Customer Login

Data protection information for contractual partners

This data protection information provides information on the processing of personal data pursuant to the GDPR (General Data Protection Regulation) within the framework of our relationships to (future) contractual partners (such as event organizers, ticket outlets, sports clubs, theaters and opera houses; referred to below as “contractual party”, “you” or “your”) by CTS EVENTIM Solutions GmbH (referred to below as “EVENTIM”, “we” or “us”) when visiting this website and within the framework of ordering and using our products and services.

 

1. Scope, controller and definitions

 

1.1.          Scope of this data protection information

 

1.      This data protection information applies to the use of this website and the processing of your data in connection with ordering and using our services and products. You can retrieve, save and print this data protection information at any time from this website at no charge. If you are a contractual party who is a legal entity or becomes one, this data protection information only applies to a restricted degree (GDPR only applies to the data of natural persons). If necessary, you should inform your employees accordingly.

 

2.      If reference is made to this data protection information on websites, this only concerns the data processing on websites as defined by Section 1.1.1. Other websites are not within the scope of this data protection information and present their own specific data protection information.

 

1.2.          Controller of your personal data 

 

CTS EVENTIM Solutions GmbH

Contrescarpe 75 A

28195 Bremen

Email: kundenservice@eventim.de

Phone.: +49 1806 - 533 933 (EUR 0.20/call incl. VAT from fixed networks, max. EUR 0.60/call incl. VAT from mobile networks)

 

1.3.          Definitions

 

This data protection information is based on the following legal terms found in data protection legislation that we have defined below to aid understanding:

 

1.      GDPR is the General Data Protection Regulation (Regulation (EU) 2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive).

 

2.      Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing. Depending on the payment method chosen when drawing on our products and/or services, the recipient of your personal data could be a bank, for instance.

 

3.      In accordance with Sec. 15 AktG [“Aktiengesetz”: German Stock Corporation Act], the EVENTIM Group comprises CTS EVENTIM AG & Co. KGaA and all its affiliated companies. More information can be found at

 

·        www.eventim.de/tickets.html;

 

4.      Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data could be the name, contact details, pattern of use, or payment details.

 

5.      Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. CTS EVENTIM Solutions GmbH is the controller of the data processing described in this data protection information (Section 1.2.).

 

6.      Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing may involve, for example, the coolection and use of your order data when drawing on our products or services.

 

2.    Purposes, legal framework and data categories when processing your personal data

 

2.1.          Processing of your personal data when visiting our websites and within the framework of marketing campaigns on third party websites

 

We process your personal data if you call up our websites to obtain information about our products and services without registering a customer account, drawing on our products and/or services or actively transferring information to us in some other way (purely informational use). In addition, we process your personal data within the framework of marketing campaigns on third party websites. Your personal data are processed for the following purposes and on the basis of the following legal framework:

 

2.1.1.     Processing for the purpose of IT security

 

1.      If you visit our websites, we process your personal data that are technically required for us to be able to provide you our websites and to ensure stability and security when visiting our websites. To this end we process the following personal data:

 

·        IP address

·        Browser fingerprints

·        Browser user agents

·        Cookies

2.      We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest of providing you the websites and and ensuring IT security to you when visiting our websites.

 

2.1.2.     Processing for analytical purposes

 

1.      If you visit our websites, in some circumstances we analyze and document how you use our websites, e.g. by identifying the number of websites visitors, your surfing patterns on our websites, which events and parts of our websites interest you, the origin of websites visitors and, if you buy a ticket, your order and shopping basket data. To this end we process the following personal data:

 

·        IP address

·        UU-ID

·        WEB-ID

·        Device fingerprints

·        Browser fingerprints

·        Cookies

·        Geo IP-location

 

2.      We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to conduct analyses and, on the basis of these analyses, improve our internet presence and our products and services as well as to prevent fraud and to provide you with individual recommendations for our products and services when visiting our website.  

 

3.      We use Google Analytics, an web-analytics service from Google LLC (“Google”) on our websites to perform the analyses. Google Analytics uses cookies which allow an analysis of the use of our websites. The information generated by the cookie on the use of our websites is generally transmitted to a server of Google in the USA and stored there. However, in the event that IP anonymization has been activated when using our websites, the IP address of the visitors to the website is abbreviated by Google beforehand within the member states of the European Union or other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and abbreviated there. Google, working under contract for EVENTIM, uses this information to analyze the use of the websites, generate reports about website activities and render other services to EVENTIM related to the use of the websites and internet use. 

The IP address transmitted to Google Analytics by the browser of the user is not combined with other data held by Google. 

You can prevent the storage of cookies by means of a corresponding adjustment of your browser software; we advise you, however, that in this case some functions of these websites may not be used to their full extent.

In addition, you can prevent the transmission of the data generated by the cookie and relating to your use of websites (including your IP address) to Google and the processing of this data by Google by downloading the browser plug-in from the following link and installing it accordingly:

 

·        https://tools.google.com/dlpage/gaoptout?hl=de.

 

This creates an opt-out cookie that prevents the future collection of your data upon visiting these websites.

Our websites use Google Analytics with the extension “_anonymizelp()”. As a result, IP addresses are processed in abbreviated form and a direct correlation to individuals can be ruled out. 

The use of Google Analytics is based on the prerequisites that the German data protection authorities have agreed on with Google.

More information on the terms and conditions of use and data protection can be found at:

·        https://www.google.de/intl/de/policies/terms/regional.html

·        https://www.google.de/intl/de/policies/privacy

 

Due to the use of Google Analytics your personal data is transmitted to the USA. Google LLC is subject to the EU-U.S. Privacy Shield. This provides adequate protection to your personal data. The full text of the EU-U.S. Privacy Shield Framework can be obtained from the following link:

 

·        https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004qAg

 

4.      In order to analyze the use of our websites, we also use the following web-analysis services:

 

·        AT Internet: http://www.xiti.com/de/optout.aspx

·        Maxymiser: http://www.maxymiser.de/cookie_optout.htm

·        Criteo: http://www.criteo.com/de/datenschutzrichtlinie

·        Next Performance: http://www.nextperf.com/de/privacy

·        Atlas Solutions, LLC: http://www.youronlinechoices.com/de/praferenzmanagement/

·        AdTriba. https://www.adtriba.com/privacy-policy.html

·        TagCommander: http://www.tagcommander.com/de/datenschutz/

·        The Adex: http://www.youronlinechoices.com/de/praferenzmanagement/

·        Tapad: http://www.youronlinechoices.com/de/praferenzmanagement/

 

If you would like to object to data processing by these web analysis services, please click on the respective link of the analytical service (opt-out option). We would like to point out that an objection is effected by means of a cookie in each case. When this cookie is deleted you must click on the link of the analytical service once again to exercise your right to object.

 

2.1.3.     Processing for the purpose of individual recommendations to our websites

 

1.      If you visit our websites, we analyze and document your patterns of use in order to make customized recommendations to our websites on the basis of this data. To this end we process the following personal data:

 

·        IP address

·        UU-ID

·        WEB-ID

·        Device fingerprints

·        Browser fingerprints

·        Cookies

·        Geo IP-location

 

2.      We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest of producing product recommendations and conducting marketing campaigns.

 

3.      We use Google Adwords and Facebook Pixel for processing purposes. If you would like to object to data processing by Google Adwords and/or Facebook Pixel, please click on the respective link (opt-out option):

 

·        Google Adwords: https://www.google.de/settings/ads/

·        Facebook Pixel: www.youronlinechoices.com/de/praferenzmanagement

 

4.      Due to the use of Google Adwords und Facebook Pixel your personal data is transmitted to the USA. Google LLC and Facebook, Inc. are subject to the EU-U.S. Privacy Shield. This provides adequate protection to your personal data. The full text of the EU-U.S. Privacy Shield Framework can be obtained from the following link:

                                                        

·        https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004qAg

 

5.      For more details on data processing by Google Adwords and Facebook Pixel, please refer to the relevant data protection information:

 

·        Google Adwords: policies.google.com/privacy

·        Facebook Pixel: https://www.facebook.com/privacy/explanation

 

2.1.4.     Processing for advertising purposes and reestablishing contact on third-party websites

 

1.      If you have purchased or drawn on products and/or services from us, a cookie is set by Google Adwords and Bing. With the aid of these cookies, tailored recommendations for the products and services from EVENTIM can be displayed on the basis of this purchase whenever you enter the corresponding search terms in Internet search engines (search engine marketing).

This involves the processing of your personal data. Processing is performed on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest of producing product recommendations and conducting marketing campaigns.

If you would like to object to data processing by Google Adwords and/or Bing, please click on the respective link (opt-out option):

 

·        Google Adwords: https://www.google.de/settings/ads/

·        Bing: http://choice.microsoft.com/de-de/opt-out

 

2.      Due to the use of Google Adwords und Bing your personal data is transmitted to the USA. Bing is a service from Microsoft Corporation. Microsoft and Google LLC are subject to the EU-U.S. Privacy Shield. This provides adequate protection to your personal data. The full text of the EU-U.S. Privacy Shield Framework can be obtained from the following link:

 

·        https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004qAg

 

3.      For more details on data processing by Google Adwords and Bing, please refer to the relevant data protection information:

 

·        Google Adwords: policies.google.com/privacy

·        Bing: privacy.microsoft.com/de-de/privacystatement/

 

2.1.5.     Use of cookies

 

1.      Cookies are stored on your computer when using our websites. Cookies are small text files that are stored on your hard drive and are allocated to and saved by your browser. With the use of cookies, certain data flows to the party that set up the cookie. This also includes personal data. They are used to make our websites easier to use and to structure them more efficiently. Cookies cannot run any programs or transmit any viruses to your computer.

 

2.2.          Creation of a customer account

 

1.      You can create a customer account when you visit our websites. Via this account, you can purchase our products and/or services, obtain information and use our network. The registration and use of the customer account requires disclosure of personal data. The mandatory fields in the input screen are marked accordingly.  

 

2.      We process your personal data to enable you to create and use your customer account and to purchase our goods and services as well as to pursue our legitimate interest to inform you of our products and services. The data is processed on the basis of Art. 6 (1) Sentence 1 lit b) and f) GDPR.

 

2.3.          Customer queries and drawing up offers

 

1.      If you make contact via telephone or email (see contact details under Section 1.2) in order to obtain information about our products or services or to get an offer, we process your personal data in order to process your query and draw up a contractual offer accordingly.

 

2.      We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to respond to your queries, and on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR for the purpose of preparing a contract with you.

 

2.4.          Entering a contract 

 

When you enter into a contract for our products and/or services, we process your personal data on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR for the purpose of performing the contract with you.

 

2.5.          Credit check and review of business registration

 

1.      If you enter into a contract with us (Section 2.4.) we perform a credit check prior to countersigning the contract. In addition, if you have agreed on down payments in a supplementary agreement with us, we run a credit check if personal liability is assumed by a private person, i.e. a credit check of the person assuming the liability. In this regard, we process your personal data. We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR to enter and perform the contract with you and, based on Art. 6 (1) Sentence 1 lit. f) GDPR, to pursue our legitimate interest to avoid defaults on payments.

 

2.      If you purchase goods or services via us within the framework of the contract (Section 2.6.) we run credit checks at company level. To this end we process the name of the general manager and/or authorized signatories of your company. In some circumstances we process other personal data (e.g. information relating to the general manager’s equity holdings in other companies). We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR to perform the contract with you and, based on Art. 6 (1) Sentence 1 lit. f) GDPR, to pursue our legitimate interest to avoid defaults on payments. Alternatively, we review your business registration. This review is performed on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to avoid fraud and abuse.

 

3.      The credit risk (“scoring”) is assessed on the basis of mathematical and statistical methods by a credit information agency (Credisafe, Creditreform and D&B in the case of natural person). In this case, your personal data will be transmitted to the credit information agency to carry out the credit check. We process your personal data for the purposes of conducting the credit check in order to avoid defaults on payments. The statistical probability of default is determined on the basis of your personal data transmitted to the agency and, on this basis, your credit rating. Thereafter the credit information agency transfers your score to us. These personal data are processed on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue the legitimate interest to avoid defaults on payments.

 

2.6.          Purchase of goods and services and telephony

 

1.      We also purchase goods and services for our contractual partners. In this regard, we cover the entire purchase process from obtaining prices right through to the final release of an order, its shipment and the corresponding contract management and administration of master data. We process your personal data to execute the order and cancel it in the event of any complaints or returns.

 

2.      With regard to telephony services, we may, in some circumstances, activate lines for your use. We can allocate these lines to specific individuals and therefore also process your personal data in this sense. We process your personal data in order to provide you with telephone services and lines.

 

3.      Your personal data is processed on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR in order to perform the contract with you. We manage the master data of our contractual partners in the process. We manage the master data (such as your name, contact data and purchased items) on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to purchase goods and services within our organization in an efficient manner and to ensure IT security upon processing personal data.

 

2.7.          Administration of hardware and software

 

1.      If you purchase hardware and/or software from us, we administer this for you. This involves processing the personal data that you provided us with when lodging your query or making your order. In some cases we receive your queries and orders via our service desk (Section 2.8.) or our line departments, which transmit your personal data, or the data of your employees for whom the hardware or software is ordered, to us for processing.

 

2.      We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to respond to your queries and to provide an efficient infrastructure as well as on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR for the purpose of performing a purchase or rental contract.

 

2.8.          IT support

 

1.      If you use our IT systems and have questions or need technical support, you can contact the service desk.

 

2.      To this end we process your personal data. We may also use email addresses and phone numbers from other sources (e.g., imprint on webpages). Your personal data are processed for the purpose of processing your request and documenting the support process. Your personal data is processed on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR in order to perform the contract with you. 

 

3.      When processing your requests, we may transfer personal information to Brazil, Russia, Israel, Norway and Switzerland. The European Commission has decided that Israel and Switzerland have reached a level of data protection that is appropriate for EU purposes. This provides adequate protection to your personal data.

 

2.9.          Supplementary agreement on guest lists

 

If you enter into the supplementary agreement with us on guest lists, we will provide you with access to the corresponding customer data. To this end, you will be given access to our system or provided the data via email. Your personal data will be processed on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR in order to perform the contract entered into with you.

 

2.10.      Info.Portal Inhouse

 

1.      We inform you of our products and solutions related to EVENTIM.Inhouse on our website www.eventim-inhouse.de. If you register for this website, you will be provided with access to our protected customer zone. In this zone you can view the product documentation and our customer newsletter, issue service orders and read our blog. In addition, you will obtain access to software updates. We process your personal data for the purpose of registering you in our portal and providing our products and services. We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR to provide the portfal function and render the services provided in the portal and, based on Art. 6 (1) Sentence 1 lit. f) GDPR, to pursue our legitimate interest to inform you of our products and advertise them in our portal.

 

2.      In addition, if you register for them to be sent via email, we send our blog installments to you also via email on the date they are published. They are sent for the purpose of informing you of our products and services and to carry out marketing measures. In this connection, we process your data on the basis of your consent in accordance with Art. 6 (1) Sentence 1 lit. a) GDPR.

 

2.11.      Media Asset Manager

 

If you have created a user account in our Media Asset Manager, you can upload photos from events and manage them there. In this connection we process your personal data to enable you to use the functions of Media Asset Manager. Processing is performed on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR for the purposes of registration and performing the service.

 

2.12.      fanSALE: guest lists and reports on ticket sales

 

1.      Consumers can  buy and sell tickets to your events via our auction platform, fanSALE. We generate guest lists on the basis of these purchases and sales which enable you to review the rights to attend the respective event. Moreover we generate reports on ticket sales which we provide to you for the purpose of commission. We process your personal data when transmitting the guest lists and reports.

 

2.      Your personal data is processed on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR in order to perform the contract with you.

 

2.13.      Customer service

 

1.      You can contact our customer service (see the contact data in Section 1.2.) if you have any questions related to our products and services, would like to exercise your rights under this data protection information or would like to lodge a complaint.

 

2.      Depending on the nature of your request, we respond to your query using your personal data that we have stored in our systems within the framework of processing other data (e.g. data that you have disclosed when ordering a ticket). To the extent necessary to respond to your query, data from external sources (e.g., request to the mailing company in connection with shipment tracking or a search inquiry) will also be drawn on.

 

3.      Your personal data is processed on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR in order to perform the contract with you. If you exercise your rights against us, we process your personal data to meet a legal obligation on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR. If you wish to obtain information or complain about our products and services, we process personal data to pursue our legitimate interest of carrying out marketing campaigns and responding to your complaint on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR.

 

2.14.      Termination and cancellation of the contract

 

In some circumstances, your contract with us may be terminated and canceled. In this case, your personal data is processed on the basis of Art. 6 (1) Sentence 1 lit. b) GPDR.

              

2.15.      Reminders, foreclosure and possible court action to assert and defend legal claims

 

1.      We will inform you accordingly of any open claims against you and, if necessary, send you a reminder. To the extent that your payment remains outstanding, foreclosure proceedings may be initiated as a consequence. In some circumstances we rely on credit information agencies (such as Creditsafe) or publicly accessible information from the internet to verify your personal data. We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to collect outstanding claims, if necessary, at court.

 

2.      Within the course of a legal dispute with you, we will process your personal data to exercise and/or defend our rights. To the extent necessary in the course of a legal dispute, we will draw on data from other sources (e.g., public registers). We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR to meet a legal obligation and on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to establish, exercise and/or defend our legal interests.

 

2.16.      Other processing

 

2.16.1. Creating and maintaining contact details

 

1.      We process your personal data if you want to make contact with us, lodge a query or enter into a contract. Your personal data is is processed to maintain contact.

 

2.      We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to execute our internal administrative activities in an efficient and collaborative manner as well as on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR for the purpose of performing a contract with you.

 

2.16.2. Executing internal audits and observing compliance regulations

 

1.      You personal data may be processed in the course of internal audits within the EVENTIM Group in Germany and abroad. On a case-by-case basis, we may draw on data that is obtainable from other publicly accessible sources (such as credit reporting agencies).

 

2.      In some circumstances, your data may be processed in the course of compliance programs and measures when we implement the requirements of the German Corporate Governance Code (GCGC), for example, or identify misconduct in the organization and attempt to remedy this.

 

3.      In the course of such processing it is possible that your personal data may also be processed. We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR to fulfill our statutory duties. In addition, we process your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR in order to pursue our legitimate interests of reviewing the processes and efficiency of the Eventim Group, remedy any misconduct, avoid fraud and, as appropriate, assert and/or defend our legal rights.

 

2.16.3. Insider management

 

In order to comply with the requirements of the Market Abuse Regulation, we add persons who have insider information to our list of insiders, after instructing them accordingly. If we include you on the list of insiders, we process your personal data to meet a legal obligation on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR.

 

2.16.4. External reporting and audits

 

In some circumstances we may process your personal data when compiling external reports and conducting audits (e.g. audits of the annual financial statements and tax field audits). We process your personal data on the basis of a legal reporting obligation that we are subject to as a company (e.g. under the German Stock Corporation Act – AktG). In this case data is processed on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR as a result of a legal obligation.

 

2.16.5. Analyses

 

In some circumstances, we may conduct analyses of your data, which are processed as defined in Section 2 of this data protection information. These analyses serve us as a basis for business decisions, to improve our products and services, tailor the business to customer needs and carry out marketing campaigns. We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest of improving our offering and conducting marketing campaigns. The analyses conducted on this basis do not contain any reference to individuals. Thus it is not possible for conclusions to be drawn about your person.

 

3.    Retention and erasure of your personal data

 

1.      We save your personal data for as long as, and to the extent necessary, it is required to realize the purposes for which it is processed (Section 2).

 

2.      As soon as your data is no longer needed for the purposes stated in Section 2, we retain your personal data for the period in which you could exercise claims against us or for the period in which we could establish claims against you (this is generally three years according to the statute of limitations, beginning at the end of the year in which the claim arises, e.g., the end of the year in which the ticket transaction took place).

 

3.      In addition, we store your personal data for as long as, and to the extent necessary, we are legally obliged to store it. The corresponding obligations to provide evidence and retain it arise from the German Commercial Code (HGB), the German Fiscal Code (AO) and the Money Laundering Act (GWG), among others (e.g., Sec. 257 HGB, Sec. 147 AO). The associated retention obligations can range up to ten years.

 

4.    Categories of recipients of personal data 

 

1.      We transmit your personal data to other companies in the EVENTIM Group within the framework of a collaborative process relating to the provision, execution and management of our products and services. Transmission is based on Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to execute our internal administrative activities in an efficient and collaborative manner and to improve our products and services.

 

2.      In addition, your personal information will be shared with technical and IT service providers who provide and maintain the platforms, databases and tools for our products and services (e.g., our website, the mailing of newsletters), prepare analyses on user behavior on our websites, roll out marketing campaigns and process your personal data on our behalf in connection with performing the contract. Your personal data is transmitted on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR for the purpose of performing the contract with you as well as on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest of improving and promoting our products and to ensure IT and network security when processing your personal data and, in those cases where you have provided us with your consent to process your personal data, on the basis of Art. 6 (1) Sentence 1 lit. a) GDPR.

 

3.      We transmit your personal data to our suppliers for the purpose of procuring goods and services. Transmission is on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR for the purpose of performing the contract with you.

 

4.      We offer you a number of different payment methods when you make use of our products and services. Depending on the payment method you choose, we will transmit your personal data to banks, payment service providers and credit card companies in order to settle the payment and, if necessary, reimburse the price. We transmit your personal data appointment on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR in order to settle the order and reimburse it in the case of cancellation. In addition, in some cases we transmit your personal data to credit information agencies to check your credit rating (see Section 2.5.). We transmit your personal data to perform the contract with you on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR and, based on Art. 6 (1) Sentence 1 lit. f) GDPR, to pursue our legitimate interest of avoiding you defaulting on payments.

 

5.      If we send you articles by post, we transmit your personal data to the mailing company. Your personal data is transmitted on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR for the purpose of performing the contract with you.

 

6.      If you fail to satisfy your payment obligations, we will initiate collection procedures and possibly foreclosure proceedings against you. In some circumstances, we rely on information from credit information agencies (e.g. Creditsafe) to verify your identification data. Likewise, in some circumstances we transmit your personal data to external lawyers who we engage to execute the foreclosure proceedings by court order. Within the framework of foreclosure proceedings we transmit your personal data to the respective court of law. We transmit your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to collect our claims, if necessary, at court using the services of an external lawyer.

 

7.      In the case of legal disputes, we transmit your data to the applicable court and, if you engage a lawyer, to the lawyer as well in order to conduct the litigation. We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR to meet a legal obligation and on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to assert, exercise and/or defend our legal interests.

 

8.      Newsletters (Section 2.13.) are sent by service providers commissioned by us. For this purpose, we transmit your personal data to these service providers. In this connection, we process your personal data as follows:

·        If you provide us with your consent when creating your customer account (Section 2.2.) to send you newsletters, we transmit your data on the basis of Art. 6 (1) Sentence 1 lit. a) GDPR.

·        Upon purchasing or drawing on our products and services (Section 2.4.) we transmit your personal data in order to inform you of changes to our products and services and to advertise our products. We transmit your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest of conducting marketing campaigns.

 

9.      Other than the cases listed above, we transmit your personal data when there is a legal obligation for us to do so. Transmission is based on Art. 6 (1) Sentence 1 lit. c) GDPR (e.g., to the police authorities during a criminal investigation or to the data protection supervisory authorities of the Federal Financial Supervisory Authority).

 

5.    Legitimate interests to data processing and right to object 

 

1.      We process your personal data as defined by Section 2 on account of legitimate interests, in particular to ensure IT security on our websites, to carry our analyses and marketing campaigns, to inform you of our products and services, to increase the range of our products and services, to prevent fraud and abuse, to prevent defaults, to establish, exercise and defend legal interests (if necessary, also by taking court action) and to carry out internal administrative activities efficiently and in a collaborative process. Information about the weighing up of interests can be obtained via

 

·        kundenservice[at]eventim[dot]de.

 

2.      Where your personal data are processed on the basis of these legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR) you have the right to object to data processing at any time. We will respect your objection unless there are overriding grounds as defined by Art. 21 GDPR not to do so. Please address your request: 

 

·        by email to kundenservice[at]eventim[dot]de,

·        by phone: 49 1806 - 533 933 (EUR 0.20/call incl. VAT from fixed networks, max. EUR 0.60/call incl. VAT from mobile networks)

·        schriftlich an CTS EVENTIM Solutions GmbH, Datenschutz, Contrescarpe 75 A, 28195 Bremen.

 

3.      If you object to processing of your data pursuant to Section 5.2., we will process your personal data collected in this context to the extent needed to address your request. In this case your personal data are processed on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR to meet a legal obligation.

 

 

 

6.    Consent and withdrawal of consent

 

1.      If you have provided us with your consent to the processing of your personal data, you may withdraw this consent at any time. The withdrawal applies to the future. The lawfulness of the processing of personal data prior to the date of withdrawal remains unaffected. Please address your withdrawal of consent:

 

·        by email to kundenservice[at]eventim[dot]de,

·        by phone: 49 1806 - 533 933 (EUR 0.20/call incl. VAT from fixed networks, max. EUR 0.60/call incl. VAT from mobile networks)

·        schriftlich an CTS EVENTIM Solutions GmbH, Datenschutz, Contrescarpe 75 A, 28195 Bremen.

 

2.      If you withdraw your consent to processing of your data, we will process your personal data collected in this context to the extent needed to address your request. In this case your personal data are processed on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR to meet a legal obligation.

 

7.    Your rights

 

1.      Under the terms of the GDPR, you have the right to demand, at any time, that we

 

·        inform you of the personal data relating to you that we are processing (Art. 15 GDPR) 

·        rectify personal data relating to you that is inaccurate (Art. 16 GDPR) and/or

·        erase your personal data (Art. 17 GDPR), restrict it (Art. 18 GDPR) and/or release it (Art. 20 GDPR). 

 

2.      Please address your request: 

 

·        by email to kundenservice[at]eventim[dot]de,

·        by phone: 49 1806 - 533 933 (EUR 0.20/call incl. VAT from fixed networks, max. EUR 0.60/call incl. VAT from mobile networks)

·        schriftlich an CTS EVENTIM Solutions GmbH, Datenschutz, Contrescarpe 75 A, 28195 Bremen. 

 

3.      If you assert your rights towards us, we will process your personal data collected in this context to the extent needed to address your request. In this case your personal data are processed on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR to meet a legal obligation.

 

4.      Notwithstanding your rights under Section 7, you have the right to lodge a complaint with a supervisory authority for data protection if you are of the opinion that the processing of your personal data by EVENTIM breaches the terms of the GDPR (Art. 77 GDPR).

 

8.    Miscellaneous

 

1.      The provisions of this data protection information, which can be accessed free of charge from our websites of CTS EVENTIM Solutions GmbH, which can also be accessed free of charge from our websites, apply in the version valid at the time of using our websites and placing a query and/or placing your order.

 

2.      We reserve the right to supplement and amend the contents of this data protection information. The updated data protection information applies from the date on which it is published on our websites.

 

3.      You will be informed in good time of such supplements and amendments on our websites and, if your contact data are already on our files, informed via email or by standard mail. You will be given the opportunity to view, print and save the amended data protection information at no charge.

 

9.    Contact details of the data protection officer

 

Please address any questions relating to data protection to:

 

Data protection officer

CTS EVENTIM Solutions GmbH

Contrescarpe 75 A

28195 Bremen

Email: datenschutz@eventim.de