General conditions of participation
Vienna City Marathon

General conditions of participation
VCM Winterlaufserie / Winter Series

Privacy Policy

The Vienna City Marathon and the VCM Winter Running Series are made possible through the cooperation of several organisations that must process your data for this purpose in a coordinated manner:

• The organiser of the Vienna City Marathon and the VCM Winter Running Series is the Sport- und Leichtathletikclub Wien (Sports and athletics club Vienna, SLW), Central Register of Associations (ZVR) no.: 735282923, Akaziengasse 36, 1230 Vienna;
• Enterprise Sport Promotion GmbH, company register no: FN 49412s, is responsible for the operational implementation of all running events in connection with the Vienna City Marathon.
• Vienna City Marathon Marketing & Vertriebs GmbH, company register no: FN 130533k, is responsible for the marketing of all running events in connection with the Vienna City Marathon as well as other events (e.g. Vienna Sports World – Marathon Expo).

These organisations have agreed to distribute the tasks for processing your data and for guaranteeing your right to data protection as follows:

Sport- und Leichtathletikclub Wien (Sports and athletics club Vienna, SLW): organiser of the Vienna City Marathon and the VCM Winter Running Series

Enterprise Sport Promotion GmbH: has been commissioned by the club through a business contract with the operational implementation of all running events in connection with the Vienna City Marathon. The tasks include:

• Handling of sports activities
• Management of participants
• Logistics, infrastructure tasks
• Supplier management
• Regulatory management
• Security management
• Human resources
• Communication management (public and media)

Vienna City Marathon Marketing & Vertriebs GmbH: has been commissioned by the club through a business contract to market all running events in connection with the Vienna City Marathon as well as other events (e.g. Vienna Sports World – Marathon Expo). The tasks include:

• Marketing & sales (VCM Event Services)
  • Vienna Sports World (Marathon-Expo)
  • VCM hospitality
  • VCM web services
  • VCM sampling
  • VCM online shop
• Advertising, sponsoring, promotions

Name and address of the data controller

We have established the following common entry point for any concerns that data subjects may have:

Enterprise Sport Promotion GmbH
UID-Nr.: ATU 160 47 105
Akaziengasse 36
A-1230 Vienna, Austria
Tel.: +43 1 606 95 10
E-Mail: office@vienna-marathon.com
Website: www.vienna-marathon.com
[Informationspflicht]

Information on data processing pursuant to Art 13, 14

In principle, we only collect and process data that you personally provide us, e.g. during event registration or when using a contact form. Among the data for registration is data that is particularly worthy of protection, such as medical information.

Furthermore, due to the nature of the event, we and the third parties commissioned by us for this purpose generate and collect additional data on all participants (e.g. timekeeping, sequence, etc.) during the Vienna City Marathon or the VCM Winter Running Series.

Using webpages such as www.vienna-marathon.com, which is operated by Enterprise Sport Promotion GmbH, is basically possible without stating any personal data. However, insofar as you would like to take advantage of any special services that our company offers online, processing your personal data may become necessary. If processing your personal data becomes necessary and if there is no legal or contractual basis or a basis pursuant to Art. 6(1)(b-f) of the GDPR for such processing (see details in chapter “Legal basis”), we will generally get your consent first.

Processing your personal data, such as name, address, email address or telephone number, is always in accordance with the General Data Protection Regulation and the data protection regulations applicable to Enterprise Sport Promotion GmbH.

As the data controller, Enterprise Sport Promotion GmbH has implemented numerous technical and organisational measures in order to ensure the most complete protection possible of your personal data processed via this website. Nevertheless, Internet-based data transmissions can have security gaps, so that absolute protection cannot be guaranteed. That is why you have the option of transmitting your personal data through alternative routes, e.g. over the telephone.

Your rights as the data subject

You can exercise the following rights at any time using the contact information provided at the end of the document:

You have the right of access to your stored personal data, its origin and its recipients and the purpose of data processing as well as the right to rectification, the right to data portability, the right to object, the right to restriction of processing as well as the right to blocking or erasure of incorrect or unlawfully processed data.

If you are of the opinion that the processing of your personal data by us violates the applicable data protection law or that your data protection claims have been violated in any other way, it is legally possible to file a complaint with the Austrian Data Protection Authority.

If the use of personal data is based on your consent, you also have the right to withdraw this consent at any time. However, if a participant withdraws the consent given at the time of registration before completing the Vienna City Marathon, this participant can no longer participate in the Vienna City Marathon because the data is needed for a smooth operation of the event. Such a withdrawal has the same legal consequences as cancelling your participation would have. In this case, no claim to repayment of the participation fee can be asserted.

Purposes of data processing by the controller and third parties

Your personal data is collected, processed and used for the purposes necessary to fulfil our respective contractual obligations (Art 6(b) of the GDPR). In particular, this is implementing the Vienna City Marathon including all the necessary preparation and follow-up work. To learn more about the scope of our mutual contractual obligations within the framework of the Vienna City Marathon, we recommend carefully reading our general conditions of participation, including Point 5.

Wherever a separate consent for further purposes becomes necessary, such as for sending out ongoing newsletters, we will get your approval first, especially during event registration (Art 6(a) and Art 9(2)(a) of the GDPR).

We may have to process your data (e.g. medical data provided during registration) in order to protect your vital interests and those of others (Art 6(1)(d) and Art 9(2)(c) of the GDPR).

And last but not least, we also need to process your data due to the compliance with legal obligation to which we are subject (Art 6(1)(c) and Art 9(2)(g) of the GDPR) and, if need be, also for the purposes of the legitimate interests pursued by us (Art 6(1)(f) of the GDPR) such as when we record payments in our bookkeeping and accounting.

We may also anonymize your personal data for statistical purposes so that a personal reference to you can no longer be established, thereby eliminating any risk of a violation of your right to data protection.

Transfer to third parties

It can become necessary to transmit your personal data to third parties. The data is passed on exclusively on the basis of the GDPR, especially to fulfil the mutual contractual obligations while participating in the Vienna City Marathon, the VCM Winter Running Series and/or on account of your previous consent. We hereby refer you to our general conditions of participation.

It is required to pass on any necessary data for the respective purpose to the following third parties in particular:

• to the media relevant to the event and the social media platforms used by the participating organisations to report on the Vienna City Marathon or another event,
• to service providers for printing and creating accompanying materials such as line-up lists or results, brochures, etc.,
• to service providers for payment transactions, accounting and bookkeeping,
• to commercial photographers entrusted with taking photos during an event,
• to emergency personnel such as the Red Cross or other attendants enlisted by the organiser in the event of an incident,
• to the below mentioned service providers when visiting our website.

Collecting general information when visiting our website

When you access our website, information of a general nature is automatically collected by means of a cookie. This information (server log files) includes the type of web browser, the operating system used, the domain name of your internet service provider and the like. This information does not allow any conclusions to be drawn about your person.

This information is necessary for technical purposes in order to correctly deliver the content from websites you have requested and is mandatory when using the Internet. In particular, this information is processed for the following purposes:

• ensuring that a connection can be established to the website without any problems,
• ensuring a smooth function of our website,
• evaluating the system security and stability as well as
• for additional administrative purposes, especially for the traceability of users or system misconduct.

Processing your personal data is based on our legitimate interest from the aforementioned purposes for data collection. We do not use your data to draw conclusions about your person. Only the controller and, if applicable, the data processor will receive the data.

Anonymous information of this kind is, if necessary, statistically evaluated in order to optimise our website and the technology behind it.

Cookies

Like so many other websites, we also use so-called “cookies”. Cookies are small text files that are saved to your hard drive by a website server. This automatically provides us with certain data such as the IP address, browser used, operating system and your connection to the Internet.

Cookies cannot be used to start applications or to transmit viruses to a computer. With the information included in the cookies, we can facilitate the navigation and enable the correct display of our websites.

We never transfer collected data to third parties or link your personal data without your consent.

Of course, you can absolutely view our website without cookies. Internet browsers are regularly set up to accept cookies. Generally, you can deactivate the use of cookies at any time in your browser preferences. Please use the help function in your browser to learn how to change the settings. We would like to point out that some features of our website may be restricted when deactivating the use of cookies.

Registering on our website

When registering to use our personalised services, some personal data is collected. Which data is transmitted to the controller for processing depends on the input mask used for registration. If you register with us, you have access to content and services that we only offer registered users. Users who sign up also have the possibility to change or erase the data entered upon registration at any time, if necessary. Of course, we will also provide you with information about the personal data we have stored about you at any time. Per your request, we will happily rectify or erase this data as long as there are no legal storage obligations to the contrary. In order to reach us in this regard, please use the contact information provided at the end of this privacy policy.

SSL encryption

To protect your data from unauthorised access during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

Newsletter

We send out different categories of newsletters to interested parties who have disclosed their email address for this purpose, to participants and former participants (patrons) of the Vienna City Marathon and other events of SLW, such as the VCM Winter Running Series or the VCM Training Runs.

In order to properly address you in the newsletter, we process your email address as well as your first and last name and gender before sending the newsletter.

As an interested party, you can unsubscribe from the newsletter at any time, thereby exercising your right to withdraw your consent or to object to the processing of your data. All messages include a corresponding unsubscribe link. Excluded are all messages to participants – especially during an ongoing event – that need to be sent to protect your own interests or the organiser’s legitimate interests.

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format to enable the recording and analysis of log files. Thereby, a statistical evaluation of the success or failure of online marketing campaigns can be implemented. Through the embedded tracking pixel, we can see if and when an email was opened by the data subject and which links in the email were accessed by the data subject.

To optimise the delivery of the newsletters, we store and evaluate the personal data collected via the tracking pixels contained in the newsletters. Personal data will not be passed on to third parties.

Contact form

If you contact us by email or through the contact form with any questions, you are giving us your voluntary consent for the purpose of making contact. For this, a valid email address as well as your first and last name and gender are required. The information will be used to assign the request and to subsequently reply to it. Providing additional data is optional. The information you provide us will be stored for the purpose of processing your request and any possible follow-up questions. After your request has been processed, your personal data will be deleted automatically.

Enquiries regarding data protection should only be sent to datenschutz@vienna-marathon.com

VCM WhatsApp News

For the communication with the service WhatsApp we use the service WhatsATool by atms. When using our WhatsApp service, the following personal data will be stored: mobile number, sent messages, and received messages which you opened or clicked. These data will be a used exclusively for messenger communication and will not be transmitted to third parties. You can unsubscribe from our service at any time with the message “Stopp”. When you contact us via WhatsApp, in addition the user guidelines of WhatsApp Inc. also apply, you can find them: Whats App legal references.

Use of Matomo

This website uses Matomo (formerly Piwik), an open source software for statistically evaluating online visits. Matomo uses so-called cookies, which are text files saved to your computer, thereby enabling a website usage analysis.

The information generated by the cookie about your use of the website is stored on a server in Austria.

The IP address is anonymised immediately after it is processed and before it is stored. You have the option to prevent cookies from being installed by making changes to your settings in your browser software. We would like to point out that some features of our website may be restricted when changing these settings.

You can decide whether a unique web analytics cookie is stored in your browser to enable the operator of the website to collect and analyse various statistical data.

If you prefer to opt out, click the following link to store a Matomo deactivation cookie in your browser.


Additional information and Matomo’s applicable data protection regulations can be viewed at https://matomo.org/privacy/.

Use of Google Analytics

We have integrated the component Google Analytics (with the anonymisation feature) on our website. Google Analytics is a web analytics service. Web analytics is the compilation, collection and evaluation of visitor behaviour data on the website. A web analytics service collects, e.g. data on the website from which a data subject has accessed a website (so-called referrer), which subpages of the website have been accessed or how often and for how long a subpage has been viewed. Web analytics is mainly used to optimise a website and for the cost-benefit analysis of online ads.

Operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

For web analytics through Google Analytics, we use the expansion “_gat._anonymizeIp”. By means of this expansion, Google truncates and anonymises the IP address of the Internet connection of the data subject when accessing our website from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is analysing the visitor flow to our website. Google uses the collected data and information to, e.g. evaluate the use of our website, to provide us with online reports that show the activities on our websites, and to provide other services concerning the use of our website.

Google Analytics places a cookie on the data subject’s information technology system. It was already explained above what cookies are. By placing the cookie, Google is able to analyse the use of our website. Every time an individual page that is operated by the controller and into which a Google Analytics component was integrated is called up on our website, the Internet browser on the information technology system of the data subject will automatically submit data to Google through the Google Analytics component for the purpose of online analytics. During the course of this technical procedure, Google gains knowledge of personal data, such as the IP address of the data subject, which helps Google understand, for example, the origin of visitors and clicks, and to subsequently calculate the commissions.

Cookies are used to store personal information, such as time of access, the access location and the frequency of visits to our website through the data subject. Whenever you visit our website, this personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data that is collected through the technical process to third parties.

As mentioned above, the data subject can prevent the placement of a cookie through our website at any time by changing the settings in the browser used, thereby permanently objecting to the placement of cookies. Such a setting in the browser used would also prevent Google from placing a cookie on the data subject’s information technology system. Furthermore, a cookie that was already placed by Google Analytics can be deleted at any time using the browser or another software application.

It is also possible for the data subject to object to and prevent the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google. For this, the data subject must download and install a browser add-on using the link http://tools.google.com/dlpage/gaoptout?hl=de. This browser add-on lets Google Analytics know via JavaScript that no data or information regarding a website visit can be transmitted to Google Analytics. Google considers the installation of the browser add-on to be an objection. Should the data subject’s information technology system be deleted, formatted or newly installed at a later date, the data subject must install the browser add-on again in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person in his/her sphere of influence, you have the option of installing or activating the browser add-on again.

Additional information and Google’s applicable data protection regulations can be viewed at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html aGoogle Analytics is explained further at https://www.google.com/intl/de_de/analytics/.

Use of Facebook

On this website, we use Facebook features, a social media network of the company Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

Which features (social plug-ins) Facebook provides can be viewed at https://developers.facebook.com/docs/plugins/.

By visiting our website, information can be transmitted to Facebook. If you have a Facebook account, Facebook can assign this information to your personal account. If you do not want this, please log out of Facebook.

The privacy policy, what information Facebook collects and how it uses it can be found at https://www.facebook.com/policy.php.

Use of Facebook Custom Audience pixels

“This website uses custom audiences from Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, United States. For this purpose, so-called Facebook pixels are integrated on our websites, marking the visitors of our website in anonymous form. Personal information from visitors visiting our website is not collected. If you are logged into Facebook at a later date, Facebook can recognise your previous visit to our website and use the information thus obtained to display Facebook Ads. The product Website Custom Audiences uses the Facebook cookie. The website operator and Facebook are responsible for collecting and processing data. For more information about the purpose and scope of the data collection and the subsequent processing and use of the data by Facebook as well as your configuration options to protect your privacy, please see Facebook's privacy policy, which can be viewed at https://www.facebook.com/ads/website_custom_audiences and https://www.facebook.com/privacy/explanation

If you want to object to the use of Facebook Website Custom Audiences, you can do this at https://www.facebook.com/ads/website_custom_audiences

Use of Twitter

We use Twitter features on this website, a social network of the company Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

Through these features, personal data can be transmitted to Twitter. We do not monitor this data transfer and do not save anything in this regard.

If you would like to know more about Twitter’s use of your data, you can read about it in Twitter’s privacy policy at https://twitter.com/de/privacy.

Should you have an account with Twitter, you can change your privacy preferences in your account settings at https://twitter.com/settings/account.

Use of Instagram

We use features of the social media network Instagram from the company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, United States on our website.

We are able to display pictures and videos with the content embedding features of Instagram. By calling up pages that use such features, data (IP address, browser data, date and time, cookies) is transmitted to and stored and analysed by Instagram.

Should you have an Instagram account and are logged into it, this data will be assigned to your personal account and to the data stored therein.

The privacy policy, what information Instagram collects and how it uses it can be found at https://help.instagram.com/155833707900388.

Embedded YouTube videos

We embed YouTube videos on our websites. Operator of these plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, United States. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. YouTube will then receive information about which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. This can be prevented by logging out of your YouTube account beforehand.

If a YouTube video is played, the operator places cookies that collect information about user behaviour. If the storage of cookies for the GoogleAd program has been deactivated, such cookies will not have to be expected while watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you would like to prevent this, you will need to block cookies in your browser.

Further information regarding data protection on YouTube can be found in their privacy policy at: https://www.google.de/intl/de/policies/privacy/

Online store payment processing

In order to guarantee secure payments for our customers in our online store, we have commissioned Wirecard Central Eastern Europe GmbH for processing electronic payment transactions made by credit card or direct bank transfer (Sofortüberweisung).

The current privacy policy of Wirecard Central Eastern Europe can be viewed here: https://www.wirecard.at/datenschutz/.

External links

Some of our webpages are linked to third party websites in order to provide you with comprehensive information. We do not have any influence over these sites and are not responsible for the content offered therein. The principles of this privacy policy do not apply to these external sites.

Storing personal data

We will not keep personal data longer than is necessary to fulfil our contractual or legal obligations and to clarify any claims and/or liabilities. All of the data relevant for our accounting must therefore be kept for at least 7 years, for example, due to legal obligations.

Data that was only directly relevant for the implementation of the Vienna City Marathon and not needed for any other purpose will be erased 6 months at the latest after the event has ended.

Possible unsolicited applications from potential employees and other business correspondence are also stored under the same aspects in the normal course of business.

Lists showing the line-up and results of the Vienna City Marathon or other races are stored indefinitely for historical reasons.

Log files (system logs) that are recorded as part of administrative monitoring and possibly include personal data (“profiling” according to GDPR) are automatically erased at the end of the year after they have been logged unless there is a reason for storing them longer (traceability/provability of user or system misconduct).

Legal basis

Art. 6(I)(a) of the GDPR serves as a legal basis for processing for which we have obtained consent for a specific processing purpose. If processing personal data is necessary for fulfilling a contract to which the data subject is a party, as is the case with processing that is necessary for registering for a race or providing another service or consideration, then the data processing is based on Art. 6(I)(b) of the GDPR. For example, the data subject is obliged to provide personal data when concluding a contract with our company. Not providing personal data would lead to a contract not being concluded with the data subject.

The same applies to processing that is required for implementing pre-contractual measures, for example for questions concerning our products and services. If our company is subject to comply with legal obligations that require the processing of personal data, such as for fulfilling tax obligations, the processing is based on Art. 6(I)(c) of the GDPR. In rare cases, processing personal data may become necessary to protect the vital interests of the data subject or another natural person.

Ultimately, processing operations could be based on Art. 6(I)(f) of the GDPR. Processing operations which are not covered by any of the above legal bases are based on this legal basis when processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. The reason we are permitted to conduct such processing operations is because they are specifically mentioned by the European legislative authorities, who took the view that a legitimate interest could be assumed if the data subject is a customer (recital 47(2) of the GDPR).

If the processing of personal data is based on Article 6(I)(f) of the GDPR, then a legitimate interest is the implementation of our business activities for the welfare of all of our employees and our owners.

Data security

We protect your personal data by taking appropriate organisational and technical precautions. These precautions pertain in particular to the protection against unauthorised, illegal or accidental access, processing, loss, use and manipulation.

Notwithstanding efforts to maintain an adequate level of due diligence at all times, it cannot be ruled out that information that you provide us over the Internet can be seen and used by other persons. Please be aware that we therefore accept no liability whatsoever for the disclosure of information due to errors in data transmission and/or unauthorised access by third parties not caused by us (e.g. email accounts or telephones being hacked, faxes being intercepted).

Disclosure of data breaches

We make every effort to ensure that data breaches are detected early on and, if necessary, reported immediately to you or the responsible supervisory authority, taking into account the respective data categories that are affected.

Changes to our privacy policy

We reserve the right to make changes to this privacy policy so that it always complies with current legal requirements or so that changes to our services are observed, e.g. when introducing new services. The new privacy policy will apply the next time you visit our website.

Questions to controller

If you have any questions concerning this data policy, please write us an email at datenschutz@vienna-marathon.com