A-
A+

Privacy policy of the Online Shop of HACHEZ CHOCOVERSUM GmbH

I. Preamble

HACHEZ CHOCOVERSUM GmbH would like to explain to you below which data are collected, processed and used when and for what purpose. We would like to explain to you how our offered services work and how the protection of your personal data is guaranteed. We only collect, process and use personal data if you have consented therein or a law allows this.

 

This Privacy Policy can be retrieved, saved and printed at any time under the URL https://chocoversum.ticketfritz.de/en/Home/Privacy.

II. Responsible Persons

1.Name and address of the controller

The responsible person within the meaning of the EU General Data Protection Regulation (GDPR) is

 

HACHEZ CHOCOVERSUM GmbH

Messberg 1, 20095 Hamburg

Tel.: (040) 41 91 23 00

Fax: (040) 41 91 23 0 - 20

E-Mail: info@CHOCOVERSUM.de

2. Name and address of the data protection officer

The data protection officer of the controller is:

 

Lawyer Bertold Frick

Datenschutz-Metropol GmbH

Baumwollbörse, Wachtstraße 17/24, 28195 Bremen

Tel.: (0421) 339 53 50

Fax: (0421) 339 53 55

E-Mail: frick@trinity-metropol.de

 

For general questions or suggestions regarding data protection, you can contact us at any time by e-mail at info@chocoversum.de or with our external data protection officer mentioned under point 2.

III. General

1.Scope of processing personal data

In principle, we collect and use our users’ personal data only to the extent necessary to provide a functional website and our content and services. This includes

 

  • E-mail address
  • Payment data
  • Booked events / tickets purchased or vouchers
  • Any documents or information provided by you, the personal data

 

We collect, process and use this data in order to contact you and process your request for events, ticket purchases or general enquiries.

In addition, we collect, process and use the following data to compile visitor statistics on the use of our website and to improve our website. The following data is collected:

 

  • Date and visit of the URL on which the visitor is located
  • URL that the visitor visited immediately before
  • Browser used
  • Operating system used
  • IP address of the visitor

 

If this is not the case, personal data will only be used with the user’s consent. An exception applies in cases where prior consent cannot be obtained for effective reasons and the processing of the data is permitted by law.

2. Legal basis of processing

Insofar as we obtain the consent of the data subject for processing of personal data, Article 6 (1)(a) EU General Data Protection Regulation (GDPR) serves as the legal basis.

For the processing of personal data required to fulfil a contract to which the data subject is a party, Article 6 (1)(b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual actions.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Article 6 (1)(c) GDPR serves as the legal basis.

In the event that the vital interests of the data subject or any other natural person require the processing of personal data, Article 6 (1)(d) GDPR serves as the legal basis.

If the processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not prevail over the first interest, Article 6 (1)(f) GDPR serves as the legal basis for processing. The legitimate interest of our company lies in the execution of our business activities.

3. Routine deletion and blocking of personal data

We only process and store personal data of the data subject for as long as necessary to achieve the storage purpose. In addition, such storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible for the processing is subject. As soon as the storage purpose ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.

3. Data security

We take all reasonable technical and organisational measures to ensure the protection of your data. Despite regular checks, full protection against all dangers is not possible.

 

The website uses industry standard SSL (Secure Sockets Layer) for encryption in some places. This ensures the confidentiality of your personal information over the Internet.

IV. Usage data

1. Log files

Each time the website is accessed, we or the site provider collect data and information through an automated system. These are stored in the log files of the server.

 

The following data can be collected here:

  • Information about the browser type and version used
  • The user’s operating system
  • The user’s Internet service provider
  • The user’s IP address
  • Date and time of access
  • Websites from which the user's system is accessed on our website (referrer)
  • Web pages accessed by the user's system through our website

The processing of the data serves to deliver the contents of our website, to ensure the functionality of our information technology systems and to optimize our website. The data of the log files are always stored separately from other personal data of the users.

2. Cookies

In order to make the visit of our website-offer attractive and to allow the use of certain functions, we use so-called "cookies" on some pages. Cookies are small text files that are stored on your hard disk for the duration of your browser session in the cache of your Internet browser (so-called "session cookies") or for a defined duration (so-called "persistent cookies").

For example, cookies enable us to track and determine your preferences and to identify you individually during a visit to our website. After the end of the browser session, most of the cookies we use are deleted from your hard drive ("session cookies").

The so-called "persistent cookies" (e.g. to identify you as a registered buyer and to enable log-in) remain on your computer and allow us, for example, to recognise you on your next visit.

We therefore use cookies in order to be able to offer our legitimate interest in the provision of a website tailored to the visitor’s wishes. The cookies do not store any personal data.

3. Third party cookies

Likewise, some of our third party services may use cookies called "third-party cookies". These are cookies that are stored by third parties. The use or collection of personal information by these service providers is subject to privacy and confidentiality agreements with us and other legal restrictions. Please inform yourself about the respective functioning and data processing on the websites of the respective providers. The services in use can be found in this Privacy Policy.

 

How can I prevent the storage of cookies? You can set your browser to accept the storage of cookies only if you agree. You can delete any existing cookies. By deactivating cookies, however, the usability of our websites may be limited. Information on how to deactivate cookies can be found at the following LINK (www.wikihow.com). Similarly, the use of third-party cookies can be disabled separately in the settings.

4. Google Analytics

This website uses Google Analytics, a web analytics service of

Google Inc. ("Google")

1600 Amphitheatre Parkway

Mountain View, CA 94043

USA.

Google Analytics uses so-called "cookies", text files, that are stored on your computer and allow the website to analyse how users use the website.

 

What happens to the data?

The information generated by the cookie about your use of this website (including your IP address) is transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate your use of the website, compile reports on website activity for website operators and provide other services related to website activity and internet usage. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Google will never associate your IP address with any other Google data.

 

How can you object to data collection and processing?

You can prevent the installation of cookies by setting your browser settings accordingly; however, please be aware that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

You can object to the collection and storage of your data at any time with effect for the future. To do this you can prevent Google from collecting the data (including your IP address) generated by the cookie and related to your use of the website as well as from processing this data by Google by downloading and installing the browser plug-in available under the following link.

You can also prevent the collection by Google Analytics by clicking on the following link. An opt-out cookie will be set which prevents the future collection of your data when visiting this website (https://tools.google.com/dlpage/gaoptout?hl=de).

In view of the discussion about the use of analysis tools with complete IP addresses, we would like to point out that IP addresses are only processed further on this website in shortened form. The use of Google Analytics with the extension "_anonymizeIp()" excludes a personal reference of the collected data.

The Terms of Use and Privacy Policy of Google and Google Analytics can be found at http://www.google.com/analytics/terms/en.html or https://www.google.com/intl/en/policies/.

Google Analytics is also used to evaluate data from AdWords and the Double-Click Cookie for statistical purposes. If you do not want this to happen, you can disable it through the Ads Preferences Manager (http://www.google.com/settings/ads/onweb/?hl=en).

Since Google is located in the US, data is transferred to a third country outside the EU or the EEA. However, the security of your data is ensured because Google is subject to the EU-US Privacy Shield Agreement. According to the decision of the European Commission of 12.07.2016, Google, therefore, has an adequate level of data protection.

5. Social plugins

This website uses social plugins from social networks. Separate privacy and liability rules apply to social networks, and in general to third-party websites. The storage and use of personal data by the respective site operator (service provider), which occur when using its services, may exceed the scope of this privacy policy. CHOCOVERSUM has no influence on which data an activated plugin detects and how they are used by the provider. CHOCOVERSUM does not collect any personal data by means of the social plugins or their use.

To increase the protection of your data, the plugins are not fully integrated into the website, but rather only use an HTML link (so-called "Shariff solution" from c't) involved in the page. This integration ensures that when you visit the site that contains such plugins, no connection is established with the servers of the provider of the respective social network. Clicking on one of the buttons opens a new window of your browser and calls up the page of the respective service provider on which you can (for example, after entering your login data), for example, press the Like or Share button. For the purpose and scope of the data collection and the further processing and use of the data by the providers on their sites and their rights in this regard and setting options for protecting your privacy, please refer to the privacy policy of the provider.

 

Facebook

Operator: Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA

Website: https://www.facebook.com

Privacy Policy: http://www.facebook.com/policy.php

 

Google+

Operator: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Website: http://www.google.com/intl/en/+/learnmore/

Privacy Policy: http://www.google.com/intl/en/+/policy/+1button.html

 

Instagram

Operator: Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, United States

Website: https://www.instagram.com

Privacy Policy: https://help.instagram.com/155833707900388

 

V. Your personal information

1. What are "personal data"?

Personal data are information about yourself that allow  conclusions to be drawn about your identity or which relate directly or indirectly to you, e.g. your name, address or phone number. Information that does not allow conclusions to be made about a specific or identifiable person is not included.

2. E-mail, telephone

If you contact us by e-mail or telephone, we will only use the personal data you provide to process your specific request. The given data will be treated confidentially.

3. Your registration

If you use the opportunity to register on our website, the data in the respective input mask will be transmitted to us. The data are stored solely for the purpose of internal use. Upon registration, the IP address of the user as well as the date and time of the registration will be stored in addition to the data mentioned below. This is to prevent misuse of the services. A transfer of the data to third parties does not take place. An exception exists if there is a legal obligation to disclose. Registered persons have the possibility to delete or modify the stored data at any time. The data subject receives information about the personal data stored about him or her at any time. Registration is based on our legitimate interests. With the opportunity to register, we can offer our visitors the convenience of regularly logging in and storing the data permanently.

a. What data do we collect and what for?

As part of the registration, we need an email address and password from you. The data you provide will be stored with us and serve solely to provide the services you requested and thereby fulfil our contracts with you, in particular the sale through our online store.

b. Bank and credit card data

For certain fee-based offers, we also need bank or credit card information to process the contract.

If you choose the payment method "credit card", we also need your credit card details, but these credit card details are not collected by us but are collected directly and exclusively via the payment service provider that we have appointed and specialise in the online area Within the Giropay payment method, you can choose your bank and you will be immediately redirected to your bank's online banking website, where you will be able to log in as usual with your access data and we will not collect or process any data in this context.

c. Can I also shop without registering in the online shop?

A purchase in our online shop is also possible without registration. The data collected by us for processing the purchase will be recorded and stored in the shop system in order to fulfil our contract with you.

4. Disclosure of personal data

In addition, we will not disclose personal data without your express consent, unless we are legally permitted to do so, e.g. if we are required by law to disclose data (to law enforcement agencies and courts, to public bodies that receive data due to statutory regulations, such as social insurance agencies, tax authorities, etc.) or if we involve third parties to enforce our claims for professional secrecy.

5. Your rights as an affected person

If HACHEZ CHOCOVERSUM GmbH processes personal data about you, you are a victim within the meaning of the General Data Protection Regulation and you have the following rights against HACHEZ CHOCOVERSUM GmbH as the person responsible:

a. Right to information

You may ask the person in charge to confirm if personal data concerning you is processed by us.

If such processing is available, you can request information from the person responsible about the following information:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data that are processed;
  3. the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
  4. the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the storage duration;
  5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information on the source of the data if the personal data are not collected from the data subject;
  8. the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether your personal data is transferred to a third country or an international organisation. In this context, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transmission of information.

b. Right to rectification

You have a right of rectification and/or completion vis-à-vis the controller if the personal data processed is incorrect or incomplete. HACHEZ CHOCOVERSUM GmbH has to carry out the correction without delay.

c. Right to limit processing

You may request the restriction of the processing of your personal data under the following conditions:

  1. if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
  2. the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
  3. HACHEZ CHOCOVERSUM GmbH no longer requires the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or
  4. if you have filed an objection against the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

 

If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the processing limitation has been restricted according to the abovementioned conditions, you will be informed by the person in charge before the restriction is lifted.

d. Right to erasure

You can demand from HACHEZ CHOCOVERSUM GmbH that the personal data concerning you be deleted immediately, and we are obliged to delete this data immediately, if one of the following reasons applies:

  1. Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent to the processing pursuant to Art. 6 (1)(a) or Art. 9 (2)(a) GDPR and there is no other legal basis for processing.
  3. You file an objection against the processing pursuant to Art. 21 (1) GDPR and there are no prior justifiable reasons for the processing, or you file an objection against the processing pursuant to Art. 21 (2) GDPR.
  4. Your personal data has been processed unlawfully.
  5. The deletion of personal data concerning you is required to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
  6. The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

 

If HACHEZ CHOCOVERSUM GmbH has made the personal data concerning you public and is, in accordance with Article 17 (1) of the GDPR, required to erase them, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as the data subject, have requested the deletion of any links to such personal data or copies or replications of such personal data.

The right to erasure does not exist if the processing is necessary

  1. to exercise the right to freedom of expression and information;
  2. to fulfil a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or in the exercise of official authority conferred on the controller;
  3. for reasons of public interest in the field of public health pursuant to Art. 9 (2)(h) and (i) and Art. 9 (3) GDPR;
  4. for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to. Article 89 (1) of the GDPR, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
  5. to assert, exercise or defend legal claims.

e. Right to information

If you have the right of rectification, erasure or restriction of processing against the controller, he/she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right vis-à-vis us to be informed about these recipients.

f. Data transferability

You have the right to receive the personal data that you have provided to HACHEZ CHOCOVERSUM GmbH in a structured, conventional and machine-readable format. In addition, you have the right to transfer this data to another person without obstruction by the person responsible for providing the personal data, provided that

  1. the processing is based on consent pursuant to Art. 6 (1)(a) GDPR or Art. 9 (2)(a) GDPR or on a contract pursuant to Art. 6 (1)(b) GDPR and
  2. the processing is done using automated procedures

 

In exercising this right, you also have the right to request that your personal data be transmitted directly from data controller to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected by this.

The right to data transferability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

g. Right to object

You have the right to object at any time, for reasons that arise from your particular situation, to the processing of your personal data pursuant to Art. 6 (1)(e) GDPR; this also applies to profiling based on these provisions. HACHEZ CHOCOVERSUM GmbH will no longer process your personal data, unless it can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.

h. Right to revoke the data protection consent declaration

You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until revocation.

i. Automated decision on a case-by-case basis, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on you or, in a similar manner, significantly affects it. This does not apply if the decision

  1. is required for the conclusion or fulfilment of a contract between you and HACHEZ CHOCOVERSUM GmbH,
  2. is permissible on the basis of Union or Member State legislation to which the controller is subject, and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
  3. with your express consent.

 

However, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2)(a) or (g) applies and reasonable measures have been taken to protect your rights and freedoms and your legitimate interests.

Regarding the cases mentioned in a. and c., HACHEZ CHOCOVERSUM GmbH shall take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to express one's own position and to contest the decision.

j. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

6. Change of privacy policy

Changes to the law or changes to our internal processes may necessitate an adaptation of this privacy policy. This privacy policy was last updated on 30.04.2018. We will inform you about any material changes to this Privacy Policy on our website.