Print

Privacy policy in accordance with Art. 13,14 GDPR – Fulfilment of information obligations

Thank you for visiting our website! The protection of your data is our top priority. In this privacy policy, we provide detailed information about how we process your data.

Our privacy policy applies to data processing within CTS Eventim Austria GmbH as well as when using the Eventim websites. The legal basis for this processing is the General Data Protection Regulation (hereinafter referred to as "GDPR") and the Austrian Data Protection Act ("DSG").

1. Data processing in general

   1.1 Controller

   The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

   CTS Eventim Austria GmbH

   Mariahilfer Straße 41-43
   A-1060 Vienna
   Tel: +43 1 589540
   Fax: +43 1 5852323
   Email: office@oeticket.com

   The company has appointed a data protection officer. They can be contacted at datenschutz@oeticket.com.

   1.2 Data processing in accordance with Art. 13 GDPR

   We process data that is provided to us by various individuals, for example when registering a customer account, purchasing tickets, subscribing to newsletters or ticket alerts, writing a fan report, participating in competitions or as part of an application, and generally when concluding contracts.

   1.3 Data processing in accordance with Art. 14 GDPR

   In addition, we process data from persons who have not provided it themselves. This is the case, for example, when managing directors provide us with the names and contact details of their employees in the context of project collaboration or business relationships.

   1.4 Data subjects

   The following data is processed from private customers (ticket purchasers and users with their own Oeticket account): login data (username, password), title, name, address data and email address, date of birth (voluntary disclosure), telephone number, payment data.

   The following data is processed from business customers (companies, groups, schools): company name, name of contact persons, professional address and contact details, bank details and contract data.

   The following data is processed from contractual partners: company, names of contact persons, address data, contact details, contract data, bank details.

   The following data is processed from artists: names, photos and limited data from their biographies.

   We publish the names of people associated with an event (e.g. directors).

   The following data is processed from newsletter recipients: email address

   We process and publish the names of authors upon request. As soon as the use of the works is discontinued, the personal data is automatically deleted.

   1.5 Legal basis – general

   The legal basis for data processing is:

   • Consent (e.g. when processing your email address for advertising purposes) in accordance with Art. 6 para. 1 lit. a GDPR
   • Contract initiation and fulfilment pursuant to Art. 6 para. 1 lit. b GDPR
   • Legal obligations (e.g. statutory retention and documentation obligations, publication obligations under copyright law) pursuant to Art. 6 para. 1 lit. c GDPR
   • Legitimate interests of our company (e.g. use of software) in accordance with Art. 6 para. 1 lit. f GDPR

   We will inform you separately about the legal basis and purpose of the processing for each of the data processing operations described below.

   1.6 Transfer of data

   Your personal data will be transferred for the purpose of fulfilling the contract in accordance with Art. 6 para. 1 lit. b GDPR in order to provide you with our services.

   • Transfer within the group: The personal data we collect will be transferred within the group to both parent companies and subsidiaries if necessary. This is done because various companies provide IT services for us, among other things. The transfer is based on internally concluded contracts.
   • Transfer to clients or joint controllers: If we act on behalf of third parties or process data as a joint controller (e.g. for partner websites, events or web shops), we may make this personal data available to them. The data is transferred on the basis of contracts concluded with our business partners.
   • Transfer to processors: We work with processors and transfer personal data to them in order to provide our services efficiently. These include companies that handle contract fulfilment, payments, account management, newsletter distribution and IT services, for example.
   • Other transfers: We reserve the right to transfer personal data to authorities or lawyers, for example, if this is required by law or necessary in the context of a legal dispute.

   1.7 Storage/deletion of data

   • Contractual retention obligations: We will delete or anonymise your data after the expiry of contractually agreed periods.
   • Withdrawal of consent: If you withdraw your consent to the processing of your personal data, we will delete or anonymise your data unless there is another legal basis for the processing.
   • Statutory retention obligations: In order to comply with statutory retention periods (e.g. on the basis of tax laws or accounting regulations), we are obliged to continue to store personal data for a period specified by law even after the end of the contract or revocation of consent. After these periods have expired, we will delete or anonymise your data.
     The following EU regulations and national laws must be observed by the data controller (list not necessarily complete):
     • Federal Fiscal Code (BAO)
     • Commercial Code (UGB)
     • Trade Regulation Act (GewO)
     • General Civil Code (ABGB)
     • Value Added Tax Act (UStG)
     • Whistleblower Protection Act (HSchG)
     • Data Protection Act (DSG)
     • General Data Protection Regulation (GDPR)

   1.8 Your rights

   You have the following rights vis-à-vis us with regard to your personal data:

   • Right to information, correction and deletion
   • Right to restriction of processing
   • Right to object to processing
   • Right to data portability
   • Right to lodge a complaint with the Austrian Data Protection Authority
     Barichgasse 40 - 42, 1030 Vienna, telephone: +43 1 52 152-0
     Email: dsb@dsb.gv.at

   If you believe that we have violated Austrian or European data protection law in the processing of your data and thereby infringed your rights, please contact us so that we can clarify any questions you may have.

   Please send your enquiries and concerns by email to datenschutz@oeticket.com or contact us using the contact details provided.

2. Contact

   If you contact us by email, telephone, contact form or via social media, we will store the data you provide in order to respond to your enquiry. Once processing has been completed, we will delete the data or restrict its processing in accordance with the applicable statutory retention obligations.

   Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

3. Application management

   General: If you send us your application documents, we will process the personal data contained therein for the purpose of personnel selection and job placement. In the event of rejection, we will delete your documents 7 months after sending you the rejection.

   Legal basis: Art. 6 para. 1 lit. b GDPR (contract initiation and fulfilment)

   If we wish to keep you on file for future contact, we will send you a separate request for your consent. If you give us your explicit consent, we will store your application documents. If no further job opportunities arise within one year, we will delete all your applicant data one year after you have given us your consent.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   Application portal: All applications are processed via our application portal. For detailed information on how we handle your application data, please visit: https://www.oeticket.com/campaign/datenschutzerklaerung-fuer-bewerberinnen-und-bewerber.

   Application platforms: We use various online application platforms to recruit employees for our company. Individuals who are interested in working for our company can apply directly using a form provided by the operator of the application platform. Applicants decide for themselves which data they wish to provide when using such an online portal. You also have the option of uploading application documents. Personal data entered and documents uploaded will be forwarded to us by the operator of the applicant portal. Both the application platform and we process this data as controllers within the meaning of the GDPR. Please note the privacy policies of the respective portal operators.

   Legal basis: Art. 6 para. 1 lit. b (contract initiation and fulfilment)

4. Social media presence

   We operate the following social media pages: X (Twitter), Instagram, TikTok, LinkedIn, Xing and Facebook. When you visit our social media presence, personal data, including the IP address of the respective provider, is processed and cookies are used for data collection. Please refer to the privacy policy of the respective service for details on exactly what information is transmitted. There you will also find information on how to contact us and how to restrict the processing of this data.

   Furthermore, we would like to point out that you use the respective services and their functions at your own risk. This applies in particular to the use of interactive functions (e.g. sharing, commenting or rating).

   The providers of social media services have provided us with corresponding agreements – in most cases, these are agreements on joint responsibility for data processing. The use of social media is based on our legitimate business interest.

   Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

5. Whistleblowing system – online portal

   5.1 Purpose of processing

   We have set up a whistleblowing system (online portal). The whistleblowing system allows you to contact us and report compliance and legal violations without fear of reprisals. Where legally permissible, reports can generally be made without providing personal data. We process personal data, if you provide it to us, in order to review the report made to the reporting office and investigate the alleged compliance and legal violations. In doing so, we may have further questions. We use the communication channels provided by this whistleblowing system for this purpose.

   5.2 Data processing in accordance with Art. 13 GDPR

   We process the data that the whistleblower provides us with in their own statements as part of the report.

   5.3 Data processing in accordance with Art. 14 GDPR

   In addition, we process data of persons named by the whistleblower in the course of reporting violations (e.g. name data or functions of the persons who caused the violation, name data or functions of persons who are also affected by a violation , description of behaviour or actions of the person concerned in connection with the reported misconduct that could contribute to their identification).

   5.4 Personal data, forwarding and legal basis

   In principle, the use of the whistleblower system is possible without providing personal data, to the extent permitted by law. However, personal data may be disclosed voluntarily as part of the whistleblower process, in particular information on identity, first and last name, country of residence, telephone number or email address.

   When using anonymous communication with us, your IP address and current location will not be stored at any time. After submitting a report, the whistleblower will receive access data to the mailbox of the online portal so that they can continue to communicate with us in a protected manner.

   In order to fulfil the purpose stated above, it may also be necessary for us to transfer personal data to external parties such as law firms, criminal or competition authorities, both within and outside the European Union.

   We process personal data, insofar as we have received it, to the extent necessary to fulfil legal obligations within the meaning of whistleblower protection on the basis of Art. 6 para. 1 lit. c GDPR and local data protection laws in conjunction with local whistleblower protection laws.

   5.5 Responsible body

   We use the Whistleblowing Online Portal together with CTS EVENTIM AG & Co. KGaA, Contrescarpe 75a, 28195 Bremen, Germany. In this case, we are joint controllers for the processing of personal data. If we are obliged to fulfil the rights of data subjects, data subjects can contact us or compliance@eventim.de.

   5.6 Duration of storage

   We only store personal data for as long as is necessary to process your report or for as long as we have a legitimate interest in storing your personal data. Data may also be stored beyond this period if this is required by national or European legislation in order to fulfil legal obligations, such as retention obligations.

   Personal data that is not required for processing a report will not be collected or stored by us. It will be deleted immediately if necessary.

   After completion of the investigation, all reports and associated data will be archived for a period of 5 years. After this period, we guarantee the irretrievable deletion or anonymisation of all data. In addition, data will be retained for as long as necessary for any official or legal proceedings that have already been initiated.

   5.7 Your rights

   The rights of data subjects pursuant to Articles 13 to 21 of the GDPR do not apply to persons affected by a report pursuant to Section 8 (9) HSchG if this is necessary to protect the whistleblower or to investigate reports (e.g. right to information, right of access, right to erasure, right to object). For reports outside the scope of the HSchG, the general data protection regulations apply.

6. Data processing in the context of marketing measures

   6.1 Joint controllers

   We, CTS Eventim Austria GmbH and EVENTIM Media House GmbH, Hohe Bleichen 11, 20354 Hamburg, Germany (‘Media House’), are jointly responsible for the processing of your personal data in the context of marketing measures on our websites, third-party websites and in social networks in accordance with Art. 26 GDPR.

   6.2 Categories of personal data

   The following types of personal data are regularly processed under the joint controllership:

   • Hashed email addresses
   • Information from (opt-in) marketing cookies
   • Location data
   • Mobile phone advertising identifiers
   • Data from ticket purchases (e.g. artist, venue, date of purchase)

   6.3 Data subjects

   The following groups of people are affected by the data processing:

   • Customers (ticket purchasers) of EVENTIM
   • Users of EVENTIM websites, apps, social media channels and newsletters

   6.4 Collection of data subjects

   Your personal data is primarily collected by CTS Eventim Austria GmbH as soon as you use our websites or apps, register for our newsletter or carry out a transaction, such as a ticket purchase. CTS Eventim Austria GmbH is responsible for ensuring compliance with all relevant data protection regulations and ensures that only the data required for the respective processing is collected. CTS Eventim Austria GmbH is also the primary point of contact for your rights with regard to the collection of your data.

   6.5 Data transfer to Media House

   If your data is required for marketing measures by Media House, a controlled provision is made by CTS Eventim Austria GmbH to Media House. This transfer only takes place within the framework of the joint responsibility and in compliance with the contract concluded between the jointly responsible parties. CTS Eventim Austria GmbH remains the primary point of contact for your rights in this step as well.

   6.6 Data processing for targeting purposes

   Media House takes the data received and processes it for targeted marketing measures (‘targeting’). This includes adapting and segmenting the data for specific target groups on third-party websites and in social networks in order to display relevant content. Media House is responsible for this step of the processing and is available to answer any questions you may have about this processing and to help you exercise your rights.

   6.7 Evaluation of campaigns

   The evaluation of the campaigns carried out is carried out by Media House, which checks the effectiveness of the marketing measures on the basis of the analysed data. Media House is responsible for ensuring that the evaluation is carried out in compliance with data protection regulations and that the data is used only for the intended purpose. In this step, too, Media House is the primary point of contact for your data subject rights.

   6.8 Legal basis

   The legal basis for the processing of your personal data in the context of marketing measures is your express consent in accordance with Art. 6 (1) point a GDPR. You give this consent by agreeing to the use of marketing and statistical cookies on our websites. The consent allows CTS Eventim Austria GmbH and Media House to process your personal data for marketing purposes, including targeted addressing, segmentation into specific target groups, and analysis and evaluation of marketing campaigns.

   You have the option at any time to revoke your consent via the cookie settings with effect for the future.

   6.9 Duration of storage

   Your personal data will only be stored for as long as necessary for the purposes for which it was collected. In the case of marketing data, the data is generally stored for the duration of your consent. As soon as you revoke your consent via the cookie settings, the data concerned will be deleted or anonymised immediately, provided that this does not conflict with any statutory storage requirements.

   6.10 Your rights

   If we are obliged to fulfil the rights of data subjects (see 1.8), you can contact us as well as Media House.

7. Data processing when using our website

   7.1 Informational use of the website

   When you use the website for informational purposes only, we only collect the personal data that your browser transmits to our server (server log files). When you visit our website, we collect the data that is technically necessary for us to display our website to you and to ensure stability and security:

   • IP address
   • Date and time of the request
   • Time zone difference to Coordinated Universal Time (UTC)
   • Content of the request (specific page)
   • Access status/HTTP status code
   • Website from which the request originates
   • Browser
   • Operating system and its interface
   • Language and version of the browser software

   This data is not merged with personal data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use and to pass the data on to the law enforcement authorities in the event of a hack attack. No further disclosure to third parties will be made.

   Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

   7.2 Cookies

   When you visit our website, cookies are stored on your device. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive. They enable us or third-party providers to collect certain information. Cookies cannot execute programs or transfer viruses to your computer.

   The information contained in the cookies is used, for example, to determine whether you are logged in, what data you have already entered, or to recognise you as a user when a connection between our web server and your browser is established.

   We distinguish between technical cookies, which are used exclusively to ensure the operation of a website, and cookies that require consent, which are set by us or third-party providers for the purposes of statistical analysis, tracking or advertising/marketing.

   CTS Eventim Austria GmbH participates in the IAB Europe Transparency & Consent Framework (TCF) Version 2.2 and complies with its specifications and guidelines. We use a Consent Management Platform (CMP) with the identification number 31 for this purpose. The TCF records the consents you have given in the form of a so-called TC string and passes them on to participating third-party providers (vendors) so that they can take your consent decisions into account.
   Further information on the CMP can be found in section 12 Consent Management of this privacy policy.

   Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest; for technical cookies), Art. 6 para. 1 lit. a GDPR (consent; for all other cookies)

   7.3 Data processing in a third country

   It cannot be ruled out that personal data may be transferred to an unsafe third country (countries outside the EEA without an adequate level of data protection) when you visit our website. If this is the case, we will point this out directly in the description of the external service in this privacy policy.

   The GDPR requires so-called appropriate safeguards in accordance with Art. 46 GDPR for data transfers to an unsafe third country or to an international organisation.

   When processing personal data in a third country or when processing data from US data recipients who are not subject to the provisions of the EU-US Data Privacy Framework, the following risks in particular cannot currently be ruled out for you as the data subject:

   • Your personal data may be passed on by the respective service provider to other third parties beyond the actual purpose of fulfilling the order.
   • You may not be able to assert or enforce your rights to information against the respective service provider in the long term.
   • There may be a higher probability of incorrect data processing, as the technical and organisational measures for the protection of personal data do not fully meet the requirements of the GDPR in terms of quantity and quality.

   By agreeing to the consent banner for the use of external services and the setting of the corresponding cookies, you expressly consent to the possible transfer of your personal data to unsafe third countries.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   7.4 Registration and login in the web shop

   You have the option of registering in our web shop. To do so, we require login details consisting of your email address and a password of your choice, which you can reset at any time if you forget it. The following data must be provided when registering: title, name, address, email address and telephone number. You can voluntarily provide your company name, mobile phone number and date of birth. You can edit the data you have provided at in My OETICKET at any time. We generate a customer number that is also linked to your customer account. You can log in to our web shop at any time using your login details. With your customer account, you can purchase tickets and find out about upcoming events and leisure activities, for example.

   Legal basis: Art. 6 para. 1 lit. b GDPR (contract initiation and fulfilment)

   7.5 Registration and login (Keycloak)

   You can register and create a customer account in our web shop or via our mobile app. This allows you to purchase tickets, save events and artists as favourites, find out about upcoming events, participate in exclusive pre-sales and manage your newsletter settings.

   Registration is carried out via a central authentication system (Keycloak). Authentication is carried out by default using your email address and a password of your choice. The following information is required when registering: title, name, address, email address and telephone number. You can voluntarily provide additional information such as your date of birth, company or mobile number. A customer number is also generated and assigned to your account.

   Instead of a traditional registration, you also have the option of logging in via an existing social media account (e.g. Facebook) (single sign-on). This gives us access to your profile data stored with this provider (public information, first name, last name, email address). The data is transferred on the basis of your consent during the respective login process.

   You can activate a permanent login using the ‘stay logged in’ function. This involves storing a cookie on your device that keeps you logged in on the same device for up to six months. This option is voluntary and requires your express consent. For security-related actions – such as purchasing/downloading tickets or changing contact details – additional authentication by re-entering your password is required.

   You can view and edit your login details and personal information at any time in the ‘My OETICKET’ area.

   Legal basis:

   • Art. 6 para. 1 lit. a GDPR (consent) – for permanent login (‘stay logged in’ function) and the transfer of personal data when logging in via social media providers.
   • Art. 6 para. 1 lit. b GDPR (contract initiation and fulfilment) – creation and use of the customer account.
   • Art. 6 para. 1 lit. f GDPR (legitimate interest) – to safeguard our legitimate interest in secure, user-friendly authentication and efficient management and support of customer accounts.

   7.6 Ticket purchase in the web shop

   When purchasing tickets in our online shop, the following information must be provided: title, name, address, email address, telephone number, and the selected payment method (credit card, PayPal, EPS online transfer, Apple Pay, Google Pay, Tink).

   We do not pass on your data to external payment service providers; instead, it must be entered by the purchaser. The payment service providers process this data as independent controllers.

   When you select the button “Credit card | Click to Pay | Apple Pay | Google Pay”, your email address (and, if applicable, other technical data such as your IP address and browser information) provided during the ordering process is automatically transmitted to VISA when the payment dialog is opened in order to check whether an existing Click to Pay account exists for your details. This also happens if you select another payment method within this option (e.g., Apple Pay, Google Pay, or classic credit card payment) later on. Details can be found in section 7.6.1.

   If you purchase a ticket for a third party, we will process the personal data you provide about the third party for personalization purposes and, if necessary, to send the ticket to them. Please ensure that the third party has been informed about the data processing and that you are authorized to provide their data.

   We store your purchases and all related transactions until the expiry of the statutory retention periods.

   Legal basis:

   • Art. 6 (1) (b) GDPR (contract initiation and fulfillment) for the actual payment process;
   • Art. 6 (1) (f) GDPR (legitimate interest) simplification of the payment process through possible automatic card display

   For selected concerts, we will transfer personal data (name, email address) to the respective organizer based on your express consent. The organizer may then pass this data on to other partners, in particular the artist or their representative, for information and advertising purposes, under their own responsibility.

   Consent is given when purchasing tickets by actively ticking the corresponding option and contains all relevant information on data processing, the recipients, and your rights, including the option to revoke consent at any time with effect for the future.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   7.6.1 VISA Click to Pay

   You have the option of processing your payment using VISA Click to Pay. When you select the “Credit card | Click to Pay | Apple Pay | Google Pay” button, a check is performed to see whether a Click to Pay account exists for the email address you provided during the ordering process (as well as your phone number and technical data such as IP address and browser information, if applicable).

   If you choose to pay using VISA Click to Pay, you enter your payment details directly with VISA. We only receive the information necessary for contract processing from VISA (e.g., name, email address, billing and, if applicable, delivery address, and confirmation of payment). VISA processes this data on its own responsibility as an independent controller.

   Further information can be found in VISA's privacy policy at https://www.visaeurope.at/legal/visa-globale-datenschutzmitteilung.html.

   Legal basis: Art. 6 para. 1 lit. b GDPR (contract initiation and fulfillment)

   7.6.2 PayPal Express

   You have the option of processing your payment via PayPal Express. In this case, you enter your payment details directly with PayPal. We only receive the information necessary for contract processing from PayPal (name, email address, billing address and, if applicable, delivery address, as well as confirmation of payment). PayPal processes this data on its own responsibility as an independent controller.

   Further information can be found in PayPal's privacy policy at https://www.paypal.com/at/legalhub/paypal/privacy-full.

   Legal basis: Art. 6 (1) (b) GDPR (contract initiation and fulfillment)

   7.7 Shopping cart abandonment email

   If you have started an order process in our web shop but have not completed it, we will send you a reminder email to the email address stored in your customer account. For this purpose, we process your data in order to identify uncompleted shopping carts. The following data is processed: email address, first name and surname.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   7.8 Coupons and special offers (Sovendus)

   After completing an order in our online shop, you may be shown coupons and special offers that are currently of interest to you, provided by Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe (“Sovendus”).

   In order for the offers to be provided, the following data will be transmitted to Sovendus after you have given your consent:

   • For voucher offers, we transmit a pseudonymized hash value of your email address, your IP address, and pseudonymized order data (order number, order value with currency, session ID, coupon code, timestamp).
   • If you actively select a voucher offer, we transmit your title, name, postal code, country, and email address to Sovendus in encrypted form to enable the voucher to be provided.
   • For special offers, we transmit your title, year of birth, country, postal code, pseudonymized hash value of your email address, and your IP address.
   • If you actively select a special offer, we will transmit your encrypted name, address data, email address, and/or telephone number to Sovendus, as necessary, so that the respective special offer can be redeemed with the product provider.

   Further information on data processing by Sovendus can be found here: https://online.sovendus.com/at/online-datenschutzhinweise/#

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   7.9 News & information subscription on all channels

   You have the option of subscribing to receive personalised information and offers via various channels.

   For this purpose, we process your email address and telephone number as well as, if available, information from your customer account (e.g. previous purchases, interests).

   To ensure that the registration actually comes from you, we use the double opt-in procedure. After registering, you will receive a confirmation email with a link. Only when you click on this confirmation link will your registration be activated and your data added to the distribution list. This ensures that no one can use your data without your consent and that you have expressly agreed to receive the information.

   If you have consented to receiving personalised information via various channels, we also use third-party services such as Meta, Google, TikTok or similar platforms to display advertising. To do this, we may use your email address or other characteristics (e.g. previous purchases, interests) to create target groups (custom audiences) and display content that matches your interests. Advertising via these platforms only takes place if you have additionally consented to the use of the relevant third-party services via our cookie banner. You can find more details in the sections on the external services used.

   You can unsubscribe from receiving news and information on all channels at any time via the unsubscribe link in our messages or by sending an email to newsletterabmeldung@oeticket.com.

   If you have a customer account, you can alternatively log in to ‘My OETICKET’ with your user name to view and change your newsletter settings.

   After you unsubscribe, we will no longer use your data to send you personalised information. If there is no business relationship between us and no legal retention obligations apply, your data will be deleted three weeks after you unsubscribe.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   7.10 Newsletter subscription

   You have the option of subscribing to various newsletters (category newsletter, B2B newsletter, offer mailings, info mailings). We process your email address for the purpose of sending these newsletters.

   To ensure that the registration comes from you, we use the so-called double opt-in procedure. After registering, you will receive a confirmation email with a link. Only when you click on this confirmation link will your registration be activated and your address added to the mailing list. In this way, we ensure that no one uses your email address without your consent and that you have expressly agreed to receive the newsletter.

   You can unsubscribe from the selected newsletter at any time by clicking on the unsubscribe link at the end of each newsletter or by sending an email to newsletterabmeldung@oeticket.com. If you have a customer account, you can alternatively log in with your username at "My OETICKET" to view and change your delivery settings. Here, too, you can unsubscribe from all newsletters at any time.

   After you unsubscribe, we will no longer use your data to send you newsletters. If there is no business relationship between us and no legal retention obligations apply, your data will be deleted three weeks after you unsubscribe.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   7.11 Registration for ticket alerts

   You have the option of subscribing to our ticket alert for artists of your choice. For this purpose, we process your email address.

   To ensure that the registration comes from you, we use the double opt-in procedure. After registering, you will receive a confirmation email with a link. Only when you click on this confirmation link will your registration be activated and your address added to the mailing list. In this way, we ensure that no one uses your email address unintentionally and that your consent to receive the ticket alert is expressly given.

   You can unsubscribe from the ticket alert at any time by clicking on the unsubscribe link in the respective email. If you have a customer account, you can log in to My OETICKET with your username and view and change all your settings. Here you can unsubscribe from the ticket alert at any time. Once you have unsubscribed, we will no longer use your data to send you ticket alerts. If we have no business relationship with you and are not subject to any legal retention obligations, your data will be deleted after you unsubscribe from the ticket alert.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   7.12 Registration for ticket alerst & news

   You have the option of registering for our ticket alerts and for personalised information and offers (news). The ticket alert informs you about artists you have selected individually. The news includes information about events, promotions, products and partner offers. For this purpose, we process your email address and telephone number as well as, if available, information from your customer account (e.g. previous purchases, interests).

   To ensure that the registration actually comes from you, we use the double opt-in procedure. After registering, you will receive a confirmation email with a link. Only when you click on this confirmation link will your registration be activated and your data added to the distribution list. In this way, we ensure that no one uses your data unintentionally and that we have your express consent to send you the ticket alert and news.

   If you have consented to receiving the ticket alert and news, we also use third-party services such as Meta, Google, TikTok or similar platforms to display advertising. To do this, we may use your email address or other characteristics (e.g. previous purchases, interests) to create target groups and display content that matches your interests. Advertising via these platforms will only take place if you have additionally consented to the use of the relevant third-party services via our cookie banner. You can find more details in the sections on the external services used.

   You can unsubscribe from the ticket alert and news at any time using the unsubscribe link in the respective emails or by sending an email to newsletterabmeldung@oeticket.com.

   If you have a customer account, you can alternatively log in with your user name at ‘My OETICKET’ to view and change your settings. Here you can also unsubscribe from the ticket alert and/or news at any time.

   Once you have unsubscribed, we will no longer use your data to send you ticket alerts or news. If we have no business relationship with you and there are no legal storage obligations, your data will be deleted three weeks after you unsubscribe.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   7.13 Participation in competitions

   We occasionally organise competitions that are open to everyone. In order to participate in these competitions, we require certain information from you: first and last name, address and email address. This data will be used exclusively for the purpose of the competition. If we have no business relationship with you and are not subject to any legal storage obligations, the data collected will be deleted or anonymised after the competition has ended and the prizes have been sent out.

   Legal basis: Art. 6 para. 1 lit. b GDPR (contract initiation and fulfilment)

   7.14 Fan reports

   You have the option of submitting a review of a venue or event you have attended on our website. We provide a special form for this purpose. In addition to your review, you must also provide your email address to complete the fan report. This is necessary to verify the fan report and prevent misuse. Your email address will not be published and will be used exclusively for internal purposes.

   Your anonymous review will be published on our website after review to provide useful information to other users. Your reviews help us to continuously improve the quality of our events and venues.

   We use the services of Bazaarvoice Inc, 10901 Stonelake Blvd, Austin, TX, USA, to collect fan reviews and display them on our website. Bazaarvoice enables us to collect, moderate and display reviews and reports from our users.

   For more information, please refer to the privacy policy of Bazaarvoice Inc. at https://www.bazaarvoice.com/de/legal/datenschutzrichtlinie/.

   Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

   7.15 Ticket purchase and sale via fanSALE

   Through our ticket exchange fanSALE (accessible at https://www.fansale.at/fansale/), you as a private individual can offer and purchase tickets and related services from OETICKET. When reselling tickets via OETICKET, we collect and process ticket and account data. Your OETICKET account is used for use on fanSALE.

   For further information, please refer to the fanSale privacy policy at: https://www.fansale.at/?help=dataProtection

   Legal basis: Art. 6 para. 1 lit. b GDPR (contract initiation and fulfilment)

   7.16 Favourites management/personalised content

   Our website allows you to express your interests by "liking" various categories such as artists, venues, main categories (e.g. concerts, culture, etc.) and locations. We use these favourites to show you content that may be of interest to you.

   When you visit our website or use our app, we collect data such as your IP address with your consent. We combine this data with information that you provide to us during the purchase process or when you register for our newsletter. In this way, we create pseudonymised user profiles and target group segments that help us to show or send you more personalised and interesting content on our websites, in the app, in the newsletter and in other communication channels (such as online advertising on third-party sites).

   We process information about your visit history and search behaviour on our website and in the app, order and shopping cart data, personal settings such as favourites and ticket alerts, and geolocation information. We also process browser and device information and pseudonymised IDs such as cookie IDs, mobile ad identifiers and hash values from email addresses and customer numbers.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

8. Data processing for Google services

   We use services provided by Google Ireland Limited ("Google"), a company registered and operating under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, on our website.

   Further information can be found in Google's privacy policy at https://policies.google.com/privacy?hl=de.

   Additional information on data processing in connection with Google measurement and advertising products (e.g. Google Analytics or Google Tag Manager) is provided by Google at the following link: https://business.safety.google/

   The integration of Google leads to the reloading of additional Google services on our website, such as Google DoubleClick, Google APIs, Google Video, Google Photos, Google Static and Google Fonts.

   8.1 Google Hosted Libraries

   We use the Google Hosted Libraries Content Delivery Network (CDN) on our website.

   The CDN service allows web content such as JavaScript libraries to be delivered quickly and securely. Proxy servers store the files locally, thereby improving access speed during download. Using the Google Hosted Libraries CDN helps us to optimise the loading speed of our website.

   The CDN service processes the IP address of visitors to our website. According to Google, the IP address is only used to deliver and secure the files and is not merged with other Google services.

   For more information on terms of use and data protection, please visit https://developers.google.com/speed/libraries/terms?hl=de

   Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

   8.2 Google AdSense

   Our website uses Google AdSense, a service for integrating advertising. Google AdSense enables us to generate revenue by placing advertisements on our website. The advertisements are automatically selected by Google based on the content of our website and the interests of visitors.

   When you use Google AdSense, various data is collected, including cookies, web beacons and usage data. Web beacons are invisible graphics that also collect information about how you use our website. Usage data includes information about the web pages you visit, the ads you click on, your IP address, your browser type and your language settings.

   The collected data is used to measure the effectiveness of advertisements, optimise ad content and compile reports on website activity. This information may also be combined with other data that Google has collected about you.

   You can prevent these cookies from being stored on your PC by adjusting your Internet browser settings accordingly. However, this may mean that you will no longer be able to use the content of this website to the same extent. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   8.3 Google Ads Conversion Tracking (including Enhanced Conversions)

   This website uses Google Ads Conversion Tracking. Conversion tracking allows us to track whether users perform certain actions on our website after clicking on a Google ad, such as submitting a form or completing an order. The information collected in this way is used exclusively to measure and evaluate the effectiveness of our Google advertising campaigns. We use cookies or similar technologies as part of Google Ads Conversion Tracking. The information collected in this way does not allow us to directly identify individual users. In addition, we use the Enhanced Conversions feature as part of Google Ads conversion tracking. This involves the processing of certain personal data that you yourself provide in the course of a conversion process, for example in a form or during an order process. Depending on the specific information entered, this data may include your email address, telephone number, name, or address details.

   This data is encrypted using a cryptographic hash function (SHA 256) before being transmitted to Google and is not transmitted to Google in plain text. Google uses this hashed data exclusively to improve the measurement accuracy and attribution of conversions, especially in cases where cookies or other online identifiers are limited in availability. The data is not used for independent profiling or for personalized advertising outside of this purpose.

   Processing within the scope of Google Ads conversion tracking, including enhanced conversions, is carried out exclusively after your prior consent via our consent banner.

   For more information about data processing by Google, please visit https://policies.google.com/privacy?hl=de

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   8.4 Google Ads Customer Match

   We also use the Google Customer Match feature as part of Google Ads. This involves us transferring certain information, such as your email address, to Google in order to display personalised advertising to you in Google Search, YouTube, your Gmail inbox and the Google Display Network.

   Google compares the information provided with its own user accounts in order to display suitable ads for existing or similar target groups (so-called custom audiences). The data transmitted is encrypted by Google and is not stored permanently.

   Customer Match is only used if you have previously consented to the processing of your personal data for marketing purposes by Google via our cookie banner.

   Further information about Google Customer Match can be found at: https://support.google.com/google-ads/answer/6379332?hl=en

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   8.5 Google Analytics

   We use Google Analytics on our website, a tool that helps us understand how our website is used. With Google Analytics, we can see how many people visit our site and how long they stay.

   This website uses the "IP anonymisation" function (i.e. Google Analytics has been extended by the code "gat._anonymizeIp();" to ensure anonymous collection of IP addresses (so-called IP masking)). This means that your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there.

   Google uses the information collected to analyse your use of the website, to compile reports on website activity and to provide other services relating to website activity.

   Your IP address transmitted by your browser to Google Analytics will not be merged with other data from Google. However, Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google.

   You can prevent cookies from being stored on your computer by selecting the appropriate settings in your browser. However, please note that in this case you may not be able to use all the functions of our website to their full extent.

   Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html or at https://support.google.com/analytics/answer/6004245?hl=en.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   8.6 Google Signals

   Google Signals may be used on our website as an extension to Google Analytics to create cross-device reports. If you have enabled the "personalised ads" feature and your devices are linked to your Google account, Google may analyse your usage behaviour across devices and create database models, including cross-device conversions, subject to your consent to the use of Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR. We do not receive any personal data from Google, only statistics.

   If you wish to stop cross-device analysis, you can disable the "Personalised advertising" feature in your Google account settings. To do this, please follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en.

   Further information about Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=en.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   8.7 Google Doubleclick

   The website uses the online marketing tool DoubleClick. The Google advertising network and certain Google services may be used to support AdWords customers and publishers in placing and managing ads on the web. DoubleClick uses cookies to serve ads relevant to users, improve campaign performance reports, or prevent a user from seeing the same ads multiple times. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed multiple times. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser's website with the same browser and makes a purchase there. According to Google, DoubleClick cookies do not contain any personal information. Due to the marketing tools used, your browser automatically establishes a direct connection to Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: Through the integration of DoubleClick, Google receives information that you have accessed the corresponding part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   8.8 Google

   We use Google Maps on this website. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. When you visit the website, Google receives information that you have accessed the corresponding subpage of our website. In addition, the data already mentioned under "Informative use of the website" is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and/or the needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy.

   The integration of Google Maps leads to the reloading of other Google services on our website, such as Google Static, Google APIs and Google Fonts.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   8.9 Google Photos

   For a user-friendly experience, we use the cloud-based storage service Google Photos. When you access images on our website, your browser establishes a connection to Google's servers. For this purpose, your IP address is transmitted to Google. In order to display the images correctly, the necessary pages are loaded into your browser cache.

   You can find more detailed information here: https://www.google.com/photos/

   You can find the privacy policy and terms of use here: https://policies.google.com/

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   8.10 Google reCAPTCHA

   We use the Google service reCAPTCHA to determine whether a human or a computer is making a particular entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the device used, the website you visit on our site and on which the Captcha is integrated, the date and duration of the visit, the recognition data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCAPTCHA fields, and tasks in which you must identify images.

   Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

   More detailed information is available here: https://cloud.google.com/security/products/recaptcha

   8.11 Google Tag Manager

   We use Google Tag Manager to recognise your user behaviour. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The tool itself processes the following personal data: IP address of the user. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. Google Tag Manager can set cookies, at least in the administrator's preview and debug mode, but also outside of this mode. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

   For more detailed information, please visit: https://www.google.com/intl/de/tagmanager/faq.html.

   Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

9. Data processing when using LinkedIn

   Our website uses functions of the social media network LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Dublin.

   Each time you visit one of our web pages that contains LinkedIn functions, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the LinkedIn buttons and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by LinkedIn.

   Further information can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   9.1 LinkedIn Insight Tag/Analytics

   The LinkedIn Insight Tag enables the collection of data about visits to our website, including URL, referrer URL, IP address, device and browser characteristics, timestamps and page views. This data is encrypted, anonymised within seven days and the anonymised data is deleted within 90 days. LinkedIn does not share any personal data with us, but only provides aggregated reports on the website audience and ad performance.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

   9.2 LinkedIn Ads

   Our website uses the LinkedIn Ads retargeting service for website visitors so that we can use this data to display targeted advertising outside our website without identifying the member.

   LinkedIn members can control the use of their personal data for advertising purposes in their account settings. Non-members can manage LinkedIn Ads on the following website: https://www.linkedin.com/help/linkedin/answer/a1342443.

   Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

10. Awin Partner Programme

    We use the affiliate marketing platform of the service provider AWIN AG, Otto-Ostrowski-Straße 1A, 10249 Berlin, Germany. This platform enables us to work with publishers. Publishers promote us and our products by placing advertisements on their websites or incorporating deep links.

    In this programme, our ticket offers are placed on the websites of our cooperation partners. If you click on one of these affiliate deep links or one of our advertisements, you will be redirected to the oeticket.com subpage or to a URL determined by oeticket, where you can purchase tickets for the event linked to the deep link or where specific purchase information for this event is presented. If you then carry out a specific transaction, our cooperation partners will receive a commission for this.

    In order to calculate this remuneration , it is necessary for Awin to be able to track which advertisement you used to access the respective offer and to carry out the predefined transaction. Certain user data is required to reconstruct this path. Awin uses cookies for this purpose. A limited user profile is created for you (anonymised, without name and identity recognition) to document the path from the click on the advertisement to the purchase of the product. Similar recognition technologies are also used: tracking domain cookies (store when and which advertising material was clicked on), journey tags (JavaScript code on the website for transaction data) and device fingerprinting (identification of the device).

    Further information on how Awin processes your data can be found at: https://www.awin.com/at/datenschutzerklarung.

    Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

11. Akamai

    We use the services of the provider Akamai Technologies GmbH, Parkring 20-22, 85748 Garching, Germany, to identify and defend against threats (bot defence, DDoS attacks) and to increase the loading speed of our website. Akamai processes the IP address of your device. Akamai uses this information to prevent technical threats to our website and to ensure high availability of our website.

    Further information can be found in Akamai's privacy policy at https://www.akamai.com/legal.

    Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

12. Consent management

    In order to obtain consent for the use of cookies and services requiring consent on our website in accordance with data protection regulations, we use the tool provided by the consent manager provider consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website www.consentmanager.de.

    The consent tool collects, logs and stores the settings of the website visitor. In order to ensure that the selected settings can be clearly assigned to the respective website visitor, certain user information (including the IP address) is collected, transmitted and stored by the consent tool.

    For further information, please refer to the privacy policy of consentmanager AB: https://www.consentmanager.de/datenschutz/

    Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

13. Meta Pixel

    Our website uses the so-called meta pixel, provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to analyse and optimise advertisements on our online offering.

    Meta Ireland can use pixels to identify website visitors as a target group for displaying advertisements (known as Meta Ads). Accordingly, we use them to display the ads we place on Meta platforms (Facebook and Instagram) only to those Meta Ireland users who have also shown an interest in our online offering or who have certain characteristics (e.g. interest in certain artists or events, which are determined based on the websites visited) that we transmit to Meta Ireland (so-called "custom audiences"). This is to ensure that our ads are relevant to the user's interests and are not annoying. With the help of pixels, we can also track the effectiveness of Meta ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Meta ad (so-called "conversion").

    Your actions are stored in one or more cookies. These cookies enable Meta Ireland to match your user data (such as your IP address and user ID) with the data in your Meta account. The data collected is anonymous to us and cannot be viewed by us and is only used for advertising purposes. If you wish to prevent the link to your Meta account, you can log out before taking any action.

    For more information, please refer to the data policy of Facebook/Meta Ireland at https://de-de.facebook.com/policy.php.

    Specific information about Facebook pixels can be found at https://de-de.facebook.com/business/help/651294705016616.

    Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

14. Microsoft Advertising (formerly Bing Ads)

    We use Microsoft Advertising on our website, a service provided by Microsoft Ireland Operations Limited ("Microsoft"), a company registered and operating under Irish law with its registered office at One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

    Microsoft Advertising (formerly Bing Ads) enables us to place targeted ads in Bing search results and other Microsoft websites to reach potential customers. Microsoft Advertising uses various technologies, including cookies and web beacons, to collect data about user behaviour and measure the effectiveness of advertising campaigns.

    When using Microsoft Advertising, personal data such as IP addresses, browser information, search queries, device types and click behaviour may be collected and processed. This data is used to deliver personalised ads to users who may be interested in our products or services. Microsoft Advertising does not allow us to collect directly identifiable information such as user names or addresses.

    For further information, please refer to Microsoft's privacy policy at https://privacy.microsoft.com/de-de/privacystatement.

    Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

15. Fastly CDN

    We use the Content Delivery Network ("CDN") of the service provider Fastly Inc., 475 Brannan St. #300, San Francisco, CA 94107, USA ("Fastly") on our website. A Content Delivery Network is an online service that is used to deliver large media files (e.g. graphics, page content or scripts) via a network of regionally distributed servers connected via the Internet. Using Fastly's Content Delivery Network helps us to optimise the loading speed of our website.

    For more information, please refer to Fastly's privacy policy at https://www.fastly.com/de/privacy/.

    Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

16. Jotform

    We use Jotform, a service provided by Jotform Ltd. 6 Albert Mews, Albert Road, London, United Kingdom, N4 3RD, to collect and process personal data on our website via forms. Jotform is an online form generator that allows us to create and manage forms for collecting data. Through the use of Jotform, personal data such as name, email address, telephone number and other information may be collected.

    Further information on data processing by Jotform can be found in Jotform's privacy policy: https://www.jotform.com/privacy/.

    Legal basis: Art. 6 para. 1 lit. A GDPR (consent)

17. iTunes Link Maker

    We use the iTunes Link Maker service provided by Apple Inc., 1, Cupertino, CA, 95014, USA (hereinafter "Apple") on our website. With the help of iTunes Link Maker, we can link audio samples to iTunes. This allows you to get a feel for events and artists by listening to excerpts from selected music tracks.

    A JavaScript code from Apple is embedded on our website for the use of Apple Link Maker. If you have JavaScript enabled in your browser and have not installed a JavaScript blocker, your browser may transmit personal data to iTunes Link Maker. The integration of Apple leads to the reloading of Apple Music APIs.

    By using this service, personal data is transferred to the USA or such transfer cannot be ruled out! For more information, please refer to the "7.3 " section of this statement.

    Further information on data use by Apple can be found here: https://www.apple.com/legal/privacy/de-ww/.

    Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

18. Loqate

    We use the Loqate service provided by GBG Plc, The Foundation, Herons Way, Chester Business Park, Chester, CH4 9GB, United Kingdom, to verify and standardize address data. Loqate is a service for validating and completing address data that enables addresses entered during input to be checked and, where necessary, corrected or completed.

    If you select the postal delivery of tickets, the address data you enter will be transmitted to Loqate for verification and completion, processed there and compared with reference databases. This allows incorrect or incomplete address information to be identified, completed and converted into a standardized format. This serves to prevent input errors and to ensure the correct delivery of the tickets ordered.

    Further information on data processing by Loqate can be found in Loqate's privacy policy: https://www.loqate.com/de/privacy/

    Legal basis: Art. 6 para. 1 lit. b GDPR (contract initiation and fulfilment)

19. Mixpanel

    We use the Mixpanel analysis service provided by Mixpanel Inc. (San Francisco, CA 94107, USA) on our website. Mixpanel enables us to analyse user behaviour on our website in order to continuously improve our services. For this purpose, cookies are used to analyse how visitors use the website.

    Further information on data use by Mixpanel can be found in Mixpanel's privacy policy: https://mixpanel.com/legal/privacy-policy.

    Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

20. New Relic

    We have integrated the website analysis service New Relic, provided by New Relic Inc., 188 Spear Street, Suite 1200, San Francisco, CA 94105, USA, into our website. This enables us to improve the performance of our website by recording and evaluating the loading speed of the website.

    When using this service, cookies are set which result in a connection being established between the website user's browser and New Relic's servers when our website is accessed. This enables New Relic to recognise that a website user has accessed the website. In this context, personal data such as the IP address is transmitted to New Relic.

    For more information, please refer to New Relic's privacy policy at https://newrelic.com/termsandconditions/services-notices.

    Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

21. Optimizely Web Experimentation (A/B testing)

    On our website, we use “Optimizely Web Experimentation,” an A/B testing tool from Optimizely North America Inc., 119 Fifth Avenue, 7th Floor, New York, NY 10003, USA.

    Optimizely enables us to display different versions of website content and functions (A/B testing, multivariate testing) and evaluate them statistically in order to continuously improve user-friendliness and our online offering.
    For this purpose, if you give us your consent, cookies containing a pseudonymous identifier are used to enable assignment to a test variant. Information about the use of our website (e.g., page views, click behavior, technical device data) may be processed in the process. This does not result in the direct identification of your person.

    Further information on data processing by Optimizely can be found at: https://www.optimizely.com/legal/privacy-notice/

    Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

22. Sentry

    Our website uses the error management tool "Sentry" from Sentry Inc., 132 Hawthorne St., San Francisco, USA. The Sentry service enables analysis of program errors and the stability of web, mobile and server applications. The event and metadata stored by Sentry are deleted after 90 days by default.

    Further information can be found in Sentry's privacy policy: https://sentry.io/privacy/.

    Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

23. Sleeknote

    We use Sleeknote, a tool from Sleeknote ApS, Søren Frichs Vej 42B, 8230 Åbyhøj, Denmark. Sleeknote enables us to display pop-ups on our website to highlight additional options or marketing campaigns and improve the user experience.

    In addition to the technically necessary cookies (_sn_n and SNS), analysis and marketing cookies (_sn_a and _sn_m) are also set with your consent. These collect information about the use of pop-ups and visitor behavior and are used for statistical analysis and optimization of our pop-ups as well as for improving our marketing measures. Data such as interactions with the pop-ups, browser used, device type, or language settings may be processed. Individual users are not identified; the evaluation serves exclusively to improve our offerings and target our communications.

    Further information can be found in Sleeknote's privacy policy at https://www.sleeknote.com/privacy-policy.

    Legal basis: Art. 6 (1) (a) GDPR (consent)

24. Stay 22

    We cooperate with the affiliate network of the service provider Stay 22, Technologies Inc., 917 Mont-Royal Ave E. Montreal QC H2J 1X3, Canada, and use a hotel map plugin from this provider on our website. If you follow the affiliate links contained in the hotel map and subsequently take advantage of the offers, we may receive an affiliate commission from Stay22. In order to track whether you have taken advantage of the offers, it is necessary for the third-party provider to know that you have followed an affiliate link used on our website. We use cookies or similar recognition technologies for this purpose.

    For more information, please refer to Stay 22's privacy policy at https://www.stay22.com/privacy.

    The integration of Stay22 leads to the reloading of Stadia Maps, a service provided by Stadia Maps, Ltd. Co., 6650 Rivers Ave, Charleston, South Carolina 29406, USA, on our website. In order to use the functions of Stay 22 via Stadia Maps, it is necessary to collect your IP address.

    By using this service, personal data is transferred to the USA or such transfer cannot be ruled out! For more information, please refer to section 7.3 of this statement.

    For more information, please refer to the English privacy policy of Stadia Maps https://stadiamaps.com/privacy/.

    Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

25. TikTok Pixel

    We use TikTok Pixel, provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, to analyse the behaviour of visitors to our website and to optimise our advertising campaigns on TikTok. TikTok Pixel collects data about ads that users have clicked on or actions taken on the website. This data includes the time of the actions, the IP address to determine the geographical location, information about the user's device and browser, and cookies to measure, optimise and target advertising campaigns. Both first-party and third-party cookies are used for this purpose. In addition, page metadata, structured microdata, page performance data and clicks on buttons are collected.

    The data collected by TikTok Pixel helps us measure and improve the effectiveness of our TikTok advertising campaigns. This information enables us to create custom audiences for personalised marketing measures and optimise ad delivery on TikTok. This allows us to ensure that our ads are shown to the most relevant audiences, which increases the likelihood of conversions.

    As part of our TikTok advertising campaigns, we also use TikTok's Custom Audiences feature. In doing so, we transfer certain information, such as your email address, to TikTok Technology Limited. TikTok matches the information provided with existing TikTok user accounts in order to display relevant ads to existing or similar target groups (so-called ‘Custom Audiences’). The data transmitted is processed in encrypted form and is not stored permanently.

    TikTok Custom Audiences is only used if you have previously consented to the processing of your personal data for marketing purposes by TikTok via our cookie banner.

    The use of this service cannot exclude the transfer of personal data to China! – For more information, please refer to section 7.3 of this declaration.

    By consenting to the processing of (advertising and marketing) cookies, you expressly agree to the possible transfer of data to a third country. You can delete cookies stored on your PC at any time by deleting the temporary Internet files.

    For further information, please refer to the data policy of TikTok Ireland at https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE.

    Specific information about TikTok pixels can be found at https://ads.tiktok.com/help/article/using-cookies-with-tiktok-pixel.

    Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

26. Vimeo

    We use plugins from the provider Vimeo on our website. Vimeo is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011.

    When you visit a website that has such a plugin, a connection to the Vimeo servers is established and the plugin is displayed. The Vimeo server is then informed which website you have visited. This information is assigned to your personal user account if you are logged in as a member of Vimeo. By clicking on the plugin, e.g. the play button at the beginning of a video, this information is also assigned to the respective user account. If you do not agree to this assignment, you can prevent it. To do so, please log out of your account before visiting our website and delete the corresponding cookies.

    Further information on data processing and information on data protection by Vimeo can be found at https://vimeo.com/privacy.

    Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

27. YouTube

    We have integrated YouTube videos into our website, which are stored on http://www.YouTube.com. YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube uses cookies to collect data and analyse statistics. YouTube is informed which pages you visit. If you are logged in to YouTube, your data will be assigned directly to your account. YouTube uses your data for advertising and market research purposes.

    The integration of YouTube leads to the reloading of Google services on our website, such as Google Doubleclick, Google APIs, Google Video, Google Photos, Google Static, Google Fonts and YouTubeAPIs (YouTube images).

    Further information on data protection at YouTube can be found in the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy/

    Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

28. acceleraid (ADTELLIGENCE)

    To provide and optimize the search and filter function on our Easter campaign landing page, we use a tool from ADTELLIGENCE GmbH, Elisabethstraße 1, 68165 Mannheim, Germany. The service makes it possible to display content dynamically and improve user-friendliness. Certain interactions (e.g. the use of search or filter options) and technical information (e.g. device type, browser, date of visit) are evaluated pseudonymously. The IP address of website visitors is stored in abbreviated form (the last two blocks are removed). In addition, page views in the checkout process are analyzed in order to better understand the use of the campaign page. No changes are made to the content of the pages and no personal data (such as name or address) is processed. The processing takes place exclusively for the technical provision and optimization of the user interface. There is no processing for advertising or tracking purposes.

    Further information can be found in the privacy policy of ADTELLIGENCE GmbH at: https://www.acceleraid.ai/datenschutz-mit-der-adtelligence-software

29. Changes to this privacy policy

    We reserve the right to make changes to our privacy policy from time to time. All changes to the privacy policy will be published by us on this page. Please note the current version of our privacy policy.

Version: 06.03.2026