PRIVACY POLICY
(in the version dated March 2023)
We take the protection of your personal data very seriously. We therefore treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. We must point out that data transmission on the internet may have gaps in security. Complete protection of data from third party access is not possible.
For the definitions of the terms "personal data", "data subject" and "processing", we refer you to the privacy policy on our website www.mahnmal-st.nikolai.de.
I. NAME AND CONTACT OF DATA CONTROLLER
This privacy policy applies to all data processing by:
Förderkreis Mahnmal St. Nikolai e.V.
Willy-Brandt-Straße 60 20457 Hamburg
Telefon: 040 / 468 98 040
E-Mail: info@mahnmal-st-nikolai.de
Legally represented by: Dr. Martin Vetter
Register of associations No 11678 at the Amtsgericht (Local Court of) Hamburg
II. DATA PROCESSING
Below you will find information on whether and, if so, which personal data we process in the course of your use of our online ticket shop, which can be accessed at
www.mahnmal-st-nikolai.ticketfritz.de.
1. Data processing when calling up the website www.mahnmal-st-nikolai.ticketfritz.de
When you access our ticket shop via the website www.mahnmal-st-nikolai.ticketfritz.de, information is automatically sent to our website server by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:
- IP address of the requesting computer,
- Date and time of access, time zone difference to GMT
- Name and URL of the file accessed,
- Browser used (version) and the name of your access provider.
The aforementioned data is processed by us for the following purposes:
- Ensuring a smooth connection setup of the website,
- Ensuring a comfortable use of our website,
- Evaluating system security and stability
- Tracing of unauthorised or illegal access.
The legal basis for data processing is Art. 6 (1) sentence 1 f) GDPR. Our legitimate interest results from the data collection purposes listed above. In this connection, we will not use the data collected for the purposes of drawing conclusions about you.
2. Registration
You have the option of registering in our shop and setting up a customer account in your name.
To do this, please click on the "register" field. You will then have the opportunity to enter your e-mail address and a password of your choice with repetition. After you have clicked on "register", your customer account is set up. You now have the option of entering your first and last name and your address data in an input mask under "Manage account" under "General". Under the heading "Address data" you can enter a different billing and/or delivery address, if applicable. We would like to point out that in the event of transmission via download or Print@home, a separate delivery address stored in the profile cannot be selected. This data will be transmitted to us and stored by us.
You can log into your customer account at any time by entering your e-mail address and password. You can change the billing or delivery address there at any time.
You can view your orders in the order history.
Only you have access to the customer account by entering your e-mail address and the password of your choice. This password is only stored by the system with the so-called salted hash value generated in each case (encryption of your password to which a randomly generated value is appended). The original password cannot be recovered from this hash value. If you have forgotten your password, you can recover it using the "Forgotten password" function.
In addition to the above-mentioned data, we also store the following data for each login or logout:
- Date and time of login
The processing of your personal data within the scope of the registration and use of your customer account is carried out for the purpose of enabling the simplified login to our ticket shop requested by you as well as the use of the viewing of the order history only possible within the scope of the customer account. The legal basis for the data processing is therefore Art. 6 para. 1 sentence 1 lit. b GDPR.
The data is processed for the purpose of using your customer account to carry out orders. The legal basis for the data processing is therefore Art. 6 para. 1 sentence 1 lit. b GDPR.
3. Orders via our website
You can either place orders via our website using your customer account (see above) or via guest access, i.e. without registering. If you place an order via our website, we collect the following data in any case:
- E-mail address,
- the content of your order (number and type of tickets, delivery method, price);
- your first and last name
- your chosen method of payment and the correspondingly necessary payment data.
This data is collected
- for the processing of your order
- for invoicing purposes.
Our data processing of the disclosures you have entered is done as per Art. 6 para. 1 sentence 1 lit. b GDPR on the basis of fulfilling your order.
4. Payment via PayPal
'We offer visitors to our website the option of paying via PayPal. By pressing the button "order with costs", a connection to the payment service provider PayPal is established and your IP address is transmitted.
PayPal then collects the payment information you entered to process the payment. Payment is subject to PayPal's terms and conditions and privacy policy, which are available on the respective websites, transaction applications or alternatively here directly at (https://www.paypal.com/de/webapps/mpp/ua/privacy-full). For the assertion of rights against PayPal, we refer you to the PayPal data protection declaration under the aforementioned link.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.If the person concerned selects "PayPal" as the payment option, the data of the person concerned is automatically transferred to PayPal.
The data processed by PayPal includes inventory data such as name and address, bank details such as account or credit card numbers, passwords, TANs and checksums, as well as the donation amount and recipient details. The information is required to complete the transactions. However, the data entered will only be processed and stored by PayPal.This means that we do not receive any account- or credit card-related information, but only information with confirmation of payment. Under certain circumstances, the data may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to PayPal's terms and conditions and privacy policy.
We use PayPal as an external payment service provider on the basis of our legitimate interests pursuant to Art. 6 (1) sentence a f) GDPR in order to offer our customers another effective and secure means of payment.
5. Newsletter - registration, dispatch, revocation options, blacklist
You have the option of registering for our newsletter before completing your order. By ticking the box provided for this purpose, you give us your consent to use your e-mail address for sending the newsletter. We first use the e-mail address you have already entered as part of the order to check that you are the owner the e-mail address provided and that you actually agree to receive the newsletter. You confirm this via a link in our corresponding e-mail to you. You will then be added to our newsletter distribution list and will receive our regular newsletter.
We use CleverReach for the newsletter dispatch, a service of CleverReach GmbH & Co. KG, //CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany. The e-mail address you provide for the purpose of newsletter registration is stored on CleverReach's servers in Germany or Ireland.
Our newsletters sent with CleverReach enable us to analyse the behaviour of the newsletter recipients. Among other things, we can analyse how many recipients have opened the newsletter and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analysed whether a predefined action (e.g. purchase of a product on this website) has taken place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletters can be found at:
https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
By subscribing to the newsletter, you also consent to us measuring your click and opening behaviour in order to provide you with an optimal offer from our newsletter mailing service.
'The processing of your e-mail address for the above-mentioned purposes is based exclusively on your consent and is therefore justified in accordance with Art. 6 Para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time. If you do not want CleverReach to analyse your data, you must also unsubscribe from the newsletter. We provide a corresponding link in each newsletter for the revocation or unsubscription of the newsletter.
Please note that the legality of the data processing operations already carried out remains unaffected by the revocation. If we have processed/stored your e-mail address for other purposes, in particular for the execution of orders, this also remains unaffected by the revocation.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you have unsubscribed from the newsletter. We may store your e-mail address in a blacklist in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters. Due to this legitimate interest, the processing is justified according to Art. 6 para. 1 sentence 1 lit. f GDPR. The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
6. Cookies
We use so-called session cookies on our site. Through this, we automatically receive certain data such as your IP address, the browser used, your connection to the Internet. The cookies enable an optimal presentation and use of our website. Under no circumstances do we gain direct knowledge of your identity by means of these cookies. The cookies are also automatically deleted after you leave our site.
The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests in the user-friendly presentation of our website in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created.
However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.
7. Analysis tools/Tracking tools
We do not use any tools that analyse and/or track your user behaviour.
8. No Social Media Plug-Ins
We do not use social plug-ins from social networks on our website. You can reach our online presences on Facebook, Twitter and Instagram during visits to our website via the respective buttons installed there. These buttons are set up as links so that only when activating the respective link will your data be forwarded to the operators of these networks.
III. TRANSFERRING DATA
Please find below information to whom we pass on your personal data and on what legal basis.
1. Authorisation for transferral
We will only transmit your personal data to third parties if:
- this is legally permissible and required as per Art. 6 para. 1 sentence 1 lit. b GDPR to execute contractual relationships with you,
- there is a legal obligation for the transfer as per Art. 6 para. 1 sentence 1 lit. c GDPR and/or
- the transfer is required asper Art. 6 para. 1 sentence 1 lit. f GDPR to assert, exercise or defend against legal claims and there is no reason to assume that you have an interest requiring protection in the non-transfer of your data that outweighs this.
We will only transfer your personal data for other purposes if you have given your explicit consent, Art. 6 para. 1 sentence 1 lit. a) GDPR.
In cases in which your personal data is forwarded to third parties, the scope of the data transmitted will, however, be kept to the necessary minimum.
2. Recipients, in general
We will primarily transfer your personal data to third parties that are service partners involved in executing contracts, such as service providers, or, if applicable, parcel service providers commissioned with the delivery. In addition, we transfer your data to our tax advisor and the relevant authorities (in particular the tax authorities). Furthermore, the transfer of your data to the following third parties comes into consideration within the framework of the legally permissible transfer: order processors to whom we transfer personal data in order to carry out the business relationship with you or to whom we allow access to your data stored by us. In detail: Support/maintenance of IT applications; archiving; data destruction; recovery.
3. Transfer to payment service provider
You have the option of using different means of payment for your purchase with us.
The data we collect from you depends on which of the offered payment methods you have chosen. We do not store any information about your bank account that you may have to enter. We transmit the aforementioned data as well as the date of your order and the amount to be paid to one of the service providers mentioned below. We then receive confirmation of the payment or negative
information from the payment service providers. We do not receive any other account or credit card-related information from the payment service providers.
The processing by the payment service providers is their sole responsibility. We point out that it is possible that they transmit the data to credit agencies for the purpose of checking identity and creditworthiness. We have no influence on the further processing. Therefore, please be sure to observe the respective privacy policy of the individual service providers.
3.1. VISA, MASTERCARD, giropay
If you have chosen to pay by credit card VISA or Mastercard or by giropay, the data to be entered as part of the payment will be passed on to our service provider, First Cash Solution GmbH, Okenstr. 7, 77652 Offenburg, Germany. You can find the privacy policy of First Cash Solution GmbH here: https://www.firstcashsolution.de/service/datenschutz.html
3.2. SOFORTÜBERWEISUNG
If you have chosen to pay by Sofort Überweisung, the data to be entered as part of the payment will be passed to Sofort GmbH - A Klarna Group Company, Theresienhöhe 12, 80339 München, Germany. Before the payment is made Sofort GmbH will carry out an identity check to ensure that the payment is not made by a third party. In this case, before the actual transfer, your name will be compared with the name stored within your online banking system. If the comparison is positive, the instant transfer will be initiated. We have no influence on this verification process. We only receive the result of the check. You can find the privacy policy of Sofort GmbH/Klarna Group Company, here:
https://www.klarna.com/pay-now/privacy-policy/
3.3. AMERICAN EXPRESS
If you have chosen to pay by American Express, the data to be entered as part of the payment will be passed to American Express Payments Europe, S.L. (Germany branch), Theodor-Heuss-Allee 112, 60486 Frankfurt am Main. Please find the privacy policy of American Axpress Payments Europe, S.L. here:
https://www.americanexpress.com/de/content/privacy-policy-statement.html.
3.4. PayPal
Information on the transfer of your personal data when using PayPal can be found above under II.4.
3.5 Legal Basis
The legal basis for the transfer of your data to the payment service providers or storing the respective feedback is Art. 6 para. 1 sentence 1 lit. b GDPR, as the processing of the data is necessary for the execution of the contract (in particular payment by means of the payment method selected by you).
IV. STORAGE PERIOD/DELETION PERIODS
The data will be deleted - subject to the assertion of the data subject rights listed below under V. - as soon as they are no longer required for the purpose of their processing. Unless already explained above in relation to the individual points, the following applies in detail:
1. Visit of our website
If you visit our website without registering or placing an order, the corresponding log file will be deleted within 24 hours after the end of the browser session, i.e. after closing your browser.
2. Registration
If you register as a customer, we store the data you enter in your customer account for an indefinite period of time. The data will be deleted when you delete your customer account, otherwise at the latest when we discontinue the Ticket Shop.
3. Order
If you place an order via our shop, the e-mail address you provide and the content of your order will be stored until your order has been processed in full and, on the basis of Article 6 Paragraph 1 Sentence 1 lit. c GDPR, beyond this if we are obliged to store the data for a longer period (up to 11 years) due to tax and commercial law retention and documentation obligations (such as German Commercial Code, German Criminal Code, German Fiscal Code) or other legal obligations.
V. DATA SUBJECT RIGHTS - RIGHT OF COMPLAINT - RIGHT OF REVOCATION - RIGHT OF OBJECTION
As a data subject, you have the following rights.
1. Right to information, correction, deletion, restriction, data portability
You have the right:
• as per Art. 15 GDPR to demand to be informed free of charge about your personal data that we process. In particular, you can demand to be informed about the purposes of processing, the category of personal data, the categories of recipients that disclosures of your data are or were made to, the planned storage period, the right to rectification, erasure, restriction of processing or objection, the right to complain, the origin of your data if we did not collect this and any automatic decision-making including profiling and, if necessary meaningful information about the details of these;
• as per Art. 16 GDPR to demand the rectification of incorrect data or completion of your personal data that we store;
• as per Art. 17 GDPR to demand the erasure of your personal data that we store if the processing is not required to exercise the right of freedom of speech and information, to meet a legal obligation, for reasons of public interest or to assert, exercise or defend against legal claims;
• as per Art. 18 GDPR to demand the restriction of processing of your personal data if you dispute the accuracy of the data, processing is illegal, but you reject erasure and we no longer require the data, however, you require this to assert, exercise or defend against legal claims or as per Art. 21 GDPR you have objected to processing;
• as per Art. 20 GDPR to demand receipt of your personal data that you have provided to us in a structured, common and machine-readable format or transmission to another controller;
2. Right of complaint
If you are of the opinion that the processing of your personal data by us is unlawful, you have the right to complain to the supervisory authority responsible for us in accordance with Art. 77 GDPR. In principle, the supervisory authority of your usual place of residence or workplace or our company headquarters is responsible for your complaint.
3. Right of revocation and right of objection
You also have the following rights:
3.1. Right of revocation
You have the right to revoke any consent you have given in accordance with Art. 7 Para. 3 GDPR with effect for the future.
3.2. Right of objection
Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation.
Please note that the objection only takes effect for the future. Processing that took place before the objection is not affected.
4. Assertion of your rights
If you would like to make use of your above-mentioned rights, it is sufficient to send an e-mail to:
info@mahnmal-st-nikolai.de or a written communication to us by post.
VI. DATA SECURITY
As part of your visit to the website we use the common SSL procedure (Secure Socket Layer) in combination with the respectively highest level of encryption that is supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead.
You can recognise an encrypted connection in that the address line of the browser will change from “http://” to “https://” and from the lock symbol in your browser line. When SSL encryption is activated, the data you transmit to us cannot be read by third parties.
Otherwise, we use suitable technical and organisational security measures to protect your data against accidental or deliberate manipulations, partial or complete loss, destruction or against unauthorised third-party access. Our security measures will be continuously improved in accordance with technological development
