Privacy Policy/Cookies

Dear Visitor,

The protection of your privacy is important to us! We would therefore like to use the following information to inform you about how we handle your data that is collected when using our Internet offers as well as during usage of our mobile Werder applications.

I. The name and address of the person in charge of processing

1. The party responsible for our general Internet offers and the mobile Werder applications, and pertaining to the Basic Data Protection Regulation (GDPR) and other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature, is:

SV Werder Bremen GmbH & Co KG aA (WERDER)
Franz-Böhmert-Straße 1c
28205 Bremen
Telephone: 0421 - 43 45 90
Fax: 04 21/49 35 55
E-Mail: info@werder.de
Internet: www.werder.de

2. Responsible parties for individual services:

Services

Responsible Authority

WERDER.DE
TICKETING
WERDER.TV
NEWSLETTER (PROFI, TICKET, VIP, CSR)
Forum
Fixture Games

SV Werder Bremen GmbH & Co KG aA
Franz-Böhmert-Str. 1c
28205 Bremen

FANSHOP and NEWSLETTER (FANSHOP)

Werder Bremen Fan-Service GmbH
Hoerneckestraße 11/13
28217 Bremen

WERDER CARD

Werder Bremen Payment GmbH
Franz-Böhmert-Str. 1c
28205 Bremen

NEWSLETTER (Members, E-Paper)

Sport-Verein "Werder" v. 1899 e.V.
Franz-Böhmert-Straße 1c
28205 Bremen

 

CLUB MEMBERSHIP

Sport-Verein "Werder" v. 1899 e.V.
Franz-Böhmert-Straße 1c
28205 Bremen

 

II. Data Security Officer Name and address

The data protection officer of the controller is:

Rechtsanwalt Bertold Frick
Datenschutz-Metropol GmbH
Baumwollbörse, Wachtstraße 17/24
28195 Bremen

E-Mail: datenschutzbeauftragter@werder.de

A. General Information

1. Scope of personal data processing

We only collect and use personal data of our users insofar necessary to provide a functional website as well as our content and services. If this is not the case, personal data will only be used with the consent of the user on a regular basis. An exception applies in such cases where prior consent cannot possibly be obtained and the processing of the data is permitted by law.

2. Legal basis of processing

Insofar as we obtain the consent of personal data of the affected individual for the processing of personal data, Article 6(1)(a) of the Basic EU Data Protection Regulation (GDPR) will serve as the legal basis.

For the processing of personal data necessary for the performance of a contract, of which the data subject is a part, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Article 6 paragraph 1 lit. c GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another individual requires the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.

If processing is necessary to protect a justified interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6(1)(f) GDPR serves as the legal basis for processing. The legitimate interest of our company lies in the performance of our business activities.

3. Routine deletion and blocking of personal data

WERDER processes and stores the personal data of the data subject only for as long as it is necessary for storage purposes. Furthermore, data may be stored insofar as this has been specified by the European or national legislator in EU regulations, laws or other rules to which the person responsible for the processing is subject. As soon as the storage purpose ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.

4. Security of your data

We take all reasonable technical and organizational precautions to protect your information. All webpages that request sensitive information from you are encrypted before being transmitted to us. This provides the best possible protection against unauthorized access.

B. Usage data

1. Log-Files

When you visit a page of our website, by default our web server collects the name of the retrieved file, the date and time of access, the amount of data transferred, and any error messages.

The following data may be collected:

  • Information about the browser type and version

  • The user’s operating system

  • The user’s internet service provider

  • The IP address of the user, and date and time of access

  • Websites from which the user’s system accessed our websites (referrer)

  • Websites accessed by the user’s system via our websites

The processing of data serves to deliver the content of our website, in order to guarantee the functionality of our information technology systems and to optimize our website. The data of the log files are always stored separately from other personal data of the users.

2. Cookies

In order to provide you with the most personalised fan experience possible, our websites use cookies. Cookies are small text files that are stored in your internet browser's cache for the duration of your browser session (session cookies) or on your hard drive for a certain period of time (permanent cookies). Cookies enable the recognition of the Internet browser so that, on future visits to our website, content tailored to your needs and wishes can be made available to you more quickly and in a more targeted manner. We therefore use cookies to pursue our legitimate interest in providing a website tailored to the wishes of our visitors. Cookies do not store any personal data.

This data is not merged with other data sources. We reserve the right to subsequently check this data if we become aware of specific indications of unlawful use. If you give us your consent, the legal basis for the processing of personal data is Art. 6(1)(a) GDPR.

When you visit our website for the first time, you will be asked for your consent to the use of cookies other than functional cookies. By clicking on ‘Allow selection’ or ‘Allow all cookies’, you consent to the use of the selected options.

If you give your consent, data processing will be carried out on the basis of Art. 6(1)(a) GDPR.

You have the right to revoke your consent at any time with effect for the future.

You can exercise your right of revocation, for example, by accessing and changing your cookie settings via the following link:

To the cookie settings

How can I prevent the storage of cookies?

You can configure your browser so that it accepts cookies only with your permission. Any remaining cookies can be deleted. However, disabling cookies may limit the functionality of our website. Instructions on how to disable cookies are available at Link.

3. Google Services
(Google - Analytics, Google Universal Analytics and Google Doubleclick)

a) Google - Tools for pseudonymous analysis of user behaviour

On our websites, we use the analysis and advertising tools Google Analytics (including the functions of Universal Analytics) and Doubleclick by Google, which is offered within the EU by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’), to make the use of our sites more convenient for our customers.

b) How do the tools work?

Google Analytics uses so-called ‘cookies’ (see section 2), which are stored on your computer and enable us to analyse your use of our websites.

Universal Analytics allows us to analyze activities on our websites across different devices (for example, when accessing via a PC and later via a smartphone). This is done using a so-called User ID, an individual, non-personalized sequence of numbers that is not assigned to a specific device but is personally associated with the user as a pseudonym. Your User ID is assigned when you register on werder.de or log in to your existing customer account. Google only receives the User ID and the usage data linked to it. It is therefore not possible to associate the usage data with a specific individual.

DoubleClick by Google also uses cookies to present advertisements that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser to check which ads have been displayed in your browser and which ads have been clicked. The cookies do not contain any personal information. The use of DoubleClick cookies allows Google and its partner websites to display ads that are relevant to you based on your previous visits to our website or other websites on the internet.

c) What happens to the data?

The analysis data collected by the applications is transferred to a Google server in the USA and stored there. Google will use this information on our behalf to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage to us as the website operator. The data transmitted by your browser as part of the Google services will not be merged with other data from Google. To further protect your data, we use Google Analytics and Universal Analytics with the extension "_anonymizeIp()". This ensures that IP addresses are processed only in a shortened form, making it impossible to directly identify individuals.

d) How can you object to the collection and processing of data?

Your explicit consent is required for the collection and processing of data by Google (Google Analytics, Google Universal Analytics, and Google DoubleClick) in the manner described above. At the beginning of your use of our website, you have the option to refuse or grant your consent via the cookie banner and to inform yourself about our company's privacy policies. By giving your consent, you agree to the processing of your data for the aforementioned purposes.

If you give your consent, data processing will be carried out on the basis of Art. 6(1)(a) GDPR.

You have the right to revoke your consent at any time with effect for the future.

You can exercise the revocation, for example, by calling up and changing your cookie settings via the following link.

Zu den Cookie-Einstellungen

You can also prevent the collection of data by Google Analytics and Universal Analytics and their transmission to Google, as well as the processing of this data by Google, by downloading and installing a browser plugin available at the following Link.

To disable the DoubleClick cookie, you can download and install the browser plugin available under the DoubleClick opt-out extension at the following Link. 
Alternatively, you can disable DoubleClick cookies on the Digital Advertising Alliance page at the following Link.

Since Google is located in the USA, data is transmitted to a third country outside the EU and the EEA. However, the security of your data is guaranteed because Google has committed to the EU-US Privacy Shield agreement. According to the decision of the EU Commission of 12.07.2016, Google therefore has an adequate level of data protection. In addition, we have concluded a data processing agreement with Google to ensure the security of your data.

Further information about the use of cookies by Google and options to disable them can be found at the following Link or Link to the Google advertising settings.

4. Google AdWords - Conversion Tracking

We use the so-called conversion tracking as part of the online advertising program "Google AdWords" to evaluate and optimize our online advertising. This helps us to see if and how many users arrive on our pages via Google ads. When you click on a Google ad, Google places a so-called conversion cookie on your computer. This has a "lifespan" of 30 days. If a user arrives on one of our pages via one of our Google ads within these 30 days, Google and we can see which ad the visitor came from. No personal data that can identify individual visitors is collected. We only receive a statistical evaluation of the total number of users who clicked on our ads and were directed to our site.

Further information on Google conversion tracking can be found at the following Link.

Your explicit consent is required for the collection and processing of data by Google AdWords conversion tracking as described above. At the beginning of your use, you have the option to refuse or give your consent via the cookie banner and to inform yourself about our company's privacy policies. By consenting, you agree to the processing for the specified purposes.

If you give your consent, data processing will be carried out on the basis of Art. 6(1)(a) GDPR.

You have the right to revoke your consent at any time with effect for the future.

You can revoke your consent, for example, by accessing and changing your cookie settings via the following link.

To the cookie settings

You can object to the use of conversion cookies and thus prevent conversion tracking by:

  • Configuring your browser to not accept cookies. However, in this case, the use of our website and services may be limited, or

  • Disabling interest-based ads from Google in the Google ad settings: adssettings.google.com

5. Google Ad Manager

On Werder.de, we also generate advertising revenue. To target advertising as precisely and successfully as possible for the advertiser (for example, by not showing the same ad repeatedly to the same user), we use a so-called ad server that controls the delivery of ads—such as through the use of cookies. Werder uses Google Ad Manager for ad delivery. Information about this service can be found here: [http://cookiepedia.co.uk/cookies/__gads](http://cookiepedia.co.uk/cookies/__gads).

Your explicit consent is required for the collection and processing of data by Google Ad Manager in the manner described above. At the beginning of your use, you have the option to refuse or grant your consent via the cookie banner and to inform yourself about our company's privacy policies. By giving your consent, you agree to the specified purpose.

If you give your consent, data processing will be carried out on the basis of Art. 6(1)(a) GDPR.

You have the right to revoke your consent at any time with effect for the future.

You can exercise the revocation, for example, by accessing and changing your cookie settings via the following link.

To the cookie settings

You can also object to the use of cookies by Ad Manager by:

  • Configuring your browser so that it does not accept cookies. However, this may limit your ability to use our website and services, or

  • Disabling interest-based ads from Google in Google's ad settings:  https://adssettings.google.com

6. Facebook - Pixel

With your consent, which you gave by clicking on the following button when visiting our website:

‘We use cookies and marketing tools on our website and collect personal data. By clicking OK, you consent to the use of cookies and marketing tools and accept our privacy policy. You can adjust your settings at any time and obtain further information under Privacy Policy.’

we use another conversion tracking tool to evaluate our advertising measures on Facebook, the so-called Facebook pixel, a service provided by

Facebook Inc.
1601 S. California Ave,
Palo Alto,
CA 94304,
USA.

This service allows us and Facebook to track users' actions after they have clicked on a Facebook advertisement. This enables us to record and evaluate the effectiveness of advertisements for statistical and market research purposes in order to optimise future advertising measures.

The data collected is anonymous to us, meaning we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Facebook, allowing it to be linked to the respective user profile and enabling Facebook to use the data for its own advertising purposes in accordance with the Facebook Data Use Policy (https://www.facebook.com/about/privacy/). You can enable Facebook and its partners to place advertisements on and outside of Facebook. A cookie may also be stored on your computer for these purposes.

We only use Facebook pixels if and to the extent that you have given us your express consent to do so. Consent to the use of the visitor action pixel may only be given by users who are over 13 years of age. If you are younger, we ask you to ask your legal guardians for permission. If you give your consent, data processing will be carried out on the basis of Art. 6 (1) (a) GDPR.

You have the right to revoke your consent at any time with effect for the future.

You can exercise your right of revocation, for example, by accessing and changing the cookie settings via the following link.

To the cookie settings

7. Verwendung von Facebook Insights

Facebook uses its ‘Facebook Insights’ service on our Facebook pages. If you give your consent to tracking on our website by opting in, your data will be collected for our Facebook fan page. You can assert your rights as a data subject with Facebook Ireland and WERDER. The primary responsibility for the processing of Insights data under the GDPR lies with Facebook. Facebook fulfils all obligations under the GDPR with regard to the processing of Insights data and makes the essentials of the Page Insights supplement available to the data subjects. WERDER does not make any decisions regarding the processing of Insights data and the further information resulting from Art. 13 GDPR, including the legal basis, the identity of the controller and the storage period of cookies on user devices.

Further information on the Page Insights supplements regarding the controller of Facebook can be found at this Link.

8. AddThis

On our pages, we use so-called ‘AddThis’ plug-ins, which make it easier for you to set bookmarks. ‘AddThis’ is a service provided by AddThis LLC, 8000 Westpark Drive, Suite 625, McLean, VA 22102, USA. It uses cookies (see section 2 under section B) to transfer data (such as time of use and browser language) to AddThis in the USA, where it is processed. For more information on the scope and purpose of the collection and use of data, please visit www.addthis.com/privacy. We do not collect or process the data concerned. You can prevent the use of your data at any time by using an ‘opt-out cookie’. Information on this can also be found at the above address.

C. Your personal data (inventory data)

1. What is ‘personal data’?

Personal data is information about you that allows conclusions to be drawn about your identity or that relates directly or indirectly to you, e.g. your name, address or telephone number. Information that does not allow conclusions to be drawn about a specific or identifiable person is not included.

2. Your registration with WERDER

If you take advantage of the opportunity to register on the WERDER website by providing personal data, the data will be transmitted to WERDER in the respective input mask. The data will be stored exclusively for internal use at WERDER. During registration, in addition to the data listed below, the user's IP address and the date and time of registration will be stored. This serves to prevent misuse of the services. The data will not be passed on to third parties. An exception to this is if there is a legal obligation to pass on the data.

Registered persons have the option of deleting or modifying the stored data at any time. The data subject can obtain information about the personal data stored about them at any time.

Registration is based on our legitimate interests. By offering the option to register, we can offer our visitors the convenience of logging in regularly and storing their data permanently.

a) What data do we collect and for what purpose?

During registration, we require certain information from you, such as your name, address, date of birth, email address and a user name. The fields for data that are required for registration and must be provided are marked as mandatory fields in the registration menu. You can provide additional data (such as your mobile phone number) on an optional basis. The data you provide will be stored by us and will be used exclusively to provide the services you have requested and thus to fulfil our contracts with you, e.g. the sale of tickets, the provision of the Werder.TV subscription or purchases in our shop.

b) Bank and credit card details

For certain paid services, we also require bank or credit card details in order to process the contract. We only store your bank details if you pay for services by direct debit. If you choose the ‘credit card’ payment method, we will also need your credit card details. However, these credit card details are not collected by us, but directly and exclusively by the payment service providers commissioned by us and specialising in the online sector. This allows you to shop securely.

c) Can I shop in the fan shop without registering?

You can shop in our fan shop without registering. The data we collect to process your purchase is not stored in the central database (see section 3), but is only recorded and stored in the shop system in order to fulfil our contract with you.

3. Your club membership

a) What data do we collect and for what purpose?

For club membership, we collect the following data from you via our registration form:

First and last name, address (street, house number, postcode, town), date of birth, date of joining the club, department and, if applicable, team affiliation, bank details, if applicable, the names and contact details of legal representatives, telephone number, email addresses, if applicable, function in the club, if applicable, household and family affiliation for family membership, health data.

Your data is processed,

  • to identify you as a member of our association;

  • to prepare your membership;

  • to implement your association membership;

  • to correspond with you;

  • to send you the newsletter;

  • to pass on to trainers;

  • to pass on to other association members;

  • for invoicing and payment;

  • to fulfil your claims or assert any claims against you.

b) Public relations

As part of public relations work relating to club activities, personal data is published in notices, in the club newsletter and on websites, and is passed on to the press.

This includes, in particular, data from publicly accessible sources:

  • Participants in sporting events

  • Team line-ups

  • Results

  • Goal scorers

  • Age or year of birth.

Personal data is published on the internet or in local, regional or national print media in order to safeguard the legitimate interests of the association (cf. Article 6(1)(f) GDPR). The legitimate interest of the association consists in informing the public by reporting on the association's activities. In this context, personal data, including images of participants, is published, for example, in the context of reporting on the association's sporting events.

Photos and videos taken outside of public events will only be published with the consent of the persons depicted.

The names, surnames, positions, email addresses and telephone numbers of the members of the executive committee, department heads and trainers are published on the association's website.

c) Use and publication of member data and lists

The list of members or participants are made available to the respective employees of the club (e.g. board members, department heads, and trainers) to the extent required by the respective task. When it comes to the extent of the personal data used, we will follow the guideline of minimal use of data.

Personal data of members may only be passed on to other club members with the consent of the person concerned. The use of participant lists, in which the participants of meetings and other events register for example as proof of attendance, is not regarded as such a publication.

d) Disclosure of member data to third parties

We only pass on your personal data to third parties if:

you have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a DSGVO, the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data, for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. a DSGVO is necessary for the disclosure of your data pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO. 6 para. 1 sentence 1 lit. c DSGVO, this is legally permissible and required according to Art. 6 para. 1 sentence 1 lit. b DSGVO for the implementation of your membership.

This includes in particular the disclosure of your data to:

  • Service provider for the dispatch of letter mail

  • Service provider for the dispatch of newsletters

  • Service provider for the dispatch of tickets

  • Service provider for the provision of IT services

  • Service provider for the provision of individual jerseys

  • Service provider for debt collection

  • Advertising partners for publication in the media

  • Media companies for advertising purposes of the association

  • Regional professional associations for participation in competitions, tournaments and games

  • External trainers for individual supervision and implementation of the program

  • SV Werder Bremen GmbH & Co KG aA (WERDER) for storage in a central database

  • Debt collection companies and lawyers for the purpose of asserting any claims.

4. Storage of Personal Information in a Central Database

a) Central Storage

When you register with us, we store the information that we collect in a central database, which is operated by SV Werder Bremen GmbH & Co KG aA. All companies in the WERDER BREMEN Group use the database to provide services.

Companies in the WERDER BREMEN Group Currently Include:

Sport-Verein „WERDER" von 1899 e.V.
SV WERDER BREMEN GmbH & Co KG aA
WERDER BREMEN Merchandising GmbH
WERDER BREMEN Payment GmbH

b) Why Is the Information Stored Centrally?

Our online services are based on a customer system used by all companies within the WERDER BREMEN group, which access a central database through this system. This system allows us to work more efficiently and effectively, provides better protection of data against third parties, and avoids duplicate records. For you, our system becomes more user-friendly. As a user, you can gain access to all of WERDER’s services with a single registration. You create your profile with a username and password once and can also use it in other service areas if you wish. The WERDER BREMEN group constitutes a corporate group within the meaning of Article 4 (19) GDPR. The central storage of data within our group serves our legitimate interest in the central internal administration of data.

5. Fanshop

If you would like to purchase products or services from WERDER in the fanshop, you must provide certain details. We require your name, your address, your e-mail address, and your date of birth to process the contracts you have entered into with WERDER. Further information is voluntary.

You can only pay for services in the fanshop by credit card, therefore we need your credit card data. However, this credit card data is not collected by us, but directly and exclusively through the payment service providers commissioned by us and specialized in the online sector. This also applies to payment providers such as PayPal and Instant Transfer. As soon as you select this, you will be redirected to the respective page, where other data protection regulations may apply. Please refer to the respective privacy policies.

A purchase in our fanshop is possible with or without registration. The data we collect to process the purchase is not stored in the central database (see section 3), but only recorded and stored in the shop system to fulfill our contract with you.

If you order goods from WERDER that are to be delivered to you, we pass on your name and your address to the respective delivery service. This is done so that the goods arrive safely with you and the contract between you and Werder can be fulfilled.

If you enter into a purchase contract with third parties and WERDER mediates and/or processes this contract, we pass on your name, your address, your telephone number, and your e-mail address to these third parties for the purpose of executing the contract (e.g., shipping of goods, invoicing).

6. For season ticket holders: No-Shows:

If WERDER decides voluntarily and without obligation to grant season ticket holders a pre-emptive right for the purchase of a season ticket for the following season, such a pre-emptive right is exercisable only for those season ticket holders whose legitimate use for attending at least fifteen (15) home games in the previous season has been registered by the digital admission control at the stadium, either by the holder or a third party. For the purpose of usage verification, it is digitally recorded according to data protection regulations at the admission control whether the respective season ticket was used for the respective home game. Information about the person using the ticket is neither collected nor processed. The processing of personal data associated with the recording (number and authorized holder of the season ticket, use/non-use) takes place to protect the legitimate interests of WERDER on the basis of Article 6 (1) (f) GDPR. The legitimate interest lies in the sporting and economic interest of having as many spectators present as possible as well as a fair distribution of season tickets. The data is stored for up to three months after the end of the relevant season for proof purposes and then anonymized or deleted for statistical purposes.

7. Newsletter

If the WERDER newsletter is subscribed to, the data entered in the respective input form will be transmitted to the data controller. When registering for the newsletter, the user’s IP address as well as the date and time of registration are stored. This serves to prevent misuse of the services or of the email address of the data subject. The data will not be passed on to third parties, except where there is a legal obligation to do so. The data will be used exclusively for sending the newsletter. The newsletter is sent on the basis of your consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

When registering for the newsletter, you consent to us sending a newsletter to your email address. During registration, you agree to the following consent text:

'I hereby consent to one of the organizations of Werder Bremen sending me emails to the email address I have provided for the purpose of sending information about SV Werder Bremen. The organizations of Werder Bremen are: Sport-Verein ‘WERDER’ von 1899 e.V., SV Werder Bremen GmbH & Co KG aA, Werder Bremen Merchandising GmbH. I have the right to withdraw this consent at any time with effect for the future. I have read and taken note of the privacy policy with further information on data processing.'

You may withdraw this consent at any time with effect for the future by unsubscribing from the newsletter. To do so, log in to your user profile at www.werder.de, go to “My Data,” and unsubscribe from the newsletter, or click the unsubscribe link “Unsubscribe from this newsletter” at the bottom of the newsletter. You will then be automatically removed from the mailing list.

Registration for our newsletter takes place using a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. To provide proof of newsletter registrations, the time of registration and confirmation as well as the IP address are stored.

The statistical collection, analysis, and logging of the registration process are carried out on the basis of legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR). The legitimate interest lies in the proper and technically flawless execution of the email dispatch.

We store your email address, which you provided when subscribing to the newsletter, only for as long as you are subscribed to the newsletter. Once you unsubscribe, we delete your email address.

8. Advertising

If you have expressly consented to the use of your data (in particular your email address) by the companies of the WERDER BREMEN group for advertising and marketing purposes, your data may also be shared within the WERDER BREMEN group (see above, section 3 a)) and used to provide information about member and promotional campaigns as well as offers from WERDER sponsors. No data will be passed on to third parties outside the WERDER BREMEN group. You may withdraw your consent at any time. We will inform you of this right separately with each advertising communication.

9. Competitions

WERDER collects and processes personal data of participants in competitions to the extent necessary for the execution of the competitions. Participation in competitions requires the provision of the participant’s name and email address as well as the participant’s consent to receive advertising from WERDER for WERDER products and information. You have the right to withdraw your consent at any time from WERDER. You will also be informed of this right in the advertising emails. Where we obtain consent from the data subject for processing personal data, Article 6(1)(a) GDPR serves as the legal basis. For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis.

WERDER processes and stores personal data of the data subject only for as long as is necessary to achieve the purpose of processing. In the case of advertising consent, processing continues until consent is withdrawn. Storage may also occur if this is provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. As soon as the purpose of storage no longer applies or a statutory retention period expires, personal data are routinely blocked or deleted. We delete the data of participants who did not win within 6 months after the announcement of the winners, unless we have consent to process their personal data beyond the execution of the competition. The data of the winners are stored for 6 years for verification purposes.

10. Disclosure of Data to Third Parties

Our main area of activity is and remains football. For this reason, we use the services of external experts for the technical operation, maintenance, and further development of our online offerings. Our external service providers are obligated to comply with data protection regulations.

WERDER has commissioned third parties to handle certain data processing operations on behalf of WERDER. To fulfill these service contracts, data are therefore shared with third parties. By concluding data processing agreements, WERDER ensures that the service providers comply with data protection regulations. Service providers are used for the following data processing operations:

  • Processing of sales in the online shop (payment systems, logistics service providers)

  • Sending of postal mail

  • Sending of newsletters

  • Conducting of competitions

  • Sale and dispatch of tickets

  • Provision of IT services

If you enter into contracts with third parties and WERDER mediates and/or manages the conclusion of such contracts, we will forward your contact details to these third parties for the purpose of executing the contract.

Your data will generally not be passed on to third parties for their advertising purposes, unless you have given your consent in accordance with section 7.

11. Information on the Issuance and Top-Up of the Werder Payment Card (WERDER CARD)

  • When the WERDER CARD is issued, no personal data are collected; the issuance is carried out “anonymously.”

  • If you top up the card by paying cash, no personal data are collected either. Only the information that the paid amount has been credited to the card with the specified card number is stored on the chip of the card.

  • If you top up your WERDER CARD at one of our top-up stations using a debit or credit card, the data read from your card are sent directly to the relevant payment service provider. No data are stored by us. If the top-up amount is accepted, it is stored on the chip of the WERDER CARD.

  • If you top up your WERDER CARD online via werder.de, the data you provide are not stored by us but are sent directly to the relevant payment service provider.

  • The sales made using a WERDER CARD cannot be attributed to any specific individual.

12. 12. Social Plugins of Social Networks

As part of our online presence, we may use so-called share buttons from the social networks Facebook, Twitter, and Google+ (“networks”). The share buttons can be recognized by the corresponding share logo and the label “SHARE.” When you click on this, the three network logos appear.

To best protect your data, the share buttons are integrated into our website in such a way that they are only activated when you click on the button with the respective network’s logo. Only after activation by clicking on the logo button is a connection established with the servers of the respective social network. Therefore, no data are transmitted simply by visiting the page.

When you activate a button, your browser establishes a direct connection to the server of the respective network operator. The content of the share button is transmitted directly from this operator to your browser and integrated into the website by it. This allows the network operator to receive the information that you have accessed the corresponding page of our website. If you are logged into the respective network at that time, your visit to our website can be associated with your account. If you do not wish this, you should log out of the network before clicking the logo share button.

By clicking the respective share button, you consent to the transfer of your usage data and, where applicable, your profile data from the respective social network (if you are logged in at that time) and to the transfer of this data to the USA.

For details on the purpose and scope of data collection, as well as the further processing and use of the data by the networks, and your rights and settings options to protect your privacy, please refer to the privacy policies of the respective network operators:

13. Options for Contacting Us

On the website www.werder.de, there is a contact form that can be used for electronic communication. To use the contact form, you must enter your name, email address, subject, and message so that we can process and respond to your inquiry. You may also optionally provide your membership number to help us identify you. Providing a contact form serves our legitimate interests, as it allows us to offer more ways to get in touch with you.

Alternatively, you can contact us via the provided email address. If a data subject contacts the controller through one of these channels, the personal data transmitted by the data subject are automatically stored. The storage is solely for the purpose of processing or contacting the data subject. The data will not be passed on to third parties. Data usage is based on our legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). We have an interest in offering our visitors as many contact options as possible and responding to them promptly.

14. Redirects to Other Web Services

To expand our range of services, our website contains links to other websites operated by different providers. Please refer to the respective providers’ privacy policies to find out whether and to what extent our advertising partners collect personal data. You can recognize a redirect by the fact that a new browser window opens and a new address appears in the browser’s address bar.

15. Online Applications

It is possible to apply online for current job openings at Werder Bremen via https://karriere.werder.de. You may also send applications to Werder Bremen Merchandising GmbH by post or email (email address: personal@werder-fanwelt.de). You can use this email address to send your application to Werder Bremen Merchandising GmbH and may also attach application documents.

Providing these email addresses for applications serves our legitimate interests in creating an additional way to submit applications and in reaching a wider pool of potential applicants. Alternatively, you may also submit your application in writing by post. The storage of the collected data is solely for the purpose of conducting the application process. The storage period is a maximum of 6 months after the end of the application procedure. Data are only shared with third parties within the scope described in section 8. Unsolicited applications received electronically (by email) are generally deleted immediately after receipt. However, we reserve the right to store application documents for up to 12 months for potential future contact if our legitimate interests indicate that a suitable position may arise during that period. By submitting an unsolicited application, you also consent to this storage. You have the right to withdraw your consent to storage at any time by sending an email to personal@werder.de. Applications sent by post to Werder Bremen Merchandising GmbH will be returned to the applicants after the end of the application process.

WERDER uses the portal of the Federal Employment Agency (Bundesagentur für Arbeit, BA) to increase the reach of job postings. For applications submitted to us via the BA portal, the BA’s data protection regulations apply additionally.

16. Your Rights as a Data Subject

If WERDER processes your personal data, you are a data subject within the meaning of the General Data Protection Regulation (GDPR), and you have the following rights vis-à-vis WERDER as the data controller:

16.1 Right of Access

You have the right to obtain confirmation from the controller as to whether or not personal data concerning you are being processed.

Where such processing exists, you have the right to request information from the controller about the following:

  1. the purposes for which the personal data are being processed;

  2. the categories of personal data being processed;

  3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

  4. the planned duration of the storage of the personal data concerning you, or, if specific details are not possible, the criteria used to determine the storage period;

  5. the existence of the right to rectification or erasure of the personal data concerning you, the right to restriction of processing by the controller, or the right to object to such processing;

  6. the existence of a right to lodge a complaint with a supervisory authority;

  7. any available information about the source of the data, if the personal data were not collected from the data subject;

  8. the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR, and—at least in such cases—meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

You have the right to be informed whether personal data concerning you are transferred to a third country or an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

16.2 Right to Rectification

You have the right to obtain from the controller the rectification and/or completion of personal data concerning you, if such data are inaccurate or incomplete. WERDER must carry out the rectification without undue delay.

16.3 Right to Restriction of Processing

You have the right to request the restriction of processing of personal data concerning you under the following conditions:

  1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

  2. the processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of their use;

  3. WERDER no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims; or

  4. you have objected to processing pursuant to Article 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

Where the processing of personal data concerning you has been restricted, such data—apart from being stored—may only be processed with your consent, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been applied under the above conditions, you will be informed by the controller before the restriction is lifted.

16.4 Right to Erasure

16.4.1.You have the right to request from WERDER the immediate deletion of personal data concerning you, and WERDER is obliged to delete such data without undue delay if one of the following reasons applies:

  1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

  2. You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.

  3. You object to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.

  4. The personal data concerning you have been unlawfully processed.

  5. The deletion of the personal data concerning you is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject.

  6. The personal data concerning you have been collected in relation to the offer of information society services pursuant to Article 8(1) GDPR.

16.4.2. If WERDER has made the personal data concerning you public and is obliged to delete them pursuant to Article 17(1) GDPR, WERDER, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform other controllers processing the personal data that you, as the data subject, have requested the deletion of all links to, or copies or replications of, such personal data.

16.4.3. The right to erasure does not apply where processing is necessary

  1. for exercising the right of freedom of expression and information;

  2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

  3. for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;

  4. for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) GDPR, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

  5. for the establishment, exercise, or defense of legal claims.

16.5 Right to Notification

If you have exercised your right to rectification, erasure, or restriction of processing with the controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed by WERDER about those recipients.

16.6 Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to WERDER, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data were provided, where

  1. the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR, and

  2. the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.

The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

16.7 Right to Object

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. WERDER shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You may exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.

16.8 Right to Withdraw Consent

You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

16.9 Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing—including profiling—which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for entering into, or performance of, a contract between you and WERDER,

  2. is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or

  3. is based on your explicit consent.

However, such decisions must not be based on special categories of personal data referred to in Article 9(1) GDPR unless Article 9(2)(a) or (g) applies and suitable measures have been taken to protect your rights and freedoms and legitimate interests.

In the cases referred to in (a) and (c), WERDER will implement appropriate measures to safeguard your rights and freedoms and legitimate interests, which shall include at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

16.10 Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Version 5.2, Bremen, March 2025