I. Introduction and terms
By operating our ticket shop with the URL https://tickets.hoemepage.com/seller/reeperbahn-festival-k75w (hereinafter referred to as "website"), we process personal data. We treat this data confidentially and process it in accordance with the applicable laws - in particular the German Data Protection Regulation (DSGVO), the German Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG). With these data protection regulations, we want to inform you about what personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain to you what rights you have to protect and enforce your data protection.
Our data protection provisions contain technical terms that are in the DSGVO and the BDSG. For your better understanding, we would like to explain these terms in simple terms in advance:
2.1 Personal data
"Personal data" is any information relating to an identified or identifiable person (Art. 4 No. 1 DSGVO). Information of an identified person can be, for example, the name or the e-mail address. However, personal data is also data where the identity is not immediately apparent, but can be determined by combining one's own information or that of others and thus finding out who it is. A person can be identified, for example, by providing your address or bank details, your date of birth or user name, your IP addresses and/or location data. Relevant here is all information that in any way allows a conclusion to be drawn about a person.
Article 4 No. 2 of the DSGVO defines "processing" as any operation relating to personal data. This applies in particular to the collection, recording, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or other form of making available, alignment or combination, restriction, erasure or destruction of personal data.
II. data controller and data protection officer
3. person responsible
The person responsible for data processing is:
Company: RBX GmbH ("we")
Legal representative: Alexander Schulz (Managing Director)
Address: Neuer Pferdemarkt 1, 20359 Hamburg, Germany
Telephone: + 49 (0) 40 43 17 959-17
4. data protection officer
We have appointed an external data protection officer for our company. You can reach him under:
Name: Reinher Karl
Address: HABEWI GmbH & Co. KG, Palmaille 96, 22767 Hamburg, Germany
Telephone: 040/ 46008966
Fax: 040/ 46008977
E-mail: [email protected]
III. processing frame
5. processing frame: Ticketshop
In our online ticket shop you can purchase tickets for the Reeperbahn Festival and the Reeperbahn Festival Conference. Within the framework of the ticket shop, we process the personal data of you listed in detail below in section IV. We only process data from you that you actively provide on the website (e.g. by filling in forms) or that you automatically provide when using our offer.
Your data will only be processed by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the client are authorised to issue instructions to our contractors. Our ticket shop is operated on the shop system of the external service provider Höme - Für Festivals GmbH, Am Krögel 2, 10179 Berlin, https://hoemepage.com. Höme hosts our ticket shop with the external provider Amazon Web Services (AWS) at the data centre location in Germany. All data collected on the ticket shop is processed on Höme's servers.
If further external service providers are used for individual processing operations listed in section IV, they will be named there.
As a matter of principle, we do not transfer data to third countries and do not plan to do so. We will provide information on exceptions to this principle in the processing operations described below. Any data transfer to third countries will then take place on the basis of the so-called EU standard contractual clauses.
IV. Processing in detail
(opens in a new tab)6. purchasing
6.1 Description of the processing
You can shop in our online ticket shop as a guest. As part of your ordering process, we process personal data from you. The mandatory fields marked with an asterisk "*" in our online shop must be completed by you. Otherwise it is not possible for us to conclude a purchase contract with you and to send you the desired goods. All other information is voluntary. When shopping in our ticket shop, you can also choose one of the payment methods offered (PayPal, instant bank transfer via Stripe and credit card via Stripe) to settle the purchase price. When you complete your order, the data required for payment will be passed on to the respective payment service provider.
The processing is carried out for the conclusion and settlement of purchase contracts.
6.3 Legal basis
The processing is necessary for the conclusion and fulfilment of the purchase contracts (Art. 6 para. 1 lit. b DSGVO). This also applies to the transfer of the data required for the processing of payments to the respective payment service providers.
6.4 Storage period
Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, we restrict processing after two years. This means that your data will then only be stored separately for the purpose of complying with the statutory retention periods and will be deleted immediately upon their expiry.
In order to process your payment, personal data will be passed on to one of the external payment service providers listed below and selected by you in the course of your purchase:
PayPal: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal reserves the right to transmit personal data to credit agencies under certain circumstances for the purpose of checking identity and creditworthiness. Further information on data protection at PayPal can be found at www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.
Credit Card: Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. For more information on Stripe's data protection, please visit https://stripe.com/de/privacy.
7. further data processing
For information on further data processing, e.g. cookies used, statistical services, etc. on the ticket shop website, please refer to the supplementary data protection provisions of the shop service provider Höme: https://tickets.hoemepage.com/dataprivacy.
V. Your rights
8. data subject rights
With regard to the data processing by our company described above, you are entitled to the following data subject rights:
8.1 Information (Art. 15 DSGVO).
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 DSGVO under the conditions specified in Art. 15 DSGVO.
8.2 Correction (Art. 16 DSGVO)
You have the right to request that we correct any inaccurate personal data relating to you without undue delay and, where applicable, to complete any incomplete personal data.
8.3 Deletion (Art. 17 DSGVO)
You have the right to demand that we delete personal data concerning you without delay, provided that one of the reasons listed in detail in Art. 17 DSGVO applies, e.g. if your data is no longer required for the purposes pursued by us.
8.4 Restriction of data processing (Art. 18 DSGVO)
You have the right to request us to restrict processing if one of the conditions listed in Art. 18 DSGVO applies, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data.
8.5 Data portability (Art. 20 DSGVO)
You have the right, under the conditions set out in Art. 20 DSGVO, to request that the data relating to you be handed over in a structured, common and machine-readable format.
8.6 Withdrawal of consent (Art. 7 (3) DSGVO)
You have the right to revoke your consent at any time in the case of processing based on consent. The revocation applies from the time it is asserted. In other words, it is effective for the future. The processing does not therefore become unlawful retroactively as a result of the withdrawal of consent.
8.7 Complaint (Art. 77 DSGVO)
If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. You may exercise this right before a supervisory authority in the EU Member State of your residence, place of work or the place of the alleged infringement.
8.8 Prohibition of automated decisions/profiling (Art. 22 DSGVO)
Decisions which have legal effects concerning you or which significantly affect you must not be based solely on automated processing of personal data - including profiling. We inform you that we do not use automated decision-making, including profiling, with regard to your personal data.
8.9 Right to object (Art. 21 DSGVO).
If we process personal data of yours on the basis of Art. 6(1)(f) DSGVO (to protect overriding legitimate interests), you have the right to object to this under the conditions set out in Art. 21 DSGVO. However, this only applies insofar as there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defence of legal claims. In any case - also irrespective of a specific situation - you have the right to object at any time to the processing of your personal data for direct marketing.
Status: September 2022