PRIVACY POLICY
Welcome to the website of Highlight-Concerts GmbH. We appreciate your interest in our company and our website. The protection of your personal data during your visit to our website, as well as fair and transparent data processing, is important to us. This privacy policy provides the information you need to review and exercise your data protection rights. We inform you about how we process your personal data in compliance with applicable data protection laws (in particular the GDPR and the German Federal Data Protection Act).
This privacy policy does not apply to websites of other companies that contain a link to this website or to which we link.
DATA PROTECTION AT A GLANCE
General Information
The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data by which you can be personally identified. Detailed information on data protection can be found in our privacy policy below.
Data Collection on Our Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the imprint of this website.
How do we collect your data?
Your data is collected when you provide it to us, for example via a contact form.
Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter our website.
What do we use your data for?
Some data is collected to ensure the website is provided without errors. Other data may be used to analyze user behavior.
What rights do you have regarding your data?
You have the right at any time to obtain free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request correction, restriction, or deletion of this data. For this and other questions on data protection, you may contact us at any time using the address provided in the imprint. You also have the right to lodge a complaint with the competent supervisory authority.
You also have the right, under certain circumstances, to request restriction of the processing of your personal data. Details can be found in this privacy policy under “Right to Restriction of Processing.”
Analytics Tools and Third-Party Tools
When you visit our website, your browsing behavior may be statistically evaluated. This is mainly done using cookies and analytics programs. Analysis of your browsing behavior is usually anonymous and cannot be traced back to you.
You can object to this analysis or prevent it by not using certain tools. Detailed information about these tools and your objection options can be found in this privacy policy.
1. GENERAL INFORMATION AND MANDATORY DISCLOSURES
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data by which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
Please note that data transmission on the internet (e.g., communication by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.
Note on the responsible party
The party responsible for data processing on this website is:
Highlight-Concerts GmbH
Holstenbruecke 8-10
24103 Kiel
Phone: 0421/239522-0
Email: info@highlight-concerts.com
Withdrawal of your consent to data processing
You have the right to access, rectification, erasure, restriction of processing, objection to processing, and data portability. If processing is based on your consent, you have the right to withdraw this consent with future effect at any time.
Rights regarding processing based on legitimate interest
Under Art. 21(1) GDPR, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(e) GDPR (processing in the public interest) or Art. 6(1)(f) GDPR (processing for legitimate interests). This also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or processing serves the establishment, exercise, or defense of legal claims.
Rights regarding direct marketing
If we process your personal data for direct marketing, you have the right under Art. 21(2) GDPR to object at any time to the processing of personal data concerning you for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will no longer be used for these purposes.
Right to lodge a complaint with the competent supervisory authority
You have the right to lodge a complaint with a competent data protection supervisory authority regarding our processing of your personal data.
Right to data portability
You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract in a common, machine-readable format, either for yourself or for a third party. If you request direct transfer to another controller, this will only be done where technically feasible.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the browser address line changing from “http://” to “https://” and by the lock icon in your browser bar.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Information, restriction, deletion, and correction
Within the framework of applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of data processing, and, if applicable, a right to correction, restriction, or deletion of this data. For this and other questions regarding personal data, you may contact us at any time at the address provided in the imprint.
Right to restriction of processing
You have the right to request restriction of the processing of your personal data. You can contact us at any time at the address provided in the imprint. The right to restriction of processing exists in the following cases:
If you contest the accuracy of your personal data stored by us, we usually need time to verify this. During the verification period, you have the right to request restriction of processing of your personal data.
If the processing of your personal data was/is unlawful, you may request restriction of data processing instead of deletion.
If we no longer need your personal data, but you need it for the exercise, defense, or assertion of legal claims, you have the right to request restriction of processing instead of deletion.
If you have lodged an objection pursuant to Art. 21(1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request restriction of processing of your personal data.
If you have restricted the processing of your personal data, such data may only be processed – apart from storage – with your consent, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.
Objection to promotional emails
We hereby object to the use of contact data published as part of legal imprint obligations for sending unsolicited advertising and information materials. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.
2. DATA COLLECTION ON OUR WEBSITE
Cookies
Some of our web pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective, and secure. Cookies are small text files stored on your computer and saved by your browser.
Most cookies we use are “session cookies.” They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser on your next visit.
We also use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would need to log in again for each visit. This website uses persistent cookies, whose scope and operation are explained below: these cookies are automatically deleted after a specified duration, which may vary depending on the cookie. You can delete cookies at any time in your browser’s security settings.
You can configure your browser so that you are informed about cookie settings, allow cookies only in individual cases, exclude acceptance of cookies for specific cases or generally, and activate automatic deletion of cookies when closing the browser. Deactivating cookies may limit the functionality of this website.
Cookies required for carrying out electronic communication processes or for providing certain functions you request (e.g., shopping cart function) are stored on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in storing cookies for technically error-free and optimized provision of services. If other cookies (e.g., cookies for analyzing your browsing behavior) are stored, these are treated separately in this privacy policy.
Server Log Files
The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources. Collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in technically error-free presentation and optimization of the website – for this purpose, server log files must be collected.
Contact Form
If you send us inquiries via contact form, your details from the inquiry form, including contact data provided there, will be stored by us for processing the inquiry and in case of follow-up questions. We do not pass this data on without your consent.
Processing of data entered in the contact form is therefore based exclusively on your consent (Art. 6(1)(a) GDPR). You may revoke this consent at any time. An informal email to us is sufficient. The lawfulness of data processing carried out before revocation remains unaffected.
The data you enter in the contact form remains with us until you request deletion, revoke your consent to storage, or the purpose for storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions – especially retention periods – remain unaffected.
Inquiries by Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for handling your request. We do not pass this data on without your consent.
This data is processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract or required to carry out pre-contractual measures. In all other cases, processing is based on your consent (Art. 6(1)(a) GDPR) and/or our legitimate interests (Art. 6(1)(f) GDPR), as we have a legitimate interest in effective handling of inquiries addressed to us.
The data sent by you via contact inquiries remains with us until you request deletion, revoke your consent to storage, or the purpose for storage no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions – especially statutory retention periods – remain unaffected.
Participation in Contests
If you participate in contests, we collect data required to carry out the contest. This is generally an individual contest contribution (e.g., a comment or a photo), as well as name and contact details. If necessary, we pass your data to contest partners, for example to deliver prizes. Data processing and transfer may vary by contest and are therefore described in the respective terms of participation. Participation and associated data collection are voluntary (legal basis: Art. 6(1)(a) GDPR).
3. ANALYTICS TOOLS AND ADVERTISING
For the purposes of analyzing and optimizing our website, we use various services described below. For example, we can analyze how many users visit our site, which information is most in demand, and how users find the offer. We collect, among other things, data on which website users came from (referrer), which subpages were accessed, and how often and for how long a subpage was viewed. This helps us make our services more user-friendly and improve them. The data collected is not used to personally identify individual users. Anonymous or at most pseudonymous data is collected. Legal basis is Art. 6(1)(f) GDPR. We regard optimization of our website as a legitimate interest. Your fundamental rights and freedoms do not override this interest, as we comprehensively inform you in this privacy policy and you always have the option to opt out (via link here or browser settings). In addition, we only use pseudonymous tracking.
Google Analytics
This website uses functions of the web analytics service Google Analytics. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses “cookies.” These are text files stored on your computer that allow analysis of your use of the website. Information generated by the cookie about your use of this website is generally transmitted to and stored on a Google server in the USA.
Storage of Google Analytics cookies and use of this analytics tool are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both the website and advertising.
IP Anonymization
We have activated IP anonymization on this website. As a result, your IP address is truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet use to the website operator. The IP address transmitted by your browser within Google Analytics is not merged with other Google data.
Browser Plugin
You can prevent cookies from being stored by adjusting your browser software settings; however, please note that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your website use (including your IP address) by Google, and the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Objection to Data Collection
You can prevent Google Analytics from collecting your data by clicking the following link. An opt-out cookie will be set that prevents collection of your data on future visits to this website: Disable Google Analytics.
More information on how user data is handled in Google Analytics can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Data Processing Agreement
We have entered into a data processing agreement with Google and fully implement the strict requirements of German data protection authorities when using Google Analytics.
Demographic Data in Google Analytics
This website uses the “demographics” feature of Google Analytics. This allows reports to be created containing statements about the age, gender, and interests of site visitors. This data comes from Google’s interest-based advertising and third-party visitor data. This data cannot be assigned to a specific person. You can disable this feature at any time via the ad settings in your Google account or generally prohibit collection of your data by Google Analytics as described under “Objection to Data Collection.”
Storage Duration
Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g., User ID), or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. Details are available at: https://support.google.com/analytics/answer/7667196?hl=de
Google Analytics Remarketing
Our website uses Google Analytics Remarketing features in connection with the cross-device features of Google AdWords. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
This function allows advertising target groups created with Google Analytics Remarketing to be linked with the cross-device features of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that were adapted to you on one device based on your previous usage and browsing behavior (e.g., mobile phone) can also be displayed on another of your devices (e.g., tablet or PC).
If you have given corresponding consent, Google links your web and app browser history with your Google account for this purpose. This way, the same personalized advertising messages can be displayed on every device on which you sign in with your Google account.
To support this function, Google Analytics collects Google-authenticated user IDs, which are temporarily linked with our Google Analytics data in order to define and create target groups for cross-device advertising.
You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising; follow this link: https://www.google.com/settings/ads/onweb/.
The aggregation of collected data in your Google account is carried out exclusively on the basis of your consent, which you can give or withdraw with Google (Art. 6(1)(a) GDPR). For data collection processes that are not merged into your Google account (e.g., because you do not have a Google account or have objected to the merge), data collection is based on Art. 6(1)(f) GDPR. The legitimate interest arises from the website operator’s interest in anonymized analysis of website visitors for advertising purposes.
Further information and the privacy provisions can be found in Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=de.
Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files stored by the internet browser on the user’s computer. These cookies expire after 30 days and are not used for personal identification of users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.
Each Google AdWords customer receives a different cookie. Cookies cannot be tracked across AdWords customer websites. The information obtained using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information with which users can be personally identified. If you do not want to participate in tracking, you can object by easily deactivating the Google conversion tracking cookie in your browser settings. You will then not be included in conversion tracking statistics.
The storage of “conversion cookies” and use of this tracking tool are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both website and advertising.
More information on Google AdWords and Google Conversion Tracking can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
You can configure your browser so that you are informed about cookie settings, allow cookies only in individual cases, exclude acceptance of cookies for specific cases or generally, and activate automatic deletion of cookies when closing the browser. Deactivating cookies may limit the functionality of this website.
Facebook Pixel
Our website uses Facebook’s visitor action pixel for conversion measurement, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
This makes it possible to track the behavior of site visitors after they were redirected to the provider’s website by clicking on a Facebook ad. This allows evaluation of Facebook ad effectiveness for statistical and market research purposes and optimization of future advertising measures.
The collected data is anonymous to us as operator of this website; we cannot draw conclusions about user identity. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Policy. This allows Facebook to display ads on Facebook pages and outside Facebook. This use of data cannot be influenced by us as site operator.
Use of Facebook Pixel is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in effective advertising measures including social media.
You can find further information on protecting your privacy in Facebook’s privacy notices: https://de-de.facebook.com/about/privacy/.
You can also deactivate the “Custom Audiences” remarketing function in ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook.
If you do not have a Facebook account, you can deactivate usage-based Facebook advertising on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
5. NEWSLETTER
You can subscribe to our newsletter to receive information about current offers, exclusive presales, and news. Promotional information is sent to your email address as part of our newsletter only if you have consented to the use of your email address. You can of course revoke consent to receive newsletters at any time by clicking the unsubscribe link in the newsletter or by notifying us of your wish to unsubscribe via redaktion@highlight-concerts.com. We use the double opt-in process for newsletter registration. This means that after registration, we send an email to the specified address asking you to confirm that you want to receive the newsletter.
Newsletter Data
If you wish to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
Processing of data entered in the newsletter registration form is based exclusively on your consent (Art. 6(1)(a) GDPR). You can revoke consent to storage of data, the email address, and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The lawfulness of data processing operations already carried out remains unaffected by revocation.
The data stored with us for newsletter subscription is stored until you unsubscribe and is deleted after newsletter cancellation. Data stored by us for other purposes remains unaffected.
rapidmail
This website uses rapidmail for sending newsletters. Provider is
rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany.
rapidmail is a service that can be used to organize and analyze newsletter distribution. The data you enter for newsletter subscription is stored on rapidmail servers in Germany.
If you do not want analysis by rapidmail, you must unsubscribe from the newsletter. We provide a corresponding link in every newsletter message. Alternatively, you can unsubscribe by sending an email to redaktion@highlight-concerts.com.
Data analysis by rapidmail
With rapidmail, we can analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were clicked if applicable. This lets us determine, among other things, which links were clicked particularly often.
Detailed information on rapidmail functions can be found at: https://www.rapidmail.de/newsletter-funktionen.
Legal basis
Data processing is based on your consent (Art. 6(1)(a) GDPR). You may revoke this consent at any time. The lawfulness of data processing operations already carried out remains unaffected by revocation.
Storage duration
The data you provide for newsletter subscription is stored by us until you unsubscribe and then deleted from both our servers and rapidmail servers after cancellation. Data stored by us for other purposes remains unaffected.
For details, please refer to rapidmail’s privacy policy at: https://www.rapidmail.de/datenschutz.
6. PLUGINS AND TOOLS
YouTube with Enhanced Privacy
Our website uses plugins from YouTube. The operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in enhanced privacy mode. According to YouTube, this mode means YouTube does not store information about visitors to this website before they watch the video. However, data transfer to YouTube partners is not necessarily excluded by enhanced privacy mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.
As soon as you start a YouTube video on our website, a connection to YouTube servers is established. The YouTube server is informed which of our pages you visited. If you are logged into your YouTube account, you allow YouTube to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, after starting a video, YouTube may store various cookies on your device. With these cookies, YouTube can obtain information about visitors to our website. This information is used, among other things, to record video statistics, improve user-friendliness, and prevent fraud attempts. The cookies remain on your device until you delete them.
Additional data processing operations may be triggered after starting a YouTube video, over which we have no control.
The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.
Vimeo
Our website uses plugins from the Vimeo video portal. Provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
If you visit one of our pages equipped with a Vimeo plugin, a connection to Vimeo servers is established. The Vimeo server is informed which of our pages you visited. Vimeo also obtains your IP address. This also applies if you are not logged into Vimeo or do not have a Vimeo account. Information collected by Vimeo is transmitted to Vimeo servers in the USA.
If you are logged into your Vimeo account, you allow Vimeo to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.
The use of Vimeo is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
Further information on handling user data can be found in Vimeo’s privacy policy at: https://vimeo.com/privacy.
Google Web Fonts
This site uses web fonts provided by Google for uniform display of fonts. When you open a page, your browser loads the required web fonts into your browser cache to correctly display texts and fonts.
For this purpose, the browser you use must connect to Google’s servers. This gives Google knowledge that our website was accessed via your IP address. Use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
If your browser does not support web fonts, a standard font from your computer is used.
More information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Adobe Fonts
Our website uses Adobe web fonts for uniform display of certain fonts. Provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
When you open our pages, your browser loads the required fonts directly from Adobe so they can be correctly displayed on your device. In doing so, your browser connects to Adobe servers in the USA. As a result, Adobe becomes aware that our website was accessed via your IP address. According to Adobe, no cookies are stored when fonts are provided.
Adobe is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the United States of America and the European Union intended to ensure compliance with European data protection standards. More information is available at: https://www.adobe.com/de/privacy/eudatatransfers.html.
The use of Adobe Fonts is necessary to ensure a uniform typeface on our website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
More information on Adobe Fonts can be found at: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.
Adobe’s privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html
Google Maps
This site uses the Google Maps service via an API. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use Google Maps functions, it is necessary to store your IP address. This information is generally transmitted to and stored on a Google server in the USA. The provider of this site has no influence on this data transfer.
Use of Google Maps is in the interest of an appealing presentation of our online offers and easy location of places specified on our website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
More information on handling user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is used to check whether data entry on our websites (e.g., in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes website visitor behavior based on various characteristics. This analysis starts automatically as soon as the visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent on the website, or mouse movements made by the user). The data captured during analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
Data processing is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from spam.
Further information on Google reCAPTCHA and Google’s privacy policy can be found at: https://policies.google.com/privacy?hl=de and https://www.google.com/recaptcha/intro/android.html.
7. OUR SOCIAL MEDIA PRESENCES
Data Processing by Social Networks
We maintain publicly accessible profiles on social networks. The social networks we use in detail are listed below.
Social networks such as Facebook, Instagram, YouTube, etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal may assign this visit to your user account. Under certain circumstances, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, operators of social media portals can create user profiles in which your preferences and interests are stored. This allows interest-based advertising to be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising may be displayed on all devices on which you are or were logged in.
Depending on the provider, additional processing operations may be carried out by social media portal operators. Details can be found in the terms of use and privacy policies of the respective social media portals.
Legal basis
Our social media presences are intended to ensure the broadest possible presence on the internet. This is a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Analysis processes initiated by social networks may be based on different legal grounds that must be specified by social network operators (e.g., consent under Art. 6(1)(a) GDPR).
Controller and exercise of rights
If you visit one of our social media presences (e.g., Facebook), we are jointly responsible with the operator of the social media platform for data processing operations triggered during this visit. You can generally assert your rights (access, rectification, deletion, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social media portal (e.g., Facebook).
Despite joint responsibility with social media portal operators, we do not have full influence over social media portal data processing operations. Our options are primarily determined by the provider’s corporate policy.
Storage duration
Data directly collected by us via the social media presence is deleted from our systems as soon as the purpose for storage no longer applies, you request deletion, revoke your consent to storage, or the purpose for storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
We have no influence on the storage duration of your data that is stored by social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).
Social Networks in Detail
We have a profile on Facebook. Provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield.
We have concluded a joint processing agreement (Controller Addendum) with Facebook. This agreement defines which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your ad settings independently in your user account. Click the following link and log in: https://www.facebook.com/settings?tab=ads.
Details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
We have a profile on Instagram. Provider is Instagram Inc., 1601 Willow Road, Menlo Park, California, 94025, USA. Details on how they handle your personal data can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875.
YouTube
We have a profile on YouTube. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
8. EXTERNAL SERVICE PROVIDERS
For Highlight-Concerts to process your data according to the purposes described above, it may be necessary for other recipients to also view and process your data.
External Service Providers (Processors)
Your data is shared with service partners if they act on our behalf and support Highlight-Concerts in providing services. For example, if you subscribe to our newsletter, we have commissioned a service provider to send mailings. Processing of your personal data by commissioned service providers is carried out as part of processing pursuant to Art. 28 GDPR.
Other Service Providers, Partners, and Third Parties
Highlight-Concerts may cooperate with additional partners if necessary to fulfill our services or if we are legally obliged to disclose data. This may include the following partners or third parties:
Credit institutions and payment service providers
Transport, travel, and hotel companies
Disclosure to public authorities or by court order
Business partners
Suppliers and service providers
April 2021
Highlight Concerts GmbH