Data protection

Data protection statement

Privacy Policy

Name and contact of the responsible person according to article 4 paragraph 7 GDPR

Friedrichstadt-Palast Betriebsgesellschaft mbH
Friedrichstrasse 107
10117 Berlin
Telephone director: +49-30-2326 2264
Email director: [email protected]

Data Protection Officer
Jorg Hoffmann
Friedrichstrasse 107
10117 Berlin
[email protected]

 

Security and protection of your personal data
We consider it our primary responsibility to protect the confidentiality of the personal information you provide and to protect it from unauthorised access. That’s why we take the utmost care and set state-of-the-art security standards to ensure maximum protection of your personal information.

As a private company, we are subject to the provisions of the European Data Protection Regulation (DSGVO – GDPR) and the regulations of the Federal Data Protection Act (BDSG). We have taken technical and organisational measures to ensure that the data protection rules are respected both by us and by our external service providers.

 

Definitions
Legislation requires that personal data be processed lawfully, in good faith and in a manner that is reasonable for the data subject (“lawfulness, fairness, transparency”). To ensure this, we inform you about the individual legal definitions that are also used in this privacy statement:

  1. Personal data
    “Personal data” means any information relating to an identified or identifiable natural person (hereinafter the “data subject”); a natural person is regarded as identifiable, who can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical , physiological, genetic, mental, economic, cultural or social identity of this natural person.
  2. Processing
    “Processing” means anyone, with or without the help of automated procedures, performed procedures or any such series of operations related to personal data such as collection, gathering, organisation, ordering, storage, adaptation or modification, reading, querying , the use, disclosure by transmission, dissemination or any other form of provision, matching or linking, restriction, erasure or destruction.
  3. Restriction of processing
    “Restriction of processing” is the marking of personal data stored with the aim of limiting its future processing.
  4. Profiling
    “Profiling” means any kind of automated processing of personal data which consists in using that personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to job performance, economic situation, health, to analyse or predict personal preferences, interests, reliability, behaviour, location or change of location of that natural person.
  5. Pseudonymisation
    “Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without additional information being provided, provided that such additional information is kept separate and subject to technical and organisational measures to ensure that the personal data cannot be assigned to an identified or identifiable natural person.
  6. File System
    “File system” means any structured collection of personal data accessible by specific criteria, whether that collection is centralised, decentralised or organised according to functional or geographical considerations.
  7. Responsible person“Responsible person” means a natural or legal person, public authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for their appointment may be provided for under Union or national law.
  8. Processors
    “Processor” means a natural or legal person, public authority, institution or other body that processes personal data on behalf of the controller.
  9. Recipient“Recipient” means a natural or legal person, public authority, agency or other entity to whom personal data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular mission are not considered to be recipients; the processing of such data by the said authorities shall be in accordance with the applicable data protection rules in accordance with the purposes of the processing.
  10. Third party
    “Third party” means a natural or legal person, public authority, institution or other body other than the data subject, the controller, the processor and the persons authorised under the direct responsibility of the controller or processor to process the personal data.
  11. Consent
    A “consent” of the data subject is any expression of will voluntarily given in a specific, unequivocal and unambiguous manner in the form of a statement or other unambiguous confirmatory act that indicates to the data subject that they are involved in the processing of the data subject’s personal data.

 

Legality of processing

The processing of personal data is only lawful if there is a legal basis for processing it. The legal basis for the processing may be, in accordance with Article 6 (1)
lit. a – f GDPR in particular:

a. The data subject has given his/her consent to the processing of the personal data concerning him/her for one or more specific purposes;
b. The processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures which are carried out at the request of the data subject;
c. The processing is necessary to fulfil a legal obligation to which the controller is subject;
d. The processing is necessary to protect the vital interests of the data subject or any other natural person;
e. The processing is necessary for the performance of a task which is in the public interest or in the exercise of public authority delegated to the controller;
f. The processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring personal data protection prevail, in particular where the data subject is a child.

 

Information about the collection of personal data

(1) Below we inform you about the collection of personal data when using our website. Personal data is for example: Name, address, e-mail addresses, user behaviour.

(2) When contacting us by e-mail or using a contact form, the information you provide (your e-mail address, your name and telephone number, if applicable) will be stored by us to answer your questions. We delete the data in this connection after the storage is no longer required, or the processing is restricted, if legal storage obligations exist.

 

Collection of personal data when visiting our website

In the case of merely informative use of the website, ie if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data which is technically necessary for us to inform you about our website and to ensure its stability and security (legal basis is Art. 6 (1) sentence 1 lit. GDPR):

– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the requirement (concrete page)
– Access Status / HTTP status code
– Each transmitted amount of data
– Website from which the request comes
– Browser
– Operating system and its interface
– Language and version of the browser software.

 

Use of cookies

(1) In addition to the aforementioned data, cookies are stored on your computer when using our website. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using, and that provide certain information to the body that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.

(2) This website uses the following types of cookies, the scope and operation of which are explained below:

– Transient cookies (see a.)
– Persistent cookies (see b.).

  1. Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
  2. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
  3. You can configure your browser setting according to your wishes and
    for example decline the acceptance of third-party cookies or all cookies. So-called “Third Party Cookies” are cookies that have been set by a third party, and therefore not by the actual website on which you are currently located. Please note that disabling cookies may not enable you to use all features of this website.

(3) We use cookies from Advolution (Advolution // digital control GmbH & Co. KG Kaistraße 16a 40221 Dusseldorf) in order to display advertising material that has been commissioned by the customer (s) of advolution. to control the user * in and optimise. This concerns, for example, the maximum display frequency of advertising material that a user can see. In addition, advolution uses in some cases stored cookie information for statistical surveys. By setting cookies, advolution does not store any personal data such as name, e-mail addresses or other personal information. All information is purely anonymised and contains technical information such as the frequency of the display and the date of the advertisement, the browser used or the operating system installed.
Clicking the OptOut link stops the collection of anonymised data. In this case, advolution replaces the current cookie with a new opt-out cookie. This opt-out cookie deletes the previously stored information, including the IP address, and prevents the further collection of anonymous information. IMPORTANT: If this opt-out cookie is deleted, advolution can no longer determine that an opt-out has taken place. In this case repeat the OptOut process.

OptOut-Link: advolution.de/datenschutz.php

Consent with Borlabs Cookie

Our website uses the Borlabs consent technology to obtain your consent to the storage of certain cookies in your browser or for the use of certain technologies and for their data privacy protection compliant documentation. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).

Whenever you visit our website, a Borlabs cookie will be stored in your browser, which archives any declarations or revocations of consent you have entered. These data are not shared with the provider of the Borlabs technology.

The recorded data shall remain archived until you ask us to eradicate them, delete the Borlabs cookie on your own or the purpose of storing the data no longer exists. This shall be without prejudice to any retention obligations mandated by law. To review the details of Borlabs’ data processing policies, please visit https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

We use the Borlabs cookie consent technology to obtain the declarations of consent mandated by law for the use of cookies. The legal basis for the use of such cookies is Art. 6(1)(c) GDPR.

More features and offers of our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do this, you will generally need to provide other personal information that we use to provide the service and for which the aforementioned data processing principles apply.

 

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly inspected.

 

(3) Furthermore, we may disclose your personal data to third parties, if action participations, competitions, contracts or similar services are offered by us together with partners. For more information, please refer to your personal data or below in the description of the offer.

 

(4) Insofar as our service providers or partners are based in a country outside the European Economic Area (EEA), we inform you about the consequences of this circumstance in the description of the offer.

 

Use of our webshop
(1) If you wish to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data that we need for the processing of your order. Mandatory information necessary for the execution of the contracts is marked separately, further details are voluntary. We process the data provided by you to process your order. For this we can pass on your payment data to our house bank. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR. You can voluntarily create a customer account, through which we can save your data for later purchases. If you create an account under “My Account”, the data you provide will be revocable. All other data, including your user account, you can always delete in the customer area.

 

(2) Due to commercial and tax regulations, we are obliged to store your address, payment and order data for a period of ten years. However, after two years we are restricting processing, ie. your data will only be used to comply with legal obligations.

 

(3) In order to prevent unauthorised access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology.

 

Privacy Policy when using external payment service providers
(1) We offer several payment methods for the use of the webshop and use different payment service providers. Depending on which payment method you choose, different data will be transmitted to the respective payment service provider. The legal basis for the transfer is Art. 6 para. 1 sentence 1 lit. a GDPR. Below we list our payment service providers.

    1. PayPal
      If you choose the payment method PayPal, your personal data will be transmitted to PayPal. Prerequisite for the use of PayPal is the opening of a PayPal account. With the use or opening of a PayPal account name, address, telephone number and e-mail address must be transmitted to PayPal. The legal basis for the transmission of data is Article 6 (1) lit. a GDPR (consent) and Article 6 para. 1 lit. b GDPR (processing to fulfill a contract).Operator of the payment service PayPal is the:PayPal (Europe) S.à r.l. et Cie, S.C.A.
      22-24 Boulevard Royal
      L-2449 Luxembourg
      E-Mail: [email protected] With the payment option PayPal you consent to the transmission of personal data such as name, address, telephone number and e-mail address to PayPal. Which other data is collected by PayPal, results from the respective privacy policy of PayPal. This can be found at: www.paypal.com/de/webapps/mpp/ua/privacy-full
    2. Amazon Pay
      We offer the option of making payments via the payment service provider Amazon Pay (Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6(1)(f) GDPR). During processing, we transfer the following data to Amazon Payments insofar as this is necessary for fulfilment of the contract (Art. 6(1)(b) GDPR):
      First name
      Last name
      Address
      Email
      Telephone number
      Processing of the data specified in this section is not required by law or contract. However, we cannot process payments via amazon pay without transferring your personal data. (You have the option of choosing a different payment method.)
      Amazon Payments Europe reserves the right to carry out a credit check to ensure your willingness and ability to pay. This corresponds to the legitimate interest of Amazon Payments Europe (pursuant to Art. 6(1)(f) GDPR) and serves the fulfilment of the contract (pursuant to Art. 6(1)(b) GDPR). Your data will be passed on to credit agencies and online retailers for this purpose. In addition, amazon pay may use your data for interest-based advertising and marketing purposes if you have consented to this in your account settings (www.amazon.de/adprefs). We have no influence on this and merely receive notification of whether the payment has been completed or rejected.
      For more information on your options for objection and erasure vis-à-vis Amazon Payments Europe, see: https://pay.amazon.de/help/201212490.
      We will store your data until the transaction has been completed. This also includes the time required for processing refunds as well as for claims management and fraud prevention. [Pursuant to [§147 of the German Fiscal Code (AO) / §257 of the German Commercial Code (HGB)], a statutory retention period of ten (10) years applies for us.
  1. Immediate / immediate transfer / Klarna
    If you decide on the method of payment immediate transfer / Klarna, your personal data will be transmitted to the operator of Klarna. The legal basis for the transmission of data is Article 6 (1) lit. a GDPR (consent) and Article 6 para. 1 lit. b GDPR (processing to fulfil a contract).Operator of the payment service Klarna is the:Klarna Bank AB (publ)
    Sveavägen 46
    111 34 Stockholm
    Sweden
    Telephone: 0046 8-120 120 00
    Fax: 0046 8-120 120 99
    Contact: [email protected]Klarna collects the following data:
    – Name, date of birth, title, billing and delivery address, e-mail address, mobile phone number
    – Information about ordered products
    – Information on income, credit commitments and payment notes
    – Location related information
    – IP addressDetailed information on the privacy policy of Klarna Bank AB (publ) can be found at www.klarna.com/de/datenschutz
  2. Credit card payments
    If you opt for the payment method of credit card, your personal data will be transmitted to the operator Concardis. As a technical service provider, Concardis uses the “Paygate” application of the provider Computop Wirtschaftsinformatik GmbH Schwarzenbergstrasse 4 D-96050 Bamberg. The legal basis for the transmission of the data is Article 6 (1) (a) GDPR (Consent) and Article 6 (1) lit. b GDPR (processing to fulfil a contract) As a so-called acquirer, Concardis handles the transfer of payments between your credit card company, your bank and us.
    Operator of the payment service Concardis is the
    Concardis GmbH
    Helfmann Park 7
    65760 Eschborn
    Concardis collects the following data:
    a. Credit card number
    b. Validity period of the card
    c. Card Security
    d. Payment amount
    e. Acitivity ID
    f. Cart ID
    G. Course number
    H. Event name
    i. Number of ProductsFor more information on Concardis’ privacy policy, please visit www.concardis.com/data protectionOperator of the Computop Paygate is the
    Computop Business Informatics GmbH
    Schwarzenbergstr. 4
    D-96050 Bamberg
    Tel. 49 (0) 951.98009-0
    [email protected]
    For detailed information on Computop’s privacy policy, see
    www.computop.com/de/datenschutz/


Credit check

For the purpose of credit / credit checks, with the payment method “direct debit”, Creditreform Boniversum GmbH, Hellersbergstr. 11, 41460 Neuss, inform us of the address and credit-worthy data stored in their database, including scores based on mathematical-statistical procedures. When calculating the score, amongst other things, also address data is used. Our legitimate interest is defined in the security of our claims, in the context of a direct debit procedure, by providing information about the payment behaviour to the applicant, specific person. If you would like more information or information about the Bonworthum Credit Information process, please use the following link:
www.boniversum.de/eu-dsgvo/informationen-nach-eu-dsgvo-fuer-verbraucher/

 

 

Newsletter
(1) With your consent, you can subscribe to our newsletter, which informs you about our current interesting offers. The advertised goods and services are named in the declaration of consent.

(2) To register for our newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send you an e-mail to the e-mail address specified in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to inform you about possible misuse of your personal data.

(3) The only requirement for sending the newsletter is your e-mail address. The specification of additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the cancellation by clicking on the link provided in each newsletter e-mail, or by e-mail to [email protected] or by sending a message to the contact details stated in the imprint.

(5) The dispatch of the newsletter takes place by means of “Amity”, a newsletter dispatch platform of the supplier dialogue1 GmbH Katharinenstrasse 33 20457 Hamburg. The privacy policy of the shipping service provider can be viewed here: dialogue1.de/datenschutz
Furthermore, the shipping service provider may, according to its own information, transmit these data in pseudonymous form, i.e. without assignment to a user, to optimise or improve their own services, e.g. for the technical optimisation of the dispatch and the presentation of the newsletters or for statistical purposes, to determine from which countries the recipients come. However, the shipping service provider does not use these to subscribe themselves or to pass on to third parties.

 

Children
Our offer is basically for adults. Persons under the age of 16 should not submit any personal data to us without the consent of their parents or guardians.

Rights of the person concerned


(1) Revocation of consent

If the processing of the personal data is based on a given consent, you have the right to revoke the consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

You can always contact us to exercise the right of withdrawal.

 

(2) Right to confirmation
You have the right to ask the person in charge to confirm that we are processing personal data concerning you. You can request confirmation at any time using the contact details above.

(3) Right to information
If personal data is processed, you can request information about this personal data and the following information at any time:

 

a.the processing purposes;
b. the categories of personal data being processed;
c. the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organisations;
d. if possible, the planned duration for which the personal data are stored or, if this is not possible, the criteria for determining that duration;
e. the existence of a right to rectification or erasure of the personal data concerning you or to a restriction of processing by the controller or a right to object to such processing;
f. the existence of a right of appeal to a supervisory authority;
g. if the personal data are not collected from the data subject, all available information on the source of the data;
h. the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

If personal data are transmitted to a third country or to an international organization, you have the right to be informed of the appropriate safeguards under Article 46 of the GDPR in connection with the transfer. We provide a copy of the personal data that is the subject of the processing. For any additional copies you request of a person, we may charge a reasonable fee based on the administrative costs. If the application is submitted electronically, the information must be provided in a standard electronic format, unless otherwise stated. The right to receive a copy under paragraph 3 shall not affect the rights and freedoms of others.

(4) Right to rectification
You have the right to demand immediate correction of incorrect personal data concerning you. Taking into account the purposes of processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

You have the right to request that the person responsible for your personal data be deleted immediately and we are obliged to delete personal data immediately if one of the following applies:

  1. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. The data subject withdraws the consent on which the processing was based, in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR, and lacks any other legal basis for the processing.
  3. In accordance with Article 21 (1) of the GDPR, the data subject objects to the processing and there are no legitimate grounds for processing, or the data subject objects to the processing in accordance with Article 21 (2) GDPR.
  4. The personal data was processed unlawfully.
  5. The erasure of personal data is necessary to fulfil a legal obligation under Union or national law to which the controller is subject.
  6. The personal data was collected in relation to information society services offered pursuant to Article 8 (1) of the GDPR.

 

If the controller has made the personal data publicly available and is required to erase it in accordance with paragraph 1, taking into account the technology available and the implementation costs, (s)he shall take appropriate measures, including technical ones, to inform data controllers who process the personal data to inform that an affected person has requested that they delete all links to such personal data or copies or replications of such personal data.

 

The right to cancel (“right to be forgotten”) does not exist if processing is required:

– to exercise the right to freedom of expression and information;
– to fulfil a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of public authority delegated to the controller;
– for reasons of public interest in the field of public health, in accordance with Article 9 (2) (h) and (i) and Article 9 (3) GDPR;
– for archival purposes of public interest, for scientific or historical research purposes or for statistical purposes under Article 89 (1) GDPR, where the law referred to in paragraph 1 is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
– to assert, exercise or defend legal claims

You have the right to request that we restrict the processing of your personal data if any of the following conditions apply:

the accuracy of the personal data is disputed by the data subject for a period allowing the controller to verify the accuracy of the personal data;
the processing is unlawful and the data subject refuses to delete the personal data and instead requests the restriction of the use of the personal data;
c. the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them to assert, exercise or defend legal claims; or
d. the person concerned has lodged an objection to the processing pursuant to Article 21 (1) of the GDPR, as long as it is not certain that the responsible reasons of the person responsible prevail over those of the person concerned.

If the processing has been restricted in accordance with the above-mentioned conditions, this personal data will only be stored with the consent of the data subject or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons important public interest of the Union or of a Member State.

In order to exercise the right to limit processing, the data subject may contact us at any time using the contact details provided above.

 

(7) Right to data portability
You have the right to receive the Personal Data you provide to us in a structured, common and machine-readable format, and you have the right to transfer that information to another person without hindrance by the controller providing the Personal Information were to be transmitted, provided that:

a. the processing is based on a consent in accordance with Article 6 (1) (a) or Article 9 (2) (a) or a contract pursuant to Article 6 (1) (b) GDPR; and

b. the processing is done using automated procedures.

When exercising the right to data portability in accordance with paragraph 1, you have the right to obtain that the personal data is transmitted directly from one controller to another, as far as technically feasible. The exercise of the right to data portability is without prejudice to the right of cancellation (the right to be forgotten). This right does not apply to processing necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

 

(8) Right to object
You have the right, for reasons of your own particular situation, to object at any time to the processing of personal data relating to you pursuant to Article 6 (1) (e) or (f) of the GDPR; this also applies to profiling based on these provisions. The controller no longer processes the personal data unless he can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for the purpose of enforcing, pursuing or defending legal claims.

If personal data is processed in order to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail. If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

Regarding the use of information society services, regardless of Directive 2002/58 / EC, you can exercise your right to object through automated procedures that use technical specifications.

You have the right, for reasons of your own particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes under Article 89 (1), except when: the processing is necessary to fulfil a public interest task.

The right of objection can be exercised at any time by contacting the respective person responsible.

(9) Automated decisions on a case-by-case basis, including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision:

a. is necessary for the conclusion or performance of a contract between the data subject and the controller,

b. is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or

c. with the express consent of the data subject.

The controller shall take reasonable steps to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the controller, to express his or her own position and to challenge the decision.

This right can be exercised by the data subject at any time by addressing himself/herself to the responsible person.

(10) Right to complain to a supervisory authority
Furthermore, without prejudice to any other administrative or judicial remedy, they shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their residence, place of work or place of alleged infringement, if the data subject considers that the processing data concerned is in breach of this regulation.

(11) Right to effective judicial remedy
Without prejudice to an available administrative or extrajudicial remedy, including the right to complain to a supervisory authority under Article 77 of the GDPR, they shall have the right to an effective judicial remedy if they consider that the rights conferred on them by that Regulation are not satisfied by that regulation concerning the processing of their personal data.

 

Cloudflare

We use the “Cloudflare” service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as “Cloudflare”).

Cloudflare offers a content delivery network with DNS that is available worldwide. As a result, the information transfer that occurs between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyze data transactions between your browser and our website and to work as a filter between our servers and potentially malicious data traffic from the Internet. In this context, Cloudflare may also use cookies or other technologies deployed to recognize Internet users, which shall, however, only be used for the herein described purpose.

The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6(1)(f) GDPR).

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/.

For more information on Cloudflare’s security precautions and data privacy policies, please follow this link: https://www.cloudflare.com/privacypolicy/.

Data processing

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

 

Consent with Borlabs Cookie

Our website uses the Borlabs consent technology to obtain your consent to the storage of certain cookies in your browser or for the use of certain technologies and for their data privacy protection compliant documentation. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).

Whenever you visit our website, a Borlabs cookie will be stored in your browser, which archives any declarations or revocations of consent you have entered. These data are not shared with the provider of the Borlabs technology.

The recorded data shall remain archived until you ask us to eradicate them, delete the Borlabs cookie on your own or the purpose of storing the data no longer exists. This shall be without prejudice to any retention obligations mandated by law. To review the details of Borlabs’ data processing policies, please visit https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

We use the Borlabs cookie consent technology to obtain the declarations of consent mandated by law for the use of cookies. The legal basis for the use of such cookies is Art. 6(1)(c) GDPR.

Use of Google Analytics


(1) This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, in the event of activation of IP anonymisation on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to the website operator.

(2) The IP address transmitted by Google Analytics as part of Google Analytics will not be merged with other data provided by Google.

 

(3) You can prevent the storage of cookies by setting your browser software accordingly; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by using the browser plug-in available under the following link. To download and install: tools.google.com/dlpage/gaoptout?hl=de.

(4) This website uses Google Analytics with the extension “_anonymizeIp ()”. As a result, IP addresses are processed shortened, a person-relatedness can be excluded. Insofar as the data collected about you is assigned a personal reference, it will be immediately excluded and the personal data will be deleted immediately.

 

(5) We use Google Analytics to analyse and regularly improve the use of our website. With the statistics we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which Personal Information is transferred to the US, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f GDPR.

(6) Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Terms of Use: www.google.com/intl/en/policies/terms/
Privacy Policy: www.google.com/intl/de/analytics/learn/privacy.html,

and the privacy policy: www.google.com/analytics/learn/privacy.html , policies.google.com/privacy.

(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can disable the cross-device analysis of your usage under My Data, Personal Information in your customer account.

 

Use of Google Re-Marketing Services

(1) On the basis of our legitimate interests (ie interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR) we use the marketing and remarketing services (in short “Google”). Marketing Services “) of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (” Google “).
Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation www.privacyshield.gov

(2) The Google Marketing Services allow us to display advertisements for the Friedrichstadt-Palast more selectively, in order to present users only ads that potentially correspond to their interests. For these purposes, when Google calls to other websites where Google Marketing Services are active, Google immediately executes Google code and so-called (re) marketing tags (invisible graphics or code, also known as “web beacons”) are included in the website if you have previously visited our website. With the aid of these “web beacons”, the user is provided with an individual cookie on the device. A small file is saved (instead of cookies, comparable technologies can also be used). The cookies can be set by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file is noted which web pages the user visited, for what content (s)he is interested and what offers (s)he has clicked, as well as technical information about the browser and operating system, referring web pages, visit time and other information on the use of the online offer. The IP address of the users is also recorded, whereby in the context of Google Analytics we announce that the IP address is shortened within member states of the European Union or other parties to the Agreement on the European Economic Area and only in exceptional cases to one Google server in the US is transmitted and shortened there. The IP address will not be merged with data of the user within other offers from Google. The above information may also be linked by Google with such information from other sources. If the user then visits other websites, they can be displayed according to his/her interests, the ads tailored to him/her.

(3) The data of the users are pseudonym processed in the context of the Google marketing services. That is to say, Google stores and processes e.g. not the name or e-mail address of the users, but processes the relevant data cookie-related within pseudonymous user profiles. That is to say, from the perspective of Google, the ads are not managed and displayed to a specifically identified person, but to the cookie owner, regardless of who that cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymisation. The information collected about users through Google Marketing Services is transmitted to Google and stored on Google’s servers in the United States.

(4) Among the Google marketing services we use amongst other things the online advertising program “Google AdWords”. In the case of Google AdWords, each advertiser receives a different “conversion cookie”. Cookies cannot be tracked through AdWords advertisers’ websites. The information collected through the cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Advertisers will see the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users.

  1. We can engage third-party ads based on Google’s DoubleClick marketing service. DoubleClick uses cookies that enable Google and its affiliate websites to serve ads based on users’ visits to this site or other sites on the Internet.
  2. In addition, we may use the “Google Tag Manager” to integrate and manage the Google Analytics and Marketing Services on our website.

 

For more information about Google’s data usage for marketing, see the overview page: www.google.com/policies/technologies/ads, Google’s Privacy Policy located at www.google.com/policies/privacy available.
If you wish to opt-out of interest-based advertising through Google Marketing Services, you can take advantage of Google’s recruitment and opt-out options: www.google.com/ads/preferences

Use of TradeDesk

Using The Trade Desk Remarketing Tools. Our website uses the remarketing feature of “The Trade Desk Inc” 42 N. Chestnut St. Ventura, CA 93001 USA. This feature is designed to show visitors interest-based ads on external websites. The website visitor’s browser stores so-called “cookies”, text files that are saved on your computer and that allow visitors to recognise them when they access external websites. On external pages, the visitor (s) can then be presented with advertisements referring to contents of the Friedrichstadt-Palast. According to its own statements, The Trade Desk does not collect any personal data during this process. However, if you do not want the Remarketing feature of The Trade Desk, you can stop it by going to www.adsrvr.org/opt-out.html. For more information on The Trade Desk Remarketing, visit: www.thetradedesk.com/general/privacy-policy.
Third-party information: The Trade Desk Inc. 42 N. Chestnut Street, Ventura, CA 93001
The Trade Desk also processes your personal information in the US and has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US Framework

Use of our GUID·E chatbot

We use a chatbot called GUID·E to offer an online advice service (chat) for interested parties and customers. We draw on the data collected while providing this service to be able to advise you. If you ask our chatbot a question, we process the personal data you provide to handle your query. As such, we use your data exclusively to fulfil the contract as per Art. 6(1)(b) GDPR in order to meet our obligations arising from a service contract. Should a contractual relationship not exist with you, our legitimate interest in responding to your query forms the legal basis for processing your data in accordance with Art. 6(1)(f) GDPR. You can end the online advice service at any time by closing the window opened for the purpose of obtaining advice online.

You alone decide which data you wish to disclose about yourself during the online advice session.

During the online advice session, communication takes place via an encrypted internet connection. This prevents unauthorised third parties from accessing the content of the online advice session. Friedrichstadt-Palast Betriebsgesellschaft mbH (Friedrichstraße 107, 10117 Berlin, Germany) is responsible for the chatbot and thus also for the data collected therein. The application is operated and hosted by Botfriends GmbH (Eichhornstraße 28, 97070 Würzburg, Germany). The operator/host may have commissioned additional processors for the chatbot. These processors provide technology and software to integrate the chatbot into the website’s user interface, establish connections to the servers, enable text recognition of the questions entered and determine the most appropriate answers. The contracts for order processing that are legally required pursuant to Art. 28 GDPR exist with all processors. As some of the processors involved are based outside of the European Union and the European Economic Area, additional standard data protection clauses have been concluded in accordance with Art. 46(2) GDPR. The European Commission has adopted standard data protection clauses to enable personal data to be transferred to third countries, appropriate safeguards to be agreed and enforceable rights and effective legal remedies to be ensured for data subjects. Insofar as US companies are involved, these are subject to the EU-US Privacy Shield Framework in its latest version.

The protection of your personal data is ensured in all cases.

Should your query relate to the agreement of a contract (creation of an offer), we store the data collected in the chat in your digital customer file. If such storage is not required, we delete the data from the chat history after 180 days. In individual cases (for example, the chatbot did not understand or could not answer the question), we use the questions asked within the last 180 days to train our chatbot on questions that it may not yet be familiar with.

You have the right to request the deletion of your data at any time, provided that the storage is not subject to a commercial retention period (as stipulated in the German bookkeeping and data storage regulations (GoBD), the German Fiscal Code and/or the German Commercial Code). We of course comply with further rights, such as the rights to rectification, blocking and access to your data. Please email us regarding this and provide your username so that we can get back to you.

Contact details can be found in this privacy policy as well as in the legal information.

Online presence in social media

(1) We maintain online presence within social networks and platforms in order to communicate with the customers, prospects and users active there and to inform them about our services there. When calling the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.

 

(2) Unless otherwise stated in our Privacy Policy, users’ data will be processed as far as they communicate with us within social networks and platforms, e.g. Write posts on our online presence or send us messages.

 

(3) We are currently using the following social media plug-ins: Facebook, Instagram, Twitter, Youtube. We use the so-called two-click solution. In other words, when you visit our site, no personal data is initially passed on to the providers of the plug-ins. The provider of the plug-in can be identified by the marking on the box above its initial letter or logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online service. In addition, the data mentioned under § 3 of this declaration will be transmitted. In the case of Facebook, Youtube and Twitter, according to the respective providers in Germany, the IP address is anonymised immediately after collection. By activating the plug-in, personal data will be transmitted by you to the respective plug-in provider and stored there (with US providers in the USA). Since the plug-in provider carries out the data collection, in particular via cookies, we recommend that you delete all cookies before clicking on the greyed-out box via the security settings of your browser.

 

(4) We have no influence on the collected data and data processing operations, nor are we aware of the full extent of the data collection, the purpose of the processing, the storage periods. We also have no information to delete the data collected by the plug-in provider.

 

(5) The plug-in provider saves the data collected about you as usage profiles and uses these for purposes of advertising, market research and / or tailor-made website design. Such an evaluation is carried out in particular (also for non-logged-in users) for the presentation of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, whereby you must contact the respective plug-in provider to exercise it. The plug-ins allow us to interact with social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f GDPR.

 

(6) The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged into the plug-in provider, your data collected from us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and for example, if you link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend logging out regularly after using a social network, but especially before activating the button, as this will prevent you from being assigned to your profile with the plug-in provider.

(7) For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the privacy statements of these providers, which are provided below. There you will also find further information about your rights and settings options for the protection of your privacy.

 

(8) Addresses of the respective plug-in providers and URL with their privacy notices:

a. Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; For more information about data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other#applications and www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US Framework.

b. Twitter, Inc., 1355 Market St., Suite 900, San Francisco, California 94103, USA; twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US Framework.

c. Third-party “YouTube” Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: www.google.com/policies/privacy/, opt-out: www.google.com/settings/ads/.

d. Within our online offer functions of the service Instagram are involved. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, United States. If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We point out that we as the provider of the pages do not receive knowledge of the content of the transmitted data and their use by Instagram.help.instagram.com/155833707900388

Integration of Google Maps

(1) On this website we use the offer of Google Maps. This allows us to show you interactive maps directly in the website and allow you to conveniently use the map feature.

(2) By visiting the website, Google receives the information that you have accessed on the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This is done regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and / or tailor-made website design. Such an evaluation is done in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have a right of objection to the formation of these user profiles, and you must comply with this to Google.

(3) Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. You can also find more information about your rights and privacy settings here: www.google.com/intl/en/policies/privacy. Google also processes your personal information in the United States and has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

Integration of Add2 Marketing Services

(1) On the basis of our legitimate interests (ie interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR) we use the marketing and remarketing services (in short “marketing”). Services “) add2 GmbH Kaistraße 16a 40221 Dusseldorf

(2) The following services are used:

Media strategy, planning, purchasing and possibly creation of advertising on digital advertising media. Consultation, analysis and optimisation in digital marketing and possibly the digital instances of the client (eg website or apps). AdServing and tracking systems are used for this purpose, through which the FSP collects data and performance values ​​from Add2 or its partners or transfers them directly via interfaces.
The purpose of this processing lies in the performance verification, the maximisation of impact and targeted modulation of the measures taken. This also includes the (re) recognition of data subjects for re-addressing with advertising measures (so-called targeting) and the adaptation of advertising messages within advertising material and websites or apps (Dynamic Creative Optimization, DCO)

 

Integration of external fonts from Google


External fonts from Google, Inc., www.google.com/fonts (“Google Fonts”). The integration of Google fonts is done by a server call on Google (usually in the US). Privacy Policy: www.google.com/policies/privacy/, opt-out: www.google.com/settings/ads/.

Integration of SnapEngage Webchat

(1) Use of SnapEngage Webchat. Our website uses the web chat feature of SnapEngage Inc. This feature is designed to provide visitors with the ability to directly interact directly with an employee of the FSP through a chat feature. The browser of the website visitor / website visitor saves for this purpose a so-called “Cookies”, text files which are stored on your computer and which are necessary as so-called session cookies for the operation of the service. By its own account, SnapEngage does not collect any personal information during this process. For more information about SnapEngage Webchat, visit: snapengage.com/privacy-policy/.
(2) Third-party information: SnapEngage Inc., 1722 14th St, Suite 220, Boulder, CO 80302, USA also processes your personal information in the United States and has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to determine whether data entered on this website (e.g., information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyzes the behavior of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g., IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google.

reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway.

Data are stored and analyzed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the protection of the operator’s websites against abusive automated spying and against SPAM. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

For more information about Google reCAPTCHA please refer to the Google Data Privacy Declaration and Terms Of Use under the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.

iThemes Security

We have integrated iThemes Security into this website. The provider is iThemes Media LLC, 1720 South Kelly Avenue Edmond, OK 73013, USA (hereinafter referred to as iThemes Security).

iThemes Security protects our website against undesirable access or malicious cyber-attacks. For this purpose, iThemes Security records, among other things, your IP address, the time, and source of login attempts and log files (e.g., the utilized browser). iThemes Security is installed locally on our servers.

The use of iThemes Security is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its website optimally against cyber-attacks. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

ManageWP

We administrate this website with the assistance of the ManageWP tool. The provider is GoDaddy.com WP Europe, Trg republike 5, 11000 Belgrade, Serbia (hereinafter referred to as ManageWP).

Among other things, ManageWP ensures that we can monitor the security and performance of our website as well as generate automatic backups. Consequently, ManageWP has access to all of the website’s content, including our databases. ManageWP is being hosted on the provider’s servers.

The use of ManageWP is based on Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in a website(s) that work(s) as effectively and securely as possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

Data processing

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Processors

We use external service providers (processors) for example for the shipment of goods, newsletters or payment transactions. Separate order data processing has been entered into with the service provider to ensure the protection of your personal data.

We work together with the following service providers:

bilettix GmbH
Maria-Goeppert-Straße 5
23562 Lübeck

[email protected]
+49 451 20949620
www.bilettix.net

 

salesforce.com Germany GmbH
Erika Man Street 63
80636 Munich

Proxyclick SA
Rue Saint-Hubert 17
B-1150 Brussels
Belgium

 

julitec GmbH
Flößaustraße 22 a
90763 Fürth

SnapEngage Inc.
1722 14th St.
Suite 220, Boulder,
CO 80302, USA

Papagena Projects GmBH
At the new Krahn 2
20457 Hamburg

For questions on data protection, your rights as affected parties, information and deletion requests, please contact our data protection officer
[email protected]

Status of this Privacy Policy May 2018

 

Recommended by 98% of reviewers

Recommended by 96% of reviewers

"Certificate of Excellence
Winner 2012–2023"

Germany’s best-rated show theatre*

*Based on the total number of 5-star reviews.

2024-12-20 16:38:55 | 1734712735

Datenschutzhinweis zum Chatbot

Mit der Verwendung des Chatbots werden die Datenübertragung des Chatverlaufs an den Chatbot-Betreibenden (BOTfriends GmbH) und die Datenspeicherung/-verarbeitung durch die BOTfriends GmbH akzeptiert. Nähere Informationen und die Widerrufsmöglichkeit hierzu sind in unserer DATENSCHUTZERKLÄRUNG zu finden.