Privacy policy

Section 01

Controller

The controller within the meaning of the GDPR is:

Section 02

Data we collect when you subscribe

When you subscribe to our newsletter via the subscription form, we process the following data:

• Email address (mandatory)
• First name and last name (mandatory)
• Form of address (optional, e.g. Mr., Mrs., Dr.)
• Preferred newsletter language (mandatory)
• IP address, browser user agent and timestamp at the moment of subscription and confirmation (technical data, used to document consent and to protect the form against abuse)

Section 03

Purpose and legal basis

We use your data exclusively to send you the ChessBase newsletter (chess training tips, software news, opening analyses, special offers and editorial content) at the email address you provide. The legal basis for the processing is your express consent pursuant to Art. 6 (1) lit. a GDPR in conjunction with § 7 (2) No. 3 of the German Act Against Unfair Competition (UWG). Documenting the time of subscription and confirmation, the IP addresses used, and the browser user agent is justified by our legitimate interest in being able to prove your consent at any time pursuant to Art. 6 (1) lit. f GDPR.

Section 04

Double opt-in procedure

We use the double opt-in procedure to ensure that no one is registered without their knowledge. After you have entered your data into the subscription form, we send a confirmation email to the address you provided. The newsletter is only sent once you click the activation link in this email. If you do not confirm within a reasonable period, your data will be deleted automatically. The confirmation email is sent on the legal basis of our legitimate interest in legally compliant evidence pursuant to Art. 6 (1) lit. f GDPR.

Section 05

Withdrawing consent and unsubscribing

You can withdraw your consent to receive the newsletter at any time with effect for the future, without giving reasons and without any cost other than the transmission cost according to your basic tariff. To do so, click the unsubscribe link at the end of every newsletter email, or send an informal email to info@chessbase.com.

After unsubscribing, your contact data is deleted from the active distribution list. Records used to prove your earlier consent (subscription IP, timestamp, confirmation IP, timestamp) may be retained on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR for up to three years to defend against potential claims, in accordance with the regular limitation periods.

Section 06

Recipients and processors

Within the controller, only those staff members who require access in order to perform their duties have access to your data. We additionally use the following service providers as data processors pursuant to Art. 28 GDPR:

• Newsletter dispatch infrastructure — Subscriber list management, dispatch queueing and click and open statistics are handled on infrastructure located within the European Union. Subscriber data does not leave our EU infrastructure for this purpose.
• Transactional email delivery — The technical delivery of confirmation emails and the newsletter itself is handled by an external email service provider acting as a processor on our behalf under a written data processing agreement pursuant to Art. 28 GDPR. Where this involves a transfer to a third country (in particular the United States), the provider is certified under the EU-US Data Privacy Framework — which the European Commission recognised as providing an adequate level of data protection in its adequacy decision of 10 July 2023 — and we have additionally concluded the European Commission’s Standard Contractual Clauses with the provider.
• Hosting — Our application servers and databases are hosted on infrastructure located within the European Union. The hosting provider acts as a processor on our behalf under a written data processing agreement.

We do not pass your data on to other third parties unless we are legally obliged to do so, for example to public authorities in the case of a binding court order.

Section 07

Storage period

Your contact data is stored for as long as you remain subscribed to the newsletter. After you unsubscribe, the active record is deleted; consent evidence is retained for up to three years (see section 5). Subscribers who never confirm their address via the double opt-in link are deleted automatically after a maximum of 30 days.

Section 08

Cookies and similar technologies

The subscription form sets a small number of strictly necessary cookies that are essential for the form to function — for cross-site request forgery protection, session continuity, and short-lived spam-prevention. None of these cookies stores the email address or other personal data you enter into the form. They are exempt from consent under § 25 (2) No. 2 TDDDG and are processed on the basis of our legitimate interest in operational security pursuant to Art. 6 (1) lit. f GDPR. They expire at the latest 24 hours after they are set.

We do not set tracking cookies, advertising cookies or analytics cookies on this landing page.

Section 09

Your rights

You have the following rights regarding the personal data we hold about you:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing based on legitimate interests (Art. 21 GDPR)
• Right to withdraw your consent at any time with effect for the future (Art. 7 (3) GDPR)

To exercise any of these rights, please contact us at info@chessbase.com.

Section 10

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. The supervisory authority responsible for our company is:

Section 11

Obligation to provide data

You are not legally or contractually obliged to provide your data. However, without your email address, name and language preference we cannot send you the newsletter. Providing the data is therefore necessary if you wish to subscribe.

Section 12

Automated decision-making

We do not use automated decision-making within the meaning of Art. 22 GDPR for newsletter subscriptions.

Section 13

Server logfiles when visiting the website

When you visit this landing page our hosting provider automatically writes a short-lived server logfile containing standard technical request data and an identifier of the requesting client. The legal basis is our legitimate interest in operational security and abuse detection pursuant to Art. 6 (1) lit. f GDPR. Logfiles are deleted automatically after no more than 30 days. We do not combine logfile data with the subscriber data described in section 2.

Section 14

Data security

All connections to this landing page are encrypted in transit using modern TLS (Transport Layer Security). We additionally apply technical and organisational measures to protect your personal data against accidental loss, destruction, manipulation and unauthorised access; these measures are reviewed and updated regularly.

Section 15

Changes to this privacy policy

We may amend this privacy policy from time to time to reflect changes in our processing or in legal requirements. The version published here always applies.