Information on data protection for the websites and services of DERTICKETSERVICE.DE GmbH & Co. KG

Information on data protection for the websites and services of DERTICKETSERVICE.DE GmbH & Co. KG

In this privacy notice, DERTICKETSERVICE.DE GmbH & Co. KG, Große Neugasse 2, 50667 Cologne, Email: datenschutz@derticketservice.de, Tel.: 0221 / 280 271 710 (hereinafter "we", "us") informs you about how we, as the controller within the meaning of data protection law, process personal data about you during your visit to our website and its subpages, including the use of the ticket shops, when using our telephone hotline, our services such as print@homePLUS, or when using our customer service, as well as in our customer loyalty program.

1. What personal data do we collect from you?

Personal data includes all information about an identified or identifiable natural person that you provide to us or that is generated or collected by us. These are:

• "Registration Data": When you want to order tickets or other services through our ticket shop, you must register and open a customer account. During registration, you must enter your name and contact details (address, phone number, email address) and set a personal password.
• "Order Data": When ordering online or by phone, we process the data you provide and the content data generated about you, i.e., the contents and conditions of your order, delivery and billing addresses, and payment data. Depending on the type of ticket, we may collect additional data as specified by the event organizers. We also collect information about the time, scope, and possibly the location of your order.
• "Visitor Data": As part of ticket personalization, we may process personal data about you and other attendees for whom you purchase tickets (name and, if applicable, contact details such as email address or postal address) depending on the event organizer's requirements.
• "Health Data": When issuing personalized tickets, we may also process special categories of personal data, such as your health data, if you provided such information when purchasing a ticket (e.g., indicating that you are a wheelchair user, have allergies, or a disability).
• "Other Content Data": When using other services on our website, such as favorites and bookmarks, forms, customer surveys, or competitions, as well as subscribing to newsletters, we process the data you provide and the information generated about you.
• "Fare Ticket User Data": When using our print@homePLUS service, which includes a fare ticket for your Print@Home event ticket, we process the information necessary to issue the fare ticket - name and date of birth and/or address.
• "Customer Loyalty Program Data": When participating in the "FanBonus" loyalty program (https://www.koelnticket.de/campaign/agb-fanbonus), we process mandatory information such as (a) personal details (salutation, name, address, date of birth, valid email address), (b) order data from bookings made through affiliated DTS brand portals, event organizer partner shops, and DTS customer hotlines, and (c) your data from existing registrations under the same email address for other services (e.g., ticket alerts, service letters), as well as any additional data stored there (e.g., artist preferences). We also process voluntarily provided information such as phone or fax numbers, social media memberships, or interests in specific events or genres.
• "Usage Data": We create usage profiles under a pseudonym regarding your use of our website, allowing us to understand how our website is used.
• "Server Log Data": When you use our websites, data about this usage (such as the date and time of your visit, pages accessed, and requested files, the type and version of your web browser, the type and operating system of your device, and your IP address) is temporarily stored in a log file on our servers.
• "Call Recordings": When using our telephone hotlines, we may ask for your consent to record the conversation to improve our service quality.

2. For what purposes, on what legal basis, and for how long do we process your personal data?

2.1 Your Customer Account

When you register for a personal customer account, we process the registration data to set up and manage your account and handle future orders. As a registered customer, you have access to your personal account (using your email address and chosen password), where you can view your order history and save and change personal settings (e.g., password settings, billing and delivery settings, lists of favorite artists, venues, and events, bookmarks for events, newsletter settings) and access certain online services.

The legal basis for processing is our legitimate interest under Art. 6 (1) (f) GDPR in providing the "customer account" service described above or the performance of a usage contract with you (Art. 6 (1) (b) GDPR).

This data will be deleted when the registration on our website or the customer account is canceled or modified.

You can object to the processing of your data based on Art. 6 (1) (f) GDPR (under Art. 21 (1) GDPR), e.g., by email to the contact details provided in section 9. We can generally demonstrate compelling reasons to continue processing. However, for using a customer account, we will not do so, and the customer account will then be deleted and no longer available to you. Please note that we may retain data about orders visible in your customer account for longer (see section 2.2).

Please note that depending on the type of order on our websites, a customer account may also be created with one of our distribution partners.

2.2 Your Orders and Online Functions

We process your registration and order data (such as name, address, email address, delivery details, and other order information) to handle your order and deliver the ordered tickets and other services. We also process this data to provide you with available online functions (print@home, public transport tickets) depending on the type of ticket purchased. Additionally, depending on your chosen payment method, we or payment service providers commissioned by us (see 3.2.1) process the required payment information; for example, we store IBAN and BIC ourselves, while payment service providers store your credit card number. If you use our print@homePLUS service, the public transport ticket linked to your print@home entry ticket, we and the respective transport ticket provider process the user's name and date of birth and/or address to issue the ticket.

The legal basis for processing is the conclusion and fulfillment of the purchase contract for the ordered goods, Art. 6 (1) lit. b GDPR.

This data will be deleted when it is no longer required for contract execution (including customer service and warranty), unless we are legally obligated to retain it, e.g., due to commercial or tax retention obligations.

2.3 Personalized Tickets

If you purchase a ticket for yourself or another person (third party), we process visitor data for ticket personalization.

The processing of this data is for the purpose of contract execution with you based on Art. 6 (1) lit. b GDPR. If you provide third-party data when purchasing tickets, please ensure that the third party has been adequately informed by you about the data processing by us and that you are authorized to provide the data.

When issuing personalized tickets, we may also process your health data as a special category of personal data if you have provided such information when purchasing a ticket and consented to its processing. We process this data to enable you to access special price categories, event access options, and specific seating. Your data is processed based on your consent under Art. 6 (1) lit. a GDPR.

This data will be deleted when it is no longer required for contract execution (including customer service and warranty), unless we are legally obligated to retain it, e.g., due to commercial or tax retention obligations.

2.4 Your Inquiries

When you contact us via a contact form, email, or service phone, we process the information you provide, as well as any registration and order data we may have, to respond to your inquiry, along with your IP address and the date/time of your inquiry to prevent misuse of the contact form.

The legal basis for processing is our legitimate interest under Art. 6 (1) lit. f GDPR in providing the "inquiries" service described above. If your inquiry aims to initiate or process (including customer service or warranty) a contract, an additional legal basis for processing is Art. 6 (1) lit. b GDPR.

You can object to the processing of your data based on Art. 6 (1) lit. f GDPR. We may then continue processing if we can demonstrate compelling reasons. This may be particularly necessary to document past communication and inquiries with you. If no such compelling reasons exist, we will cease communication with you and delete already collected data.

This data will be deleted when our communication with you is concluded, i.e., when the matter has been fully clarified and no further legitimate interests for storage exist or no legal obligations for storage apply.

2.5 Call Recordings

If you contact us via our telephone hotlines, we may ask for your permission to record the conversation. You can choose to consent or decline. The recordings are used to train our employees and improve our service quality. They are deleted no later than 3 months after recording.

The legal basis for processing is your consent under Art. 6 (1) lit. a GDPR.

2.6 Competitions

If you participate in one of our competitions, we use your information (name, email address, and any other necessary details) to conduct the competition, especially to inform and send you any prizes.

The legal basis for processing is your consent given upon entering the competition (Art. 6 (1) lit. a GDPR). Your data will be deleted once the competition is over and prizes have been distributed. Further use of your data for other purposes, such as advertising, will only occur if you have explicitly consented.

2.7 Customer Surveys

We occasionally invite our customers to participate in surveys to continuously improve our products and services to meet your needs. We use your registration data to contact you and analyze your responses.

We process your personal data based on our legitimate interest in improving our products and services, pursuant to Art. 6 (1) lit. f GDPR. Further use of your data for other purposes, such as advertising, will only occur if you have explicitly consented.

When receiving our customer surveys, we analyze and document whether you open the surveys and how you interact with them. We process your personal data based on our legitimate interest in tailoring our surveys to your needs, pursuant to Art. 6 (1) lit. f GDPR.

2.8 Customer Loyalty Program "FanBonus"

If you voluntarily participate in our "FanBonus" loyalty program (https://www.koelnticket.de/campaign/agb-fanbonus), we process your loyalty program data to (a) calculate and display the bonuses granted within the program based on your bookings, (b) offer you exclusive benefits for participants, and (c) send you product information tailored to your stored or likely interests based on your customer history, such as newsletters, program booklets, or exclusive offers and surprises from us and our partners like event organizers.

The legal basis for processing is your consent given during registration (Art. 6 (1) lit. a GDPR), the existence of a contract for participation in the loyalty program (Art. 6 (1) lit. b GDPR), and our legitimate interests (Art. 6 (1) lit. f GDPR).

Voluntarily provided information can be queried, deleted, or changed by participants at any time. The remaining data is required for participation in the loyalty program and can be corrected at any time; however, deleting this data will result in the termination of participation in the program. Complete deletion may be subject to legal retention obligations (e.g., booking data for granted bonuses).

2.9 Advertising and Product Development (Usage Data, Newsletters, etc.), Right to Object

We want to use the data you have entered or generated during your use of our websites or other services to inform you about our products and services related to our ticket range for various events and associated services (advertising) or to improve our offerings and services (product development).

2.9.1 Anonymized Usage Data

We use anonymized or aggregated data obtained through analysis tools to understand the browsing behavior of all visitors and improve the design of our website and our assortment in general. For details on analysis tools, see section 4 below.

The legal basis for processing is our legitimate interest in improving and developing our products under Art. 6 (1) lit. f GDPR. You can object to the processing of your data under Art. 6 (1) lit. f GDPR or technically prevent it (see section 4 below). We may continue processing if we can demonstrate compelling reasons. Please note that it is not possible to change already anonymized data retrospectively.

2.9.2 Personalized or Pseudonymized Usage Data

We also use your usage data in a pseudonymized manner to understand your browsing behavior and improve the offerings displayed to you or show you tailored information.

The legal basis for processing is our legitimate interest in improving and developing our products under Art. 6 (1) lit. f GDPR. You can object to the processing of your data under Art. 6 (1) lit. f GDPR or technically prevent it (see section 4 below). We may continue processing if we can demonstrate compelling reasons.

2.9.3 Direct Marketing

On our website, you can subscribe to a free newsletter. The data collected during registration will be processed (mandatory fields are necessary for receipt, optional data serves to personalize the address and select the displayed information).

By email, we contact you with information, offers, and promotional campaigns tailored to you and your interests or usage, either based on your explicit consent or, if you purchase similar goods or services from us and provide your email address, also without separate consent. We process data about your usage behavior after we have sent you emails (e.g., click behavior).

By phone, we contact you only with your explicit consent with information, offers, and promotional campaigns tailored to you and your interests or usage.

By postal mail, we may contact you without consent, as legally permitted, with information, offers, and promotional campaigns tailored to you and your interests or usage.

You can object to the use of your personal data for direct marketing purposes and the associated contact methods at any time, in whole or in part, or revoke any consent given. You will incur no costs other than the transmission costs according to the base rates.

The legal basis for processing is your consent (Art. 6 (1) lit. a GDPR) and our legitimate interests (Art. 6 (1) lit. f GDPR), possibly in connection with Section 7 (3) UWG.

This data will be deleted after your objection or revocation of any consent given or at the latest after the end of our use. If necessary, we will store the fact of your objection to prevent further contact.

2.10 Provision of the Website and Services

2.10.1 Server Log Files

The processing of server log data is required for the provision of the websites and services for technical reasons and subsequently to ensure system security.

The legal basis for processing is our legitimate interest in providing the website with our services (Art. 6 (1) lit. f GDPR). This processing is essential for the use of our website, therefore there is no right to object.

This data will be deleted no later than 14 days after collection.

The server log data may then be analyzed in an anonymized form for statistical purposes and to improve the quality of our online presence. There will be no connection of the server log data with your personal data or merging of the server log data with other personal data sources.

2.10.2 Content Delivery Network

To optimize the delivery of the content on our website and to improve system security, we also use a content delivery network operated by Akamai as our service provider. Further information can be found below in section 3.1.

Here too, the legal basis for processing is our legitimate interest in providing the website with our services (Art. 6 (1) lit. f GDPR). This processing is essential for the use of our website, therefore there is no right to object.

3. Data Sharing

3.1 Sharing Data with Processors

We sometimes engage service providers in accordance with legal requirements through data processing agreements, i.e., based on a contract acting on our behalf, according to our instructions, and under our control.

Processors include in particular:

• our parent company Eventim AG or other affiliated companies for various services such as telephone hotlines, customer service, social media presence, search engine optimization, or the dispatch of newsletters;
• technical service providers we use for the provision of the website, e.g., service providers for software maintenance, data center operations, and hosting;
• Akamai as a service provider for providing a so-called Content Delivery Network ("CDN"). CDN means that requests to our website are initially routed through servers operated by Akamai Technologies, Inc., 150 Broadway, Cambridge, 02142 MA, USA, primarily located in the EU, to improve response times and enhance stability and security. Should personal data (such as IP addresses) be transferred to the USA, an adequate level of data protection is guaranteed through the use of EU Commission-approved standard contractual clauses. Akamai primarily forwards this data on our behalf and processes it only to the extent necessary for service provision. Additionally, Akamai may process data for providing, maintaining, developing, and improving services (including detecting and mitigating online security threats). For more details, see: https://www.akamai.com/de/de/privacy-policies/;
• technical service providers we use for providing functionalities, such as technically necessary cookies;
• service providers for the practical implementation of advertising and marketing, such as email dispatch and analytics cookies providers;

In these cases, we remain responsible for the data processing; the transfer and processing of personal data to or by our processors are based on the legal grounds that permit us to process the data. No separate legal basis is required.

3.2 Data Transfer to Third Parties

We sometimes transfer your data to third parties, i.e., partners with whom we collaborate outside of data processing agreements. These partners provide their services as independent data controllers; their data protection notices exclusively apply to the processing of your data by these partners.

3.2.1 Payment Service Providers

To process your orders, we transfer payment information to payment service providers who handle the payment transactions associated with the orders. This includes GiroSolution, KPS Payment, PayPal, and your credit institution. The legal basis for the transfer is the performance of the contract with you, Art. 6 (1) lit. b GDPR.

3.2.2 Logistics Companies

For the shipment of goods, we transfer your address and contact details, as necessary, to postal and parcel delivery companies. The legal basis for the transfer is the performance of the contract with you, Art. 6 (1) lit. b GDPR.

3.2.3 Public Transport Ticket Providers

If you use our print@homePLUS service, which includes a public transport ticket with your Print@Home entry ticket, we transfer the data necessary for issuing the ticket to the respective transport ticket provider. The legal basis for the transfer is the performance of the contract with you, Art. 6 (1) lit. b GDPR.

3.2.4 Ticket Insurance

If you purchase ticket insurance on our websites, we transfer the required data, i.e., registration data and information about the tickets you ordered, to the insurance company specified when selecting the "ticket insurance" service. The legal basis for the transfer is the conclusion and performance of the contract with you, Art. 6 (1) lit. b GDPR.

3.2.5 Event Organizers / Venue Operators

We sometimes transfer your contact and order data (name, address, email, booked tickets) and any additional information for personalized tickets to event organizers and/or venue operators so they can (a) send you further helpful information for attending the event (e.g., directions and parking options) via email before the event for which you purchased a ticket, (b) inform you of program changes, (c) conduct entry checks, and (d) respond to or evaluate any service inquiries you have made. In the case of (d) (your service inquiries), we may also transfer information necessary for refunds, such as your bank details, to the responsible event organizer or venue operator. The legal basis for the transfer is the performance of the contract between the organizers and you, according to Art. 6 (1) lit. b GDPR, or their legitimate interest according to Art. 6 (1) lit. f GDPR.

The event organizers and/or venue operators are independently responsible for data processing, and their data protection policies apply. We indicate the organizer in the ticket shop when you place an order.

3.2.6 Distribution Partners

If you purchase our services through websites operated by our distribution partners, we may share your contact and order data (name, address, email, booked tickets) with these partners so they can offer their own services related to your ticket order, such as providing their own customer service. If these distribution partners offer a loyalty program in which you participate, such as the AboCard or the RP PremiumCard, they use your information for the billing and booking processes necessary for the respective loyalty program. The legal basis for the transfer is the performance of the contract between the distribution partners and you according to Art. 6 (1) lit. b GDPR, or their legitimate interest according to Art. 6 (1) lit. f GDPR.

3.2.7 Debt Collection Agencies

If we have outstanding claims against you, we will notify you via email, mail, or phone and may send you a reminder. If payment remains outstanding, a debt collection process will be initiated.

The debt collection process is carried out by a debt collection agency commissioned by us. To the extent necessary for conducting the debt collection process, the agency may perform address investigations, access public registers, and collect additional information about you required for the debt collection process.

We process your personal data for the purpose of contract execution and fulfillment with you based on Art. 6 (1) lit. b GDPR and due to our legitimate interests in preventing misuse of our services and enforcing our legal claims, including debt collection, based on Art. 6 (1) lit. f GDPR.

3.2.8 Google reCaptcha

We occasionally use Google reCaptcha v2 on our websites. reCaptcha is a service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) and is used to prevent abusive automated entries in web forms and thus protect the technical systems.

When you access one of our websites where reCaptcha is integrated, a connection to Google's servers is established. A reCaptcha cookie is set, and your IP address is transmitted to Google.

Additionally, reCaptcha collects the following data through "fingerprinting":

• used browser plugins
• cookies set by Google in the last 6 months
• number of mouse clicks and touches you have made on this screen
• CSS information of the page being accessed
• JavaScript objects
• the date
• the browser language

The storage and analysis of the data are based on Art. 6 (1) lit. f GDPR. As the website operator, we have a legitimate interest in protecting our web offerings from abusive automated spying and SPAM.

If personal data is transferred to Google in the USA, this is based on the EU Commission's adequacy decision for companies that have committed to complying with the EU-US Data Privacy Framework. Google has assured compliance and certified it accordingly, ensuring an adequate level of protection for your personal data. You can prevent the storage of cookies and fingerprinting by selecting the appropriate technical settings in your browser software; however, please note that in this case, you may not be able to fully use all functions of this website.

The privacy policy and terms of use of Google can be found here: https://www.google.com/policies/privacy/ and here: https://policies.google.com/terms.

4. Cookies and Web Analytics

4.1 What are Cookies?

To make our websites as user-friendly as possible and to increase the relevance of our advertising for visitors to our websites, we and our partners use so-called "cookies." Cookies are small files that are stored on a visitor's hard drive. They allow information to be retained over a certain period and the visitor's computer to be identified. This is sometimes done using so-called tracking pixels, which are not stored on the visitor's hard drive but can assist in identifying the computer in the same way as a cookie. In the following, the term "cookie" encompasses both technical cookies and tracking pixels and similar technical methods.

When you visit our websites for the first time, you will see a privacy notice on your entry page, along with options for managing cookies. If you continue to use the websites without objecting to the use of cookies, this consent will be stored in your browser so that we do not have to display this notice on every page. If this notice is missing from your browser, it will be displayed again on a subsequent visit to our websites after you have cleared your browser history, including the set cookies.

4.2 Which Cookies Do We Use, On What Legal Basis, and For How Long?

We use three categories of cookies on our websites: (1) technically necessary cookies, without which the functionality of our websites would be limited, (2) optional analytics cookies, and (3) optional targeting or advertising cookies:

4.2.1 Technically Necessary Cookies

These cookies are essential to enable you to move around our websites and use their features. For example, they store which products you have placed in your shopping cart or the progress of your order process, or they enable you to easily search for retailers where you can purchase our products (e.g., by displaying a map of your surroundings). These cookies do not collect information about you that could be used for marketing purposes or store where you have been on the internet. Disabling this category of cookies would limit the functionality of the websites as a whole or parts of them.

The legal basis for processing is our legitimate interests (Art. 6 (1) lit. f GDPR).

These cookies are session-specific and expire after your visit to the website (session).

4.2.2 Analytics Cookies / Google Analytics

Analytics cookies collect information about how visitors use a website in general, such as which pages they visit most frequently and whether they receive error messages from web pages. All information collected through these cookies is used solely to understand and improve the functionality and service of the website.

(a) We use Google Analytics 360, a web analytics service provided by Google Ireland Limited ("Google"), to collect aggregated data that allows us to analyze the use of our websites and helps us improve the quality, effectiveness, and performance of our websites. The information generated by the cookies about your use of our websites is usually transmitted to and stored on a Google server in the USA, operated by Google in Europe. This data transfer is based on an adequacy decision of the EU Commission (EU-US Data Privacy Framework), ensuring an adequate level of protection for your personal data.

The use of Google Analytics 360 collects the following data:

• IP address (anonymized in the EU)
• Device information (e.g., operating system, browser type, screen resolution)
• Usage data (e.g., pages visited, time spent, click behavior)
• Referrer data (e.g., referrer URL, campaign parameters)
• Location data (based on the IP address, if enabled)
• Session and interaction data (e.g., scroll depth, events, downloads)
• E-commerce data (e.g., transaction values, purchased products, cart abandonment)
• Demographic characteristics and interests (if enabled and consented)
• User-ID data (if enabled, for recognizing users across multiple devices)
• Cookies and tracking technologies (e.g., Google Analytics cookies for recognizing users)

The legal basis for processing is your consent (Art. 6 (1) lit. a GDPR).

We anonymize your IP address on servers located in the EU before transmitting it to a Google server in the USA, provided you are located within the European Union or other contracting states of the European Economic Area agreement.

For more information on Google Analytics 360's terms of use and privacy, please visit:

https://support.google.com/analytics/answer/6004245

(b) Cookies are set for the following purposes:

Cookies and the information stored in them can be deactivated or deleted by you at any time (see section 4.4).

4.2.3 Targeting and Advertising Cookies

Targeting and advertising cookies are used to tailor advertising more specifically to you and your interests. They also help limit how often you see the same advertisement, measure the effectiveness of an advertising campaign, and understand the behavior of individuals after viewing an ad. These cookies are usually placed on the website by advertising networks with the consent of the website operator (i.e., us). They recognize that a user has visited a website and pass this information on to others, such as advertising companies, or adjust the advertising accordingly. Often, they are linked to website functionalities provided by these companies. We use these cookies to establish connections with social networks that can then use the information about your visit to tailor advertisements on other websites to you, and to provide the advertising networks we use with information about your visit so that later, you are shown advertisements that may genuinely interest you based on your browsing behavior.

(a) We use TikTok Pixel for retargeting, conversion tracking, and personalized advertising. This service is provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both referred to as "TikTok").

The TikTok Pixel is a snippet of JavaScript code that enables us to understand and track the activities of visitors on the provider's website. The TikTok Pixel collects and processes information about the visitors of the website or the devices they use.

The data collected via TikTok Pixel is used to target our advertisements and improve ad delivery and personalized advertising. The data collected on our website through the TikTok Pixel is transmitted to TikTok. This transmission, if made to TikTok Information Technologies UK Limited, is based on an adequacy decision of the EU Commission.

Some of this data includes information stored on your device. Additionally, cookies are used via the TikTok Pixel to store information on your device.

The following data is collected from you by or through the use of the TikTok Pixel:

• Server log data
• Geographical location
• User behavior, including usage and click behavior, and search terms
• Interactions with advertisements, services, products
• Device data such as screen resolution, browser language
• TikTok ID

The legal basis for processing is your consent (Art. 6 (1) lit. a GDPR).

This data collection and transmission is carried out by us and TikTok as joint controllers. We have an agreement with TikTok regarding joint processing, outlining the distribution of data protection obligations between us and TikTok. In this agreement, both parties have agreed, among other things, that:

• we are responsible for providing you with all information pursuant to Art. 13, 14 GDPR regarding the joint processing of personal data;
• TikTok is responsible for enabling data subjects' rights under Art. 15 to 20 GDPR regarding the personal data stored by TikTok after joint processing.

You can access the agreement between us and TikTok at https://ads.tiktok.com/i18n/official/article?aid=300871706948451871.

TikTok is solely responsible for any subsequent processing of the event data transmitted. For more information on how TikTok processes personal data, including the legal basis TikTok relies on and how you can exercise your rights with TikTok, please refer to TikTok's privacy policy at https://www.tiktok.com/legal/privacy-policy?lang=de-DE.

(b) The following cookies are set for the following purposes:

Cookies and the information stored in them can be deactivated or deleted by you at any time (see section 4.4).

4.3 Consent Banner

To display the cookies and pixels used via a consent banner directly on our website, and to provide advanced settings under "Cookie Settings" as required by law and to store your preferences, we use the services of Sourcepoint CMP, New York, USA.

When you confirm or disable the use of specific offerings via our consent banner and "Cookie Settings," we store this preference via a consent cookie on your device. Even though Sourcepoint is based in the USA, no personal data is transferred there, as the script is embedded locally.

We process the following data from you when providing the functions of the consent banner:

• Server log data
• Geographical location
• Consent ID
• Timestamp of the declaration and the selected preference

The legal basis for processing is Art. 6 (1) lit. c GDPR.

The declaration data (consent, refusal, withdrawal of consent) are stored for 365 days and then deleted.

You can see which cookies are set on this page: https://docs.sourcepoint.com/hc/en-us/articles/4405387989011-Cookies-and-local-storage-Web

Sourcepoint creates the overviews according to the IAB-TCF standard. We always use the current "Transparency & Consent Framework" of IAB Europe.

4.4 How to Disable Cookies?

You can selectively disable individual cookies via the links provided in the table below (opt-out options).

Disabling these categories of analytics, targeting, and advertising cookies does not affect the functionalities of our websites. Currently, we use cookies of this category from the following providers, where you can find information about the cookies and their names and directly object to the use of cookies:

Finally, you can also block the use of cookies entirely by adjusting the cookie settings in your browser accordingly. However, please note that in this case, the functionality of our websites may be limited if technically necessary cookies are also blocked.

For example, on the website www.youronlinechoices.com, you can find more information about cookies and individual providers. There, you also have the option to object to usage-based online advertising through individual or all tools. To go directly to the preference manager, please click here

In our cookie consent tool, you will find a complete list of third-party cookies used on our pages.

If you prefer to receive more information about these cookies from us, please contact us via email: datenschutz@derticketservice.de

5. Links

We use links to other online presences of ours on third-party websites and services, such as social media channels like Facebook, Twitter, or Instagram. The respective third parties are solely responsible for the data processing on such other providers' websites, and their privacy policies apply.

Data Transmission to Social Networks and Embedding of Third-Party Content

5.1 Social Plugins from Facebook

This website uses social plugins ("recommend buttons") from the social network Facebook, operated by Meta Platforms Ireland Ltd., Merrion Road Dublin 4, Dublin D04 X2K5 ("Facebook"). The buttons are marked with a Facebook logo.

To protect your privacy, you must first activate each such button on our pages; inactive buttons appear in gray. The legal basis for activating the social plugins is your consent in accordance with Art. 6 (1) lit. a) GDPR.

When you activate the button, your browser establishes a direct connection to Facebook's servers. The content of the button is transmitted by Facebook directly to your browser and integrated into the website.

By embedding the button, Facebook receives information about when you accessed the corresponding page of our website, your IP address, details about the browser you use, your operating system, and language settings. If you click the recommend button, your click will be transmitted to Facebook and used according to Facebook's privacy policy. The data transfer occurs regardless of whether you have a Facebook account and are logged in. If you are logged into Facebook, Facebook can associate your visit to our website with your Facebook account. If you do not want this, you must log out before visiting.

Any transfer to Facebook in the USA is based on an adequacy decision of the EU Commission.

For information on the purpose and scope of data collection and further processing and use of the data by Facebook, as well as your rights and settings options to protect your privacy, please refer to Facebook's privacy policy: currently available at https://www.facebook.com/about/privacy/.

If you do not want Facebook to collect data about you through our website, do not activate the data transmission to Facebook.

5.2 Social Plugins from X

This website uses social plugins ("buttons") from the social network www.x.com ("X"), operated by Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. The X button can be recognized by the X logo on our page.

To protect your privacy, you must first activate each such button on our pages; inactive buttons appear in gray. The legal basis for activating the social plugins is your consent in accordance with Art. 6 (1) lit. a) GDPR.

When you activate the button, your browser establishes a direct connection to X's servers. The content of the button is transmitted by X directly to your browser and integrated into the website.

We have no influence on the scope of the data that X collects with the button. By embedding the buttons, X may receive information about when you accessed the corresponding page of our website, your IP address, details about the browser you use, your operating system, and language settings.

If you click the button, your click will be transmitted to X and used according to X's privacy policy. The data transfer occurs regardless of whether you have an X account and are logged in. If you are logged into X, X can associate your visit to our website with your X account. If you do not want this, you must log out before visiting.

Any transfer to X in the USA is based on an adequacy decision of the EU Commission.

For information on the purpose and scope of data collection and further processing and use of the data by X, as well as your rights and settings options to protect your privacy, please refer to X's privacy policy, currently available at https://x.com/de/privacy.

If you do not want X to collect data about you through this website, do not activate the data transmission to X.

5.3 Embedding of Spotify Plugins

Our website uses plugins from "Spotify," an audio streaming platform operated by Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden.

We use Spotify by embedding individual audio files, albums, or playlists from the platform on our website as so-called iframes ("embedding"), allowing them to be played directly on our website as a stream. When you visit a subpage of our website where a Spotify plugin is embedded, a connection to Spotify's servers is established, and the plugin is displayed within our website. Spotify then receives information that our website was accessed via your IP address. If you play an embedded audio file, album, or playlist, this information is also transmitted to Spotify. If you are logged into Spotify as a user, Spotify assigns this data to your user account. If you do not want Spotify to associate your visit to our pages with your Spotify user account, please log out of your Spotify user account. Spotify uses this data, among other things, to unlock content, record your interactions and preferences, such as player settings, and to control and measure the display of ads.

The processing is carried out to provide you with playable audio files, albums, or playlists directly on our website, thereby increasing the attractiveness and user-friendliness of our website.

The legal basis for embedding the Spotify player and the associated data processing is your informed consent (Art. 6 (1) lit. a) GDPR). You give this consent via our consent banner. You have the right to revoke your consent at any time. The lawfulness of the processing carried out based on the consent until the revocation remains unaffected by the revocation.

Your data may be transferred to Spotify AB, which may process it on servers outside the EU. In this case, Spotify has committed to taking special measures to ensure an adequate level of data protection, such as concluding the European Commission's standard contractual clauses.

For more information, please refer to Spotify's privacy policy at: https://www.spotify.com/de/legal/privacy-policy/.

5.4 Embedding YouTube Videos

Our website uses services from "YouTube," a video platform operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google").

We use YouTube by embedding individual videos from the platform on our website as so-called iFrames ("embedding"), making them directly playable on our website. The "Enhanced Privacy Mode" option is enabled. This means no personal data is transmitted to Google unless you play the videos. Only by actively playing a video will data be transferred to Google. When you play an embedded video on a subpage of our website, your IP address, along with the date and time, will be transmitted to Google, as well as information about the website you visited and the video you watched. By clicking on an embedded YouTube video, a separate notice window will appear, where you can give your explicit consent for the data transmissions and cookie usage required for playback. If you have previously selected the use of functional cookies or all cookies/functions in the cookie banner, this separate notice window will not appear. Any selection in the notice window or cookie banner will be stored for future website visits. We have no influence over the type, scope, and duration of the data processed by YouTube, the nature of processing and usage, or the transfer of this data to third parties. The data processing is the responsibility of YouTube. If you are simultaneously logged in as a YouTube or Google user, YouTube or Google assigns this connection information to your user account. If you wish to prevent this, you must log out of your user account before visiting our website or adjust the relevant settings in your user account. Google stores your data as user profiles and uses them for advertising purposes, market research, and/or the demand-oriented design of Google websites. You have the right to object to the creation of these user profiles, and you must contact Google directly to exercise this right.

The processing is carried out to provide you with videos directly on our website, thereby increasing the attractiveness and user-friendliness of our website.

The legal basis for embedding YouTube videos and the associated data processing is your informed consent (Art. 6 (1) lit. a) GDPR). You give this consent by confirming the play button on the graphical preview of the YouTube video. You have the right to withdraw your consent at any time. The legality of the processing carried out based on the consent until the withdrawal remains unaffected by the withdrawal.

Embedding YouTube videos transmits personal data to YouTube or Google. Google also processes your personal data in the USA. Google participates in the EU-US Data Privacy Framework, which regulates the proper and secure transfer of personal data of EU citizens to the USA. Google also uses so-called standard contractual clauses to ensure compliance with the European data protection level, even if your personal data is stored and processed in the USA.

For more information, please refer to YouTube's or Google's privacy policies: https://policies.google.com/privacy?hl=en.

5.5 Embedding Instagram Feeds

Our website uses services from "Instagram," a social platform operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

We use Instagram by embedding posts from the platform on our website, making them directly visible on our website. As soon as you visit a page with an embedded Instagram feed, a connection to Instagram's servers is established. In this process, your IP address and information about which of our web pages you visited will be transmitted to Instagram. This occurs regardless of whether you click on the Instagram embedding or not. If you are logged into Instagram, Instagram can associate this information with your user account. You can prevent this by logging out of your Instagram account before visiting our website.

The processing is carried out to provide you with Instagram posts directly on our website, thereby increasing the attractiveness and user-friendliness of our website.

The legal basis is your informed consent according to Art. 6 (1) lit. a) GDPR. You give this consent via our consent banner. You have the right to withdraw your consent at any time. The legality of the processing carried out based on the consent until the withdrawal remains unaffected by the withdrawal.

Instagram also processes your personal data in the USA and has submitted to the EU-US Data Privacy Framework, which regulates the proper and secure transfer of personal data of EU citizens to the USA.

For more information on data protection at Instagram, please visit https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

6. Security

We and our service providers take technical and organizational security measures to protect your personal data managed by us against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our data processing and security measures are continuously improved in line with technological developments.

When transmitting your personal data to us, encryption via Secure Socket Layer (SSL) is used. Personal data exchanged between you and us or other involved companies is generally transmitted over encrypted connections that comply with the current state of technology.

Our employees and commissioned service providers are, of course, obligated to maintain confidentiality.

7. Your Rights to Access, Rectification, Blocking, or Deletion

Every natural person whose personal data we process has the following rights towards us (subject to the respective conditions):

• If you have questions about the processing of your personal data by us, we will gladly provide you with free information about the data stored about you at any time (Art. 15 GDPR).
• You have the right to correct incorrect data and complete incomplete data (Art. 16 GDPR).
• You have the right to block/restrict processing or delete your personal data that is no longer needed or stored due to legal obligations (Art. 17, 18 GDPR).
• You have the right to data portability in a structured, common, and machine-readable format if you provided us with the data based on consent or a contract between us and you (Art. 20 GDPR).
• You have the right to object to the processing of your data for direct marketing purposes at any time (see also section 2.5, Art. 21 (2) and (3) GDPR).
• You have the right to object to processing based on a legitimate interest, in which case we can present our compelling reasons (Art. 21 (1) GDPR). We have indicated above (see section 2) when this right exists.
• If you have given consent to data processing, you can withdraw this consent at any time with future effect, i.e., the lawfulness of the data processing up to the withdrawal remains unaffected. After withdrawing consent, you may no longer be able to use our services.

Please contact us with your concerns in writing (keyword: data protection) or by email at the contact details provided in section 9. We reserve the right to verify your identity to ensure that your personal data is not disclosed to unauthorized persons.

You also have the right to lodge a complaint with a data protection supervisory authority.

8. Data Protection Officer

You can contact our Data Protection Officer as follows:

DERTICKETSERVICE.DE GmbH & Co. KG
Data Protection Officer
Große Neugasse 2
50667 Cologne

Email: datenschutz@derticketservice.de

Phone: 0221 / 280-4272

9. Changes

From time to time, it is necessary to adjust the content of this privacy notice. We, therefore, reserve the right to change it at any time. We will also publish the amended version of the privacy notice at this location. Therefore, you should read the privacy notice again when you visit us again.

As of: 31.01.2025