Discover FESA's Evolution: From O.P.A. to a Continental Leader. Learn more on our About FESA page.
This privacy policy applies to the website www.fesa.ski (hereinafter "website") offered by us as well as our offers communicated and/or usable via it.
The protection of your privacy is implicit and very important to us. Legal requirements demand comprehensive transparency regarding the processing of personal data. Only if the processing is comprehensible to you as the data subject are you sufficiently informed about the meaning, purpose and scope of the processing. Below, we provide you with detailed and comprehensive information about the handling of your data and your rights in relation to your personal data that we process when you use our website and in the context of our other offers and products. Personal data is any data with which you can be personally identified.
1. Name and address of the responsible person
Responsible for the processing of your personal data on the website within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (hereinafter "GDPR") is
Federation of European Ski- and Snowboard Associations (FESA) e.V., Haus des Ski,
Hubertusstraße 1, 82152 Planegg, Landkreis München, Deutschland [= district Munich, Germany]
Represented by the President and one Vice President or Secretary General jointly or by the two Vice Presidents.
Email: hello@fesa.ski
2. General information on data processing
2.1 Type and scope of the processing of personal data
We process personal data only to the extent permitted by law and in particular to the extent necessary to provide a functional website and, where applicable, our other offers and products.
2.2 Legal basis for the processing of personal data
Insofar as we obtain your consent for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which you are a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our association is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. In the event that your vital interests or those of another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis for this.
If the processing is necessary to safeguard a legitimate interest of our association or that of a third party and if the interests, your fundamental rights and freedoms do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
2.3 Deletion of data and retention period
The personal data processed by us for the purposes described below will generally be deleted or protected/blocked by technical measures (e.g. anonymization) as soon as the purpose of the processing no longer applies. This also occurs when a prescribed storage period expires, unless there is a requirement for further storage of the personal data for other storage purposes.
Unless we are legally obliged to store the data for a longer period (e.g. due to retention obligations under tax or commercial law) or to disclose it to third parties (in particular law enforcement authorities), the decision as to which personal data we process depends on which functions of the website or other offers and products you use in each individual case.
2.4 Forwarding / external links
Be advised that links on our website may forward you to other websites that are not operated by us, but by third parties. Such links are either clearly marked by us or are recognizable by a change in the address line of your browser. If these websites are not operated by us, we are not responsible for compliance with data protection regulations and the secure handling of your personal data on any websites operated by third parties.
3. Access to and general use of our website
3.1 Server log files
When you visit our website, the browser on your device automatically sends information to the respective server of our website. This information is temporarily stored in a log file ("server log file"). The following information is recorded and stored until it is automatically deleted:
-
IP address of the requesting computer shortened by the last octet,
-
date and time of access,
-
name and URL of the retrieved file,
-
website from which access is made (referrer URL),
-
the browser used and, if applicable, the operating system of your computer and
-
the name of your access provider.
We process the aforementioned data for the following purposes:
-
to ensure a smooth connection to the respective website,
-
to ensure comfortable use of our website,
-
to check and ensure system security and stability and
-
other administrative purposes.
Your IP address is collected in particular for the detection of malware and bots, for retrospective observation and analysis of attacks and unauthorized access attempts and for blocking IP addresses that result in a high load on our website due to particularly high call density on an item of content.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest follows from the aforementioned purposes of data collection. Under no circumstances do we use the data collected for the purpose of reaching conclusions about you. We routinely delete this data after six (6) months at the latest, or in any case after the purpose of processing no longer applies. We do not merge this personal data with any other data sources. Disclosure only takes place insofar as this is necessary for the operation of our website with regard to processors in accordance with Article 28 GDPR, e.g. with storage by our host provider. We reserve the right however to check the server log files retrospectively if there are concrete indications of illegal or inappropriate use of our website.
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website (see Art. 21 (1) GDPR). Consequently, there is no possibility for the user to object. It is not possible to visit our website without the above-mentioned data processing.
3.2 Contact request
If you send us an email using the contact function provided on our website or contact us via any other communication channel, the personal data you provide in this context will be processed by us. In this case, the personal data transmitted with the email or message and provided by you (name, email address, your IP address and the date and time of the contact request) will be stored.
This information is transmitted by your email client or other communication channel and processed in our IT systems. The processing of this personal data is necessary to respond to your request.
The legal basis for this data processing is our legitimate interest in responding to your request within the meaning of Art. 6 para. 1 lit. f GDPR. If, after you have contacted us, a contract is concluded with us in relation to the use of the platform, the further processing of your personal data is based on the legal basis of Art. 6 para. 1 lit. b GDPR.
The personal data will be processed for as long as is necessary to respond to your request. If your request leads to the conclusion of a contract at a later date, the data will be processed for as long as this is necessary to carry out pre-contractual measures or to fulfill the contract. If no contract is concluded, the personal data will be routinely deleted every six (6) months at the latest. We do not merge your personal data with other data sources and your personal data will not be disclosed to third parties.
The provision of your personal data in connection with sending us an email or contacting us via another communication channel is voluntary, so please only provide the personal data that you consider necessary to reply to your request.
3.3 Newsletter
If we offer the subscription to our newsletter on our website and you subscribe to our newsletter via the designated channel, you agree to the receipt and the procedure as described.
To subscribe to the newsletter, we request you enter your name and email address. The registration for our newsletter is carried out in a “double opt-in” procedure: after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent registration with third-party email addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address.
The data entered in the registration form for our newsletter will be used by us exclusively for sending out our newsletter, in which we provide information about all our news and current services.
The newsletter and the performance measurement associated with it are sent on the basis of the consent of the recipients in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR or, if consent is not required, on the basis of our legitimate interests in direct marketing in accordance with Art. 6 para. 1 lit. f GDPR.
The registration process is logged on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. It is important to us to deploy a user-friendly and secure newsletter system that serves both our interests in public relations work and the expectations of users, and also allows us to provide proof of consent.
You can unsubscribe from our newsletter at any time, i.e. revoke your consent at any time without giving a reason and without any drawbacks. You will find a link to unsubscribe from the newsletter at the end of each newsletter. Your data will be deleted by us immediately after you unsubscribe. We will also delete your data immediately if you do not complete your registration. We reserve the right to delete your data without giving a reason and without prior or subsequent notification.
3.4 Social media buttons and accounts
We also use social networks, in particular "Facebook" and "Instagram" (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta")), or "LinkedIn" (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn")) - collectively "social networks".
Buttons/plugins
Social network plugins/buttons may be integrated on our website. You can recognize these plugins/buttons by the logo of the respective social network.
The providers of the social networks may have their registered office (usually via the parent company) outside the EU or the EEA, in which case an adequate level of data protection in accordance with the GDPR may therefore not be guaranteed. However, in order to guarantee data protection on our website, we only use such buttons/plugins for social networks if you have given your consent as part of the cookie consent tool (see section 4.4.) or in connection with the "two-click" solution. This application prevents the buttons/plugins integrated on our website from transferring data to the respective social network provider as soon as you enter the website for the first time. Only when you have given your express consent using the opt-in function via the cookie consent tool (see section 4.4.) or activate the respective button/plugin by clicking on the corresponding button will a direct connection to the server of the respective social network provider be established. As soon as you activate the button/plugin, the respective provider of the social network can receive the information that you have visited our website with your IP address. If you are logged into your respective social media account (e.g. Facebook or Instagram) at the same time, the respective provider of the social network can assign the visit to our website to your user account.
Opting in via the cookie consent tool (see section 4.4.) or activating the button/plugin implies consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke both express and implied consent at any time with immediate effect for the future.
Account
We also operate our own accounts on social networks and process your personal data to protect our legitimate interests in providing up-to-date information and interaction opportunities in accordance with Art. 6 para. 1 lit. f GDPR.
If you visit our social network accounts, your personal data will also be processed by the respective provider of the social network.
If this information is used by the respective provider of the social network to provide us, as the operator of an account, with statistical information such as gender and age distribution about the use of the respective page or to display further information or advertisements on Facebook according to your preferences, we are jointly responsible with the respective provider of the corresponding social network (Meta and LinkedIn) for the data processing operations within the meaning of Art. 26 GDPR. We have therefore concluded a joint controllership agreement with these social network providers (Meta and LinkedIn) in accordance with Art. 26 (1) GDPR.
The rights of data subjects under GDPR (see section 6 et seq.) can therefore be asserted by the user against both joint controllers, i.e. against us and the respective providers of the social networks (Meta and LinkedIn). Note that despite our joint responsibility with the operators of these social networks in accordance with Art. 26 GDPR, we have no full influence on the data processing of the individual social networks. The corporate policy of the respective provider has a significant influence on our options. In the event of the assertion of data subject rights, we could only forward these requests to the operator of the social network.
Because your data may be transferred to countries outside the European Union (via the parent company), in particular with regard to data processing by Meta, the above-mentioned contract with these social network providers contains the EU standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR. In addition, Meta's parent company, which is based in the USA, is certified in accordance with the EU-US Data Privacy Framework (Art. 45 GDPR).
Own data protection information
Further information on the purpose, scope and further processing and use of the data by the social networks as well as your rights in this regard and options for protecting your privacy can be found in the data protection information at:
-
Meta (Facebook and Instagram): facebook.com/policy.php and at help.instagram.com/155833707900388 and instagram.com/about/legal/privacy/
4. Website cookies
In order to make visiting our website attractive and to enable the use of certain functionality, we use “cookies” on the various pages of our website. These are small text files that are stored on your end device and have various functions. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in the cookie that is generated in connection with the specific terminal device used. However, this does not mean that we obtain direct knowledge of your identity. Some of the cookies we use are deleted again at the end of the browser session, i.e. after you close your browser (“session cookies”). Other cookies remain on your end device and enable us or our partner companies (“third-party cookies”) to recognize your browser on your next visit (“persistent cookies”). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a certain period of time, which can vary depending on the cookie. There are also cookies that are used to evaluate user behavior or display advertising (“analysis” or “marketing cookies”).
We use technically necessary cookies as well as analysis and marketing cookies on our website. These are always visible under the "Cookies" button or a correspondingly marked button at the bottom of the website via our cookie consent tool.
4.1 Purpose of the use of cookies
The purpose of using technically necessary cookies is to ensure the functionality and services of the website and to make it easier for users to use the website and thus ensure user-friendliness. Some functions of our website cannot be offered without the use of cookies.
Marketing and analysis cookies are used to collect statistical data on website usage and to analyze it in order to improve the offer and thus evaluate user behavior or display advertising.
4.2 Legal basis for the use of cookies
With regard to functional or technically necessary cookies, the legal basis is our legitimate interest in the above-mentioned factors in accordance with Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimized provisioning and essential functions of our website.
Marketing and analysis cookies are only created by us if we have obtained your prior consent. The legal basis for this is Art. 6 para. 1 lit. a GDPR.
4.3 Duration of the use of cookies
Cookies are stored on your end device and transmitted from it to our website. As a user, you therefore have full control over the use of cookies. Our cookies are stored in your browser until they are deleted or, if it is a session cookie, until the session has expired. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent. You can use the following links to find out about this option for the most commonly used browsers:
-
Microsoft Internet Explorer: support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
-
Mozilla Firefox: support.mozilla.org/de/kb/Cookies-blockieren
4.4 Cookie consent tool
We use a consent management tool on our website to request consent for data processing or the use of cookies or comparable functions (via a pop-up when you visit our website). You can use the consent management tool to give or refuse your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, statistical analysis, range measurement and personalized advertising. You can use the consent management tool to give or refuse your consent for all functions or give your consent for individual purposes or individual functions. You can also change the settings you have made at a later date or withdraw your consent completely. The purpose of integrating the consent management tool is to allow users of our website to decide on the aforementioned and to offer the option of changing settings that have already been made as part of the continued use of our website.
In the course of using the consent management tools via the website, the following personal data is transferred to the respective providers mentioned above:
-
Your consent(s) or the withdrawal of your consent(s)
-
Your IP address
-
Information about your browser
-
Information about your end device
-
Time of your visit to the website
The legal basis for the use of the consent management tool is Art. 6 para. 1 lit. c GDPR, as this obtains the legally required consent for the use of certain technologies.
4.5 Cookies that are processed if you give us your consent
You can find an overview of the cookies we use, as well as information about each of them and setting options in the list of the consent management tool.
There you can see whether it is a first-party cookie (placed by our server) or a third-party cookie (placed by the server of a third party or processor). Further information on data processing by third parties when setting cookies (third-party cookies) can be found in the data protection notices of the respective providers, which are linked in the information in the consent management tool.
You can change the cookie settings at any time by clicking "Cookies" or the corresponding button at the bottom of our website.
5. Data transmission
Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:
-
you have given express consent in accordance with Art. 6 para. 1 lit. a GDPR,
-
this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b GDPR,
-
there is a legal obligation for disclosure pursuant to Art. 6 para. 1 lit. c GDPR,
-
the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data or
-
this is carried out by a service provider acting on our behalf and on our exclusive instructions, whom we have diligently selected (Art. 28 para. 1 GDPR) and with whom we have concluded a corresponding contract for commissioned processing (Art. 28 para. 3 GDPR), which obliges our contractor to implement appropriate security measures, among other things, and grants us comprehensive control powers.
Transmission to service providers in accordance with lit. e) for the purpose of order processing takes place in the following areas: technical provision and programming of the website, user communication, provision of software as a service, cookie consent tool.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if one of the above-mentioned legal bases exists and the special requirements of Art. 44 et seq. GDPR are ensured. I.e. the processing is carried out, for example, on the basis of an adequacy decision pursuant to Art. 45 GDPR and/or special guarantees, such as compliance with officially recognized contractual obligations pursuant to Art. 46 para. 2 lit. c GDPR ("EU standard contractual clauses" pursuant to the implementing decision of the European Commission (EU) 2021/914 of 4 June 2021).
6. Rights of data subjects and right of appeal
As a data subject whose personal data is processed, you have the right
-
to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been, or will be, disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
-
in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
-
in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
-
in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
-
in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller, and
-
to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office.
The supervisory authority responsible for our registered office is the
Bavarian State Commissioner for Data Protection
Wagmüllerstrasse 18
D-80538 Munich
P.O. Box: 22 12 19, 80502 Munich
Phone: +49 (0) 89 212672-0
Fax: +49 (0) 89 212672-50
To assert your rights as a data subject, with the exception of the right to lodge a complaint with the supervisory authority, simply send an email to hello@fesa.ski.
7. Right of revocation for consent-based processing
If your personal data is processed on the basis of consent in accordance with Art. 6 para. 1 lit. a GDPR, you have the right to withdraw your consent at any time without giving reasons. As a result, we may no longer continue the data processing that was based on this consent in the future. However, the withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.
If you wish to exercise your right of withdrawal, simply send an email to hello@fesa.ski.
8. Right to object
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation.
If your objection is directed against direct advertising, you have a general right to object; no justification is required in these cases.
If you wish to exercise your right to object, simply send an email to hello@fesa.ski.
9. Data security
We use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. We continuously adapt our security measures in line with technological developments. We use the standard SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can identify whether an individual page of our website is transmitted in encrypted form by the key or lock symbol in the lower status bar of your browser.
However, we would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security holes and complete protection of data against access by third parties is not possible.
10. Up-to-dateness and updates to this privacy policy
This privacy policy is valid as of October 2024. Due to the continued development of our website and offers or due to changes to legal or official requirements, it may be necessary to update this privacy policy. You can access and print out the current privacy policy at any time by clicking on this link.
Valid as of: October 2024