We take data privacy seriously and we are providing you information on how we process your data and what claims and rights you are entitled to, pursuant to the regulations under data privacy laws. Effective from 25th May 2018.
Responsible authority and contact details of the responsible authority within the meaning of the data privacy law:Gürzenich-Orchester Köln
Contact details of our Data privacy Officer:
2. Purpose and legal basis on which we process your data
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable data privacy regulations (details below). Which data will be processed in detail and how it will be used, depends largely on the respective requested or agreed services. Reference may be made to the respective contract documents, forms, declaration of consent and/or other information provided to you (e.g., while using our website or our terms and conditions) for further details or additions to the purposes of data processing. Apart from this, information on data privacy may be updated from time to time which you can obtain from our website www.guerzenich-orchester.de.
2.1 Purposes for the fulfilment of a contract or pre-contractual measures (Art. 6 Para 1 b GDPR)
Personal data is processed to implement our contracts with you and for the execution of your orders as well as implementation of measures and activities in the context of pre-contractual relationships, e.g. with interested parties.
The processing particularly serves to execute your subscription(s) or your order(s) according to your orders and desires and includes services, measures and activities necessary for this purpose.
The contractual communication with you essentially includes the corresponding billing and associated payment transactions, the traceability of transactions, orders and other agreements, as well as quality control by appropriate documentation, goodwill methods, measures for controlling and optimisation of business processes and for the fulfilment of the general duty of care, control and supervision by affiliated companies (e.g., parent company); statistical evaluations on corporate management, cost accounting and controlling, reporting system, internal and external communication, emergency management, billing and tax assessment of operating benefits, risk management, assertion of legal claims and defensiveness in legal disputes; ensuring IT security (system or plausibility tests, among others) and general security including building and plant security, securing and exercising domiciliary rights (e.g., by access controls); ensuring integrity, authenticity and availability of data, prevention and clarification of criminal offences; monitoring by supervisory bodies or supervisory authorities (e.g., auditing).
2.2 Purposes within the framework of legitimate interest on our part or of third parties (Art. 6 Para 1 f of GDPR)
Apart from the actual fulfilment of the contract or the pre-contractual obligations, we process your data whenever this is necessary to safeguard legitimate interests of our own or of third parties, for the following purposes, in particular:
- for advertising or market research and opinion survey insofar as you have not objected to the use of your data;
- for obtaining information and exchanging data with credit agencies insofar as this outweighs our economic risk;
- for survey and optimisation of processes for demand analysis;
- for further development of services and products as well as existing systems and processes;
- for the disclosure of personal data in the course of due diligence with respect to sales negotiations of the company;
- for comparison with European and international anti-terror lists if this goes beyond the legal obligations;
- for the enrichment of our data including by using or by researching publicly available data;
- for statistical evaluations or market analysis;
- for benchmarking;
- for the assertion of legal claims and defensiveness in legal disputes which are not directly attributable to the contractual relationship;
- for the limited storage of data if a deletion is not possible or is possible only with disproportionately high expenditure due to the specific type of storage;
- for the development of scoring systems or automated decision-making processes;
- for the prevention and clarification of criminal offences if not exclusively for the fulfilment of legal provisions;
- for building and plant security (e.g., by access control and video surveillance), if this goes beyond the general duties of care;
- for internal and external investigations, safety checks;
- for listening to or recording potential telephone conversations for quality control and training purposes;
- for the preservation and maintenance of certificates of private law or official and regulatory nature;
- securing and exercising the domiciliary rights by appropriate measures as well as video surveillance for the protection of our customers and employees as well as for safeguarding evidence in case of criminal offences and their prevention.
2.3 Purposes in accordance with your consent (Art. 6 Para 1 a of GDPR)
Your personal data can also be processed for certain purposes (e.g., using your email address for marketing purposes) based on your consent. Normally, you may withdraw this consent anytime. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, thus before 25th May 2018. You will be separately informed in the relevant text of the consent about the consequences of revocation or if consent is not given.
Generally, revocation of consent applies only for the future. Processing done before the revocation shall not be affected by this and remains lawful.
2.4 Purposes for the fulfilment of statutory requirements (Art. 6 Para 1 c of GDPR) or in the public interest (Art. 6 Para 1 e of GDPR)
Just as anyone who takes part in the economic process, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g., commercial and tax laws), but also supervisory law or other regulatory requirements, where applicable. The purposes of processing may also include compliance with monitoring and reporting obligations under the tax law as well as the archiving of data for the purposes of data privacy and data security as well as for purposes of audits by tax auditors and other authorities.
Furthermore, it may be necessary to disclose personal data in the context of supervisory/judicial measures for the purposes of taking evidence, prosecution or for the enforcement of civil law claims.
3. The categories of data not directly obtained from you and processed by us, and their origin
Insofar as it is necessary for the provision of services, we may process permissible personal data obtained from other companies or third-parties (e.g., ticketing services). In addition, we may process permissible personal data drawn, received or acquired from publicly accessible sources, press, internet or other media).
Relevant personal data categories may be, in particular:
Personal details (name, date of birth, place of birth, nationality, marital status, occupation/industry and similar data); contact details (address, email address, phone number and similar data); payment/insurance cover note for bank card and credit cards; customer history; data about your use of the tele media offered by us (e.g., time of viewing our websites, apps or newsletter, our pages/links or entries and similar data).
4. Recipients or categories of recipients of your data
The internal departments or organisational units of our company obtain your data that is required for the compliance of our contractual and legal obligations or for processing and implementation of our interests to which we are entitled. Your data may be passed on to external departments solely
- in connection with the execution of the contract
- for the purpose of compliance with statutory provisions in respect of which we are obligated to inform, report or forward data or where the forwarding of data is in the public interest (cf. Clause 2.4).
- Insofar as the external service provider process data on our behalf as order processor or as a company that assumes functions on our behalf (e.g., ticketing service providers or ticketing software-provider, data centres, support/maintenance of EDP/ IT applications, archiving, document processing, call centre services, compliance services, controlling, data validation or plausibility check, obliteration of data, purchasing/procurement, customer management, lettershop services, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printing industries or companies for data transfer, courier services, logistics)
- for the purposes mentioned in Clause 2.2 by virtue of our interests or of third-party‘s legitimate interests (e.g., to authorities, credit agencies, collection agents, attorneys, courts, appraisers, affiliated companies and committees and supervisory authorities).
- if you have given us a consent for conveyance of data to third-parties.
- As a visitor to an event, you may also consent to taking your personal image which is occasionally carried out on behalf of the organizers for the publication of the stage event, especially for broadcasting on television or for making available on the internet (streaming). In these cases, we will inform our visitors about the forthcoming video recordings by means of notices in the foyer.
We shall not forward your data to third-parties beyond that. If we engage a service provider for processing an order, your data will be subject to the same security standards there as with us. In all other cases, the recipients may only use the data for the purposes for which it has been forwarded to them.
5. Duration of retention of your data
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
Furthermore, we are subject to various retention and documentation obligations that arise from the German Commercial Code (HGB) and German Fiscal Code (AO). The periods for retention and/or documentation stipulated therein are up to ten years beyond the end of the business relationship and/or the pre-contractual legal relationship.
Further, special statutory provisions may require a longer period for retention, e.g., for the preservation of evidence in the context of statutory provisions on limitation. Pursuant to §§ 195 ff. of the German Civil Code (BGB), the regular limitation period is 3 years, but even limitation periods of up to 30 years may also be applicable.
If the data is no longer required for the fulfilment of contractual or legal obligations and rights, it is regularly deleted unless its further processing is necessary – for a short period of time – for the fulfilment of purposes listed in Clause 2.2 owing to a predominantly legitimate interest. One such predominantly legitimate interest exists, e.g., if a deletion is not possible due to the special type of storage or is possible only with a disproportionately high expenditure and a processing for other purposes is impossible by appropriate technical and organisational measures.
6. Processing of your data in a third country or by an international organisation
Data is transferred to offices in countries outside of European Union (EU) or the European Economic Area (EEA) (the so-called third-countries) only if it is necessary for the execution of your order/for the execution of a contract with you, it is mandatory by law (e.g., reporting requirements under the fiscal law), it is in our interests or third-party’s legitimate interest or if you have given your consent.
Your data can also be processed in a third country with the involvement of service providers as part of order processing. If the EU Commission has not made an adequacy decision on the level of data privacy for the country concerned, we guarantee that your rights and liberties will be adequately protected and guaranteed in accordance with EU data privacy requirements through appropriate contracts. We will provide you with the relevant detailed information on request.
You may make a request with the company's data privacy officer for information on suitable or appropriate guarantees and the possibility to obtain a copy.
7. Your data privacy rights
You can exercise your data privacy rights against us on certain conditions
- You have the right to obtain information on your data stored by us in accordance with the regulations of Art. 15 GDPR (subject to restrictions under § 34 of BDSG, if applicable).
- Upon your request, we will rectify the stored data about you in accordance with Art. 16 GDPR, if it is inappropriate or erroneous.
- If you so desire, we will delete your data according to the principles of Art. 17 of GDPR, provided that other legal regulations (e.g., statutory obligations to preserve and retain records or the restrictions according to § 35 BDSG) or an overriding interest on our part (e.g., to defend our rights and claims) are not in conflict with this.
- Having regard to the prerequisites of Art. 18 GDPR, you may also require us to restrict the processing of your data.
- Moreover, you may also object to the processing of your data in accordance with Art. 21 of GDPR, on the basis of which we must stop processing your data. However, this right of objection only applies in exceptional circumstances of your personal situation, whereby our company's rights may come in conflict with your right of objection.
- Moreover, you also have the right, under the conditions set out in Art. 20 of GDPR, to obtain data in a structured, well-established and machine-readable format or to transmit such data to a third-party.
- In addition, you have the right to revoke your consent to the processing of personal data any time with future effect (cf. Clause 2.3).
- You also have the right of appeal with a data privacy authority (Art. 77 of GDPR). However, we recommend that you always raise a complaint with our data privacy officer first.
If possible, your requests to exercise your rights should be addressed in writing to the above address or directly to our data privacy officer.
8. Scope of your duties to provide us your data
You are required to provide only as much data as is required for the initiation and execution of a business relationship or for a pre-contractual relationship with us or for the collection of which we are bound by the law. Without this data, we generally will not be in a position to conclude or execute a contract. This may relate to data that is required later as part of a business relationship. Provided that if we request additional data, you will be separately informed about the voluntary nature of the information.
9. Existence of an automated decision-making in individual case (including profiling)
Pursuant to Article 22 of the GDPR, we do not employ any purely automated decision-making procedure. If we use any such procedure in the future in individual cases, we will inform you separately about this, provided that this is prescribed by law.
Under certain circumstances, we shall partially process your data with the aim of appraising certain personal aspects (profiling).
In order to be able to provide and advice you targeted information on products, we may use evaluation tools, where necessary. This facilitates a need-based product design, communication and promotion including market research and opinion survey.
Information on nationality and special categories of personal data will not be processed pursuant to Art. 9 GDPR.
10. Information on your right of objection under Art. 21 of GDPR
1. You have the right to file an objection anytime against the processing of your data that is done on the basis of Art. 6 Para 1 f of GDPR (data processing on the basis of weighing of interests) or Art. 6 Para 1 e of GDPR (data processing in public interest), if there is a ground that arises from your special situation. This also applies to a profiling based on this provision within the meaning of Art. 4 No. 4 of GDPR.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling reasons worthy of protection for the processing that outweigh your interests, rights and liberties, or the processing serves to assert, exercise or defend legal claims.
2. We may also process your personal data in order to carry on direct advertising. If you do not wish to receive promotions, you have the right to object to this at any time; this also applies to profiling to the extent it is associated with such direct advertising. We will consider this objection with future effect.
We will no longer process your data for the purposes of direct advertising if you object to processing for this purpose. The objection may be raised in any form and be preferably addressed to
0221 221 22431
Part 2 of Data Privacy Statement: Information for using the website
Other information on data privacy and using the website
Use of Google Analytics
The website uses Google Analytics, a web analysis service from Google Inc. („Google“). Google Analytics used the so-called. „Cookies“, text files, that are stored on your computer and enables analysis of your use of the website. The information generated by the cookie regarding the use of this website is generally transmitted to a Google server in Ireland and stored there. In cases where IP-anonymization is activated on this website, your IP-address will however be truncated beforehand by Google within member states of the European Union or other contracting states of the agreement on the European Economic Area. Only in exceptional cases, the full IP address will be transmitted to the Google Server in Ireland and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of this website, to compile reports on the website activities and to render the website operator additional services associated with the website and internet use. The IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data. You may prevent the storage of cookies by an appropriate setting in your browser software; however, we would like to point out that in this case, you will not be able to fully use all the functions of this website. You may also prevent the collection of data generated by the cookie and related to your use of the website (incl. your IP address) as well as processing of this data by Google by downloading and installing the browser-plugins available in the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
Use of remarketing or „Similar target groups“ function of Google Inc.
We use remarketing or „similar target groups“ function of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). This function analyses user behaviour and user interests.
At the same time, your data will be transmitted, if necessary, even to the USA. For transmission of data to the USA, there is an adequacy decision of the European Commission.
The processing takes place on the basis of Art. 6 (1) lit. f of GDPR from the legitimate interests, to approach the visitors of the website in a targeted manner with ads by placing personalised, interest-based ads when they visit other websites in the Google Display Network.
You have the right to object, for reasons that arise from your extraordinary situation at any time, to this processing of personal data relating to you based on Art. 6 (1) f GDPR.
This website uses these cookies
Provider and purpose: Stores the settings of Cookie Managers.
Storage: 60 years
Provider and purpose: Content Management System (CMS). Helps to prevent the attacks of the so-called Cross-Site Request Forgery- (CSRF-).
Storage: 1 year
Google Analytics (_ga, _gat, _gid, _gat_gtag_UA)
Provider and purpose: For the generation of usage statistics and for the control of several requests. In this way, we learn from which websites, how often, from which countries, with what devices and for how long our website is accessed in order to improve it. Cookies can distinguish individual users from one another by means of a randomly generated ID in order to prevent multiple counts.
Category: Analysis & optimisation
Storage: 1 minute (_gat, _gat_gtag_UA), 1 day (_gid), 1 year (_ga)
Google Adsense (_gcl_au)
Provider and purpose: Google Adsense, for the generation of usage statistics and randomly generated User-ID
Category: Analysis & optimisation
Storage: 80 days
Google Adwords (_gcl_aw)
Provider and purpose: Google Adwords, for the determination and assignment of successes achieved to respective ads.
Category: Analysis & optimisation
Storage: 3 months
Hotjar (_hjid, _hjptid, _hjTLDTest, _hjIncludedInPageviewSample)
Provider and purpose: For the analysis of user behaviour. So that we can learn how much time is spent on which pages, what buttons are clicked, to what extent scrolling is done, screen size of the device, device type and browser information, countries from where our websites are accessed and the preferred language to improve our website.
Category: Analysis & optimisation
Speicherung: Ende der Sitzung (_hjptid, _hjTLDTest), 1 Jahr (_hjid, _hjIncludedInPageviewSample)
Provider and purpose: Facebook, for displaying promotional products (e.g.,Real-Time-Bidding) of third-party advertising agencies.
Storage: 3 months
Eventim Webshop (BIGipServer~ ASP ~shopdomain.de, DWRSESSIONID, JSESSIONID, phoeniX)
Provider and purpose: Eventim, for ensuring Onlineshops function (saving items and total amount, saving of User Sessions, Single Sign-on (SSO) Authentication)
Storage: End of the meeting