Thank you for your interest in YesTicket. Data protection is of particular importance to Mirko Fichtner (operator of YesTicket). In principle, the YesTicket.org website can be used without providing any personal data. If a user wishes to use our company's special services via our website, processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such a processing, we generally obtain the consent of the user.
As the controller, Mirko Fichtner (operator of YesTicket) has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed through this website. Nevertheless, internet-based data transmission can have security gaps and absolute protection cannot be guaranteed. For this reason, every user is free to transmit personal data to us by alternative means, for example, by phone.
Mirko Fichtner's (operator of YesTicket) data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms in this data protection declaration:
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the "User"). Identifiable refers to a person who can be identified directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The User is any identified or identifiable natural person whose personal data is processed by the data controller.
Processing means any operation or a set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
Restriction of processing involves tagging stored personal data with the aim of limiting its future processing.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, aspects concerning analyzing and predicting that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific user without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
The controller or the data controller is the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by union rights or the law of member states, provision may be made for the controller to be designated in accordance with union rights or the law of member states.
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
A recipient is a natural or legal person, public authority, agency or other body whose personal data is disclosed, whether it concerns the third parties, or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with union rights or member state laws shall not be regarded as recipients.
Third party means a natural or legal person, public authority, agency or body other than the user, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent is any statement of intent voluntarily and unambiguously given by the User in an informed and unambiguous manner in the form of a statement or other unambiguous confirming act that indicates to the User that he/she has consented to the processing of his/her personal data.
The controller in terms of the General Data Protection Regulation, other data protection laws in the member states of the European Union and other provisions of a data protection character is:
An der Trift 1
Tel.: +49 531 – 18055336
The User can prevent cookies being set by our website at any time by using an appropriate setting of the browser being used, thus permanently objecting to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time using an Internet browser or other software programs. This is possible in all common Internet browsers. If the User deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
The YesTicket website collects a series of general data and information each time the website is accessed by a User or an automated system. These general data and information are stored in the server log files. We may record (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (the so-called referrer), (4) the sub-pages which are accessed via an accessing system on our website, (5) the date and time the website was accessed, (6) an Internet Protocol address (IP address), (7) the Internet service providers of the accessing system, and (8) other similar data and information used for security purposes in the event of attacks on our IT systems.
During the use of these general data and information, YesTicket does not draw conclusions on the User. Rather, this information is required to (1) correctly deliver the contents of our website, (2) optimize the contents of our website and its advertisement, (3) ensure the permanent functionality of our IT systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. This anonymously collected data and information is therefore evaluated statistically by Mirko Fichtner (operator of YesTicket) on the one hand and further with the aim of increasing data protection and data security in our company, in order to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a User.
The User has the opportunity to register on the controller's website by providing personal data. This is done as part of a ticket order for an event (which is the purpose of YesTicket as a ticket platform). The personal data transmitted to the controller is determined by the respective input mask used for registration/ticket ordering. The personal data entered by the User will be collected and stored exclusively for internal use by the controller and for his own purposes. The controller may arrange for the transfer to one or more processors, such as a parcel service provider, who also uses the personal data exclusively for internal use attributable to the controller.
By registering/ordering tickets on the website of the controller, the IP address assigned by the Internet service provider (ISP) to the user, the date and time of registration/ticket order are also stored. In this respect, the storage of this data is necessary to protect the controller. In principle, this data will not be passed on to third parties, provided that there is no legal obligation to pass it on or if the disclosure serves the purpose of law enforcement.
The registration of the user in which personal data is voluntary provided, is intended to enable the data controller to offer the user content or services that may only be offered to registered users due to the nature of the matter in question. Registered persons are free to modify the personal data provided during registration/ticket order at any time or to delete it completely from the database of the controller.
The data controller will inform any user at any time, upon request, of which personal data relating to the user are stored. Furthermore, the data controller shall correct or delete personal data at the request or notice of the user, provided that there is no legal obligation to retain the data in question. In this context, the all employees of the controller are available to the user as a contact person.
The controller shall only process and store the User's personal data for the period necessary to achieve the purpose of storage or if this has been provided for by the European legislator or another legislator in the laws or regulations to which the controller is subject.
If the purpose of storage is waived or a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.
Each User has the right granted by the European legislator to require the controller to certify whether personal data concerning him or her will be processed. If a User wishes to exercise this right of confirmation, he or she may at any time contact an employee of the controller.
Any person concerned by the processing of personal data shall have the right granted by the European legislator to obtain free information at any time from the controller about the personal data stored about him or her and a copy of that information. In addition, the European legislator has granted the user disclosure on the following information:
In addition, the User has a right of access to whether personal data have been transferred to a third country or to an international organization;
If a User wishes to exercise this right of access, he or she may at any time contact an employee of the controller.
Each User whose personal data is processed shall have the right granted by the European directives and regulations to request the immediate correction of inaccurate personal data concerning them. Furthermore, taking into account the purposes of the processing, a User has the right to request that incomplete personal data be completed, including by means of a supplementary declaration. If a User wishes to exercise this right to rectification, he or she may at any time contact an employee of the controller.
If a user wishes to exercise this right to rectification, he or she may at any time contact an employee of the controller.
Each User whose personal data is processed shall have the right granted by the European legislator to obtain from the data controller the deletion of personal data concerning them without undue delay, and the data controller shall have the obligation to delete this personal data without undue delay where one of the following grounds applies and so long as processing is not necessary:
If one of the above-mentioned conditions apply and a User wishes to request the deletion of personal data stored by Mirko Fichtner (operator of YesTicket), he or she may at any time contact an employee of the controller. The employee of Mirko Fichtner (operator of YesTicket) will arrange for the deletion request to be met immediately.
If the personal data were made public by Mirko Fichtner (operator of YesTicket) and our company is obliged to delete the personal data in accordance with Article 17 Paragraph 1 GDPR, Mirko Fichtner (operator of YesTicket) will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, in order to inform other data controllers, who process the published personal data that the User has requested from these other data controllers the deletion of all links to such personal data or copies or replicas of such personal data, unless the processing is necessary. The employee of Mirko Fichtner (operator of YesTicket) will arrange the necessary measures in individual cases.
Any person concerned by the processing of personal data shall have the right granted by the European legislator to require the controller to restrict the processing if one of the following conditions is met:
If one of the above-mentioned conditions apply and a User requests the restriction of personal data stored by Mirko Fichtner (operator of YesTicket), he or she may at any time contact an employee of the controller. The employee of Mirko Fichtner (operator of YesTicket) will arrange the restriction of the processing.
Every person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to receive the personal data relating to them, which have been made available to a responsible party by the person concerned, in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that the processing is based on the consent in accordance with Article 6 Paragraph 1 Letter a GDPR or Article 9 Paragraph 2 Letter a GDPR, or on a contract according to Article 6 Paragraph 1 Letter b GDPR, and the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task that is in the public interest, or takes place in the exercise of public authority, which has been assigned to the person responsible.
Furthermore, when exercising their right to data portability in accordance with Article 20 Paragraph 1 GDPR, the person concerned has the right to have the personal data transmitted directly from one person responsible to another, insofar as this is technically feasible and if this does not affect the rights and freedoms of other persons.
To assert the right to data portability, the person concerned can contact an employee of Mirko Fichtner (operator of YesTicket) at any time.
Every person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to object at any time to the processing of personal data relating to them which is based on Article 6 Paragraph 1 Letter e or f GDPR takes place to object. This also applies to profiling based on these provisions.
Mirko Fichtner (operator of YesTicket) no longer processes the personal data in the event of an objection, unless we can prove compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defense legal claims.
If Mirko Fichtner (operator of YesTicket) processes personal data in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is related to such direct mail. If the data subject objects to Mirko Fichtner (operator of YesTicket) processing for direct marketing purposes, Mirko Fichtner (operator of YesTicket) will no longer process the personal data for these purposes.
In addition, the data subject has the right, for reasons that arise from their particular situation, to object to the processing of personal data concerning them that is carried out by Mirko Fichtner (operator of YesTicket) for scientific or historical research purposes or for statistical purposes in accordance with Article 89 Paragraph 1 GDPR, unless such processing is necessary to fulfill a task in the public interest.
To exercise the right to object, the data subject can contact any Mirko Fichtner (operator of YesTicket) directly. The data subject is also free, in connection with the use of information society services, regardless of Directive 2002/58/EC, to exercise their right of objection by means of automated procedures in which technical specifications are used.
Every person affected by the processing of personal data has the right granted by the European legislator of directives and regulations not to be subjected to a decision based solely on automated processing - including profiling - which has a legal effect on them or significantly affects them in a similar manner, if the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the person responsible, or (2) is permissible on the basis of Union or Member State legislation to which the person responsible is subject and these legislation take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject or (3) is made with the express consent of the data subject.
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the data controller, or (2) it is made with the data subject's explicit consent, Mirko Fichtner (operator of YesTicket) will take appropriate measures to safeguard the rights and to safeguard freedoms and the legitimate interests of the data subject, including at least the right to obtain intervention by a person on the part of the person responsible, to express their own position and to contest the decision
If the data subject wishes to assert rights with regard to automated decisions, they can contact an employee of the controller at any time.
Every person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to revoke consent to the processing of personal data at any time.
If the person concerned wishes to assert their right to withdraw consent, they can contact an employee of the person responsible for processing at any time.
The person responsible for processing has integrated a link to Facebook on this website. This link takes users to Facebook.
Facebook is a social network. A social network is a social meeting place operated on the Internet, an online community that usually enables users to communicate with one another and interact in virtual space. A social network can serve as a platform for exchanging opinions and experiences, or it enables the Internet community to provide personal or company-related information. Among other things, Facebook enables users of the social network to create private profiles, upload photos and network via friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the person responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.
The person responsible for processing has integrated components from PayPal on this website. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a User does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.
If the person concerned selects “PayPal” as the payment option in our online shop during the ordering process, the data of the person concerned will be automatically transmitted to PayPal. By selecting this payment option, the person concerned consents to the transfer of personal data required for payment processing.
The personal data transmitted to PayPal are usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data that are necessary for payment processing. Personal data related to the respective order is also required to process the purchase contract.
The purpose of transmitting the data is to process payments and prevent fraud. The person responsible for processing will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and the person responsible for processing may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check your identity and creditworthiness.
PayPal may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary to fulfill the contractual obligations or the data is to be processed on behalf of.
The data subject has the option of revoking their consent to the handling of personal data at any time vis-à-vis PayPal. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.
PayPal current data protection regulations can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
The controller has integrated Stripe components into this website. Stripe is an online payment service provider. If a user chooses a payment method from the payment service provider Stripe (Apple Pay, Google Pay, credit card and SEPA direct debit), payment is processed via the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we forward, in the course of the ordering process, together with the information about the order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Article 6 Paragraph 1 Letter b GDPR. Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent that it is necessary for this. You can find more information about Stripe's data protection at the URL https://stripe.com/de/privacy#translation.
Stripe may pass on a User's personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary to fulfill contractual obligations or to process the data in the order.
The user has the opportunity to withdraw consent to the handling of personal data by Stripe at any time. Withdrawal of consent does not affect personal data, which must mandatorily be processed, used or transmitted for (contractual) payment processing. Withdrawal of consent does not affect personal data, which must mandatorily be processed, used or transmitted for (contractual) payment processing.
Stripe's current data protection regulations can be found at https://www.Stripe.com/de/webapps/mpp/ua/privacy-full.
The person responsible for processing has integrated components from Mailgun on this website. Mailgun is a dispatch service for emails (for example, ticket orders). The website uses the email service of Mailgun Technologies, Inc, San Francisco to send and analyze emails. For this purpose, our service connects to the server of Mailgun Technologies, Inc. Mailgun is used in the interest of uniform and secure communication with our customers - this represents a legitimate interest within the meaning of Art. 6 Paragraph 1 Letter f GDPR. The email platform is operated by a US provider: Mailgun Technologies, Inc., 535 Mission St., San Francisco, CA 94105. The provider is certified as Privacy Shield (https://www. privacyshield.gov/participant?id=a2zt0000000PCbmAAG&status=Active), which guarantees compliance with the EU GDPR and all other data protection laws or provisions of a data protection nature applicable in the member states of the EU. Users can find further information on data processing by the provider at https://www.mailgun.com/privacy-policy.
Article 6 Paragraph 1 Letter a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfill a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Article 6 Paragraph 1 Letter b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfill tax obligations, the processing is based on Article 6 Paragraph 1 Letter c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were injured and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Article 6 Paragraph 1 Letter d GDPR are based. Ultimately, processing operations could be based on Article 6 Paragraph1 Letter f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are particularly permitted to carry out such processing operations because they have been specifically mentioned by the European legislator. In this respect, he took the view that a legitimate interest could be assumed if the person concerned is a customer of the person responsible (Article 47 Paragraph 2 GDPR).
If the processing of personal data is based on Article 6 Paragraph 1 Letter f GDPR, it is our legitimate interest in conducting our business for the benefit of the well-being of all our employees and our shareholders.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline has expired, the relevant data is routinely deleted, provided that it is no longer required for contract fulfillment or contract initiation.
We explain to you that the provision of personal data is partly required by law (for example, tax regulations), or can also result from contractual regulations (for example, information on the contractual partner). In order to conclude a contract, it may sometimes be necessary for a data subject to provide us with personal data that we subsequently have to process. For example, the person concerned is obliged to provide us with personal data when our company concludes a contract with such data. Failure to provide personal data would mean that the contract could not be concluded with the person concerned. Before the person concerned provides personal data, the person concerned must contact one of our employees. Our employee explains to the person concerned on a case-by-case basis whether the provision of the personal data is required by law, or a contract, or it is necessary to conclude the contract, whether there is an obligation to provide the personal data and which consequences the failure to provide the personal data would have.
As a responsible company, we do not use automatic decision-making or profiling.
This data protection declaration was created by the data protection declaration generator of the DGD Deutsche Gesellschaft für Datenschutz GmbH, which works as an external data protection officer in Nuremberg (https://dg-datenschutz.de/datenschutz-dienstleistungen/externer-datenschutzbeauftragter/), in cooperation with Christian Solmecke, lawyer for IT, and data protection law (https://www.wbs-law.de/anwalt/christian-solmecke/). *The German version is legally binding and this translation should only be used for reference.