Print The purpose of this information on data protection is to inform you on the processing of your personal data when visiting and using the ticket shop of Ticket Online Sales & Service Center GmbH (hereinafter "TOSS", "we" or "us") and in reference to our marketing measures on our own websites as well the websites of third parties and on social networks in accordance with the General Data Protection Regulation (hereinafter "GDPR").

1 Scope, controller and definitions

1.1 Scope of this data protection information

1. This information on data protection applies to the visit and use of the TOSS websites on which a customer account can be created and tickets can be purchased in our online ticket shops, including online ticket shops that can be accessed via websites of Partners (so-called "Partnershops"). This information also applies to our related marketing activities on our websites, third-party websites and in social networks. You can access, save and print this information on data protection at any time and free of charge on our websites.

2. This information on data protection only concerns the processing of personal data within the meaning of Section 1.1.1. Other websites are not covered by this privacy information and provide their own specific information on data protection.

1.2 Controller for the processing of your personal data

Unless otherwise stated in this data protection declaration, the following is the controller for the processing of your personal data:

Ticket Online Sales & Service Center GmbH
Kundenservice, 19367 Parchim
Germany
Email: kundenservice-stage@ticketonline.de
Tel: +49 (0) 1805 257104 (0,14 €/call incl. VAT)

1.3 Definitions

This information on data protection is based on the following terms on data protection, which we have defined for easier understanding:

1. The GDPR is the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).

2. Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. Authorities, however, which within the framework of a specific inquiry mandate may receive personal data under Union law or the law of the Member States shall not be considered recipients; the processing of such data by these said authorities is carried out in accordance with the applicable directives on data protection in accordance with the purposes of the processing. Depending on the method of payment selected for ticket purchases, the recipients of your personal data may be banks or the postal service providers via whom we send you your ticket by post.

3. In accordance with Section 15 of the German Stock Corporation Act (AktG), the EVENTIM Group comprises all of Ticket Online Sales & Service Center GmbH's affiliated companies. Further information is available at

https://corporate.eventim.de/en/company/

4. Personal data are all information relating to an identified or identifiable natural person, i.e. the data subject. An identifiable natural person is one who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data can, for example, be name, contact data, user behaviour or bank data.

5. The Controller is the natural or legal person, public authority, agency or other body which alone or jointly with others decides on the purposes and means of processing personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his appointment may be laid down in accordance with Union law or the law of the Member States. For the data processing described in this privacy policy, Ticket Online Sales & Service Center GmbH is responsible; partly together with the operator of a partner-site (see section 1.2).

6. Processing is any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organising, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transfer, disseminating or otherwise making available, aligning or combining, restricting, erasing or destroying. Processing can be, for example, the collection and use of your order data for ticket sales.

2 Purposes, legal bases and, if applicable, data categories for processing your personal data

2.1 Processing of your data when you visit our websites as well as part of marketing measures on third-party websites and in social networks

If you access our websites to obtain information about our products and services without registering in the customer account, purchasing a ticket in our ticket shop or otherwise actively providing us with information (purely informational use), we process your personal data. In addition, we process your personal data as part of marketing measures on third-party websites and social networks. Your personal data is processed for the following purposes and on the basis of the following legal bases:

2.1.1 Processing for IT security purposes

1. When using our websites, we process your personal data that is technically necessary for us to make our websites available to you and to ensure stability and security when visiting them. For this purpose, we process the following personal data:

IP address
Browser Fingerprints
Browser User Agents
Cookies (see Cookie information Websites)

2. Due to our legitimate interest in providing you with the websites and safeguarding IT security for you when using them, we process your personal data on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

2.1.2 Processing for analytical purposes

1. When you visit our websites, we may possibly analyse and document how you use our websites, e.g. number of website visitors, your surfing behaviour on our websites, which events and areas on our website you are interested in, origin of website visitors and, if you purchase a ticket from us, your order and shopping cart data. For this purpose, we process the following personal data:

IP address (shortened)
Cookies (see Cookie information Websites)

2. We process your personal data on the basis of your consent as defined in Art. 6 Para. 1 Sentence 1 lit. a) GDPR. If you would like to object to the data processing for analytical purposes, please click on the following link: Cookie Settings

3. For this analysis, we use Google Analytics, a web analysis service of Google LLC ("Google"). Google Analytics uses cookies that enable an analysis of the use of our websites. The information generated by the cookie about the use of our websites is in general transferred to a Google server in the US and stored there. However, if IP anonymisation is activated on our websites, Google will reduce the IP address of the website visitor within member states of the European Union or in other signatory states to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there. On behalf of TOSS, Google will use this information to evaluate the use of the websites, to compile reports on the website activities and to provide TOSS with further services associated with the use of the website and the Internet.
The IP address transferred by the user's browser within the scope of Google Analytics is not merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of these websites.
Our websites use Google Analytics with the extension "_anonymizelp()". As a result, IP addresses are processed further in abbreviated form; direct personal reference can thus be ruled out.

Further information on terms of use and data protection can be found at:

https://www.google.de/intl/de/policies/terms/regional.html
https://policies.google.com/privacy?hl=en&gl=de
Explanation of Google's use of third party data: https://policies.google.com/technologies/partner-sites

In connection with the use of Google Analytics, your personal data is transferred to the US. This data transfer is based on EU standard contract clauses. This ensures an adequate protection of your personal data.

2.1.3 Use of cookies

1. When using our websites, cookies are stored on your computer. Cookies are small text files that are assigned and stored on your hard disk by the browser you use. Cookies allow certain information to flow to the controller that sets the cookie. These also contain personal data. This allows us to make our websites more user-friendly and effective. Cookies cannot run programs or transmit viruses to your computer.

2. For the use of cookies on the websites of our ticket shop, the Cookie Information websites of TOSS (see Cookie information Websites) apply.

3. If you give your consent that we may store certain or all cookies on your computer, a corresponding consent ID is generated and stored. The processing is carried out on the basis of Art. 6 para. 1 p. 1 lit. c) GDPR.

2.2 Registration and creation of a customer account

1. When you visit our websites, you can create a customer account. You can use this to purchase tickets, find out about events and leisure activities and receive information about events of your favourite artists via our ticket alert. You can participate in exclusive advance sales, subscribe to newsletters and take advantage of many other benefits relating to your ticket purchase. The registration and use of the customer account requires personal data. Mandatory fields are marked accordingly in the input mask.

2. Due to our legitimate interest, we process your personal data to enable you to create and use your customer account, as well as to enable the sale of tickets, and to inform you about our products and services. Processing is carried out on the basis of Art. 6 Para. 1 Sentence 1 lit. b) and lit. f) GDPR.

2.3 Registration for the customer account with Facebook login

1. To make it easier for you to create a customer account and log in later, we offer you the option of registering with your Facebook login data. For this, you need a Facebook account. In this respect, the terms of use and data protection of Facebook, Inc. apply.

2. If you click on the button "Log in with Facebook" during registration, a new window opens with input fields for your Facebook login data. By entering your data, you consent to us receiving access to your public Facebook profile. Your data is returned according to the privacy settings you have selected on Facebook.

3. After successful authentication via your Facebook login data, your Facebook profile and our customer account are linked to each other and you can use our customer account without having to register separately on our websites.

4. When you register with your Facebook login data in our online customer portal, we process your first and last name and your e-mail address. The use of your Facebook login data by us for your registration is voluntary. We process your personal data on the basis of your consent as defined in Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

5. For more information about your registration with your Facebook login details, please see the Terms of Use and information on data protection of Facebook, Inc:

https://facebook.com/legal/terms/update
https://www.facebook.com/privacy/explanation

2.4 Ticket purchases in the online ticket shop, in our reservation offices and via the ticket hotline.

1. We process your personal data when you buy a ticket on our websites in the ticket shop, in our reservation offices or via our ticket hotlines and provide personal data. The processing is carried out for the purpose of contract execution and processing with you on the basis of Art. 6 Para. 1 Sentence 1 lit. b) GDPR.

2. If you purchase a ticket for another person (third party), we process the third party´s personal data (name and, if applicable, contact data) provided by you for ticket personalisation and, if applicable, for sending the ticket to the third party. These data are processed for the purpose of contract execution and processing with you on the basis of Art. 6 Para. 1 Sentence 1 lit. b) GDPR. If you provide data of a third party when purchasing a ticket, make sure that the third party is sufficiently informed by you about the processing of his/her data at TOSS and that you are entitled to provide the data.

3. When you purchase a ticket through our websites and choose either "purchase on account" or "hire purchase" payment methods, Klarna or BillPay use tools to identify potential fraud. A corresponding check only takes place if you give your consent (opt-in). If the check is negative, the payment methods "purchase on account" or "hire purchase" are rejected. However, all other payment methods listed in the ticket shop are still available to you. When using the tools, it is possible to draw conclusions about your person. We process your personal data on the basis of your consent as defined in Art. 6 Para. 1 Sentence 1 lit. a) GDPR and due to the fact of our legitimate interest and Klarna's resp. BillPay´s legitimate interest in fraud prevention on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

4. When issuing personalised tickets, we may also process special categories of personal data, such as your health data, if you provide such information when purchasing a ticket and agree that we may process this data. This includes, for example, the information that you are a wheelchair user, have an allergy or intolerance to food or a severe disability. We process this data to provide you with special price categories, special access to an event and special seats during the event. Your data is processed on the basis of your consent as defined in Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

5. In certain cases, you will be asked to provide personal data (contact details) – and if applicable, data of other people with whom you will be attending an event – as part of your order, so that this data can be passed on to health authorities at a later date for the purpose of tracing chains of infection in connection with Covid-19 ("visitor data collection"). Without the provision of this data, it is generally not possible to attend the event in question. The processing of this data is carried out for the purpose of implementing and processing the contract with you on the basis of Art. 6 Paragraph 1 S. 1 lit. b) GDPR. If you provide the data of a third party when purchasing a ticket, please ensure that the third party has been sufficiently informed by you about the processing of its data and that you are entitled to provide the data.

2.5 Credit assessment and profiling

1. If the customer selects the SEPA direct debit payment method, TOSS reserves the right to obtain credit information from SCHUFA within the scope of this contractual relationship.

2. Credit risk is assessed on the basis of mathematical-statistical procedures at the credit agency (SCHUFA Holding AG, Kormoranweg 5, D-65201 Wiesbaden, Germany), so-called scoring. For this purpose, your personal data, which are necessary for the credit assessment (name, address, birthday) are transferred to the credit agency. We process your personal data for the purpose of credit assessment to avoid payment default. On the basis of the transferred personal data, including address data, a statistical probability of a credit default and thus your solvency is calculated. The credit agency then transfers your score value to us. Furthermore, TOSS reserves the right to transmit data on non-contractual behaviour or fraudulent behaviour to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden in the event of continued non-payment of claims that are not substantiated and disputed. The data exchange with SCHUFA also serves the fulfilment of legal obligations to carry out creditworthiness checks of customers (§§ 505a and 506 BGB). The SCHUFA processes the data received and also uses them for the purpose of creating a profile (scoring) in order to provide its contractual partners in the European Economic Area and in Switzerland as well as any other third countries (insofar as the European Commission has issued a decision on the appropriateness of such data) with information for the purpose of assessing the creditworthiness of natural persons, among other things. This personal data is processed for the execution of your contract with us on the basis of Art. 6 Para. 1 Sentence 1 lit. b) GDPR as well as due to our legitimate interest in avoiding a default of payment on your part, according to Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

3. If you choose the payment method installment purchase and invoice purchase, Klarna Bank AB resp. BillPay GmbH reserve the right to obtain creditworthiness information within the scope of this contractual relationship. For further information please refer to the General Terms and the Privacy Policy of Klarna Bank AB (publ) resp. the General Terms and Conditions of BillPay GmbH as well as the Privacy Policy of BillPay GmbH (information according to Art. 14 GDPR).

4. The decision as to whether payment by direct debit, hire purchase and/or invoice purchase is possible is based on an automated decision. If your customer and order data are similar to the data of an order with payment problems, one of our employees will check your order process separately and manually.

5. If the credit check is positive, payment by direct debit, hire purchase and/or purchase on account is possible; if it is negative, we cannot offer you the payment method "direct debit", "hire purchase" and/or "purchase on account". Payment by another payment method is still possible.

6. The scope of the scoring is limited to whether payment by direct debit, hire purchase and/or purchase on account is possible. We use the scoring exclusively to prepare and execute the contract with you and to protect ourselves against possible payment defaults.

7. Further information on the activities of the SCHUFA can be found in the SCHUFA Information Sheet pursuant to Art. 14 GDPR or can be viewed online at https://www.schufa.de/en/data-privacy/

2.6 Information emails

1. If you have purchased a ticket from us (Section 2.4), we may send you information emails in order to inform you, for example, about the directions, parking spaces and specifications of the promoter (such as bag size). For this purpose, we process your personal data for the purpose of contract execution on the basis of Art. 6 Para. 1 Sentence 1 lit. b) GDPR.

2. After the purchase of a ticket we will send you individual newsletters about similar events, services, special offers and birthday emails. We process your personal data due to our legitimate interest in informing you about changes to our products and services, promoting our products and services and carrying out marketing measures, according to Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

3. When you subscribe to our newsletter, we analyze and document whether you open the newsletter and how you use it. We process your personal data due to our legitimate interest in designing our newsletters according to your needs and improving the reach of our marketing measures according to Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

2.7 Customer Service

1. If you have any questions about events, your ticket purchase, your customer account or other TOSS products and services, if you wish to exercise your rights under this information on data protection or if you wish to make a complaint, you can contact us (see contact details under Section 1.2).

2. Depending on the subject of your request, we may use your personal data stored in our systems in the course of other data processing (e.g. data that you have provided when purchasing tickets) to answer your questions. If and to the extent necessary to answer your inquiry, we also collect data from external sources (e.g. inquiry with the shipping service provider in the context of a shipment tracking or a request for investigation).

3. Your personal data are processed for the purpose of executing the contract with you on the basis of Art. 6 Para. 1 Sentence 1 lit. b) GDPR. If you exercise your rights towards us, we process your personal data for the purpose of fulfilling a legal obligation on the basis of Art. 6 Para. 1 Sentence 1 lit. c) GDPR. If you wish to inform yourself about our products and services or to make a complaint, we process personal data due to our legitimate interests responding to your complaint on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

4. If you send us health data within the scope of your inquiry (e.g. information that you have a severe disability), we process this personal data only and insofar as this is necessary to answer your request and you have given us your express consent for this as defined in Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

2.8 Reversed transactions on tickets

1. If necessary, it comes to a reversed transaction of your order. Your personal data will be processed on the basis of Art. 6 Para. 1 Sentence 1 lit. b) GDPR.

2. If you have not purchased your ticket from us yourself, but received it as a gift from the buyer, for example, and now send in the ticket due to the cancellation or relocation of the event, we process the data that you as a different sender provide us with informally or via the form on our website. We process your personal data for the purpose of returning your ticket and making a refund on the basis of Art. 6 Para. 1 Sentence 1 lit. b) GDPR.

3. If you have provided special personal data as defined in Section 2.4.4 on yourself or a third party when purchasing a ticket, we process this data for the purpose of reversing the ticket transaction on the basis of your consent as defined in Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

2.9 Dunning, collection and enforcement and defence of legal claims

1. In the case of outstanding receivables to us, we notify you by e-mail, SMS, post or telephone and, if necessary, send you a reminder. If and to the extent that no payment is made by you as a result, a collection procedure is initiated. If and to the extent that no payment is made by you as a result, a collection procedure is initiated.

2. The collection procedure is carried out by a collection service provider commissioned by us. As far as this is necessary for the execution of the collection procedure, the collection service provider carries out address investigations and accesses public registers for this purpose.

3. We process your personal data for the purpose of executing and processing the contract with you on the basis of Art. 6 Para. 1 Sentence 1 lit. b) GDPR and due to our legitimate interests in preventing misuse of our services and enforcing our legal claims, including collection, on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

4. In the context of a legal dispute with you, we process your personal data to enforce and/or defend our rights. If and insofar as this is necessary for executing the legal dispute, we also make use of data from other sources (e.g. public registers). We process your personal data on the basis of a legal obligation on the basis of Art. 6 Para. 1 Sentence 1 lit. c) GDPR and due to our legitimate interest in representing, enforcing and / or defending our legal interests, on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

2.10 Other processing

2.10.1 Performance of internal audits and compliance

1. If we implement compliance programs and measures, for example to implement the requirements of the German Corporate Governance Code (DCGK) and to identify and correct misconduct, corresponding processing of your data may also occur. Additionally, your personal data can be processed within the Eventim Group in Germany and abroad in connection of internal audits.

2. We process your personal data to comply with our statutory obligations, on the basis of Art. 6 Para. 1 Sentence 1 lit. c) GDPR. In addition, due to our legitimate interests in reviewing the processes and efficiency in the group of companies, correcting any misconduct and preventing fraud and, if necessary, in enforcing and/or defending our rights, we process your personal data on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

2.10.2 Preparation of analyses

On the basis of your data, which we process as defined in Section 2 of this information on data protection, we may prepare analyses. These serve as the basis for business decisions to improve our products and services and adapt them to the needs of our customers. Due to our legitimate interest in improving our offer, we process your personal data on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR. The analyses created on this basis no longer contain any personal references, meaning it is no longer possible to draw any conclusions about your person.

3 Storage and erasure of your personal data

1. We store your personal data for as long and as far as it is necessary for the purposes for which they are processed (Section 2).

2. As soon as the data is no longer required for the purposes stated in Section 2, we store your personal data for the period in which you can assert claims against us or we against you (statutory limitation period usually of three years, beginning at the end of the year in which the claim arises; e.g. at the end of the ticket transaction).

3. In addition, we store your personal data for as long as and insofar as we are legally obliged to do so. Corresponding proof and storage obligations result, inter alia, from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act (e.g. Section 257 HGB; Section 147 AO). The retention period is up to ten years.

4 Categories of recipients of personal data

1. When providing, implementing and managing our products and services, we collaboratively transfer your personal data to companies within the EVENTIM Group as part of an work-sharing process. The transfer is based on our legitimate interest in carrying out internal administrative activities efficiently and collaboratively as well as in improving our products and services on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

2. In addition to this, your personal data is transferred to IT service providers who provide the platforms, databases and tools for our products and services (e.g. our website, the sale of tickets, sending of newsletters and information e-mails), create analyses of user behaviour on our websites, display marketing campaigns and process your personal data on our behalf as part of ticket purchases. The transfer of your personal data takes place for the purpose of contract execution with you on the basis of Art. 6 Para. 1 Sentence 1 lit. b) GDPR, due to our legitimate interest in improving and promoting our products, on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR and provided that you have given us your consent within the meaning of Art. 6 Para. 1 Sentence 1 lit. a) GDPR for the processing of your personal data.

3. When you purchase a ticket on our websites, we offer you various payment options. For the processing of the payment and, if necessary, a refund of the purchase price, we transfer your personal data to banks, payment service providers, financial service providers and credit card companies, depending on the selected payment method. We transfer your personal data for the processing of your ticket purchase and, if necessary, the reverse transaction on the basis of Art. 6 Para. 1 Sentence 1 lit. b) GDPR. In addition, we may also transfer your personal data to credit agencies to check your creditworthiness (see Section 2.7). The transfer is made to execute the contract with you on the basis of Art. 6 Para. 1 Sentence 1 lit. b) GDPR and due to our legitimate interest in avoiding payment defaults on your part, according to Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

4. If you select "PayPal" as payment option when purchasing tickets, we transfer your personal data. Your personal data is transferred based on your selected payment method and in order to process the payment with you. In doing so, your personal data is transferred to the US. In the case of the US, the EU Commission has not decided that an adequate level of data protection within the meaning of the GDPR exists; there is no such adequacy decision (Art. 45 GDPR). However, we transfer your data for the purpose of contract execution with you on the basis of Art. 6 Para. 1 Sentence 1 lit. b) in conjunction with Art. 49 Para. 1 Sentence 1 lit. b) and c) GDPR.

5. If we send you your ticket by postal services, we transfer your personal data to shipping service providers. The transfer takes place for the purpose of contract execution with you on the basis of Art. 6 Para. 1 Sentence 1 lit. b) GDPR.

6. If you fail to meet your payment obligations, we initiate a collection procedure (Section 2.17). For the execution of the collection procedure, we transfer your personal data to collection service providers who carry out the procedure for us. We process your personal data for the purpose of executing and processing the contract with you on the basis of Art. 6 Para. 1 Sentence 1 lit. b) GDPR and due to our legitimate interests in enforcing our legal claims, including collection, on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

7. In the context of legal disputes, we transfer your data to the competent court and, if you have appointed a lawyer, to him/her to carry out the legal dispute. We process your personal data on the basis of a legal obligation on the basis of Art. 6 Para. 1 Sentence 1 lit. c) GDPR and due to our legitimate interest in representing, enforcing and / or defending our legal interests, on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

8. We are entitled to transfer your personal data to the Event Organizer if there is a suspicion that you have violated the Organizer's general terms and conditions, so that the organizer can take legal action or assert other legal claims against you. The processing of your personal data is carried out for the purpose of implementing and executing the contract on the basis of Art. 6 Paragraph 1 S. 1 lit. b) GDPR as well as on the basis of the legitimate interests of the respective organiser for the purpose of legal prosecution on the basis of Art. 6 Paragraph 1 S. 1 lit. f) GDPR.

9. Guest lists are created for some events and sent to the organiser to check your eligibility to participate in the event, to allocate seats and to take menu requests into account. If you take part in our competitions (Section 2.14), we transmit the personal data of the winner to the respective promoter of the competition for this purpose. We transfer your personal data for the purpose of contract execution with you and with our contractual partners on the basis of Art. 6 Para. 1 Sentence 1 lit. b) GDPR. If and as far as this is necessary for the event, we also transfer health data (e.g. information on allergies at food events), if you have provided this information when purchasing a ticket and given us your consent for the transfer of the data as defined in Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

10. Information emails and newsletters (Section 2.6) are sent by service providers commissioned by us and, in some circumstances we may analyse and document your use of them. For this purpose, we transfer your personal data to the service providers. In doing so, we process your personal data as follows:

- After purchasing a ticket (Section 2.4), we transfer your personal data in order to provide you with information on the event, for the purpose of executing the contract with you on the basis of Art. 6 Para. 1 Sentence 1 lit. b) GDPR.

- In addition, after purchasing a ticket (Section 2.4), we transfer your personal data to inform you about changes to our products and services. The transfer of your personal data occurs due to our legitimate interest, on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

11. A transfer of personal data by us to the respective promoter for the purpose of tracing chains of infection in connection with Covid-19 (visitor data collection in accordance with no. 2.4.5) is based on Art. 6 para. 1 sentence 1 letter b) GDPR. Any transmission by the respective promoter to a (health) authority for the purpose of tracing chains of infection in connection with Covid-19 is carried out in most federal states on the basis of Art. 6 para. 1 sentence 1 lit. c) GDPR, in some federal states possibly also Art. 6 para. 1 sentence 1 lit. a) GDPR. For details in this regard, please refer to the data protection information of the respective responsible promoter.

12. Beyond this, we transfer your personal data only and insofar a legal obligation exists on our part to pass it on. The transfer takes place on the basis of Art. 6 Para. 1 Sentence 1 lit. c) GDPR (e.g. to the police authorities in the context of criminal investigations or to the data protection supervisory authorities).

5 Justified interests in data processing and objection

1. We process your personal data as defined in Section 2 due to our legitimate interests particularly in ensuring IT security on our websites, carrying out analyses and marketing measures, informing you about our products and services, increasing the scope of our products and marketing measures, preventing fraud and misuse, avoiding payment defaults, representing, enforcing and defending our legal interests (possibly also in court) and carrying out internal administration efficiently and collaboratively. Information on the balance of interests carried out can be obtained from:

kundenservice-stage@ticketonline.de

2. To the extent, we process your personal data on the basis of these legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR), you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation. Notwithstanding the above, in cases of direct advertising (such as newsletters or retargeting measures) you have the right to object at any time to the processing of your personal data without giving reasons. We will then no longer process your data for this/these purpose(s) unless our legitimate interests in processing overweight or the processing serves to establish, exercise or defend legal claims. Please send your request to:

- by e-mail to kundenservice-stage@ticketonline.de,
- by tel. to +49 (0) 1805 257104 (0,14 €/call incl. VAT) or
- in writing to Ticket Online Sales & Service Center GmbH, Data Protection, 19367 Parchim, Germany.

3. If you object to the data processing according to Section 5.2, we process your personal data collected in this context to answer your inquiry. Your personal data is processed in order to fulfil a legal obligation on the basis of Art. 6 Para. 1 Sentence 1 lit. c) GDPR.

6 Consent and revocation of your consent

1. If you have given us your consent for the processing of your personal data, you can revoke this at any time. The revocation of your consent is effective for the future. The legality of the processing of your personal data up to the time of revocation remains unaffected.

Please address your revocation:

- by e-mail to kundenservice-stage@ticketonline.de,
- by tel. to +49 (0) 1805 257104 (0,14 €/call incl. VAT) or
- in writing to Ticket Online Sales & Service Center GmbH, Data Protection, 19367 Parchim, Germany.

2. If you revoke your consent, we will process your personal data collected in this context to respond to your inquiry. Your personal data is processed in order to fulfil a legal obligation on the basis of Art. 6 Para. 1 Sentence 1 lit. c) GDPR.

7 Your rights

1. You may at any time, in accordance with the GDPR, request that we

- provide you with information about the personal data concerning you that we process (Art. 15 GDPR),
- rectify any personal data concerning you that is inaccurate (Art. 16 GDPR) and/or
- erase (Art. 17 GDPR), block (Art. 18 GDPR) and/or release (Art. 20 GDPR) your personal data stored by us.

2. Please send your request:

- by e-mail to kundenservice-stage@ticketonline.de,
- by tel. to +49 (0) 1805 257104 (0,14 €/call incl. VAT) or
- in writing to Ticket Online Sales & Service Center GmbH, Data Protection, 19367 Parchim, Germany.

3. If you assert your rights against us, we process your personal data collected in this context to answer your inquiry. Your personal data is processed in order to fulfil a legal obligation on the basis of Art. 6 Para. 1 Sentence 1 lit. c) GDPR.

4. Without prejudice to your rights under Section 7, you may lodge a complaint with a data protection supervisory authority if you believe that TOSS's processing of personal data concerning you is in breach of the GDPR (Art. 77 GDPR).

8 Other

1. The provisions of this information on data protection (available free of charge on our websites), including the cookie information of Ticket Online Sales & Service Center GmbH (available free of charge on our websites) apply in the version valid at the time of use of our websites.

2. We reserve the right to supplement and amend the content of the information on data protection. The updated data protection information is valid from the time it is published on our websites.

3. We will inform you in good time about these amendments and supplements on our websites. You will be given the opportunity to view, print and save the amended information on data protection free of charge.

9 Contact details of the Data Protection Officer

Please direct any questions regarding data protection to:

Data Protection Officer
Ticket Online Sales & Service Center GmbH
19367 Parchim, Germany
Email: datenschutz@ticketonline.de

Cookie information Websites

Scope of application

This cookie information provides more specific data protection information as required by Section 2.1.5 (2) about the use of cookies on websites of Ticket Online Sales & Service Center GmbH and affiliates of Ticket Online Sales & Service Center GmbH as defined by Sec. 15 AktG [“Aktiengesetz”: German Stock Corporation Act], referred to here as “TOSS”, “we” or “us“).

General information on cookies

“Cookies” are small text files which are saved in the browsers of your end devices when you visit our websites. Cookies can save and track your actions and settings in our websites for the duration of the browser session and, in some cases, beyond this. Cookies also enable the recognition of your browser. For instance, after leaving the website, the content of your shopping basket is reconstructed or events recently viewed are displayed again.

Types of cookies used

First-party cookies
On the one hand, we use first-party cookies, i.e. cookies placed by our server on our websites and which can only be accessed via our server.

Third-party cookies
On the other, our websites also incorporate third-party cookies which are placed by servers of others and/or our websites or domains and that can be read by third parties. With these cookies, your browser can be tracked beyond our website, for instance so as to understand user behaviour.

Storage period of the cookies

Session cookies
Some of the cookies we use are session cookies, i.e. cookies which are only stored for the duration of your visit to our website.

Persistent cookies
We also use persistent cookies which stay saved on your browser after the session and are automatically deleted after a predefined expiry date.

Purposes of using cookies

Essential cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Statistical and Comfort cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you deactivate these cookies, then some of our services may not function properly.

Marketing cookies
These cookies may be set through our site by our advertising partners. They may be used by those com-panies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you deactivate these cookies, you will experience less targeted advertising.

Cookie settings by users

Via your browser settings you can limit or completely prevent the storage of (certain) cookies for all websites and delete any cookies that have already been saved. For more information about this please consult the instruction manual or help functions of your browser.
Our websites can in principle still be visited and used after restricting/deactivating cookies in the browser settings. However, please note that in particular the complete deactivation of cookies can limit the functionalities of our websites.
You can prevent future collection of your data when visiting our websites by clicking on the following link and changing your settings there: Cookie Settings

As of: 15.12.2021