Privacy Policy

Privacy policy

As of November 2023

Download

Our company,

Chamäleon Berlin gGmbH
Rosenthaler Str. 40/41
D-10178 Berlin

is the operator of this website. It renders the services available via this website and is, therefore, responsible for collecting, processing and using personal data.

As part of using this website, in the capacity of controller we process your personal data and store such data for the period that is necessary to honour the specified purposes and statutory obligations. Below we are informing you about the data in question, the manner in which such data are processed and the rights you have in that respect.

In accordance with Article 4., No. 1, General Data Protection Regulation (GDPR), personal data are any information relating to an identified or identifiable natural person.

1. NAME AND CONTACT DETAILS OF THE COMPANY DATA PROTECTION OFFICER

We have appointed Mr Herbert Neemann as the company data protection officer. His contact details are below

List + Lohr Datenschutz und Informationssicherheit GmbH
Garvensstraße 4
D-30519 Hanover
Tel.: +49 511 / 49 99 99 600
E-mail: team@datenschutz-hannover.de

You may contact our data protection officer directly at any time should you have any questions about data protection law or your rights as a data subject.

2. PROCESSING PERSONAL DATA AND PROCESSING PURPPOSES

a) Visiting the website

You can view our website without having to disclose your identity. The browser installed on your terminal merely sends information automatically to our website server (e.g. browser type and version, data and time of access) to facilitate establishing a connection to the website. This includes the IP address of your terminal making the enquiry. This is stored temporarily in a so-called log file and automatically deleted after 4 weeks.

Your IP address is processed for technical and administrative purposes involving the establishment and stability of a connection, to guarantee the security and working order of our website and track potential attacks on our website where necessary.

Article 6(1), Sentence 1, Point f, GDPR, forms the legal basis for the processing of your IP address. Our justified interest arises from the stated security interest and the necessity of making our website available without interruptions.

We are not able to draw any direct conclusions about your identity as a result of processing your IP address or on the basis of other information in the log file.

Furthermore, when our website is visited we place Cookies and perform analysis services. For more detailed information in that respect please see sub-section 4 and 5 of this data protection information.

b) Visiting our website as a registered user

When you use our website as a registered user, we collect data for statistical reasons and to facilitate the good working order of the website.
The following data are, in particular, collected:

The type, frequency and intensity of use of the website
The purchase frequency
The shopping basket

Article 6(1), Sentence 1, Point f, GDPR, forms the legal basis for the processing. Our justified interest arises from the necessity of optimising our website and facilitating a pleasant internet surfing experience.

c) Ticket orders via our website

Tickets are sold via our website with the support of our ticketing partner, which collects your data based on our order to the extent that we can process and settle your ticket order:

CTS EVENTIM AG & Co. KGaA (EVENTIM)
Contrescarpe 75 A, D-28195 Bremen

Eventim collects your data set out below and stores such data based on our order in the case of purchasing a ticket via our website:

Form of address
First Name
Surname
Address
Telephone
E-mail
Additional data entered voluntarily by you (e.g. query of the year of birth).

Your personal data are used for the purpose of entering into and processing the contractual relationship with you. Your name and address are required to gain knowledge of who our contracting party is, i.e. for whom we are rendering services and contacting you directly and personally by way of potential correspondence. Where applicable, we also use your e-mail address to make information about an event available to you directly prior to and during your visit. Your contact details are required to send the ticket to you and with regard to potential queries or notices.

The legal basis for processing this data is Art. 6 Para. 1 S. 1 lit. b GDPR.

For the purpose of sending the aforementioned email notifications, we use a European service provider specialised in this field. There is an order processing contract. This means that our service provider may only process data according to our prior instructions and notably not for its own purposes. The email addresses of our newsletter recipients are stored and processed on the servers of our service provider in the European Union.

The indication of your year of birth is voluntary. If you decide to indicate your year of birth, the processing takes place on the basis of your consent according to Art. 6 Para. 1 S. 1 lit. a GDPR. If you provide your year of birth, we process it in order to obtain information about the age structure of our guests. You can revoke your consent at any time for the future.

You can also find more information about your personal data collected by Eventim at http://www.eventim.de/tickets.html?doc=info/dataProtection

With regard to the payment service provider we use the services of

Datatrans AG
Kreuzbühlstr. 26
CH-8008 Zürich

Your details regarding the respective payment method are required to settle amounts with you. For more information on how the collected personal information from you is handled, please also see https://www.datatrans.ch/en/privacy-policy/

Article 6(1), Sentence 1, Point b, GDPR forms the basis for the processing of such data in respect of the payment processing and Artie 6(1), Sentence 1, Point f, GDPR applies in respect of incorporating TeleCash. Secure payment processing constitutes our justified interest.

The personal data we collect for the order are stored up until expiry of the statutory warranty obligation (2 years, Section 438(1), No. 3, BGB (German Civil Code)) and thereafter automatically deleted unless we undertake to store data for a longer period in accordance with Article 6(1), Sentence 1, Point c, GDPR, as a result of tax storage and documentation obligations (in particular Section 147 AO (German Tax Code)). For this period (normally ten years from the time of entering into a contract), the data are processed again solely in the event of a review by the finance authorities. In other respects the data are blocked fur further-reaching processing.

d) For Advertising purposes by post following a ticket purchase

Where applicable we also use the postal address stated by you when purchasing a ticket via our website or purchasing a ticket by telephone after your event visit to send information to you about future events by post. Your personal data are processed to safeguard our interests (Article 6(1), Sentence 1, Point f, GDPR). The sending of advertising in the form of programmes booklets once a year, unless you have already attended an event at our company on a single occasion, constitutes our justified interests in data processing. These are to be considered justified and necessary within the meaning of the aforementioned requirement. You have the right to object at any time to the use of your data for advertising purposes (see paragraph 9).

Personal data for advertising purposes are stored until you object to use of such data for advertising purposes, at most however for 36 months, unless this conflicts with a statutory storage obligation.

e) When registering for our Newsletter

If you have given your express consent, we will use your email address to send you our Newsletter on a regular basis. Legal basis for this is Art. 6 (1) S. 1 lit. a GDPR. We use your first and last name in order to personalise the Newsletter.

After you register, you will receive a registration notification by email, which you must confirm, so that you receive the Newsletter (so-called double opt-in). This serves as proof that the registration was indeed initiated by you.

You can unsubscribe at any time, e.g. via a link at the end of each Newsletter. Alternatively, you can also send your wish to unsubscribe to presse@chamaeleonberlin.com at any time. After revoking your consent to receive the Newsletter, your email address will be deleted immediately, unless we are entitled to continue storing your email address based on other legal grounds.

For the purpose of sending our newsletter, we use a European service provider specialised in this field. There is an order processing contract. This means that our service provider may only process data according to our prior instructions and notably not for its own purposes. The email addresses of our newsletter recipients are stored and processed on the servers of our service provider in the European Union.

If you order a Newsletter and have lodged a customer account in our system, we will combine these details. This way, we receive information about our customers and are able to analyse the efficiency of our marketing measures. We also combine the details in order to better align future marketing measures. The disclosure of data occurs on the basis of Art. 6 (1) S. 1 lit. f GDPR, whereby the purposes mentioned are to be regarded as legitimate interests in terms of this regulation.

f) Promotional use of existing customers’ email addresses

If we receive your email address in connection with the sale of tickets or other goods, we use the email address for the purpose of advertising our own similar offers. The legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR in conjunction with Section 7 Para. 3 German Unfair Competition Act (UWG), whereby the promotional use of existing customers can be regarded as legitimate interests within the meaning of this provision. You may object to the use of your email address for advertising purposes at any time without incurring any costs other than the transmission costs according to the basic rates. If there is no objection, we shall process your email address as long as it is necessary for the promotional use and we have a legitimate interest in this.

g) When registering for our events after an exclusive invitation

If you are invited to an event by e-mail and are referred to a form on our website to register, we process the following information when you use the form:

First Name
Surname
E-mail address and
Company

In addition there is an option of making additional comments available to us via a contact field. Compulsory details are denoted by *. We require your name and the details of your company to reserve an honorary ticket for you and to allocate the registration. The e-mail address is necessary to provide you with confirmation of the registration and contact you in the event of queries. If you make further comments available to us via the contact field provided in this context, such processing applies to process and allocate your enquiry.

In the case of using the form, at the time of the registration we additionally store the IP address and the time and date of the registration to prevent misuse of the form and guarantee the security of our information and technical systems.

Alternatively, you can register via the stated e-mail address. In such a case we shall process your personal data forwarded via the e-mail exclusively to reserve an honorary ticket and deal with potential further enquiries.

The data are processed in relation to your enquiry and based on Article 6(1), Sentence 1, Point f, GDPR. Our justified interests arise from the aforementioned purposes.

We shall delete the personal data forwarded as part of using the form or forwarded by you by e-mail as soon as such data are no longer required to achieve the purpose for which they are collected. Normally, this is the case if the event for which you have registered has been staged. The stored IP address and date and time of the registration shall be automatically deleted at the latest after 4 weeks.

h) When submitting an application

If you apply on your own initiative or for an open position, your applicant data will only be processed for the purpose of carrying out the application process. The legal basis for this is Section 26 Paragraph 1 Sentence 1 BDSG.

As part of an application process, we process the data that you provide to us. These are usually:

First and Last Name,
E-mail address, address and telephone number,
Personal data contained in your cover letter or résumé (qualifications, date of birth, etc.)

Information on marital status and other special categories of personal data are expressly not required for your application. The provision of the listed personal data is necessary for the application process, so that non-provisioning would mean that you cannot participate in the respective application process.

We store the data that we receive from you as a result of your application and during the application process for a period of up to three months after the application process has been completed. The application process is completed when the advertised position has been recruited or it has been decided that the position will not be recruited. This does not apply if you have expressly consented to longer storage in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. You can revoke your consent at any time for the future.

If there is an employment relationship, in accordance with Section 26 BDSG, we can process the personal data already received from you for the purposes of the employment relationship, insofar as this is necessary for the implementation or termination of the employment relationship.

i) When applying for the use of our rehearsal space
We process the following information when you use the form

First Name
Surname
E-mail-Address
Details about the project
Details about the intended duration of usage
The information whether you are registered with Kulturräume

In addition there is an option of making additional comments available to us via a contact field. Compulsory details are denoted by *. We require your name and the details of your company to allocate the enquiry. The e-mail address is necessary to provide you with confirmation of the enquiry and contact you in the event of queries. If you provide further details about the project and the intended duration, or make further comments available to us via the contact field provided in this context, such processing applies to process and allocate your enquiry.

The data are processed in relation to your enquiry and based on Article 6(1), Sentence 1, Point f, GDPR. Our justified interests arise from the aforementioned purposes.

We shall delete the personal data forwarded as part of using the form as soon as such data are no longer required to achieve the purpose for which they are collected. The stored IP address and date and time of the registration shall be automatically deleted at the latest after 4 weeks.

3. FORWARDING PERSONAL DATA TO THIRD PARTIES

a) Forwarding personal data to third parties

Apart from in the aforementioned cases involving processing by order (in particular ticket purchase), we shall only forward your personal data to third parties if:

You have expressly granted your consent in that respect in accordance with Article 6(1), Sentence 1, Point a, GDPR,;
This is necessary in accordance with Article 6(1), Sentence 1, letter b, GDPR, to execute a contract entered into with you, a) forwarding to mail order business enterprises for the purposes of supplying tickets, b) forwarding of payment data to payment service providers or banks to execute a payment transaction;

In the event that a statutory obligation applies to the forwarding in accordance with Article 6(1), Sentence 1, Point c, GDPR. The forwarded data may be used by third party exclusively for the stated purposes.

b) Forwarding personal data to third countries

Forwarding personal data to countries outside the European Economic Area (EEA) only occurs if the preconditions of Article 44 et seq., GDPR, are met.

A third nation or country (hereinafter third country) is described as a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country shall be deemed unsafe if the EU Commission has not issued an adequacy decision for such a country in accordance with Article 45(1) GDPR, confirming that appropriate protection is in place for personal data in that country.

The USA is a so-called unsafe third country. This means that in the USA a data protection level is not provided that would be comparable with that in the EU. The following risks apply in the case of forwarding personal data to the USA: The risk that US American authorities can gain access to the personal data as a result of the monitoring programmes PRISM and UPSTREAM based on Section 702 of FISA (Foreign Intelligence Surveillance Act) and based on the Executive Order 12333 or the Presidential Police Directive 28. EU citizens do not have any effective legal protection options in the USA or the EU against such access.

By way of this data protection information we are informing you when and how we forward personal data to the USA or to other unsafe third countries. We only forward your personal data if

Sufficient guarantees are provided by the recipient in accordance with Article 46, GDPR, in respect of the protection of the personal data,
You have expressly consented to the forwarding, after we have informed you of the risks, in accordance with Article 49(1), Point a, GDPR,
The forwarding is necessary to honour contractual obligations between you and us
Or another exception from Article 49, GDPR applies.

Guarantees in accordance with Article 46, GDPR, may be so-called standard contract clauses. In such standard contract clauses the recipient assures to adequately protect the data and therefore guarantee a level of protection comparable with GDPR.

4. COOKIES

On our site we use Cookies or similar functions such as Pixel Tags (hereinafter: “Cookies”). These are small files that your browser automatically creates and which are stored on your terminal (Laptop, Tablet, smartphone or the like) when you visit our site. Cookies do not cause any damage on your end device, do not contain any viruses, Trojans or other malware.

A Cookie contains information that arises in each case in conjunction with the specifically used device. However, this does not mean that as a result we directly obtain details about your identity.

Furthermore, cookies are set so that you can make use of our offer. Here we use so-called session cookies in order to see which individual pages of our website you have already visited, e.g. in order to enable a shopping cart function. The use of these cookies occurs on the basis of Section 25 (2) no. 2 TTDSG (German Telecommunications and Telemedia Data Protection Act). Using these cookies is absolutely necessary in order to offer you the requested service.

On the other hand, we use cookies and similar functions to statistically record the use of our website and in order to analyse how to optimise our offer for you (see Point 5). These cookies enable us to automatically see that you have already been here when you visit our page again. These cookies are automatically deleted after a specified period of time. We use these types of cookies on the basis of your express consent pursuant to Section 25 (1) TTDSG in conjunction with Art. 6 (1) sentence 1 a GDPR.

You can give and withdraw your consent via our cookie management tool.

For consent management, we use the services of Usercentrics GmbH, Sendlinger Strasse 7, 80331 Munich (hereinafter Usercentrics). With the help of Usercentrics, we can store and manage your consent preferences. For this purpose and at our behest, Usercentrics processes your consent preferences, your IP address, specific information about your browser and device and the time of your visit to our website. This information is stored in a cookie on your device. The assignment of Usercentrics occurs on the basis of our legitimate interests according to Art. 6 (1) f GDPR in conjunction with Section 25 (2) no. 2 TTDSG. We have an economic interest in managing your consent preferences as efficiently as possible. Your data is automatically deleted after one year.

5. GOOGLE TRACKING

a) Google Analytics

Based on your consent according to Art. 6 (1) sentence 1 a GDPR in conjunction with Section 25 (1) TTDSG, we use Google Analytics on our website, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (hereinafter “Google”). Withinn this context, pseudonymised user profiles are created and cookies (see Point 4) are used.The information created via the Cookie about your use of this website such as the

Browser type/version,
Used operating system,
Referrer URL (the previously visited site),
Hostname of the accessing computer (IP address),
Time of the server enquiry,

are forwarded to a Google server in the USA and stored there. We have entered into an order processing contract with Google in respect of the use of Google Analytics. By way of such a contract, Google assures that it processes the data in line with our instructions and guarantees protection of the data subject’s rights.

Use of Google Analytics is aimed at analysing and optimising our online services and the economic operation of this website. Therefore, Google processes the information by our order to evaluate the use of the website, to draw up reports on the website activities and to render additional services associated with the website use and internet use for the purposes of market research and organising internet website pages in line with requirements.

Where application this information may also be transmitted to third parties insofar as this is required by law or insofar as third parties process such data by order. Under no circumstances will your IP address be grouped together with other data of Google. The IP addresses are rendered anonymous to the extent that allocation is not possible (IP Masking). This means that the IP address of users is shortened by Google in EU Member States or in other countries of the EEA. Only in exceptional cases will the entire IP address be sent to a Google server in the USA and shortened there.

We do not use the advertising function and the Universal Analytics with User ID provided by Google.

The user data created via Cookies are automatically deleted after 14 months.

The information generated by Cookies placed by Google Analytics regarding your use of this website is transferred to a Google server in the USA and stored there. The forwarded data are merely data that have been rendered anonymous; drawing a conclusion about your name is not possible. Google bases the transmission on the Standard Data Protection Clauses approved by the EU. This way, it is guaranteed that a protection level comparable to that in the EU exists (see also Point 3b for data transfers to the USA). A copy of the Standard Data Protection Clauses is available to you here.

In addition we shall only forward your data if you expressly consent to the processing by Google. In such a case you consent, in the knowledge of the risks described in sub-section 3b, to the forwarding of your data to the USA in accordance with Article 49(1), Point a, GDPR.

You can use the Cookie Management Tool to withdraw your consent at any time for the future. You can find more information about data protection in conjunction with Google Analytics for example in the Google Analytics Support.

b) Google Analytics 4
We use Google Analytics 4 on our website, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”). Within this context, pseudonymised user profiles are created and cookies are used. The information about the use of our website generated by the cookie (e.g. IP address of the accessing computer, time of access, referrer URL as well as information about the browser and operating system being used) is generally transmitted to Google servers in the USA and processed there.

The use of Google Analytics occurs in the context of your consent pursuant to Art. 6 (1) sentence 1 a GDPR in conjunction with Section 25 (1) TTDSG) to analyse and optimise our online offer as well as to operate this website cost-effectively. Thus Google processes the information at our behest in order to analyse the use of the website for us, compile reports on the website’s activities as well as provide additional services connected to the use of the website and the internet for the purposes of market research and the need-based design of these internet pages. You can withdraw your consent for any future data collection at any time .

We have concluded an order processing contract with Google for the use of Google Analytics. With this contract, Google ensures that the data is processed in accordance with the General Data Protection Regulations and the rights of the data subject are guaranteed.

The IP address processed by Google Analytics is automatically truncated. This means that the last three digits of your IP address are replaced by a “0”, which prevents an allocation. It is possible that the collected data is transmitted to third parties should this be legally prescribed or if third parties process the data as commissioned. The user data gathered via cookies is automatically deleted after 14 months.

The information generated by cookies about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL as well as information about the browser and operating system used ) are transferred to a Google server in the USA and processed there. The USA is considered a so-called unsafe third country (see Point 3b for more information). For the transmission, Google refers to the Standard Data Protection Clauses approved by the EU Commission as a guarantee that a data protection level comparable to that of the EU is ensured. You can get a copy of the Standard Data Protection Clauses here. We only transfer data to Google based on your consent. If you agree to the processing by Google, you simultaneously agree that your data is transferred to the USA in accordance with Art. 49 (1) a GDPR.

You can withdraw or adapt your consent at any time for any future data collection. You can possibly find more information on data protection in connection with Google Analytics in Google Analytics Help. Information about how Google uses data is available in their Data Protection Declaration.

c) Google Ads Conversion Tracking and Remarketing

As a result of your consent in accordance with Article 6(1), Sentence 1, Point a, GDPR, we use Google Ads Conversion Tracking and the Remarketing Pixel of Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Irland (hereinafter: “Google”) on our website to statistically record the use of our website and for the purpose of optimising our services for you. The service enables us to arrange the advertising content in line with requirements, record it statistically and optimise and run it. We are dependent on such advertising content to guarantee the visibility of our services.

In that respect Google Ads places a Cookie on your computer provided you gained access to our website via a Google advertisement.

These Cookies are rendered invalid after 30 days. If a user visits certain pages of the website of the Adwords customer, and the Cookie has not yet expired, Google and the customer may determine that the user has clicked on the advertisement and was forwarded to that specific page.

The information generated by the Cookie regarding your use of this website is sent to and stored on a server operated by Google and located in the USA. We have entered into an order processing contract with Google AdWords in respect of the use of Google Analytics. By way of such a contract, Google assures that it processes the data in line with the General Data Protection Regulation and guarantees protection of the data subject’s rights.

Each Google Ads customer is provided with a different Cookie. Cookies can therefore not be traced via the websites of Google Ads customers. Information obtained by way of the Conversion Cookie is aimed at preparing conversion statistics for Google Ads customers who have decided in favour of Conversion Tracking. We are informed of the total number of users who have clicked on their advertisement and who were forwarded to a page equipped with a Conversion Tracking Tag. However, they are not provided with any information with which they can personally identify users.

In addition, based on your consent in accordance with Article 6(1), Sentence 1, Point a, GDPR, we use the Google Ads Remarketing Pixel that collects and evaluates information about your use of this website. This enables us to approach visitors on other websites with relevant content. According to Google, the data collected during the remarketing is not grouped together with personal data that Google may store. In addition, Google renders such data anonymous. Tags based on remarketing are stored for 30 days.

Information about the use of our website gathered by cookies set by Google Analytics are sent to servers in the USA and processed there. The data that is sent consists only of pseudonyms and can no longer be attributed to your name. Google bases the transmission on the Standard Data Protection Clauses approved by the EU. This way, it is ensured that there is a level of protection comparable to that of the EU (see also Point 3b regarding data transmissions to the USA). A copy of the Standard Data Protection Clauses is available here.

Furthermore, your data is only transmitted if you explicitly consent to it being processed by Google. In this case, being aware of the risks described in Point 3.b., you simultaneously consent to your data being transmitted to the USA according to Art. 49 (1) a. GDPR.

You can withdraw your consent for any future data collection at any time with the cookie management tool.

You can find Google’s data protection instructions regarding Conversion Tracking here.

d) Google AdManager

Based on your consent in accordance with Article 6(1), Sentence 1, Point a, GDPR, on this website we use Google Ad Manager of Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Irland (hereinafter: “Google”) to arrange the advertising content in line with requirements, record it statistically and optimise and run it. We are dependent on such advertising content to guarantee the visibility of our services. This also applies to the provision of advertising space on our website without which this website could not be operated economically.

Google Ad Manager uses Cookies to present advertisements on our website. The information stored in the Cookie may be recorded, collected and evaluated by Google or third parties. Furthermore, Ad Manager also uses Pixel Tags to collect information as a result of which information about visitors to our website is collected (e.g. browser, operating system, previously visited site, IP address and date/time). By using this, basic actions such as the visitor traffic on the website can be recorded, collected and evaluated.

The information created by the Cookie and/or Pixel Tags about how you use this website is transferred to a Google server in the USA and stored there. Google uses the information obtained in this manner to evaluate your use behaviour with regard to the advertisements placed via Ad Manager.

Where applicable, Google may also transfer this information to third parties insofar as this is required by law or is permitted or insofar as third parties process such data by order of Google.

The information generated by Cookies placed by Google Ad Manager regarding your use of our website is transferred to a Google server in the USA and stored there. Google bases the transmission to the USA on the Standard Data Protection Clauses approved by the EU. This guarantees that a level of protection is in place that is comparable with that in place in the EU (see also sub-section 3b for data transfers to the USA). A copy of the Standard Data Protection Clauses is available here.

You can use the Cookie Management Tool to withdraw your consent at any time for the future.You can find more information in the Google data protection notices.

e) Google Tag Manager

On our website, the Google Tag Manager tool from Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (hereinafter “Google”) is used based on our legitimate interest according to Art. 6 (1) sentence 1 f GDPR in conjunction with Section 25 (2) no. 2 TTDSG. With the Google Tag Manager we manage the tools that we are informing you about in this data protection declaration. This interest is considered legitimate in terms of the above described Regulation. Details about these tools are therefore available in the information pertaining to each individual tool.The tool triggers the release of other tags that in turn may gather data. Google Tag Manager does not access this data. If deactivation has been affected on the domain or cookie level, this will apply to all tracking tags that are set up with Google Tag Manager. The information about the use of our website provided by cookies set by the Tag Manager is transferred to our server and processed there. Only after you have consented to certain tags being set, will the data be transferred to the recipient. We have concluded an Order Processing Contract with Google over the use of Google Analytics. With this Contract, Google assures that the data is processed in accordance with GDPR and the rights of the data subject are guaranteed.

If there are appropriate declarations of consent, the data is transmitted to servers in the USA and processed there. The transferred data only consists of pseudonyms and can no longer be attributed to your name. Google bases the transmission on the Standard Data Protection Clauses approved by the EU. This way, it is ensured that there is a level of protection comparable to that of the EU (see also Point 3b regarding data transfers to the USA). A copy of the Standard Data Protection Clauses is available here.

f) Google Signals

As an extension function for Google products, we use Google Signals. With Google Signals, website data gathered by Google products is linked to information from your Google account provided you have chosen the option ”Ad Personlisation” in your account settings. With Google Signal, we can establish advertising target groups to which you are allocated based on the information from your Google account. Google Signals also makes it possible for us to recognise you across devices and show you personalised ads on different devices. In addition, information from your Google account is attached to the reports made available to us by Google. You can stop this by turning off the ”Ad Personalisation” option in your account settings.

We only receive personal data via Google Signals if you have activated this function in your Google account and you have given us your consent in accordance with Art. 6 (1) a. GDPR in conjunction with Section 25 (2) no. 2 TTDSG to use the aforementioned Google product. You can withdraw your consent at any time. You can customize your account settings here.

The information about the use of our website is transmitted to the USA and processed there. The USA is considered a so-called unsafe third country (see Point 3b for more information). For the transmission, Google refers to the Standard Data Protection Clauses approved by the EU Commission as a guarantee for ensuring a data protection level comparable to that of the EU. You can get a copy of the Standard Data Protection Clauses here. We only transfer data to Google based on your consent. If you agree to the processing by Google, you simultaneously agree that your data is transmitted to the USA in accordance with Art. 49 (1) a GDPR.

6. ADDITIONAL TRACKING TOOLS

The tracking and targeting measures stated below and adopted by us apply on the basis of Article 6(1), Sentence 1, Point a, GDPR as a result of your consent granted via the Cookie management tool. You can use the Cookie Management Tool to withdraw your consent at any time for the future.

By way of the adopted tracking measures we want to guarantee the organisation and ongoing optimisation of our website in line with requirements. On the other hand we adopt tracking measures to statistically record the use of our website and for the purpose of optimising our services for you.

By way of adopting targeting measures we want to guarantee that adverts will be displayed on your terminals that are geared towards your actual or assumed interests.

The respective data processing purposes and data categories are stated in the corresponding tracking and targeting tools.

a) Bing Ads

We use Bing Universal Event Tracking (UET) of Microsoft Bing Ads as a result of your consent in accordance with Article 6(1), Sentence 1, Point a, GDPR. This is a service of the Microsoft Corporation, 1 Microsoft Way, Redmond, WA 98052, USA (“Microsoft”). It enables us to track the activities of users on our website if they have gained access to our website via Bing Ads advertisements.

If you gain access to our website via a Bing Ads advertisement, a Cookie (see sub-section 4) is placed on your computer. A Bing UET Tag is integrated in our website. This is a Code by way of which in conjunction with the Cookie some non-personal data about the use of the website are stored. This includes the dwell time, the areas of the website that are viewed and the advertisement used by the users to gain access to the website. Information about your identity is not recorded.

This information is transferred to Microsoft servers in the USA and stored there as a matter of principle at most for 180 days. We have entered into an order processing contract with Microsoft in respect of the use of Bing Ads. By way of this contract, Microsoft assures that it processes the data in line with the General Data Protection Regulation and guarantees protection of the data subject’s rights.

The information generated by Cookies placed by Microsoft regarding your use of this website is transferred to a Microsoft server in the USA and stored there. The forwarded data are merely data that have been rendered anonymous, drawing a conclusion about your name is not possible. We have entered into a contract with Microsoft by way of incorporating the EU Standard Data Protection Clauses. This guarantees that a level of protection is in place that is comparable with that in place in the EU (see also sub-section 3b for data transfers to the USA).

In addition we shall only forward your data if you expressly consent to the processing by Microsoft. In such a case you consent, in the knowledge of the risks described in sub-section 3b, to the forwarding of your data to the USA in accordance with Article 49(1), Point a, GDPR.

You can use the Cookie Management Tool to withdraw your consent at any time for the future.

You can find more detailed information about the analysis services of Bing on the Bing website.

You can find more detailed information about the data protection in place at Microsoft in the Microsoft data protection provisions.

b) Meta Pixel with Meta Custom Audiences

As a result of your consent in accordance with Article 6(1), Sentence 1, Point a, GDPR, in conjunction with Section 25 (1) s. 2 TTDSG we use the Meta-Pixel by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (hereinafter: Meta) on our site. Meta Pixel is a JavaScript Code that facilitates the tracking of visitor activities on websites in which Pixel is used. Your IP address, browser information, initial and target site and referrer data inter alia are collected and recorded by way of Meta Pixel. Furthermore, the Pixel identifies the activities that are performed on the website such as the click behaviour.

You can find more information about the data protection in place at Facebook here.

(1) Meta-Pixel for quantifying solutions and analysis services

By way of Meta Pixel we can use quantifying solutions and analysis services to identify how you react to our advertisements on Facebook or Instagram for example if you click on a link in the advertisement that leads to our website. We therefore gain a better overview of how successful our campaigns on Facebook and Instagram are, and can continually optimise them. By way of Pixel we can also identify you as a visitor to our website. On the basis of this information, the advertisements we run on Facebook and Instagram are only displayed to Meta users who probably also have an interest in our services, either because they have visited our website in the past or because they have certain characteristics (e.g. interest in certain topics or products that are determined on the basis of the visited websites).

Pixel is loaded when you view our website or react to an advertisement we place on Facebook or Instagram for example because you click on a link to our site. In this context a Pixel ID list is drawn up and placed in a Cookie so that we receive evaluations of your user behaviour. The Pixel is not aimed at identifying you personally.

In this respect by order we have entered into an agreement on the processing. In that agreement Meta assures to process data and safeguard data subjects’ rights in line with the GDPR.

(2) Meta Custom Audience for target groups

Based on your consent, Article 6(1), Sentence 1, Point a, GDPR, we use Meta Custom Audience by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a company of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, hereinafter “Meta”. Meta Custom Audience enables us to gear advertising campaigns towards persons. A Meta Custom Audience Pixel Tag is integrated in our website. This is a JavaScript Code by way of which data, which have been rendered anonymous, on the use of the website are processed. This includes your IP address, the used browser and the initial and target site. By way of Meta Pixel we can identify how you react to our advertisements on Facebook for example if you click on a link in the advertisement that leads to our website. We therefore gain a better overview of how successful our campaigns on Meta are, and can continually optimise them. By way of the Pixel we also able to identify you as a visitor to our site to determine the target group for displaying advertisements. Accordingly we use Facebook Pixel to display the Ads we run on Facebook only to Facebook users who probably also have an interest in our services, either because they have visited our website in the past or because they have certain characteristics (e.g. interest in certain topics or products that are determined on the basis of the visited websites).

The information obtained on our pages is automatically compared by Meta using aCookie to determine whether or not you belong to the target group that is relevant to us. If you belong to the target group, you will be shown corresponding advertisements from us on Facebook and Instagram. During this process, neither we nor Meta will identify you personally by comparing the data.

We are jointly responsible with Meta Ireland for use of the Meta Custom Audience Pixel in accordance with Article 26, GDPR. We have entered into a contract on the joint responsibility to specify the respective responsibilities for honouring obligations resulting from GDPR. Accordingly, we are responsible for providing information to the users of our website, while Facebook is responsible for replying to enquiries about data subjects’ rights in accordance with Article 15 to Article 21, GDPR. However, as part of the joint responsibility you can, as a matter of principle, assert your data subject rights against any of the jointly responsible parties.

Meta bases the processing of data on the consent of Meta users in accordance with Article 6(1), Point a, GDPR, and the legitimate interests of Meta in accordance with Article 6(1), Point f, GDPR, to guarantee Meta advertisers accurate and reliable reports or accurate performance statistics. You can find more information about this in Meta’s data protection information, or here. You can contact Facebook’s data protection officer here.

With regard to data transfers by Meta Ireland to the US or other unsafe third countries (see sub-section 3f), Meta relies on Standard Data Protection Clauses approved by the European Commission. We only transfer data to Facebook if you have granted your prior consent.

You may object to the use of the Custom Audiences service on the Meta website. After logging in to your Facebook or Instagram account, you will be taken to the Facebook or Instagram advertisement settings.

c) TikTok Pixel

On our website, we use the TikTok Pixel, an analysation service of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter referred to as “TikTok”). With the aid of the information created by the Pixel (which ad was clicked; source and destination pages; the time the ad was accessed; IP address; user agent information such as operating system, brand, model and browser information; and hashed email addresses), we are able to better understand and follow actions you execute on our website. Specifically, we can measure our campaign performance and establish user-defined and look-alike target groups based on the Pixel. In addition, it assists us in the optimisation of the advertising placements on our website. The Pixel uses two types of cookies: first party cookies and third party cookies. First party cookies are established by us and provided on our website. Third party cookies are established, made available and managed by TikTok. The purpose of the cookies is to design the collection of information more accurate and precise and to support the Pixel in its functionality.

The utilisation of these cookies and the Pixel is based on your consent according to Article 6 (1) sentence 1 lit a GDPR (General Data Protection Regulations) in connection with Section 25 (1) sentence 1 TTDSG (Telecommunication – Tele Media Data Protection Act). You can revoke your consent at any time with the Consent Management Tool. The user data collected via the cookies are erased automatically after 13 months.The data collected by the TikTok Pixel and the third party cookie are used by TikTok for the purpose of (i) the collection and transmission of developer data and/or event data, (ii) measuring and insight reporting, (iii) establishing target groups or optimisation of advertising, (iv) security, protection, fraud prevention and (v) contact data reconciliation. In the process, TikTok transfers personal data to TikTok servers located outside of the European economic area. TikTok bases the transmission on Standard Data Protection Clauses according to Article 46 (2). lit. c in connection with Article 93 (2) GDPR. Further information on data protection at TikTok is available at Data protection regulations; Business data terms and Standard Data Protection Clauses of TikTok (Annexure I – II).

With regard to the collection and processing of measurement and insight data via the terminal device you use to access our website, there is joint responsibility between us and TikTok Ireland pursuant to Article 26 DSGVO. You can follow the distribution of duties here. All other personal data is subject to independent accountability.

d) Pinterest Pixel

On this website, we use the Pinterest Pixel (also called “Pinterest Tag”) from Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (hereinafter ”Pinterest“). A Printerest pixel is a JavaScript code which makes it possible to track how visitors engage with websites on which a pixel has been installed and create target groups for ads on Printerest.With the Printerest pixel, the IP address, browser and device information, the source page and landing page and referrer data among others are gathered and stored.

We set up the pixel based on your consent according to Art. 6 (1) a. GDPR in conjunction with Section 25 (2) no. 2 TTDSG. You can withdraw your consent at any time. A direct connection to the Prnterest servers is established via the Pinterest pixel. Information with regard to the use of our website is transferred to Pinterst and a Pixel-ID created and stored in a cookie. The information is automatically correlated by Pinterest and can be added or matched to your user profile and connected to already existing information.

If you were active on Pinterest beforehand or are forwarded to our website by clicking on one of the ads placed on Pinterest by us or on a Pinterest pin on our website, we are able to recognise you as a visitor to our website with the help of the Pinterest pixel, evaluate your visitor behaviour from predefined actions (so-called ”Events”) and identify the effectiveness and success of the ads placed and pins posted by us on Pinterest using the measuring solutions and analysis services made available by Pinterest. This gives us a better overview of how successful our campaigns and pins on Pinterest are and enables us to constantly optimise these.

With the pixel, we can also create target groups for advertisements. This means that we can show the ads placed by us on Pinterest specifically to the Pinterest users that are probably interested in our offers because they either visited our website before or display certain characteristics (e.g. an interest in certain topics or products that are determined by the websites they visit and their general activity). Furthermore, building on these target groups, we can create additional cross reference target groups for ads, which are made up of Pinterest users with similar or comparable interests (as those of the users from the original target group).

This data and information do not allow us to identify individual users. The data and information are made available to us by Pinterest, within the context of using the functions described, merely in an anonymous and statistically processed form.

We store the data and information gathered via the pixel for 100 days. Other than that, we delete personal data as soon as the purpose for processing has been fulfilled or no longer applies.

Pinterest transmits information about the use of our website to servers in the USA and processes it there. There are no adequacy decisions according to Art. 45 (1) GDPR for the USA. Therefore, the USA does not offer a data protection level comparable to the EU, which means the USA is considered an unsafe third country. Pinterest bases the transmission of personal data to the USA on the EU Standard Data Protection Clauses according to Art. 46 (3) c GDPR in order to ensure a protection level comparable to that in the EU.

More information on the way Pinterest processes data as well as on your rights and options to protect your private sphere in this regard is available at https://policy.pinterest.com/de/privacy-policy. You can contact the data protection officer here.

In your Pinterest account, you can adjust the personalisation settings for personalised ads and promotions in or outside of Pinterest at any time as well as deactivate and activate the use of your activities for reporting with regard to the performance of ads. Corresponding deactivation options for promotions and ads when using a mobile device are accessible in the system settings of the device being used (usually under “Data protection”).

e) QR Code Generator

We use what are known as QR codes notably in our offers, advertisements, posters, in-house signage, invitations and menus as well as on our social media channels and our website. These are bar codes that can be used to store information, e.g. in the form of a URL that redirects you to our website or one of our product pages.

So that we can provide these, we use the QR Code Generator service provided by Bitly Europe GmbH, Am Lenkwerk 13, 33609 Bielefeld (hereinafter: “Bitly” or “QR Code Generator”). When you scan one of our QR codes created using the QR Code Generator via your end device, certain personal data is collected from you, such as your location, the exact time and date of your request and the operating system used on your end device. The use of QR codes makes it easier to access certain pages/content or link them. Analysing personal data helps us to draw conclusions about the success of certain campaigns, the frequency of the use of advertisements or other publications. This allows us to make our marketing and communication materials more attractive and interactive.

We process the data collected in this way on the basis of our legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR in being able to focus our services towards interests and target groups and to provide you with certain services relating to our products and services. We have concluded a processing contract with Bitly (https://www.qr-code-generator.com/company/terms/). In this contract, Bitly provides assurances that your data will be processed in accordance with the General Data Protection Regulation. We delete your data as soon as we no longer need it for the indicated purposes.

7. VIMEO

On this website we use Vimeo Plugins to integrate videos from the Vimeo internet video portal of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. The integration is based on Article 6(1), Sentence 1, Point a, GDPR, whereby we have an interest in the smooth integration of our Vimeo videos.

Every time a page of this website is viewed that provides one or more Vimeo video clips, a direct link is established between your browser and a Vimeo server in the USA. In that respect the information that you have used your IP address to visit the page is forwarded by your browser directly to the Vimeo server and stored there. By way of interaction with the Vimeo plug-ins (e.g. clicking, start.) the information created by way of the interaction is forwarded to Vimeo and stored there.

If you have a Vimeo user account and do not want Vimeo to collect data about you while you are visiting our website and combine such data with your membership data stored by Vimeo, then you must log out of Vimeo before visiting this website.

The information generated by Vimeo regarding the use of our website is sent to and stored on a server operated by Vimeo and located in the USA. The forwarded data are merely data that have been rendered anonymous; drawing a conclusion about your name is not possible. We have entered into a contract with Vimeo by way of incorporating the EU Standard Data Protection Clauses. This guarantees that a level of protection is in place that is comparable with that in place in the EU (see also sub-section 3b for data transfers to the USA).

You can find Vimeo’s Data Protection Policy, which contains more detailed information about the collection and use of your data by Vimeo, your rights in this respect and the settings options in respect of protecting your privacy at http://vimeo.com/privacy.

8. YOUTUBE

We post YouTube videos on our website. YouTube is a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”). Implementation occurs on the basis of your consent according to Art. 6 (1) sentence 1 a GDPR in conjunction with Section 25 (2) no. 2 TTDSG. Here we use the option “expanded data protection mode” made available by YouTube.

When you call up a page that contains an imbedded video, a connection to the YouTube servers is established and the contents is displayed on the internet page through a message sent to your browser. In addition, YouTube stores cookies on your computer.

According to the information from YouTube, when you opt for the “expanded data protection mode”, your data – especially which websites you have visited as well as device-specific information including the IP address – is only sent to the YouTube server in the USA if you watch the video. By clicking on the video, you consent to this transmission.

If you are logged into YouTube at the same time, this information is allocated to your YouTube membership account. You can prevent this by logging out of your membership account before visiting our website.

The data is transmitted to servers belonging to Google in the USA. The USA is considered a so-called unsafe third country. This means that the USA does not ensure a data protection level comparable to that of the EU. Google bases the transmission to the USA on the Standard Data Protection Clauses approved by the EU Commission. A copy of the Standard Data Protection Clauses is available here.

Additional information on data protection in connection with YouTube is available here.

9. DATA SECURITY

All data personally forwarded by you shall be encrypted when transmitted using the general TLS (Transport Layer Security) standard that is customary and secure. TLS is a safe and tried and tested standard which, for example, is also used in online banking. You can identify a secure TLS connection inter alia by the added s in the http (i.e. https://..) in the address section of your browser or by the lock system in the lower area of your browser.

In other respects we make use of suitable technical and organisational safety measures to protect your data against accidental or intentional manipulation, partial or complete loss or destruction or against unauthorised third party access. Our security measures are constantly improved in line with technological developments.

10. DATA SUBJECTS’ RIGHTS

In accordance with Article 7(3) GDPR you have the right

At any time to withdraw your consent previously granted to us. This means that with effect for the future we may no longer continue the data processing based on such consent;

In accordance with Article 15, GDPR, request information about your personal data we process. You may, in particular, request information about the processing purposes; the category of the personal data; the categories of recipients to whom your data were or shall be disclosed; the planned storage period; the existence of a right to rectification, erasure, restriction of processing or objection; the existence of a right to complain; the origin of your data provided such data were not collected by us, and the existence of automated decision-making including profiling and, where applicable, significant information the profiling details;

In accordance with Article 16, GDPR, request the rectification without undue delay of your personal data that are inaccurate;

In accordance with Article 17, GDPR, request the deletion of your personal data we are storing provided the processing is not required to exercise a right to freedom of expression and to information to honour a legal obligation for reasons of public interest or for the establishment, exercise or defence of legal claims;

In accordance with Article 18, GDPR, request restriction of the processing of your personal data provided you dispute the accuracy of the data, the processing is unlawful but, however, you reject the deletion of such data and we no longer require such data but, however, you require such data for the establishment, exercise or defence of legal claims or in accordance with Article 21, GDPR, you have raised an objection to the processing;

In accordance with Article 20, GDPR, to receive your personal data, which you have made available to us, in a structured, commonly used and machine-readable format, or request the transmission of such data to another controller, and

In accordance with Article 77, GDPR, lodge a complaint with a supervisory authority. Normally in this respect you may contact the supervisory authority of your customary place of residence or workplace or the registered office of our company.

Information about your right to object in accordance with Article 21, GDPR

You have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6(1), Point e, GDPR (data processing in the public interest) and Article 6(1), Point f, GDPR (data processing based on weighing up interests). This also applies to profiling based on this provision of Article 4, No. 4, GDPR.

If you make an objection, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where your objection is geared towards the processing of data for the purposes of direct advertising, we shall stop the processing without delay. In such a case stating a particular situation shall not be required. This also applies to profiling provided it is associated with such direct advertising.

If you would like to make use of your right to object, sending an e-mail to team@datenschutz-hannover.de will suffice.

11. UP TO DATE NATURE OF AND AMENDING THE DATA PROTECTION INFORMATION

This data protection information is currently valid and was compiled in July 2023.

Amending this data protection information may be necessary as a result of the further development of this website and the services rendered via this website or as a result of amended legal or official requirements. You can view and print the respective, current, data protection information on this website at any time at

https://chamaeleonberlin.com/en/privacy-policy