Privacy policy

Pelham's Toonerville Music Festival

Toonerville Music Festivl Privacy Policy

Protecting your private information is our priority. This Statement of Privacy applies to http://toonerville.org, and Pelham's Toonerville Music Festival and governs data collection and usage. For the purposes of this Privacy Policy, unless otherwise noted, all references to Pelham's Toonerville Music Festival include http://toonerville.org, Toonerville.Org, Toonerville and https://vivenu.com/seller/friends-of-pelham-civic-association-qg73. The Toonerville.Org website is a Music Festival Ticketing site. By using the Toonerville.Org website, you consent to the data practices described in this statement.

Collection of your Personal Information

In order to better provide you with products and services offered, Toonerville.Org may collect personally identifiable information, such as your:

- First and Last Name

- Mailing Address

- E-mail Address

- Phone Number

If you purchase Toonerville.Org's products and services, we collect billing and credit card information. This information is used to complete the purchase transaction.

We do not collect any personal information about you unless you voluntarily provide it to us. However, you may be required to provide certain personal information to us when you elect to use certain products or services. These may include: (a) registering for an account; (b) entering a sweepstakes or contest sponsored by us or one of our partners; (c) signing up for special offers from selected third parties; (d) sending us an email message; (e) submitting your credit card or other payment information when ordering and purchasing products and services. To wit, we will use your information for, but not limited to, communicating with you in relation to services and/or products you have requested from us. We also may gather additional personal or non-personal information in the future.

Use of your Personal Information

Toonerville.Org collects and uses your personal information to operate and deliver the services you have requested.

Toonerville.Org may also use your personally identifiable information to inform you of other products or services available from Toonerville.Org and its affiliates.

Sharing Information with Third Parties

Toonerville.Org does not sell, rent or lease its customer lists to third parties.

Toonerville.Org may share data with trusted partners to help perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are

This is a RocketLawyer.com document.

prohibited from using your personal information except to provide these services to Toonerville.Org, and they are required to maintain the confidentiality of your information.

Toonerville.Org may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Toonerville.Org or the site; (b) protect and defend the rights or property of Toonerville.Org; and/or (c) act under exigent circumstances to protect the personal safety of users of Toonerville.Org, or the public.

Automatically Collected Information

Information about your computer hardware and software may be automatically collected by Toonerville.Org. This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the Toonerville.Org website.

Use of Cookies

The Toonerville.Org website may use "cookies" to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize Toonerville.Org pages, or register with Toonerville.Org site or services, a cookie helps Toonerville.Org to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same Toonerville.Org website, the information you previously provided can be retrieved, so you can easily use the Toonerville.Org features that you customized.

You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Toonerville.Org services or websites you visit.

Links

This website contains links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.

Security of your Personal Information

Toonerville.Org secures your personal information from unauthorized access, use, or disclosure. Toonerville.Org uses the following methods for this purpose:

This is a RocketLawyer.com document.

- SSL Protocol

- To increase security, Vivenu, our ticketing partner utilizes a web service from

CloudFlare Inc., 101 Townsend St, 94107 San Francisco (hereinafter: CloudFlare) is reloaded on our website. In this context, your browser may transmit personal data to CloudFlare. The legal basis for data processing is Article 6 (1) (f) GDPR. The legitimate interest consists in the correct functioning of the website.

When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Sockets Layer (SSL) protocol.

We strive to take appropriate security measures to protect against unauthorized access to or alteration of your personal information. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) security, integrity, and privacy of any and all information and data exchanged between you and us through this Site cannot be guaranteed.

Right to Deletion

Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:

• Delete your personal information from our records; and

• Direct any service providers to delete your personal information from their records.

Please note that we may not be able to comply with requests to delete your personal information if it is necessary to:

• Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;

• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;

• Debug to identify and repair errors that impair existing intended functionality;

• Exercise free speech, ensure the right of another consumer to exercise his or her right

of free speech, or exercise another right provided for by law;

• Comply with the California Electronic Communications Privacy Act;

• Engage in public or peer-reviewed scientific, historical, or statistical research in the

public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;

• Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;

• Comply with an existing legal obligation; or

This is a RocketLawyer.com document.

• Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Children Under Thirteen

Toonerville.Org does not knowingly collect personally identifiable information from children under the age of thirteen. If you are under the age of thirteen, you must ask your parent or guardian for permission to use this website.

E-mail Communications

From time to time, Toonerville.Org may contact you via email for the purpose of providing announcements, promotional offers, alerts, confirmations, surveys, and/or other general communication.

If you would like to stop receiving marketing or promotional communications via email from Toonerville.Org, you may opt out of such communications by Replying STOP.

External Data Storage Sites

We may store your data on servers provided by third party hosting vendors with whom we have contracted.

Changes to this Statement

Toonerville.Org reserves the right to change this Privacy Policy from time to time. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your account, by placing a prominent notice on our website, and/or by updating any privacy information. Your continued use of the website and/or Services available after such modifications will constitute your: (a) acknowledgment of the modified Privacy Policy; and (b) agreement to abide and be bound by that Policy.

Contact Information

Toonerville.Org welcomes your questions or comments regarding this Statement of Privacy. If you believe that Toonerville.Org has not adhered to this Statement, please contact Toonerville.Org at:

Pelham's Toonerville Music Festival 105 Wolf's Lane

Pelham, New York 10803

Email Address: [email protected]

Telephone number: 914-855-1600

Effective as of July 27, 2021

.Data protection of the company vivenu

Thank you for your interest in our company. Data protection is of a particularly high priority for the management of vivenu GmbH. It is generally possible to use the vivenu GmbH website without providing any personal data. However, if a data subject wishes to use our company's special services via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the person concerned.

The processing of personal data, for example the name, address, email address or telephone number of a person concerned, is always carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to vivenu GmbH. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed about their rights by means of this data protection declaration.

As the controller, vivenu GmbH has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us in alternative ways, for example by telephone.

Our data protection at a glance

What do we do with your data? Our data protection answers quickly. You can find detailed information on the subject of data protection in the data protection declaration listed under these FAQs on data protection.

What is personal data actually?

Personal data is all information that relates to an identified or identifiable natural person (hereinafter "data subject"). A natural person is regarded as identifiable who, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or vivenu.com, has one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.

Who is responsible for the data processing on this website?

The website operator is responsible for the data processing on this website. This is marked as such in the imprint of this website. The contact details of the website operator can also be found in the imprint of this website.

How is your data recorded?

Automatic and form-independent. This is data that is recorded by our IT systems when you visit the website. In particular, this involves automatically recorded technical data such as the Internet browser, the operating system or the time of the page view, which is recorded as soon as you enter our website.

Form-dependent. This is data that you share with us. This can, for example, be data that you enter in a contact form or during an order process.

What do we do with your data?

We collect your data for various reasons of use. We collect a large part of the personal data in order to guarantee the error-free provision of our website and services. We also collect data to analyze user behavior.

You have rights with regard to your data. Which?

In principle, you have the right to receive information about your data free of charge at any time. This concerns the origin of the data, the recipients and the purpose of the stored personal data. You also have the right to have your data confirmed, blocked, deleted (right to be forgotten) and corrected. You can contact us at any time on the subject of data protection at [email protected] and the addresses given in the legal notice. You also have the right to lodge a complaint with the competent supervisory authority.

Do we analyze your surfing behavior?

Your surfing behavior can be statistically evaluated when you visit our website. We use so-called cookies and analysis programs for this. Cookies contain a so-called cookie ID. This is a unique identifier for the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific Internet browser in which the cookie was saved. Using a cookie, the information and offers on our website can be optimized in the interests of the user. Cookies enable us to recognize the users of our website. As a rule, your surfing behavior is analyzed anonymously and surfing behavior cannot be traced back to you. You have the right to object to this analysis or to prevent it by not using certain tools. You will be informed about the possibilities of objection in this data protection declaration.

Can you revoke your consent to data processing?

Some of the data processing operations of vivenu GmbH are only possible with your express consent. Consent that has already been given can be revoked at any time. An informal message by email to [email protected] is sufficient. The legality of the data processing carried out up to the time of the revocation remains unaffected by the revocation.

Do you have the opportunity to complain to a competent authority?

You have the right to lodge a complaint with the competent supervisory authority in the event of data protection violations. The responsible supervisory authority is the state data protection officer of the federal state in which our company is based. You can find a list of data protection officers and their contact details under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Is your data encrypted? And if so, how?

In order to secure your sensitive data so that third parties cannot read it, we encrypt our connections. This is particularly important when transmitting confidential data, such as orders or inquiries that you send to us as the website operator. We use SSL or TLS encryption for this. You can recognize encrypted connections by the fact that the start of the address line of your browser changes from "http: //" to "https: //" and a symbol with a lock appears in your browser line.

What is the right to data portability?

We process data on the basis of your consent or automatically in fulfillment of a contract. You have the right to have this data handed over to you or to a third party in a common, machine-readable format. A direct transfer of the data to another responsible person only takes place if this is technically feasible.

Can I get information about my data or have it blocked, deleted or changed?

You have the right to receive information about your personal data and data stored by us at any time. This information is free of charge and includes the origin of the data, the recipient and the purpose of the personal data stored. If necessary, there is also a right to correct, block and delete the data.

Data protection

1. Definitions

The privacy policy of vivenu GmbH is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

We use the following terms in this data protection declaration:

a) personal data

Personal data is all information that relates to an identified or identifiable natural person (hereinafter "data subject"). A natural person is regarded as identifiable who, directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier or to one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.

b) data subject

The data subject is any identified or identifiable natural person whose personal data is processed by the person responsible for processing.

c) Processing

Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or change, reading, querying, use, Disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

d) Restriction of processing

The restriction of processing is the marking of stored personal data with the aim of their future to restrict work.

e) Profiling

Profiling is any type of automated processing of personal data, which consists in the fact that this personal data is used to identify certain personal aspects that relate to a natural

Relate and evaluate a person, in particular in order to analyze or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or relocation of this natural person.

f) pseudonymization

Pseudonymization is the processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.

g) Controller or controller

The person responsible or the person responsible for the processing is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the member states, the person responsible or the specific criteria for his appointment can be provided for in accordance with Union law or the law of the member states.

h) Processors

Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.

i) Recipient

Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation under Union law or the law of the member states are not considered recipients.

j) third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor.

k) Consent

Consent is any declaration of intent voluntarily given by the data subject in an informed manner and unequivocally in the form of a declaration or other unequivocal affirmative action with which the data subject indicates that they consent to the processing of their personal data is.

2. Name and address of the person responsible for processing

The person responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:

vivenu GmbH

Speditionstrasse 13

40221 Düsseldorf

Germany

Tel .: +49 211 90227276

Email: info [at /] vivenu.com

Website: www.vivenu.com

3. Cookies

The Internet pages of vivenu GmbH use cookies. Cookies are text files that are stored and stored on a computer system via an internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a sequence of characters through which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the person concerned from other Internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.

Through the use of cookies, the vivenu GmbH can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

To carry out an electronic communication process or to provide certain functions such as the shopping cart function (the online shop uses a cookie to remember the items that a customer has placed in the virtual shopping cart), cookies are stored on the basis of Art. 6 Para. 1 lit.f GDPR saved. Using a cookie, the information and offers on our website can be optimized in the interests of the user. As already mentioned, cookies enable us to use our website to recognize. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter their access data every time they visit the website, because this is done by the website and the cookie stored on the user's computer system.

The person concerned can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common internet browsers. If the person concerned deactivates the setting of cookies in the internet browser used, not all functions of our website may be fully usable.

4. Collection of general data and information

The basis for data processing at vivenu is Article 6 (1) (f) GDPR, which allows the processing of data for the fulfillment of a contract or pre-contractual measures.

The website of vivenu GmbH collects a series of general data and information each time the website is accessed by a data subject or an automated system. These general data and information are stored in the server's log files. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website can be controlled, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet

Service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems. These general data and information are stored in the server's log files and may be stored in a database for statistical analysis.

When using this general data and information, the vivenu GmbH does not draw any conclusions about the person concerned. Rather, this information is required to (1) correctly deliver the content of our website, (2) optimize the content of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website and ( 4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. This anonymously collected data and information is therefore statistically and further evaluated by vivenu GmbH with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.

Use of Cloudflare

To increase security and optimize loading times, a web service from CloudFlare Inc., 101 Townsend St, 94107 San Francisco (hereinafter: CloudFlare) is reloaded on our website. In this context, your browser may transmit personal data to CloudFlare. The legal basis for data processing is Article 6 (1) (f) GDPR. The legitimate interest consists in the correct functioning of the website. CloudFlare has certified itself under the EU-US Privacy Shield Agreement (see https://www.privacyshield.gov/list). The data will be deleted as soon as the purpose for which it was collected has been fulfilled. Further information on the handling of the transferred data can be found in CloudFlare's data protection declaration: https://www.cloudflare.com/privacypolicy/. You can prevent the collection and processing of your data by CloudFlare by deactivating the execution of script code in your browser or installing a script blocker in your browser (you can find this, for example, at www.noscript.net or www.ghostery. com).

5. Contact options via the website

Due to legal regulations, the website of vivenu GmbH contains information that enables quick electronic contact to our company and direct communication with us, which also includes a general address for so-called electronic mail (e-mail address). If a data subject is sent via email or a contact form (support or salesRequest) contacts the person responsible for processing, the personal data transmitted by the data subject will be automatically saved. Such personal data transmitted on a voluntary basis by a data subject to the person responsible for processing are stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties. Thus, the processing of the data entered in the contact form takes place exclusively on the basis of your consent according to Art. 6 Para. 1 lit. a GDPR. Consent that has already been given can be revoked at any time. An informal message by email to [email protected] is sufficient. The legality of the data processing carried out up to the time of the revocation remains unaffected by the revocation. The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose of data storage no longer applies. Statutory provisions, in particular retention periods, remain unaffected by this.

6. Use of data in the ordering process

vivenu offers you the opportunity to purchase tickets online and possibly other additional services for events from various organizers. Here we broker the purchase contract in the name and on account of the respective organizer and are commissioned by the ticket buyer to process the order. The organizer will forward you to a page set up by us in order to order the tickets and possibly other additional services there. This includes the selection of the corresponding tickets and possibly other additional services, the input of the purchase-related data and the payment of your order. Your data will not be published, but serve to issue you a ticket with the information requested by the organizer, possibly to use the information for the provision of further additional services and to be able to note participation in the event in our database.

In order to be able to carry out your order, we collect, use and use the personal data that you have entered in the order form. Your personal data can then also be made accessible by our employees to the responsible internal offices and specialist departments. We use the data that you provide to us during the ordering process for identification in the event of support. For the fulfillment of the contract with regard to visiting the event, we transmit your purchase-related data to the respective organizer for whose event you have ordered a ticket. The fulfillment of the contract with regard to the visit to the event includes, for example, the entrance control, the postal dispatch of tickets and the billing.

As part of the ordering process, we usually collect at least the following mandatory data from the ticket buyer:

First and Last Name

e-mail address

address

The organizer can make additional data queries (e.g. age, license plate number, vegetarian preferences, etc.). If you have any questions regarding these additional fields, please contact the organizer named in the imprint of the respective shop directly.

The respective organizer also receives anonymized statistics on ticket sales from us for event and marketing planning.

Sending the tickets by email

The tickets and an order overview as well as the answers to support inquiries and invoices about the ticket purchase will be sent to you by email via the US service mailgun. Only your email address is saved on the mailgun servers. The information for sending the tickets, the order overview, the invoices and answering support inquiries are used by mailgun. This is done on our behalf. mailgun can also use this data to optimize its own services. This includes in particular technical improvements and / or economic purposes, e.g. to determine from which countries the recipients come. However, mailgun does not use the purchase-related data to write to you itself or to pass your data on to third parties. mailgun is certified under the US-EU data protection agreement “Privacy Shield” and is committed to complying with EU data protection regulations. We have also concluded a “Data Processing Agreement” with mailgun. This is a contract in which mailgun undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection regulations and, in particular, not to pass it on to third parties. You can view mailgun's data protection provisions here: https://www.mailgun.com/privacy-policy

Payment processing

On our website you have the possibility to initiate a booking process and to order and pay for tickets and possibly other additional services for events of various organizers. For this purpose, your data may be transferred to one of the following payment service providers. Payment can only be made using the online payment method specified in the shop. We do not save payment data. We work together with our partners Stripe and PayPal to process payments.

Data protection provisions for PayPal as a payment method

The person responsible for processing has integrated components from PayPal on this website. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

We do not transmit any personal data to PayPal during the ordering process.

PayPal may pass on personal data that you have stored or entered there to affiliated companies and service providers or subcontractors, insofar as this is necessary to fulfill contractual obligations or the data is to be processed on behalf of.

The data subject has the option of revoking their consent to the handling of personal data from PayPal at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

PayPal's current data protection regulations can be found at https: // www.paypal.com/de/webapps/mpp/ua/privacy-full.

Data protection provisions for payment processing via Adyen:

We work with our partner Adyen BV, Simon Carmiggelstraat 6 - 50, 1011 DJ Amsterdam for the processing of credit card payments, instant transfers and Sepa direct debit payments. When paying by credit card and Sepa direct debit, your credit card details and the data for Sepa direct debit payment are not saved by us, but forwarded directly to the payment service provider. If you pay via Sofort-Überweisung, no payment data will be saved by us. Payment is made via Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden.

To prevent and detect cases of fraud, we will send your email address to our partner Adyen BV, Simon Carmiggelstraat 6 - 50, 1011 DJ Amsterdam. Your email address will be saved by Adyen BV. All data is transmitted in encrypted form. You can revoke your consent at any time with effect for the future using the contact details in the imprint.

Data protection provisions for payment processing via Stripe:

We work with our partner Stripe Payments Europe Ltd, Block 4, Harcourt Center, Harcourt Road, Dublin 2, Ireland for the processing of credit card payments, instant transfers and Sepa direct debit payments. When paying by credit card and Sepa direct debit, your credit card details and the data for Sepa direct debit payment are not saved by us, but forwarded directly to the payment service provider. Information about your order will be passed on to Stripe. This information includes name, address, transaction amount and currency. If you pay via Sofort-Überweisung, no payment data will be saved by us. Payment is made via Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden.

To prevent and detect cases of fraud, we also transmit your email address to our partner Stripe Payments Europe Ltd, Block 4, Harcourt Center, Harcourt Road, Dublin 2, Ireland. Your email address will be saved by Stripe Payments Europe Ltd, Block 4, Harcourt Center, Harcourt Road, Dublin 2, Ireland. All data is transmitted in encrypted form. You can revoke your consent at any time with effect for the future using the contact details in the imprint. Your data will only be passed on for the purpose of processing payments with the payment service provider Stripe Payments Euro Ltd. You can find more information on Stripe's data protection at

https://stripe.com/de/terms

Legal basis for data processing in the ordering process

For the purpose of purchasing tickets or the additional services of the organizer and / ode To contact us, we process data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR on the basis of your voluntarily given consent, in accordance with Art. 6 Para. 1 S. 1 lit.b GDPR for the implementation of pre-contractual measures which takes place at your request, as well as in accordance with Art. 6 Para. 1 S. 1 lit.f GDPR to protect your interests. Our legitimate interest here is the processing of your order or the answering of your request.

7. Routine deletion and blocking of personal data

The person responsible for the processing processes and stores personal data of the data subject only for the period of time that is necessary to achieve the storage purpose or if this is specified by the European directives and regulations or another legislator in laws or regulations, which the person responsible for the processing is subject to, was provided.

If the purpose of storage no longer applies or if a storage period prescribed by the European directives and regulations or another responsible legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

8. Embedded content

Google Maps

This website uses the Google Maps map service via an API. The provider of this product is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

For this it is necessary to save your IP address. This information is usually transmitted to and stored by Google on servers in the United States. The website provider has no influence on this data transfer.

We use Google Maps to present our online offers in an appealing way and to make it easier to find the locations we have specified on the website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit.f GDPR.

Youtube

Our site uses the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA for the integration of videos. YouTube is an Internet video portal that enables video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. We use YouTube in the extended data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. This is how YouTube connects to the Google DoubleClick network regardless of whether you are watching a video. As soon as you start a YouTube video on our website, a connection to the YouTube servers is established. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google gain knowledge of which specific sub-page of our website is visited by the person concerned. If you are logged in to YouTube, this information is also assigned to your user account; this takes place regardless of whether the person concerned clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, they can prevent the transmission by logging out of their YouTube account before visiting our website. We have no knowledge of the possible collection and use of your data by YouTube, nor do we have any influence on it. For more information, see the YouTube privacy policy at www.google.de/intl/de/policies/privacy/. These provide information about the collection, processing and use of personal data by YouTube and Google. In addition, we refer to our general presentation in this data protection declaration for the general handling and deactivation of cookies. The use of YouTube is of great importance for some organizers who advertise their events on our subpages. YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit.f GDPR

9. Statistical data and social media plugins

Data protection provisions on the application and use of Facebook

The person responsible for the processing has integrated components of the company Facebook on this website. Facebook is a social network.

A social network is a social meeting place operated on the Internet, an online community that usually enables users to communicate with one another and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enable the internet community to provide personal or company-related information. Among other things, Facebook enables users of the social network to create private profiles, upload photos and network via friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the person responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

Each time one of the individual pages of this website is called up, which is operated by the person responsible for processing and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the person concerned is automatically activated by the respective Facebook Component causes a representation of the corresponding

Download the Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/? locale = de_DE. As part of this technical process, Facebook receives knowledge of which specific subpage of our website is visited by the person concerned.

If the person concerned is logged into Facebook at the same time, Facebook recognizes with each visit to our website by the person concerned and for the entire duration of their stay on our website, which specific subpage of our website the person concerned is visiting. This information is collected by the Facebook component and assigned to the respective Facebook account of the person concerned by Facebook. If the person concerned activates one of the Facebook buttons integrated on our website, for example the "Like" button, or if the person concerned makes a comment, Facebook assigns this information to the person concerned’s personal Facebook user account and saves this personal data .

Facebook always receives information via the Facebook component that the person concerned has visited our website if the person concerned is logged into Facebook at the same time as accessing our website; this takes place regardless of whether the person concerned clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, they can prevent the transmission by logging out of their Facebook account before calling up our website.

The data guideline published by Facebook, which is available at https: // de- de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect the privacy of the person concerned. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

Data protection provisions on the application and use of Google Analytics (with anonymization function)

The person responsible for processing has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, collection and evaluation of data on the behavior of visitors to Internet pages. A web analysis service collects, among other things, data on the website from which a person concerned came to a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize a website and for a cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

The person responsible for processing uses the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By means of this addition, the IP address of the Internet connection of the person concerned is shortened and anonymized by Google if our Internet pages are accessed from a member state of the European Union or from another signatory to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the profit data and information, among other things, to evaluate the use of our website in order to compile online reports for us that show the activities on our website, and to provide other services related to the use of our website.

Google Analytics places a cookie on the information technology system of the person concerned. What cookies are has already been explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. Each time one of the individual pages of this website is accessed, which is operated by the person responsible for processing and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the person concerned is automatically triggered by the respective Google Analytics component To transmit data to Google for the purpose of online analysis. As part of this technical process, Google gains knowledge of personal data, such as the IP address of the person concerned, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission accounting.

The cookie is used to store personal information, such as the access time, the location from which access was made and the frequency of visits to our website by the person concerned. Each time you visit our website, this personal data, including the IP address of the Internet connection used by the person concerned, is transmitted to Google in the United States of America.

These personal data are stored by Google in the United States of America. Google may pass this personal data collected through the technical process on to third parties.

The person concerned can prevent the setting of cookies by our website, as already shown above, at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, the person concerned has the option of objecting to the collection of the data generated by Google Analytics relating to the use of this website and the processing of this data by Google and to prevent this. To do this, the person concerned must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data or information on visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the information technology system of the person concerned is deleted, formatted or reinstalled at a later point in time, the person concerned must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the person concerned or another person who is attributable to their sphere of influence, there is the option of reinstalling or reactivating the browser add-on.

Further information and the applicable data protection provisions of Google can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/.

Data protection provisions for the application and use of MapBox

As part of your order, we will send your home address stored during the ordering process to the US map and geocoding service Mapbox. The provider of this service is MapBox Inc., 740 15th St NW, Washington, DC 20005, USA.

The information is usually transmitted to a MapBox server in the USA and stored there. MapBox is used for analysis purposes of the respective places of residence of the ticket buyers for marketing optimization on the part of vivenu and the organizer. Only the address is transmitted in order to analyze the places of origin of the ticket buyers with the help of the geocode created by MapBox. This represents a legitimate interest within the meaning of Art. 6 Paragraph 1 lit. f GDPR. You can find more information on handling user data in MapBox's data protection declaration: https://www.mapbox.com/privacy/

10. Rights of the data subject

a) Right to confirmation

Every person concerned has the right granted by the European directive and regulation giver to request confirmation from the person responsible for the processing as to whether personal data concerning them are being processed. If a data subject wishes to exercise this right to confirmation, they can contact an employee of the person responsible for processing at any time.

b) Right to information

Every person affected by the processing of personal data has the right granted by the European directive and regulation giver to receive free information about the personal data stored about him and a copy of this information from the person responsible for processing at any time. Furthermore, the European directives and regulations grant the data subject access to the following information:

the purposes of processing

the categories of personal data that are processed

the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular in the case of recipients in third countries or international organizations

if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration

the existence of a right to correction or deletion of the personal data concerning you or to restriction of processing by the person responsible or a right to object to this processing

The right to lodge a complaint with a supervisory authority if the personal data are not collected from the data subject: All available information on the origin of the data

the existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject

Furthermore, the data subject has the right to information as to whether personal data has been transmitted to a third country or to an international organization. If this is the case, the data subject also has the right to receive information about the appropriate guarantees in connection with the transmission.

If a data subject wishes to make use of this right to information,

You can contact an employee of the person responsible for processing at any time.

c) Right to rectification

Every person affected by the processing of personal data has the right granted by the European directives and regulations to request the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data - including by means of a supplementary declaration.

If a data subject wishes to exercise this right to rectification, they can contact an employee of the person responsible for processing at any time.

d) Right to erasure (right to be forgotten)

Every person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to demand that the person responsible delete the personal data concerning them immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:

The personal data were collected or otherwise processed for purposes for which they are no longer necessary.

The data subject revokes their consent, on which the processing was based in accordance with Art. 6 Paragraph 1 Letter a GDPR or Art. 9 Paragraph 2 Letter a GDPR, and there is no other legal basis for the processing.

The data subject objects to the processing in accordance with Art. 21 Paragraph 1 GDPR, and there are no overriding legitimate reasons for the processing, or the data subject objects in accordance with Art. 21 Paragraph 2 GDPR to the Processing.

The personal data was processed unlawfully. The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject.

The personal data was collected in relation to the information society services offered in accordance with Art. 8 Para. 1 GDPR.

If one of the above reasons applies and a data subject wishes to have personal data stored by vivenu GmbH deleted, she can contact an employee of the person responsible for processing at any time. The employee of vivenu GmbH will arrange for the deletion request to be complied with immediately.

If the personal data has been made public by vivenu GmbH and our company, as the person responsible, is obliged to delete the personal data in accordance with Art. 17 Paragraph 1 GDPR, vivenu GmbH will take appropriate measures, taking into account the available technology and the implementation costs of a technical nature, in order to inform other data processors who process the published personal data that the data subject has requested the deletion of all links to this personal data or of copies or replications of this personal data from these other data processors has requested, insofar as the processing is not necessary. The employee of vivenu GmbH will arrange the necessary in individual cases.

e) Right to restriction of processing

Any person affected by the processing of personal data has the right, granted by the European legislator of directives and regulations, to require the controller to restrict processing if one of the following conditions is met:

The correctness of the personal data is contested by the data subject for a period that enables the person responsible to check the correctness of the personal data.

The processing is unlawful, the person concerned refuses to delete the personal data and instead requests that the use of the personal data be restricted.

The person responsible no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims.

The person concerned has lodged an objection to the processing in accordance with Art. 21 Paragraph 1 GDPR and it has not yet been determined whether the

legitimate reasons of the person responsible outweigh those of the data subject.

If one of the above conditions is met and a person concerned would like to request the restriction of personal data stored at vivenu GmbH, they can contact an employee of the person responsible for processing at any time. The employee of vivenu GmbH will arrange for the processing to be restricted.

f) Right to data portability

Every person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to receive the personal data relating to them, which have been made available to a person responsible by the person concerned, in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that the processing is based on the consent in accordance with Art. 6 Para. 1 Letter a GDPR or Art. 9 Para . 2 letter a DS-GVO or on a contract according to Art. 6 para. 1 letter b DS-GVO and the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task that is in the public interest or takes place in the exercise of public authority, which has been assigned to the person responsible

Furthermore, when exercising their right to data portability in accordance with Art. 20 (1) GDPR, the person concerned has the right to have the personal data transmitted directly from one person responsible to another, insofar as this is technically feasible and if this does not affect the rights and freedoms of other persons.

To assert the right to data portability, the person concerned can contact an employee of vivenu GmbH at any time.

g) Right to object

Every person affected by the processing of personal data has the right granted by the European legislator of directives and regulations, for reasons that arise from their particular situation, at any time against the processing of personal data relating to them that is based on

of Art. 6 Para. 1 Letter e or f DS-GVO takes an objection. This also applies to profiling based on these provisions.

If vivenu GmbH processes personal data in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct advertising. Contradicts the data subject has compared the processing for the vivenu GmbH for direct marketing purposes, the vivenu GmbH will no longer process the personal data for these purposes.

In the event of an objection, vivenu GmbH will no longer process the personal data, unless we can prove compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend of legal claims.

In addition, the data subject has the right, for reasons arising from their particular situation, to object to the processing of personal data concerning them that is carried out by vivenu GmbH for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 DS- GMOs, to object, unless such processing is necessary to fulfill a task in the public interest.

To exercise the right to object, the person concerned can contact any employee of vivenu GmbH or another employee directly. In connection with the use of information society services, irrespective of Directive 2002/58 / EC, the person concerned is also free to exercise their right of objection by means of automated procedures in which technical specifications are used.

h) Automated decisions in individual cases including profiling

Every person affected by the processing of personal data has the right granted by the European legislator of directives and regulations

not to be subjected to a decision based solely on automated processing - including profiling - which has legal effect on it or similarly significantly affects it, unless the decision (1) is for the conclusion or performance of a contract between the data subject and the person responsible is required, or (2) is permissible on the basis of legal provisions of the Union or of the member states to which the person responsible is subject and these legal provisions contain appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject or (3) with express consent of the data subject is given.

If the decision (1) is necessary for the conclusion or fulfillment of a contract between the data subject and the person responsible or (2) it is made with the express consent of the data subject, vivenu GmbH takes appropriate measures to safeguard the rights and freedoms as well as the legitimate To protect the interests of the data subject, including at least the right to obtain intervention by a person on the part of the person responsible, to express one's own point of view and to contest the decision.

If the data subject wishes to assert rights with regard to automated decisions, they can contact an employee of the person responsible for processing at any time.

i) Right to withdraw consent under data protection law

Every person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to revoke their consent to the processing of personal data at any time.

11. Legal basis for processing

Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we have given consent for a specific

If the person concerned wishes to assert their right to withdraw consent, they can contact an employee of the person responsible for processing at any time.

Obtain processing purpose. If the processing of personal data is necessary to fulfill a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to processing operations that are required to carry out pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfill tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, it may be necessary to process personal data in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were injured and his name, age, and his were injured Health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the person concerned do not prevail. We are particularly permitted to carry out such processing operations because they have been specifically mentioned by the European legislator. In this respect, he took the view that a legitimate interest could be assumed if the person concerned is a customer of the person responsible (recital 47 sentence 2 GDPR).

12. Legitimate interests in the processing that are being pursued by the controller or a third party

If the processing of personal data is based on Article 6 I lit.f GDPR, our legitimate interest is the conduct of our business activities for the benefit of all our employees and our shareholders.

13. Duration for which the personal data will be stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the period has expired, the relevant data is routinely deleted, provided that it is no longer required for contract fulfillment or contract initiation.

14. Legal or contractual provisions for the provision of personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; possible consequences of non-provision

We explain to you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). In order to conclude a contract, it may sometimes be necessary for a data subject to provide us with personal data that we subsequently have to process. For example, the data subject is obliged to provide us with personal data when our company concludes a contract with them. Failure to provide personal data would mean that the contract could not be concluded with the person concerned. Before the person concerned provides personal data, the person concerned must contact one of our employees. Our employee explains to the person concerned on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.

15. Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.

This data protection declaration was created in cooperation with the lawyer for IT and data protection law Christian Solmecke and adapted accordingly in support of the data protection declaration generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which works as the external data protection officer in Landshut.