Data privacy information from SCC EVENTS GmbH
for the registration and use of a user account in the online booking portal via
the website: https://login.scc-events.com/

The following English version is provided solely to aid in understanding. In the event of any conflicts arising about wording, the German original version shall be exclusively binding for all parties involved.

With this notice, we are informing you about the processing of your personal data by SCC EVENTS GmbH (hereinafter also referred to as “SCC” or “we”) and the rights to which you are entitled under data protection laws in the context of your registration and use of an individual user account in the online booking portal.  

1. Responsible for data processing and data  protection officer

SCC EVENTS GmbH
Olympiapark Berlin, Hanns-Braun-Straße / Adlerplatz, 14053 Berlin

Managing directors: Christian Jost, Jürgen Lock

E-Mail: informationspflicht@scc-events.com

Telefon: 030 / 30 12 88 - 10

Fax: 030 / 30 12 88 – 20

The data  protection officer can be reached by post at the above address, attn.: “data privacy” or by e-mail: datenschutz@scc-events.com

2. Purposes and legal basis of data processing

We process your personal data in accordance with the legal regulations of the EU Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) .

Your personal data is processed within the scope of your registration as a user and your subsequent further use of your individual user account. According to the General Terms and Conditions (GTC) https://login.scc-events.com/s/terms-conditions, the existence of an active user account is a prerequisite for registering for SCC sporting events and ordering additional services in our online booking portal https://login.scc-events.com/.

The legal basis for the lawful processing of your personal data results from:

1. Art. 6 (1) lit. b) GDPR for the performance of the contract in accordance with the GTC: In order to provide the user account and the log-in area in the online booking portal, at minimum these data must be provided for registration: First name, last name, country of residence, date of birth, e-mail address and password. Confirmation of the registration by means of the confirmation link or verification code sent to the e-mail address provided is required before personal access to the log-in area can be set up. In addition, further data (nationality, gender, address, phone number, choice of event, payment method and data and further booked / selected services in connection with the event) must be given in the user account in order to book or register for a sports event. When booking participation for a minor, the data of the minor (last name, first name, gender, date of birth and nationality) will be processed in addition to your user account data. Other data in the context of registration and booking may be subject to processing if you provide such data voluntarily or in order to use offers accompanying the event, such as the order of personal products and services, registering your previous personal best time, your ChampionChip-ID, your emergency contacts, your club, your participation as a team member, your personalised access or voucher code, your PAPS key and other information relevant to the event or scoring.
2. Art. 6 (1) lit. f) GDPR to protect our legitimate interests: e.g. to assert legal claims, to defend legal disputes, to ensure IT security, for the purpose of direct advertising and event reminders (via mail and e-mail).
3. Art. 6 (1) lit. c) for the fulfilment of legal obligations such as commercial and tax law retention obligations, obligations under company law, contract law, data protection law and civil law or supervisory law requirements in compliance with the respective legal regulations.
4. Art. 6 (1) lit. a) GDPR with your consent, e.g. to register for the newsletter or for other purposes explicitly described in the respective declaration of consent.
5. Art. 9 (2) lit. a) GDPR with your consent, e.g. when performing the PAPS test on our website www.paps-test.de/en and generating, using and storing the PAPS key.  

Insofar as we have been granted consent to process personal data for specific, previously stated purposes, the lawfulness of this processing is given on the basis of the consent. Consent given can be revoked at any time. The revocation of consent does not affect the lawfulness of the data processed until the revocation.

In connection with your participation in a sports event, further personal data may be processed. Further information can be found in the data protection information of the respective event, available at https://www.scc-events.com/en/privacy-information

3. Recipients or categories of recipients of personal data

In order to fulfil our contractual services and legal obligations, your data is partly processed in part by external service providers and partners if this is necessary to fulfil the aforementioned purposes and is permitted by law. In doing so, we always follow the provisions of data protection law, in particular any processing carried out by service providers engaged by us only takes place after the conclusion of contracts with a corresponding confidentiality clause.

When using the online booking portal, personal data is processed in other countries outside the European Economic Area (so-called third country) through the use of service providers. You can find more information on this under point 6).

4. Duration of data storage

We process your data to carry out your registration as a user and to provide you with an individual user account. You can have your registration data (last name, first name, date of birth, e-mail address, gender and nationality) changed by sending us an explanatory notification.

Your personal details stored in the user account as well as your event-related orders and information will not be deleted as long as you maintain a user account with us. If you send us a request, we will delete your user account. This does not affect data processing operations that are subject to retention or open data processing operations.
In connection with your registration and participation in a sports event, further personal data may be processed. Further information can be found in the data protection information of the respective event at https://www.scc-events.com/en/privacy-information.

Paps keys are deleted one year after creation.

Information from identity and credit checks of the selected payment service providers is usually deleted 90 days after the credit check.

Booking and payment data are stored for the processing of the selected payment type and the associated transaction and - insofar as they are subject to statutory retention obligations - archived. There are various statutory retention periods (tax law, tax code) of up to 10 years from the end of the calendar year in which the claim arose, due to which SCC and the payment service providers used do not delete certain data but rather archive it (order data, payment data, booking data). Storage for the assertion, exercise or defence of legal claims is also possible. After expiry of the statutory retention periods, this data is completely deleted.

Payment data is generally collected for each booking and is not kept in the booking history.

Log and protocol data are deleted as soon as they are no longer required, at the latest 3 months after retrieval of our online offers (websites, online booking portal). Further information can be found in the data protection declarations of the respective website.

We store data processed on the basis of consent until it is revoked or until the respective purpose is fulfilled. Corresponding details can be found in the respective declaration of consent. The revocation of consent does not affect the lawfulness of the data processed until revocation.

We store the data protection enquiries we respond to with regard to information, correction, deletion or restriction of processing, as well as other enquiries from data subjects or supervisory authorities on data protection issues for 3 years for the purpose of accountability.

5. Rights of data subjects

All data subjects have the right to access the personal data referred to in Art. 15 GDPR, the right to obtain rectification of their inaccurately stored data according to Art. 16 GDPR, the right to obtain the erasure of personal data according to Art. 17 GDPR, the right to obtain the restriction of the processing of their data according to Art. 18 GDPR and the right to receive their personal data  according to Art. 20 GDPR. Given consent can be withdrawn at any time. The withdrawal of consent does not affect the lawfulness of the processing performed until the withdrawal.

Right to object:

Pursuant to Art. 21 GDPR, data subjects also have the right to object at any time to the processing of personal data concerning them.

A) Individual right of objection according to Art. 21, (1) GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6, (1) lit. f) GDPR (data processing on the basis of a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

B) Right to object to processing of data for direct marketing purposes pursuant to Art. 21,(2) GDPR

In individual cases, we process your personal data to carry out direct advertising (by post and by e-mail). You have the right to object at any time to the processing of your personal data for the purposes of such advertising. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Please send any enquiries regarding the exercise of your rights as a data subject, stating your full name, by post or e-mail to our data protection officer: SCC EVENTS GmbH, Data Privacy Officer, Olympiapark Berlin, Hanns-Braun-Strasse / Adlerplatz, 14053 Berlin or datenschutz@scc-events.com.

Right of appeal:

If you suspect that we are processing your data unlawfully, you can, of course, seek judicial clarification of the issue at any time. In addition, any other legal option is open to you. Irrespective of this, you have the option of contacting a supervisory authority in accordance with Art. 77 (1) GDPR. The right of complaint pursuant to Art. 77 GDPR is available to you in the EU Member State of your place of residence, your place of work and/or the place of the alleged infringement, i.e. you can choose the supervisory authority to which you turn from the places mentioned above. The supervisory authority to which the complaint has been submitted will then inform you of the status and outcome of your submission, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

6. Data transfer to a third country or an international organisation

We sometimes transfer personal data to third countries or international organisations. A list of these services and service providers, which may be used in the course of registering as a user and using the online booking portal, can be found later in this document.

Third countries are countries outside the EEA where the GDPR is not directly applicable. The level of data protection is not comparable with that in the EU. In order to compensate for the existing data protection deficit in the event of a lack of an adequacy decision, we have agreed further appropriate guarantees for the processing of personal data with the service providers concerned in the third country or with the international organisation in addition to the standard data protection clauses, so that the data protection standards in these data transfers are compatible with the statutory data protection provisions of the EU and an adequate level of protection is ensured in the processing of the personal data.

7. Voluntary provision and necessity for providing personal data

Registration as a user is a voluntary act in general. If you wish to use the online booking portal and the log-in area, the registration and log-in data are required and contractually stipulated, including confirmation of your registration with the help of the confirmation link or verification code sent by e-mail. Failure to provide the data will result in the inability to use the online booking portal.

Where information is optional, we have marked this in the respective data collection form. You can revoke the processing of personal data on the basis of consent at any time for the future.

In connection with your participation in a sports event, further personal data may be processed. Further information can be found in the data protection information of the respective event at https://www.scc-events.com/en/privacy-information

8. Automated decision-making, profiling

In order to carry out the selected payment method, automated decisions regarding creditworthiness may be made as part of the credit check of the respective payment service provider. If you believe that you have been wrongly excluded from the conclusion of a contract due to a credit check, you are welcome to explain your point of view to us in writing. We will then review the automated decision in accordance with Art. 22 (3) GDPR for your specific individual case. In order to be able to carry out the credit assessment, we may store and process your personal data in accordance with Art. 6 (1) lit. b) GDPR.

“Profiling” is a form of automated processing of personal data evaluating personal aspects relating to a natural person, in particular for the purpose of analysing or forecasting the data subject’s performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or change of location, where this produces legal effects concerning the data subject or similarly significantly affects him or her. Your data will not be processed for profiling purposes at SCC EVENTS GmbH.