CTS Eventim Solutions GmbH
This data protection information provides information on the processing of personal data pursuant to the GDPR (General Data Protection Regulation) within the framework of our relationships to (future) contractual partners (such as event organizers, ticket outlets, sports clubs, museums, theaters, concert halls and opera houses; referred to below as “contractual party”, “you” or “your”) by CTS EVENTIM Solutions GmbH (referred to below as “EVENTIM”, “we” or “us”) when visiting this website and within the framework of ordering and using our products and services.
1.1. Scope of this data protection information
1. This data protection information applies to the use of this website and the processing of your data in connection with ordering and using our services and products. You can retrieve, save and print this data protection information at any time from this website at no charge. If you are a contractual party who is a legal entity or becomes one, this data protection information only applies to a restricted degree (GDPR only applies to the data of natural persons). If necessary, you should inform your employees accordingly.
2. If reference is made to this data protection information on websites, this only concerns the data processing on websites as defined by Section 1.1.1. Other websites are not within the scope of this data protection information and present their own specific data protection information.
1.2. Controller of your personal data
CTS EVENTIM Solutions GmbH Contrescarpe 75 A 28195 Bremen Email: kundenservice@eventim.de Phone.: +49 421 - 20 31 55 11
1.3. Definitions
This data protection information is based on the following legal terms found in data protection legislation that we have defined below to aid understanding:
1. GDPR is the General Data Protection Regulation (Regulation (EU) 2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive).
2. Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing. Depending on the payment method chosen when drawing on our products and/or services, the recipient of your personal data could be a bank, for instance.
3. In accordance with Sec. 15 AktG [“Aktiengesetz”: German Stock Corporation Act], the EVENTIM Group comprises CTS EVENTIM AG & Co. KGaA and all its affiliated companies. More information can be found here.
4. Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data could be the name, contact details, pattern of use, or payment details.
5. Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. CTS EVENTIM Solutions GmbH is the controller of the data processing described in this data protection information (Section 1.2.).
6. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing may involve, for example, the collection and use of your order data when drawing on our products or services.
2.1. Processing of your personal data when visiting our websites and within the framework of marketing campaigns on third party websites
We process your personal data if you call up our websites to obtain information about our products and services without registering a customer account, drawing on our products and/or services or actively transferring information to us in some other way (purely informational use). In addition, we process your personal data within the framework of marketing campaigns on third party websites. Your personal data are processed for the following purposes and on the basis of the following legal framework:
2.1.1. Processing for analytical purposes
1. If you visit our websites, in some circumstances we analyze and document how you use our websites, e.g. by identifying the number of website visitors, your surfing patterns on our websites, which parts of our websites interest you, the origin of website visitors. To this end we process the following personal data:
- IP-Adresse - Device Fingerprints - Browser Fingerprints - Cookies
2. We process your personal data on the basis of your consent as defined in Art. 6 (1) Sentence 1 lit. a) GDPR. If you would like to object to the data processing for analytical purposes, please click on the following link: Cookie Settings
We use Google Analytics, a web-analytics service from Google LLC (“Google”) on our websites to perform the analyses. Google Analytics uses cookies which allow an analysis of the use of our websites. The information generated by the cookie on the use of our websites is generally transmitted to a server of Google in the USA and stored there. However, in the event that IP anonymization has been activated when using our websites, the IP address of the visitors to the website is abbreviated by Google beforehand within the member states of the European Union or other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and abbreviated there. Google, working under contract for EVENTIM, uses this information to analyze the use of the websites, generate reports about website activities and render other services to EVENTIM related to the use of the websites and internet use.
The IP address transmitted to Google Analytics by the browser of the user is not combined with other data held by Google.
You can prevent the storage of cookies by means of a corresponding adjustment of your browser software; we advise you, however, that in this case some functions of these websites may not be used to their full extent.
Our websites use Google Analytics with the extension “_anonymizelp()”. As a result, IP addresses are processed in abbreviated form and a direct correlation to individuals can be ruled out.
The use of Google Analytics is based on the prerequisites that the German data protection authorities have agreed on with Google.
More information on the terms and conditions of use and data protection can be found at:
- https://www.google.de/intl/de/policies/terms/regional.html - https://www.google.de/intl/de/policies/privacy
In connection with the use of Google Analytics, your personal data is transferred to the US. This data transfer is based on EU standard contract clauses. This ensures an adequate protection of your personal data.
2.1.2. Use of Cookies
1. Cookies are stored on your computer when using our websites. Cookies are small text files that are stored on your hard drive and are allocated to and saved by your browser. With the use of cookies, certain data flows to the party that set up the cookie. This also includes personal data. They are used to make our websites easier to use and to structure them more efficiently. Cookies cannot run any programs or transmit any viruses to your computer.
2. By clicking on the following link, you can change your cookie settings: Cookie Settings.
2.2. Creation of a customer account
1. You can create a customer account when you visit our websites. Via this account, you can purchase our products and/or services, obtain information and use our network. The registration and use of the customer account requires disclosure of personal data. The mandatory fields in the input screen are marked accordingly.
2. We process your personal data to enable you to create and use your customer account and to purchase our goods and services as well as to pursue our legitimate interest to inform you of our products and services. The data is processed on the basis of Art. 6 (1) Sentence 1 lit b) and f) GDPR.
2.3. Customer queries and drawing up offers
1. If you make contact via telephone or email (see contact details under Section 1.2) in order to obtain information about our products or services or to get an offer, we process your personal data in order to process your query and draw up a contractual offer accordingly.
2. We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to respond to your queries, and on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR for the purpose of preparing a contract with you.
2.4. Entering a contract
1. When you enter into a contract for our products and/or services, we process your personal data on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR for the purpose of performing the contract with you.
2.5. Purchase of goods and services
1. We also purchase goods and services for our contractual partners. In this regard, we cover the entire purchase process from obtaining prices right through to the final release of an order, its shipment and the corresponding contract management and administration of master data. We process your personal data to execute the order and cancel it in the event of any complaints or returns.
2. Your personal data is processed on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR in order to perform the contract with you. We manage the master data of our contractual partners in the process. We manage the master data (such as your name, contact data and purchased items) on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to purchase goods and services within our organization in an efficient manner and to ensure IT security upon processing personal data.
2.6. Administration of hardware and software
1. If you purchase hardware and/or software from us, we administer this for you. This involves processing the personal data that you provided us with when lodging your query or making your order. In some cases we receive your queries and orders via our service desk (Section 2.7) or our line departments, which transmit your personal data, or the data of your employees for whom the hardware or software is ordered, to us for processing. We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR.
2.7. Customer portal
1. We inform you of our products and solutions related to EVENTIM.Inhouse on our website www.eventim-inhouse.de. If you register for this website, you will be provided with access to our protected customer portal. In this portal, you can view the product documentation and our customer newsletter, and issue service orders. In addition, you will obtain access to software updates. We process your personal data for the purpose of registering you in our portal and providing our products and services. We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR to provide the portal function and render the services provided in the portal and, based on Art. 6 (1) Sentence 1 lit. f) GDPR, to pursue our legitimate interest to inform you of our products and advertise them in our portal.
2.8. Customer service
1. You can contact our customer service (see the contact data in Section 1.2.) if you have any questions related to our products and services, would like to exercise your rights under this data protection information or would like to lodge a complaint.
2. Depending on the nature of your request, we respond to your query using your personal data that we have stored in our systems within the framework of processing other data (e.g. data that you have disclosed when ordering a ticket). To the extent necessary to respond to your query, data from external sources (e.g., request to the mailing company in connection with shipment tracking or a search inquiry) will also be drawn on.
3. Your personal data is processed on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR in order to perform the contract with you. If you exercise your rights against us, we process your personal data to meet a legal obligation on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR. If you wish to obtain information or complain about our products and services, we process personal data to pursue our legitimate interest of carrying out marketing campaigns and responding to your complaint on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR.
2.9. Termination and cancellation of the contract
1. In some circumstances, your contract with us may be terminated and canceled. In this case, your personal data is processed on the basis of Art. 6 (1) Sentence 1 lit. b) GPDR.
2.10. Other processing
2.10.1. Creating and maintaining contact details
1. We process your personal data if you want to make contact with us, lodge a query or enter into a contract. Your personal data is is processed to maintain contact.
2. We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to execute our internal administrative activities in an efficient and collaborative manner as well as on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR for the purpose of performing a contract with you.
2.10.2. Analyses
1. In some circumstances, we may conduct analyses of your data, which are processed as defined in Section 2 of this data protection information. These analyses serve us as a basis for business decisions, to improve our products and services, tailor the business to customer needs and carry out marketing campaigns. We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest of improving our offering and conducting marketing campaigns. The analyses conducted on this basis do not contain any reference to individuals. Thus it is not possible for conclusions to be drawn about your person.
2.10.3. Whistleblowing system
1. You can report possible violations via our confidential reporting channels and thus contribute to their clarification. EVENTIM operates an independent, impartial and confidential whistleblower system for this purpose. If we receive reports, we process your personal data insofar as they are provided on the basis of our legal obligation within the meaning of Art. 6 Para. 1 Sentence 1 lit. c) GDPR. Investigations are always carried out with the utmost confidentiality and with due regard for the anonymity of the whistleblower. Information is processed in a fair, expeditious and protected procedure. Further information: https://corporate.eventim.de/en/company/compliance/
1. We save your personal data for as long as, and to the extent necessary, it is required to realize the purposes for which it is processed (Section 2).
2. As soon as your data is no longer needed for the purposes stated in Section 2, we retain your personal data for the period in which you could exercise claims against us or for the period in which we could establish claims against you (this is generally three years according to the statute of limitations, beginning at the end of the year in which the claim arises, e.g., the end of the year in which the ticket transaction took place).
3. In addition, we store your personal data for as long as and insofar as we are legally obliged to do so. Corresponding proof and storage obligations result, inter alia, from the German Commercial Code and the German Fiscal Code (e.g. Section 257 HGB; Section 147 AO). The retention period is up to ten years.
1. We transmit your personal data to other companies in the EVENTIM Group within the framework of a collaborative process relating to the provision, execution and management of our products and services. Transmission is based on Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to execute our internal administrative activities in an efficient and collaborative manner and to improve our products and services.
2. In addition, your personal information will be shared with technical and IT service providers who provide and maintain the platforms, databases and tools for our products and services (e.g., our website, the mailing of newsletters), prepare analyses on user behavior on our websites, roll out marketing campaigns and process your personal data on our behalf in connection with performing the contract. Your personal data is transmitted on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR for the purpose of performing the contract with you as well as on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest of improving and promoting our products and to ensure IT and network security when processing your personal data and, in those cases where you have provided us with your consent to process your personal data, on the basis of Art. 6 (1) Sentence 1 lit. a) GDPR.
3. We transmit your personal data to our suppliers for the purpose of procuring goods and services. Transmission is on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR for the purpose of performing the contract with you.
4. We offer you a number of different payment methods when you make use of our products and services. Depending on the payment method you choose, we will transmit your personal data to banks, payment service providers and credit card companies in order to settle the payment and, if necessary, reimburse the price. We transmit your personal data appointment on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR in order to settle the order and reimburse it in the case of cancellation. In addition, in some cases we transmit your personal data to credit information agencies to check your credit rating (see Section 2.5.). We transmit your personal data to perform the contract with you on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR and, based on Art. 6 (1) Sentence 1 lit. f) GDPR, to pursue our legitimate interest of avoiding you defaulting on payments.
5. If we send you articles by post, we transmit your personal data to the mailing company. Your personal data is transmitted on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR for the purpose of performing the contract with you.
6. If you fail to satisfy your payment obligations, we will initiate collection procedures and possibly foreclosure proceedings against you. In some circumstances, we rely on information from credit information agencies (e.g. Creditsafe) to verify your identification data. Likewise, in some circumstances we transmit your personal data to external lawyers who we engage to execute the foreclosure proceedings by court order. Within the framework of foreclosure proceedings we transmit your personal data to the respective court of law. We transmit your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to collect our claims, if necessary, at court using the services of an external lawyer.
7. In the case of legal disputes, we transmit your data to the applicable court and, if you engage a lawyer, to the lawyer as well in order to conduct the litigation. We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR to meet a legal obligation and on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR to pursue our legitimate interest to assert, exercise and/or defend our legal interests.
8. Other than the cases listed above, we transmit your personal data when there is a legal obligation for us to do so. Transmission is based on Art. 6 (1) Sentence 1 lit. c) GDPR (e.g., to the police authorities during a criminal investigation or to the data protection supervisory authorities of the Federal Financial Supervisory Authority).
1. We process your personal data as defined by Section 2 on account of legitimate interests, in particular to ensure IT security on our websites, to carry our analyses and marketing campaigns, to inform you of our products and services, to increase the range of our products and services, to prevent fraud and abuse, to prevent defaults, to establish, exercise and defend legal interests (if necessary, also by taking court action) and to carry out internal administrative activities efficiently and in a collaborative process. Information about the weighing up of interests can be obtained via
- kundenservice@eventim.de.
2. Where your personal data are processed on the basis of these legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR) you have the right to object to data processing at any time. We will respect your objection unless there are overriding grounds as defined by Art. 21 GDPR not to do so. Please address your request:
- by email to kundenservice@eventim.de, - by phone: 49 421 - 20 31 55 11 - in writing to CTS EVENTIM Solutions GmbH, Data Protection, Contrescarpe 75 A, 28195 Bremen, Germany.
3. If you object to processing of your data pursuant to Section 5.2., we will process your personal data collected in this context to the extent needed to address your request. In this case your personal data are processed on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR to meet a legal obligation.
1. If you have provided us with your consent to the processing of your personal data, you may withdraw this consent at any time. The withdrawal applies to the future. The lawfulness of the processing of personal data prior to the date of withdrawal remains unaffected. Please address your withdrawal of consent:
2. If you withdraw your consent to processing of your data, we will process your personal data collected in this context to the extent needed to address your request. In this case your personal data are processed on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR to meet a legal obligation.
1. Under the terms of the GDPR, you have the right to demand, at any time, that we
- inform you of the personal data relating to you that we are processing (Art. 15 GDPR), - rectify personal data relating to you that is inaccurate (Art. 16 GDPR) and/or - erase your personal data (Art. 17 GDPR), restrict it (Art. 18 GDPR) and/or release it (Art. 20 GDPR).
2. Please address your request
3. If you assert your rights towards us, we will process your personal data collected in this context to the extent needed to address your request. In this case your personal data are processed on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR to meet a legal obligation.
4. Notwithstanding your rights under Section 7, you have the right to lodge a complaint with a supervisory authority for data protection if you are of the opinion that the processing of your personal data by EVENTIM breaches the terms of the GDPR (Art. 77 GDPR).
1. The provisions of this information on data protection (available free of charge on our websites), including the cookie information of CTS EVENTIM Solutions GmbH, (available free of charge on our websites) apply in the version valid at the time of use of our websites.
2. We reserve the right to supplement and amend the contents of this data protection information. The updated data protection information applies from the date on which it is published on our websites.
3. We will inform you in good time about these amendments and supplements on our websites. You will be given the opportunity to view, print and save the amended information on data protection free of charge.
Please address any questions relating to data protection to: Data protection officer CTS EVENTIM Solutions GmbH Contrescarpe 75A D-28195 Bremen Germany Email: datenschutz@eventim.de