Privacy Policy

Privacy Policy

General information about the processing of your data

We are obliged by law to inform you about the processing of your personal data (hereinafter referred to as “data”) when you use our website. We take the protection of your personal information very seriously. This data protection notice informs you about the details of the processing of your data and about your legal rights in this regard. For terms such as “personal data” and “processing”, the legal definitions pursuant to Art. 4 GDPR apply. We reserve the right to adapt the privacy policy with future effect, in particular in the event of further development of the website, the use of new technologies or changes to the legal bases or the corresponding case law. We recommend that you read this privacy policy from time to time and take a printout or a copy for your records.

Scope

This privacy policy applies to all pages of www.oper-leipzig.de. It does not cover any linked websites of other providers.

Responsible provider

The following party is responsible for the processing of personal data within the scope of this privacy policy:

Oper Leipzig
Augustusplatz 12, 04109 Leipzig
Phone: +49 341/ 12 61 261; email: service@oper-leipzig.de

Questions about data protection

If you have any questions about data protection with regard to our company or our website, you can contact our data protection officer:

Thomas Schultz
Postal address:
Data protection officer
Martin-Luther-Ring 4-6, 04109 Leipzig
Phone: +49 341/ 123 2247; email: datenschutzbeauftragter@leipzig.de

Security

We have taken comprehensive technical and organisational precautions to protect your personal data from unauthorised access, abuse, loss and other external disruption. To this end, we regularly review our security measures and adapt them to current standards.

Your rights

You have the following rights with regard to the personal data concerning you that you can assert against us:

  • Right of access: You can request access to the personal data concerning you which we process, as set forth in Art. 15 GDPR.
  • Right to rectification: If the information concerning you is not (or no longer) correct, you can request its rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
  • Right to erasure: You may request the erasure of your personal data in accordance with Art. 17 GDPR.
  • Right to restriction of processing: Pursuant to Art. 18 GDPR, you have the right to demand that the processing of your personal data be restricted.
  • Right to object to processing: Pursuant to Art. 21(1) GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data which occurs based on Art. 6(1) Sentence 1(e) or (f) GDPR. If you object, we will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). Furthermore, under Art. 21(2) GDPR you have the right to object at any time to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that this is related to such direct marketing. In this privacy policy, we draw your attention to this right to object when describing each processing operation.
  • Right to withdraw your consent: If you have given your consent for processing, you have a right to withdraw that consent under Art. 7(3) GDPR.
  • Right to data portability: You have the right to receive the personal data you have given us in a structured, commonly used, machine-readable format (“data portability”) and the right to transfer this data to another controller, if the prerequisites of Art. 20(1) (a), (b) GDPR are fulfilled (Art. 20 GDPR).

You can assert your rights by informing us using the contact details specified above under “Responsible provider” or by contacting the data protection officer designated by us.

If you believe that the processing of your personal data violates data protection law, then under Art. 77 GDPR you also have the right to lodge a complaint with a data protection supervisory authority of your choice. This also includes the data protection supervisory authority responsible for the controller: Saxon Commissioner for Data Protection, Postfach 110132, 01330 Dresden, +49341 85471 101, saechsdsb@slt.sachsen.de.

Using our website

In principle, you can use our website for purely informational purposes without disclosing your identity. When you access the individual pages of the website in this sense, this only results in access data being transferred to our web hosting service so that the website can be displayed to you. This involves the following data being processed:

  • Browser type/browser version
  • Operating system used
  • Language and version of the browser software
  • Date and time of access
  • Hostname of the accessing device
  • IP address
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Websites accessed via the website
  • Referrer URL (website visited before)
  • Notification of whether the access was a success and
  • Volume of data transferred.

It is necessary for this data to be processed temporarily in order to make it technically possible for you to visit our website and to deliver the website to your device. The access data is not used to identify individual users and is not combined with other data sources. The data is also stored in log files, in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests lie in ensuring the functionality, integrity and security of the website. Storing access data in log files, in particular the IP address, for a longer period of time enables us to detect and prevent misuse. This includes, for example, defending against requests that would overload the service as well as against bots. The access data will be erased as soon as it is no longer required for achieving the purpose of its processing. In the case of recording the data to provide the website, this is the case when you end your visit to the website. The log data is generally stored directly and in such a way that it can only be accessed by administrators, and it is erased after fourteen days at the latest. After that, it is only indirectly available by reconstructing backups, and is finally erased after a maximum of four weeks.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Responsible provider” above.

Cookies

In addition to the aforementioned access data, so-called cookies are stored in the internet browser of the device you use to access the website. These are small text files with a sequence of numbers that are stored locally in the cache of the browser used. Cookies do not become part of the device system and cannot execute programs. They serve to make our website user-friendly. The use of cookies may be technically necessary or may occur for other purposes (e.g. analysis/evaluation of website use).

Technically necessary cookies

Some elements of our website require that the retrieving browser can be identified even after a page change. This involves processing the following data in the cookies:

  • Items in shopping basket and
  • Log-in information.

The user data collected by technically necessary cookies is not processed to create user profiles. We also use session cookies, which store a session ID that can be used to assign various requests from your browser to the shared session. Session cookies are required for using the website. In particular, they enable us to recognise the device used when you return to the website. If you have a customer account with us, we use this cookie to recognise you on subsequent visits to the website; otherwise you would have to log in again each time you visited. The legal basis of this processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests in the processing lie in providing the aforementioned special functionality and thereby making the use of our website more attractive and effective. The session cookies are erased as soon as you log out or, depending on which browser you are using and your browser settings, when you close the browser.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You can object to this processing by cookies by adjusting your browser settings to disable or restrict cookies. Cookies that have already been saved can be deleted at any time in your browser settings. You can also prevent the use of cookies by opening your browser in “private mode”.

Technically non-essential cookies

In addition, we also use cookies on the website to enable an analysis of users’ surfing behaviour. For example, this involves processing the following data in the cookies:

  • Frequency of page views
  • Use of website functions.

The legal basis of this processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests lie in making the website more efficient and attractive. The technically non-essential cookies are automatically erased after a specified period, which may vary depending on the cookie. Where we integrate cookies from third-party providers into our website, we point this out to you separately below.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You can object to this processing by cookies by adjusting your browser settings to disable or restrict cookies. Cookies that have already been saved can be deleted at any time in your browser settings. You can also prevent the use of cookies by opening your browser in “private mode”.

Contacting our company

When you contact our company, e.g. by email or using the contact form on the website, we will process the personal data you provide so that we can respond to your request. In order for us to process enquiries submitted via the contact form on the website, it is essential that you provide a first and last name as well as a valid email address. At the time the message is sent to us, your IP address and the date and time of registration will be processed. The legal basis of this processing is Art.6(1) Sentence1(f)GDPR and Art.6(1) Sentence 1(b) GDPR, if the contact is made with the intention of concluding a contract. If the request is aimed at concluding a contract, it is necessary for you to provide your data in order to conclude a contract. If you do not provide your data, it will not be possible to conclude or execute a contract (in the form of establishing contact or processing the request). Processing the personal data from the form serves the sole purpose of processing the contact you make with us. Where you contact us by email, this also constitutes the necessary legitimate interest in the processing of the data. The other data processed during the submission process serves to prevent any misuse of the contact form and to ensure the security of our information technology systems. The data will not be transmitted to third parties in this context. As soon as processing is no longer necessary, which is usually two years after the end of the communication, we erase the data generated in this context.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Responsible provider” above.

Processing for contractual purposes

We process your personal data if and to the extent necessary for the initiation, creation, execution and/or termination of a legal transaction with our company. The legal basis for this results from Art. 6(1) Sentence 1(b) GDPR. It is necessary for you to provide your data in order to conclude the contract and you are contractually obliged to provide your data. If you do not provide your data, it will not be possible to conclude and/or execute a contract. Once the purpose has been achieved (e.g. contract processing), the personal data will be blocked for further processing or erased, unless we are entitled to keep processing the data on the basis of a consent granted by you (e.g. consent to the processing of your email address for sending promotional emails), a contractual agreement, a statutory authorisation (e.g. authorisation to send direct marketing) or on the basis of justified interests (e.g. retention for asserting claims).

Your personal data will be passed on to third parties if

  • it is necessary for the creation, execution or termination of legal transactions with our company (e.g. when transmitting data to a payment service provider/a shipping company to process a contract with you) (Art. 6(1) Sentence 1(b) GDPR), or
  • a subcontractor or party we use to perform our obligations, which we use exclusively within the framework of providing the offers or services requested by you, needs this data (unless you are expressly informed otherwise, such auxiliary parties are only entitled to process the data insofar as this is necessary for the provision of the offer or service), or
  • there is an enforceable official order (Art. 6(1) Sentence 1(c) GDPR), or
  • there is an enforceable court order (Art. 6(1) Sentence 1(c) GDPR), or
  • we are legally obliged to do so (Art. 6(1) Sentence 1(c) GDPR), or
  • the processing is necessary in order to protect the vital interests of the data subject or another natural person (Art. 6(1) Sentence 1(d) GDPR), or
  • this is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6(1) Sentence 1(e) GDPR), or
  • we can cite our overriding legitimate interests, or those of a third party, in the disclosure (Art. 6(1) Sentence 1(f) GDPR).

Your personal data will not be transmitted to other persons, companies or bodies unless you have effectively consented to such transmission. The legal basis of the processing is then Art. 6(1) Sentence 1(a) GDPR. In this privacy policy, we draw your attention to the respective recipients when describing each processing operation.

Ticket ordering system, online shop

If you wish to purchase tickets, subscriptions, vouchers or other items in our ticket booking system/online shop, it is necessary and obligatory for the initiation and conclusion of the contract that you provide personal data such as your name, your address and your email address. The mandatory data required for order and contract processing is marked as such; further information is provided voluntarily. We process your data for order processing and will, in particular, forward payment data to your chosen payment service provider or our main bank for this purpose. The legal basis for the data processing is Art.6(1) Sentence1(b) GDPR. The provision of your data is necessary and obligatory in order to conclude and execute the contract. If you do not provide your data, it will not be possible to conclude and/or execute a contract. To prevent unauthorised third parties from accessing your personal data, the order process on the website is encrypted using SSL technology. When you order via our ticket system, a customer account is created in which we store your data for future visits to the website. When this customer account is created, the data you enter is processed. Once you have successfully registered, you can edit or erase all further data independently in your customer account. As soon as storage is no longer necessary, we erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of up to ten years.

Customer account

When ordering via the ticket system, you have the option of creating a customer account. The following information is required for registration:

  • First and last name
  • Username
  • Email address and
  • Password chosen by you.

You do not have to enter a real name and are free to use the website pseudonymously. When you register, your IP address and the date and time of registration will also be processed.
The following functions are available to you in the login area:

  • Edit your profile data
  • View past orders
  • Manage, change or cancel your newsletter subscription.

If you use the login area of the website, e.g. to edit your profile data or to view your previous orders, we also process the data about your person required for the initiation or performance of the contract, in particular address data and information about the payment method. The legal basis for the processing is Art.6(1) Sentence1(b) GDPR. The provision of your data is necessary and obligatory in order to conclude and execute the contract. If you do not provide your data, you will not be able to register or use the login area, which means that it will not be possible to conclude and/or execute a contract. As soon as it is no longer required for achieving the purpose of its processing, the data will be erased or, if we are subject to statutory retention obligations, the processing will be restricted accordingly. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we will restrict the processing and reduce the processing to compliance with our existing legal obligations.

Application process

We are pleased that you are interested in us and that you wish to apply or have already applied for a position in our company. In this context, we provide you with the following information on the processing of your personal data in connection with applying by email or post. When you apply, we process the following data, which is necessary and obligatory for the application process:

  • First and last name
  • Email address
  • Town
  • Address and
  • Other data that you have sent us in connection with your application.

The purpose of processing data in connection with the application process is to check whether you are suitable for the position (or other positions available within our companies, if applicable) and to enable us to conduct the application process. The legal basis for the processing of your personal data in this application process is primarily Section26 of the German Federal Data Protection Act (BDSG). It allows the processing of data required in connection with hiring decisions. Should the data be required for the assertion of legal rights after completion of the application process, data may be processed on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests pursuant to Art. 6(1) Sentence 1(f) GDPR. In such cases, our legitimate interest is in asserting or defending claims. In the event of a rejection, candidate data will be erased after six months. Any storage for a longer period will only take place if you have agreed to this. If you are offered a job in the context of the application process, our HR department will process the data in our human resources management system (“LOGA”, P&I Personal & Informatik AG, Kreuzberger Ring 56, 65205 Wiesbaden). Upon receipt of your application, your application data will be reviewed by the HR department. Suitable applications are then forwarded internally to the department heads for the respective vacancies. The next steps to be taken are then agreed upon. In principle, only those persons in the company have access to your data who need this for the regular conduct of our application process.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Responsible provider” above.

Application process for auditions

We are pleased that you are interested in Oper Leipzig and that you wish to apply or have already applied for an audition. In this context, we provide you with the following information on the processing of your personal data in connection with your application for an audition via our website. When you apply, we process the following data, which is necessary and obligatory for the online application process:

  • First and last name
  • Email address
  • Phone
  • Town
  • Address and
  • Further data, such as date of birth, place of birth, age, nationality, height, weight, education, current and previous engagement and photos.

When you submit the online application, your IP address and the date and time when you submitted the application form will also be processed. The purpose of processing is to check whether you are suitable for the position (or other positions available within our companies, if applicable) and to enable us to conduct the application process. The legal basis for the processing of your personal data in this application process is primarily Section26 of the German Federal Data Protection Act (BDSG). It allows the processing of data required in connection with hiring decisions. Should the data be required for the assertion of legal rights after completion of the application process, data may be processed on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests pursuant to Art. 6(1) Sentence 1(f) GDPR. In such cases, our legitimate interest is in asserting or defending claims. In the event of a rejection, candidate data will be erased after six months. Any storage for a longer period will only take place if you have agreed to this. If you are offered a job in the context of the application process, our HR department will process the data in our human resources management system (“LOGA”, P&I Personal & Informatik AG, Kreuzberger Ring 56, 65205 Wiesbaden). Upon receipt of your application, your application data will be reviewed by the HR department. Suitable applications are then forwarded internally to the department heads for the respective vacancies. The next steps to be taken are then agreed upon. In principle, only those persons in the company have access to your data who need this for the regular conduct of our application process.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Responsible provider” above.

Email marketing

Newsletter


When purchasing tickets or registering with a customer account, you have the possibility to subscribe to our email newsletter on the website, which we use to inform you regularly about the following content:

  • Offers and information on all aspects of Oper Leipzig, in particular the programme, new productions and special events
  • Information about existing subscriptions and information about booked events
  • Discounts and special offers and
  • Requests for feedback about our events.

In order to receive the newsletter, you will need to provide your name or a pseudonym as well as a valid email address. If you are able to subscribe to further newsletters on our website (e.g. containing details of job vacancies), you will receive further information on the contents of the newsletter at an appropriate stage in the process. Registering for our email newsletter takes the form of a so-called double opt-in process. Once you have entered the data marked as mandatory, we will send you an email to the email address you have provided, in which we ask you to expressly confirm your subscription to the newsletter (by clicking on a confirmation link). This is how we ensure that you really want to receive our email newsletter. If no confirmation takes place within 30 days, we block the information transferred to us and erase it automatically after one month at the latest. After your confirmation, we will process the email address and name/pseudonym of the recipient concerned for the purpose of sending our email newsletter. The legal basis for the processing is Art.6(1) Sentence1(a) GDPR.

You can withdraw your consent to the processing of your email address for receiving the newsletter at any time, either by sending us a message (see the contact details under “Responsible provider”) or by clicking directly on the unsubscribe link in the newsletter. This does not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.
Furthermore, the following data is processed at the time of subscription:

  • IP address
  • Date/time of registration for the newsletter and
  • Time when you click on the confirmation link.

We also process your IP address, the time of registration for the newsletter and the time of your confirmation in order to document your newsletter registration and to prevent abuse of your personal data. The legal basis of the processing is Art.6(1) Sentence1(f) GDPR. Our legitimate interest in this processing lies in fraud prevention. We erase this data at the latest when the newsletter subscription ends.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Responsible provider” above.

Once the purposes of this processing no longer apply, we stop processing your data for these purposes. In order to ensure that you do not receive any further messages from us by email after you have cancelled your newsletter subscription, we keep a record of blocked email addresses. The legal basis for this is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interest in keeping a record of blocked email addresses is being able to ensure that the legal claim asserted is observed.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Responsible provider” above.

In addition, when we send out newsletters, we use device-specific information to evaluate how you use our advertising, in order to associate this usage with your email address or your user profile in our database. For this analysis, the emails sent out contain so-called web beacons or tracking pixels, which display single-pixel image files. This processing is carried out for the purpose of analysing how well we adapt the offers and information sent to you to your personal interests. The legal basis for the processing is Art.6(1) Sentence1(a) GDPR. The information is processed for as long as you have subscribed to the newsletter. We erase this data when you unsubscribe from the newsletter.

You can withdraw your consent to the processing of your email address for receiving the newsletter at any time, either by sending us a message (see the contact details under “Responsible provider”) or by clicking directly on the unsubscribe link in the newsletter. This does not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

Episerver email marketing service

We use the Episerver email marketing service, which is provided by Episerver AB (Regeringsgatan 67, Box 7007, 103 86 Stockholm, Sweden). If you have subscribed to our newsletter, the data provided during registration will be stored and processed on Episerver’s servers. Episerver processes the necessary data for sending and evaluating the newsletter on our behalf. The newsletters contain what are known as web beacons, which are pixel-sized files that are retrieved from the Episerver server when the newsletter is opened. In the context of the retrieval, technical information, such as the browser used, time of the page retrieval and IP address, is processed. This information is processed for the purpose of analysing and technically improving our services. This processing is carried out for the purpose of measuring reach, creating statistical analyses as well as for the adaptation, optimisation and more targeted control of our newsletter content. Furthermore, it is analysed whether and when newsletters are opened and which links are clicked on by the reader. This information can theoretically be assigned to individual newsletter recipients. However, neither we nor Episerver have any intention of monitoring individual recipients; the analysis of the information mentioned serves rather to recognise the overall reading habits, opening and click rates of all recipients. The legal basis for the processing is Art.6(1) Sentence1(a) GDPR. The information is processed for as long as you have subscribed to the newsletter. We erase this data when you unsubscribe from the newsletter. For more information on processing, please refer to Episerver’s privacy statement at https://www.episerver.com/legal/privacy-statement/.

You can withdraw your consent to the processing of your email address for receiving the newsletter at any time, either by sending us a message (see the contact details under “Responsible provider”) or by clicking directly on the unsubscribe link in the newsletter. This does not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

Payment service providers (PSPs)

Credit card payment


For payment processing, we transmit the payment data required for the credit card payment to the bank commissioned with the payment or, if applicable, to the payment and invoicing service provider commissioned by us (e.g. Telecash, which is provided by First Data GmbH, Marienbader Platz 1, 61348 Bad Homburg v. d. Höhe). This processing occurs on the basis of Art. 6(1) Sentence 1(b) GDPR. The provision of your payment data is necessary and obligatory in order to conclude and execute the contract. If you do not provide payment data, it will not be possible to conclude and/or execute a contract by means of credit card payment. The data required for payment processing is transmitted securely using SSL encryption and processed exclusively for payment processing. As soon as storage is no longer necessary, we erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we will restrict the processing and reduce the processing to compliance with our existing legal obligations.

Transmission of personal data for direct debits

To process payments made by direct debit, we transmit the payment data required to the bank commissioned with processing the payment or, if applicable, to the payment and invoicing service provider commissioned by us (e.g. Telecash, which is provided by First Data GmbH, Marienbader Platz 1, 61348 Bad Homburg v. d. Höhe). This processing occurs on the basis of Art. 6(1) Sentence 1(b) GDPR. The provision of your payment data is necessary and obligatory in order to conclude and execute the contract. If you do not provide payment data, it will not be possible to conclude and/or execute a contract by means of direct debit. The data required for payment processing is transmitted securely using SSL encryption and processed exclusively for payment processing. As soon as storage is no longer necessary, we erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we will restrict the processing and reduce the processing to compliance with our existing legal obligations.

Giropay

On our website we give you the option of paying via Giropay. The provider of this payment service is Giropay GmbH, An der Welle 4, 60322 Frankfurt/Main, Germany (hereinafter referred to as Giropay). If you choose to pay via Giropay, the payment details you enter will be transferred to Giropay. For the purpose of payment processing, we transmit the necessary payment data to the payment and billing service provider commissioned by us (e.g. Telecash, which is provided by First Data GmbH, Marienbader Platz 1, 61348 Bad Homburg v. d. Höhe). The transfer of your data is performed on the basis of Art. 6(1) Sentence 1(b) GDPR (processing for the performance of a contract). This processing is necessary and obligatory for the conclusion of the contract. If you do not provide your data, it will not be possible to conclude or execute a contract using the Giropay payment method. The data required for payment processing is transmitted securely using SSL encryption and processed exclusively for payment processing. As soon as storage is no longer necessary, we erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we will restrict the processing and reduce the processing to compliance with our existing legal obligations. Further information on data protection and the storage period at Giropay can be found at https://www.giropay.de/rechtliches/datenschutzerklaerung.

Enforcement of rights, address investigation, debt collection

In the event of non-payment, we reserve the right to pass on the data provided at the time of ordering to a lawyer and/or to external companies (e.g. Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss, Germany) in order to ascertain an address and/or enforce our rights. The legal basis of the processing is Art.6(1) Sentence1(f) GDPR. Our legitimate interests lie in fraud prevention and avoiding default risks. In addition, we may pass on your data to the extent necessary in order to safeguard our rights, as well as the rights of our affiliates, our partners, our employees and/or users of our website. Under no circumstances will we sell or rent your data to third parties. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. We have a legitimate interest in the processing for the purpose of enforcing our rights. As soon as storage is no longer necessary, we erase the data generated or, if statutory retention obligations apply, restrict processing of the data.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Responsible provider” above.

Hosting

We use external hosting services provided by PlusServer GmbH (Hohenzollernring 72, 50672 Cologne, Germany), which serve to provide the following services: infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. For these purposes, all of the data required for the operation and use of our website – including the access data mentioned under “Using our website” – is processed. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. By using external hosting services, our aim is to make the provision of our website efficient and secure.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Responsible provider” above.

Integration of third-party content

The website integrates third-party content such as videos, maps and graphics from other websites. This integration always requires that the providers of this content (“third-party providers”) perceive the IP addresses of users. This is because without the IP address they would not be able to send the content to the browser of the respective user. As such, the IP address is required to display this content. In the following, we inform you about the services from external providers currently in use on our website, about the respective processing in each case, and about how you can object.

Typography

We use Typography, a service provided by Hoefler Type Foundry (611 Broadway, Room 725 New York, NY 10012-2608, US) for the uniform display of fonts. When you retrieve a website, your browser loads the required web fonts from Typography into your browser cache in order to display texts and fonts correctly and more quickly. For this purpose, the browser transmits your IP address to Typography in order to establish a connection to Typography’s servers. Typography thus receives the information that you have accessed our website. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. By using Typography, we are pursuing the legitimate interest of a uniform and visually appealing presentation of our website. Typography also processes your data in the US and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Typography’s certification at https://www.privacyshield.gov/participant?id=a2zt00000008RlLAAU. Further information on how Typography processes your data and the storage period can be found in the Hoefler Type Foundry privacy policy: https://www.typography.com/policies/privacy.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Responsible provider” above.

Google Maps

This website uses Google Maps, which is a service provided by Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001) to display maps or sections of maps, thus enabling you to conveniently use the map function on the website. By visiting the website, Google receives the information that you have retrieved the corresponding subpage of our website. In addition, some of the data mentioned under “Using our website” and “Cookies” is transmitted to Google. This occurs regardless of whether Google provides a user account that you are logged in with or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish for this data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and processes it, regardless of whether you have a Google account, for purposes of advertising, market research and/or the demand-oriented design of its website. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. By using Google Maps, we are pursuing the legitimate interest of making our website more attractive and offering you additional services. Google also processes your data in the US and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Google’s certification at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. For more information about the processing by the plug-in provider and about how long Google Maps data is stored, please refer to https://policies.google.com/privacy.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You can object to this processing by cookies by adjusting your browser settings to disable or restrict cookies. Cookies that have already been saved can be deleted at any time in your browser settings. You can also prevent the use of cookies by opening your browser in “private mode”.

Google Tag Manager

Our website uses Google Tag Manager, which is provided by Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001). Google Tag Manager is a solution that allows website tags to be managed through a single interface. The Google Tag Manager tool itself (which implements the tags) is a cookieless domain and does not record any personal data. The tool triggers other tags, which in turn may record data; our privacy policy explains this separately in each case. Google Tag Manager does not access this data. If deactivation has occurred at the domain or cookie level, it will remain effective for all tracking tags implemented with Google Tag Manager.

YouTube videos

Our website uses plug-ins from the video platform “YouTube.de” or “YouTube.com”, a service provided by YouTube LLC (head office at 901 Cherry Avenue, San Bruno, CA 94066, US; hereinafter referred to as YouTube), for which Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001) is responsible as the controller under data protection law. We use this processing of data by the plug-ins to pursue the purpose of integrating visual content (“videos”) on the website that we have published on “YouTube.de” or “YouTube.com”. The videos are all embedded in “extended privacy mode”, which means that no data about you as a user will be transferred to YouTube if you do not play the videos. When videos are played on our website, YouTube receives the information that you have retrieved the corresponding subpage of our website. In addition, some of the data mentioned under “Using our website” is transmitted to Google. This occurs regardless of whether YouTube provides a user account that you are logged in with or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish for this data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and processes it, regardless of whether you have a Google account, for purposes of advertising, market research and/or the demand-oriented design of its website. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. With this data processing, we are pursuing our legitimate interests in making our website more attractive and offering you an additional service. Google also processes your personal data in the US and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Google’s certification at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. For more information about how YouTube processes personal data and how long YouTube stores such data, please refer to the privacy information at https://policies.google.com/privacy.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. There are different ways in which you can object to the processing: by disabling cookies in your browser settings; or by opening your browser in “private mode”, in order to prevent the use of cookies.

Instagram

Our website also uses the services of Instagram (provided by Facebook, 4 Grand Canal Square, Dublin 2, Ireland, email: impressum-support@support.facebook.com) for the purpose of displaying and integrating images on the website. During this process, your IP address is transmitted to the provider in the US. Facebook has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and has thus committed to complying with European data protection standards: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC. The legal basis of the processing is Art.6(1) Sentence1(f) GDPR. By using CDN, we are pursuing our legitimate interest in faster website retrieval as well as a more effective and improved presentation of our website. For further information about the protection of your data and how long Instagram stores your data, please refer to: https://help.instagram.com/519522125107875.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Responsible provider” above.

Services for statistical, analysis and marketing purposes

We use services from third parties for statistical, analysis and marketing purposes. This enables us to offer you a user-friendly, optimised experience when visiting the website. The third-party providers use cookies to control their services (see “Cookies” above). In the following, we inform you about the services from external providers currently in use on our website, about the respective processing in each case, and about how you can object.

Google Analytics

In order to tailor our website perfectly to user interests, we use Google Analytics, a web analytics service from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001). Google Analytics uses cookies (see “Cookies” above), which are stored on your device. Google uses the cookies to process the information generated about the use of our website by your device – e.g. the fact that you have visited a certain page – and processes, among other things, the data mentioned under "Using our website”, in particular your IP address, browser information, the website visited before and the date and time of the server request, for the purpose of statistical analysis of how people use our website. This website uses Google Analytics with the “anonymizeIp()” extension. This shortens IP addresses before they are processed, in order to make it much more difficult to identify individuals. According to Google, your IP address is shortened beforehand within member states of the European Union. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there. On our behalf, Google will process this information for the purpose of evaluating your use of this website, compiling reports for us on website activity, and – where we point this out separately – providing us with other services relating to website usage. Google will not associate the IP address transmitted by your browser for these purposes with any other data held by Google. The legal basis for this processing is Art.6(1) Sentence1(f)GDPR. Our legitimate interests in this processing lie in the statistical analysis of how people use our website, reach measurement as well as the optimisation and improvement of our website. Your data processed in connection with Google Analytics will be erased after fourteen months at the latest. For the exceptional cases in which your data is transferred to the US, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Google’s certification at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. For further information about privacy at Google, please refer to: http://www.google.de/intl/en/policies/privacy.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. There are various ways in which you can object to the processing: by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout; by disabling cookies in your browser settings; or by opening your browser in “private mode”, in order to prevent the use of cookies.