Festspielhaus Management GmbH

We are pleased that you are visiting our website and thank you for your interest. Protecting your privacy while using our website is particularly important to us. Where names are mentioned, the persons concerned have given their consent. In other cases, names have been omitted for data protection reasons.

1. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union, and other provisions of a data protection nature is:

Festspielhaus Management GmbH
Im See 1
87629 Füssen
Germany

Tel.: +49 (0) 8362 / 5077-0
Email: info@das-festspielhaus.de
Website: www.das-festspielhaus.de

2. Contact Details of the Data Protection Officer

Email: datenschutz@das-festspielhaus.de

3. General Information

When you access our website, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, and similar data. This information does not allow any conclusions to be drawn about your identity. It is technically necessary in order to correctly deliver the content requested by you and is unavoidable when using the internet.

This anonymous information is evaluated statistically to optimize our website and the underlying technology.

We point out that data transmission over the internet (e.g., via email) may have security vulnerabilities and that complete protection of data against access by third parties cannot be guaranteed. We assume no liability for damages caused by such security gaps.

4. Cookies

The websites of Festspielhaus Management GmbH use cookies. Cookies are text files that are stored on a computer system via an internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters that allows websites and servers to assign the cookie to the specific browser in which it was stored. This makes it possible to distinguish the individual browser of the data subject from other browsers containing other cookies.

By using cookies, Festspielhaus Management GmbH can provide users with more user-friendly services that would not be possible without cookies.

Cookies allow us to optimize the information and offers on our website in the interests of users. As mentioned above, cookies enable us to recognize users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, users do not have to re-enter their login details each time they visit the website.

The data subject can prevent the setting of cookies at any time by means of a corresponding setting in their internet browser and may permanently object to the setting of cookies. Cookies already set can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If cookies are disabled, not all functions of the website may be fully usable.

5. Provision of the Website and Creation of Log Files

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data are collected:

Date and time of access
IP address of the user
Operating system version of the user
Browser type of the user
Page accessed by the user

The data are stored in system log files. These data are not stored together with other personal data of the user.

The purpose of data storage is the technical optimization of the website. The legal basis for temporary storage is Art. 6 para. 1 lit. f GDPR.

The data are stored for approximately two months and then automatically deleted. They are evaluated for statistical purposes only.

Festspielhaus Management GmbH provides any data subject, upon request, with information about what personal data is stored about them. Personal data will be corrected or deleted at the request of the data subject, provided there are no statutory retention obligations. The data protection officer named in this privacy policy and all employees of Festspielhaus Management GmbH are available as contact persons.

6. SSL Encryption

Our website uses SSL encryption for the transmission of confidential or personal content. Data encrypted via SSL cannot be read by third parties.

7. Subscription to Our Newsletter

On the website of Festspielhaus Management GmbH, users are given the opportunity to subscribe to our company newsletter. Which personal data is transmitted to the controller when ordering the newsletter is determined by the input form used for this purpose.

Festspielhaus Management GmbH regularly informs its customers and business partners about the company’s offers via newsletter. The newsletter can generally only be received by the data subject if:

a. the data subject has a valid email address, and
b. the data subject has registered to receive the newsletter.

When registering for our newsletter, the data provided during registration is transmitted to and stored by Newsletter2go. After registration, a confirmation email is sent to the provided email address for legal reasons using the double opt-in procedure. This confirmation email serves to verify whether the owner of the email address has authorized receipt of the newsletter. To protect against potential claims of unsolicited emails, Newsletter2go stores the date of registration as well as your IP address.

We hereby expressly inform you about the storage of the IP address by Newsletter2go. Further use of your IP address by Newsletter2go is excluded.

When signing up for the newsletter, the IP address assigned by the Internet Service Provider (ISP) to the computer system used by the data subject at the time of registration, as well as the date and time of registration, are also stored. Collecting this data is necessary to trace potential misuse of the email address at a later time and thus serves the legal protection of the controller.

The personal data collected during newsletter registration is used exclusively to send our newsletter. Additionally, newsletter subscribers may be informed by email if required for the operation of the newsletter service or related registration, for example in the case of changes to the newsletter offer or technical conditions.

The subscription to our newsletter can be cancelled by the data subject at any time. Consent to the storage of personal data provided for newsletter dispatch can be revoked at any time. A corresponding link for revoking consent is included in every newsletter. Furthermore, it is possible at any time to unsubscribe directly on the website of Festspielhaus Management GmbH or to notify the company in another way.

8. Why We Chose Newsletter2Go

For sending our newsletter, we chose the system Newsletter2Go. In addition to the crucial criterion of data security, there were several other decisive reasons for selecting Newsletter2Go. The ability to technically implement mailings to a large number of email recipients and recipient groups in a flexible, secure, and reliable manner qualified Newsletter2Go as a suitable provider.

The system offers excellent technical features and support, continuously invests in its website and services, and has highly secured IT systems. This enables us to send tailored information to our subscribers so that the content provides real added value.

From a legal perspective, the use of Newsletter2Go constitutes a transfer of your personal data. Newsletter2Go undertakes to protect the privacy of visitors and users of the Newsletter2Go website and to process personal data exclusively in accordance with applicable data protection laws and this privacy policy.

Employees of Newsletter2Go are regularly obligated to maintain data confidentiality. The legal basis for this includes the applicable statutory provisions, such as the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).

Further information about Newsletter2Go and data protection can be found at:
https://www.newsletter2go.de/datenschutz/

Brevo (formerly Sendinblue)

This website uses Brevo for sending newsletters. The provider is:

Sendinblue GmbH
Köpenicker Straße 126
10179 Berlin
Germany

Brevo is a service that can be used, among other things, to organize and analyze newsletter distribution. The data you enter for the purpose of receiving the newsletter are stored on the servers of Sendinblue GmbH in Germany.

Data Analysis by Brevo

With the help of Brevo, we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, were clicked. This allows us to determine which links are clicked most frequently.

In addition, we can identify whether certain predefined actions were carried out after opening or clicking the newsletter (conversion rate). For example, we can see whether you made a purchase after clicking on the newsletter.

Brevo also enables us to segment (“cluster”) newsletter recipients based on various categories. Newsletter recipients can, for example, be categorized by age, gender, or place of residence. This allows newsletters to be better tailored to specific target groups.

If you do not wish to be analyzed by Brevo, you must unsubscribe from the newsletter. A corresponding unsubscribe link is provided in every newsletter message.

Detailed information about Brevo’s features can be found at:
https://www.brevo.com/de/newsletter-software/

Legal Basis

Data processing is carried out on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You may revoke this consent at any time. The legality of data processing operations carried out prior to revocation remains unaffected.

Storage Duration

The data you provide to us for the purpose of receiving the newsletter are stored by us or by the newsletter service provider until you unsubscribe from the newsletter and are deleted from the newsletter distribution list after unsubscription. Data stored by us for other purposes remain unaffected.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us or by the newsletter service provider in a blacklist, if this is necessary to prevent future mailings. The data in the blacklist are used exclusively for this purpose and are not merged with other data. This serves both your interests and our interests in complying with legal requirements for sending newsletters (legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to this storage if your interests outweigh our legitimate interest.

Further details can be found in Brevo’s privacy policies:
https://www.brevo.com/de/datenschutz-uebersicht/
https://www.brevo.com/de/legal/privacypolicy/

Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a legally required data protection contract that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Further information about the features of Sendinblue can be found at:
https://de.sendinblue.com/newsletter-software/

9. Collection of Your Data via Our Contact Form

If you send us inquiries via our contact form, the information you provide in the inquiry form, including the contact details you enter there, will be stored by us for the purpose of processing your request and in case of follow-up questions. We do not pass on this data without your consent.

The processing of the data entered into the contact form is carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You may revoke this consent at any time. An informal notification by email is sufficient for this purpose. The legality of the data processing operations carried out up to the time of revocation remains unaffected by the revocation.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g. after your inquiry has been fully processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

10. Collection of Your Data Through Prize Draws

Participation in prize draws requires the provision of personal data. The participant assures that the personal information provided, in particular first name, last name, and email address, is truthful and accurate.

All personal data of participants will not be disclosed to third parties or made available for use without their consent.

In the event of a win, the winner agrees to the publication of their name and place of residence in the advertising media used by the organizer. This includes announcing the winner on the operator’s website and on its social media platforms.

If a participant wishes to withdraw their consent, they may contact our Data Protection Officer or any other employee of Festspielhaus Management GmbH at any time. Upon withdrawal of consent, the collected and stored data of the affected person will be deleted immediately.

11. Spotify

This website integrates functions of the music service Spotify. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. You can recognize Spotify plugins by the green logo on this website. An overview of Spotify plugins can be found at: https://developer.spotify.com

When you visit this website, the plugin establishes a direct connection between your browser and the Spotify server. Spotify thereby receives the information that you have visited this website using your IP address. If you click the Spotify button while logged into your Spotify account, you can link the content of this website to your Spotify profile. This allows Spotify to associate your visit to this website with your user account.

We point out that when using Spotify, cookies from Google Analytics may be used, meaning that your usage data may also be transmitted to Google. Google Analytics is a tool of the Google Group for analyzing user behavior, headquartered in the USA. Spotify alone is responsible for this integration. As the website operator, we have no influence on this data processing.

The storage and analysis of data are carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the appealing acoustic design of its website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further information can be found in Spotify’s privacy policy: https://www.spotify.com/de/legal/privacy-policy/

If you do not want Spotify to associate your visit to this website with your Spotify user account, please log out of your Spotify account.

12. Collection of Your Data When Purchasing Tickets

We collect, process, and use personal data only insofar as this is necessary for the establishment, content-related design, or modification of the contractual relationship (inventory data). This is carried out on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Personal data relating to the use of our website (usage data) are collected, processed, and used only insofar as this is necessary to enable the user to use the service or for billing purposes.

The collected customer data are deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

13. Data Transmission When Concluding a Contract for Services and Digital Content

We only transmit personal data to third parties if this is necessary for the processing of the contract, for example to the ticketing system commissioned for ticket purchases or the financial institution responsible for payment processing.

Further transmission of data does not occur, except where you have explicitly consented to it. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

14. Routine Deletion and Blocking of Personal Data

Festspielhaus Management GmbH processes and stores personal data of the data subject only for as long as necessary to achieve the purpose of storage or as prescribed by laws or regulations applicable to the controller.

If the purpose of storage no longer applies or a statutory retention period prescribed by European law or other applicable legislation expires, personal data are routinely blocked or deleted in accordance with legal requirements.

15. Your Rights

You have the right at any time to request information about the personal data we have stored about you. As part of this disclosure, we will explain how we process your data and provide you with an overview of the personal data stored about you.

You also have the right to be informed whether personal data have been transmitted to a third country or an international organization. If this is the case, you also have the right to information about the appropriate safeguards in connection with the transfer.

If your data stored with us are no longer up to date, you have the right to have them corrected.

You also have the right to have your personal data deleted, provided there is no statutory retention obligation. If deletion is not possible due to such an obligation, we will block your personal data upon request so that it is only available for this legal purpose.

If, for example, you believe that the personal data we hold about you is incorrect, you can request that the processing of your data be restricted.

If you wish to exercise your right to data portability, we will provide you with a digital copy of the personal data you have provided to us upon request.

To assert your rights, please contact our Data Protection Officer. The contact details can be found at the beginning of this privacy policy. This also applies if you wish to obtain copies of guarantees demonstrating an adequate level of data protection.

You may also make changes or withdraw consent by notifying us, which will take effect for the future.

16. Your Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of data protection law, you have the right to lodge a complaint with the competent supervisory authority.

The competent authority for data protection issues for our company is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach, Germany
Website: https://www.lda.bayern.de

Phone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
Email: poststelle@lda.bayern.de

16. Use of Instagram

Festspielhaus Management has included a link on this website to the Instagram account of Ludwigs Festspielhaus. Instagram is a free online service for sharing photos and videos and allows users to further distribute data across other social networks.

The service provider of Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

Further information and Instagram’s applicable privacy policy can be accessed at:
https://help.instagram.com/155833707900388
https://www.instagram.com/about/legal/privacy/

17. Use of Facebook

Festspielhaus Management has included a link on this website to the Facebook page of Ludwigs Festspielhaus. Facebook is a social network operated by the U.S. company Facebook Inc. It allows users to create private profiles for personal representation, company pages for business presence, and groups for private discussions of shared interests. Profiles can be connected through friend requests, and there is no limit to the number of subscribers.

The service provider of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For the processing of personal data, if a data subject resides outside the USA or Canada, the responsible entity is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Facebook’s published data policy is available at:
https://de-de.facebook.com/about/privacy/

It provides information on how Facebook collects, processes, and uses personal data, and explains privacy settings available to users. Various applications can be used to prevent data transfers to Facebook, such as the Facebook Blocker by Webgraph, which is available at:
http://webgraph.com/resources/facebookblocker/

These applications allow users to suppress the transfer of data to Facebook.

18. Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that allows us to integrate tracking or analytics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It is used solely to manage and deploy the tools integrated through it. However, the Google Tag Manager does collect your IP address, which may be transmitted to Google’s parent company in the United States.

The use of the Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on the website. If consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR, and consent can be revoked at any time.

19. Use of Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, duration of stay, operating systems used, and the user’s origin. This data may be compiled by Google into a profile associated with the respective user or their device.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.

The use of this analytics tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both the website and its advertising. If consent has been obtained (e.g., consent to store cookies), processing is carried out solely on the basis of Art. 6(1)(a) GDPR; consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs

IP Anonymization

We have enabled IP anonymization on this website. This means that your IP address is shortened by Google within member states of the European Union or other signatory states of the European Economic Area before being transferred to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the website operator, Google uses this information to evaluate your website usage, compile reports on website activity, and provide other services related to website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=de

More information on handling user data with Google Analytics can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

Data Processing Agreement

We have concluded a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Demographic Features in Google Analytics

This website uses the “demographic features” function of Google Analytics to display relevant ads to website visitors within the Google advertising network. Reports can be created containing information on the age, gender, and interests of site visitors. These data come from Google interest-based advertising and visitor data from third parties. The data cannot be assigned to a specific individual. You can disable this feature at any time in your Google account ad settings or generally prohibit the collection of your data by Google Analytics as described under “Objection to Data Collection.”

Data Retention

Data stored on a user and event level in Google, linked to cookies, user identifiers (e.g., User ID), or advertising IDs (e.g., DoubleClick cookies, Android advertising ID), is anonymized or deleted after 14 months. Details can be found here: https://support.google.com/analytics/answer/7667196?hl=de

20. Use of Google Maps

This site uses the mapping service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The operator of this website has no influence on this data transfer. When Google Maps is activated, Google may use Google Web Fonts for the uniform display of fonts. When Google Maps is loaded, your browser stores the required web fonts in its cache to display text and fonts correctly.

The use of Google Maps serves the interest of providing an appealing presentation of our online offerings and making the locations indicated on our website easily findable. This constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR. If consent has been obtained, processing is carried out solely on the basis of Art. 6(1)(a) GDPR; consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/
and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/

More information on handling user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de

21. Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to check whether the data input on this website (e.g., in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the visitor enters the website. reCAPTCHA evaluates various information during the analysis (e.g., IP address, duration of stay on the website, or mouse movements made by the user). The data collected during the analysis is transmitted to Google.

reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.

The storage and analysis of the data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated scanning and spam. If consent has been obtained, processing is carried out solely on the basis of Art. 6(1)(a) GDPR; consent can be revoked at any time.

Further information on Google reCAPTCHA can be found in Google’s privacy policy and terms of use: https://policies.google.com/privacy?hl=de
and https://policies.google.com/terms?hl=de

22. iThemes Security

We have integrated iThemes Security on this website. The provider is iThemes Media LLC, 1720 South Kelly Avenue, Edmond, OK 73013, USA (hereinafter iThemes Security).

iThemes Security is used to protect our website from unauthorized access or malicious cyberattacks. For this purpose, iThemes Security collects, among other things, your IP address, the time and source of login attempts, and log data (e.g., the browser used). iThemes Security is installed locally on our servers.

iThemes Security transmits IP addresses of recurring attackers to a central iThemes database in the USA (Network Brute Force Protection) to prevent such attacks in the future.

The use of iThemes Security is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in providing the most effective protection possible for its website against cyberattacks. If consent has been obtained, processing is carried out solely on the basis of Art. 6(1)(a) GDPR; consent can be revoked at any time.

23. YouTube with Enhanced Privacy

This website embeds videos from YouTube. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode ensures that YouTube does not store information about visitors to this website before they watch a video. However, the sharing of data with YouTube partners is not necessarily excluded. For example, YouTube connects to the Google DoubleClick network regardless of whether you watch a video.

When you start a YouTube video on this website, a connection is made to YouTube’s servers. The YouTube server is informed which pages of our website you have visited. If you are logged into your YouTube account, you allow YouTube to directly link your browsing behavior to your personal profile. You can prevent this by logging out of your YouTube account.

Additionally, YouTube may store various cookies on your device or use similar tracking technologies (e.g., device fingerprinting) when a video is played. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to compile video statistics, improve user-friendliness, and prevent fraud.

Further data processing may occur after starting a YouTube video, over which we have no influence.

The use of YouTube serves the interest of providing an appealing presentation of our online offerings. This constitutes a legitimate interest under Art. 6(1)(f) GDPR. If consent has been obtained, processing occurs solely based on Art. 6(1)(a) GDPR; consent can be revoked at any time.

More information on privacy at YouTube: https://policies.google.com/privacy?hl=de

24. Vimeo without Tracking (Do-Not-Track)

This website uses plugins from the video portal Vimeo. Provider: Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA.

When you visit one of our pages with Vimeo videos, a connection is made to Vimeo’s servers. The Vimeo server is informed which pages you visited. Vimeo also obtains your IP address. However, we have configured Vimeo so that it does not track your user activities and does not set cookies.

The use of Vimeo serves the interest of providing an appealing presentation of our online offerings. This constitutes a legitimate interest under Art. 6(1)(f) GDPR. If consent has been obtained, processing occurs solely based on Art. 6(1)(a) GDPR; consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses and, according to Vimeo, on “legitimate business interests.” Details: https://vimeo.com/privacy

More information on handling user data: https://vimeo.com/privacy

25. Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when users enter specific search terms on Google (keyword targeting). Targeted ads can also be displayed based on user data available to Google (e.g., location data and interests). As the website operator, we can analyze this data quantitatively, e.g., which search terms led to the display of our ads and how many clicks were generated.

The use of Google Ads is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the most effective marketing of its services and products.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details: https://policies.google.com/privacy/frameworks
and https://privacy.google.com/businesses/controllerterms/mccs/

26. Use of Google Remarketing

Google Remarketing analyzes your user behavior on our website (e.g., clicking on certain products) to assign you to specific advertising target groups and then display relevant ads to you when visiting other online offers (remarketing/retargeting).

Target groups created with Google Remarketing can also be linked with Google’s cross-device functionality. This allows interest-based, personalized ads, which were adapted to your previous usage and browsing behavior on one device (e.g., mobile phone), to also appear on another device (e.g., tablet or PC).

If you have a Google account, you can opt out of personalized advertising here: https://www.google.com/settings/ads/onweb/

The use of Google Remarketing is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in effective marketing of its products. If consent has been obtained, processing occurs solely on the basis of Art. 6(1)(a) GDPR; consent can be revoked at any time.

Further information and privacy policies: https://policies.google.com/technologies/ads?hl=de

Customer Match (Audience Building):
To create target audiences, we use Google Remarketing’s customer match. We provide certain customer data (e.g., email addresses) from our customer lists to Google. If the customers are Google users and logged into their Google account, relevant ads are displayed within the Google network (e.g., YouTube, Gmail, or Google Search).

27. Clarity

This website uses Clarity. Provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://docs.microsoft.com/en-us/clarity/
(hereinafter “Clarity”).

Clarity is a tool to analyze user behavior on this website. It records mouse movements and creates graphical heatmaps showing which parts of the website users scroll most frequently. Clarity can also record sessions, allowing us to view website usage as videos. Furthermore, it provides insights into general user behavior on the website.

Clarity uses technologies that allow recognition of users for the purpose of behavior analysis (e.g., cookies or device fingerprinting). Your personal data is stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA.

If consent has been obtained, Clarity is used solely based on Art. 6(1)(a) GDPR and § 25 TTDSG; consent can be revoked at any time. If no consent is obtained, Clarity is used based on Art. 6(1)(f) GDPR; the website operator has a legitimate interest in effective user analysis.

More information on Clarity privacy: https://docs.microsoft.com/en-us/clarity/faq

The company is certified under the “EU-US Data Privacy Framework” (DPF), which ensures compliance with EU data protection standards in the USA. More info: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active

Data Processing Agreement (DPA):
We have a data processing agreement for the use of the above service. This ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

28. Legal Basis for Processing

Art. 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary to fulfill a contract to which the data subject is a party, such as processing required for sending tickets or providing other services or consideration, the processing is based on Art. 6(1)(b) GDPR. The same applies to processing operations necessary for pre-contractual measures, e.g., in the case of inquiries about our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, such as fulfilling tax obligations, the processing is based on Art. 6(1)(c) GDPR.

In rare cases, processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would apply, for example, if a visitor were injured on our premises and their name, age, health insurance information, or other vital data had to be shared with a doctor, hospital, or other third parties. In such a case, processing would be based on Art. 6(1)(d) GDPR.

Finally, processing operations may be based on Art. 6(1)(f) GDPR. This legal basis covers processing that does not fall under any of the other legal bases when it is necessary to protect a legitimate interest of our company or a third party, provided that the interests, rights, and freedoms of the data subject do not override them. Such processing is permitted in particular because it is explicitly mentioned in Recital 47 of the GDPR. A legitimate interest may exist, for example, if a significant and appropriate relationship exists between the data subject and the controller, such as if the data subject is a customer or employee of the controller.

29. Duration of Storage of Personal Data

The criterion for the storage duration of personal data is the respective statutory retention period. After this period expires, the corresponding data is routinely deleted, provided it is no longer required for contract fulfillment or pre-contractual measures.

30. Provision of Personal Data

We inform you that providing personal data may be legally required (e.g., tax regulations) or may arise from contractual agreements (e.g., information about a contractual partner).

In some cases, the conclusion of a contract may require that a data subject provide us with personal data, which we then process. For example, a data subject is required to provide personal data when our company enters into a contract with them. Failure to provide the personal data would result in the contract not being concluded.

Before providing personal data, the data subject should contact our Data Protection Officer. The Data Protection Officer will inform the data subject on a case-by-case basis whether providing personal data is legally or contractually required or necessary for the conclusion of a contract, whether there is an obligation to provide the data, and what consequences arise from failing to provide it.

31. Existence of Automated Decision-Making

As a responsible company, we do not engage in automated decision-making or profiling.

32. Objection to Promotional Emails

The use of contact details published under the imprint obligation for sending unsolicited advertising and informational materials is hereby objected to. The website operators expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, e.g., via spam emails.

33. Changes to Our Privacy Policy

We reserve the right to occasionally update this privacy policy so that it always complies with current legal requirements or to reflect changes in our services, such as the introduction of new offerings. Your continued visit will then be subject to the new privacy policy.

34. Questions to the Data Protection Officer

If you have questions regarding data protection, please send us an email or contact our Data Protection Officer directly.

35. Handling of Applicant Data

We offer you the opportunity to apply to us (e.g., via email, by post, or through our online application form). Below, we inform you about the scope, purpose, and use of the personal data collected during the application process. We assure you that the collection, processing, and use of your data are carried out in accordance with applicable data protection laws and other legal provisions, and your data will be treated with strict confidentiality.

Scope and Purpose of Data Collection

When you submit an application to us, we process the personal data associated with it (e.g., contact and communication information, application documents, notes from interviews, etc.) insofar as this is necessary to make a decision regarding the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6(1)(b) GDPR (general pre-contractual measures), and – if you have given consent – Art. 6(1)(a) GDPR. Consent can be revoked at any time. Your personal data will be shared internally only with those involved in processing your application.

If the application is successful, the data you provided will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6(1)(b) GDPR for the purpose of managing the employment relationship.

Data Retention

If we are unable to make you a job offer, if you decline a job offer, or if you withdraw your application, we reserve the right to retain the data you submitted based on our legitimate interests (Art. 6(1)(f) GDPR) for up to six months from the end of the application process (rejection or withdrawal). After that, the data will be deleted, and any physical application documents will be destroyed. The retention period serves primarily as evidence in the event of legal disputes.

If it becomes apparent that the data may still be required after the six-month period (e.g., due to pending or imminent legal proceedings), deletion will only occur once the purpose for further retention no longer exists.

Longer retention may also occur if you have provided corresponding consent (Art. 6(1)(a) GDPR) or if legal retention obligations prevent deletion.

Inclusion in the Applicant Pool

If we do not make you a job offer, there may be an option to include you in our applicant pool. In this case, all documents and information from your application will be transferred to the applicant pool so that we can contact you for suitable vacancies.

Inclusion in the applicant pool is carried out solely on the basis of your explicit consent (Art. 6(1)(a) GDPR). Providing consent is voluntary and is not related to the ongoing application process. The data subject may revoke consent at any time. In that case, data in the applicant pool will be irrevocably deleted unless legal retention reasons exist.

Data in the applicant pool will be permanently deleted no later than two years after consent is granted.

Cookie Settings