Privacy policy

INTRODUCTION AND TERMS

1. Introduction

In operating our website https://jazzopen.online-ticket.de (hereinafter referred to as the "website"), we process personal data. We treat this data confidentially and process it in accordance with the applicable laws - in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG-neu). With our privacy policy, we want to inform you which personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain what rights you have to protect and enforce your data privacy.

2. Terms

Our data protection provisions contain technical terms that are used in the GDPR and the BDSG-new. For your better understanding, we would like to explain these terms in simple terms in advance:

2.1 Personal data

"Personal data" means any information relating to an identified or identifiable person (Art. 4 No. 1 GDPR). Details of an identified person can be, for example, their name or email address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining your own or third-party information to find out who the person is. A person can be identified, for example, by providing their address or bank details, their date of birth or user name, their IP addresses and/or location data. All information that can be used to identify a person in any way is relevant here.

2.2 Processing

Art. 4 no. 2 GDPR defines "processing" as any operation involving personal data. This applies in particular to the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

RESPONSIBLE COMPANY AND DATA PROTECTION OFFICER

3. Responsible party

Responsible for data processing is:
Company: Opus Festival-, Management- und Veranstalungs GmbH ("we")
Legal representative: Jürgen Schlensog (Managing Director)
Address: Mörikestraße 20, 70178 Stuttgart
Telephone: +49-711-509900
Fax: +49-711-5099015
E-mail: info@opus.live

4. Data protection officer

We have appointed a data protection officer for our company. You can reach him at:
Name: OPUS Festival-, Veranstaltungs- und Management GmbH
Address: Mörikestraße 20, 70178 Stuttgart
Telephone: +49-711-509900
Fax: +49-711-5099015
E-mail: info@opus.live

PROCESSING FRAME

5. Processing framework: Website

As part of the website with the URL https://jazzopen.online-ticket.de, we process the personal data of you listed in detail in sections 6-25 below. We only process data that you actively provide on our website (e.g. by filling out forms) or that you automatically provide when using our website.
Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the client are authorized to issue instructions to our contractors. We use external service providers to operate our website for hosting, maintenance, care and further development. If other external service providers are used for individual processing operations listed in sections 6-25, they will be named there.
Data transfer to third countries does not take place and is not planned. We will provide information about exceptions to this principle in the processing operations described below.

THE PROCESSING OPERATIONS IN DETAIL

6. Provision of the website and server log files

6.1 Description of the processing

Each time you visit the website, we automatically collect information that your browser transmits to our server. This information is also stored in the so-called log files of our system. This involves the following data
- Your IP address
- the browser software you are using, as well as its version and language
- the operating system you are using
- the website from which you accessed our website (so-called referrer)
- the subpages you have accessed on our website
- the date and time of your visit to our website
- Amount of data transferred

The temporary storage of your IP address by the system is necessary in order to be able to deliver our website to the users device. For this purpose, the users IP address must remain stored for the duration of the session. However, your IP address is not recorded in our log files.

6.2 Purpose

Processing is carried out to enable the website to be accessed and to ensure its stability and security. In addition, the processing serves the statistical evaluation and improvement of our online offer.

6.3 Legal basis

Processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 6.2.

6.4 Storage period

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

7 Registration and profile

7.1 Description of the processing

Individual functions and offers on our website are only available to you as a registered user. By registering, you conclude a free user agreement with us. By registering, you will receive your own user account on our website. You register by completing the registration form at https://jazzopen.online-ticket.de and sending it to us electronically. To register, you must enter your e-mail address, a user name of your choice and a password of your choice. By clicking on the "Register" button, you submit the form to us. You will then receive an automatic welcome e-mail. This contains a link to confirm your e-mail address. Your account will only be activated on our website once your e-mail address has been successfully verified by clicking on the confirmation link.

As a registered user, you can shop faster and more conveniently on our website by entering your billing and delivery addresses as well as your preferred payment method in your user profile. This means that you do not have to re-enter your personal data for subsequent (further) purchases.

In addition to the information you provide when registering, we process the following personal data from you to set up and maintain your user account:
- First name and surname
- e-mail address
- postal address
- Date of birth
- Delivery address (if different from address)
- Telephone number
- Company name

7.2 Purpose

The processing is carried out in order to provide you with the functions of our website for registered users.

7.3 Legal basis

The processing is necessary for the conclusion and fulfillment of the user contract (Art. 6 para. 1 lit. b GDPR). Without providing your personal data as part of the registration process, we cannot provide our contractually owed services.

7.4 Storage period

The data will be automatically deleted by us upon termination of your user contract. You can terminate the user contract yourself by informing us by e-mail to info@opus.live, by post to Opus Festival GmbH, Mörikestraße 20, 7178 Stuttgart or by fax to +49-711-5099015 that you no longer wish to be a registered user of our website. We will then delete your user account immediately. As a logged-in user, you can also edit your own details and information at any time.

8. purchasing

8.1 Description of the processing

You can shop on our website as a guest or as a registered user. We process your personal data as part of your order process. The mandatory fields marked with an asterisk "*" in our online store must be completed by you. Otherwise, we will not be able to conclude a purchase contract with you and send you the desired goods, such as event tickets, vouchers, gift packaging and merchandise products. All other information is voluntary. When making a purchase on our website, you can also select one of the payment methods offered (credit card, instant bank transfer, advance payment) to settle the purchase price. When you complete your order, the data required for payment will be forwarded to the relevant payment service provider. If you shop on our website as a registered user, you can enter your billing and delivery addresses as well as your preferred payment method in your user profile for faster and more convenient ordering.

8.2 Purpose

Processing takes place for the conclusion and processing of purchase contracts.

8.3 Legal basis

The processing is necessary for the conclusion and fulfillment of the purchase contracts (Art. 6 para. 1 lit. b GDPR).

8.4 Storage period

Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, we restrict processing after two years. This means that your data will then only be stored separately in order to comply with the statutory retention periods and will be deleted immediately after these have expired.

8.5 Recipients

In order to process your payment, personal data will be forwarded to one of the external payment service providers listed below and selected by you as part of your purchase:

Sofortüberweisung: Sofort GmbH. Further information on data protection at Sofortüberweisung can be found at
https://www.klarna.com/sofort/datenschutz/
Credit card: Saferpay SIX Payment Services AG, Hardturmstrasse 201, P.O. Box 1521, CH-8021 Zurich
Payment in advance

9. Contact form and contact by e-mail

9.1 Description of the processing

We have provided a contact form on our website for contacting us. In this form, you are asked to enter your e-mail address, your name and a message to us. If you click on the "Send" button, the data will be transmitted to us. The contact form can only be transmitted if you accept our privacy policy by clicking on the corresponding checkbox. You can also contact us via the e-mail addresses provided on the website. In this case, the personal data transmitted with the e-mail will be processed by us.

9.2 Purpose

By providing a contact form on our website, we want to offer you a convenient way to get in touch with us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and responding to your request.

9.3 Legal basis

Processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in Section 9.2. If the e-mail contact is aimed at the conclusion or fulfillment of a contract, the data processing is carried out for the fulfillment of the contract (Art. 6 para. 1 lit. b GDPR).

9.4 Storage period

We will delete the data as soon as it is no longer required to achieve the purpose for which it was collected. This is usually the case when the respective communication with you has ended. Communication ends when it can be inferred from the circumstances that your request has been conclusively clarified. If statutory retention periods prevent deletion, the data will be deleted immediately after expiry of the statutory retention period.

10. Cookies

10.1 Description of the processing

Our website uses cookies. Cookies are small text files that are stored on the users device when they visit a website. Cookies contain information that enables the recognition of an end device and possibly certain functions of a website. In most cases, we only use so-called "session cookies". These are automatically deleted when you end your internet session and close the browser. Other cookies remain stored on your end device for a longer period of time and enable partner companies to recognize your browser or computer (persistent cookies). Depending on the cookie, persistent cookies are automatically deleted after the specified storage period.

10.2 Purpose

We use cookies to make our website more user-friendly and to offer the functions described in section 10.1. Among other things, we work with advertising partners who help us to make our website as interesting as possible for you. For this purpose, cookies from third-party providers, our partner companies, may also be stored on your hard disk on our website. If we allow third parties to use such cookies, we will inform you in the following sections about the information collected in this way.

10.3 Legal basis

Processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 10.2.

10.4 Storage duration

Cookies are automatically deleted at the end of a session or at the end of the specified storage period. Since cookies are stored on your end device, you as the user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser.

Below we have compiled the links that will take you to instructions on how to change the settings in the most common browsers. Further information can be found in the support menu of your browser:

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/kb/ph21411?locale=de_DE
Opera: http://help.opera.com/Windows/10.20/de/cookies.html
Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, individual functions of our website cannot be used or can only be used to a limited extent.

11 Newsletter

11.1 Description of the processing

We send out a newsletter at irregular intervals. We use the newsletter to inform you about goods and services that you can purchase via our store and other information in this context. You will only receive our newsletter if you actively subscribe to our mailing list. You can subscribe by filling out and submitting a newsletter registration form on our website. You only need to enter your e-mail address to subscribe to the newsletter. All other details (such as your first name and surname) are voluntary and are used solely to personalize the e-mails.

We use the so-called double opt-in procedure to carry out and verify newsletter registrations. Registration takes place in several steps. First, you register for the newsletter on our website. You will then receive an e-mail from us at the e-mail address you have provided. In this e-mail, we ask you to confirm that you have actually subscribed to the newsletter and wish to receive it. Confirmation is provided by clicking on a confirmation link in the e-mail. Only after successful confirmation will we add you to our newsletter mailing list and send you future e-mails. As part of the double opt-in procedure, we store the date, time and your IP address both when you register and when you confirm.

11.2 Purpose

The processing takes place in order to offer the newsletter function and to be able to send subscribers newsletter e-mails. The collection and storage of the date, time and IP addresses when subscribing to the newsletter serves to document the consent given and to protect against the misuse of email addresses.

11.3 Legal basis

The processing of our subscriber newsletter is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. You can access the declaration of consent on our website. Your consent is voluntary. The collection and storage of date, time and IP addresses when registering for the newsletter is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 11.2.

11.4 Storage period and withdrawal of consent

If you do not confirm your registration for our newsletter within 24 hours of receiving the corresponding registration email, your data will be deleted automatically. We process your personal data for the duration of your newsletter subscription. You can unsubscribe from our newsletter at any time by withdrawing your consent. A simple declaration is sufficient for this (by e-mail to info@opus.live, by post to Opus Festival GmbH, Mörikestraße 20, 7178 Stuttgart or by fax to +49-711-5099015). You can also unsubscribe from the newsletter by clicking on the unsubscribe link in every newsletter e-mail. If you withdraw your consent, we will no longer send you newsletters and your personal data will be removed from our active mailing list. We will add your e-mail address to our so-called black list in order to enforce your revocation. This enables us to ensure that you do not receive any newsletters from us in future and that your email address is not misused by third parties.

11.5 Recipients and transfer to third countries

We use the services of the newsletter provider Mailjet to manage our newsletter mailing list and to send the emails. This takes place as part of order processing. Mailjet is a service provided by Mailjet SAS, 13-13 bis, rue de lAubrac, 75012 Paris, France.

12 Social networks

12.1 Description of the processing

Our website does not use any social media plugins. The social network logos displayed on our website are merely linked to the corresponding profiles of our company. If you click on one of the logos, you will be redirected to the external website of the respective social network.

13 Google Web Fonts

13.1 Description of the processing

Our website uses "Google Web Fonts", a font replacement service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). Google Web Fonts replaces the standard fonts of your device with fonts from Googles catalog when displaying our website. If your browser prevents the integration of Google Web Fonts, the text on our website will be displayed in the standard fonts of your device. The Google fonts are loaded directly from a Google server. In order for this to happen, your browser sends a request to a Google server. This may also transmit your IP address to Google in connection with the address of our website. However, Google Web Fonts does not store any cookies on your end device. According to Google, data that is processed as part of the Google Web Fonts service is transferred to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be related to the use of other Google services such as the search engine of the same name or Gmail. Further information on data protection at Google Web Fonts can be found at https://developers.google.com/fonts/faq?hl=de-DE&csw=1. General information on data protection at Google can be found at http://www.google.com/intl/de-DE/policies/privacy/.

13.2 Purpose

The processing is carried out in order to display the text on our website in a more legible and aesthetically pleasing way.

13.3 Legal basis

The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 13.2.

13.4 Recipients and transfer to third countries

The use of Google Web Fonts may result in personal data being transmitted to Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.

14 YouTube videos

14.1 Description of the processing

Our website uses services from "YouTube", a video platform operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use YouTube by embedding individual videos from the platform on our website as so-called iFrames so that they can be played directly on our website. The videos are embedded in the "extended data protection mode" offered on YouTube, i.e. no personal data will be transferred from you to Google as long as you do not play the videos. Only when you play a video will data be transferred to Google, over which we have no influence. If you play an embedded video on a subpage of our website, Google will be informed which subpage you have visited and which video you have watched. Your IP address may also be transmitted to Google. If you are logged in as a YouTube or Google user, Google will assign this information to your user account. Google stores your data as user profiles and uses them for advertising purposes, for market research and/or for the needs-based design of Google websites. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Google directly. Further information on data protection at Google can be found at http://www.google.com/intl/de-DE/policies/privacy/.

14.2 Purpose

The processing takes place in order to be able to show you videos on our website.

14.3 Legal basis

Processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 16.2.

14.4 Recipients and transmission to third countries

By integrating YouTube, personal data may be transmitted to YouTube LLC or Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.

15 Google Maps

15.1 Description of the processing

Our website uses "Google Maps", a service for displaying maps provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). We use Google Maps by embedding a map with our business address on our website. The map is loaded directly from a Google server. In order for this to happen, your browser sends a request to a Google server. As a result, your IP address may also be transmitted to Google in connection with the address of our website. However, Google Maps does not store any cookies on your end device. If you are logged in to Google when you visit our site, Google Maps assigns this information to your Google user account. Google stores your data as user profiles and uses them for advertising purposes, for market research and/or for the needs-based design of Google websites. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Google directly. Further information on data protection at Google can be found at http://www.google.com/intl/de-DE/policies/privacy/.

15.2 Purpose

The processing takes place in order to be able to show you an interactive map on our website.

15.3 Legal basis

Processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 20.2.

15.4 Recipients and transfer to third countries

Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.

16 Google Analytics

16.1 Description of the processing

Our website uses "Google Analytics", a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). Google Analytics uses cookies (see section 10), which enable your use of our website to be analyzed. We use Google Analytics in the "Universal Analytics" version offered, which allows this analysis across devices by assigning the data to a pseudonymous user ID. The information generated by the cookie is usually transferred to a Google server in the USA and stored there. However, we only use Google Analytics with IP anonymization. This means that your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The statistics compiled by Google Analytics record in particular how many users visit our website, the country or location from which access is made, which subpages are accessed and which links or search terms visitors use to reach our website. You can find the Google Analytics user conditions at http://www.google.com/analytics/terms/de.html. An overview of data protection at Google Analytics can be found at http://www.google.com/intl/de/analytics/learn/privacy.html. Googles privacy policy can be viewed at http://www.google.de/intl/de/policies/privacy.

16.2 Purpose

Processing is carried out in order to evaluate the use of our website. The information obtained is used to improve our online presence and design it in line with requirements.

16.3 Legal basis

Processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 21.2.

16.4 Storage period and right to object

We have explained the storage period and your control and setting options for cookies in Section 10. You can object to data processing by Google Analytics at any time by using the form provided by Google at Download and install the browser add-on offered by https://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you can click on the following link. This will place an opt-out cookie on your device that will prevent the collection of your data on future visits to this website: Deactivate Google Analytics. The analysis data processed and stored with Google Analytics will be automatically deleted by us after 14 months.

16.5 Recipients and transfer to third countries

Google Analytics acts as a service provider for us within the scope of order processing. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.

17 Google Tag Manager

Our website uses the "Google Tag Manager", a service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). No personal data is collected via Google Tag Manager and no cookies are set. This service only enables us to integrate and manage tags on our website. Tags are small code elements on our website that are helpful for measuring traffic and visitor behaviour with other tools, measuring the impact of online advertising and social channels, using remarketing and targeting, testing and optimizing the website. You can find more information about Google Tag Manager here: https://www.google.com/intl/de/tagmanager/use-policy.html

18 Google Adword Conversion and Google Remarketing

18.1 Description of the processing

Our website uses the advertising service "Google Adword Conversion", which is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). With the help of Google Adwords Conversions, we can place advertisements on external websites to draw your attention to our offers. The service also enables us to determine the reach and success of individual advertising measures. Our advertisements are delivered by Google via so-called "ad servers". For this purpose, Google uses so-called "Ad Server" cookies, which measure certain parameters for measuring success, such as the display of ads or clicks by users. If you access our website via a Google ad, Google Adwords will store a cookie on your device (see section 9). According to Google, these cookies are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie. The cookies enable Google to recognize your internet browser. If you visit the website of an Adwords customer and the cookie stored on your device has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to our website. A different cookie is assigned to each Adwords customer. Cookies can therefore not be tracked via the websites of Adwords customers. We ourselves do not process any personal data with our Google Adwords advertising measures. Google only provides us with statistical evaluations. Based on these evaluations, we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users on the basis of this information. When you visit our website, a connection to the Google servers is therefore established. We have no influence on the scope and further use of the data collected by Google through the use of Google Adwords Conversion and therefore inform you according to our state of knowledge: Through the integration of Google Adwords Conversion, Google receives the information which subpage of our website you have accessed or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out your IP address and store it.

Our website also uses the "Google Remarketing" advertising service, which is also operated by Google. Google Remarketing allows us to re-target you with advertisements for our offers on other websites that have joined the Google advertising network after you have visited our website. Google also uses cookies for this purpose, which are stored in your browser and through which your usage behavior is recorded and evaluated by Google when you visit various websites. This enables Google to determine your previous visit to our website and to show you advertisements for our offers on other websites. According to its own statements, Google does not merge the data collected in the context of remarketing with your personal data, which may be stored by Google. In particular, according to Google, pseudonymization is used in remarketing. Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.

18.2 Purpose

The processing takes place in order to carry out targeted online advertising for our own offers and to be able to evaluate their effectiveness and reach.

18.3 Legal basis

Processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 26.2.

18.4 Storage period and right to object

We have explained the storage period as well as your control and setting options for cookies in Section 9. You can object to data processing by Google Adwords Conversion and Google Remarketing at any time via the following website: http://www.google.com/ads/preferences.

18.5 Recipients and transfer to third countries

Through the integration of Google Adwords Conversion and Google Remarketing, personal data may be transmitted to Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.

19 Facebook Pixel

19.1 Description of the processing

Our website uses the remarketing service "Facebook Pixel", which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The "Facebook Pixel" enables us to place advertisements on the social network that are targeted precisely at those Facebook users who have shown an interest in our offer - e.g. through a previous visit to our website. With the help of the "Facebook Pixel", we can also track and evaluate the effectiveness and reach of our advertising on Facebook by recording whether Facebook users interact with our advertisements on the social network by clicking on the advertisements and being redirected to our website. When you visit our website a connection to the Facebook servers is therefore established and the "Facebook pixel" is embedded in our website. In addition, Facebook may store a cookie on your device (see section 10 above). If you are logged in to Facebook or log in to Facebook later, your visit to our website will be assigned to your user account. The data collected about you using the "Facebook pixel" is anonymous to us. It does not allow us to draw any conclusions about your person. However, Facebook can make a connection to your user profile. Data processing by Facebook is carried out in accordance with the companys data policy, which can be accessed at https://www.facebook.com/policy.php.

19.2 Purpose

The processing is carried out in order to carry out targeted online advertising for our own offers and to be able to evaluate their effectiveness and reach.

19.3 Legal basis

Processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 27.2.

19.4 Storage period and right to object

We have explained the storage period and your control and setting options for cookies in section 10. You can object to the collection of data by the "Facebook Pixel" and the use of your data to display Facebook ads at any time. To do so, you can click on the following opt-out link: Deactivate Facebook pixel

19.5 Recipients and transfer to third countries

By integrating the "Facebook Pixel", personal data may be transmitted to Facebook. Facebook also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.

20 Google reCAPTCHA

20.1 Description of the processing

Our website uses "reCAPTCHA", a service operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (hereinafter referred to as "Google"). With reCAPTCHA, we can check in forms whether the input is made by a human or by automated software - in particular so-called bots. This allows us to protect our website from spam and misuse. In this context, your IP address, the time spent on the website, mouse movements made by you and any other data required for the reCAPTCHA service are transmitted to Google. Further information on data protection at Google can be found at http://www.google.com/intl/de-DE/policies/privacy/.

20.2 Purpose

Processing is carried out to protect forms on our website against misuse and spam.

20.3 Legal basis

Processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 30.2.

20.4 Recipients and transfer to third countries

Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.

21 Content Delivery Networks (CDN)

21.1 Description of the processing

This webshop uses Amazon Cloudfront, a CDN (content delivery network) from Amazon Inc ("Amazon"). Through a CDN, files are sent from a very fast server that is as close as possible to your location. This shortens the loading time of the website, as only a small amount of data has to be loaded directly from our slower actual server. Amazon operates numerous servers in Europe (including in Frankfurt and Milan) in order to be able to send our files to you as quickly as possible. Purpose
The processing is carried out in order to shorten the loading time of our website.

21.2 Legal basis

The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 25.2.

21.3 Recipients and transmission to third countries

However, it cannot be technically ruled out that your browser (e.g. because you are accessing this website from outside the EU or for any other reason) accesses a server from outside the EU. In such a case, data will be sent from your browser directly to the respective country (North and South America, Asia, Australia). In this case, you consent to the transfer of your data to the USA and/or the country in which the respective server is located.

SECURITY MEASURES

22. security measures

To protect your personal data from unauthorized access, we have provided our website with an SSL or TLS certificate. SSL stands for "Secure Sockets Layer" and TLS for "Transport Layer Security" and encrypts the communication of data between a website and the users end device. You can recognize active SSL or TLS encryption by a small padlock logo that is displayed on the far left in the address bar of the browser.

YOUR RIGHTS

23. rights of data subjects

With regard to the data processing described above by our company, you have the following rights as a data subject:

23.1 Information (Art. 15 GDPR)

You have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you have a right of access to this personal data and to the further information listed in Art. 15 GDPR under the conditions set out in Art. 15 GDPR.

23.2 Rectification (Art. 16 GDPR)

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data.

23.3 Erasure (Art. 17 GDPR)

You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds listed in Art. 17 GDPR applies, e.g. if your data is no longer required for the purposes pursued by us.

23.4 Restriction of data processing (Art. 18 GDPR)

You have the right to demand that we restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that enables us to verify the accuracy of your data.

23.5 Data portability (Art. 20 GDPR)

You have the right, under the conditions set out in Art. 20 GDPR, to request the surrender of the data concerning you in a structured, commonly used and machine-readable format.

23.6 Withdrawal of consent (Art. 7 para. 3 GDPR)

You have the right to withdraw your consent to processing based on consent at any time. The revocation applies from the time of its assertion. In other words, it is effective for the future. Withdrawal of consent therefore does not retroactively render the processing unlawful.

23.7 Complaint (Art. 77 GDPR)

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You can assert this right with a supervisory authority in the EU Member State of your place of residence, your place of work or the place of the alleged infringement.

23.8 Prohibition of automated decision-making/profiling (Art. 22 GDPR)

Decisions that have legal consequences for you or significantly affect you may not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision-making, including profiling, with regard to your personal data.

23.9 Objection (Art. 21 GDPR)

If we process your personal data on the basis of Art. 6 para. 1 lit. f GDPR (for the protection of overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 GDPR. However, this only applies if there are grounds relating to your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defense of legal claims. In any case - regardless of a particular situation - you have the right to object to the processing of your personal data for direct marketing purposes at any time.

Status: November 2018