Privacy Notice
Legal Notice

fussballicon

Our top offers

header-graphic

Protecting your personal data is of great importance to us. That is why it is an established part of our corporate objectives. We thank you for entrusting your important data to us and would like to be transparent about how these data are used.

This is an information page as part of our legal notice. The confidentiality and integrity of your personal data are of particular importance to us. The legal basis for our data protection notice is the EU GDPR and the German Federal Data Protection Act (BDSG-neu).

Who is responsible for data processing?

Please note that in addition to the customer service department the group companies are also responsible for data processing within the SOCCA Group. This means that your personal data can be processed legitimately by both the customer service department and the group companies.

If you have any questions regarding the processing of your personal data, please contact the customer service department or the Data Protection Officer at the SOCCA Group:

SOCCA Holding GmbH & Co. KG
Mangfallstr. 37
83026 Rosenheim
Germany

datenschutz[a]socca[dot]de
+49 8031 23789-10 (Monday to Friday from 08:00 until 18:00)

When does SOCCATOURS collect and process personal data?

We collect and process your personal data in the following cases:

  • If you contact us directly, for example through our website or our customer service department, and you are interested in our products or services or have another enquiry.
  • If you enter data yourself in our online forms, for example for SOCCAMATRIX® or SOCCASHAPE®.
  • If you buy or book products directly from us.
  • If you purchase services directly from us.
  • If you respond to our direct marketing activities, for example when you fill out a response card or submit your information online on a landing page.
  • If your personal data are provided to us by travel agents or agencies on your behalf.
  • If other group companies and individual business partners who offer products and services on our behalf provide us with your personal data with your consent.
  • If third parties (for example certified address providers) provide your personal data with your consent.
  • If you send us your application documents.

 

What personal data can be collected by SOCCATOURS?

The following categories of personal data can be collected through the many services and contact channels described in this data protection notice:

Contact data

Name, address, telephone number, e-mail address.

Contractual data

Customer number, contract number, services booked, products and services, payment information (for example account and credit card number), the personal details of your fellow travellers, information about the travellers, passport data, other identification information.

Personal data and interests

Information that you provide yourself, for example your date of birth, education, household size, occupation, sports activities, sports career, support of professional clubs as a fan, club memberships, coaching activities.

Online account data

The password you have chosen yourself, information provided by you for SOCCAMATRIX® (for example information for assignment to a travel group for the purpose of training camps or tournaments) and SOCCASHAPE, your feedback, testimonials and reviews, and your contributions to customer surveys.

Other sources of personal data

We may use personal data from other sources, for example from companies that provide information and data, trading partners or from public registers. Your insurance company, its representatives and medical employees may share relevant personal information and special categories of personal information with us in circumstances where we/they need to act on your behalf, in the interest of other customers or in an emergency. If you log in using your access data for a social network in order to connect to our platforms and online services such as Facebook, Google+ or Twitter, you agree to share your user data with us, for example your name, your e-mail address, your date of birth, your location and other information that you would like to share with us. We may use surveillance camera recordings, IP addresses and browser data collected at or in the immediate vicinity of our business premises, shops, other buildings and sports facilities.

Use of websites and communication

Information about how you use the website (for example travel preferences, the destinations you are most interested in) and whether you open or forward communications from us, including data collected via cookies and other tracking technologies. Further information can be found in our cookie guidelines.

Transaction and interaction data

Information regarding products and services purchased, interactions with the SOCCATOURS® customer service department (your enquiries and complaints) and partners, subsidiaries or affiliates, and participation in market research studies.

Creditworthiness and identity information

Data to establish your identity such as passport numbers (for example for issuing airline tickets), nationality (for example for issuing visas to enter other countries), plus information about transactions, any outstanding payments owed to us, information about fraud, criminal activities, suspicious transactions, politically exposed persons and sanctions lists in which your data is included.

Personal data about other people which you pass on to us

We use the personal information you provide about other persons, for example other information on your booking. When passing on the personal data of other persons, you must be sure that they agree to this and that you are allowed to pass on the data. You should also ensure, where appropriate, that these persons are aware of how we might use their personal data.

For what purposes are your data processed?

We need your personal data for the following purposes:

  • To provide you with products and services as well as information upon request.
  • To identify you when you contact us.
  • To help us to improve the quality of our products and services.
  • To be able to offer you products and services.
  • To improve communication with you and to provide you with a more individual service.
  • To comply with legal regulations, for example those designed to prevent fraud and money laundering.
  • For other purposes, only if this is necessary and permitted by law.


In most of these cases, you can opt out of the use of your data, for example by revoking your data protection consent or no longer using a particular service. You can do this by contacting our customer service department for example.

However, there are also cases in which you cannot object to the use of your data, subject to legal provisions to the contrary:

  • If there is a contract between you and us.
  • In the case of overriding legal regulations.

We may pass on your data to the following companies outside the SOCCA Group for the aforementioned purposes. However, we will inform you about this where appropriate and, if necessary, obtain your consent:

  • To travel agencies and agencies through which you booked with us.
  • To carefully selected and vetted business partners with whom we work to provide you with products and services. We do this for the SOCCA! Group only in accordance with the strict requirements which apply to commissioned data processing.


We do not pass on your data to third parties, with the following exceptions:

  • If we are obliged to provide information in order to comply with legal requirements.
  • In the event of the sale of one or more of the SOCCA Group's businesses to a company to which we transfer our rights, in compliance with any existing agreements with you.
  • If legally permissible and necessary, for example to prevent fraud.


In order for you to travel, it may be necessary (required by law by the authorities at the relevant point of origin and/or destination) to disclose and process your personal data for immigration, border control, security and counterterrorism purposes or other purposes deemed to be appropriate. Certain countries will only grant travel authorization if you provide your extended passenger data (for example Caricom API data and US Secure Flight data). These requirements may vary depending on your destination and we recommend that you check this on a case-by-case basis. We would be happy to assist you, even if we are not obliged to do so. We may share the minimum necessary personal data with other authorities if the law requires us to do so or we are legally permitted to do this.

 

Social media features

Our websites or mobile apps may include features of social media such as Facebook, Twitter, Google+ or Pinterest which have their own data protection policies.

We use the following plug-ins on our websites: Facebook, Twitter and GooglePlus. If you do not want social networks to collect data about you via active plug-ins, you can select the “Block third-party cookies” option in your browser settings. Your browser will then not send cookies to the server for embedded third-party content. With this setting, however, the plug-ins and other functions used across websites may no longer work.

If these plug-ins are activated, your browser will establish a direct connection with the servers of the relevant social network as soon as you access a page on our website. The content of the plug-in is transferred from the social network direct to your browser which in turn incorporates it into the website. When plug-ins are incorporated, the social network receives the information that you have accessed the corresponding page on our website. If you are logged in to the social network, it can link your visit to your account. If you interact with the plug-ins, for example by clicking on the “Like" button on Facebook or leaving a comment, the relevant information is transferred from your browser to the social network and saved there. Information regarding the purpose and scope of data collection, the further processing and use of data by social networks as well as your rights and the settings options available to protect your privacy can be found in the data protection policies of the relevant networks or websites. The links for this can be found below.

Even if you are not logged in to the social networks, data can be sent to the networks from websites with active social plug-ins. An active plug-in sets a cookie with an identifier each time the website is accessed. Because your browser sends this cookie without being asked every time that you connect to a network server, the network could in principle use it to create a profile of which web pages the user belonging to the identifier has accessed. It would be possible to link this identifier to a specific person again, for example when logging in to the social network later.

Incorporation of Facebook social plug-ins

Social plug-ins (“Plug-ins”) for the facebook.com social network operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) are incorporated into our website. Information regarding the purpose and scope of data collection, the further processing and use of data by Facebook as well as your rights and the settings options available to protect your privacy can be found in the Facebook data protection policy: facebook.com/policy.php. You can block Facebook social Plug-ins with add-ons for your browser, for example with the “Facebook Blocker”.

Incorporation of Google Plus Plug-ins

Social Plug-ins (“Plug-ins”) for the Google Plus social network operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”) are incorporated into our website. Information regarding the purpose and scope of data collection, the further processing and use of data by Google Plus as well as your rights and the settings options available to protect your privacy can be found in Google’s data protection policy: google.com/intl/de/policies/privacy/.

Incorporation of Twitter Plug-ins

Social Plug-ins (“Plug-ins”) for the Twitter social network operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”) are incorporated into our website. Information regarding the purpose and scope of data collection, the further processing and use of data by Twitter as well as your rights and the settings options available to protect your privacy can be found in the Twitter data protection policy: twitter.com/privacy.

Incorporation of Pinterest Plug-ins

Plug-ins for the Pinterest social network operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”) are incorporated into our website. You can recognize the Pinterest plug-in by the “Pin it button” on our website. If you click on the Pinterest “Pin it button” while you are logged in to your Pinterest account, you can link the contents of our pages to your Pinterest profile. This will allow Pinterest to link your visit to our pages to your user account. We wish to point out that we do not know what data are transferred to Pinterest or how Pinterest uses these data. Further information can be found in the Pinterest data protection policy: about.pinterest.com/de/privacy.

Incorporation of Instagram Plug-ins

Plug-ins for the Instagram social network operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA (“Instagram”) are incorporated into our website. You can recognize the Instagram plug-in by the “Instagram button” on our website. If you click on the “Instagram button” while you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile. This will allow Instagram to link your visit to our pages to your user account. We wish to point out that we do not know what data are transferred to Instagram or how Instagram uses these data. Further information can be found in the Instagram data protection policy: instagram.com/about/legal/privacy/.

Incorporation of fonts

Fonts from Google Fonts (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)) are incorporated into our website. Information regarding the purpose and scope of data collection, the further processing and use of data by Google as well as your rights and the settings options available to protect your privacy can be found in Google’s data protection policy: google.com/intl/de/policies/privacy/.

Fonts from Font Awesome (Fonticons Inc., 6 Porter Road, Apartment 3R, Cambridge, MA 02140, United States (“Font Awesome”)) are incorporated into our website. Information regarding the purpose and scope of data collection, the further processing and use of data by Font Awesome as well as your rights and the settings options available to protect your privacy can be found in Font Awesomes’s data protection policy: fontawesome.com/privacy.

Incorporation of analysis tools

Google Analytics

This website uses functions from Google Analytics, a web analysis service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We have concluded a contract for commissioned data processing with Google. Google Analytics uses so-called “Cookies”. These are text files which are stored on your computer and allow an analysis of your use of the website. Generally speaking, the information regarding your use of this website generated by the cookie is transferred to one of Google's servers in the USA and stored there. Google Analytics cookies are stored on the basis of Art. 6 (1) (f) of the GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimize both its web offering and its advertising.

IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be abbreviated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transferred to the USA. The full IP address is only transferred to a Google server in the USA and abbreviated there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide other services for the website operator relating to website and Internet use. The IP address provided by your browser for the purpose of Google Analytics will not be linked to other data held by Google.

HotJar

Anonymized data are collected using “cookies” to gather information about users' behaviour on the website.

How does SOCCATOURS protect your personal data?

We use various security measures such as state-of-the-art encryption and authentication tools to protect and maintain the security, integrity and availability of your data. One hundred percent protection against unauthorized access cannot be guaranteed for data transmissions via the Internet or a website but we and our service providers and business partners do our utmost to protect your personal data in accordance with applicable data protection regulations using state-of-the-art physical, electronic and procedural security measures. We use the following measures among others:

  • Strict criteria for authorization to access your data according to the “need-to-know principle” (restriction to as few people as possible) and exclusively for the specified purpose,
  • Data collected are passed on exclusively in encrypted form,
  • Confidential data, for example credit card details, are stored exclusively in encrypted form,
  • Firewall protection of IT systems to protect against unauthorized access, for example by hackers and
  • Permanent monitoring of access to IT systems in order to identify and prevent the misuse of personal data.


If you receive a password from us or have chosen one yourself that gives you access to certain areas of our website or to other portals, apps or services operated by us, you are responsible for maintaining the confidentiality of that password and for complying with any other security procedures of which we notify you. In particular, we ask that you do not disclose your password to anyone.

Security measures for location data

Certain services can only be used if you reveal your location or the location of your mobile device. We take the confidentiality of these location data very seriously. Your location data are therefore protected through the following security measures:

They will only be stored in a form which can be traced back to you or your mobile device for as long as is necessary to fulfil the purpose for which you gave your consent. Data are collected and accessed in this form only if this is necessary to provide the requested service. Data are collected and accessed in this form if we are legally obliged to store and/or hand over the data. Data used to locate your mobile device are linked to other data only when necessary to provide the requested service. We may have access to the data for locating your mobile device through the services we provide.

If location data are used in any other way for analysis purposes, data sets that were anonymized beforehand are used.

How long does SOCCATOURS keep your data?

We will keep your data only for as long as is necessary to fulfil the purposes for which we process your data. If we process data for multiple purposes, they are automatically deleted or stored in a format that does not allow direct conclusions to be drawn about you as soon as the last specific purpose has been fulfilled. To ensure that all your data are deleted again in accordance with the principle of data minimization, SOCCATOURS has come up with an internal deletion concept. The basic principles according to which this deletion concept ensures deletion of your personal data are described below.

Use of data for fulfilment of a contract

To fulfil contractual obligations, data collected from you may be kept for as long as the contract is in force and, depending on the nature and scope of the contract, for 6 or 10 years beyond that to comply with legal retention requirements and to address any enquiries or claims after the contract expires.

There are also contracts for the supply of products and services that make longer retention periods necessary, see also “Use to verify claims” below.

Use to verify claims

Data that, in our opinion, will be necessary to investigate, defend against or bring a criminal prosecution or claim against you, us or a third party may be retained by us for as long as any such proceedings might be brought.

Use for customer service and marketing purposes

For customer service and marketing purposes, the data collected from you may be kept for 3 to 10 years after collection, unless you request deletion of such data and there are no contractual or legal retention obligations that conflict with your deletion request.

Who is granted access to your data internationally and why?

As a company, SOCCATOURS® operates internationally. Personal data are processed for the purpose of organizing and providing package tours by SOCCATOURS® employees, possibly national sales companies, international subsidiaries (Destination Management Companies), SOCCATOURS® partners and service providers commissioned by us.

To support the provision of the listed services, SOCCATOURS® uses a number of service providers who are commissioned by SOCCA Holding GmbH & Co. KG in accordance with the strict data protection requirements during data processing.

Your data protection rights and your right to complain to the data protection authority

If you have any questions regarding our use of your personal data, you should first contact the SOCCATOURS®customer service department – either by e-mail or by calling +49 8031 23789-10 (08:00 - 18:00 daily). You can also contact the Data Protection Officer responsible.

As the person affected by the processing of your data, you can assert certain rights under the GDPR as well as other relevant data protection provisions. The following section gives details of your data subject rights under the GDPR. Depending on the nature and scope of your enquiry, we ask that you send it to us in writing.

Data subject rights

In accordance with the GDPR, you enjoy the following rights as the data subject whose data are processed by SOCCATOURS®:

Right of access by the data subject (Art. 15 GDPR): You can request information about the data we keep on you at any time. This information concerns, among other things, the categories of data we process, the purposes for which we process them, the origin of the data if we have not collected them directly from you, and, if applicable, the recipients to whom we have passed on your data. We can provide you with a copy of your data free of charge. If you require additional copies, we reserve the right to charge you for them.

Right to rectification (Art. 16 GDPR): You can request that we rectify your data. We will take reasonable steps to ensure that the data we hold on you and process on an ongoing basis is correct, complete and up to date based on the most up-to-date information available to us.

Right to erasure (Art. 17 GDPR): You can request that we delete your data, provided that the legal requirements for this are met. In accordance with Art. 17 GDPR, this can be the case if:

  • The data are no longer required for the purposes for which they were collected or otherwise processed;
  • You withdraw your consent, which is the basis for data processing, and there is no other legal basis for the processing;
  • You object to the processing of your data and there are no overriding legitimate reasons for processing, or you object to data processing for direct marketing purposes;
  • The data were processed unlawfully;
  • The processing is not necessary to ensure compliance with a legal obligation requiring us to process your data, in particular with regard to legal retention periods, or to assert, exercise or defend legal claims.


Right to restriction of processing (Art. 18 GDPR): You can request that we restrict the processing of your data if:

  • You dispute the accuracy of the data – for the period of time we need to verify the accuracy of the data;
  • The processing is unlawful and you refuse the erasure of your data and request the restriction of use instead;
  • We no longer need your data, but you need them to assert, exercise or defend legal claims;
  • You have objected to the processing as long as it has not yet been determined whether our legitimate reasons outweigh yours.


Right to data portability (Art. 20 GDPR): At your request, we will transfer your data – if this is technically possible – to another controller. However, you only have this right if the data processing is based on your consent or is necessary to fulfil a contract. Instead of receiving a copy of your data, you can also ask us to transfer the data directly to another party responsible specified by you.

Right to object (Art. 21 GDPR): You can object to the processing of your data at any time on grounds relating to your particular situation, provided that the data processing is based on your consent or on our legitimate interests or those of a third party. In this case, we will no longer process your data. The latter shall not apply if we can demonstrate compelling legitimate grounds for the processing which outweigh your interests or if we need your data to assert, exercise or defend legal claims.

Deadlines for the fulfilment of data subject rights

We shall endeavour to deal with all enquiries within 30 days. However, this deadline may be extended, if necessary, for reasons relating to the specific data subject right or the complexity of your request.

Restriction of information when fulfilling data subject rights

In certain situations, we may not be able to provide you with information about all of your data owing to legal requirements. If we do have to reject your request for information in such a case, we will at the same time inform you of the reasons for the rejection.

Complaints to the supervisory authorities

SOCCATOURS® takes your concerns and rights very seriously. We will deal with your enquiry individually, personally and as quickly as possible. If however you feel that we have not adequately addressed your complaints or concerns, you have the right to submit a complaint to the data protection authorities responsible.

 

Do you have a question?

We are glad to help you!

Marcus Häusler

Do you have a question?