Data protection

We take data protection seriously and hereby inform you about how we process your data and what rights and claims you have under data protection regulations. Valid from May 25, 2018.

Part 1 of the Privacy Policy: Privacy Information in accordance with the General Data Protection Regulation (GDPR)

Responsible entity for data processing and contact details

Responsible entity in terms of data protection law:
Gürzenich Orchestra Cologne
Bischofsgartenstr. 1
50667 Cologne, Germany

Contact details of our data protection officer:
Gürzenich Orchestra Cologne
Data Protection Officer
Bischofsgartenstr. 1
50667 Cologne, Germany
DSB-GuerzenichOrchester@he-c.de

2. Purposes and Legal Basis for Processing Your Data

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable data protection regulations (details below). The specific data we process and how we use it depends largely on the services requested or agreed upon. Additional details or updates regarding data processing purposes can be found in contractual documents, forms, consent declarations, or other information provided to you (e.g., through our website or our terms and conditions). This privacy policy may also be updated from time to time, as indicated on our website www.guerzenich-orchester.de .

2.1 Purposes for Fulfilling a Contract or Pre-Contractual Measures (Article 6(1)(b) GDPR)

We process personal data to carry out our contracts with you, fulfill your orders, and perform activities related to pre-contractual relationships, such as with potential customers.

Specifically, processing is required for handling your subscription(s) or order(s) according to your requests and includes the necessary services, measures, and activities.

This includes contract-related communication, billing and payment transactions, verification of transactions, orders, and agreements, as well as quality control through documentation, customer support, business process optimization, compliance with general due diligence obligations, corporate control and oversight (e.g., by a parent company), statistical evaluations, cost control, internal and external reporting, emergency management, tax assessment, risk management, legal claims enforcement, IT security, building and facility security, access controls, data integrity, fraud prevention, and audits.

2.2 Purposes Within Our or Third Parties’ Legitimate Interests (Article 6(1)(f) GDPR)

Beyond fulfilling contracts, we may process your data when necessary to protect legitimate interests of ours or third parties, particularly for:

Advertising, market research, or opinion polling (unless you object)
Credit checks and exchanges of financial information
Assessing and optimizing business needs
Developing new services and products
Disclosing data during company sales negotiations
Screening against anti-terror lists
Enhancing our database with publicly available data
Conducting statistical analyses and benchmarking
Enforcing legal claims not directly related to a contract
Retaining data when deletion is impractical or disproportionately burdensome
Developing scoring and automated decision-making systems
Preventing and investigating crimes
Enhancing security (e.g., access control, video surveillance)
Conducting internal/external investigations and safety checks
Recording phone calls for quality control and training
Maintaining industry or regulatory certifications
Protecting house rights through security measures, including video monitoring

2.3 Purposes Based on Your Consent (Article 6(1)(a) GDPR)

We may process your data for specific purposes (e.g., using your email for marketing) based on your consent. You can usually revoke consent at any time, including for consents given before May 25, 2018 (when GDPR took effect). The revocation applies only to future processing. Processing that occurred before revocation remains lawful.

2.4 Purposes for Legal Obligations (Article 6(1)(c) GDPR) or Public Interest (Article 6(1)(e) GDPR)

Like all businesses, we are subject to various legal obligations (e.g., commercial and tax laws) as well as regulatory requirements. These include:

Tax compliance and reporting
Data retention for data protection and security purposes
Disclosure of personal data in legal or governmental proceedings

3. Categories of Data We Process and Their Sources

If required, we process personal data received from other companies or third parties (e.g., ticket vendors) in a lawful manner. We may also process publicly available data from media sources.

Relevant data categories include:

Personal data (e.g., name, birth date, nationality, profession)
Contact details (e.g., address, email, phone number)
Payment confirmations for bank or credit transactions
Customer history
Data on how you use our digital services (e.g., website visits, clicks, or form submissions)

4. Recipients or Categories of Recipients of Your Data

Within our organization, your data will be made available to those internal departments or organizational units that require it to fulfill our contractual and legal obligations or as part of processing and implementing our legitimate interests. Your data will only be shared with external parties in the following cases:

In connection with contract processing
For the purpose of fulfilling legal obligations that require us to provide information, report, or transfer data, or if the data transfer is in the public interest (see Section 2.4)
If external service providers process data on our behalf as processors or function assumeers (e.g., ticket service providers or ticket sales software providers, data centers, support/maintenance of IT/IT applications, archiving, document processing, call center services, compliance services, controlling, data validation or plausibility checks, data destruction, procurement, customer management, direct mail services, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, financial institutions, printing companies, data disposal companies, courier services, logistics)
Based on our legitimate interests or the legitimate interests of a third party for the purposes mentioned in Section 2.2 (e.g., to authorities, credit agencies, debt collection, lawyers, courts, experts, affiliated companies, and committees, and control bodies)
If you have given us consent to transfer your data to third parties.

As a visitor to an event, you may also consent to the recording of images related to you, which may be carried out on behalf of the event organizers for the publication of the stage event, especially for broadcasting on television or making it available online (streaming). In such cases, we will inform our visitors about the upcoming video recording through notices in the foyers.

We will not share your data with third parties beyond the cases described above. When we engage service providers under a contract processing arrangement, your data will be subject to the same security standards as with us. In other cases, recipients are only allowed to use the data for the purposes for which it was transferred.

5. Duration of Data Storage

We process and store your data for the duration of our business relationship. This includes the initiation of a contract (pre-contractual relationship) and the execution of a contract.

In addition, we are subject to various retention and documentation obligations that arise, among other things, from the Commercial Code (HGB) and the Fiscal Code (AO). The retention periods prescribed there for storage or documentation are up to ten years beyond the end of the business relationship or the pre-contractual relationship.

Furthermore, specific legal provisions may require a longer retention period, such as the preservation of evidence in accordance with statutory limitation rules. According to Sections 195 ff. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also apply.

If the data is no longer necessary for the fulfillment of contractual or legal obligations and rights, it will generally be deleted unless its - limited - further processing is necessary for the fulfillment of the purposes listed in Section 2.2 for an overriding legitimate interest. Such an overriding legitimate interest may exist, for example, when deletion is not possible or only with disproportionate effort due to the special nature of the storage, and processing for other purposes is excluded by suitable technical and organizational measures.

6. Processing Your Data in a Third Country or by an International Organization

Data may be transferred to entities in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) when it is necessary for the execution of an order/contract with you, is legally required (e.g., tax reporting obligations), is based on our legitimate interests or those of a third party, or if you have given us consent.

In this context, the processing of your data in a third country may also occur in connection with the involvement of service providers under contract processing. If no EU Commission decision exists regarding the adequacy of the data protection level in the relevant country, we will ensure, according to EU data protection regulations, through appropriate contracts that your rights and freedoms are adequately protected and guaranteed. Detailed information can be provided upon request.

Information about the appropriate or suitable guarantees and the possibility of obtaining a copy of them can be requested from the company’s Data Protection Officer.

7. Your Data Protection Rights

Under certain circumstances, you may assert your data protection rights against us.

You have the right to obtain information about the data we have stored about you, in accordance with Article 15 GDPR (subject to limitations under Section 34 BDSG).
Upon your request, we will correct the data we have stored about you according to Article 16 GDPR if it is inaccurate or erroneous.
If you wish, we will delete your data according to the principles of Article 17 GDPR, provided that no other legal regulations (e.g., statutory retention obligations or restrictions under Section 35 BDSG) or overriding interests on our part (e.g., to defend our rights and claims) prevent this.
Considering the conditions of Article 18 GDPR, you can request that we restrict the processing of your data.
Additionally, you have the right to object to the processing of your data under Article 21 GDPR, in which case we must cease processing your data. However, this right of objection only applies if there are special circumstances related to your personal situation, and rights of our company may contradict your right of objection.
You also have the right to receive your data in a structured, commonly used, and machine-readable format under the conditions of Article 20 GDPR, or to transmit it to a third party.
Furthermore, you have the right to withdraw any consent you have given regarding the processing of personal data at any time with effect for the future (see Section 2.3).
In addition, you have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR). However, we recommend that you first direct any complaints to our Data Protection Officer.
Your requests for the exercise of your rights should ideally be submitted in writing to the address provided above or directly to our Data Protection Officer.

8. Scope of Your Obligation to Provide Us with Your Data

You are only required to provide the data that is necessary for the initiation and execution of a business relationship or for a pre-contractual relationship with us, or data that we are legally obligated to collect. Without this data, we will generally not be able to enter into or perform the contract. This may also apply to data required later in the course of the business relationship. If we request additional data from you, you will be separately informed of the voluntary nature of providing such information.

9. Existence of Automated Decision-Making in Individual Cases (Including Profiling)

We do not use any purely automated decision-making processes as defined in Article 22 GDPR. Should we use such processes in individual cases in the future, we will inform you separately if this is legally required.

In certain circumstances, we may partially process your data with the aim of evaluating specific personal aspects (profiling).

To provide you with targeted information and advice about products, we may use analysis tools. These tools enable demand-oriented product design, communication, and advertising, including market and opinion research.

Information about nationality or special categories of personal data pursuant to Article 9 GDPR are not processed in this context.

10. Information About Your Right to Object under Article 21 GDPR

You have the right to object at any time to the processing of your personal data that is carried out on the basis of Article 6(1)(f) GDPR (data processing based on a balancing of interests) or Article 6(1)(e) GDPR (data processing in the public interest), if there are reasons for doing so that arise from your particular situation. This also applies to profiling based on these provisions within the meaning of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

We may also process your personal data for the purpose of direct marketing. If you do not wish to receive advertising, you have the right to object to this at any time; this also applies to profiling, to the extent that it is related to such direct marketing. If you object, we will no longer use your data for direct marketing purposes.

The objection can be made without a specific form and should preferably be addressed to:

Gürzenich Orchestra Cologne
Bischofsgartenstr. 1
50667 Cologne, Germany
Phone: +49 221 221 22431

Part 2 of the Privacy Policy: Additional Privacy Information for Our Website

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to any data with which you can be personally identified. Detailed information on data protection can be found in the privacy policy listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section "Information on the Responsible Party" in this privacy policy.

How do we collect your data?

Some of your data is collected when you provide it to us. This could, for example, be data you enter in a contact form.

Other data is collected automatically or with your consent when you visit the website by our IT systems. This data is primarily technical (e.g. internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter the website.

What do we use your data for?

Part of the data is collected to ensure the website is provided without errors. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to receive information free of charge at any time about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you can withdraw this consent at any time for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the relevant supervisory authority.

You can contact us at any time regarding this or any other questions about data protection.

Analytics and third-party tools

When visiting this website, your browsing behavior may be statistically evaluated. This is primarily done using so-called analysis programs.

Detailed information on these analysis programs can be found in the following privacy policy.

Data collection on this website

Cookies

Our websites use so-called cookies. Cookies are small data packets that do no harm to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain on your device until you delete them or they are automatically deleted by your web browser.

Cookies may be set by us (first-party cookies) or by third-party companies (third-party cookies). Third-party cookies allow certain services provided by third-party companies to be integrated within websites (e.g. cookies for payment processing services).

Cookies serve various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or displaying videos). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies necessary for the electronic communication process, to provide certain functions you have requested (e.g. for the shopping cart), or to optimize the website (e.g. cookies for measuring the web audience) are stored based on Article 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimized provision of its services. If consent to store cookies and similar recognition technologies was requested, processing is carried out solely on the basis of this consent (Article 6(1)(a) GDPR and § 25(1) TDDDG); consent can be revoked at any time.

You can configure your browser to notify you about the setting of cookies and to allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when the browser is closed. Disabling cookies may limit the functionality of this website.

You can find out which cookies and services are used on this website in this privacy policy.

Inquiries by email, phone, or fax

If you contact us by email, phone, or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

This data is processed based on Article 6(1)(b) GDPR if your request is related to the fulfillment of a contract or is necessary for carrying out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of requests submitted to us (Article 6(1)(f) GDPR) or your consent (Article 6(1)(a) GDPR), if it was requested; consent can be withdrawn at any time.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.

Registration on this website

You can register on this website to use additional functions offered on the site. We will use the data entered only for the purpose of using the respective offer or service for which you registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

In case of important changes, such as changes to the scope of our offers or technically necessary updates, we will use the email address provided during registration to inform you.

The processing of the data entered during registration takes place for the purpose of fulfilling the usage relationship established by the registration and, if necessary, for initiating further contracts (Article 6(1)(b) GDPR).

The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Legal retention periods remain unaffected.

Analysis Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or carry out independent analyses. It is solely used for the management and deployment of the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

The use of Google Tag Manager is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on the website. If consent has been requested, processing is based exclusively on Article 6(1)(a) GDPR and § 25(1) TDDDG, to the extent the consent includes the storage of cookies or access to information on the user’s device (such as device fingerprinting) as defined by the TDDDG. Consent can be revoked at any time.

The company is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that is intended to ensure compliance with European data protection standards for data processing in the U.S. Companies certified under the DPF are obligated to comply with these data protection standards. Further information can be found here: www.dataprivacyframework.gov/participant/5780

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data such as page views, time spent on pages, operating systems used, and the user’s origin. This data is assigned to the user’s respective device. No user ID is used.

Google Analytics can also record your mouse and scroll movements and clicks. In addition, Google Analytics uses various modeling approaches to supplement the collected data and applies machine learning technologies for data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (for example, cookies or device fingerprinting). The information collected by Google regarding your use of this website is usually transferred to a Google server in the United States and stored there.

The use of this service is based on your consent in accordance with Article 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

The transfer of data to the USA is based on the European Commission’s standard contractual clauses. Details can be found here: privacy.google.com/businesses/controllerterms/mccs/

IP anonymization

We have activated IP anonymization on this website. As a result, your IP address will be shortened by Google within member states of the European Union or other parties to the Agreement on the European Economic Area before being transferred to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the U.S. and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide the website operator with other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout

For more information on how Google Analytics handles user data, please refer to Google’s privacy policy: support.google.com/analytics/answer/6004245

Google Ads

The website operator uses Google Ads, an online advertising program by Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when users enter specific search terms (keyword targeting). Additionally, targeted ads can be shown based on available user data (e.g., location and interests) through audience targeting. We, as the website operator, can quantitatively analyze this data by examining which search terms triggered our ads and how many clicks they received.

The use of this service is based on your consent under Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: policies.google.com/privacy/frameworks and business.safety.google/controllerterms/.

The company is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States aimed at ensuring compliance with European data protection standards for data processing in the U.S. Any company certified under the DPF commits to adhering to these standards. Further information is available from the provider at the following link: www.dataprivacyframework.gov/participant/5780.

Google Ads Remarketing

This website utilizes Google Ads Remarketing. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign individuals who interact with our online offerings to specific target groups, allowing us to display interest-based ads to them within the Google advertising network (remarketing or retargeting).

Furthermore, audiences created with Google Ads Remarketing can be linked with Google's cross-device features. This means that interest-based, personalized advertisements tailored to your previous usage and browsing behavior on one device (e.g., smartphone) can also be shown on another of your devices (e.g., tablet or PC).

If you have a Google account, you can object to personalized advertising at the following link: adssettings.google.com/anonymous.

The use of this service is based on your consent under Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be withdrawn at any time.

Further information and the privacy policy can be found in Google's privacy statement at: policies.google.com/technologies/ads.

Audience Creation with Customer Matching

For audience creation, we use, among other tools, Google's Customer Match in Ads Remarketing. In this process, we provide certain customer data (e.g., email addresses) from our customer lists to Google. If the respective customers are Google users and logged into their Google account, they will be shown relevant ads within the Google network (e.g., on YouTube, Gmail, or in the search engine).

Hotjar

This website uses Hotjar. Provider: Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (Website:

Hotjar is a tool for analyzing user behavior on this website. With Hotjar, we can record, among other things, your mouse and scroll movements and clicks. Hotjar can also determine how long you hovered over a particular spot. From this information, Hotjar creates so-called heatmaps, which help identify which areas of the website are most viewed by visitors.

Additionally, we can determine how long you stayed on a page and when you left it. We can also identify where you abandoned entries in a contact form (so-called conversion funnels).

Furthermore, Hotjar allows us to collect direct feedback from website visitors. This feature serves to improve the website offerings of the website operator.

Hotjar uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting).

If consent has been obtained, the use of this service is based solely on Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be withdrawn at any time. If no consent was obtained, the use of this service is based on Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in analyzing user behavior to optimize both its web offerings and its advertising.

Deactivating Hotjar

If you wish to deactivate data collection by Hotjar, click on the following link and follow the instructions there:

Please note that deactivating Hotjar must be done separately for each browser or device.

Further information about Hotjar and the data collected can be found in Hotjar's privacy policy at the following link:

Data Processing Agreement

We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a legally required contract that ensures the service provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Meta Pixel (formerly Facebook Pixel)

This website uses the Facebook/Meta Pixel for conversion measurement. Provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries.

This allows tracking of the behavior of page visitors after they are redirected to the provider's website by clicking on a Facebook ad. This enables the evaluation of the effectiveness of Facebook ads for statistical and market research purposes

This website uses the following cookies:

cookie_consent_settings, trackingpermissions
Provider and purpose: Stores the settings of the cookie manager.
Category: Necessary
Storage: 60 years

csrftoken
Provider and purpose: Content Management System (CMS). Helps prevent so-called Cross-Site Request Forgery (CSRF) attacks.
Category: Necessary
Storage: 1 year

Google Analytics (_ga, _gat, _gid, _gat_gtag_UA)
Provider and purpose: Used to generate usage statistics and manage multiple requests. This helps us understand from which websites, how often, from which countries, with which devices, and how long our website is accessed in order to improve it. Cookies can distinguish individual users via a randomly generated ID to avoid duplicate counting.
Category: Analytics & Optimization
Storage: 1 minute (_gat, _gat_gtag_UA), 1 day (_gid), 1 year (_ga)

Google Adsense (_gcl_au)
Provider and purpose: Google Adsense, for creating user statistics and assigning a randomly generated user ID.
Category: Analytics & Optimization
Storage: 80 days

Google Adwords (_gcl_aw)
Provider and purpose: Google Adwords, to track and attribute conversions to the respective ads.
Category: Analytics & Optimization
Storage: 3 months

Hotjar (_hjid, _hjptid, _hjTLDTest, _hjIncludedInPageviewSample)
Provider and purpose: For analyzing user behavior. Helps us understand how much time is spent on which pages, which buttons are clicked, how far users scroll, the screen size of the device, device type and browser information, from which countries our website is accessed, and the preferred language — all to help improve our website.
Category: Analytics & Optimization
Storage: End of session (_hjptid, _hjTLDTest), 1 year (_hjid, _hjIncludedInPageviewSample)

_fbp
Provider and purpose: Facebook, for displaying advertising products (e.g. real-time bids) from third-party advertisers.
Category: Marketing
Storage: 3 months

Eventim Webshop (BIGipServer~ ASP ~shopdomain.de, DWRSESSIONID, JSESSIONID, phoeniX)
Provider and purpose: Eventim, to ensure the functionality of the online shop (storing items and total amount, storing user session, single sign-on (SSO) authentication).
Category: Necessary
Storage: End of session

Part 3 of the Privacy Policy: Data Processing by Social Networks

This privacy statement applies to the following social media profiles:

- https://www.facebook.com/GuerzenichOrchester
- https://www.instagram.com/guerzenichorch/
- https://www.youtube.com/user/guerzenichorchester/

Data Processing by Social Networks

We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.

Social networks like Facebook, X, etc., can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presence triggers numerous data processing activities related to privacy. Specifically:

When you are logged into your social media account and visit our social media presence, the operator of the social media platform may assign this visit to your user account. Your personal data may also be collected if you are not logged in or do not have an account with the respective social media platform. This data collection may occur, for example, through cookies stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of social media platforms can create user profiles containing your preferences and interests. This enables them to display interest-based advertising both inside and outside of the respective social media platform. If you have an account with the respective social network, interest-based advertising may be shown on all devices where you are logged in or have been logged in.

Please also note that we cannot fully trace all processing activities on the social media platforms. Depending on the provider, additional processing activities may be carried out by the operators of the social media platforms. For details, please refer to the terms of use and privacy policies of the respective social media platforms.

Legal Basis

Our social media presence aims to ensure a comprehensive online presence. This constitutes a legitimate interest under Article 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which should be specified by the operators of the social networks (e.g., consent under Article 6(1)(a) GDPR).

Controller and Exercise of Rights

When you visit one of our social media profiles (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing triggered during your visit. You may exercise your rights (access, correction, deletion, restriction of processing, data portability, and complaints) against both us and the operator of the respective social media platform (e.g., Facebook).

Please note that despite the joint responsibility with the social media platform operators, we do not have full control over the data processing activities of the social media platforms. Our options are mainly governed by the policies of the respective provider.

Storage Duration

The data directly collected by us via the social media presence will be deleted from our systems as soon as you request deletion, withdraw your consent to storage, or the purpose for storing the data ceases to exist. Stored cookies remain on your device until you delete them. Mandatory legal provisions—especially retention periods—remain unaffected.

We have no influence on the storage duration of your data that is stored by the operators of the social networks for their own purposes. For details, please inform yourself directly with the operators of the social networks (e.g., in their privacy statement, see below).

Your Rights

You have the right to obtain information about the origin, recipients, and purpose of your stored personal data free of charge at any time. You also have the right to object, request data portability, and lodge a complaint with the competent supervisory authority. Furthermore, you may request the correction, blocking, deletion, or, under certain circumstances, the restriction of processing of your personal data.

Social Networks in Detail

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter referred to as Meta). According to Meta, the collected data is also transferred to the USA and other third countries.

We have entered into an agreement with Meta regarding joint processing (Controller Addendum). This agreement defines which data processing activities we and Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum

You can adjust your ad settings independently in your user account. To do so, click the following link and log in: https://www.facebook.com/settings?tab=ads

Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. For details, please visit: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381

Details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/

The company holds certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards for data processing in the USA. Any company certified under the DPF commits to adhering to these data protection standards. For more information, visit: www.dataprivacyframework.gov/participant/4452 .

Instagram

We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

For details on how your personal data is handled, refer to Instagram's privacy policy: https://privacycenter.instagram.com/policy/

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how your personal data is handled, refer to YouTube’s privacy policy: https://policies.google.com/privacy?hl=de