The legal regulations of the EU General Data Protection Regulation (GDPR) form the basis for handling your data. The following explanation gives you an overview of the implementation.
Definition of terms
Personal data: Personal data include all information which relates to an identified or identifiable natural person (hereinafter referred to as “data subject”).
Data subject: The data subject is any identified or identifiable natural person whose personal data are processed by the controller.
Processing: Processing is any process carried out with or without the help of automated procedures with personal data such as the collection, recording, organisation, ordering, storage, adaptation or modification, reading, querying, use, disclosure by transmission, dissemination or another form of provision, comparison or linking, restriction, deletion or destruction.
Restriction of processing: Restriction of processing is the identification of stored personal data in order to limit their future processing.
Profiling: Profiling is any type of automated processing of personal data in order to categorise them according to personality profiles and thereby analyse or predict the behaviour of natural persons.
Pseudonymisation: Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information.
Processor/recipient: A processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of GRIPS Theater. The recipient is a natural or legal person, public authority, institution or other body to whom personal data are disclosed, whether or not they are third parties.
Consent: Consent is any declaration or other unambiguous and informed expression of intent given voluntarily by the data subject, in the form of a declaration or other unambiguous affirmative action, in which the data subject indicates that he/she agrees to the processing of his/her personal data.
Controller and data protection officer
The controller within the meaning of the General Data Protection Regulation, other data protection laws in force in the Member States of the European Union, and other provisions of a data protection nature, is:
GRIPS Theater gGmbH
Altonaer Str. 22
If you have any concerns about data protection, you can contact our data protection officer at any time. You can reach the data protection officer at the email address datenschutz[at]grips-theater.de.
If, after contacting the data protection officer, there is still the assumption that your own rights have been violated during the collection, processing or use of personal data by GRIPS, you can also contact the relevant data protection supervisory authority in accordance with applicable law.
Data processing on our website
Server log files
Personal data are only collected on this website to the extent that is technically necessary. GRIPS automatically collects and saves information that your browser transmits to us in its server log files. These data include:
- Browser type and version,
- the operating system used,
- referrer URL, i.e. the page you visited before,
- host name of the accessing computer / IP address,
- name of the file accessed in each case,
- the volume of data transferred,
- notification of successful access,
- requesting domain,
- date and time of the server request.
The storage is only used for internal system-related and statistical purposes. All of these data cannot be assigned to specific persons by GRIPS. These data will not be combined with any other data sources, and will be deleted after statistical evaluation. Data collected shall not be sold under any circumstances.
The following table provides an overview of the cookies used on our website:
- cookie_consent_settings, trackingpermissions
Provider and purpose: Stores the Cookie Manager settings.
Storage: 60 years
Provider and purpose: Content Management System (CMS). Helps prevent so-called cross-site request forgery (CSRF) attacks.
Retention: 1 year
- Google Analytics (_ga, _gat _gid, _gat_gtag_UA)
Provider and purpose: Used to create usage statistics of our website and control repeated requests. This helps us understand how often, from which countries and with which devices our website is accessed and allows us to further optimize for these audiences. Cookies can distinguish individual users by means of a randomly generated ID to prevent multiple counts.
Category: Analytics & optimization
Retention: 1 minute (_gat, _gat_gtag_UA), 1 day (_gid), 1 year (_ga)
Provider and purpose: Ticketmatic to show the shopping cart
We use Sentry, a software for application monitoring and error tracking. This software is provided by Functional Software Inc, 132 Hawthorne StreetSan Francisco, California 94107, USA ("Sentry"). To ensure the technical stability of our services, Sentry is used to log system errors. The information generated by Sentry is transferred to a server of our technical service provider MIR MEDIA, Cologne and stored there. The server is located in Germany. The data is stored for a maximum of 90 days after analysis and then deleted without residue. The processing of the data is based on our legitimate interest according to Art. 6 para. 1 lit f DSGVO/GDPR.
Use of personal data
Personal data are only recorded using appropriate forms/ fields; the information contained therein is absolutely voluntary. Personal data are all information that relate to your person. These include name, address, email, etc.
If you have provided us with personal data via a form or by email, we shall only use these to answer your inquiries or to process the contracts you have requested and concluded with us (orders), for statistical purposes and, if necessary, also for technical administration purposes.
All GRIPS employees are bound by the statutory provisions and have committed themselves to compliance with them in writing.
Your personal data shall not be passed on to third parties unless this is absolutely necessary for the purpose of processing the contract or billing. If specially funded offers are used (e.g. Theatre of the schools / GRIPS Fever), data may also have to be passed on to the respective funding body for billing purposes. Otherwise, we shall only pass on your data to bodies entitled to receive information if we are obliged to do so by law or a court order.
Right to information and right of revocation
You have the right to information on the personal data stored about you, their origin and recipient, and about the purpose for which these data are stored. Upon request, we shall inform you as soon as possible whether and which personal data we have stored about you. If incorrect information has been stored, despite our efforts towards accuracy and relevance, we shall correct this at your request.
Of course, you have the right to revoke your consent at any time. We delete the stored personal data immediately if you revoke your consent, unless we are obliged to continue to store them for legal reasons. Data will also be deleted if storage is not permitted for other legal reasons.
Please send your request or your revocation to datenschutz[at]grips-theater.de.
Web shop, ticket sales and reservations
The web shop and ticketing system is provided by Ticketmatic Belgium, Philipssite 5A bus 22, 3001 Leuven. As part of the ticket reservation, ticket purchase, orders in the online shop and registration for newsletters, personal data are stored and processed in order to fulfil the contract. A data processing contract has been concluded with the company. In this contract, the service provider undertakes to process the data on our behalf and for the purposes specified by us and to protect them in accordance with the statutory provisions.
All web forms are SSL encrypted. Ticketmatic uses the Amazon Europe server in Ireland to host its system. The data are stored on the server hard drive with full encryption so that the data centre staff has no access. Access to the database is password-protected and only possible for authorised GRIPS employees.
In many cases, GRIPS cooperates with GRIPS Werke e.V., Altonaer Str. 22, 10557 Berlin in the implementation of theatre educational offers Inquiries from interested parties for the cooperation projects will be passed on to GRIPS Werke e.V. for the purpose of answering. As an association based in Germany, GRIPS Werke e.V. is also subject to the EU General Data Protection Regulation and, for its part, undertakes by means of a data processing contract to save and use the data only for the relevant purposes and not to pass them on to third parties.
Internal data storage
For organisational reasons, it may be necessary to provide data to authorised employees via an external server in order to fulfil the contract. This is done via ownCloud GmbH, Rathsbergstr. 17, 90411 Nürnberg. According to the information of the company, customer data are not passed on to third parties. Access to the data by GRIPS employees is activated individually by the administrator so that only authorised persons have access.
- External links