Data privacy


We inform you below about the collection of personal data with the use of our website. Personal data is all data that refers to you personally, for example name, address, e-mail addresses or user behaviour. We have taken extensive technical and operational precautions to protect your data against accidental or even intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are reviewed on a regular basis and adapted to technological progress.

1. Controller responsible for data processing
2. Contact details of the Data Protection Officer
3. Your rights
4. Collection of personal data when you visit our website
5. Contacting us by e-mail or contact form
6. Newsletter
7. Applications
8. Cookies
9. Google Analytics
10. Social networks
11. Data transfer
12. Data security


The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is Alte Oper Frankfurt Konzert- und Kongresszentrum GmbH, Opernplatz, 60313 Frankfurt, (please see our legal notice).


You can contact our data protection officer at or at our postal address with the addition "The Data Protection Officer".


You have the following rights in relation to us with regard to your personal data:


You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) as well as data portability (Art. 20 GDPR). If the processing is based on your consent, you will have the right to withdraw this consent with effect for the future.


Pursuant to Art. 21(1) GDPR, you have the right to make an objection at any time, on grounds relating to your particular situation, to processing of personal data relating to you that is based on Art. 6(1)(e) GDPR (data processing in the public interest) or Art. 6(1)(f) GDPR (data processing for protection of a legitimate interest); this also applies to profiling on the basis of this provision. If you express an objection, we shall no longer process your personal data unless we can prove compelling legitimate grounds for processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.


If we process your personal data for direct marketing purposes, you will have the right pursuant to Art. 21(2) GDPR to object at any time to the processing of personal data relating to you for such marketing; this includes profiling to the extent that it is related to such direct marketing.

If you object to processing for the purposes of direct marketing, we shall no longer process your personal data for these purposes.


You also have the right, pursuant to Art. 77 GDPR, to lodge a complaint with a data protection supervisory authority concerning the processing of your personal data by us.


If the website is visited only for the purpose of obtaining information, i.e. if you do not register or provide us with information in any other way, we will only collect personal data that your browser transmits to our server. If you wish to view our website, we will collect the following data that is technically necessary for us to display the website to you and to ensure stability and security:

- operating system of the device you use to visit our website
- browser (type, version & language settings)
- the amount of data retrieved
- the current IP address of the device you use to visit our website
- time and date of access
- the URL of the previously visited website (referrer)
- the URL of the (sub)page you access on the website
- the internet service provider of the accessing system

We (and our service provider) are not normally aware of who is behind an IP address. We do not combine the above-mentioned data with other data.

The legal basis for this is Art. 6(1)(f) GDPR. Since the collection of data for the provision of the website and storage in log files is absolutely necessary for the operation of the website and in order to prevent misuse, our legitimate interest in data processing is an overriding factor at this point.


When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, possibly your name and phone number) will be stored by us in order to answer your questions. The legal basis for this purpose will be Art. 6(1)(f) GDPR. Whereas we request information via our contact form which is not a necessity for making contact, we have always marked this as optional. We use this information to specify your request and to improve the processing of your issue. This information is communicated expressly on a voluntary basis and with your consent, pursuant to Art. 6(1)(a) GDPR. If this concerns information for communication channels (for example, email addresses, telephone numbers), you also give permission for us to contact you through these communication channels as well if necessary in order to respond to your requests. You may of course withdraw this consent at any time for the future.

We erase the data that arises in this connection when storage is no longer required, or we restrict the processing if statutory retention duties apply.

6. NEWSLETTER (CleverReach)

You may subscribe to various newsletters on some of our websites, which we use to inform you about upcoming events, current information relating to our services or special promotions. The content of the individual newsletters is described briefly in the context of the registration process. The legal basis for sending the relevant newsletter is your consent pursuant to Art. 6(1)(a) GDPR.

We use the service of the provider CleverReach GmbH & Co KG based in Germany. We have concluded an order processing agreement with CleverReach pursuant to Art. 28 GDPR that allows us to continue to protect your personal data.

We use the double opt-in procedure to register for our newsletters. This means that after your registration we send you an e-mail to the e-mail address you provided in which we ask you for confirmation that you would like to receive the newsletter. If you do not confirm your registration within 14 days, your data will be erased at the end of this period.

The only mandatory information required to send the newsletter is your e-mail address. The provision of further data is voluntary: This data is used to address you personally. After your confirmation, we will store your e-mail address in order to send the newsletter until you withdraw your consent. We also store your IP address that is current at the time of registration, the time of registration itself as well as the confirmation for up to three years after registration (limitation period). The purpose of this procedure is to verify your registration in case of doubt and, if necessary, to deal with any misuse of your personal data. The legal basis for recording of the registration is our legitimate interest pursuant to Art. 6(1), sentence 1 (f) GDPR in the substantiation of consent granted previously. You may declare your withdrawal by clicking on the link provided in every newsletter e-mail or by sending a contact request to the Data Protection Officer named above (


You can apply to our company electronically. We shall, of course, only use your details to process your application and we will not pass them on to third parties. Please note that unencrypted e-mails are not transmitted with access protection.

We will process your personal data insofar as necessary to carry out the application process. This includes the following data categories:

Standard information:

- Applicant master data (first name, surname, address, position)
- Qualification data (cover letter, CV, previous activities, professional qualifications)
- (Employment) references and certificates (performance data, assessment data, etc.)

Other information:

- Publicly accessible, work-related data, such as a profile on professional social media networks
- Voluntary information, such as an application photo, information about a severe disability or other information that you provide us voluntarily with in your application.

The legal basis for the processing of your applicant data is Art. 6(1)(b) GDPR.

If you have applied for a specific position and it has already been filled or if we consider you to be equally suitable or even more suitable for another position, we would like to forward your application within the company or include it in our applicant pool. This means that we will store the application documents after the current application process for consideration in other or subsequent application process. We require your consent for this. If you would like us to save your application in our applicant pool in order to consider you for other positions, please let us know at Your consent constitutes the legal basis for this data processing in accordance with Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future using the contact options listed under point 2 of this statement.

In certain cases, we will process your data to protect our legitimate interests or those of third parties. These cases include the defence of legal claims in proceedings under the Allgemeines Gleichbehandlungsgesetz (AGG) (General Equal Treatment Act). In the case of a legal dispute, we will have a legitimate interest in processing the data for evidentiary purposes. The legal basis for this is Art. 6(1)(f) GDPR.
Your data will be processed mainly by our HR department and by the heads of department of the position to be filled. In some cases, however, other internal and external bodies will also be involved in the processing of your data.

Internal bodies:

- Management
- HR department
- Departmental management
- Payroll administration / accounting
- Works Council

External service providers:

- IT service providers (e.g. maintenance service providers, hosting service providers): Hirschbiegel und Grundstein
- External Data Protection Officer: Intersoft Consulting
- Service provider for file and data destruction

Your personal data will be erased immediately after completion of the application process or after a maximum period of 6 months unless you have expressly granted your consent to store your data for a longer time or a contract has been concluded. In these cases, we will store your data until you withdraw your consent but for no longer than necessary.


We will process your personal data when you make an enquiry, request a quote from us or conclude a contract with us. We will also process your personal data in order to comply with legal obligations, to protect a legitimate interest or on the basis of your consent.

Depending on the legal basis, this relates to the following categories of personal data:

- First name, surname
- Address
- Communication data (telephone, e-mail address)
- Date of birth
- Nationality
- Contract master data, in particular contract number, term, notice period, type of contract
- Invoice data/sales data
- Payment data/account information
- Account information, in particular registration and logins

We will use your personal data to execute the order. Within this contractual relationship, we will process your data in particular to carry out the following activities:

Contract-related contact, contract management, ongoing customer support, service centre, handling warranty claims, claims management and contract termination management.

You will find further information about the purposes of data processing in the respective contract documents and in the General Terms and Conditions. The legal basis for this is Art. 6(1)(b) of the GDPR.

We will also use your personal data for the following purposes:

If you have granted us your voluntary consent for the collection, processing or transfer of certain personal data, this consent will constitute the legal basis for the processing of this data (Art. 6(1)(a) GDPR). In the following cases, we will process your personal data on the basis of your consent:

- Mailings
- Invitations
- Market research (e.g. customer satisfaction surveys)

As a company, we are subject to various legal obligations. In order to comply with these obligations, it may be necessary to process personal data to comply with monitoring and reporting obligations. The legal basis for this is Art. 6(1)(c) GDPR.

In certain cases, we will process your data to protect our legitimate interests or those of third parties.

- Direct marketing or market and opinion research
- Measures for building and plant safety
- Video surveillance to safeguard domiciliary rights
- Ensuring IT security and IT operations
- Prevention/defence against criminal acts

The legal basis for this is Art. 6(1)(f) GDPR.

In order to comply with our contractual and legal obligations, your personal data will be disclosed to various public or internal bodies as well as external service providers. We work with selected external service providers in order to comply with our contractual and legal obligations:

- IT service providers (e.g. maintenance service providers, hosting service providers)
- Service provider for file and data destruction
- Printing services
- Telecommunications
- Payment service providers
- Advisory and consulting
- Service providers for sales or marketing
- Credit agencies
- Authorised dealers
- Service providers for telephone support (call centres)
- Web hosting service providers
- Letter shops
- Auditors

We may also be required to transfer your personal data to other recipients, for example authorities, in order to comply with legal reporting obligations:

- Tax authorities
- Customs authorities
- Social insurance agencies

We will store your personal data for as long as necessary to comply with our legal and contractual obligations. If storage of the data is no longer required for in order to comply with contractual or legal obligations, your data will be erased unless further processing is required for the following purposes:

- Compliance with retention obligations under commercial and tax law. These include retention periods based on the German Commercial Code (HGB) or the German Fiscal Code (AO).
- Preservation of evidence within the scope of the statutory limitation periods. According to the statute of limitations provisions of the German Civil Code (BGB), these limitation periods may be up to 30 years in some cases; the normal limitation period is three years.

To enter into a business relationship, you must provide us with the personal data necessary for the performance of the contractual relationship or that we are required to obtain by law. If you do not provide us with this data, it will not be possible for us to carry out and process the contractual relationship.


Cookies are stored on your computer when you use our website. Cookies are small text files that are assigned to and stored on the browser on your hard drive, whereby certain information is transferred to the party that places the cookies. Cookies cannot run programs or transfer viruses to your computer. They help to make the website more user-friendly and effective overall. We use cookies to ensure proper operation of the website, to provide basic functionalities, to measure the reach and - with your consent - to tailor our services to your preferred areas of interest.


There are different types of cookies: Session cookies are data sets which are only stored on a temporary basis in the working memory and are erased when you close your browser. Permanent or persistent cookies are automatically erased after a specified period, which may vary depending on the cookie. With this type of cookie, the information may also be stored in text files on your computer. However, you can also erase these cookies at any time via your browser settings.

The cookies used on this website are

Surname Provider Purpose Will be erased after
_ga Google Analytics to save and count page views. 2 years
_gat Google Analytics to read and filter requests from bots. 1 minute
_gid Google Analytics to save and count page views. 1 day
klaro Alte Oper Saves the settings of the content manager 1 year
PHPSESSID Alte Oper Functions provided via pages. Session



You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or even all cookies. We draw your attention to the fact that you may then not be able to use all the functions on this website.
When accessing our website, all users of our website are also informed by an info banner about our use of cookies and referred to this privacy statement. As a user, you will also be asked for your consent for the use of certain cookies, in particular those that are relevant for the personalisation of services and for marketing. Once you have given your consent, you may withdraw it at any time with effect for the future by clicking on the following link: Cookie settings.


The legal basis for possible processing of personal data using cookies and their storage duration may vary. If you have granted us your consent, the legal basis will be Art. 6(1), sentence 1 (a) GDPR. Insofar as data processing takes place on the basis of our overriding legitimate interests, the legal basis will be Art. 6(1), sentence 1 (f) GDPR. The stated purpose then corresponds to our legitimate interest.


We use Google Analytics, a web analytics service provided by Google LLC, in order to analyse and optimise our websites. The service provider responsible for this in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
For example, we may analyse how many users visit our site, which information is most in demand or how users find the offer. Among other things, we collect data relating to the website from which a data subject came to a website (known as the referrer), which subpages of the website have been accessed or how often and for how long a subpage has been viewed. This helps us to design and improve our services in a user-friendly way. The data collected will not be used to identify individual users personally. Anonymous or at most pseudonymous data is collected. The legal basis for this is Art. 6(1)(a) GDPR.


Google Analytics uses cookies that facilitate an analysis of your use of our website. The information collected by cookies concerning your use of this website is normally transmitted to a Google server in the USA and stored there.
We use the 'anonymizeIP' function (so-called IP masking): On account of the activation of the IP anonymization on this website, your IP address will first be truncated by Google within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there. The IP address transmitted from your browser in the context of Google Analytics will not be combined with other data by Google.
During your visit to the website, the following data items will be collected, among others:

- pages you have accessed, your "click path"
- achievement of "website goals" (conversions, e.g. newsletter registrations, downloads, purchases)
- your user behaviour (e.g. clicks, dwell time, bounce rates)
- your approximate location (region)
- your IP address (in abbreviated form)
- technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- your internet provider
- the referrer URL (via which website/advertising medium you came to this website)


On behalf of the operator of this website, Google will use this information to analyse your pseudonymous use of the website and to compile reports about website activity. The reports provided by Google Analytics are used to analyse the performance of our website as well as the success of our marketing campaigns.


Recipients of data are/may be:

- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)

- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

- Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

We cannot exclude the possibility that US authorities will access the data stored by Google. We have concluded a data processing agreement with Google for this purpose.


Insofar as any data is processed outside the EU/EEA, Google LLC. has certified itself according to the Data Privacy Framework (DPF) program and is listed in the Data Privacy Framework list of the International Trade Administration (ITA). This means that Google has given a public commitment to comply with the DPF obligations and any data transfer to the USA is unobjectionable due to the current adequacy decision of the European Commission of 10 July 2023.

You will find a list of currently certified US companies here: Further information on the Data Privacy Framework Program can be found on the official website of the ITA:


The data sent by us and linked to cookies will be erased automatically after 14 months. The erasure of data for which the retention period has expired takes place automatically once per month.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by
a. not giving your consent for the setting of the cookie or
b. downloading and installing the browser add-on in order to deactivate Google Analytics here.
You can also prevent the storage of cookies by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites.


The legal basis and withdrawal option for this data processing is your consent pursuant to
Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there.
You will find more information on the terms of use of Google Analytics and data protection at Google at and at


We are officially represented on the following social networks:

- Facebook (
- Instagram (
- YouTube (

We never collect, store or process personal data of our users on these pages. Moreover, no other data processing is carried out by us or initiated by us. The data entered on our Facebook page and our Instagram page, for example comments, videos or images, will not be used or processed by us for any other purpose at any time. The social networks may use web tracking methods on their pages. We cannot exclude the possibility that social networks may use our users' profile data, for example to evaluate their habits, personal relationships, preferences, etc. We have no influence whatsoever on the processing of personal data by social networks. When accessing our pages on the social networks, our privacy statement can also be viewed there via a corresponding direct link or via a link to our website where the privacy statement appears. Please also note the explanations provided by the respective providers.

11.1. Facebook

Social media have become an integral part of the internet as well as modern communication. In order to stay in contact with our customers and interested parties, we have also set up our own fan page on Facebook.

11.1.1. General information

Facebook is a service provided by Meta Platforms, Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter referred to as "Facebook").

We expressly draw your attention to the fact that Facebook stores users' data (e.g. IP address, preferences and personal interests, behaviour on Facebook pages, any personal information stored on Facebook, etc.) and uses it for business purposes.
We have no influence on the processing and further use of this data, since Facebook alone determines the processing. We do not currently know to what extent, where and for how long the data is stored, to what extent the data is linked and analysed and to which parties the data is forwarded. We also have no insight or influence concerning erasure periods, i.e. whether and to what extent erasure periods are observed.
Information from Facebook itself about what information is collected can be found in Facebook's privacy policy, which may be viewed here:
If you are a Facebook member and logged into your Facebook user account, Facebook can assign your visit to our site to your user account. If you want to prevent Facebook from linking data concerning your visit to our fan page with your member data stored on Facebook, you must

- log out of Facebook before each visit to our fan page
- erase the cookies on the device
- and close and restart your browser.

In this way, according to Facebook, all information that can be used by Facebook to identify you will be erased.

11.1.2. Scope of data collection and storage

You do not need to be a Facebook member to view the content on our Facebook fan page. However, Facebook collects, stores and uses data every time you visit our site. The moment you visit our fan page, your browser will establish a connection with a Facebook server. Data may be transferred to countries outside the European Union. In any case, irrespective of whether you are registered with Facebook or not, your IP address will be transmitted and cookies will be set. If you are a Facebook member and logged into your Facebook user account, Facebook can assign your visit to our site to your user account.

The cookies used include session cookies, which are erased when the browser is closed, and persistent cookies which remain on the end device until they expire or are erased by the user. A cookie is a very small text file that allows a website to recognise a browser. Cookies are stored on the computer when a website is accessed and are retrieved and read the next time the web server is accessed. You can use your browser settings to decide for yourself whether and which cookies you want to allow, block or erase. You can find instructions for various browsers here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also install ad blockers, such as Ghostery.

According to Facebook, the cookies used by Facebook are used for authentication, security, website and product integrity, advertising and measurement, website functions and services, performance, analysis as well as research. You may view details of the cookies used by Facebook (e.g. names of cookies, duration of function, content recorded and purpose) here: by following the links provided there. You can make settings concerning which advertisements should be displayed or no longer displayed by Facebook at and at
You can manage your preferences relating to usage-based online advertising under the above-mentioned link. If you object to usage-based online advertising with a specific provider using the preference manager, this will only shall apply to the specific business data collection via the web browser you are currently using. Preference management is cookie-based. If you erase all browser cookies, the preferences you have set with the preference manager will also be removed.

Data Purpose Legal basis
User interactions (postings, likes, etc.) User communication Art. 6(1)(f) GDPR
Facebook cookies* Target group advertising Art. 6(1)(f) GDPR
"Demographic data (e.g. based on age, place of residence, language or gender details)" Target group advertising Art. 6(1)(f) GDPR
"Statistical data on user interactions in aggregated form, i.e. without personal reference for us
(e.g. page activities, page views, page previews, likes, recommendations, posts, videos, page subscriptions including origin, times of day)"
Target group advertising Art. 6(1)(f) GDPR

Automated decision-making including profiling pursuant to Art, 22 GDPR does not take place.

We only store personal data until the purpose for which the data was obtained has been achieved. As part of a business relationship with you, we store your personal data for as long as the business relationship continues, including the initiation and execution of a contract and the normal limitation period. We will also store the data if and to the extent that we are subject to statutory retention obligations. These may arise, for example, from the German Commercial Code (HGB) or the German Fiscal Code (AO).
If you have granted us your consent for a processing operation, the data relating to the granting of consent will be stored until it is withdrawn or at the latest for the duration of the processing operation and after termination of the same within the scope of the statute of limitations.

11.1.4. Disclosure and use of personal data

If you interact with Facebook, Facebook will of course also have access to your data. Facebook is located in an unsafe third country where the level of data protection is lower. The data transfer is based on the standard data protection clauses. You will find more information here.

11.1.5. Legal bases

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the above-mentioned interest, Art. 6(1)(f) GDPR will be the legal basis for the processing. We see our legitimate interest in data processing in the presentation of our company and our products and services for your information and in particular in the provision of up-to-date communication options for you and with you.

10.1.6. Joint controllers for the processing

Alte Oper Frankfurt Konzert- und Kongresszentrum GmbH
60313 Frankfurt


Meta Platforms Ireland Limited
4 Grand Canal Square, Grand Canal Harbour,
D2 Dublin

According to the European Court of Justice (ECJ), we are jointly responsible with Facebook for the processing of your personal data. You will find the ECJ's decision of 5 June 2018 here.

With regard to Art. 26 GDPR, we must inform you below about the essentials of the joint responsibility agreement between us and Facebook:

11.2. YouTube

For embedding YouTube (two-click solution):
We use the services of YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a subsidiary of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users who have their habitual residence in the European Economic Area or Switzerland, Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland will be the controller with responsibility for your data.
We use a two-click solution to protect your personal data. When you access a page in which a YouTube video is embedded, a connection to the YouTube servers is established only when you click on the "Confirm" button. In this case, YouTube will set cookies and use your visit data for its own purposes. If you are logged in to YouTube at the time, the information about the videos you have viewed will be assigned to your YouTube member account. You can prevent this by logging out of your member account prior to visiting our website. Where data is processed outside the European Economic Area / the EU, where there is no level of data protection in line with the European standard, Google states that it uses standard contractual clauses.
Further information on data protection from YouTube is provided by Google at the following link:
If you wish to withdraw your consent to the transfer of data to YouTube, please click here.


Your data will not be transferred to third parties unless we are legally required to do so or the transfer of data is necessary for the execution of the contractual relationship or you have previously expressly granted consent for the transfer of your data.
External service providers and partner companies will only receive your data if this is necessary to fulfil the contract. In these cases, however, the amount of personal data transmitted is limited to the minimum necessary. Insofar as our service providers come into contact with your personal data, we ensure that they comply with the provisions of data protection laws in the same way as part of order processing in accordance with Art. 28 GDPR. Please also note the respective privacy statements of the providers. The respective service provider will be responsible for the content of external services, whereby we check the services for compliance with the legal requirements as far as reasonably possible.
We attach great importance to processing your personal data within the EU/EEA. However, we may use service providers who process personal data outside the EU/EEA. In these cases, we ensure that an appropriate level of data protection is established with the recipient before your personal data is transferred. This means that a level of data protection is achieved via EU standard contracts or an adequacy decision that is comparable to the standards within the EU.


We have taken extensive technical and operational precautions to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised parties. Our security procedures are reviewed on a regular basis and adapted in accordance with technological progress.

Status: October 2023