Way, Menlo Park, CA 94025, USA
Privacy policy with link to object: https://privacycenter.instagram.com/policy

YouTube:
YouTube is provided by Google.
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: https://support.google.com/youtube/answer/7671399?hl=de&p=privacy_guidelines
Privacy policy: https://policies.google.com/privacy?hl=de

LinkedIn:
LinkedIn, 1000 W Maude Ave, Sunnyvale, Kalifornien 94085, USA
Privacy policy: https://de.linkedin.com/legal/privacy-policy?

Twitter/X:
Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 , Ireland
Privacy policy: https://twitter.com/de/privacy
Possibility of objection: https://twitter.com/settings/account

TikTok:
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
Privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/de
Possibility of objection: https://www.tiktok.com/legal/report/privacy?lang=de

05

Up-to-dateness and amendment of this privacy policy

We reserve the right to amend the content of this privacy policy at any time. This is usually done in the event of further development or adaptation of the services used. You can view the current privacy policy on our website.

Privacy Imprint