Data Protection Information
CHAMÄLEON Theater GmbH
Rosenthaler Str. 40/41
are the operators of this website and services provided thereon, and thus responsible for the collection, processing and use of personal data.
When using this website, personal data of yours will be collected by us as the controller of the data processing and stored for as long as required to fulfil the specified purposes and statutory requirements. Below we inform you about the data in question, the manner of their processing, and your rights in this regard.
According the section 4.1 of the General Data Protection Regulation (GDPR), personal data are all information relating to an identified or identifiable person.
1. Name and contact data of the company data protection officer
We have appointed Herbert Neemann as our company's data protection officer. You can reach him at
List + Lohr Datenschutz und Informationssicherheit GmbH
Tel.: 0511 / 49 99 99 600
You can always contact our data protection officer directly with any questions you may have about the data protection regulations or your rights as a data subject.
2. Processing of personal data and processing purposes
a) When visiting the website
You can visit our website without needing to disclose any information about your identity. The browser of your device will merely automatically send information to the server of our website (e.g. about the browser type and version, date and time of the visit) to enable the connection with the website to be established. This also includes the IP address of your visiting device, which will be stored temporarily in a so-called log file and automatically deleted after 4 weeks.
The IP address is processed for technical and administrative purposes of connection build-up and stability, to ensure the security and functionality of our website, and be able to trace possible unlawful attacks on it if need be.
The legal basis for the processing of the IP address is GDPR section 6.1.1.f. Our legitimate interest derives from the mentioned security interests and need for a faultless provision of our website.
The processing of the IP address and other log file information does not enable us to draw direct conclusions about your identity.
b) When visiting our website as a registered user
When you use our website as a registered user, we will collect data for statistical reasons and to ensure its flawless functioning.
- This collection especially includes the following data:
- the type, frequency and intensity of website use
- the purchase frequency
- the shopping basket
The legal basis for this data processing is GDPR section 6.1.1.f. Our legitimate interest derives from the necessity of optimizing our website and enabling a pleasant surfing experience for you.
c) When ordering tickets on our website
The ticket sales via our website are handled with the help of a ticketing partner who collects data on our account so that we can process and execute your ticket order:
CTS EVENTIM AG & Co. KGaA (EVENTIM)
Contrescarpe 75 A, 28195 Bremen
- Eventim collects and stores the following data of yours on our account when you purchase a ticket by way of our website:
- Form of address
- First name
- Other data entered by you voluntarily.
Your personal data are used to conclude and perform the contractual relationship provided with you. Your name and address are required to know who our contractual partner is, i.e. who we provide our services to, and to be able to address you directly and personally if there is any correspondence. We may also use your e-mail address to send you information about the event directly before and after your visit. Your contact data are required to send the ticket to you, and for possible queries or recommendations.
Further information on the handling of the personal information collected from you by Eventim is also available at http://www.eventim.de/tickets.html?doc=info/dataProtection
The legal basis for this data processing is GDPR section 6.1.1.b.
The payment service provider we rely on is:
TeleCash GmbH & Co. KG
Konrad-Adenauer-Allee 1, 61118 Bad Vilbel
The payment information provided by you is required for invoicing you. Further information on the handling of the personal information collected from you is also available at http://www.telecash.de/datenschutz/
The legal basis for processing these data is GDPR section 6.1.1.b for the payment service and GDPR section 6.1.1.f for the integration of TeleCash. Our legitimate interest resides in the secure handling of payments.
The personal data collected by us for the order are stored until the end of the statutory warranty period (2 years, Civil Code section 438.1.3) and then automatically deleted unless we are required to store them for longer as per GDPR section 6.1.1.c based on tax-related retention and documentation obligations (especially section 147 of the Tax Code). During this period (normally ten years from contract conclusion), the data will only be processed again in the event of an audit by the financial administration. In all other respects, the data are blocked against any further processing.
d) When registering for our newsletter
If you have explicitly consented to this, we will use your e-mail address for sending you our regular newsletter. The legal basis for this is GDPR section 6.1.1.a.
Upon your registration, you will be sent an e-mail with a registration message that you need to confirm to receive the newsletter (so-called double opt-in). This serves us to substantiate that the registration was indeed initiated by you.
Deregistration is possible at any time, e.g. by clicking a link at the end of every newsletter. Alternatively, you can also send your unsubscribe request to email@example.com at any time. Your e-mail address will be deleted as soon as you withdraw your consent to receiving the newsletter unless other legal grounds entitle us to store your e-mail for longer.
We distribute our newsletter by way of the MailChimp service provided by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA ("MailChimp"). The e-mail addresses of our newsletter subscribers are stored on MailChimp servers in the USA on our account.
MailChimp uses this information for sending and evaluating the newsletter on our account. We have entered into a data processing agreement with MailChimp for this purpose. This agreement requires MailChimp to process the data in keeping with the General Data Protection Regulation and ensure that the data subject's rights are protected.
MailChimp pledges that personal data are comprehensively protected from unauthorized access. MailChimp itself will not use the data of our newsletter subscribers to contact them on its part or disclose the data to third parties. As a US-based company, MailChimp meets the data privacy requirements of the US Privacy Shield and is registered with the US Privacy Shield Program of the US Department of Commerce.
MailChimp also offers statistical evaluation options for user data by way of cookies, such as identifying if and when a newsletter was opened, and which links were clicked. These evaluations also serve to identify the reading habits of the users and permits us to adapt our contents or send various contents based on the interests of our users. To achieve this, the date, time, time zone, e-mail type (HTML/plain text), longitude and latitude of your location and your IP address are stored when the newsletter is opened. The legal basis for this data processing is GDPR section 6.1.1.f and our legitimate interest resides in the statistical analysis of our newsletter's use.
e) When registering for our events after exclusive invitation
- If you are invited to an event by e-mail and are referred to a form on our website to register, we process the following data from the form:
- First name
- E-mail address
- Company name
In addition, it is possible for you to send us further comments via a contact field. Mandatory information is indicated with a *. We need your name and your company information in order to reserve your complimentary ticket and to allocate the registration to you. The e-mail address is required to confirm the booking for you and to be able to contact you if there are any queries.
When you use the form we also store at the time of registration your IP address and the date and time of the registration in order to prevent a misuse of the form and to ensure the security of our IT systems.
Alternatively, you have the option to register via the email address provided. In this case we process your personal data transmitted with the e-mail exclusively for the reservation of a complimentary ticket and to settle any other inquiries you might have.
The data processing is performed here at your request and is based on Article 6(1)(1)(f) GDPR (General Data Protection Regulation). Our legitimate interests arise from the aforementioned purposes.
We delete the personal data transmitted through the form or by e-mail as soon as it is no longer required to achieve these purposes. This is usually the case when the event for which you have registered has taken place. The stored IP address and date and time of the registration are automatically deleted no later than after four weeks.
3. Disclosure of personal data to third parties
- Apart from the aforementioned cases of their contracted processing (especially for ticket purchases), we will only forward your personal data to third parties if:
- you have explicitly consented to this as per GDPR section 6.1.1.a
- this is required for fulfilling a contract with you as per GDPR section 6.1.1.b - disclosure to a shipping company for ticket delivery, - disclosure of payment data to payment service providers and/or banks for the performance of payment transactions
- their disclosure is legally required as per GDPR section 6.1.1.c.
The third party is only permitted to process the disclosed data for the stated purposes. There is no forwarding of personal data to third countries (outside the EU) or international organizations.
The cookie stores information arising in connection with the specific device used. This does not mean, however, that we gain direct knowledge of your identity.
In addition to this, we also use temporary cookies that are stored in your device for a defined period of time to optimize the user-friendliness. If you visit our page again to avail yourself of our services, they will automatically recognize that you have been there before and remember your inputs and settings provided then, so that you do not need to enter them again.
The data that are processed by the cookies are required for the mentioned purposes of upholding our legitimate interests, as well as the legitimate interests of third parties, as per GDPR section 6.1.1.f.
Most browsers accept cookies automatically. But you can configure your browser so that no cookies will be stored in your computer or that you will always be alerted before a new cookie is installed. Complete deactivation of cookies may mean that you will not be able to use all our website's functions, however.
5. Google Tracking
a) Google Analytics
We use Google Analytics on our website, a web analysis service provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter: "Google"). Pseudonymized usage profiles are created in this context, and cookies are used (see section 4).
- The information generated by the cookie about your use of the website, such as the
- Browser type and version
- Operating system used
- Referrer URL (previously visited page)
- Host name of the visiting computer (IP address)
- Time of the server request
are sent to a Google server in the USA and stored there. Google meets the data protection requirements of the US Privacy Shield and is registered with the US Privacy Shield Program of the US Department of Commerce.
The information is used to analyse the use of the website, compile reports about website activities, and provide further services in connection with website and Internet use for market research and the needs-oriented design of these webpages.
This information may also be disclosed to third parties insofar as legally required or as third parties are contracted to process these data. In no case will your IP address be linked with other Google data. The IP addresses are anonymized, so that an allocation is impossible (IP masking).
You can prevent the installation of cookies by setting your browser accordingly. But we need to point out that you may not be able to make full use of all the website's functions in this case.
You can additionally also prevent the collection of the data generated by the cookie about your use of the website (incl. your IP address) and their processing by Google by downloading and installing a browser add-on.
Alternatively to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking this link. This will install an opt-out cookie that prevents the future collection of your data when visiting this website. The opt-out cookie only applies to this browser and website and is stored in your device. If you delete the cookies in this browser, you will need to install the opt-out cookie again.
Further information on data privacy in connection with Google Analytics is available in the Google Analytics help, for example.
The tracking measures by Google Analytics are applied on the basis of GDPR section 6.1.1.f. We intend them to ensure the needs-oriented design and continuous optimization of our website. On the other hand, we also use Google Analytics to document the use of our website statistically. And we use the data for the optimized provision of advertising contents. These interests are to be regarded as legitimate within the meaning of the regulation cited above.
b) Google AdWords Conversion Tracking
We use Google Conversion Tracking on this website, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter: "Google"), to document the use of our website statistically and analyse it to optimize our offer for you. This involves Google Adwords installing a cookie in your computer if you have come to our website by way of a Google ad.
These cookies lose their validity after 30 days. If a user visits specific pages of the AdWords client's website while the cookie has not yet expired, Google and the client will be able to recognize that the user has clicked the advertisement and has been referred to this page.
The information generated by the cookie about your use of this website is sent to a Google server in the USA and stored there. Google meets the data privacy requirements of the US Privacy Shield and is registered with the US Privacy Shield Program of the US Department of Commerce. In addition, we have also entered into a data processing agreement with Google for the use of Google AdWords. In this agreement, Google pledge that they process the data in keeping with the General Data Protection Regulation and ensure the protection of the data subject's rights.
Every AdWords client is provided with a different cookie. This means that cookies cannot be tracked via the websites of other AdWords clients. The information collected with the help of the Conversion cookie serves the creation of Conversion statistics for AdWords clients who have opted for Conversion Tracking. We find out about the total number of users who have clicked on your ad and been referred to a page equipped with a Conversion Tracking tag. But they are not being provided with any information enabling the users to be personally identified.
If you do not wish to take part in the tracking process you can also reject the installation of the cookie required for this – for example by browser settings that deactivate the automatic installation of cookies in general. You can also deactivate Conversion Tracking cookies by setting your browser so that cookies from the domain www.googleadservices.com are blocked.
You can find Google's data privacy information for Conversion Tracking here.
c) Google Adwords Remarketing
Google then shortens the IP address by the last three digits, rendering its unambiguous allocation impossible. Google will use this information to analyse your use of the website, compile reports about website activities for the website operators, and provide further service in connection with website and Internet use.
d) Google Tag Manager
Our website uses Google Tag Manager, a tool provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter: "Google"). Google Tag Manager serves us to manage the tools we are informing you about in this data privacy statement. The details of these tools are thus available in the information for the specific tool.
The Tag Manager tool itself (which implements the tags) is a cookie-less domain. The tool ensures the activation of other tags that may collect data in turn under specific circumstances. Google Tag Manager does not access these data. If a deactivation is applied on the domain or cookie level, it will remain in place for all tracking tags implemented with the Google Tag Manager.
6. Other tracking tools
The tracking and targeting measures we use are detailed below and applied on the basis of GDPR section 6.1.1.f.
Our tracking measures are intended to ensure a needs-oriented design and the continuous optimization of our website. On the other hand, we also use tracking measures to document the use of our website statistically and evaluate it to optimize our offer for you.
The targeting measures we use are intended to ensure that you will only be shown advertising on your devices that is oriented towards your actual or presumed interests.
These interests are to be regarded as legitimate within the meaning of the regulation cited above.
The respective purposes of the data processing and data categories are described in the corresponding tracking and targeting tools.
a) Bing Ads
We use Bing Universal Event Tracking (UET) by Microsoft Bing Ads. This is a service provided by the Microsoft Corporation,1 Microsoft Way, Redmond, WA 98052, USA ("Microsoft"). It enables us to track the activities of users on our website if they have reached it by way of Bing Ads adverts.
If you come to our website by way of a Bing Ads advert, a cookie (see section 4) will be installed in your computer. Our website features an integrated Bing UET tag. This is a code that serves to store a number of non-personal data about the use of the website in conjunction with the cookie. Amongst others, these data also include the length of your stay on the website, which areas of the website you visited, and which website referred you to it. Information about your identity is not collected.
This information is sent to a Microsoft server in the USA and principally stored there for 180 days maximum. Microsoft meets the data privacy requirements of the US Privacy Shield and is registered with the US Privacy Shield Program of the US Department of Commerce. In addition, we have also entered into a data processing contract with Microsoft for the use of Bing Ads. This agreement requires Microsoft to process the data in keeping with the General Data Protection Regulation and ensure that the data subject's rights are protected.
Further information on the analysis services by Bing are available from the Bing website.
Further information on data protection at Microsoft is available from the data privacy statements of Microsoft.
We also use Hotjar on our website, an analysis service provided by Hotjar Ltd. (St Julian's Business Centre 3, Elia Zammit Street, St Julian's STJ 1000, Malta, Europe, hereafter: "Hotjar"). Hotjar is a tool for analysing user behaviour. Hotjar enables us to measure, analyse and track the behaviour of our website visitors such as mouse movements, clicks and scroll heights, for example.
Amongst other tools, Hotjar also achieves this by way of cookies (see section 4) in the devices of page visitors and is able to store data about them, e.g. information on their browser, operating system, and length of stay on the website, etc. in an anonymized form.
We have entered into a data processing contract with Hotjar. This agreement requires Hotjar to process the data in keeping with the General Data Protection Regulation and ensure that the data subject's rights are protected.
c) Facebook Retargeting
In addition to the above, we also use Facebook Website Custom Audiences. This is a marketing service provided by Facebook. It enables us to have individually tailored and interest-based adverts shown on Facebook to specific groups of pseudonymized visitors of our website who also use Facebook.
You can object to the use of the Custom Audiences service on the Facebook website. Log into your Facebook account to go to the settings for Facebook ads.
We integrate videos from the Vimeo Internet video portal, a service provided by Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA on this website by way of Vimeo plug-ins. This embedding is provided on the basis of GDPR section 6.1.1.f, with our legitimate interest residing in the seamless integration of our Vimeo videos.
With every visit of a page of this website featuring one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the USA. In the process, the information that you have visited this page with your IP address is sent directly to the Vimeo server by your browser and stored there. Interactions with Vimeo plug-ins (e.g. clicking, starting) will cause the information produced by the interaction to be sent to Vimeo and stored there.
If you have a Vimeo user account and do not wish Vimeo to collect data about you via this website and link them with your member data stored at Vimeo, you need to log out of Vimeo before visiting this website.
The data privacy statement for Vimeo with more information on the collection and use of your data by Vimeo, your rights in this regard and the setting options for protecting your privacy is available at http://vimeo.com/privacy.
8. Data security
All the data provided by you personally are sent encrypted with the generally customary and secure TLS (Transport Layer Security) standard. TLS is a secure and proven standard that is also used in online banking, for example. Amongst other aspects, you can recognize a secure TLS connection from the s following the http in your browser's address line (i.e. https://..) or the lock symbol in the lower part of your browser.
Apart from this, we also use suitable technical and organizational security measures to protect your data from accidental or deliberate manipulation, partial or complete loss, destruction and unauthorized third-party access. Our security measures are being continuously improved in keeping with the technological development.
9. Rights of the data subject
You have a right:
to revoke any consent you have given us at any time as per GDPR section 7.3, with the consequence that we may no longer continue the data processing that was based on this consent in the future;
to demand information about the personal data of yours we process as per GDPR section 15. You can in particular demand to be informed about the purposes of the processing, the categories of personal data concerned, the categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of a right to rectification, erasure, restriction of processing or to objection, on the source of your data insofar as no collected by us, and about the existence of automated decision-making, including profiling, and, at least in those cases, demand meaningful information on its details;
to demand the immediate rectification of inaccurate or completion of incomplete personal data of yours stored by us as per GDPR section 16;
to demand the erasure of your personal data stored by us without as per GDPR section 17 insofar as their processing is not required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
to demand that the processing of your personal data is restricted as per GDPR section 18 insofar as you contest their accuracy, the processing is unlawful, but you oppose their erasure, and if we no longer need the data, but you do for the establishment, exercise or defence of legal claims, or where you have objected to the processing as per GDPR section 21;
to receive the personal data of yours that you have provided to us in a structured, commonly used and machine-readable format and to demand their transfer to another controller as per GDPR section 20, and
to lodge a complaint with a supervisory authority as per GDPR section 77. You can usually do this with the supervisory authority at your habitual residence or place of work or at the location of our company.
Information about your right to object as per GDPR section 21
You have a right to object to the processing of your personal data on the basis of GDPR sections 6.1.e (data processing in the public interest) and 6.1.f (data processing based on a balancing of interests) at any time on grounds relating to your particular situation, which also applies to any profiling as per GDPR section 4.4 to be based on these provisions.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.
If you object to data being processed for direct marketing purposes, we will stop this processing immediately. No information on a particular situation is required in this case. This also applies to any profiling insofar as connected to such direct marketing.
If you would like to exercise your right to object, an e-mail to firstname.lastname@example.org will suffice.
10. Topicality and amendment of this data privacy information
This data privacy information is currently applicable and provided in the version dated May 2018.
The further development of our website and offers or changed legal and/or official requirements may create a need to amend this data privacy information. The respectively latest data privacy information is always available to you for viewing and printing out on our website at
11. Download Data Protection Information
Please find a printable version of our data protection information here