PRIVACY POLICY
Below, we provide you with information in accordance with legal requirements, especially the EU General Data Protection Regulation (GDPR, available at eur-lex.europa.eu/legal-content/EN/TXT/, regarding the processing of personal data by our company.
Table of Contents:
I. General Information
1. Important Terms
2. Scope
3. Data Controller
4. Data Protection Officer
II. Data Processing in Detail
1. General Information on Data Processing
2. Customer Feedback
3. Accessing Our Services
III. Rights of Data Subjects
1. Right to Object
2. Right to Information
3. Right to Rectification
4. Right to Erasure ("Right to Be Forgotten")
5. Right to Restriction of Processing
6. Right to Data Portability
7. Right to Withdraw Consent
8. Right to Lodge a Complaint
9. Cookies
10. Google Analytics
11. Newsletter
12. Contact and Accreditation Forms
13. Facebook
14. Twitter
15. Instagram
16. Log Files
IV. Facebook, Custom Audiences, and Facebook Marketing Services
I. General Information
In this section of the privacy policy, you will find information about the scope, the data controller responsible for data processing, their data protection officer, and data security. Furthermore, we provide an explanation of the meaning of important terms used in the privacy policy.
1. Important Terms
Browser: A computer program used for displaying websites (e.g., Chrome, Firefox, Safari).
Cookies: Text files that a visited web server places on the user's computer through the user's browser. The stored cookie information can include an identifier (cookie ID) used for recognition, as well as content-related information such as login status or information about visited web pages. The browser sends the cookie information to the web server with every subsequent request when revisiting the same page. Most browsers automatically accept cookies, but you can manage cookies using browser functions (usually found under "Options" or "Settings"). This allows you to disable the storage of cookies, make it subject to your individual consent, or restrict it in other ways. You can also delete cookies at any time.
Third Countries: Countries outside the European Union (EU).
GDPR (General Data Protection Regulation): Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Available at eur-lex.europa.eu/legal-content/EN/TXT/.
Personal Data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
Profiling: Any form of automated processing of personal data consisting of using those personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
Services: Our offerings for which this privacy policy applies (see Scope).
Tracking: The collection of data and its analysis concerning the behavior of visitors on our services.
Tracking Technologies: Tracking can occur through activity logs (log files) stored on our web servers, as well as through data collection from your end device via pixels, cookies, and similar tracking technologies.
Processing: Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Pixels: Pixels are also referred to as tracking pixels, web beacons, or web bugs. They are small, invisible graphics in HTML emails or on web pages. When a document is opened, this small image is loaded from a server on the internet, with the download being recorded there. This allows the operator of the server to see if and when an email has been opened or a webpage visited. This function is usually realized by calling a small program (JavaScript), which can recognize and transmit certain types of information on your computer system, such as the content of cookies, the time and date of the page view, and a description of the page where the pixel is located.
2. Scope
This privacy policy applies to the following offerings:
• Our online offering "jazzopen stuttgart" (website), accessible primarily at www.jazzopen.com.
• Whenever this privacy policy is referenced from any of our offerings (e.g., websites, subdomains, mobile applications, web services, or integrations on third-party sites), regardless of how you access or use it.
All of these offerings are collectively referred to as "Services."
3. Data Controller
The data controller responsible for data processing – the entity that determines the purposes and means of processing personal data – in connection with the Services is:
OPUS Festival, Event, and Management GmbH
Mörikestraße 20
D-70178 Stuttgart
Email: info@opus.live
4. Data Protection Officer
You can contact our Data Protection Officer using the contact details mentioned under section 3, addressed to the Data Protection Department, or via info@opus.live.
II. Data Processing in Detail
In this section of the privacy policy, we provide detailed information about the processing of personal data within the scope of our services. To enhance clarity, we organize this information based on specific functionalities of our services. During regular use of the services, various functionalities and thus various processing activities may occur consecutively or simultaneously.
General Information on Data Processing
For all processing activities presented below, unless otherwise specified:
a) No Obligation to Provide & Consequences of Non-Provision
The provision of personal data is not legally or contractually required, and you are not obligated to provide data. We will inform you during the input process if the provision of personal data is necessary for the respective service (e.g., indicated as a "mandatory field"). Failure to provide required data will result in the respective service not being provided. Otherwise, non-provision may affect our ability to deliver our services in the same form and quality.
b) Consent
In various cases, you have the option to provide us with your consent for further processing activities related to those presented below (possibly for a portion of the data). In this case, we will provide separate information, in conjunction with the respective consent declaration, about all the details and scope of the consent, as well as the purposes for which we intend to use these processing activities. Processing activities based on your consent are therefore not listed here (Art. 13(4) GDPR).
c) Transfer of Personal Data to Third Countries
When we transfer data to third countries, i.e., countries outside the European Union, such transfers occur exclusively in compliance with the legally regulated eligibility criteria.
If the transfer of data to a third country does not serve the purpose of fulfilling our contract with you, we do not have your consent, the transfer is not required for the establishment, exercise, or defense of legal claims, and no other exception under Article 49 of the GDPR applies, we will only transfer your data to a third country if there is an adequacy decision pursuant to Article 45 of the GDPR or appropriate safeguards pursuant to Article 46 of the GDPR in place.
One such adequacy decision is the Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 regarding the EU-US Privacy Shield for the USA. For transfers to companies certified under the EU-US Privacy Shield, the level of data protection is generally considered adequate within the meaning of Article 45 of the GDPR.
Alternatively or additionally, adequate safeguards and an appropriate level of data protection can be ensured by entering into the EU Standard Contractual Clauses issued by the European Commission with the receiving entity, as per Article 46(2)(c) of the GDPR. Copies of the EU Standard Contractual Clauses can be obtained from the European Commission's website at ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
d) Hosting by External Service Providers
Our data processing extensively involves the use of hosting service providers who provide us with storage space and processing capacity in their data centers and also process personal data on our behalf according to our instructions. It may happen that personal data is transferred to hosting service providers in all of the functionalities mentioned below. These service providers either process data exclusively within the EU or, using the EU Standard Contractual Clauses (refer to section c), we have ensured an adequate level of data protection.
e) Transfer to Government Authorities
We transfer personal data to government authorities (including law enforcement authorities) when this is required to fulfill a legal obligation to which we are subject (legal basis: Article 6(1)(c) of the GDPR) or when it is necessary for the establishment, exercise, or defense of legal claims (legal basis: Article 6(1)(f) of the GDPR).
f) Storage Duration
In the "Storage Duration" section, it is specified how long we will use the data for the respective processing purpose. After this period has elapsed, the data will no longer be processed by us but will be regularly deleted unless ongoing processing and storage are required by law (especially because it is necessary to fulfill a legal obligation or for the establishment, exercise, or defense of legal claims), or you provide us with consent for further storage beyond this period.
g) Designations of Data Categories
In the following sections, the following summary category designations are used for certain types of data:
- Account Data: Login/user ID and password.
- Personal Master Data: Title, salutation/gender, first name, last name, date of birth.
- Address Data: Street, house number, if applicable, additional address details, postal code, city, country.
- Contact Data: Phone number(s), fax number(s), email address(es).
- Registration Data: Information about the service through which you registered; timestamps and technical information about registration, confirmation, and unsubscribing; data provided by you during registration.
- Order Data: Ordered products, prices, payment, and delivery information.
- Payment Data: Account information, credit card data, data related to other payment services like PayPal.
- Usage Data Press Distribution: Accreditation topic, accreditation timestamp, consent to usage restriction/declaration of consent, downloads of press materials.
- Usage Profile Data Newsletter: Opening of the newsletter (date and time), content, selected links, as well as the following information from the accessing computer system: used internet protocol address (IP address), browser type and version, device type, operating system, and similar technical information.
- Access Data: Date and time of visiting our service; the page from which the accessing system reached our site; pages accessed during usage; data for session identification (session ID); as well as the following information from the accessing computer system: used internet protocol address (IP address), browser type and version, device type, operating system, and similar technical information.
2. Customer Feedback
Here, we describe how your personal data is processed when you contact our customer service.
a) Purpose of Data Processing and Legal Basis, as well as Legitimate Interests, Storage Duration
Data Category: Personal Master Data; Contact Data; Content of Inquiries/Complaints/Feedback
Purpose: Processing of customer inquiries and user complaints
Legal Basis: Article 6(1)(b) and (f) of the GDPR
Legitimate Interest: Improving our service; customer retention
Storage Duration: Processing of the inquiry
3. Accessing Our Services
Here, we describe how your personal data is processed when accessing our services (e.g., loading and viewing the website, opening and navigating within the mobile app). We particularly highlight that the transmission of access data to external content providers (see under b.) is inevitable due to the technical functioning of internet information transfer. The third-party providers are responsible for ensuring data protection-compliant operation of their IT systems. The decision on the storage duration of the data lies with the service providers.
a) Purpose of Data Processing and Legal Basis, as well as Legitimate Interests, Storage Duration
Data Category: Access Data
Purpose: Establishing a connection; displaying the content of the service; detecting attacks on our site based on unusual activities; error diagnosis
Legal Basis: Article 6(1)(f) of the GDPR
Legitimate Interest: Proper functioning of the services; data and business process security; prevention of abuse; prevention of damage from interference with information systems
Storage Duration: 4 weeks
b) Recipients of Personal Data
Recipient Category: External content providers that provide content (e.g., images, videos, embedded posts from social networks, advertising banners, fonts, update information) required for displaying the service
Data Concerned: Access Data
Legal Basis: Article 6(1)(f) of the GDPR
Legitimate Interest: Proper functioning of the services; (accelerated) display of content
Recipient Category: IT security service providers
Data Concerned: Access Data
Legal Basis: Article 6(1)(f) of the GDPR
Legitimate Interest: Prevention of attacks by exploiting security vulnerabilities/weaknesses
III. Rights of Data Subjects
1. Right to Object
If we process your personal data for the purpose of direct marketing, you have the right to object to the processing of your personal data for such marketing at any time with future effect. This also applies to profiling insofar as it is related to such direct marketing.
Furthermore, you have the right to object at any time with future effect to the processing of your personal data, which is carried out based on Article 6(1)(e) or (f) of the GDPR, for reasons arising from your particular situation. This also applies to profiling based on these provisions.
You can exercise the right to object free of charge using the contact details mentioned under I.3 or by using the following methods:
Via email to: info@opus.live
2. Right to Information
You have the right to request confirmation from us as to whether or not personal data concerning you is being processed, and, if so, access to the personal data and the information listed in Article 15 of the GDPR.
3. Right to Rectification
You have the right to request the immediate correction of inaccurate personal data concerning you (Article 16 GDPR). Taking into account the purposes of processing, you also have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.
4. Right to Erasure ("Right to Be Forgotten")
You have the right to request that personal data concerning you be deleted without delay if one of the grounds listed in Article 17(1) of the GDPR applies and the processing is not necessary for one of the purposes set out in Article 17(3) of the GDPR.
5. Right to Restriction of Processing
You have the right to request a restriction on the processing of your personal data if one of the conditions specified in Article 18(1)(a) to (d) of the GDPR applies.
6. Right to Data Portability
Under the conditions set out in Article 20(1) of the GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another controller without hindrance from us. In exercising the right to data portability, you also have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
7. Right to Withdraw Consent
Where the processing is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
8. Right to Lodge a Complaint
You have the right to lodge a complaint with the supervisory authority responsible for our company. The supervisory authority responsible for our company is:
The State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg, Postfach 10 29 32, 70025 Stuttgart, Germany, www.baden-wuerttemberg.datenschutz.de
9. Cookies
Our website uses so-called "cookies" to make your visit to our website more attractive and user-friendly. Cookies are text files that are stored on your computer system and saved in your browser.
Cookies can be used for various purposes. Persistent cookies, for example, are used to recognize returning users, while "session cookies" are only stored for the duration of your visit to the website and are not permanently saved. We use cookies to provide you with a high level of user-friendliness and effective use of our online offerings.
You have the option to adjust settings in your browser to allow or exclude cookies in general.
10. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies," which are text files stored on your computer that enable an analysis of your use of the website. We use this access data exclusively in a non-personalized form for continuous improvement of our online offerings and for statistical purposes.
The information generated by the cookie about your use of this website is generally transmitted to and stored on a server operated by Google in the United States. However, if IP anonymization is activated on this website, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area before being transferred. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activities, and provide other services related to website usage and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
You can prevent the storage of cookies by configuring your browser software accordingly; however, please note that if you do this, you may not be able to use all the features of this website to their full extent.
You can also prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set to prevent the future collection of your data when you visit this website:
[Google Analytics Deactivation](https://tools.google.com/dlpage/gaoptout)
For more information on the terms of use and data privacy, please visit [Google Analytics Terms](https://www.google.com/analytics/terms/de.html) and [Google's Privacy Policy](https://www.google.com/intl/de/analytics/privacyoverview.html).
Please note that this website uses Google Analytics with the "gat._anonymizeIp();" extension to ensure the anonymized collection of IP addresses (so-called IP masking).
We also use Google Analytics to evaluate data from AdWords and the DoubleClick cookie for statistical purposes. If you do not wish to participate in this, you can disable it through the [Ad Preferences Manager](http://www.google.com/settings/ads/onweb/?hl=de).
11. Newsletter
To subscribe to the newsletter offered on our website, you can use our form. We use the double opt-in procedure. After you have registered, a confirmation email will be sent to the email address you provided, asking for your confirmation. Your registration will only be effective if you click on the activation link contained in the confirmation email. We use the data you transmit to us exclusively for sending the newsletter, which may contain information or offers.
We use rapidmail to send our newsletter. Therefore, your data will be transmitted to rapidmail GmbH. rapidmail GmbH is not allowed to use your data for purposes other than sending the newsletter. The rapidmail GmbH is not permitted to pass on or sell your data. rapidmail is a German, certified newsletter software provider that has been carefully selected in accordance with the requirements of the GDPR and the BDSG.
You can revoke your consent to the storage of data and its use for newsletter distribution at any time, e.g., via the unsubscribe link in the newsletter.
12. Contact and Accreditation Forms
If you submit inquiries to us via a form, your information from the form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and for follow-up questions. We will not disclose this data without your consent. After processing the inquiry, the data will be deleted.
13. Facebook
Within our website, we use social plugins ("plugins") from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can be identified by one of the Facebook logos (white "f" on a blue tile or a "thumbs up" symbol). When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to Facebook's servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the webpage. Therefore, we have no influence over the extent of data that Facebook collects using this plugin, and we inform you to the best of our knowledge:
By integrating the plugins, Facebook receives the information that you have accessed the corresponding page of our website. If you are logged into Facebook, Facebook can associate your visit with your Facebook account. If you interact with the plugins, such as pressing the Like button or leaving a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there. Even if you are not a Facebook member, it is still possible for Facebook to learn your IP address and store it. The purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your rights and settings options for protecting your privacy, can be found in Facebook's privacy policy: www.facebook.com/policy.php.
If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her stored Facebook member data, he or she must log out of Facebook and delete his or her cookies before using our online offer. Further settings and objections to the use of data for advertising purposes can be made within the Facebook profile settings: www.facebook.com/settings or via the US website www.aboutads.info/choices/ or the EU website www.youronlinechoices.com. The settings are platform-independent, i.e., they are applied to all devices such as desktop computers or mobile devices.
14. Twitter
Within our website, we use buttons from the Twitter service. These buttons are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. They are recognizable by terms such as "Twitter" or "Follow," accompanied by a stylized blue bird. With the help of these buttons, it is possible to share a post or page of this offering on Twitter or to follow the provider on Twitter. When a user accesses a page of this website that contains such a button, their browser establishes a direct connection to Twitter's servers. The content of the Twitter button is transmitted directly from Twitter to the user's browser. The provider has no influence over the extent of data that Twitter collects using this plugin and informs users to the best of their knowledge. According to this knowledge, only the user's IP address and the URL of the respective web page are transmitted when the button is obtained, but not used for purposes other than displaying the button. For more information, please refer to Twitter's privacy policy at twitter.com/privacy.
15. Instagram
This website also includes plugins from the social network Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA ("Instagram"). You can recognize the Instagram plugin by the "Instagram" button on our site.
If you click on the "Instagram" button while logged into your Instagram account, you can link the content of our pages to your Instagram profile. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram. For more information, please refer to Instagram's privacy policy: instagram.com/about/legal/privacy/.
17. Log Files
Every time you access the pages of "jazzopen stuttgart," usage data is transmitted by the respective internet browser and stored in log files, known as server log files. The data records stored in this process contain the following information: date and time of access, name of the accessed page, IP address, referrer URL (origin URL from which you accessed the website), the amount of data transmitted, and product and version information of the browser used.
IV. Facebook, Custom Audiences, and Facebook Marketing Services
12.1. Within our online offering and based on our legitimate interests in analyzing, optimizing, and economically operating our online offering, we use the "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are located in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
12.2. Facebook is certified under the Privacy Shield agreement, which provides a guarantee of compliance with European data protection laws.
12.3. With the help of the Facebook Pixel, Facebook can determine the visitors to our online offering as a target group for displaying ads (so-called "Facebook Ads"). Accordingly, we use the Facebook Pixel to display Facebook Ads only to Facebook users who have shown an interest in our online offering or who have certain characteristics (e.g., interests in specific topics or products, which are determined based on the visited web pages) that we transmit to Facebook (so-called "Custom Audiences"). With the Facebook Pixel, we also want to ensure that our Facebook Ads correspond to the potential interests of users and do not appear annoying. Additionally, the Facebook Pixel allows us to track the effectiveness of Facebook advertisements for statistical and market research purposes by determining whether users were redirected to our website after clicking on a Facebook ad (so-called "Conversion").
12.4. The Facebook Pixel is directly integrated by Facebook when you visit our website and may store a so-called cookie on your device. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our online offering will be recorded in your profile. The data collected about you is anonymous to us and does not allow us to draw conclusions about the identity of the users. However, the data is stored and processed by Facebook, which means it can be linked to the respective user profile and used by Facebook for its own market research and advertising purposes. If we transmit data to Facebook for matching purposes, this data is encrypted locally in the browser and then sent to Facebook via a secure https connection. This is done solely for the purpose of matching the data, which is also encrypted by Facebook.
12.5. Furthermore, when using the Facebook Pixel, we use the additional function "extended matching," in which data for the creation of target groups ("Custom Audiences" or "Look Alike Audiences") is transmitted to Facebook in encrypted form. More information is available here.
12.6. We also use the "Custom Audiences from File" feature of the social network Facebook, Inc. In this case, the email addresses of newsletter recipients are uploaded to Facebook. The upload process is encrypted and is solely used to determine the recipients of our Facebook ads. We want to ensure that the ads are only displayed to users who are interested in our information and services.
12.7. The processing of data by Facebook is carried out in accordance with Facebook's data usage policy. You can find specific information and details about the Facebook Pixel and how it works in the Facebook Help Center.
12.8. You can opt out of the collection by the Facebook Pixel and the use of your data for displaying Facebook ads. To adjust the types of ads you see within Facebook, you can visit Facebook's settings page and follow the instructions for ad preferences. These settings are platform-independent (desktop or mobile).
12.9. You can also opt out of the use of cookies for audience measurement and advertising purposes by visiting the Network Advertising Initiative's deactivation page and additionally the U.S. website or the European website.
