Privacy policy

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data which can be used to personally identify you. For more detailed information on data protection please refer to our privacy policy, which is provided below this text.

Analysis tools and third-party tools

When visiting our website your browsing behaviour may be statistically analysed. This is mainly done using cookies and what are known as analysis programmes. Your browsing behaviour is usually analysed anonymously; your browsing behaviour cannot be traced back to you. You can object to such analysis or prevent it by not using certain tools. You will find more detailed information on this in the following privacy policy.

You can object to such analysis. We shall inform you of the ways in which you can object in this privacy policy.

2. General information and mandatory information

Data protection

The operator of this site takes the protection of your personal data very seriously. We treat your personal data as confidential and handle it in accordance with the statutory data protection regulations and this privacy policy.

Personal data is data which can be used to personally identify you. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose we do this.

As far as personal data is concerned, we process this on the basis of our legitimate interest in providing you with a functioning, secure website (Art. 6(1)(f) GDPR). There is no merging of data with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use.

We would advise that the transfer of data on the Internet (e.g. when communicating by email) can present security risks. It is not possible to completely protect data from access by third parties.

Controller and data protection officer

The controller responsible for data processing on this website is:

BIG.Cube GmbH
Seitzstraße 8a // TH1
80538 Munich

Telephone: +49 89 52 03 2714

The controller is the natural or legal person who, either alone or jointly with others, determines the purposes and methods of personal data processing (e.g. names, email addresses or similar).

SSL and TLS encryption

For security reasons and to ensure the secure transmission of confidential information, such as orders or enquiries that you send to us as the site operator, this website uses SSL or TLS encryption. SSL (Secure Socket Layer) is a procedure in which your data is encrypted in such a way that it cannot be read by unauthorised persons during transmission on the Internet.

You can recognise the SSL connection by the fact that the Internet address has changed from http:// to https://. In addition, the secure connection is usually indicated by a closed padlock in the status bar of your web browser.

SSL and TLS encryption You can recognise an encrypted connection because the address bar of the browser changes from ‘http://’ to ‘https://’ and there is a padlock symbol in your browser’s address bar.

When SSL or TLS encryption is enabled, the data that you transmit to us cannot be read by third parties.

Objection to marketing emails

We hereby object to the use of the contact details published in the mandatory legal notice for the purpose of sending promotional and informational materials which have not been expressly requested. The operator of the site expressly reserves the right to take legal measures in the event of the unsolicited sending of promotional materials, e.g. in spam emails.

3. Data protection officer

Legally required data protection officer

We have appointed a data protection officer for our company. If you have any questions, you can contact the data protection officer at any time.

Christoph Weill
Seitzstraße 8a // TH1
80538 Munich

Telephone: +49 89 52 03 2714

4. Collection and use of non-personal data when using the website

If you use this website without otherwise transmitting any data to us (e.g. by registering), we only collect the data necessary for technical reasons which is automatically transmitted to our server by your browser (e.g. browser type/browser version, operating system used, referrer URL, pages viewed, visit duration, IP address, date and time of request) or which is required by functional cookies or cookies necessary for technical reasons.

5. Data collection on our website


The website sometimes uses what are known as cookies. Cookies do not damage your computer or contain any viruses. Cookies make our offering more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and saved by your browser.

Most of the cookies that we use are what are known as ‘session cookies’. They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal until you delete them. These cookies enable us to recognise your browser on your next visit.

You can configure your browser so that you are informed of the storage of cookies and to allow cookies only in certain cases, to reject the acceptance of cookies in specific cases or in general, and to enable the automatic deletion of cookies when you close the browser. This website’s functionality may be restricted if you disable cookies.

Cookies that are required for carrying out electronic communication processes or providing certain features desired by you (e.g. shopping cart feature) are stored on the basis of point (f) of Article 6(1) GDPR. The website operator has a legitimate interest in the storage of cookies to enable the optimal provision of its services, free from any technical defects. If other cookies (e.g. cookies used to analyse your browsing behaviour) are stored, these are addressed separately in this privacy policy.

Cookie overview


Essenzielle Cookies ermöglichen grundlegende Funktionen und sind für die einwandfreie Funktion der Website erforderlich.


Statistik Cookies erfassen Informationen anonym. Diese Informationen helfen uns zu verstehen, wie unsere Besucher unsere Website nutzen.


Marketing-Cookies werden von Drittanbietern oder Publishern verwendet, um personalisierte Werbung anzuzeigen. Sie tun dies, indem sie Besucher über Websites hinweg verfolgen.

Externe Medien

Inhalte von Videoplattformen und Social-Media-Plattformen werden standardmäßig blockiert. Wenn Cookies von externen Medien akzeptiert werden, bedarf der Zugriff auf diese Inhalte keiner manuellen Einwilligung mehr.

Google Maps

NameGoogle Maps
ProviderGoogle Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
PurposeWird zum Entsperren von Google Maps-Inhalten verwendet.
Privacy Policy
Cookie NameNID
Cookie Runtime6 Monate


ProviderMeta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
PurposeWird verwendet, um Instagram-Inhalte zu entsperren.
Privacy Policy
Cookie Namepigeon_state
Cookie RuntimeSitzung


ProviderOpenstreetmap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge CB4 0WS, United Kingdom
PurposeWird verwendet, um OpenStreetMap-Inhalte zu entsperren.
Privacy Policy
Cookie Name_osm_location, _osm_session, _osm_totp_token, _osm_welcome, _pk_id., _pk_ref., _pk_ses., qos_token
Cookie Runtime1-10 Jahre


ProviderVimeo Inc., 555 West 18th Street, New York, New York 10011, USA
PurposeWird verwendet, um Vimeo-Inhalte zu entsperren.
Privacy Policy
Cookie Namevuid
Cookie Runtime2 Jahre


ProviderGoogle Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
PurposeWird verwendet, um YouTube-Inhalte zu entsperren.
Privacy Policy
Cookie NameNID
Cookie Runtime6 Monate
Your cookie settings:
Server log files

The website provider automatically collects and stores information in what are called server log files, which your browser transmits to us automatically. This is:

  • Browser type and
    browser version
  • Operating system used
  • Referrer URL
  • Host name of the
    accessing computer
  • Time of server request
  • IP address

This data is not merged with other data sources.

The basis for the data processing is point (f) of Article 6(1) 1 lit. GDPR, which permits data processing for the performance of a contract or to take steps prior to entering into a contract.

Contact form
When you send us enquiries via the contact form, your details are forwarded to BIG.Cube using the GDPR-compliant API-based email delivery service provided by the German service provider sendinblue GmbH. We store the details you enter in the enquiry form, including the contact details you provide, in order to handle your enquiry and in case of any follow-up questions. We do not share this data without your consent. The data entered in the contact form is thus processed exclusively on the basis of your consent (point (a) of Article 6(1) GDPR). You can withdraw this consent at any time. To do so, it is sufficient to send us an informal notification by email. The lawfulness of the data processing procedures carried out before your consent is withdrawn remains unaffected by such withdrawal. We retain the data you have entered in the contact form until you ask us to erase it, until you withdraw your consent to its storage or until the purpose of the data storage ceases to apply (e.g. once handling of your enquiry is complete). Mandatory legal provisions — particularly retention periods — remain unaffected.

6. Analysis tools


Our website uses Matomo (formerly Piwik), which is open-source software used for the statistical analysis of visitor access. We use Matomo cookie-free. The identification of a certain person is therefore impossible because your IP address is anonymised immediately after being processing and before being stored. The legal basis for the processing of personal data using cookies is point (f) of Article 6(1) GDPR. 1 lit.. Matomo is used for the purpose of improving the quality of our website and its content. We use it to learn how the website is used and it thus enables us to continuously improve our offering.

Klicken Sie auf den unteren Button, um den Inhalt von zu laden.

Inhalt laden

7. Integration of social embeds

We provide social  embeds from the social media networks Instagram and YouTube on our website. Social embeds are content from social networks which we integrate into our website in such a way that you do not have to leave it. This is called “embedding”. This involves the inclusion of posts, videos or other content from the companies Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; however, personal data may also be processed by Meta Platforms Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA), Instagram LLC (1601 Willow Road Menlo Park, CA 94025, USA; however, Facebook is responsible for Instagram in terms of data protection, see above) and YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA; however, Google Ireland Limited, Gordon House Barrow Street Dublin 4, D04E5W5, Ireland, is responsible for data protection and personal data may also be processed by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) on our website.

You can recognise the social embeds by the respective social media network logos next to an image or post or other content that is recognizable as external. Once these embeds have been activated, you will be able to see the content from each network that we have included on our website.

Before clicking on the respective “Show content” button (“Activation button”), our data protection-friendly activation solution prevents your personal data, such as your IP address, from being transferred to the respective social network. As long as you do not click on the Activation Button to view content, you remain invisible to the operators of the respective social network.

We use this data protection-friendly alternative (activation solution) to prevent social networks from tracking and storing Internet behaviour without an active contribution from the user.

By clicking the Activation Button you agree to the collection of your personal data by the respective network. The respective social network is responsible for the collection and processing of data, including the use of cookies and similar technologies by the social network. Presumably, specifically, information about which of our Internet pages you have visited, and your IP address are then transmitted to the social network, even if you do not have a profile with the respective network or are not logged in there at that time. If you are logged in as a member of the social networks, the network assigns the information to your personal user account. We do not receive any of this information.

We therefore recommend that you read the privacy policy of the respective network before clicking the Activation Button:

8. Data transfer

Insofar as we pass on your personal data specifically within the framework of the data processing described above, we have described this accordingly in the respective point in this privacy policy. In addition, we pass on your personal data in general as follows:


All personal data that we process within the framework of this website is processed by us or our service providers. If necessary, we transmit your personal data to external service providers, such as IT and website optimisation service providers, advertising agencies or analysis providers, in order to be able to offer you our services. We have carefully selected these service providers and concluded order processing agreements with them.

Third parties (so-called transfer recipients)

Contractual partners

We pass on your personal data to other controllers who process the personal data for their own purposes, insofar as this is necessary for the execution of the contract or the provision of services, e.g. within the scope of the order to the forwarding agent or the parcel delivery service or in connection with your membership in FC Bayern München e.V. or in connection with ticket purchases for FC Bayern München Basketball GmbH. Our contractual partners may use the data transmitted in this way exclusively for the purpose for which we transmitted it.

The transmission of your personal data for these purposes takes place for the fulfilment of the contract (Art. 6(1)(b) GDPR), or on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in making our business efficient.

Credit assessment

In justified cases (e.g. direct debit procedures), we exchange address and creditworthiness data with credit service companies for the purpose of a credit assessment. The service providers only receive access to such personal data as necessary for the performance of the respective activity. The legal basis is Art. 6(1)(f) GDPR (legitimate interest).

Legal obligation or enforcement of legal claims

Otherwise, we will only disclose your personal information to third parties if and to the extent required or permitted by law, to enforce legal rights, or to investigate or prevent suspected or actual illegal activity. In these cases, we will inform you separately about the respective transmission if and to the extent legally required.

Website service provider

Some functionalities on our website require the service providers to process your personal data on their own responsibility (e.g. for social media interactions; see also the information on social plug-ins and embeds under section 5 and for some website optimisation services). Our contractual partners may use the data transmitted in this way exclusively for the purpose for which we transmitted it.

The transmission of your personal data for these purposes takes place on the basis of our legitimate interest in providing you with the respective functionality. If your consent is required for transmissions to website service providers, we will inform you separately in advance.

Transfer to third countries

If we transfer your personal data to countries outside the European Economic Area (EEA) or commission processors in such countries (for example in the USA), we implement the standards and security mechanisms required by law. We achieve this, for example, by using service providers that are Privacy Shield-certified or by agreeing the so-called EU standard contracts. Please contact us as described in section 1 to learn more about the specific security mechanisms we use.

9. Your rights

You have the following legal rights against FC Bayern München AG with regard to your personal data, provided that the respective requirements are met. You can find further information on your rights and the relevant requirements on the EU Commission’s website at .

Right of access

As a data subject, you have the right to request confirmation as to whether we process personal data that concerns you. If this is the case, you have the right to information about this personal data, as well as other information, e.g. the processing purposes, the recipients and the planned duration of storage or the criteria for determining the duration.

Right to rectification and completion

As a data subject, you have the right to demand the correction of incorrect personal data without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.

Right to erasure (“right to be forgotten”)

As the person concerned, you may have the right to the erasure your personal data. For example, if your personal data is no longer necessary for its original purpose, you have revoked your privacy statement, or the personal data has been improperly processed.

Right to restriction of processing

As a data subject, you have the right to restrict the processing in the cases prescribed by law.

Right to data portability

As a data subject, you have the right, in the cases prescribed by law, to receive the personal data concerning you in a structured, common and machine-readable format.

Right of objection

As a data subject, you have the right to object at any time to the processing of certain personal data concerning you for any reason relating to your particular situation.

In the case of direct marketing, as the data subject, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising, including profiling insofar as it is linked to such direct marketing.

Right to revoke your consent under data protection law

You may revoke your consent to the processing of your personal data at any time with effect for the future. However, the lawfulness of the processing carried out before the revocation is not affected.

Right to complain to a data protection authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you reside, your place of work or the place where the alleged infringement was committed, if you believe that the processing of your personal data violates the GDPR.

The responsible supervisory authority for FC Bayern München AG is the Bayerische Landesaufsicht für Datenschutz (


Our privacy policy and also the descriptions in our cookie consent solution may change from time to time. This also includes further developments due to changes in our business and adjustments due to a changed legal situation and/or due to the implementation of new technologies or services on the website. Any updates to the privacy policy will be published by us on this page. In the event of significant changes, we will point this out accordingly. If you have any further questions that our privacy policy could not answer, please send an email to the following address:

Version: March 2022