The following provides information on how we gather personal data when our website is used. Personal data includes all data which is personally identifiable to you, e.g. name, address, email addresses, user behaviour. We have undertaken extensive technical and operational precautions to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are checked regularly and adapted in line with technological advances.
1. "Controller" of data processing
2. Ways of contacting the data protection officer
3. Your rights
4. Gathering of personal data when visiting our website
5. Getting in contact by email or via a contact form
9. Website analysis
10. Google Analytics
11. Social Networks
12. Transfer of data
13. Data security
The "Controller" in accordance with Art. 4 Para. 7 of the EU General Data Protection Regulation (GDPR) is Alte Oper Frankfurt Konzert- und Kongresszentrum GmbH, Opernplatz, 60313 Frankfurt, Germany, firstname.lastname@example.org (see our legal imprint).
You can reach our data protection officer by emailing email@example.com or posting us a letter with "Data protection officer" added to the address.
3. YOUR RIGHTS
You are entitled to the following rights with respect to your personal data:
3.1. GENEREAL RIGHTS
You have the right to access your data, have it rectified or deleted, restrict processing, object to processing, and are entitled to data portability. If processing is being performed on the basis of your consent, you have the right to revoke this consent with future effect.
3.2. RIGHTS WITH RESPECT TO DATA PROCESSED IN ACCORDANCE WITH A LEGITIMATE INTEREST
According to Art. 21 Para. 1 GDPR, you have the right to object at any time to the processing of your personal data being performed on the basis of Art. 6 Para. 1 e GDPR (data processing in the public interest) or Art. 6 Para. 1 f (processing to maintain a legitimate interest) – or profiling based on these provisions – on grounds relating to your particular situation. In the event of an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
3.3. DIRECT MARKETING RIGHTS
If we process your personal data to perform direct marketing, Art. 21 Para. 2 GDPR stipulates that you have the right to object at any time to the processing of your personal data for the purposes of such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, we will no longer process the data for such purposes.
3.4. RIGHT TO COMPLAIN TO A SUPERVISORY AUTHORITY
You are also entitled to complain to the relevant data protection supervisory authority about the processing of your personal data by us.
4. GATHERING OF PERSONAL DATA WHEN VISITING OUR WEBSITE
If you are simply using our website for informational purposes and you do not register or otherwise transmit information to us, we will only gather the personal data that your browser sends to our servers. If you would like to view our website, we gather the following data, which is required for technical reasons to display our website and ensure stability and security. The legal basis for this is Art. 6 Para. 1 f GDPR:
–IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, the website from which the request originates, browser, operating system and its interface, language and version of the browser software.
When you contact us by email or via a contact form, we store the data you provide (your email address, where applicable: your name and telephone number) in order to respond to your questions. If we ask for information via our contact form which is not required for getting in touch, we always mark this as optional. This information helps us to narrow down and better process your query. Providing this information is explicitly voluntary and based upon your consent, Art. 6 Para. 1 a GDPR. If the information provided relates to communication channels (e.g. email address, telephone number), you also consent to being contacted via these channels to enable us to respond to your query. Naturally, you can revoke this consent at any time with future effect.
We will delete this data once its storage is no longer necessary or restrict the processing if statutory retention periods apply.
With your consent in accordance with Art. 6 Para. 1 a GDPR, you can subscribe to our newsletter to be kept up-to-date with our latest offers.
We use a "double opt-in" for our newsletter subscription process. This means that we send an email to the email address provided after you sign up asking you to confirm that you would like to be sent the newsletter. If we do not receive your confirmation within 48 hours, your information will be blocked and automatically deleted after a month.
We also store the IP addresses you use and the times at which you sign up and confirm. The reason for this procedure is to evidence your registration and for clarification purposes in the event of any misuse of your person data.
Once you confirm, we store your email address for the purposes of sending the newsletter. The legal basis is Art. 6 Para. 1 a GDPR.
You can revoke your consent to being sent newsletters at any time and unsubscribe from the newsletter. Simply click on the link provided in each newsletter to do so or declare your wish to revoke consent by contacting the data protection officer indicated above.
You can submit a job application to our company electronically. We will naturally only use your information to process your application and will not pass it on to third parties. Please be aware that emails sent unencrypted cannot be transmitted with access protection.
If you have applied for a specific position and it has already been filled, or we think you would be better suited to another position, we will gladly pass your application throughout the company. Please advise us if you do not consent to your details being passed on in this way.
Your personal data will be deleted immediately once the application process is complete, or a maximum of 6 months thereafter, unless you explicitly consent to a longer retention period for your data, or in the event that we conclude an employment contract with you. The legal basis is Art. 6 Para. 1 a, b and f GDPR and Section 26 of the German Federal Data Protection Act (BDSG).
The following provides information on the types of cookies this website uses, their scope and the way in which they work:
8.1. SESSION COOKIES & PERSISTENT COOKIES
There are different types of cookies. Session cookies are data that are only temporarily stored in memory and are deleted when you close your browser. Permanent or persistent cookies are deleted automatically after a pre-defined time, which can vary from cookie to cookie. This type of cookie may have information stored in text files on your device. You can, however, delete these cookies at any time through your browser's settings.
8.2. PREVENTING COOKIES
You can configure your browser settings to match your preferences, e.g. reject third-party cookies or all cookies, but please be aware that you may not be able to use all the functions on this website.
8.3. LEGAL BASES AND RETENTION PERIOD
The legal bases for potential personal data processing operations vary, as do the applicable retention periods; please see the following sections for more information in this regard.
We use various services to analyse and optimise our websites which are presented in the following. These services allow us, for example, to find out how many users visit our site, which information is most in demand, or how users found out about our online offering. We gather data such as the Internet page a user was visiting prior to arriving on our site (known as a "referrer"), which sub-pages on the website were accessed, or how often and for how long a sub-page was viewed. This helps us to improve our offerings and make them more user-friendly. The data gathered cannot be used to personally identify individual users; it is anonymous or at most, pseudonymous. The legal basis for this is Art. 6 Para. 1 a GDPR.
If you have given your consent, this website uses Google Analytics, a web analysis service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
10.1. SCOPE OF THE PROCESSING
We use the function 'anonymizeIP' (so-called IP-Masking): Due to the activation of IP-anonymisation on this website, your IP-address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.
During your visit of our website, the following data, among others, is recorded:
• the pages you call up, your "click path"
• Achievement of "website objectives (conversions, e.g. newsletter subscriptions, downloads, purchases)
• Your user behaviour (e.g. clicks, dwell time, bounce rates)
• Your approximate location (region)
• Your IP address (in abbreviated form)
• technical information about your browser and the terminals you use (e.g. language settings, screen resolution)
• Your internet provider
• the referrer URL (via which website/advertising medium you came to this website)
10.2. PURPOSES OF THE PROCESSING
On behalf of the operator of this website, Google will use this information to evaluate your pseudonym use of the website and to compile reports on website activities. The reports provided by Google Analytics serve to analyse the performance of our website.
The recipient of the data is
• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
as a contract processor. For this purpose we have concluded a contract processing agreement with Google. Google LLC, based in California, USA, and, where applicable, US authorities may access the data stored by Google.
10.4. TRANSFER TO THIRD COUNTRIES
A transfer of data to the USA cannot be excluded.
10.5. STORAGE PERIOD
The data sent by us and linked to cookies are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by
a. not give your consent to the setting of the cookie or
b. download and install the browser add-on to disable Google Analytics here.
You can also prevent the storage of cookies by adjusting your browser software accordingly. However, if you configure your browser to refuse all cookies, this may limit the functionality of this and other websites.
10.6. LEGAL BASIS AND RIGHT OF WITHDRAWAL
Legal basis and right of withdrawal for this data processing is your consent, Art.6 para.1 S.1 lit.a DSGVO. You can withdraw your consent at any time with effect for the future by calling up the cookie settings and changing your selection there.
We officially present ourselves on the following social networks:
At no time do we collect, store or process personal data of our users on these pages. Furthermore, no other data processing is carried out or initiated by us. The data entered on our Facebook an Instagram pages, such as comments, videos or pictures, are at no time used or processed by us for other purposes. The social networks may use so-called web tracking methods on their pages. It cannot be excluded that social networks may use profile data of our users, for example to evaluate their habits, personal relationships, preferences, etc. We have no influence on the processing of personal data by the social networks. When calling up our pages on the social networks, our data protection declaration can also be viewed there via a corresponding direct link or via a link to our website on which the data protection declaration is provided. Please also note the declarations of the respective providers there.
On embedded YouTube videos (privacy-enhanced mode):
On our website we make use of services offered by YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.
To protect your personal data, we use the privacy-enhanced mode offered by YouTube. When you open a page that contains an embedded YouTube video, a connection is established with the YouTube servers, and the content is transmitted to your browser on the website by way of notification. However, according to information provided by YouTube, data will only be sent to the YouTube server in "privacy-enhanced mode" if you actually start the video yourself. If you are logged into YouTube at this time, the data regarding the video that you have watched will be associated with your YouTube user account.
You can prevent this by logging out of your user account before you visit our website.
As a matter of principle, your data will not be transferred to third parties unless we are legally obliged to do so, or the transfer of data is necessary for the execution of the contractual relationship, or you have explicitly consented to the transfer of your data in advance.
External service providers and partner companies only receive your data as far as this is necessary for the fulfilment of the contract. In these cases, however, the scope of the personal data transmitted is limited to the required minimum. Insofar as our service providers come into contact with your personal data, we ensure within the scope of order processing in accordance with Art.28 DSGVO that they comply with the regulations of the data protection laws in the same way. Please also note the respective data protection notices of the service providers. The respective service provider is responsible for the content of external services, whereby we check those for compliance with legal requirements within the scope of reasonableness.
We attach great importance to process your personal data within the EU / EEA. However, it may happen that we use service providers who process personal data outside the EU / EEA. In these cases we ensure that an adequate level of data protection is established at the recipient prior to the transfer of your personal data. This means that a level of data protection comparable to the standards within the EU is achieved by means of EU standard contracts or an adequacy finding.
We have undertaken extensive technical and operational precautions to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are checked regularly and adapted in line with technological advances.