Protecting your privacy is very important to us. Below we inform you in detail about the handling of your data regarding your visit to our website (www.rock-am-ring.com) and your use of our app RAR & RIP.
We also inform you in each section whether the tool or tracking used is relevant to the website www.rock-am-ring.com (hereinafter "website") or the app RaR & RIP (hereinafter "APP") or both.
1. Name and contact details of the controller and the Data Protection Officer
eventimpresents GmbH & Co KG
c/o CTS EVENTIM AG & Co. KGaA
You can reach our data protection officer here: email@example.com
2. General notes and mandatory information
a) Data protection and information on storage
We would like to point out that data transmission on the internet (e.g. communication by e-mail) may have security gaps. Complete protection of data against access by third parties is not possible.
b) SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.
c) External hosting of the website
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para.1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para.1 lit. f GDPR). Our hoster will only process your data to the extent that this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to the data.
We use the following hoster for our website:
340 S Lemon Ave #4133
Walnut, CA 91789
The data is also transferred to the US depending on the server location. We have signed a data processing agreement (DPA) with the above-mentioned provider. In addition, the data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://vercel.com/legal/Vercel_Inc_-_Data_Processing_Addendum.pdf. We have concluded these together with the DPA.
d) External hosting of the app
Our app is hosted on AWS through Appmiral, Scheldestraat 11, 2000 Antwerp, Belgium. The hosting provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter: AWS). When you use our app, your personal data is processed on the servers of AWS (EU-WEST 1 in Dublin). In the process, personal data may also be transferred to the parent company of AWS in the US. The data transfer to the US is based on the EU standard contractual clauses. Details can be found here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.
The use of AWS is based on Art. 6 para.1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website.
We have concluded a data processing agreement (DPA) with Appmiral.
3. Data collection on our website and app
a) Server log files
When you visit our website or app, the browser used on your end device automatically sends information to our website or app server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:
The aforementioned data will be processed by us for the following purposes:
Our internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising. Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions desired by you (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 para.1 lit. f GDPR, unless another legal basis is specified. We have a legitimate interest in storing cookies for a technically error-free and optimized provision of our services. Insofar as consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para.1 lit. a GDPR); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
If cookies are used by third parties or for analysis purposes, we will inform you separately within the framework of this data protection declaration and, if necessary, request your consent.
Our website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").
When you visit our website, the following personal data is transferred to Usercentrics:
Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent granted to you or its revocation. The data collected in this way will be stored until you request us to delete it, you delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected. Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para.1 lit. c GDPR.
We have concluded an data progressing agreement with Usercentrics.
The ticket shop is provided and managed by our ticketing partner CTS Eventim KGaA & Co KG. The responsible party in terms of data protection is therefore CTS Eventim KGaA & Co. KG. Therefore, please note the applicable data protection declaration at https://www.eventim.de/help/data-protection/.
c) Contact requests via e-mail or telephone
If you contact us by e-mail or phone, your request including all resulting personal data (name, request) will be stored and processed for the purpose of processing your request. We do not pass on this data without your consent. The processing of this data is based on Art. 6 para.1 lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Art. 6 para.1 lit. f GDPR) or on your consent (Art. 6 para.1 lit. a GDPR) if this was requested.
The data you send us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.
d) Press section of our website
(1) General information
In order to be able to use the press area of our website, you will require media access from us, which you can request from us by e-mail. For this purpose, we collect your name, e-mail address and telephone number and, if necessary, proof of your journalistic or press activities. The legal basis for this is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in processing your data is based on the fact that, for legal reasons, the press area of our website with the download options available there can only be made available to journalists and press representatives.
For press accreditations and as a cloud-based CRM, we use Heroku. The provider is Salesforce, Inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA. We have entered into an order processing agreement with Salesforce Inc. to ensure that your data is only processed based on our instructions. In addition, as the data may be transferred to a third country, we have entered into standard contractual clauses with the provider to ensure a level of protection appropriate to the EU/EEA. In addition, Salesforce Inc. is certified under the Data Privacy Framework.
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Any company certified under the DPF agrees to comply with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant- detail?contact=true&id=a2zt0000001L5AAI&status=Active.
The legal basis for the use of Heroku is Art. 6 para. 1 lit. f GDPR, as you can see described unter point (1) Gerneral information.
You can find more information about Heroku at https://www.salesforce.com/company/privacy/ or via firstname.lastname@example.org or email@example.com resp. by mail to: Salesforce Data Protection Officer, 415 Mission St., 3rd Floor, San Francisco, CA 94105, USA.
4. Analyzing tools
a) Tracking tools
The tracking measures listed below and used by us are carried out on the basis of Art. 6 para.1 lit. a GDPR. With the tracking measures used, we want to ensure a needs-based design and the ongoing optimization of our website and app. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as legitimate in the sense of the aforementioned regulation.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
b) Google Analytics
For the web analysis described above, we use the web analysis service Google Analytics, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
On our behalf, Google, as a processor within the meaning of Art. 28 GDPR, uses this information to evaluate your use of the websites, to compile reports on website activity and to provide other services related to website use and internet use to the website operator.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF agrees to comply with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant- detail?contact=true&id=a2zt0000001L5AAI&status=Active.
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
We use Google signals. When you visit our website, Google Analytics collects, among other things, your location, search history, and YouTube history, as well as demographic data (visitor data). This data can be used for personalized advertising with the help of Google signals. If you have a Google account, the visitor data from Google Signal will be linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymized statistics on the user behavior of our users.
Google Analytics E-commerce measurement
This website uses the "e-commerce measurement" feature of Google Analytics. E-commerce measurement allows us to analyze the buying behavior of our website visitors to improve our online marketing campaigns. This involves recording information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product. This data can be summarized by Google under a transaction ID that is assigned to the respective user or their device.
c) Google Firebase
Our app uses the Google Firebase technology (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, "Google"), an analytics service provided by Google Inc. to analyze user behavior.
The information generated about the use (app version, type and version of the device used, version of the operating system, the page requested, date and time of use, as well as the IP address used during use) is transmitted to a Google server in the US and stored there.
For the relevant data transfers to the US, Google Firebase refers to the standard contractual clauses of the EU Commission. Details can be found here: https://firebase.google.com/support/privacy
In addition, we have concluded a Joint Controller Contract (JCC) with Google with so-called standard contractual clauses, in which Google undertakes to process user data only in accordance with our instructions and to comply with the EU level of data protection.
Furthermore, certain actions collect information about them through the Firebase SDK while using the App. Actions such as installing and launching the app, app updates, uninstalling, updating the operating system, deleting app data, app crashes and in-app purchases, as well as receiving, swiping away and opening push notifications and opening and updating the app via a dynamic link, trigger the event-driven data collection of the Firebase SDK. To identify devices, the Firebase SDK uses an instantiated app identifier e.g. via the advertising ID.
On our behalf, Google will use this information for the purpose of evaluating your use of the app, compiling reports on our activities and providing other services relating to your use of the app. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.
The legal basis for the use of the data and use of Firebase is your consent in regards to Art. 6 para.1 lit. a GDPR. Your consent can be revoked at any time.
You can restrict the use of the advertising ID in the device settings (iOS: Privacy/ Advertising/ No ad tracking; Android: Account/ Google/ Ads). Google Analytics for Firebase (Google Inc.). Furthermore, we use Firebase Remote Config, which allows us to run A/B tests and customize the behavior and appearance of the app without downloading a new version. Personal data is not stored.
Here you can see which subcontractors Google uses: https://firebase.google.com/terms/subprocessors.
More information about Google Firebase and privacy can be found here: https://firebase.google.com/terms/data-processing-terms; https://firebase.google.com/terms/; https://firebase.google.com/support/privacy/.
d) Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6 para. 1 lit.f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link:
e) Facebook Pixel
This website uses the visitor action pixel from Facebook for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the US and other third countries.
In this way, the behaviour of page visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The collected data is anonymous for us as the operator of this website, we can not draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to the Facebook data use policy. This allows Facebook to serve ads on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.
The use of Facebook Pixel is based on your consent according to Art. 6 para.1 lit. a GDPR. Your consent is given via Usercentrics (see point 5. b) Usercentrics) and can be revoked by you at any time.
The data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
You can also disable the Custom Audiences remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged into Facebook to do this. If you do not have a Facebook account, you can opt out of Facebook's usage-based advertising at the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.
f) Online/Social Media Marketing with EDGE
For marketing measures on our websites, third-party websites and social networks, we enlist the support of EDGE. The provider is EDGE Entertainment Digital GmbH, a subsidiary of CTS EVENTIM AG & Co. KGaA.
The legal basis for the use is Art. 6 para. 1 lit. 6 GDPR. Our legitimate interest is to effectively set up campaigns on high-reach platforms such as Facebook, Instagram, Google, YouTube and TikTok.
If you purchase our products on our websites or sign up for newsletters, we will transmit your personal data to Edge Entertainment Digital GmbH for the implementation of advertising measures if you give us your consent to do so within the meaning of Art. 6 para. 1 lit.a DSGVO.
We are jointly responsible with EDGE for the processing of your personal data.
5. Plugins and tools
a) YouTube with extended data protection
This website embeds videos from the website YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube - regardless of whether you watch a video - establishes a connection to the Google DoubleClick network.
As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, after starting a video, YouTube may store various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.
If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
This website uses plugins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages equipped with Vimeo videos, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. In addition, Vimeo obtains your IP address. However, we have set Vimeo in such a way that Vimeo will not track your user activities and will not set any cookies.
The use of Vimeo is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. Insofar as a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Data transfer to the U.S. is based on the EU-U.S. Data Privacy Framework and/or the standard contractual clauses of the EU Commission, as well as, according to Vimeo, on "legitimate business interests".
On our website and app, functions of the music service Spotify are integrated. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm in Sweden. You can recognize the Spotify plugins by the green logo on this website. You can find an overview of the Spotify plugins at: https://developer.spotify.com.
This means that when you visit our website or use our app, a direct connection can be established between your browser and the Spotify server via the plugin. Spotify thereby receives the information that you have visited this website with your IP address. If you click the Spotify button while logged into your Spotify account, you can link the content of this website on your Spotify profile. This allows Spotify to associate your visit to this website with your user account.
We would like to point out that cookies from Google Analytics are used when using Spotify, so that your usage data can also be passed on to Google when using Spotify. Google Analytics is a tool of the Google Group for the analysis of user behaviour based in the USA. Spotify is solely responsible for this integration. We as the website operator have no influence on this processing.
The storage and data analysis through Spotify is based on Art. 6 para.1 lit. a GDPR. Your consent is given via Usercentrics (see point 5. b) Usercentrics) and can be revoked by you at any time.
If you do not want Spotify to associate your visit to this website with your Spotify user account, please log out of your Spotify user account.
d) Cashless payment at festivals
Only cashless transactions for payments are possible at our festivals. To offer this service, we use „GET“, a cashless payment tool from Global Event Technologies GmbH & CO KG, Neualmerstraße 37, 5400 Hallein, Austria.
A link on our website or app will take you directly to GET. You can register on GET´s website with the number of your festival ticket and, if you enter your payment details, transfer money on your chip for payments. The chip itself will be given to you at the festival. The registration with GET and the processing of your personal data is voluntary and is based on your consent in accordance with Art. 6 para.1 lit. a GDPR. For this purpose we have concluded a data processing agreement with GET.
When registering via GET, your personal data may be transferred to the US. Further information on data processing at GET can be found in their data protection information: https://www.get.systems/privacy-policy/.
It is also possible to transfer money on your chip without registering with GET. This can be done directly at the festival in form of a cash deposit at one of our information stands. This option allows you to use our cashless payment function without providing personal data. However, a refund of unused credit requires a registration via GET. This is based on our legitimate interest in accordance with Art. 6 para.1 lit. f GDPR to offer refunds as efficiently as possible.
6) Newsletter data
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only on a voluntary basis. For the handling of the newsletter, we use newsletter service providers, which are described below.
This website uses Brevo for the sending of newsletters. The provider is the Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Brevo services can, among other things, be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter are archived on servers of Sendinblue GmbH in Germany.
Data analysis by Brevo
Brevo enables us to analyze our newsletter campaigns. For instance, it allows us to see whether a newsletter message has been opened and, if so, which links may have been clicked. This enables us to determine, which links drew an extraordinary number of clicks.
Moreover, we are also able to see whether once the e-mail was opened or a link was clicked, any previously defined actions were taken (conversion rate). This allows us to determine whether you have made a purchase after clicking on the newsletter.
Brevo also enables us to divide the subscribers to our newsletter into various categories (i.e., to “cluster” recipients). For instance, newsletter recipients can be categorized based on age, gender, or place of residence. This enables us to tailor our newsletter more effectively to the needs of the respective target groups.
If you do not want to permit an analysis by Brevo, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the website.
For detailed information on the functions of Brevo please follow this link: https://www.brevo.com/de/newsletter-software/.
The data is processed based on your consent (Art. 6 para. 1 lit. f GDPR). You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.
For more details, please consult the Data Protection Regulations of Brevo at: https://www.brevo.com/de/datenschutz-uebersicht/ and https://www.brevo.com/de/legal/privacypolicy/.
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
7. Social media
a) General information
Our social media presences are intended to ensure the broadest possible presence on the Internet. We want to communicate with our visitors and inform them about events and news. The specific media portals used are listed under the following points.
Social networks such as Facebook, Instagram, etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous processing operations relevant to data protection. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.
Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest of ours within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on deviating legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).
Joint Controller and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operators of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
The data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.
You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to object, data portability and the right to complain to the competent supervisory authority. Furthermore, you can demand the correction, blocking, deletion and, under certain circumstances, the restriction of the processing of your personal data.
b) Facebook Fanpage
Our Facebook page uses the services of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta"). If you are registered with this service, your visit to our Facebook page may be linked to your account. Even if you are not registered there or have not logged in, it is possible that Facebook receives and stores information such as your IP address (more detailed under a) General information). You can find more information on data processing at https://de-de.facebook.com/policy.
Meta provides the operators of Fanpages with so-called Facebook Insights. These are summarized data, through which page operators can obtain information about how users interact with their page (details can be found here:
Facebook and we are jointly responsible for the processing of this data according to Art. 26 GDPR. Therefore, we have entered into a joint processing agreement (Joint Controller Addendum) with Meta.
The agreement is limited exclusively to the collection of the data and its forwarding to Facebook. Processing that takes place after the onward transfer by Facebook is not part of the joint responsibility. The obligations incumbent on us jointly have been set out therein and can be viewed at the following link:
Your rights under Art. 13 et seqq. GDPR (e.g. request for information) regarding the data processed by Facebook can be asserted directly with Facebook. You can contact the data protection officer of the provider of the Facebook service at the following link:
You can object to the data processing here:
If you assert your data protection rights with us, we will forward the request to Facebook.
Data transfer to the U.S. is based on the EU-U.S. Data Privacy Framework and/or the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited ("Meta"), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When you visit the platform, your profile information as well as information about the visit is essentially processed by Meta. Data is also processed if you do not have an Instagram account or are not logged in.
We process the data of visitors to our profile, in particular information about user interactions (e.g. likes and comments), public profile information, demographic and statistical data, as well as the data transmitted to us in the context of messages and comments.
We use the statistics function to learn more about the visitors to our profile. Demographic and statistical data in the context of so-called "Insights" data help us to adapt our content to the respective target group. This is aggregated data for us, a personal reference is not possible for us.
Instagram and we are jointly responsible for the processing of this data in accordance with Art. 26 GDPR. Therefore, we have concluded a joint processing agreement (Joint Controller Addendum) with Meta.
The agreement is limited exclusively to the collection of the data and its forwarding to Facebook. Processing that takes place after the onward transfer by Facebook is not part of the joint responsibility. The obligations incumbent on us jointly have been set out therein and can be viewed at the following link: https://www.facebook.com/legal/controller_addendum.
Data transfers to the U.S. are based on the EU-U.S. Data Privacy Framework and/or the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Data transmission to third countries is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
e) X (formerly Twitter)
We use the short message service X (formerly Twitter). The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
You can customize your X privacy settings in your user account. Click on the following link and log in:
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link:
8. Transfer of personal data
a) Legal basis
We will only pass on your personal data to third parties if this is necessary to achieve our purposes and at least one of the following legal bases exists:
b) Data transfer to the USA
We largely, but not exclusively, rely on service providers located within the EU/EEA or a third country for which the European Commission has adopted an adequacy decision within the meaning of Art. 45 of the GDPR. Even in the case of service providers based within the EU/EEA, however, we cannot guarantee in individual cases that they will store or process your data exclusively on servers in countries where a level of protection comparable to that in the EU/EEA prevails.
Among other things, we use tools from companies based in the USA. If these tools are active, your personal data may be transferred to these third countries and processed there. We note that the European Commission has adopted an adequacy decision for the EU-U.S. Data Privacy Framework (successor to the "Privacy Shield"). The decision states that the United States will ensure an adequate level of protection - comparable to that of the European Union - for personal data transferred from the EU to U.S. companies within the new framework. Based on this sectoral adequacy decision, personal data can be transferred securely from the EU to U.S. companies participating in the framework ("Data Privacy Framework") without having to implement additional data protection safeguards. To participate, companies must have certified themselves with the U.S. Department of Commerce. If they have not done so, the adequacy decision does not serve as a basis for secure data transmission. In these cases, we enter into Standard Contractual Clauses (SCC) with the service providers. By concluding standard contractual clauses within the meaning of Art. 46para. 1(c) GDPR, we provide guarantees for the protection of your data.
In addition, we encrypt or pseudonymize personal data before transferring it to a service provider in a third country, if this is technically possible and appropriate.
9. Data subject rights
You have the right to,
10. Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para.1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular reason.
If you wish to exercise your right to object, simply send an e-mail to firstname.lastname@example.org.
11. Data security
Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted when you see the closed key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.