This Privacy Statement clarifies to you the nature, scope and purpose of processing personal data ("Data") in the context of the provision of our services as well as within our online offer and the websites associated with it, Features and content as well as external online presence, such as Our social media profiles on (collectively referred to below as an "online offering"). In terms of the terms used, such as We refer to the definitions in the kind "processing" or "responsible." 4 of the General Data Protection Regulation (GDPR).
Theatre Association Concordia Konzen 1947 e.V.
In the crow angl
e 25 52156 Mons
hau Phone: + 49 (0) 2472 48
5 Email: firstname.lastname@example.org
Types of data processed
-inventory data (e.g., personal master data, names or addresses).
-contact details (e.g., e-mail, telephone numbers).
-Content data (e.g., text input, photographs, videos).
-usage data (e.g., visited websites, interest in content, access times).
-Meta-/communication data (e.g., device information, IP addresses).
Categories of affected persons
Visitors and users of the online offer (below we also refer to the affected persons as "users").
Purpose of processing
-Providing the online offer, its features and content.
-Answering contact requests and communicating with users.
"Personal data" is any information relating to an identified or identifiable natural person (' the person concerned '); Identifiable is a natural person who is directly or indirectly, in particular by assigning it to an identifier such as a name, to a identification number, to location data, to an online identifier (e.g. Cookie) or can be identified as one or more special characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
"Processing" is any process performed with or without the help of automated procedures or any such sequence of operations in connection with personal data. The term goes far and encompasses virtually every handling of data.
"Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be assigned to a specific person concerned without the use of additional information, provided that this additional data Information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.
"Profiling" of any type of automated processing of personal data, which consists in this personal data being used to evaluate certain personal aspects relating to a natural person, in particular aspects To analyze or predict this natural person's work performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or change of location.
The "person responsible" is the natural or legal person, authority, institution or other body that decides alone or together with others on the purposes and means of processing personal data.
"Order processor" means a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.
Authoritative legal bases
By the sort. 13 We inform you about the legal basis of our data processing. For users from the scope of the General Data Protection Regulation (GDPR), i.e. The EU and the EEC, unless the legal basis is mentioned in the Privacy Statement, the following
applies: The legal basis for obtaining consenting is Art. 6 Abs. 1 lit. a and kind. 7 GDPR
; The legal basis for processing to fulfil our services and implement contractual measures, as well as answering inquiries, is Art. 6 Abs. 1 lit. b GDP
R; The legal basis for processing to fulfil our legal obligations is Art. 6 Abs. 1 lit. c GDPR
; In the event that vital interests of the person concerned or another natural person require the processing of personal data serves Art. 6 Abs. 1 lit. D GDPR as the legal basis.
The legal basis for the necessary processing to carry out a task which is in the public interest or in the exercise of public authority, which has been entrusted to the person responsible is a species. 6 Abs. 1 lit. e GDPR.
The legal basis for processing in order to safeguard our legitimate interests is Art. 6 Abs. 1 lit. F DSGVO.
The processing of data for purposes other than those for which it was held is determined by the requirements of Art 6 (1). 4 GDPR.
The processing of special categories of data (according to type. 9 para. 1 GDPR) is determined according to the specifications of the species. 9 para. 2 GDPR.
We meet in accordance with the statutory requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of processing, as well as the different probability of occurrence and severity of the Risk to the rights and freedoms of individuals, appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to it, entering, sharing, ensuring availability and its Separation. We have also established procedures to ensure a perception of affected rights, deletion of data and response to data exposure. We also take the protection of personal data into account in the development, or Selection of hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly presets.
Working with contract processors, jointly responsible and third parties
If, as part of our processing, we disclose data to other persons and companies (contract processors, jointly responsible persons or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of A legal permit (e.g. If the data is transmitted to third parties, such as payment service providers, for the fulfillment of the contract), users have consented to a legal obligation or on the basis of our legitimate interests (e.g. When using agents, web hosts, etc.).
If we disclose, transmit or otherwise grant access to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest and beyond that on a legal basis. This is the basis for this.
Transfers to third countries
If we provide data in a third country (i.e. Process outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or do so in the context of the use of third-party services or disclosure, or disclosure, or Transmission of data to other persons or companies is only done if it is necessary to fulfil our (before) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate rights. Interests are happening. Subject to legal or contractual permits, we process or leave the data in a third country only in the event of legal requirements. I.e. Processing takes place, for example. On the basis of special guarantees, such as the officially recognised finding of a level of data protection corresponding to the EU (e.g. For the United States through the Privacy Shield or compliance with officially recognized special contractual obligations.
Rights of the persons concerned
You have the right to request confirmation as to whether the data in question is processed and for information about this data, as well as on further information and copy of the data in accordance with the legal requirements.
You have accordingly. The legal requirements have the right to require the completion of the data concerning you or the correction of the incorrect data concerning you.
In accordance with the legal requirements, you have the right to demand that data in question be deleted immediately, or that the data in question be deleted. Alternatively, to require a restriction of the processing of the data in accordance with the legal requirements.
You have the right to request that the data you have provided to us be obtained in accordance with the legal requirements and to request that it be transmitted to other persons responsible.
You also have the right, in accordance with the legal requirements, to lodge a complaint with the competent supervisory authority.
Right of withdrawal
You have the right to revoke granted consents with effect for the future.
Right to Object
You may object to the future processing of the data concerning you at any time in accordance with the legal requirements. The objection may be made in particular against processing for direct advertising purposes.
Cookies and the right to object to direct advertising
"Cookies" are small files that are stored on users ' computers. Different information can be stored within the cookies. A cookie is primarily used to provide the information about a user (or To store the device on which the cookie is stored) during or after its visit within an online offer. As temporary cookies, or "Session cookies" or "transient cookies" are referred to as cookies that are deleted after a user leaves an online offer and closes their browser. In such a cookie, for example, can. The contents of a shopping basket are stored in an online store or login status. Cookies are referred to as "permanent" or "persistent," which remain stored even after the browser is closed. For example, Login status is saved when users visit it after several days. Similarly, such a cookie can store the interests of users used for range measurement or marketing purposes. Cookies are referred to as a "third-party cookie" offered by providers other than the person who runs the online offer (otherwise, if only its cookies are referred to as "first-party cookies").
If users do not want cookies to be stored on their computer, they are asked to disable the option in their browser's system settings. Saved cookies can be deleted from the browser's system settings. The exclusion of cookies can lead to functional limitations of this online offer.
Deletion of data
The data we process will be deleted or restricted in processing in accordance with the legal requirements. Unless expressly stated in the context of this Privacy Statement, the data stored with us will be deleted as soon as it is no longer necessary for its purpose and no legal retention obligations stand in the way of deletion.
Unless the data is deleted because it is necessary for other and legally permissible purposes, its processing will be restricted. I.e. The data will be blocked and will not be processed for any other purpose. This applies, for example, to For data that must be retained for commercial or tax reasons.
Changes and updates to the Privacy Statement
Order processing in the online shop and customer account
We process the data of our customers as part of the ordering processes in our online shop in order to give them the selection and ordering of the selected products and services, as well as their payment and delivery, respectively. Execution.
Data processed includes inventory data, communications data, contract data, payment data and those affected by the processing include our customers, prospects and other business partners. The processing is carried out for the purpose of providing contract services in the context of the operation of an online shop, billing, delivery and customer service. In doing so, we use session cookies for storing the shopping cart content and permanent cookies for storing login status.
Processing is carried out in order to fulfil our services and implement contractual measures (e.g. Performing order operations) and to the extent required by law (e.g., legally required archiving of transactions for trading and tax purposes). The information identified as required is necessary to justify and fulfil the contract. We only disclose the data to third parties in the context of delivery, payment or legal permissions and obligations, as well as on the basis of our legitimate interests, which we will provide you with in the context of this Privacy Statement. (E.g., to legal and tax advisors, financial institutions, freight companies and public authorities).
Users can create an optional user account by being able to view their orders in particular. As part of the registration process, the required mandatory information will be communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with respect to the user account, subject to their retention is necessary for commercial or tax reasons. Information remains in the customer account until it is deleted, followed by archiving in the event of a legal obligation or our legitimate interests (e.g., in the case of litigation). It is incumbent on users to secure their data before the end of the contract if they are terminated.
As part of the registration and re-registrations as well as use of our online services, we store the IP address and the time of the respective user store. The storage is based on our legitimate interests, as well as the user in terms of protection against abuse and other unauthorized use. In principle, this data is not passed on to third parties unless it is necessary to pursue our legal claims as a legitimate interest or there is a legal obligation to do so.
The deletion takes place after the expiry of legal warranty rights and other contractual rights or obligations (e.g., payment claims or performance obligations from contracts to me customers), whereby the requirement of the retention of the data is checked every three years Will; In the case of retention due to legal archiving obligations, the deletion takes place in this respect after it has expired.
Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as: Archiving. In doing so, we process the same data that we process as part of the performance of our contractual services. The processing bases are species. 6 Abs. 1 lit. C. GDPR, kind. 6 Abs. 1 lit. Q. GDPR. The processing affects customers, prospective customers, business partners and website visitors. The purpose and interest in processing lies in administration, financial accounting, office organization, archiving of data, i.e. tasks that govern our business activities, carry out our duties and provide our Benefits serve. The deletion of data relating to contractual services and contractual communication corresponds to the information cited in these processing activities.
We disclose or transmit data to the financial administration, consultants, such as, tax advisors or auditors, as well as other fee agencies and payment service providers.
We also store information about suppliers, organizers and other business partners, e.g. on the basis of our business interests, e.g. For later contact. In principle, we store this mostly company-related data on a permanent basis.
Participation in affiliate partner programs
Within our online offer, we set based on our legitimate interests (i.e. Interested in the analysis, optimization and economic operation of our online offer). Article. 6 Abs. 1 lit. R GDPR introduces industry-standard tracking measures to the extent that they are necessary for the operation of the affiliate system. Below we inform users about the technical background.
The services offered by our contractors can also be advertised and linked on other websites (so-called. Affiliate links or after-buy systems, if, for example, Links or services of third parties after the conclusion of the contract). The operators of the respective websites receive a commission if users follow the affiliate links and then take advantage of the offers.
In summary, it is necessary for our online offering that we can track whether users who are interested in affiliate links and/the offers available to us subsequently use the offers at the instigation of affiliate links or our Online platform. For this purpose, the affiliate links and our offers are supplemented with certain values, which are part of the link or otherwise, e.g. In a cookie, can be set. The values include, in particular, the initial website (referrer), time, an online identification of the operators of the website on which the affiliate link was located, an online identification of the respective offer, an online identification of the user, as well as Tracking-specific values such as Advertising ID, Partner ID and categorizations.
The online identifiers of the users we use are pseudonymous values. I.e. The online identifiers do not contain any personal data such as names or e-mail addresses. They only help us to determine whether the same user who clicked on an affiliate link or is interested in an offer through our online offer, perceives the offer, i.e. Such as. Has entered into a contract with the provider. However, the online identifier is personal in so far as the partner company and also us, the online identifier is available together with other user data. This is the only way the partner company can tell us whether the user has taken advantage of the offer and whether, for example, we have taken advantage of the offer. Be able to pay out the bonus.
When contacting us (e.g. Via contact form, e-mail, telephone or via social media), the user's details are used to process the contact request and how to process it. Article. 6 Abs. 1 lit. B. (In the context of contractual/pre-contractual relations), type. 6 Abs. 1 lit. Q. (Other inquiries) GDPR processed .. Users ' information can be stored in a customer relationship management system ("CRM System") or similar request organization.
We will delete the requests if they are no longer required. We check the requirement every two years; In addition, the legal archiving obligations apply.
Hosting and e-mail shipping
The hosting services we use are used to provide the following services: Infrastructure and platform services, computing capacity, storage and database services, e-mail delivery, security services and Technical maintenance services that we use for the purpose of operating this online offer.
In doing this, we process, or Our hosting provider inventory data, contact data, content data, contract data, usage data, meta-and communication data of customers, interested parties and visitors of this online offer based on our legitimate interests in an efficient and Secure provision of this online offer. Article. 6 Abs. 1 lit. f GDPR i.V.m. Article. 28 GDPR (completion contract of contract).
Collection of access data and log files
We, respectively, Our hosting provider, elevates on the basis of our legitimate interests in the sense of the species. 6 Abs. 1 lit. Q. GDPR data about every access to the server on which this service is located (so-called server log files). Access data includes name of the website retrieved, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type plus version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting providers.
Logfile information is available for security reasons (e.g. Stored for a maximum of 7 days to investigate acts of abuse or fraud) for a maximum period of 7 days and then deleted. Data that is required for further retention for evidentiary purposes are exempt from deletion pending a final resolution of the incident.
Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the users ' use of our online offering, to compile reports on the activities within this online offering, and to provide further information on the use of this online offer and the Internet use related services to provide us. Pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with IP anonymization enabled. This means that the IP address of users is being shortened by Google within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address to a server of Google in the USA is transferred and cut there.
The IP address transmitted by the user's browser will not be merged with other Google data. Users can prevent cookies from being stored by adjusting their browser software accordingly; Users can also prevent the collection of data generated by the cookie and related to its use of the online offer to Google, as well as Google's processing of that data by using it by using the browser plugin available under the following link. Download and install: http://tools.google.com/dlpage/gaoptout?hl=de.
The personal data of the users will be deleted or anonymised after 14 months.
Online presence on social media
We maintain online presence within social networks and platforms in order to communicate with the customers, prospective customers and users who are active there and to inform them about our services there.
We would like to point out that it allows users ' data to be processed outside the European Union area. This can pose risks for users, for example, because The enforcement of users ' rights could be made more difficult. With regard to US providers certified under the Privacy Shield, we would like to point out that they are committed to complying with EU data protection standards.
In addition, users ' data is usually processed for market research and advertising purposes. For example, Usage profiles are created from the usage behavior and the resulting interests of users. The usage profiles, in turn, can be used to, for example, To run ads inside and outside the platforms that are suspected to be in line with the interests of users. For these purposes, cookies are usually stored on users ' computers, in which users ' usage behaviour and interests are stored. In addition, the usage profiles may also store data independently of the devices used by users (especially if users are members of the respective platforms and are logged in to them).
The processing of the personal data of the users is based on our legitimate interests in the effective information of the users and communication with the users. Article. 6 Abs. 1 lit. Q. GDPR. If users are asked by the respective providers of the platforms for consent to the pre-described data processing, the legal basis of the processing is type. 6 Abs. 1 lit. SA, kind. 7 GDPR.
For a detailed presentation of the respective processing and opt-out options, we refer to the following linked information of the providers.
In the case of requests for information and the assertion of user rights, we would like to point out that these can be most effectively asserted by the providers. Only providers have access to users ' data and can take direct action and provide information. If you still need help, you can contact us.
-Facebook, pages, groups, (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the basis of an agreement on joint processing of personal data-Privacy Statement: https://www.facebook.com/about/privacy/, Pages specifically: https://www.facebook.com/legal/terms/information_about_page_insights_data, opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
-Google/YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – Privacy Statement: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
-Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Statement/Opt-Out: http://instagram.com/about/legal/privacy/.
-Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)-Privacy Statement: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
-Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Privacy Statement/Opt-Out: https://about.pinterest.com/de/privacy-policy.
-LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)-Privacy Statement https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
-Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)-Privacy Statement/Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.
-Wakalet (Wakelet Limited, 76 Quay Street, Manchester, M3 4PR, United Kingdom)-Privacy Statement/Opt-Out: https://wakelet.com/privacy.html.
-Soundcloud (SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany)-Privacy Statement/Opt-Out: https://soundcloud.com/pages/privacy.