Privacy Policy
Privacy policy
As of June 2024
Our company,
Chamäleon Berlin gGmbH
Rosenthaler Str. 40/41
D-10178 Berlin
is the operator of this website. It renders the services available via this website and is, therefore, responsible for collecting, processing and using personal data.
As part of using this website, in the capacity of controller we process your personal data and store such data for the period that is necessary to honour the specified purposes and statutory obligations. Below we are informing you about the data in question, the manner in which such data are processed and the rights you have in that respect.
In accordance with Article 4., No. 1, General Data Protection Regulation (GDPR), personal data are any information relating to an identified or identifiable natural person.
1. NAME AND CONTACT DETAILS OF THE DATA PROTECTION OFFICER
We have appointed Mr Herbert Neemann as the company’s data protection officer. His contact details are below
List + Lohr Datenschutz und Informationssicherheit GmbH
Garvensstraße 4
D-30519 Hanover
Tel.: +49 511 / 49 99 99 600
E-mail: team@datenschutz-hannover.de
You may contact our data protection officer directly at any time should you have any questions about data protection law or your rights as a data subject.
2. PROCESSING PERSONAL DATA AND PROCESSING PURPOSES
a) When visiting the website
You can visit our website without the need to disclose your identity. The browser installed on your terminal merely sends information automatically to our website server (e.g. browser type and version, data and time of access) to facilitate establishing a connection to the website. This includes the IP address of your terminal making the enquiry. This is stored temporarily in a so-called log file and automatically deleted after 4 weeks.
Your IP address is processed for technical and administrative purposes involving the establishment and stability of a connection, to guarantee the security and working order of our website and track potential attacks on our website where necessary.
Article 6(1), Sentence 1, letter f, GDPR, forms the legal basis for the processing of your IP address. Our justified interest arises from the stated security interest and the necessity of making our website available without interruptions.
We are not able to draw any direct conclusions about your identity as a result of processing your IP address or on the basis of other information in the log file.
Furthermore, when our website is visited, we place Cookies and perform analysis services. For more detailed information in that respect please see sub-sections 4 and 5 of this data protection information.
b) In the case of registering for a user profile
You can register your own user profile on our website. This is required, for example, to book tickets or vouchers online and benefit from the advantages of our Chamäleon Club (under l). When you register, your personal data shall be collected and further processed in conjunction with your use of our services. Please do not register if you do not want your data to be collected or further processed. However, in such a case, the user profile services (e.g. online booking of tickets via our website) shall not be available to you.
The following data are requested during the registration:
Form of address, title
First name, surname
Address
Phone numbers
Your e-mail address
Date of birth (voluntary)
The data are permanently stored in your user profile and you can amend them at any time by logging in via your e-mail address and a password chosen by you. We shall use the data for orders you may place in the future and, therefore, such data need not be entered again for each order.
As part of your telephone enquiries (e.g. telephone ticket orders, amending registration data and resetting access data), the data shall be used to clearly identify you as the user profile owner via a data query.
We use the software solutions of CTS EVENTIM AG & Co. KGaA for the user profile. (EVENTIM). In that respect, your user profile shall be stored on EVENTIM servers on our behalf. The data shall be stored and used exclusively for us. EVENTIM is not entitled to gain access to your user profile for its own purposes.
Article 6(1), Sentence 1, letter b, GDPR, forms the legal basis for processing the data to implement the user relationship in conjunction with your user profile and facilitate ticket orders and related communications.
Further-reaching information about the processing of data for ticket orders and collaboration with EVENTIM solutions can be found under letter d).
Providing your date of birth is voluntary. Insofar as you state your date of birth, we shall process these details to obtain information about the age structure of our guests. Our justified interest in arranging our offers in line with target groups is the legal basis in that respect (Article 6(1), Sentence 1, letter f, GDPR). Insofar as you have granted consent in accordance with Article 6(1), Sentence 1, letter a, GDPR, or are an existing customer (in that respect see g)), we shall also use your date of birth to contact you on your birthday by e-mail with special offers. You may withdraw your consent at any time with effect for the future.
The data in your user profile shall be stored until you request the erasure of your profile. The data shall be erased without delay upon cancellation of the user profile.
c) Visiting our website as a registered user*
When you use our website as a registered user, we collect data for statistical reasons and to facilitate the good working order of the website.
The following data are, in particular, collected:
The type, frequency and intensity of use of the website
The purchase frequency
The shopping basket
Article 6(1), Sentence 1, letter f, GDPR, forms the legal basis for the processing. Our justified interest arises from the necessity of optimising our website and facilitating a pleasant internet surfing experience.
d) Ticket orders via our website
Tickets are sold via our website with the support of our ticketing partner, which further processes the data on our behalf from your user profile so that we can process and settle your ticket order:
CTS EVENTIM AG & Co. KGaA (EVENTIM)
Contrescarpe 75 A,D-28195 Bremen
An order processing contract has been entered into with EVENTIM. This means that EVENTIM may only process data based on our prior instructions and, in particular, not for its own purposes.
Your personal data are used, including by EVENTIM on our behalf, for the purpose of entering into and processing the contractual relationship with you. Your name (including form of address and title) and address are required to gain knowledge of who our contracting party is, i.e. for whom we are rendering services, and contacting you directly and personally by way of potential correspondence. We only use your e-mail address to send booking confirmations to you and, where applicable, to send necessary information available to you (e.g. programme changes) in relation to the events you have booked. Your contact details (e-mail address and/or address and telephone number) are required to send the ticket to you and with regard to potential queries or notices. In addition, we shall use your telephone number to contact you in case of the cancellation of events at short notice (e.g. in the event of illness of an artist).
Article 6(1), Sentence 1, letter b, GDPR, forms the legal basis for the processing.
You can also find more information about your personal data collected by EVENTIM at http://www.eventim.de/tickets.html?doc=info/dataProtection
With regard to the payment service provider, we use the services of
Datatrans AG
Kreuzbühlstr. 26
CH-8008 Zurich
Your details regarding the respective payment method are required to settle amounts with you. You can also find more information about how your collected personal data are handled at https://www.datatrans.ch/de/datenschutzbestimmungen/
Article 6(1), Sentence 1, letter b, GDPR, forms the basis for the processing of such data in respect of the payment processing and Article 6(1), Sentence 1, letter f, GDPR applies in respect of incorporating TeleCash. Secure payment processing constitutes our justified interest.
The personal data we process for the order are stored, irrespective of your user profile, up until expiry of the statutory warranty obligation (2 years, Section 438(1), No. 3, BGB (German Civil Code)) and thereafter automatically erased unless we undertake to store data for a longer period in accordance with Article 6(1), Sentence 1, letter c, GDPR, as a result of tax storage and documentation obligations (in particular Section 147 AO (German Tax Code)). For this period (normally ten years from the time of entering into a contract), the data are processed again solely in the event of a review by the finance authorities. In other respects, the data are blocked fur further-reaching processing.
e) For advertising purposes by post following a ticket purchase
Where applicable, we also use the postal address you stated when purchasing a ticket via our website or purchasing a ticket by telephone after you have visited an event to send information to you about future events by post. Your personal data are processed to safeguard our interests (Article 6(1), Sentence 1, letter f, GDPR). The sending of advertising in the form of programme booklets once or twice a year constitutes our justified interests in data processing provided you have already attended an event at our company. These are to be considered justified and necessary within the meaning of the aforementioned requirement. You have the right to object at any time to the use of your data for advertising purposes (see sub-section 9).
Personal data for advertising purposes shall be stored until you object to such use for advertising purposes or delete your user profile.
f) Registering for our Newsletter
Where you have expressly granted your consent, we shall use your e-mail address to send you our Newsletter on a regular basis. Article 6(1), Sentence 1, letter a, GDPR, forms the legal basis in this respect. We use your first name and surname to personalise the Newsletter.
Following your registration you shall receive registration notification by e-mail, which you need to confirm to receive the Newsletter (so-called Double Opt-In). This provides us with proof that the registration was actually initiated by you.
You may unsubscribe at any time, e.g. via a link at the end of each Newsletter. Alternatively, you can send your request to be unsubscribed at any time to presse@chamaeleonberlin.com. Following the withdrawal of your consent to the sending of your Newsletter, your e-mail address shall be deleted without delay provided we are not entitled to continue to store your e-mail address as a result of other legal bases.
We use a specialist European service provider to send our Newsletter. An order processing agreement has been entered into. This means that our service provider may only process data based on our prior instructions and, in particular, not for its own purposes. The e-mail addresses of our Newsletter recipients are stored and processed on the servers of our service provider in the European Union.
If you have registered for our Newsletter and a user profile is registered for your e-mail address, we shall combine such details. Therefore, we receive information about our customers and can analyse the efficiency of marketing measures. We similarly group the information together to better target future marketing measures. The data are processed based on Article 6(1), Sentence 1, letter f, GDPR, whereby the stated purposes are to be understood as justified interests within the meaning of this provision.
g) Promotional use of the e-mail address of existing customers
Insofar as we receive your e-mail address in conjunction with the sale of tickets or other goods, we shall use the e-mail address for the purpose of advertising our own similar offers. For example, we shall contact you immediately before and directly after your visit with information about your event (e.g. additional options and comparable offers). The legal basis is Article 6(1), Sentence 1, letter f, GDPR, in conjunction with Section 7(3), UWG German Unfair Competition Act), whereby the advertising approach of existing customers is to be regarded as a legitimate interest within the meaning of this provision. You can object at any time to use of your e-mail address for advertising purposes without incurring any costs other than the forwarding costs in accordance with the basic rates. If you do not object, we shall process your e-mail address for as long as necessary for advertising purposes and we have a justified interest in doing so.
We use a specialist European service provider to contact you by e-mail. An order processing contract has been entered into with the service provider. This means that our service provider may only process data based on our prior instructions and, in particular, not for its own purposes. The e-mail addresses of our Newsletter recipients are stored and processed on the servers of our service provider in the European Union.
h) Registering for our events following an exclusive invitation
Where you are invited by e-mail to an event, and are referred to a form on our website for registration, when the form is used we process the following details:
First Name
Surname
E-mail address and
Company
In addition, there is an option of making additional comments available to us via a contact field. Compulsory details are denoted by *. We require your name and the details of your company to reserve an honorary ticket for you and to allocate the registration. The e-mail address is necessary to provide you with confirmation of the registration and contact you in the event of queries. If you make further comments available to us via the contact field provided in this context, such processing applies to process and allocate your enquiry.
In the case of using the form, at the time of the registration we additionally store the IP address and the time and date of the registration to prevent misuse of the form and guarantee the security of our information and technical systems.
Alternatively, you can register via the stated e-mail address. In such a case we shall process your personal data forwarded via the e-mail exclusively to reserve an honorary ticket and deal with potential further enquiries.
The data are processed in relation to your enquiry and based on Article 6(1), Sentence 1, letter f, GDPR. Our justified interests arise from the aforementioned purposes.
We shall delete the personal data forwarded as part of using the form or forwarded by you by e-mail as soon as such data are no longer required to achieve the purpose for which they are collected. Normally, this is the case if the event for which you have registered has been staged. The stored IP address and date and time of the registration shall be automatically deleted at the latest after 4 weeks.
i) Submitting an application
If you submit an unsolicited application or apply for a vacant position, your applicant data shall be processed exclusively for the purpose of performing the application procedure. The legal basis in this respect is Section 26(1), Sentence 1, GDPR.
As part of the application process, we process the data you make available to us. Such data are normally:
First name and surname,
E-mail address, postal address and telephone number,
Personal data stated in your cover letter or CV (qualifications and dates of birth etc.)
Information about marital status and other special categories of personal data are expressly not required for your application. The stated personal data need to be provided for the application process. Therefore, failure to do so would mean that you would not be able to participate in the respective application process.
We store the data that we receive from you based on your application and during the application process for a period of three months following completion of the application process. The application process is completed once you have been hired for the advertised position or when a decision has been taken not to hire you. This does not apply if you have expressly consented to longer storage in accordance with Article 6(1), Sentence 1, letter a, GDPR. You may withdraw your consent at any time for the future.
If an employment relationship is entered into, we may continue to process the personal data previously received from you for the purposes of the employment relationship in accordance with Section 26, BDSG (German Data Protection Act), insofar as this is necessary to implement or terminate the employment relationship.
j) Enquiries about the use of our rehearsal room
We process the following information when you use the form:
First Name
Surname
E-mail address
Project details
Details about the desired period of use
Information about whether or not you are registered for Kulturräume.
Furthermore, there is an option of making additional comments available to us via a contact field. Compulsory details are denoted by *. We require your name and your company details to allocate the enquiry. The e-mail address is required to confirm receipt of the enquiry and contact you in the event of queries. Details about the project and the desired period of use as well as further comments and questions about registration with Kulturräume are used to process your enquiry.
In the case of using the form, at the time of the registration we additionally store the IP address and the time and date of the registration to prevent misuse of the form and guarantee the security of our information and technical systems.
Data are processed at your request and such processing is based on Article 6(1), Sentence 1, letter a, or Article 6(1), Sentence 1, letter f, GDPR. Our justified interests arise from the aforementioned purposes.
We shall delete the personal data forwarded as part of using the form or forwarded by you by e-mail as soon as such data are no longer required to achieve the purpose for which they are collected. The stored IP address and date and time of the enquiry are automatically deleted at the latest after 4 weeks.
k) Applying for our residency programme
On our website, you have the option to apply for our residency programme to take advantage of the offers, support and services stated as part of the programme. To apply, you shall be required to enter some information in a form about yourself, your project and the other project participants. We shall use such information to make a decision about your participation in the programme.
The requested information includes the following details:
Your first name and surname
E-mail address
Where applicable, company description
Address
Project name
Potential residency dates
Project and content details
Details of project participants, including CVs of all participants
Support requirements
Links to video material or additional project information
References in the form of links to videos or information about completed projects
Where applicable, additional information via a voluntary text field
We require your name and company details to allocate the application. The e-mail address is required to confirm receipt of the enquiry and contact you in conjunction with your application. We require details of the project, the project participants, potential residency dates and your support requirements as well as the provided references to make a decision about your application.
In the case of using the form, at the time of the registration we additionally store the IP address and the time and date of the registration to prevent misuse of the form and guarantee the security of our information and technical systems.
Data are processed at your request and such processing is based on Article 6(1), Sentence 1, letter a, or Article 6(1), Sentence 1, letter f, GDPR. Our justified interests arise from the aforementioned purposes. You may withdraw your consent at any time with effect for the future. However, in such a case we shall no longer be able to consider your application.
We shall delete the personal data forwarded as part of using the form or where applicable additionally forwarded by you by e-mail as soon as such data are no longer required to achieve the purpose for which they are collected. This shall be the case if your application is not further considered. In the case of a successful application, we shall store the data for at least the duration of the project and, following consultation with you, beyond. The stored IP address and date and time of the enquiry are automatically deleted at the latest after 4 weeks.
l) Chamäleon Club
As a registered user, you have the option to become a member of our Chamäleon Club to benefit from the associated advantages, information offers and special conditions. Membership in the Chamäleon Club is subject to a fee. Therefore, in addition to the registration details (under b), you shall also be asked to provide payment details to process the necessary payments. We call on the services of Datatrans AG in the capacity of payment service provider (for more details, see d). Insofar as you have not yet registered for a user profile, you can, of course, still become a member of the Chamäleon Club. In such a case, you shall need to register for a user profile (see b) as part of your membership application. Membership without registration is not possible because we manage our customers in a standardised manner.
Your data shall be processed in conjunction with an assigned membership number for the purpose of entering into and processing the existing contractual relationship with you in respect of membership in the Chamäleon Club and the associated benefits, information offers and special conditions. Your name and address are required to gain knowledge of who our contracting party is, i.e. for whom we are rendering services, and to contact you directly and personally by way of potential correspondence. Article 6(1), Sentence 1, letter b, GDPR, forms the legal basis in this respect. Information about processing other registration data can be found under b).
The data are processed on servers by EVENTIM and on our behalf. More information about the cooperation with EVENTIM is available above under b) and d).
We record and analyse the orders placed in conjunction with your Circus Card and under your membership number for statistical purposes. The analyses shall remain assigned to your membership number until your user profile is deleted. Thereafter, the analyses shall only be kept in anonymised form. Article 6(1), Sentence 1, letter f, GDPR, forms the legal basis in this respect. Our justified interests arise from our evaluation interests to optimise our offer.
m) Donations
When you book a ticket, you have the option of supporting us by way of monetary donations. In that respect, the data from your user profile, including the payment details you provide, shall be used to receive and process the donation. We also work with the same service providers that are used when booking tickets (see d above). The information in respect of your donation is linked to the information in your user profile. We also use such information to issue a donation receipt/(simplified) proof of donation to you and send it to you by e-mail.
You can also support us by way of monetary donations via our donation section independently of booking a ticket. If you do this as a registered user, we shall use the data from your user profile to process the donation. Otherwise, you shall be asked to provide the following data:
Form of address, title
First name, surname
Address
Phone numbers
Your e-mail address
Your name (including form of address and title) and your address are required to know who made a donation and clearly allocate the donation to you. The telephone number is used should queries potentially become necessary. We use your e-mail address to send you a summary of your donation and, where applicable, a donation receipt/(simplified) proof of donation. We shall also send payment information to your e-mail address so that you can make your donation. We call on the services of Datatrans for payment processing (see d above). Your data are processed by EVENTIM in cooperation with us and on our behalf (see d above in that regard). If you do not yet have a user profile with us, one shall be created automatically (see b) above). This enables you to make future donations without having to enter your data again, and provides an overview of your donations at all times. Furthermore, you can take advantage of the other benefits of a user profile (orders, memberships, etc. – see information above).
The legal basis for data processing is Article 6(1), Sentence 1, letter b, GDPR, in conjunction with processing the donation agreement and in conjunction with the user agreement via your user profile because of the link to your user profile.
We also use your contact details to draw your attention to additional donation opportunities. Article 6(1), Sentence 1, letter f, GDPR, forms the legal basis in this respect. The justified interest arises from our need to be supported by monetary donations.
Your donations are permanently linked to your user profile and you can access them until you delete your user profile. If you decide to make a recurring donation, your payment details shall also be stored permanently until you stop making donations. In other respects, we must store your data in conjunction with a donation for up to 10 years independently of your user profile due to statutory storage periods in accordance with the German Fiscal Code.
n) Donating via PayPal
In the theatre or on online platforms, we offer additional donation options via a link or a QR code as a direct donation via PayPal. To that end, you shall be redirected to the PayPal payment page where you can make a one-off or recurring donation. Once you have completed a corresponding donation, PayPal forwards your customer data (surname, first name, address, e-mail address and donation amount) to us.
If you do not yet have a user profile with us, one shall be created automatically (see b) above). This enables you to make future donations via our donation section without having to enter your data again, and provides an overview of your donations at all times. Furthermore, you can take advantage of the other benefits of a user profile (orders and memberships etc. – see information above). Your data are processed by EVENTIM in cooperation with us and on our behalf (see d above in that regard).
The legal basis for data processing is Article 6(1), Sentence 1, letter b, GDPR, in conjunction with the processing of the donation agreement and in conjunction with the user agreement via your user profile because of the link to your user profile.
Furthermore, we use your contact details to draw your attention to additional donation opportunities. Article 6(1), sentence 1, letter f, GDPR, forms the legal basis in this respect. The justified interest arises from our need to be supported by monetary donations.
Your donations are permanently linked to your user profile and you can access them until you delete your user profile. If you decide to make a recurring donation, your payment details shall also be stored permanently until you stop making donations. In other respects, we must store your data in conjunction with a donation for up to 10 years independently of your user profile due to statutory storage periods in accordance with the German Fiscal Code.
Information about data protection at PayPal can be found at https://www.paypal.com/DE/webapps/mpp/ua/privacy-full?country.x=DE&locale.x=de_DE.
3. FORWARDING PERSONAL DATA TO THIRD PARTIES
a) Forwarding personal data to third parties
Apart from in the aforementioned cases involving processing by order (in particular ticket purchase), we shall only forward your personal data to third parties if:
- You have expressly granted your consent in that respect in accordance with Article 6(1), Sentence 1, letter a, GDPR,;
- This is necessary in accordance with Article 6(1), Sentence 1, letter b, GDPR, to execute a contract entered into with you, a) forwarding to mail order business enterprises for the purposes of supplying tickets, b) forwarding of payment data to payment service providers or banks to execute a payment transaction;In the event that a statutory obligation applies to the forwarding in accordance with Article 6(1), Sentence 1, letter c, GDPR. The forwarded data may be used by the third party exclusively for the stated purposes
b) Forwarding personal data to third countries
Personal data shall only be forwarded to countries outside the European Economic Area (EEA) if the requirements of Article 44 et seq., GDPR, are met.
A third nation or country (hereinafter third country) is described as a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country shall be deemed unsafe if the EU Commission has not issued an adequacy decision for such a country in accordance with Article 45(1) GDPR, confirming that appropriate protection is in place for personal data in that country.
With regard to the USA, an adequacy decision dated 10 July 2023 applies based on the Transatlantic Data Privacy Framework (DPF) provided the respective recipient has appropriate certification. You can view a list of currently certified companies here. If a recipient in the USA is not DPF-certified, a level of data protection comparable to that in the EU cannot be provided. In such a case, the following risks apply: The risk that US American authorities can gain access to the personal data as a result of the monitoring programmes PRISM and UPSTREAM based on Section 702 of FISA (Foreign Intelligence Surveillance Act) and based on the Executive Order 12333 or the Presidential Police Directive 28. EU citizens do not have any effective legal protection options in the USA or the EU against such access.
In this data protection information, we inform you when and how we forward personal data to a recipient not covered by the DPF in the USA or other insecure third countries. We only forward your personal data if
Sufficient guarantees are provided by the recipient in accordance with Article 46, GDPR, in respect of the protection of the personal data,
You have expressly consented to the forwarding, after we have informed you of the risks, in accordance with Article 49(1), letter a, GDPR,
The forwarding is necessary to honour contractual obligations between you and us
Or another exception from Article 49, GDPR, applies.
Guarantees in accordance with Article 46, GDPR, may be so-called Standard Contract Clauses. In such Standard Contract Clauses, the recipient assures to adequately protect the data and therefore guarantee a level of protection comparable with GDPR.
4. COOKIES
We use Cookies or similar functions such as pixel tags on our website (hereinafter referred to as: “Cookies”). These are small files that your browser automatically creates and which are stored on your terminal (Laptop, Tablet, Smartphone or the like) when you visit our site. Cookies do not cause any damage on your terminal, do not contain any viruses, Trojans or other malware.
A Cookie contains information that arises in each case in conjunction with the specifically used terminal. However, this does not mean that as a result we directly obtain details about your identity.
On the one hand, Cookies are aimed at making the use of our service available to you. For example we use Session Cookies to identify that you have already visited certain pages on our website, e.g. facilitate a shopping basket function. Use of such Cookies is based on Section 25(2), No. 2, TTDSG (German Telecommunication-Telemedia Data Protection Act). Use of these Cookies is absolutely necessary to render a service you have requested.
On the other hand, we use Cookies and similar functions to statistically record the use of our website and for the purpose of optimising our services for you (see sub-section 5). When you return to our website, these Cookies enable us to automatically identify that you have visited our website in the past. These Cookies are automatically deleted following a period defined in each case.
We use such Cookies on the basis of your express consent in accordance with Section 25 (1) TTDSG in conjunction with Article 6(1), Sentence 1, letter a, GDPR.
You can grant and withdraw your consent via our Cookie management tool.
With regard to consent management, we call on the services of Usercentrics GmbH, Sendlinger Straße 7, D-80331 Munich (hereinafter referred to as Usercentrics). With the help of Usercentrics, we can store and manage your consent preferences. To that end, Usercentrics processes your consent, your IP address, certain information about your browser and device and the time of your visit to the website on our behalf. Such information is stored in a Cookie on your end device. Use of Usercentrics is based on our justified interests in accordance with Article 6(1), letter f, GDPR, in conjunction with Section 25(2), No. 2, TTDSG. We have a commercial interest in managing your consent as efficiently as possible. Your data shall be automatically deleted after one year.
5. GOOGLE TRACKING
a) Google Marketing Platform (Google Analytics and Search Ads 360)
We use Google Marketing Platform on our website based on your consent in accordance with Article 6(1), Sentence 1, letter a, GDPR, in conjunction with Section 25(1), TTDSG, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (hereinafter referred to as: “Google”). This service combines the Google products Search Ads 360 (formerly DoubleClick) and Google Analytics. In this context use profiles rendered anonymous are created and Cookies (see sub-section 4) are used.
The information created via the Cookie about your use of this website such as the
- Browser type/version,
- Used operating system,
- Referrer URL (the previously visited site),
- Host name of the accessing computer (IP address),
- Time of the server enquiry,are forwarded to a Google server in the USA and stored there. We have entered into an order processing contract with Google in respect of the use of Google Analytics. By way of such a contract, Google assures that it processes the data in line with our instructions and guarantees protection of the data subject’s rights.
Use of Google Analytics is aimed at analysing and optimising our online services and the economic operation of this website. Therefore, Google processes the information by our order to evaluate the use of the website, to draw up reports on the website activities and to render additional services associated with the website use and internet use for the purposes of market research and organising internet website pages in line with requirements.
Search Ads 360 enables us to play out advertising campaigns across search engines. As a result, we can measure the reach of our adverts displayed in various search engines. In addition, we can register conversions via so-called floodlight tags, i.e. find out whether a search engine advert has led to entering into a contract.
Where applicable, this information may also be forwarded to third parties insofar as this is required by law or insofar as third parties process such data by order. Under no circumstances shall your IP address be grouped together with other Google data. The IP addresses are rendered anonymous to the extent that allocation is not possible (IP Masking). This means that the IP address of users is shortened by Google in EU Member States or in other countries of the EEA. Only in exceptional cases shall the entire IP address be sent to a Google server in the USA and shortened there.
We do not use the advertising function or the Universal Analytics with User ID provided by Google.
The user data created via Cookies are automatically deleted after 14 months.
The information generated by the Cookies set by Google Marketing Platform about the use of our website is forwarded to Google servers in the USA and processed there. The forwarded data are merely data that have been rendered anonymous; drawing a conclusion about your name is not possible. Google is DPF-certified. This guarantees that a level of protection is in place that is comparable with that in place in the EU (see also sub-section 3b for data forwarding to the USA). Google also bases the forwarding on Standard Data Protection Clauses approved by the EU. You can obtain a copy of the standard data protection clauses here.
In addition, we shall only forward your data if you expressly consent to the processing by Google. In such a case you consent, in the knowledge of the risks described in sub-section 3b, to the forwarding of your data to the USA in accordance with Article 49(1), letter a, GDPR.
You can use the Cookie Management Tool to withdraw your consent at any time for the future. You can find more information about data protection in conjunction with Google Analytics for example in the Google Analytics Support.
b) Google Analytics 4
We use Google Analytics 4 on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). In this context, pseudonymised user profiles are created and Cookies are used. The information generated by the Cookie about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is normally forwarded to Google servers in the USA and processed there.
Use of Google Analytics is based on your consent in accordance with (Article 6(1), Sentence 1, letter a, GDPR, in conjunction with Section 25(1), TTDSG) for the analysis and optimisation of our online services and the economic operation of this website. Google, therefore, processes the information on our behalf to analyse use of the website, draw up reports about website activity and make available to us other services relating to website activity and internet use for the purposes of market research and design of this website in line with requirements. You may withdraw your consent at any time for the future.
We have entered into an order processing contract with Google in respect of the use of Google Analytics. By way of such a contract, Google assures that it processes the data in line with the General Data Protection Regulation and guarantees protection of the data subject’s rights.
The IP address processed by Google Analytics is automatically truncated. In that respect, the last three digits of your IP address are replaced by a “0,” which prevents them from being assigned. Where applicable, the data collected shall be forwarded to third parties if this is required by law or if third parties process the data on our behalf. The user data created via Cookies are automatically deleted after 14 months.
The information generated by the Cookies about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is forwarded to Google servers in the USA and processed there. Google is DPF-certified. Google also relies on Standard Data Protection Clauses approved by the EU Commission for the forwarding as a guarantee of a level of data protection comparable to that in the EU. You can obtain a copy of the standard data protection clauses here. We only forward data to Google based on your consent. If you consent to the processing by Google, you, therefore, also consent to the forwarding of your data to the USA in accordance with Article 49(1), letter a, GDPR.
You may withdraw or amend your consent at any time with effect for the future. You can find more information about data protection in conjunction with Google Analytics for example in the Google Analytics Support. Information about the use of data by Google can be found in its Data Protection Policy.
c) Google Ads Conversion Tracking and Remarketing
Based on your consent in accordance with Article 6(1), Sentence 1, letter a, GDPR, we use Google Ads Conversion Tracking and the Remarketing Pixel of Google, 1600 Amphitheatre Parkway, Dublin 4, Ireland (hereinafter: “Google”) on our website to statistically record the use of our website and for the purpose of optimising our services for you. The service enables us to arrange the advertising content in line with requirements, record it statistically and optimise and run it. We are dependent on such advertising content to guarantee the visibility of our services.
In that respect Google Ads places a Cookie on your computer provided you gained access to our website via a Google advertisement.
These Cookies are rendered invalid after 30 days. If a user visits certain pages of the website of the Adwords customer, and the Cookie has not yet expired, Google and the customer may determine that the user has clicked on the advertisement and was forwarded to that specific page.
The information generated by the Cookie regarding your use of this website is sent to and stored on a server operated by Google and located in the USA. We have entered into an order processing contract with Google AdWords in respect of the use of Google Analytics. By way of such a contract, Google assures that it processes the data in line with the General Data Protection Regulation and guarantees protection of the data subject’s rights.
Each Google Ads customer is provided with a different Cookie. Therefore, Cookies cannot be traced via the websites of Google Ads customers. Information obtained by way of the Conversion Cookie is aimed at preparing conversion statistics for Google Ads customers who have decided in favour of Conversion Tracking. We are informed of the total number of users who have clicked on their advertisement and who were forwarded to a page equipped with a Conversion Tracking Tag. However, they are not provided with any information with which they can personally identify users.
In addition, based on your consent in accordance with Article 6(1), Sentence 1, letter a, GDPR, we use the Google Ads Remarketing Pixel that collects and evaluates information about your use of this website. This enables us to approach visitors on other websites with relevant content. According to Google, the data collected during the remarketing is not grouped together with personal data that Google may store. In addition, Google renders such data anonymous. Tags based on remarketing data are stored for 30 days.
The information generated by Cookies placed by Google Analytics regarding your use of this website is forwarded to a Google server in the USA and stored there. The forwarded data are merely data that have been rendered anonymous; drawing a conclusion about your name is not possible. Google is DPF-certified. This guarantees that a level of protection comparable to that in the EU exists (see also section 3b about data forwarding to the USA), and Google also bases the forwarding on Standard Data Protection Clauses approved by the EU. You can obtain a copy of the Standard Data Protection Clauses here.
In addition we shall only forward your data if you expressly consent to the processing by Google. In such a case you consent, in the knowledge of the risks described in sub-section 3b, to the forwarding of your data to the USA in accordance with Article 49(1), letter a, GDPR.
You can use the Cookie Management Tool to withdraw your consent at any time for the future.
You can use the Cookie Management Tool to withdraw your consent at any time for the future.
You can find Google’s data protection instructions regarding Conversion Tracking here.
d) Google AdManager
On this website we use Google Ad Manager, based on your consent in accordance with Article 6(1), Sentence 1, letter a, GDPR, of Google LLC., 1600 Amphitheatre Parkway, Dublin 4, Ireland (hereinafter: “Google”) to arrange the advertising content in line with requirements, record it statistically and optimise and run it. We are dependent on such advertising content to guarantee the visibility of our services. This also applies to the provision of advertising space on our website without which this website could not be operated economically.
Google Ad Manager uses Cookies to present advertisements on our website. The information stored in the Cookie may be recorded, collected and evaluated by Google or third parties. Furthermore, Ad Manager also uses Pixel Tags to collect information as a result of which information about visitors to our website is collected (e.g. browser, operating system, previously visited site, IP address and date/time). By using this, basic actions such as the visitor traffic on the website can be recorded, collected and evaluated.
The information created by the Cookie and/or Pixel Tags about how you use this website is forwarded to a Google server in the USA and stored there. Google uses the information obtained in this manner to evaluate your use behaviour with regard to the advertisements placed via Ad Manager.
Where applicable, Google may also forward this information to third parties insofar as this is required by law or is permitted or insofar as third parties process such data by order of Google.
The information generated by Cookies placed by Google Ad Manager regarding your use of our website is forwarded to a Google server in the USA and stored there. Google is DPF-certified. This guarantees that a level of protection is in place that is comparable with that in place in the EU (see also sub-section 3b for data transfers to the USA). Google also bases the forwarding on Standard Data Protection Clauses approved by the EU. You can obtain a copy of the Standard Data Protection Clauses here.
In addition we shall only forward your data if you expressly consent to the processing by Google. In such a case you consent, in the knowledge of the risks described in sub-section 3b, to the forwarding of your data to the USA in accordance with Article 49(1), letter a, GDPR.
You can use the Cookie Management Tool to withdraw your consent at any time for the future.
You can find more information in the Google Data Protection Notices.
e) Google Tag Manager
Our website uses the Google Tag Manager tool from Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (hereinafter referred to as: “Google”) “) based on our justified interest in accordance with Article 6(1), Sentence 1, letter f, GDPR ,in conjunction with Section 25(2), No. 2, TTDSG. By way of Google Tag Manager we administer the tools by way of which we provide information in this Data Protection Policy. This interest is considered justified within the meaning of the aforementioned requirement. For details of this tool please, therefore, see the information regarding the specific tool.
The tool ensures the triggering of other tags that may, under some circumstances, collect data. Google Tag Manager does not access this data. If a deactivation is processed on either domain or Cookie level, then this remains valid for all tracking tags that shall be implemented with Google Tag Manager.
The information generated by the Cookies set by Tag Manager about the use of our website is forwarded to our server and processed there. Data are only forwarded to the corresponding recipients after you have consented to the setting of certain tags. We have entered into an order processing contract with Google in respect of the use of Google Analytics. By way of such a contract, Google assures that it processes the data in line with the General Data Protection Regulation and guarantees protection of the data subject’s rights.
Insofar as appropriate consent has been granted, data are forwarded to Google servers in the USA and processed there. The forwarded data are merely data that have been rendered anonymous; drawing a conclusion about your name is not possible. Google is DPF-certified. This guarantees that a level of protection is in place that is comparable with that in place in the EU (see also sub-section 3b for data forwarding to the USA). Google also bases the forwarding on Standard Data Protection Clauses approved by the EU. You can obtain a copy of the standard data protection clauses here.
f) Google Signals
We use Google Signals as an extension function for Google products. Google Signals links website data collected via Google products with information from your Google account provided you have consented to the “Ad personalisation” option in your account settings. Google Signals enables us to create advertising target groups in which you are assigned based on the information from your Google account. Google Signals also enables us to recognise you across devices and show you personalised advertising on different devices. The reports made available to us by Google are also supplemented with information from your Google account. You can prevent this by deactivating the option for “Personalised advertising” in your Google account settings.
We only receive personal data via Google Signals if you have activated this function in your Google account and you have granted us your consent to use the aforementioned Google products in accordance with Article 6(1), letter a, GDPR, in conjunction with Section 25(2), No. 2, TTDSG. You may withdraw your consent at any time for the future. You can adjust your account settings here.
The information about the use of our website is forwarded to Google servers in the USA and processed there. Google is DPF-certified. Google also relies on Standard Data Protection Clauses approved by the EU Commission for the forwarding as a guarantee of a level of data protection comparable to that in the EU. You can obtain a copy of the Standard Data Protection Clauses here. We only forward data to Google based on your consent. If you consent to the processing by Google, you, therefore, also consent to the forwarding of your data to the USA in accordance with Article 49(1), letter a, GDPR.
6. ADDITIONAL TRACKING TOOLS
The tracking and targeting measures stated below and adopted by us apply on the basis of Article 6(1), Sentence 1, letter a, GDPR as a result of your consent granted via the Cookie management tool. You can use the Cookie Management Tool to withdraw your consent at any time for the future.
By way of the adopted tracking measures, we want to guarantee the organisation and ongoing optimisation of our website in line with requirements. On the other hand we adopt tracking measures to statistically record the use of our website and for the purpose of optimising our services for you.
By way of adopting targeting measures, we want to guarantee that adverts shall be displayed on your terminals that are geared towards your actual or assumed interests.
The respective data processing purposes and data categories are stated in the corresponding tracking and targeting tools.
a) Bing Ads
We use Bing Universal Event Tracking (UET) of Microsoft Bing Ads as a result of your consent in accordance with Article 6(1), Sentence 1, letter a, GDPR. This is a service of the Microsoft Corporation, 1 Microsoft Way, Redmond, WA 98052, USA (“Microsoft”). It enables us to track the activities of users on our website if they have gained access to our website via Bing Ads advertisements.
If you gain access to our website via a Bing Ads advertisement, a Cookie (see sub-section 4) is placed on your computer. A Bing UET Tag is integrated in our website. This is a code by way of which in conjunction with the Cookie some non-personal data about the use of the website are stored. This includes the dwell time, the areas of the website that are viewed and the advertisement used by the users to gain access to the website. Information about your identity is not recorded.
This information is forwarded to Microsoft servers in the USA and stored there as a matter of principle at most for 180 days. We have entered into an order processing contract with Microsoft in respect of the use of Bing Ads. By way of this contract, Microsoft assures that it processes the data in line with the General Data Protection Regulation and guarantees protection of the data subject’s rights.
The information generated by Cookies placed by Microsoft regarding your use of this website is forwarded to a Microsoft server in the USA and stored there. The forwarded data are merely data that have been rendered anonymous, drawing a conclusion about your name is not possible. Microsoft is DPF-certified. This guarantees that a level of protection is in place that is comparable with that in place in the EU (see also sub-section 3b for data forwarding to the USA). We have also entered into a contract with Microsoft by way of incorporating the EU Standard Contract Clauses.
In addition we shall only forward your data if you expressly consent to the processing by Microsoft. In such a case you consent, in the knowledge of the risks described in sub-section 3b, to the forwarding of your data to the USA in accordance with Article 49(1), letter a, GDPR.
You can use the Cookie Management Tool to withdraw your consent at any time for the future.
You can find more detailed information about the analysis services of Bing on the Bing website.
You can find more detailed information about the data protection in place at Microsoft in the Microsoft data protection provisions.
b) Meta Pixel with Meta Custom Audiences
As a result of your consent in accordance with Article 6(1), Sentence 1, letter a, GDPR, we use the Meta-Pixel of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (hereinafter: Meta). Facebook Pixel is a JavaScript Code that facilitates the tracking of visitor activities on websites in which Pixel is used. Your IP address, browser information, initial and target site and referrer data inter alia are collected and recorded by way of Meta Pixel. Furthermore, the Pixel identifies the activities that are performed on the website such as the click behaviour.
You can find more information about the data protection in place at Facebook here.
(1) Meta-Pixel for quantifying solutions and analysis services
By way of Meta Pixel, we can use quantifying solutions and analysis services to identify how you react to our advertisements on Facebook or Instagram, for example, if you click on a link in the advertisement that leads to our website. We, therefore, gain a better overview of how successful our campaigns on Facebook and Instagram are, and can continually optimise them. By way of Pixel we can also identify you as a visitor to our website. On the basis of this information, the advertisements we run on Facebook and Instagram are only displayed to such users who probably also have an interest in our services, either because they have visited our website in the past or because they have certain characteristics (e.g. interest in certain topics or products that are determined on the basis of the visited websites).
Pixel is loaded when you view our website or react to an advertisement we place on Facebook or Instagram, for example, because you click on a link to our site. In this context, a Pixel ID list is drawn up and placed in a Cookie so that we receive evaluations of your user behaviour. The Pixel is not aimed at identifying you personally.
In this respect, we have entered into an agreement on the processing by order. In that agreement, Meta assures to process data and safeguard data subjects’ rights in line with the GDPR.
(2) Meta Custom Audience for target groups
Based on your consent, Article 6(1), Sentence 1, letter a, GDPR, we use Meta Custom Audience (Meta Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a company of Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, hereinafter “Meta”). Meta Custom Audience enables us to gear advertising campaigns towards persons. A Meta Custom Audience Pixel Tag is integrated in our website. This is a JavaScript code by way of which data, which have been rendered anonymous, on the use of the website are processed. This includes your IP address, the used browser and the initial and target site. By way of Meta Pixel, we can identify how you react to our advertisements on Meta, for example, if you click on a link in the advertisement that leads to our website. We, therefore, gain a better overview of how successful our campaigns on Meta are, and can continually optimise them. By way of the Pixel, we are also able to identify you as a visitor to our site to determine the target group for displaying advertisements. Accordingly, we use Facebook Pixel to display the Ads we run on Facebook only to Facebook users who probably also have an interest in our services, either because they have visited our website in the past or because they have certain characteristics (e.g. interest in certain topics or products that are determined on the basis of the visited websites).
The information obtained on our pages is automatically compared by Meta using a Cookie to determine whether or not you belong to the target group that is relevant to us. If you belong to the target group, you shall be shown corresponding advertisements from us on Facebook and Instagram. During this process, neither we nor Meta shall identify you personally by comparing the data.
We are jointly responsible with Meta Ireland for use of the Meta Custom Audience Pixel in accordance with Article 26, GDPR. We have entered into a contract on the joint responsibility to specify the respective responsibilities for honouring obligations resulting from GDPR. Accordingly, we are responsible for providing information to the users of our website, while Facebook is responsible for replying to enquiries about data subjects’ rights in accordance with Article 15 to Article 21, GDPR. However, as part of the joint responsibility you can, as a matter of principle, assert your data subject rights against any of the jointly responsible parties.
Meta bases the processing of data on the consent of Meta users in accordance with Article 6(1), letter a, GDPR, and the legitimate interests of Meta in accordance with Article 6(1), letter f, GDPR, to guarantee Meta advertisers accurate and reliable reports or accurate performance statistics. You can find more information about this in the Data Protection Information of Meta, or here. You can contact Facebook’s data protection officer here.
Microsoft is DPF-certified. This guarantees that a level of protection comparable to that in the EU applies (see also section 3b on data forwarding to the USA). With regard to data transfers by Meta Ireland to unsafe third countries (see sub-section 3b), Meta relies on Standard Contractual Clauses approved by the European Commission. We only forward data to Facebook if you have granted your prior consent.
You may object to the use of the Custom Audiences service on the Meta website. After logging into your Facebook or Instagram account, you shall be taken to the settings for Facebook or Instagram adverts.
c) TikTok Pixel
We use TikTok Pixel on our website, an analytics service provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter referred to as “TikTok”). The information generated using the pixel (which advert was clicked on; source and target page; time of access; IP address; information about the end device (user agent), such as operating system, brand, model and browser information and hashed e-mail addresses) enables us to better understand and track the actions you take on our website. Specifically, we can use the pixel to measure our campaign performance and create customised and lookalike target groups. In addition, it helps us optimise the ad placements on our website. Furthermore, the pixel uses two types of Cookies: First Party Cookies and Third Party Cookies. First Party Cookies are created by us and made available on the website. Third Party Cookies are created, provided and managed by TikTok. The Cookies are aimed at making the collection of information by the pixel more accurate and precise, and support the pixel in its functionality.
Use of such Cookies and the pixel is based on your consent in accordance with Article 6(1), Sentence 1, letter a, GDPR, in conjunction with Section 25(1), Sentence 1, TTDSG. You may withdraw your consent at any time via the consent management tool. The user data created via the Cookies are automatically deleted after 13 months.
The personal data collected by the TikTok Pixel and the third party Cookie are further used by TikTok for the purposes of (i) collecting and forwarding developer data and/or event data, (ii) measurement and insight reporting, (iii) creating target groups and optimising advertisements, (iv) security, protection, combating fraud and (v) and for contact data reconciliation. In that respect, TikTok forwards personal data to TikTok servers located outside the European Economic Area. TikTok bases such forwarding on Standard Data Protection Clauses in accordance with Article 46(2), letter c, in conjunction with Article 93(2), GDPR. Further information about data protection at TikTok can be found in the data protection provisions; Business Data Terms and in the Standard Data Protection Clauses of TikTok (Annex I – II).
With regard to the collection and processing of measurement and inspection data via the end device with which you access our website, joint responsibility between us and TikTok Ireland applies in accordance with Article 26, GDPR. You can see the distribution of responsibilities here. Independent responsibility applies to all other personal data.
d) Pinterest Pixel
We use the Pinterest Pixel (also known as “Pinterest Tag”) of Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (hereinafter referred to as “Pinterest”) on this website. Pinterest pixel is a JavaScript code facilitating the tracking of activities of visitors to websites on which the pixel is used and to create target groups for adverts on Pinterest. The Pinterest pixel collects and stores IP address, browser and device information, source and target pages and referrer data, among other things.
We use the pixel on the basis of your consent in accordance with Article 6(1), letter a, GDPR, in conjunction with Section 25(2), No. 2, TTDSG. You may withdraw your consent at any time for the future. A direct connection to the Pinterest servers is established via the Pinterest pixel. Information about the use of our website is forwarded to Pinterest and a pixel ID is created and stored in a Cookie. The information is automatically synchronised by Pinterest and can be added or assigned to your user profile and linked to existing information.
If you have previously been active on Pinterest or have been redirected to our website as a result of clicking on an advertisement or Pinterest pin we placed on Pinterest, we can use the Pinterest pixel to recognise you as a visitor to our website, evaluate your visitor behaviour based on predefined actions (so-called “Events) and use measurement solutions and analysis services provided by Pinterest to recognise the effectiveness and success of our advertisements placed and pins posted on Pinterest. We therefore gain a better overview of how successful our campaigns and pins on Pinterest are, and can continually optimise them.
Furthermore, the pixel enables us to create target groups for adverts. This enables us to target the adverts we display on Pinterest to those Pinterest users who are likely to be interested in our offers, either because they have previously visited our website or because they have certain characteristics (e.g. interests in certain topics or products, which are determined based on the websites and activities visited). Furthermore, based on these target groups, we can create additional comparison target groups for adverts made up of Pinterest users with similar or comparable interests (such as those of the users from the original target group).
We are unable to personally identify individual users based on the data and information. The data and information are only made available to us by Pinterest in an anonymous and statistically processed form as part of the use of the functions described.
We store the data and information collected via the pixel for 100 days. In other respects, we delete personal data as soon as the purpose for processing has been honoured or no longer applies.
Pinterest forwards information about the use of our website to servers in the USA and processes it there. Pinterest is not DPF-certified, which means that there is no adequacy decision in accordance with Article 45(1), GDPR. The USA, therefore, does not provide a level of data protection comparable to the EU and the USA is, therefore, considered an unsafe third country. Pinterest bases the forwarding of personal data to the USA on EU Standard Data Protection Clauses in accordance with Article 46(2), letter c, GDPR, to guarantee a level of protection comparable to that in the EU.
You can find more information about data processing by Pinterest and your rights and options for protecting your privacy in this regard in Pinterest’s data protection information at https://policy.pinterest.com/de/privacy-policy. You can contact Pinterest’s data protection officer here.
You can adjust the personalisation settings for personalised ads and advertising on and outside Pinterest in your Pinterest account at any time, and deactivate or activate the use of your activities for reporting on the performance of ads. You shall find corresponding deactivation options for advertising and adverts when using mobile devices in the system settings of the device you are using (usually under “Data protection”).
e) QR Code Generator
We use what are known as QR codes, in particular in our offers, advertisements, posters, in-house signage, invitations and menus as well as on our social media channels and our website. These are bar codes that can be used to store information, e.g. in the form of a URL that redirects you to our website or one of our product pages.
To provide these, we use the QR Code Generator service provided by Bitly Europe GmbH, Am Lenkwerk 13, 33609 Bielefeld (hereinafter: “Bitly” or “QR Code Generator”). When you scan one of our QR codes created using the QR Code Generator via your end device, certain personal data are collected from you, such as your location, the exact time and date of your request and the operating system used on your end device. The use of QR codes makes it easier to access certain pages/content or link them. Analysing personal data helps us to draw conclusions about the success of certain campaigns, the frequency of the use of advertisements or other publications. This allows us to make our marketing and communication materials more attractive and interactive.
We process the data collected in this way based on our legitimate interest in accordance with Article 6(1), Sentence 1, letter f, GDPR, in respect of our ability to gear our services towards interests and target groups and make certain services on all aspects of our products and offers available to you. We have entered into an order processing contract with Bitly (https://www.qr-code-generator.com/company/terms/). In this contract, Bitly provides assurances that your data shall be processed in accordance with the General Data Protection Regulation. We delete your data as soon as we no longer need it for the indicated purposes.
7. VIMEO
On this website we use Vimeo Plugins to integrate videos from the Vimeo internet video portal of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. The integration is based on Article 6(1), Sentence 1, letter a, GDPR, whereby we have an interest in the smooth integration of our Vimeo videos.
Every time a page of this website is viewed that provides one or more Vimeo video clips, a direct link is established between your browser and a Vimeo server in the USA. In that respect, the information that you have used with your IP address to visit the page is forwarded by your browser directly to the Vimeo server and stored there. By way of interaction with the Vimeo plug-ins (e.g. clicking, start.), the information created by way of the interaction is forwarded to Vimeo and stored there.
If you have a Vimeo user account and do not want Vimeo to collect data about you while you are visiting our website and combine such data with your membership data stored by Vimeo, then you must log out of Vimeo before visiting this website.
The information generated by Vimeo regarding the use of our website is forwarded to Vimeo servers in the USA and processed there. The forwarded data are merely data that have been rendered anonymous; drawing a conclusion about your name is not possible. Vimeo is DPF-certified. This guarantees that a level of protection is in place that is comparable with that in place in the EU (see also sub-section 3b for data transfers to the USA). In addition, we have entered into a contract with Vimeo by way of incorporating the EU Standard Contract Clauses.
You can find Vimeo’s Data Protection Policy, which contains more detailed information about the collection and use of your data by Vimeo, your rights in this respect and the settings options in respect of protecting your privacy at http://vimeo.com/privacy.
8. YouTube
We use YouTube videos on our website. YouTube is a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”). The implementation is based on your consent in accordance with Article 6(1), Sentence 1, letter a, GDPR, in conjunction with Section 25(2), No. 2, TTDSG. In this respect, we use the “Extended data protection mode” option provided by YouTube.
When you access a page that has an embedded video, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser. YouTube also stores Cookies on your computer.
According to YouTube, in “Extended data protection mode” your data – in particular which of our websites you have visited and device-specific information including the IP address – are only forwarded to the YouTube server in the USA when you watch the video. You consent to such forwarding by clicking on the video.
If you are logged in to YouTube at the same time, such information shall be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
The data are forwarded to Google servers in the USA. The USA is a so-called unsafe third county. This means that the USA does not guarantee a level of data protection comparable to that in the EU. Google is DPF-certified. Google also bases the forwarding to the USA on Standard Data Protection Clauses approved by the EU Commission. A copy of the Standard Data Protection Clauses can be found here.
Further information on data protection in conjunction with YouTube can be found here.
9. DATA SECURITY
All data that you personally forward are encrypted using the common and secure TLS (Transport Layer Security) standard. TLS is a safe and tried and tested standard which, for example, is also used in online banking. You can identify a secure TLS connection inter alia by the added s in the http (i.e. https://..) in the address section of your browser or by the lock system in the lower area of your browser.
In other respects, we make use of suitable technical and organisational safety measures to protect your data against accidental or intentional manipulation, partial or complete loss or destruction or against unauthorised third party access. Our security measures are continually improved in line with technological developments.
10. DATA SUBJECTS’ RIGHTS
You have the right:
At any time to withdraw your consent previously granted to us. This means that with effect for the future we may no longer continue the data processing based on such consent;
In accordance with Article 15, GDPR, request information about your personal data we process. You may, in particular, request information about the processing purposes; the category of the personal data; the categories of recipients to whom your data were or shall be disclosed; the planned storage period; the existence of a right to rectification, erasure, restriction of processing or objection; the existence of a right to complain; the origin of your data provided such data were not collected by us, and the existence of automated decision-making including profiling and, where applicable, significant information the profiling details;
In accordance with Article 16, GDPR, request the rectification without undue delay of your personal data that are inaccurate;
In accordance with Article 17, GDPR, request the deletion of your personal data we are storing provided the processing is not required to exercise a right to freedom of expression and to information to honour a legal obligation for reasons of public interest or for the establishment, exercise or defence of legal claims;
In accordance with Article 18, GDPR, request restriction of the processing of your personal data provided you dispute the accuracy of the data, the processing is unlawful but, however, you reject the deletion of such data and we no longer require such data but, however, you require such data for the establishment, exercise or defence of legal claims or in accordance with Article 21, GDPR, you have raised an objection to the processing;
In accordance with Article 20, GDPR, receive your personal data, which you have made available to us, in a structured, commonly used and machine-readable format, or request the forwarding of such data to another controller, and
In accordance with Article 77, GDPR, lodge a complaint with a supervisory authority. Normally in this respect you may contact the supervisory authority of your customary place of residence or workplace or the registered office of our company.
Information about your right to object in accordance with Article 21, GDPR
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Article 6(1), letter e, GDPR (data processing in the public interest) and Article 6(1), letter f, GDPR (data processing based on weighing up interests). This also applies to profiling based on this provision of Article 4, No. 4, GDPR.
If you make an objection, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where your objection is geared towards the processing of data for the purposes of direct advertising, we shall stop the processing without delay. In such a case, stating a particular situation shall not be required. This also applies to profiling provided it is associated with such direct advertising.
If you would like to make use of your right to object, sending an e-mail to team@datenschutz-hannover.de shall suffice
11. UPDATING AND AMENDING THIS DATA PROTECTION INFORMATION
This data protection information is currently valid and was last updated in June 2024.
Amending this data protection information may be necessary as a result of the further development of this website and the services rendered via this website or as a result of amended legal or official requirements. You can access and print the respective valid data protection information at any time on the website at https://chamaeleonberlin.com/en/privacy-policy/ .
*For the sake of better legibility, we use all personal designations in our texts in a gender-neutral form. All gender identities are, at all times, meant and addressed.