Privacy policy

Privacy information and privacy policy

Dear Sir or Madam,


thank you for your interest in the Bundesverband Golfanlagen e.V./ BVGA Wirtschafts-GmbH and for visiting our website. The protection of your personal data is of particular concern to us. In this data protection declaration, we inform you about the most important aspects of data processing in the context of your visit to our Internet pages.


We process your data exclusively on the basis of the statutory provisions (in particular the General Data Protection Regulation - DS-GVO, the Federal Data Protection Act - BDSG, the Telecommunications and Telemedia Data Protection Act - TTDSG).


If there is no legal basis for processing your personal data, we generally obtain the consent of the data subject.


Personal data includes, for example, the name, address, e-mail address, telephone number of a data subject, but also, for example, IP addresses of your Internet provider.


We have taken special protective measures for handling the data of visitors to our Internet pages. Nevertheless, we cannot guarantee complete protection, especially against the background of constant technical change. You can therefore also send us your data at any time by other means.


Which data is processed in detail and how it is used depends largely on the respective visitor. For details, please read the following text.

Chapter I - Data Processor

Provider and responsible body


Bundesverband Golfanlagen e.V.

Georg-Wimmer-Ring 14

85604 Zorneding near Munich

Phone: +49 (0) 81 06 / 99 54 49 17

Fax: +49 (0) 8106 99 54 49 99


Internet :


BVGA Wirtschafts-GmbH

Georg-Wimmer-Ring 14

85604 Zorneding near Munich

Phone: +49 (0) 81 06 / 99 54 49 17

Fax: +49 (0) 8106 99 54 49 99


Internet :


Author, responsible for content (client)

Thomas Hasak


Register of associations:

Charlottenburg Local Court, Register of Associations, 18965 Nz

Sales Tax Identification Number: DE 203272862


Chairman of the Board of the Bundesverband Golfanlagen e.V.:

Stuart Orme


Data Protection Officer

Karsten Klug, Attorney and Data Protection Officer TÜV cert.

E-Mail: mail (at)

Office: Klug-Datenschutz Consulting, Kaiser-Wilhelm-Str. 93, 20355 Hamburg

Tel.: +49 (40) 411 89 38 - 28

Chapter II - Important terms

1. personal data (Art. 4 item 1. GDPR):

"Any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;"


2. Data subject:

"Are identified or identifiable natural persons."


3. processing (Art. 4 item 2. GDPR):

"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;"


4. Restriction of Processing (Art. 4 item 3. GDPR):

"Restriction of processing is the marking of stored personal data with the aim of limiting their future processing;"


5. Profiling (Art. 4 item 4. GDPR):

"Profiling" means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location;"


6. Pseudonymization (Art. 4 item 5. GDPR):

"Pseudonymization means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data are not attributed to an identified or identifiable natural person;"


7. Controller (Art. 4 item 7. GDPR):

"Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law;"


8. Processor (Art. 4 item 8. GDPR):

"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;


9 . recipient (Art. 4 item 8. GDPR):

"recipient" means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. 2 However, authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients; the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing;


10. Third party (Art. 4 item 8. GDPR):

"Third party" means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or the processor;


11. Consent (Art. 4 item 8. GDPR):

"Data subject consent means any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to personal data relating to him or her being processed;"

Chapter III - Information pursuant to Section 13 TMG

1. General data collection

When you visit our website, information is sent to the server of our website by the browser used on your terminal device. This information is only stored temporarily in a so-called log file. The following information is collected without your intervention and stored until automated deletion:


  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the accessed file
  • Referrer URL = website from which the access was made
  • Browser used and, if applicable, operating system of your computer
  • Name of your access provider


The purposes of the aforementioned general data collection are:

  • Ensuring a smooth connection setup of the website
  • Ensuring a comfortable use of our website
  • Evaluation of system security and stability
  • Other administrative purposes


The data collection is based on a legitimate interest on our part pursuant to Art. 6 para. 1 p. 1 lit. f) DSGVO. Our legitimate interest follows from the aforementioned purposes for data collection. We expressly point out that we do not use data for the purpose of drawing conclusions about your person or your surfing behavior (e.g. which pages you look at, etc.).


2. Special data collection

(1) Cookies:

We use cookies on our site. These are small text files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware.


In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity.


The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.


In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made, so that you do not have to enter them again.


On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already been to our site when you visit it again. These cookies are automatically deleted after a defined period of time.


The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) p. 1 lit. f DSGVO.


You can accept (all), reject (all) or separately customize and individually accept the cookies in the corresponding cookie banner (here from cookiebot). In the case of rejection, it is not guaranteed that you will be able to access all functions of this website without restrictions if you make the appropriate settings. In particular, so-called necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website.


The so-called necessary cookies include, for example, the CookieConsent - cookie from cookiebot. ( You can view the current privacy policy here:


The purpose of this cookie is to store your consent status regarding the use of cookies on this site. The storage period is 1 year. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f) DSGVO, the so-called legitimate interest. We have a legitimate interest in recording your decision as to whether you have accepted no cookies, only necessary cookies or all cookies on our website, in order to be able to document your decision in accordance with Art. 5 (2) DSGVO and to present it to you if you so wish. This is not opposed by any overriding interests on your part. In particular, these cookie - windows are nowadays part of the standard picture on the Internet, so that these can be expected from you.


The cookie "PHPSESSID" is only used on our website It is also a necessary cookie with the purpose of keeping the current settings and states during a session for all page requests (i.e. e.g. when opening sub-pages on our website) at. As soon as the session ends and you leave our pages or close the browser or even just the tab, the cookie is automatically deleted again.


Finally, we use a so-called "test_cookie" from Google. This is also a necessary cookie, which is used to check in advance whether your browser supports cookies at all. The producer of the cookie is Google. You can view Google's privacy policy here:


Personal data is not collected or forwarded here.


The legal basis here is Art. 6 para. 1 p. 1 lit. f) DSGVO. We have a legitimate interest in the smooth functioning and presentation of our website. For this purpose, it is necessary that certain preliminary checks take place. In this way, display errors can generally be avoided. This is not opposed by any overriding interests of the users. The storage period is 1 day.


b) Analysis and tracking tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 (1) p. 1 lit. a) DSGVO - your consent. With the tracking measures used, we want to ensure a needs-based design and continuous optimization of our website. Furthermore, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. However, you must agree to the use of these cookies / tools in advance. Otherwise, they are deactivated on our website.


The respective data processing purposes and data categories can be found in the corresponding tracking tools:


(1) Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC ("Google"), on the basis of your consent for the purpose of analyzing, optimizing and economically operating our online offer. Google uses cookies. Specifically, these are the cookies "_ga" and "_ga_#". The information generated by the cookie about the use of the online offer by the users is usually transmitted to a Google server in the USA and stored there. The responsible party in Europe is: Google Ireland Limited, Gordoin House, Barrow Street, Dubil 4, Ireland.


Details of Google's privacy policy and how Google complies with the GDPR can be found at: and at:


An AVV is concluded with Google as well as the standard contractual clauses as a precaution.


Google will use this information on our behalf for the purpose of evaluating the use of our online offer by users, compiling reports on the activities within this online offer and providing other services relating to the use of this online offer and internet usage to us. In doing so, pseudonymous usage profiles of the users can be created from the processed data.

We only use Google Analytics with IP anonymization activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.


The IP address transmitted by the user's browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link:

For more information on data usage by Google, setting and objection options, please refer to Google's privacy policy ( as well as the settings for the display of advertisements by Google (


The personal data of the users will be deleted or anonymized after 399 days at the latest.


The legal basis is Art. 6 para. 1 p. 1 lit a) DSGVO, namely the consent given by you, provided that you give this during the cookie - query. At you can revoke or change your consent for the future at any time without giving reasons.


(2) Marketing - cookies

Finally, we use the following marketing tools:

We use Google AdSense. The cookie "_gcl_au" is used there for the purpose of experimenting with advertising efficiency on websites. Google AdSense allows us to provide advertising space on our websites for third parties. The relevant information can be found at: as well as the privacy policy at


The legal basis for the processing is exclusively your consent according to Art. 6 para. 1 p. 1 lit. a) DSGVO. At you can revoke or change your consent for the future at any time without giving reasons.


Furthermore, on our web pages we use "Google DoubleClick" also from Google LLC. The cookie is called "IDE" and is used to register and report the user's actions on the website after viewing or clicking on an advertisement of the provider. This is to measure whether an ad / advertisement is effective and further to display targeted advertisements to you as a user of our website, if you wish and have consented to this.


The legal basis is again your consent according to Art. 6 para. 1 p. 1 lit. a) DSGVO. At you can revoke or change your consent for the future at any time without giving reasons.


You can access the relevant Google privacy policy at


The cookie is deleted after one year at the latest.


Finally, we use a pixel tracker - also from Google. The tool "pagead/landing[x2]" collects data on visitor behavior on our website, but this across multiple websites. It is ultimately also used to present relevant advertising. This makes it possible, for example, to limit the number of the same advertising.


The legal basis is again your consent pursuant to Art. 6 para. 1 p. 1 lit. a) DSGVO. At you can revoke or change your consent for the future at any time without giving reasons.


You can access the relevant Google privacy policy at 


The cookie will be deleted at the latest after the current session has expired.


(3) Newsletter / Contact

1. Newsletter

With the following instructions, we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure as well as your rights of objection.


By subscribing to our newsletter, you agree to receive it and to the described procedures.

Content of the newsletter: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter "newsletter") only with the consent of the recipient or a legal permission. If the contents of the Newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us.


Double-Opt-In and Logging:

The registration for our newsletter takes place in a so-called "double opt-in procedure". This means that you will receive an e-mail after registration. There you will be asked to confirm the e-mail address as well as the registration for the newsletter by means of a "link". This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements (Art. 5 para.2 DSGVO). This includes the storage of the registration and confirmation time, as well as the IP address. Likewise, changes to your data stored with the shipping service provider are logged.


Registration data:

To register for the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to enter a name for the purpose of personal address in the newsletter.



The newsletter is sent and its associated performance measurement is based on the consent of the recipients pursuant to Art. 6 (1) a), Art. 7 DSGVO in conjunction with § 7 (2) No. 3 UWG or on the basis of legal permission pursuant to § 7 (3) UWG. 

The logging of the registration process is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f) DSGVO. Our interest is directed towards the use of a secure newsletter system that serves our business interests as well as the expectations of the users and further allows us to prove consent.



You can cancel receipt of our newsletter or revoke your consent at any time. You will find a link to cancel the newsletter at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to be able to prove consent formerly given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.


2. Contact form and other contact

When contacting us (e.g. via contact form, email, telephone or via social media), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) lit. b) DSGVO. The user's details may be stored in a customer relationship management system ("CRM system") or comparable inquiry organization.


We delete the inquiries if they are no longer necessary. We review the necessity every two years; Furthermore, the legal archiving obligations apply.


(4) PC CADDIE://online

Online registration via PC CADDIE://online

We use the services of PCCADDIE to enable you to register online for events. These services are provided by "PC CADDIE://online GmbH & Co. KG", Stubber Weg 39, 23847 Pölitz, Germany ( We embed the event calendars, registrations etc. via the online service of PCCADDIE on our web pages. So if you call these pages on our site, a connection to servers of PC CADDIE is established to display the corresponding element. For technical reasons, data from your browser is transferred to PC CADDIE. You then have the possibility to register for events etc. online. To do this, you must log in (register) via the PCCADDIE online tool. If you use this function, the data necessary for processing your respective registration etc. will be transmitted via a secure connection to PC CADDIE as technical service provider. The data will not be passed on to other third parties.


Further information on data processing and notes on data protection by PC CADDIE can be found at

Chapter IV - Processing Framework

Purposes and legal basis

(1) We process personal data in accordance with the provisions of the Basic Data Protection Regulation (DS-GVO), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG):


a) To fulfill contractual obligations pursuant to Art. 6 (1) lit b) DS-GVO. The processing of data is carried out for the provision of services within the scope of the contracts or for the implementation of pre-contractual measures, which are carried out upon request. The purposes of data processing depend primarily on the respective use of our websites. For example, whether contact details are entered in the contact form.


b) Within the framework of the balance of interests pursuant to Art. 6 (1) f DS-GVO. The processing of personal data is carried out to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular if the data subject is a child. "Third party" means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor. The legitimate interests of the controller or a third party are in particular:


  • Ensuring a smooth connection of the website
  • Ensuring a comfortable use of our website
  • Evaluation of system security and stability
  • Other administrative purposes
  • Testing and optimizing procedures for demand analysis for the purpose of directly addressing customers,
  • Advertising or market and opinion research, insofar as you have not objected to the use of your data,
  • Assertion of legal claims and defense in legal disputes,
  • Ensuring IT security and IT operations,
  • Prevention and investigation of criminal offences,
  • Measures to ensure building and facility security (e.g. access controls),
  • Measures to ensure domiciliary rights,
  • measures for business management and further development of services and products.


c) On the basis of your consent in accordance with Art. 6 Para. 1 lit a) DS-GVO. Insofar as you have given us consent to process personal data for specific purposes (e.g. in the context of using the contact form), the legality of this processing is based on your consent. You can revoke the granted consent to the processing of personal data at any time vis-à-vis us. This also applies to the revocation of declarations of consent given to us before the applicability of the DS-GVO, i.e. before 25.05.2018. The revocation does not affect the lawfulness of the data processed until the revocation.


d) Due to legal requirements according to Art. 6 para. 1 lit. c) DS-GVO or in the public interest according to Art. 6 para. 1 lit. e) DS-GVO. As a GmbH, we are subject to various legal obligations (e.g. tax laws).


Data sources and data categories

(1) We process personal data that we receive and may process within the scope of a contract.


(2) In addition, we process - to the extent necessary for the performance of a contract - personal data that we obtain from publicly accessible sources (e.g. debtor lists, land registers, commercial and association registers, the press, the Internet) or that are transmitted to us by other third parties (e.g. information from the population register) on a justified basis.


(3) Relevant personal data includes, for example, personal details (name, address and other contact details, date of birth, place of birth and nationality), identification data (e.g. ID card data) and authentication data (e.g. signature). In addition, this may also include order data (e.g. payment order), data from the fulfillment of our contractual obligations (e.g. invoice data), information about your financial situation (e.g. creditworthiness data, origin of assets), advertising and sales data, and documentation data (e.g. contact form), as well as other data comparable with the above categories.


Storage period

(1) We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. It should be noted that the duration of storage of personal data for our members always depends on the individual case. The regular storage period of personal data is 10 years, subject to the following notes.


(2) If the personal data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted, unless their - temporary - further processing is necessary. In this context, further processing shall be considered in particular for the following reasons:


a) Fulfillment of retention obligations under commercial and tax law in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO); the periods specified therein for retention or documentation are two to ten years.


b) Preservation of evidence within the framework of the statutory limitation provisions. According to §§ 195 ff. BGB, these limitation periods can be up to 30 years, with the regular limitation period being 3 years.


Obligation to provide the data

(1) The provision of personal data is necessary for the justification for a conclusion of a contract and for the execution of an order.


(2) Failure to provide the data may result in the inability to establish a contract.


Automated decision-making and profiling

For the substantiation and execution of a contract, we generally do not use fully automated automatic decision-making pursuant to Art. 22 DS-GVO. If we use these procedures in individual cases, we will inform you about this separately, provided that this is required by law.


Automated processing of your personal data with the aim of evaluating certain personal aspects (profiling, Art. 4 No. 4 DS-GVO) does not take place at our company.

Chapter V - Data transfer and foreign reference

Recipients or categories of recipients

(1) Within our company, access to your data is granted to those offices that need it to fulfill our contractual and legal obligations. Service providers and vicarious agents, cooperation partners, etc. used by us may also receive data for this purpose if they comply with applicable confidentiality obligations. These are companies in the categories of IT services, logistics, printing services, telecommunications, debt collection, advice and consulting, and sales and marketing. However, we make it clear that our cooperation partners do not receive the personal data of the contact persons, but only the company data of the companies and operating companies - which is usually published on the Internet anyway and thus known.


(2) With regard to the transfer of data to recipients outside the Bundesverband Golfanlagen e.V. as well as BVGA Wirtschafts-GmbH, it should first be noted that our employees are obligated to maintain confidentiality about all contract-related facts and evaluations. We may only pass on information about you if this is required by law, you have given your consent or the information is necessary within the framework of the contractual relationship. Under these conditions, recipients of personal data may be, for example:

  1. Other companies with whom we cooperate
  2. Cooperation partners
  3. Public bodies and institutions (e.g. authorities),
  4. courts,
  5. opponents and their legal representation in legal disputes and
  6. other parties involved in the order/contractual relationship
  7. other members of the Bundesverband Golfanlagen e.V. (Federal Association of Golf Courses).

(3) Further data recipients may be those bodies for which you have given us your consent to the transfer of data.

Chapter VI - Data subject rights

Special data protection rights

(1) Every data subject shall have the right to information pursuant to Article 15 of the GDPR, the right to rectification pursuant to Article 16 of the GDPR, the right to erasure pursuant to Article 17 of the GDPR, the right to restriction of processing pursuant to Article 18 of the GDPR and the right to data portability pursuant to Article 20 of the GDPR. Every data subject has the right to object according to Art. 21 DS-GVO.


(2) With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 of the German Federal Data Protection Act (BDSG) shall apply.


Right of appeal

In addition to the previous information, you have a right of appeal to a competent data protection supervisory authority (Art. 77 DS-GVO in conjunction with § 19 BDSG).


Revocation of consent

(1) You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us prior to the application of the DS-GVO, i.e. prior to 25.05.2018.


(2) Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.


Amendment of data protection declarations and data protection information

Data protection law in particular is very much in flux. Due to this and in order to ensure that our data protection declaration always complies with the current legal requirements, we reserve the right to change this data protection declaration at any time. This also applies in the event that the data protection declaration has to be adapted due to new or revised services, for example new services. The new data protection statement will then apply the next time you visit our website.

Information about your right to object according to Art. 21 DS-GVO

1. individual right of objection

(1) Pursuant to Art. 21 DS-GVO, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) lit. e) DS-GVO (data processing in the public interest) and Art. 6 para. 1 lit. f) DS-GVO (data processing based on a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DS-GVO.


(2) If you object, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.


2. right to object to processing of data for direct marketing purposes

(1) In individual cases, we process your personal data to conduct direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising.


(2) If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.


The objection can be made form-free and should preferably be addressed to:


Bundesverband Golfanlagen e.V. 

Georg-Wimmer-Ring 14, 85604 Zorneding

info (at)