Privacy Policy

Privacy policy

As of November 2020

Our company,

Chamäleon Berlin GmbH
Rosenthaler Str. 40/41
D-10178 Berlin

is the operator of this website. It renders the services available via this website and is, therefore, responsible for collecting, processing and using personal data.

As part of using this website, in the capacity of controller we process your personal data and store such data for the period that is necessary to honour the specified purposes and statutory obligations. Below we are informing you about the data in question, the manner in which such data are processed and the rights you have in that respect.

In accordance with Article 4., No. 1, General Data Protection Regulation (GDPR), personal data are any information relating to an identified or identifiable natural person.

1. NAME AND CONTACT DETAILS OF THE COMPANY DATA PROTECTION OFFICER

We have appointed Mr Herbert Neemann as the company data protection officer. His contact details are below

List + Lohr Datenschutz und Informationssicherheit GmbH
Garvensstraße 4
D-30519 Hanover
Tel.: +49 511 / 49 99 99 600

E-mail: team@datenschutz-hannover.de

You may contact our data protection officer directly at any time should you have any questions about data protection law or your rights as a data subject.

2. PROCESSING PERSONAL DATA AND PROCESSING PURPPOSES
a) Visiting the website
You can view our website without having to disclose your identity. The browser installed on your terminal merely sends information automatically to our website server (e.g. browser type and version, data and time of access) to facilitate establishing a connection to the website. This includes the IP address of your terminal making the enquiry. This is stored temporarily in a so-called log file and automatically deleted after 4 weeks.

Your IP address is processed for technical and administrative purposes involving the establishment and stability of a connection, to guarantee the security and working order of our website and track potential attacks on our website where necessary.

Article 6(1), Sentence 1, Point f, GDPR, forms the legal basis for the processing of your IP address. Our justified interest arises from the stated security interest and the necessity of making our website available without interruptions.

We are not able to draw any direct conclusions about your identity as a result of processing your IP address or on the basis of other information in the log file.

Furthermore, when our website is visited we place Cookies and perform analysis services. For more detailed information in that respect please see sub-section 4 and 5 of this data protection information.

b) Visiting our website as a registered user
When you use our website as a registered user, we collect data for statistical reasons and to facilitate the good working order of the website.
The following data are, in particular, collected:

  • The type, frequency and intensity of use of the website
  • The purchase frequency
  • The shopping basket

Article 6(1), Sentence 1, Point f, GDPR, forms the legal basis for the processing. Our justified interest arises from the necessity of optimising our website and facilitating a pleasant internet surfing experience.

c) Ticket orders via our website
Tickets are sold via our website with the support of our ticketing partner, which collects your data based on our order to the extent that we can process and settle your ticket order:

CTS EVENTIM AG & Co. KGaA (EVENTIM)
Contrescarpe 75 A, D-28195 Bremen

Eventim collects your data set out below and stores such data based on our order in the case of purchasing a ticket via our website:

  • Form of address
  • First Name
  • Surname
  • Address
  • Telephone
  • E-mail
  • Additional data entered voluntarily by you.

Your personal data are used for the purpose of entering into and processing the contractual relationship with you. Your name and address are required to gain knowledge of who our contracting party is, i.e. for whom we are rendering services and contacting you directly and personally by way of potential correspondence. Where applicable, we also use your e-mail address to make information about an event available to you directly prior to and during your visit. Your contact details are required to send the ticket to you and with regard to potential queries or notices.

You can also find more information about your personal data collected by Eventim at http://www.eventim.de/tickets.html?doc=info/dataProtection

Article. 6(1), Sentence1, Point b, GDPR, forms the legal basis for the processing.

With regard to the payment service provider we use the services of

TeleCash GmbH & Co. KG
Konrad-Adenauer-Allee 1, D-61118 Bad Vilbel

Your details regarding the respective payment method are required to settle amounts with you. You can also find more information about your personal data collected by Eventim at http://www.eventim.de/tickets.html?doc=info/dataProtection.

Article 6(1), Sentence 1, Point b, GDPR forms the basis for the processing of such data in respect of the payment processing and Artie 6(1), Sentence 1, Point f, GDPR applies in respect of incorporating TeleCash. Secure payment processing constitutes our justified interest.

The personal data we collect for the order are stored up until expiry of the statutory warranty obligation (2 years, Section 438(1), No. 3, BGB (German Civil Code)) and thereafter automatically deleted unless we undertake to store data for a longer period in accordance with Article 6(1), Sentence 1, Point c, GDPR, as a result of tax storage and documentation obligations (in particular Section 147 AO (German Tax Code)). For this period (normally ten years from the time of entering into a contract), the data are processed again solely in the event of a review by the finance authorities. In other respects the data are blocked fur further-reaching processing.

d) Advertising purposes by post following a ticket purchase
Where applicable we also use the postal address stated by you when purchasing a ticket via our website or purchasing a ticket by telephone after your event visit to send information to you about future events by post. Your personal data are processed to safeguard our interests (Article 6(1), Sentence 1, Point f, GDPR). The sending of advertising in the form of programmes booklets once a year, unless you have already attended an event at our company on a single occasion, constitutes our justified interests in data processing. These are to be considered justified and necessary within the meaning of the aforementioned requirement. You have the right to object at any time to the use of your data for advertising purposes (see paragraph 9).

Personal data for advertising purposes are stored until you object to use of such data for advertising purposes, at most however for 36 months, unless this conflicts with a statutory storage obligation.

e) Registering for our Newsletter
Where you have expressly granted your consent, we shall use your e-mail address to send you our Newsletter on a regular basis. Article 6(1), Sentence 1, Point a, GDPR, forms the legal basis in this respect.

Following your registration you will receive registration notification by e-mail, which you need to confirm to receive the Newsletter (so-called Double Opt-In). This provides us with proof that the registration was actually initiated by you.

You may unsubscribe at any time, e.g. via a link at the end of each Newsletter. Alternatively, you can send your request to be unsubscribed at any time to newsletter@chamaeleonberlin.de . Following the withdrawal of your consent to the sending of your Newsletter your e-mail address will be deleted without delay provided we are not entitled to continue to store your e-mail address as a result of other legal bases.

We send our Newsletter by way of the MailChimp service from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (“MailChimp”). The e-mail addresses of our Newsletter recipients are stored by our order on the MailChimp servers in the USA.

MailChimp uses this information to send and evaluate the Newsletter by our order. To that end we have entered into an order processing contract with MailChimp. By way of such a contract, MailChimp assures that it processes the data in line with the General Data Protection Regulation and guarantees protection of the data subject’s rights.

MailChimp assures that personal data are comprehensively protected against unauthorised access. MailChimp itself does not use the data of our Newsletter recipients to write to these and does not forward such data to third parties.

MailChimp also provides statistical evaluation options of the data that are used by way of Cookies such as determining whether or not a Newsletter has been opened, when it was opened and the links that are clicked on. The evaluations are also aimed at identifying users’ reading behaviour and enables us to adjust our content or send various content in line with the interests of our users. To that end the date, time, time zone, e-mail type (HTML/Plain Text), latitude and longitude of your location and your IP address are stored when the Newsletter is opened. Article 6(1), Sentence 1, Point f, GDPR, forms the legal basis for the data processing and constitutes our interest in the statistical evaluation of the use of our Newsletter.

f) When registering for our events after an exclusive invitation
Where you are invited by e-mail to an event, and are referred to a form on our website for registration, when the form is used we process the following details:

  • First Name
  • Surname
  • E-mail address and
  • Company

In addition there is an option of making additional comments available to us via a contact field. Compulsory details are denoted by *. We require your name and the details of your company to reserve an honorary ticket for you and to allocate the registration. The e-mail address is necessary to provide you with confirmation of the registration and contact you in the event of queries. If you make further comments available to us via the contact field provided in this context, such processing applies to process and allocate your enquiry.

In the case of using the form, at the time of the registration we additionally store the IP address and the time and date of the registration to prevent misuse of the form and guarantee the security of our information and technical systems.

Alternatively, you can register via the stated e-mail address. In such a case we shall process your personal data forwarded via the e-mail exclusively to reserve an honorary ticket and deal with potential further enquiries.

The data are processed in relation to your enquiry and based on Article 6(1), Sentence 1, Point f, GDPR. Our justified interests arise from the aforementioned purposes.

We shall delete the personal data forwarded as part of using the form or forwarded by you by e-mail as soon as such data are no longer required to achieve the purpose for which they are collected. Normally, this is the case if the event for which you have registered has been staged. The stored IP address and date and time of the registration shall be automatically deleted at the latest after 4 weeks.

3. Forwarding personal data to third parties
a) Forwarding personal data to third parties

Apart from in the aforementioned cases involving processing by order (in particular ticket purchase), we shall only forward your personal data to third parties if:

  • You have expressly granted your consent in that respect in accordance with Article 6(1), Sentence 1, Point a, GDPR,;
  • This is necessary in accordance with Article 6(1), Sentence 1, letter b, GDPR, to execute a contract entered into with you, a) forwarding to mail order business enterprises for the purposes of supplying tickets, b) forwarding of payment data to payment service providers or banks to execute a payment transaction;

In the event that a statutory obligation applies to the forwarding in accordance with Article 6(1), Sentence 1, Point c, GDPR. The forwarded data may be used by third party exclusively for the stated purposes.

b) Forwarding personal data to third countries
Forwarding personal data to countries outside the European Economic Area (EEA) only occurs if the preconditions of Article 44 et seq., GDPR, are met.

A third nation or country (hereinafter third country) is described as a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country shall be deemed unsafe if the EU Commission has not issued an adequacy decision for such a country in accordance with Article 45(1) GDPR, confirming that appropriate protection is in place for personal data in that country.

The USA is a so-called unsafe third country. This means that in the USA a data protection level is not provided that would be comparable with that in the EU. The following risks apply in the case of forwarding personal data to the USA: The risk that US American authorities can gain access to the personal data as a result of the monitoring programmes PRISM and UPSTREAM based on Section 702 of FISA (Foreign Intelligence Surveillance Act) and based on the Executive Order 12333 or the Presidential Police Directive 28. EU citizens do not have any effective legal protection options in the USA or the EU against such access.

By way of this data protection information we are informing you when and how we forward personal data to the USA or to other unsafe third countries. We only forward your personal data if

  • Sufficient guarantees are provided by the recipient in accordance with Article 46, GDPR, in respect of the protection of the personal data,
  • You have expressly consented to the forwarding, after we have informed you of the risks, in accordance with Article 49(1), Point a, GDPR,
  • The forwarding is necessary to honour contractual obligations between you and us
  • Or another exception from Article 49, GDPR applies.

Guarantees in accordance with Article 46, GDPR, may be so-called standard contract clauses. In such standard contract clauses the recipient assures to adequately protect the data and therefore guarantee a level of protection comparable with GDPR.

4. Cookies
On our site we use Cookies or similar functions such as Pixel Tags. These are small files that your browser automatically creates and which are stored on your terminal (Laptop, Tablet, smartphone or the like) when you visit our site. Cookies do not cause any damage on your terminal, do not contain any viruses, Trojans or other malware.

A Cookie contains information that arises in each case in conjunction with the specifically used terminal. However, this does not mean that as a result we directly obtain details about your identity.

On the one hand the use of Cookies is aimed at making the use of our service more pleasant for you. For example we use Session Cookies to identify that you have already visited certain pages on our website, e.g. facilitate a shopping basket function.

Furthermore, we similarly use Temporary Cookies, which are stored on your terminal for a certain specified period, to optimise user-friendliness. When you return to our website to make use of our services, your personal data enable the system to identify that you have visited our site in the past and the details you have entered and settings placed to avoid having to enter them repeatedly.

On the other hand we use Cookies and similar functions to statistically record the use of our website and for the purpose of optimising our services for you (see sub-section 5). When you return to our website, these Cookies enable us to automatically identify that you have visited our website in the past. These Cookies are automatically deleted following a respectively defined period.

The data processed via Cookies are required for the stated purposes to safeguard our justified interests and those of third parties in accordance with Article 6(1), Sentence 1, Point f, GDPR.

On the other hand provided you have expressly granted your consent when viewing our website via our Cookie management tool, we use Cookies and Pixel Tags based on your consent. We process the data collected via Cookies in accordance with Article 6(1), Sentence 1, Point a, GDPR to statistically record the use of our website and for the purpose of optimising our services (see sub-sections 5 et seq.). These Cookies and Pixel Tags are automatically deleted following a respectively defined period. You can use the Cookie Management Tool to withdraw your consent at any time for the future.

5. Google Tracking
a) Google Analytics
On our website we use Google Analytics based on your consent in accordance with Article 6(1), Sentence 1, Point a, GDPR, a web analysis service of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”). In this context use profiles rendered anonymous are created Cookies (see sub-section 4) are used.

The information created via the Cookie about your use of this website such as the

  • Browser type/version,
  • Used operating system,
  • Referrer URL (the previously visited site),
  • Hostname of the accessing computer (IP address),
  • Time of the server enquiry,

are forwarded to a Google server in the USA and stored there. We have entered into an order processing contract with Google in respect of the use of Google Analytics. By way of such a contract, Google assures that it processes the data in line with our instructions and guarantees protection of the data subject’s rights.

Use of Google Analytics is aimed at analysing and optimising our online services and the economic operation of this website. Therefore, Google processes the information by our order to evaluate the use of the website, to draw up reports on the website activities and to render additional services associated with the website use and internet use for the purposes of market research and organising internet website pages in line with requirements.

Where application this information may also be transmitted to third parties insofar as this is required by law or insofar as third parties process such data by order. Under no circumstances will your IP address be grouped together with other data of Google. The IP addresses are rendered anonymous to the extent that allocation is not possible (IP Masking). This means that the IP address of users is shortened by Google in EU Member States or in other countries of the EEA. Only in exceptional cases will the entire IP address be sent to a Google server in the USA and shortened there.

We do not use the advertising function and the Universal Analytics with User ID provided by Google.

The user data created via Cookies are automatically deleted after 26 months.

The information generated by Cookies placed by Google Analytics regarding your use of this website is transferred to a Google server in the USA and stored there. The forwarded data are merely data that have been rendered anonymous; drawing a conclusion about your name is not possible. We have entered into a contract with Google by way of incorporating the EU standard contract clauses. This guarantees that a level of protection is in place that is comparable with that in place in the EU (see also sub-section 3b for data transfers to the USA).

In addition we shall only forward your data if you expressly consent to the processing by Google. In such a case you consent, in the knowledge of the risks described in sub-section 3b, to the forwarding of your data to the USA in accordance with Article 49(1), Point a, GDPR.

You can use the Cookie Management Tool to withdraw your consent at any time for the future. You can find more information about data protection in conjunction with Google Analytics for example in the Google Analytics Support.

b) Google Ads Conversion Tracking and Remarketing
As a result of your consent in accordance with Article 6(1), Sentence 1, Point a, GDPR, we use Google Ads Conversion Tracking and the Remarketing Pixel of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”) on our website to statistically record the use of our website and for the purpose of optimising our services for you. The service enables us to arrange the advertising content in line with requirements, record it statistically and optimise and run it. We are dependent on such advertising content to guarantee the visibility of our services.

In that respect Google Ads places a Cookie on your computer provided you gained access to our website via a Google advertisement.

These Cookies are rendered invalid after 30 days. If a user visits certain pages of the website of the Adwords customer, and the Cookie has not yet expired, Google and the customer may determine that the user has clicked on the advertisement and was forwarded to that specific page.

The information generated by the Cookie regarding your use of this website is sent to and stored on a server operated by Google and located in the USA. We have entered into an order processing contract with Google AdWords in respect of the use of Google Analytics. By way of such a contract, Google assures that it processes the data in line with the General Data Protection Regulation and guarantees protection of the data subject’s rights.

Each Google Ads customer is provided with a different Cookie. Cookies can therefore not be traced via the websites of Google Ads customers. Information obtained by way of the Conversion Cookie is aimed at preparing conversion statistics for Google Ads customers who have decided in favour of Conversion Tracking. We are informed of the total number of users who have clicked on their advertisement and who were forwarded to a page equipped with a Conversion Tracking Tag. However, they are not provided with any information with which they can personally identify users.

In addition, based on your consent in accordance with Article 6(1), Sentence 1, Point a, GDPR, we use the Google Ads Remarketing Pixel that collects and evaluates information about your use of this website. This enables us to approach visitors on other websites with relevant content. According to Google, the data collected during the remarketing is not grouped together with personal data that Google may store. In addition, Google renders such data anonymous. Tags based on remarketing are stored for 30 days.

The information generated by Cookies placed by Google Ads regarding your use of this website is transferred to a Google server in the USA and stored there. We have entered into a contract with Google by way of incorporating the EU standard contract clauses. This guarantees that a level of protection is in place that is comparable with that in place in the EU (see also sub-section 3b for data transfers to the USA).

In addition we shall only forward your data if you expressly consent to the processing by Google. In such a case you consent, in the knowledge of the risks described in sub-section 3b, to the forwarding of your data to the USA in accordance with Article 49(1), Point a, GDPR.

You can use the Cookie Management Tool to withdraw your consent at any time for the future.

You can find Google’s data protection instructions regarding Conversion Tracking here.

c) Google AdManager
On our website we use Google Analytics Based on your consent in accordance with Article 6(1), Sentence 1, Point a, GDPR, on this website we use Google Ad Manager of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”) to arrange the advertising content in line with requirements, record it statistically and optimise and run it. We are dependent on such advertising content to guarantee the visibility of our services. This also applies to the provision of advertising space on our website without which this website could not be operated economically.

Google Ad Manager uses Cookies to present advertisements on our website. The information stored in the Cookie may be recorded, collected and evaluated by Google or third parties. Furthermore, Ad Manager also uses Pixel Tags to collect information as a result of which information about visitors to our website is collected (e.g. browser, operating system, previously visited site, IP address and date/time). By using this, basic actions such as the visitor traffic on the website can be recorded, collected and evaluated.

The information created by the Cookie and/or Pixel Tags about how you use this website is transferred to a Google server in the USA and stored there. Google uses the information obtained in this manner to evaluate your use behaviour with regard to the advertisements placed via Ad Manager.

Where applicable, Google may also transfer this information to third parties insofar as this is required by law or is permitted or insofar as third parties process such data by order of Google.

The information generated by Cookies placed by Google Ad Manager regarding your use of our website is transferred to a Google server in the USA and stored there. We have entered into a contract with Google by way of incorporating the EU standard contract clauses. This guarantees that a level of protection is in place that is comparable with that in place in the EU (see also sub-section 3b for data transfers to the USA).

In addition we shall only forward your data if you expressly consent to the processing by Google. In such a case you consent, in the knowledge of the risks described in sub-section 3b, to the forwarding of your data to the USA in accordance with Article 49(1), Point a, GDPR.

You can use the Cookie Management Tool to withdraw your consent at any time for the future.

If you do not wish to take part in the tracking procedure, you can similarly prevent the storage of Cookies on your hard drive and the display of Pixel Tag by clicking here. You can also deactivate personalised advertising by Google here. You can find more information in the Google data protection notices.

d) Google Tag Manager
The Google Tag Manager tool of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”) is used on our website as a result of our justified interest in accordance with Article 6(1), Sentence 1, Point f, GDPR. By way of Google Tag Manager we administer the tools by way of which we provide information in this Data Protection Policy. This interest is considered justified within the meaning of the aforementioned requirement. For details of this tool please therefore see the information regarding the specific tool.

The Tool Tag Manager itself (that implements the Tags) is a Cookie-free Domain. The tool ensures the triggering of other tags that may, under some circumstances, collect data. Google Tag Manager does not access this data. If a deactivation is processed on either domain or cookie level, then this remains valid for all tracking tags that have been implemented with Google Tag Manager.

The information generated by Cookies placed by Tag Manager regarding your use of this website is transferred to a Google server in the USA and stored there. The forwarded data are merely data that have been rendered anonymous; drawing a conclusion about your name is not possible. We have entered into a contract with Google by way of incorporating the EU standard contract clauses. This guarantees that a level of protection is in place that is comparable with that in place in the EU (see also sub-section 3b for data transfers to the USA). You can find more information about the Google Tag Manager in the use guidelines for this Product.

6. Additional Tracking Tools
The tracking and targeting measures stated below and adopted by us apply on the basis of Article 6(1), Sentence 1, Point a, GDPR as a result of your consent granted via the Cookie management tool. You can use the Cookie Management Tool to withdraw your consent at any time for the future.

By way of the adopted tracking measures we want to guarantee the organisation and ongoing optimisation of our website in line with requirements. On the other hand we adopt tracking measures to statistically record the use of our website and for the purpose of optimising our services for you.

By way of adopting targeting measures we want to guarantee that adverts will be displayed on your terminals that are geared towards your actual or assumed interests.

The respective data processing purposes and data categories are stated in the corresponding tracking and targeting tools.

a) Bing Ads
We use Bing Universal Event Tracking (UET) of Microsoft Bing Ads as a result of your consent in accordance with Article 6(1), Sentence 1, Point a, GDPR. This is a service of the Microsoft Corporation, 1 Microsoft Way, Redmond, WA 98052, USA (“Microsoft”). It enables us to track the activities of users on our website if they have gained access to our website via Bing Ads advertisements.

If you gain access to our website via a Bing Ads advertisement, a Cookie (see sub-section 4) is placed on your computer. A Bing UET Tag is integrated in our website. This is a Code by way of which in conjunction with the Cookie some non-personal data about the use of the website are stored. This includes the dwell time, the areas of the website that are viewed and the advertisement used by the users to gain access to the website. Information about your identity is not recorded.

This information is transferred to Microsoft servers in the USA and stored there as a matter of principle at most for 180 days. We have entered into an order processing contract with Microsoft in respect of the use of Bing Ads. By way of this contract, Microsoft assures that it processes the data in line with the General Data Protection Regulation and guarantees protection of the data subject’s rights.

The information generated by Cookies placed by Microsoft regarding your use of this website is transferred to a Microsoft server in the USA and stored there. The forwarded data are merely data that have been rendered anonymous, drawing a conclusion about your name is not possible. We have entered into a contract with Microsoft by way of incorporating the EU standard contract clauses. This guarantees that a level of protection is in place that is comparable with that in place in the EU (see also sub-section 3b for data transfers to the USA).

In addition we shall only forward your data if you expressly consent to the processing by Microsoft. In such a case you consent, in the knowledge of the risks described in sub-section 3b, to the forwarding of your data to the USA in accordance with Article 49(1), Point a, GDPR.

You can use the Cookie Management Tool to withdraw your consent at any time for the future.

You can find more detailed information about the analysis services of Bing on the Bing website.

You can find more detailed information about the data protection in place at Microsoft in the Microsoft data protection provisions.

b) Hotjar
Furthermore, on our site we use the Hotjar analysis service of Hotjar Ltd. (St Julian’s Business Centre 3, Elia Zammit Street, St Julian’s STJ 1000, Malta, Europe, (hereinafter: “Google”) as a result of your consent in accordance with Article 6(1), Sentence 1, Point a, GDPR. Hotjar is a tool for analysing user behaviour. By way of Hotjar we can quantity, evaluate and track the behaviour of visitors to our website such as mouse movements, clicks and scroll length.

To that end Hotjar uses inter alia Cookies (see sub-section 4) on the site visitors’ terminals and can store in an anonymous form data of site visitors such as browser information, operating system and dwell times on the site etc.

We have entered into an order processing contract with Hotjar. By way of such a contract, Hotjar assures that it processes the data in line with the General Data Protection Regulation and guarantees protection of the data subject’s rights.

You can prevent such data processing by Hotjar by deactivating the use of Cookies in the settings of your web browser and deleting Cookies that are already active. Activating the “Do Not Track” function in your browser is a further option of preventing data processing by Hotjar. You can find out here how to arrange the settings in that respect.

You can withdraw your consent at any time for the future via our Cookie management tool.

You can find more detailed information about the data protection in place at Hotjar in its Data Protection Guideline.

c) Facebook Pixel with Facebook Custom Audiences
As a result of your consent in accordance with Article 6(1), Sentence 1, Point a, GDPR, we use the Facebook-Pixel Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (hereinafter: Facebook) on our site. Facebook Pixel is a JavaScript Code that facilitates the tracking of visitor activities on websites in which Pixel is used. Your IP address, browser information, initial and target site and referrer data inter alia are collected and recorded by way of Facebook Pixel.  Furthermore, the Pixel identifies the activities that are performed on the website such as the click behaviour.

You can find more information about the data protection in place at Facebook here.

(1) Facebook-Pixel for quantifying solutions and analysis services
By way of Facebook Pixel we can use quantifying solutions and analysis services to identify how you react to our advertisements on Facebook for example if you click on a link in the advertisement that leads to our website. We therefore gain a better overview of how successful our campaigns on Facebook are, and can continually optimise them. By way of Pixel we can also identify you as a visitor to our website. On the basis of this information, the advertisements we run on Facebook are only displayed to Facebook users who probably also have an interest in our services, either because they have visited our website in the past or because they have certain characteristics (e.g. interest in certain topics or products that are determined on the basis of the visited websites).

Pixel is loaded when you view our website or react to an advertisement we place on Facebook for example because you click on a link to our site. In this context a Pixel ID list is drawn up and placed in a Cookie so that we receive evaluations of your user behaviour. The Pixel is not aimed at identifying you personally.

In this respect by order we have entered into an agreement on the processing. In that agreement Facebook assures to process data and safeguard data subjects’ rights in line with the GDPR.

(2) Facebook Custom Audience for target groups
Based on your consent, Article 6(1), Sentence 1, Point a, GDPR, we use Facebook Custom Audience of the social network Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a company of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, hereinafter “Facebook”). Facebook Custom Audience enables us to gear advertising campaigns towards persons. A Facebook Custom Audience Pixel Tag is integrated in our website. This is a JavaScript Code by way of which data, which have been rendered anonymous, on the use of the website are processed. This includes your IP address, the used browser and the initial and target site. By way of Facebook Pixel we can identify how you react to our advertisements on Facebook for example if you click on a link in the advertisement that leads to our website. We therefore gain a better overview of how successful our campaigns on Facebook are, and can continually optimise them. By way of the Pixel we also able to identify you as a visitor to our site to determine the target group for displaying advertisements. Accordingly we use Facebook Pixel to display the Ads we run on Facebook only to Facebook users who probably also have an interest in our services, either because they have visited our website in the past or because they have certain characteristics (e.g. interest in certain topics or products that are determined on the basis of the visited websites).

The information obtained on our pages is automatically compared by Facebook using a Facebook Cookie to determine whether or not you belong to the target group that is relevant to us. If you belong to the target group, you will be shown corresponding advertisements from us on Facebook. During this process, neither we nor Facebook will identify you personally by comparing the data.

We are jointly responsible with Facebook Ireland for use of the Facebook Custom Audience Pixel in accordance with Article 26, GDPR. We have entered into a contract on the joint responsibility to specify the respective responsibilities for honouring obligations resulting from GDPR.  Accordingly, we are responsible for providing information to the users of our website, while Facebook is responsible for replying to enquiries about data subjects’ rights in accordance with Article 15 to Article 21, GDPR. However, as part of the joint responsibility you can, as a matter of principle, assert your data subject rights against any of the jointly responsible parties.

Facebook bases the processing of data on the consent of Facebook users in accordance with Article 6(1), Point a, GDPR, and the legitimate interests of Facebook in accordance with Article 6(1), Point f, GDPR, to guarantee Facebook advertisers accurate and reliable reports or accurate performance statistics. You can find more information about this in Facebook’s data protection information, or here. You can contact Facebook’s data protection officer here.

With regard to data transfers by Facebook Ireland to the US or other unsafe third countries (see sub-section 3f), Facebook relies on standard contractual clauses approved by the European Commission. We only transfer data to Facebook if you have granted your prior consent.

You may object to the use of the Custom Audiences service on the Facebook website. After logging in to your Facebook account, you will be taken to the Facebook advertisement settings.

7. Vimeo
On this website we use Vimeo Plugins to integrate videos from the Vimeo internet video portal of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. The integration is based on Article 6(1), Sentence 1, Point a, GDPR, whereby we have an interest in the smooth integration of our Vimeo videos.

Every time a page of this website is viewed that provides one or more Vimeo video clips, a direct link is established between your browser and a Vimeo server in the USA. In that respect the information that you have used your IP address to visit the page is forwarded by your browser directly to the Vimeo server and stored there. By way of interaction with the Vimeo plug-ins (e.g. clicking, start.) the information created by way of the interaction is forwarded to Vimeo and stored there.

If you have a Vimeo user account and do not want Vimeo to collect data about you while you are visiting our website and combine such data with your membership data stored by Vimeo, then you must log out of Vimeo before visiting this website.

The information generated by Vimeo regarding the use of our website is sent to and stored on a server operated by Vimeo and located in the USA. The forwarded data are merely data that have been rendered anonymous; drawing a conclusion about your name is not possible. We have entered into a contract with Vimeo by way of incorporating the EU standard contract clauses. This guarantees that a level of protection is in place that is comparable with that in place in the EU (see also sub-section 3b for data transfers to the USA).

In addition we shall only forward your data if you expressly consent to the processing by Microsoft. In such a case you consent, in the knowledge of the risks described in sub-section 3b, to the forwarding of your data to the USA in accordance with Article 49(1), Point a, GDPR.

You can use the Cookie Management Tool to withdraw your consent at any time for the future.

You can find Vimeo’s Data Protection Policy, which contains more detailed information about the collection and use of your data by Vimeo, your rights in this respect and the settings options in respect of protecting your privacy at http://vimeo.com/privacy.

8. Data Security
All data personally forwarded by you shall be encrypted when transmitted using the general TLS (Transport Layer Security) standard that is customary and secure. TLS is a safe and tried and tested standard which, for example, is also used in online banking. You can identify a secure TLS connection inter alia by the added s in the http (i.e. https://..) in the address section of your browser or by the lock system in the lower area of your browser.

In other respects we make use of suitable technical and organisational safety measures to protect your data against accidental or intentional manipulation, partial or complete loss or destruction or against unauthorised third party access. Our security measures are constantly improved in line with technological developments.

9. Data Subjects’ Rights
In accordance with Article 7(3) GDPR you have the right

At any time to withdraw your consent previously granted to us. This means that with effect for the future we may no longer continue the data processing based on such consent;

In accordance with Article 15, GDPR, request information about your personal data we process. You may, in particular, request information about the processing purposes; the category of the personal data; the categories of recipients to whom your data were or shall be disclosed; the planned storage period; the existence of a right to rectification, erasure, restriction of processing or objection; the existence of a right to complain; the origin of your data provided such data were not collected by us, and the existence of automated decision-making including profiling and, where applicable, significant information the profiling details;

In accordance with Article 16, GDPR, request the rectification without undue delay of your personal data that are inaccurate;

In accordance with Article 17, GDPR, request the deletion of your personal data we are storing provided the processing is not required to exercise a right to freedom of expression and to information to honour a legal obligation for reasons of public interest or for the establishment, exercise or defence of legal claims;

In accordance with Article 18, GDPR, request restriction of the processing of your personal data provided you dispute the accuracy of the data, the processing is unlawful but, however, you reject the deletion of such data and we no longer require such data but, however, you require such data for the establishment, exercise or defence of legal claims or in accordance with Article 21, GDPR, you have raised an objection to the processing;

In accordance with Article 20, GDPR, to receive your personal data, which you have made available to us, in a structured, commonly used and machine-readable format, or request the transmission of such data to another controller, and

In accordance with Article 77, GDPR, lodge a complaint with a supervisory authority. Normally in this respect you may contact the supervisory authority of your customary place of residence or workplace or the registered office of our company.

Information about your right to object in accordance with Article 21, GDPR

You have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6(1), Point e, GDPR (data processing in the public interest) and Article 6(1), Point f, GDPR (data processing based on weighing up interests). This also applies to profiling based on this provision of Article 4, No. 4, GDPR.

If you make an objection, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where your objection is geared towards the processing of data for the purposes of direct advertising, we shall stop the processing without delay. In such a case stating a particular situation shall not be required. This also applies to profiling provided it is associated with such direct advertising.

If you would like to make use of your right to object, sending an e-mail to team@datenschutz-hannover.de will suffice.

10. Up to Date Nature of and Amending the Data Protection Information
This data protection information is currently valid and was compiled in November 2020.

Amending this data protection information may be necessary as a result of the further development of this website and the services rendered via this website or as a result of amended legal or official requirements. You can view and print the respective, current, data protection information on this website at any time at

https://chamaeleonberlin.com/en/privacy-policy

 

*For better legibility, we use the male form in a gender-neutral sense in all our texts. Nevertheless, all gender-identities are included and addressed.