Banner

Privacy Policy according to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)

1. Principles of data processing and general information

With this privacy policy we inform you on how we handle your personal data when you visit our ticket shop. In order to provide the functions and services of our ticket shop, it is necessary for us to collect certain personal data about you. In the following, we explain the type and scope of the respective data processing, the purpose and the corresponding legal basis as well as the respective storage period of your personal data.

According to Art. 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable person. This includes, for instance, information such as your first and last name, your address, your telephone number, your e-mail address, but also your IP address.

Data for which no reference to your person can be established, such as in the case of anonymization, is not considered personal data. Processing (e.g. collecting, storing, reading, querying, using, transmitting, deleting or destroying) according to Art. 4 No. 2 GDPR always requires a legal basis or your consent. Processed personal data must be deleted as soon as the purpose of the processing has been achieved and (additionally) there are no longer any legally binding retention obligations.

This privacy policy only applies to this website. It does not apply to other websites to which we merely refer via hyperlink. We cannot accept any responsibility for the confidential handling of your personal data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on these websites.

2. Responsible legal entity

See impressum / imprint at the bottom of this page.

3. Use of the website

a) Type and scope of data processing

If you use this website without otherwise transmitting data to us (e.g. by registering or using the contact form), we collect (via server log files) technically necessary data that are automatically transmitted to our server, including:

  • IP address, date and time of the request
  • Name and URL of the retrieved file
  • Website of origin (referrer URL)
  • Access status/HTTP status code
  • Browser type
  • Language and version of browser software
  • Operating system

b) Purpose of data processing and legal basis
This processing is technically necessary to enable us to display our website to you. We also use the data to ensure the security and stability of our website.
The legal basis for this processing is Art. 6 para. 1 lit. f) GDPR. The processing of the aforementioned data is necessary for the display and use of a website and thus serves our legitimate interest.

c) Storage period
As soon as the aforementioned personal data is no longer required for the display of the website, it will be deleted. Further storage may take place in individual cases if required by law.

4. Use of so called cookies

a) Type, scope and purpose of data processing
Cookies are small files that are sent to the browser of your device (during your visit to our website) and stored there. We use cookies to ensure IT security or to be able to display this website properly and according to the state of the art on various end devices. In this respect, there is an overriding legitimate interest on our part.
Various types of cookies are used on our website. Nature and function of the cookies are explained below. Subject to your consent (via the cookie banner), we use other cookies that help us to achieve our commercial business objectives.

Temporary cookies/session cookies
If you agree, so-called temporary cookies or session cookies are used on our website, which are automatically deleted as soon as you close your browser. This type of cookie makes it possible to record your session ID. This makes it possible to assign different requests from your browser to a common session, for example if you access this page in different tabs of your browser.
This type of cookie makes it possible to record your session ID. This enables us to assign different requests from your browser to a common session, for example if you access this page in different tabs of your browser.

Permanent cookies
On our website, so-called permanent cookies are used, provided you have given your consent. Permanent cookies are cookies that are stored in your browser for a longer period of time and can transmit information. The respective storage period differs depending on the cookie. You can delete permanent cookies independently via your browser settings.

Browser settings
Most web browsers are preset so that cookies are automatically accepted. However, you can configure your browser in a way that it only accepts certain cookies or none at all. However, we would like to point out that you then may no longer be able to use all the functions of our website. Furthermore, it is possible to configure your browser settings to notify you before cookies are stored. As the various browsers may differ in their respective modes of operation, we ask you to consult the respective help menu of your browser for the relevant options. Deactivating the use of cookies may require the storage of a permanent cookie on your computer. If you subsequently delete this cookie, you will have to deactivate it again.

5. Cookie Policy

a) List of cookies

The cookies listed in the table below are necessary to browse our website and use the features necessary to purchase tickets. They are necessary for basic functions of our website.

name of Cookie

categorie

description

duration

country of data processing

source

cookies_and_content 
_security_policy

functional

Duration of cookie settings

1 year

Germany

 https://ticketshop.aditus.de

In addition, we use optional cookies on our website. These help us to design the site even more suitable for you and to improve it. In this way, we are able to recognize returning visitors and count them as such, and to find out how often our web pages have been accessed by different users.

By clicking on "agree to cookies" or "reject cookies" when you visit our site for the first time, you can decide (or have already done so) yourself whether these cookies are set. The data processing is thus based on Art. 6 para. 1 letter a GDPR (consent).

You can revoke your consent at any time via the above-mentioned e-mail address.

For the needs-based design of our websites, we create pseudonymous usage profiles with the help of Google Analytics. Google Analytics uses targeting cookies that are stored on your terminal device and can be read by us.

The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there. However, as we have activated IP anonymization on our website, your IP address will be shortened by Google beforehand within member states of the European Union.

We have also concluded EU standard contractual clauses with Google LLC (USA). Accordingly, Google will use all information strictly for the purpose of evaluating your use of our website and compiling reports on website activity for us.

Google sets the following cookies when you visit our website and consent to the use of the Google Analytics cookie:

name of Cookie

category

description

duration

country of data processing

source

_ga

Functional/
Statistics

Google Analytics

2 years

USA

google.com

_gid

Functional/
Statistics

Google Analytics

1 day

USA

google.com

_gat_gtag
_UA_360085
80_1

Functional/
Marketing

Google Tag Manager

1 minute

USA

google.com

 

The Analytics cookies are only set if the "Statistics" option is active in the cookie settings (banner). The Tag Manager cookies are only set if the "Marketing" option is active in the cookie settings.

In addition, information about usage is also collected and stored on this website in anonymized form using a procedure from Comscore. This data is stored on your computer using cookies and allows the use of the website to be analyzed in anonymized form. Under no circumstances can the data obtained be used to identify visitors to this website personally.

The collected data is only used to improve the website. Therefore, all IP addresses are only stored in anonymized form. No other use or disclosure to third parties will take place.

b) Legal basis
Based on the purposes described, the legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f) GDPR or Art. 6 para. 1 lit. a) GDPR.

c) Storage period
As soon as the data transmitted to us via the cookies is no longer required for the purposes described above, this information is deleted. Further storage may take place in individual cases if this is required by law.

6. Data collection for the implementation of pre-contractual measures and for the fulfilment of contracts according to article 6 GDPR

a) Type and scope of data processing
In the pre-contractual area and when concluding a contract, we collect personal data about you. This concerns, for example, your first and last name, address, e-mail address, telephone number or data which you enter in our contact form.

b) Purpose and legal basis of data processing
We collect and process this data exclusively for the purpose of executing the contract or fulfilling pre-contractual obligations.
The legal basis for this is Art. 6 para. 1 lit. b) GDPR. If you have also given your consent, the additional legal basis is Art. 6 para. 1 lit. a) GDPR.

c) Storage period
The data is deleted as soon as it is no longer required for the purpose of its processing. In addition, there may be legal storage obligations, for example, storage obligations under commercial or tax law in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO). If such retention obligations exist, we will block or delete your data at the end of these retention obligations.

6a. Privacy policy for social networks (e.g. Facebook, Instagram, Xing and LinkedIn)

a) General

We maintain publicly accessible profiles on various social networks, e.g. Facebook, Instagram, Xing and LinkedIn. Your visit to these profiles initiates a variety of data processing operations. In the following, we provide you with an overview of how your personal data is collected, used and stored by us when you visit our social network profiles (personal data is any information that can be assigned to you as a specific person, e.g. name, age, address, photos, e-mail addresses, and possibly IP addresses). Furthermore, we inform you about your rights with regard to the processing of your personal data. You are not obliged to provide us with your personal data. However, this may be necessary for individual functionalities of our profiles in social networks. These functionalities will not be available to you or only to a limited extent, if you do not provide us with your personal data.

When you visit our profiles, your personal data will usually be collected, used and stored not only by us, but also by the operators of the respective social network. This also happens if you do not have a profile in the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily transparent for us. For details about the collection and storage of your personal data as well as the type, scope and purpose of their use by the operator of the respective social network, please refer to the privacy statements of the respective operator:

  • the privacy statement for the social network LinkedIn, which is operated by Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, can be viewed at

    www.linkedin.com/legal/privacy-policy

The above services Facebook and Instagram belong to Meta Platforms Inc., USA. Meta Platforms Inc. complies with the EU-US Privacy Shield Framework Agreement and the Swiss-US Privacy Shield Framework Agreement regarding the collection and processing of personal data of advertisers, customers or business partners in the European Union and Switzerland.

b) Information on the collection of personal data

(1) The data controller, including contact details, can be found at the bottom of this page under imprint/Impressum.  

(2) Facebook and Instagram

As the operator of a Facebook fan page or Instagram company profile page, we can only view the information stored in your public profile, if you have such a profile and are logged in to it while accessing our company page. In addition, Facebook or Instagram may provide us with anonymous usage statistics, which we use to improve the user experience when visiting our fan page/profile page. We do not have access to the usage data that Facebook or Instagram collect to create these statistics. Facebook and Instagram, respectively, have committed to us to assume primary responsibility under the GDPR for the processing of this data, to comply with all obligations under the GDPR with respect to this data, and to provide data subjects with the essence of this commitment. These data processing operations serve our (and your) legitimate interest in improving the user experience when visiting our company profile pages in a targeted manner. The legal basis for the data processing is thus Art. 6 para. 1 lit. f) GDPR. In addition, Facebook and Instagram use so-called cookies that are stored on your end device when you visit our profile pages, even if you do not have your own Facebook profile or Instagram profile or are not logged into it during your visit to our company page. These cookies allow Facebook or Instagram to create user profiles based on your preferences and interests and to show you advertising tailored to these preferences (within and outside of Facebook or Instagram). Cookies remain on your device until you delete them. For details, please refer to the privacy statements of Facebook or Instagram linked above.

(3) Xing and LinkedIn

XING and LinkedIn allow their users or “members” to manage their professional and private contacts and make new ones. Companies can set up a company profile page with logo and short profile, publish news and create discussion groups.

A personal profile with administrator rights must be assigned to the company profile. Dialog in groups can only be done via the personal profile of a member.

To use the network functions, you must be registered as a user or “member” on XING or LinkedIn. In contrast to other social networks, XING or LinkedIn are based more on a combination of personal and electronic contact. They are less commercial and less visual. The focus is on professional exchange on specialist topics with people who have the same professional interests. In addition, XING is frequently used by companies and other organizations for recruiting personnel and presenting themselves as attractive employers.

Xing and LinkedIn provide further information under their data protection notices linked above.

XING and LinkedIn respectively provide us with anonymous usage statistics, which we use to improve the user experience when visiting our company profile pages. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our company profile pages in line with the target group.

(4) If you use our profiles on social networks to contact us (e.g., by creating your own posts, responding to one of our posts, or sending us private messages), the data you provide to us will be processed by us solely for the purpose of contacting you. The social media accounts (or the data processing there) also have the purpose of supplementing our Internet pages and provide users with the opportunity to enter into dialogue with us. The legal basis for data collection is thus Art. 6 (1) a) and b) GDPR. We delete stored data as soon as their storage is no longer necessary. In the event of statutory obligations, we limit the processing of stored data accordingly.

c) Your rights as a person affected by data processing

As a person affected by data processing, you also have the following rights in relation to our social media presences:

  • You have the right to receive information from us about the processing of your personal data within the scope of Art. 15 GDPR;

  • You have the right, within the scope of Art. 16 GDPR, to request from us without undue delay correction of inaccurate personal data concerning you and/or completion of incomplete personal data;

  • You have the right, within the scope of Art. 17 GDPR, to request the immediate deletion of the personal data concerning you;

  • You have the right, within the scope of Art. 18 GDPR, to request the restriction of data processing concerning you;

  • You have the right, within the scope of Art. 20 GDPR, to receive the personal data concerning you that you have provided to us in a structured and machine-readable format and to transfer this data to another controller;

  • You have the right, within the scope of Art. 21 GDPR, to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, where the processing is based on an overriding interest or where your data is used for the purposes of direct marketing;

  • You have the right to revoke your consent to data processing at any time, without this affecting the lawfulness of the data processing carried out on the basis of the consent until the revocation;

  • You have the right to complain to a supervisory authority about our processing of your data (see below).

6b. Regarding the tool reCAPTCHA of Google Inc.

The service "Google reCAPTCHA" (hereinafter reCAPTCHA) is used on our website. The service provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as Google).

The purpose of reCAPTCHA is to check whether data entry on our Internet pages (e.g. in a ticket order form) is made by a natural person or by an abusive computer program (so-called bot). For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google to prevent misuse (e.g. hacking) and thus also to protect your data left with us.

The data processing is based on Art. 6 para. 1 lit. f DSGVO. As site operator, we have a legitimate interest in protecting the web offers from abusive automated spying and from SPAM. To ensure data protection, we have agreed with Google on legal guarantees so that the EU data protection rules (DSGVO) are complied with (standard contractual clauses).

For more information about Google reCAPTCHA and Google's privacy policy, please see the following links: Datenschutzerklärung – Datenschutzerklärung & Nutzungsbedingungen – Google and reCAPTCHA .

6c. Microsoft Azure Privacy Policy 

To enable the use of certain Microsoft Azure services, personal data must be transferred to the following recipients:

  • Microsoft Ireland Operations Limited, for the purposes of order processing and contract performance.
  • Microsoft Corporation, for the purposes of order processing and contract performance and fulfillment of its own purposes.
  • as well as subcontractors (external link) and support service providers.

Microsoft processes the data on our behalf or on behalf of our service provider and accordingly may only use the data in accordance with our instructions and for our purposes. However, Microsoft also uses personal data for its own purposes and is then to be regarded as its own data controller.

A transfer of personal data in the context of the use of Microsoft services to third countries without an adequacy decision and without appropriate guarantees that are equivalent to the security level of the EU cannot be completely ruled out.

Guarantees for the international transfer of data to Microsoft Corporation and sub-processors are provided by the standard contractual clauses agreed with Microsoft.

With regard to the M365 Azure Cloud, Microsoft adheres to the C5 standard issued by the Federal Office for Information Security (BSI) for Germany. In this, Microsoft confirms that the data is only stored locally within Germany. Further information on this can be found at: Cloud Computing-Konformitätskriterienkatalog (C5) - Microsoft Compliance (external link). 

Full details of the service provider:

Microsoft Ireland Operations Limited

One Microsoft Place, South County Business Park, Leopardstown Dublin 18, Ireland

Microsoft Corporation 

One Microsoft Way Redmond, Washington 98052

Use of Azure Services

Purpose

The purpose of the processing is login handling such as, single sign-on, multi-factor authentication, etc., including care, vendor support, continuous improvements and statistical usage analysis.

This includes disclosure for the following Microsoft purposes:

  • Billing and account management
  • Compensation
  • Internal reporting and modeling
  • Combating fraud
  • Cybercrime or cyberattacks
  • Improving core functionality related to accessibility, privacy, or energy efficiency
  • Financial reporting
  • Compliance with legal obligations

 Legal basis

  • For individuals identifiable in the communication Art. 6 para. 1 subpara. 1 lit. e DSGVO, §  13 para. 7 TMG.
  • For the persons who use Azure-AD in the role of  employees furthermore Art. 6 para. 1 subpara. 1 lit. b DSGVO in conjunction with. § 106 of the German Trade, Commerce and Industry Regulation Act, collective agreement, employment contract.

Legal bases for disclosure to Microsoft (beyond commissioned processing).

  • For licensed persons Art. 6 para. 1 Subpara lit. b DSGVO

Data categories

  1. communication data
  2. basic personal data
  3. authentication data
  4. contact information
  5. profiling
  6. log file with accesses
  7. system generated log data

 Categories of data subjects

  • For data categories 1-7: Individuals who use or administer Azure-AD.
  • For data categories 1, 5, 6: individuals who are identifiable in communications and documents

 Recipients

  • Microsoft Ireland Operations Limited, for the purposes of processing and performance of contracts (see above for address)
  • Microsoft Corporation, for the purposes of processing and performance of contracts and for its own purposes (see above for address)
  • and their sub-processors

 Guarantees for international data transfer

Storage periods

  • 90 days after deletion of the account upon request or objection (data categories 4-7)
  • 90 days after deletion of content data, after cessation of necessity (data categories 1-3)
  • 180 days (data categories 8, 9)

For more information about Microsoft Azure Cloud, please see Microsoft's privacy policy: Starke Datenintegrität in der Cloud | Microsoft Trust Center

Trans-Atlantic Data Privacy Framework (TADPF)

The Trans-Atlantic Data Privacy Framework is a framework for transferring data between the European Union and the United States that has been in effect since 2023. This contains flanking guarantees and restrictions on data access by US authorities.

The Microsoft Corporation has been certified within the framework of the TADPF. Therefore, the Trans-Atlantic Data Privacy Framework is applicable to Microsoft services.

6d. Payment service provider

a) Description and scope of data processing

Payment service providers offer payment services for the processing of contracts for the purchase and sale of products, such as trade fair tickets, between customers and ticket merchants, which are concluded in the ticket store. In this context, the payment service provider accepts payments from customers using the various payment methods on its own account at a credit institution and disburses the funds from the sale of the products to the merchants.

For the payment itself, customers can choose between the payment options provided in the ticket store or the payment methods integrated by third-party providers, such as Sofortüberweisung, Klarna or Paypal.

The data that you enter for the purpose of payment in the check-out will be processed primarily in the context of your ticket order and the associated payment processing and may be passed on to third parties in this context, in particular the payment providers.

At the same time, various business and customer-related internal security measures are implemented in the context of the payment process in order to mitigate and control the risks of terrorist financing and money laundering in accordance with the legal requirements under the German Money Laundering Act (GWG), as well as fraud prevention measures on the part of the payment service provider.

Klarna

For the Klarna Invoice payment methods, Klarna checks and evaluates the customer's data information and, if there is a justified reason, maintains a data exchange with other companies and credit agencies. If the creditworthiness of the customer is not guaranteed, Klarna may refuse the customer thereon payment methods and must point to alternative payment options. The transfer takes place in accordance with Art. 6 para. 1 lit. b DSGVO and only to the extent necessary for payment processing.

Further details on payment with Klarna can be found in Klarna's privacy policy at: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

Paypal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b DSGVO and only to the extent necessary for payment processing.

PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including information on the credit agencies used, please refer to PayPal's data protection declaration: PayPal-Datenschutzerklärung .

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

Paydirect

On our website we offer, among other things, payment by Paydirekt. The provider of this payment service is Paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, Germany (hereinafter "Paydirekt").

When you make payment using Paydirekt, Paydirekt collects various transaction data and forwards it to the bank with which you are registered with Paydirekt. In addition to the data required for the payment, Paydirekt may collect further data such as delivery address or individual items in the shopping cart as part of the transaction processing.

Paydirect then authenticates the transaction using the authentication procedure stored with the bank for this purpose. The payment amount is then transferred from your account to our account. Neither we nor third parties have access to your account details.

For further details on payment with Paydirekt, please refer to the General Terms and Conditions and the Privacy Policy of Paydirekt at: paydirekt GmbH - Betreiber des Zahlverfahrens giropay.   and PayPal Privacy Statement

Sofortüberweisung

On our website we offer, among other things, payment by "Sofortüberweisung". The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter "Sofort GmbH").

With the help of the "Sofortüberweisung" procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfill our obligations.

If you have chosen the payment method "Sofortüberweisung", you transmit the PIN and a valid TAN to Sofort GmbH, with which it can log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have transmitted. It then immediately sends us a transaction confirmation. After logging in, it also automatically checks your turnover, the credit line of the overdraft facility and the existence of other accounts and their balances.

In addition to the PIN and the TAN, the payment data you have entered as well as data about yourself are also transmitted to Sofort GmbH. Your personal data includes your first and last name, address, telephone number(s), email address, IP address and, if necessary, other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent fraud attempts.

The transmission of your data to Sofort GmbH is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.

You can view further details on payment with Sofortüberweisung here: http://www.sofort.de/datenschutz.html   and Sofort | Sofortüberweisung. Einfach und direkt bezahlen. .

b) Further purposes of data processing

The processing of data in the context of payment processing is necessary in particular for the provision of order processing on our website. It thus serves to fulfill a contract with the user or to carry out pre-contractual measures.

The implementation of business and customer-related internal security measures for the purpose of minimizing and managing the risks of money laundering and terrorist financing serves to fulfill legal requirements under the Money Laundering Act.

c) Recipients and categories of recipients

A transfer of data to third parties in the context of payment processing always takes place only within the framework of legal regulations or order data processing.

d) Periods of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. With regard to data collected for the performance of a contract or for the implementation of pre-contractual measures, this is the case when the data is no longer required for the performance of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations, such as those arising from the limitation periods for warranty claims or from obligations to retain data under tax law.

You can view the periods of the payment service providers under the above links of the payment service providers.

e) Possibility of change

Until the final recording of the data by sending the order, you can change the data yourself, remove it from the input mask or change the payment method according to your wishes.

7. Data transmission

We only pass on your personal data to third parties if:

a) You have given your consent in accordance with Art. 6 Para. 1 lit. a) GDPR.

b) This is legally permissible and necessary according to Art. 6 Para. 1 lit. b) GDPR for the fulfilment of a contractual relationship with you or the implementation of pre-contractual measures.

c) There is a legal obligation for the transfer according to Art. 6 Para. 1 lit. c) GDPR.

d) we are legally obliged to transfer data to state authorities, e.g. tax authorities, social insurance carriers, health insurance companies, supervisory authorities and law enforcement agencies.

e) The disclosure is necessary in accordance with Art. 6 Para. 1 lit. f) GDPR for the protection of legitimate business interests, as well as for the assertion, exercise or defense of legal claims and if there is no reason to assume that you have a prevailing interest in the non-disclosure of your data.

f) In accordance with Art. 28 GDPR, we use external service providers, so-called processors, who are contractually obliged to handle your data in line with der GDPR. Corresponding data processing contracts have been concluded.

We use such service providers in the areas of:

  • IT
  • Sales
  • Marketing

When transferring data to external bodies in third countries, i.e. outside the EU or EEA, we ensure that these bodies treat your personal data in line with the GDPR. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we ensure the GDPR conform handling of personal data through contractual agreements or other suitable guarantees.

8. Your privacy rights (GDPR rights)

With regard to the personal data concerning you, you have the right to information, to correction or deletion, to restriction of processing, to objection to processing and to data portability.
You also have the right to complain about the processing of your personal data to the data protection supervisory authority.

Here you will find current contact information the data protection supervisory authorities for all federal states in Germany: Landesbehörden
In addition, you will find contact information for other European data protection authorities here: Europäische Datenschutzbehörden