Data protection information for EVENTIM.CheckIn
Data protection information for EVENTIM.CheckIn visitor data collection
The purpose of this information on data protection is to inform you on the processing of your personal data when visiting and using "EVENTIM.CheckIn" (visitor data collection) of CTS EVENTIM AG & Co.KGaA (hereinafter "EVENTIM", "we" or "us") in accordance with the General Data Protection Regulation (hereinafter "GDPR"). The data protection information for "EVENTIM DE" (Ticket Shop) can be found here.
1 Responsible body and definitions
1.1 Responsible body
For the processing of personal data is responsible:
CTS EVENTIM AG & Co. KGaA
Hohe Bleichen 11
D-20354 Hamburg, Germany
Email: kundenservice@eventim.de
Tel.: +49 (0) 1806 533 933 (€ 0.20 /call incl. VAT from German landlines, max. € 0.60 /call incl. VAT from mobile networks)
1.2 Definitions
This information on data protection is based on the following terms on data protection, which we have defined for easier understanding:
1. The GDPR is the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).
2. Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. Authorities, however, which within the framework of a specific inquiry mandate may receive personal data under Union law or the law of the Member States shall not be considered recipients; the processing of such data by these said authorities is carried out in accordance with the applicable directives on data protection in accordance with the purposes of the processing. Depending on the method of payment selected for ticket purchases, the recipients of your personal data may be banks or the postal service providers via whom we send you your ticket by post.
3. In accordance with Section 15 of the German Stock Corporation Act (AktG), the EVENTIM Group comprises all of CTS EVENTIM AG & Co. KGaA's affiliated companies. Further information is available at
corporate.eventim.de/en/unternehmen/
4. Personal data are all information relating to an identified or identifiable natural person, i.e. the data subject. An identifiable natural person is one who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data can, for example, be name, contact data, user behaviour or bank data.
5. The Controller is the natural or legal person, public authority, agency or other body which alone or jointly with others decides on the purposes and means of processing personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his appointment may be laid down in accordance with Union law or the law of the Member States. For the data processing described in this privacy policy, CTS EVENTIM AG & Co. KGaA is responsible (see section 1.1).
6. Processing is any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organising, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transfer, disseminating or otherwise making available, aligning or combining, restricting, erasing or destroying. Processing can be, for example, the collection and use of your order data for ticket sales.
2 Purposes, legal bases and, if applicable, data categories for processing your personal data
2.1 Processing of personal data when using "EVENTIM.CheckIn"
You can use "EVENTIM.CheckIn" to enter personal data (contact data) - and if necessary, data of other persons with whom you are attending an event together - so that these data can be transmitted at a later time at the entrance of an event location at your instigation for the purpose of tracing chains of infection in connection with Covid-19, e.g. in electronic form. We process personal data for the provision of this service.
It is expressly pointed out that CTS EVENTIM AG & Co. KGaA does not assume any responsibility for the collection and processing of contact data at the respective event location that you or other persons wish to enter; this also applies to any forwarding of contact data to health authorities.
In this respect, the respective organiser or operator of the event location is the person responsible for data protection in the sense of Art. 4 No. 7 GDPR; please note the data protection information provided by them.
2.1.1 Storage of data in "EVENTIM.CheckIn"
1. When using "EVENTIM.CheckIn", we only process the personal data provided by you, which enable the tracing of infection chains in connection with Covid-19. In this respect, the legal regulations of the individual German federal states make different demands, over which we have no influence. The following data can be entered for the respective event visitor:
- Seating Information
- First Name
- Last Name
- Street and House Number
- Zip Code
- City
- Country
- Phone
If you collect data from other visitors, make sure that they have been sufficiently informed by you about the processing of their data and that you are authorized to provide the data.
2. For the identification and defense against threats (bot defense, DDoS attacks) and the delivery and acceleration of online applications, we use services of Akamai Technologies GmbH, Parkring 20-22, 85748 Garchin, Germany on our websites. Akamai processes the IP address of your terminal device. Akamai uses this information on behalf of EVENTIM to prevent technical threats and to ensure high availability of our website. The IP address is usually transferred to Akamai servers in the USA and processed there. This data transfer is based on EU standard contractual clauses. This ensures adequate protection of your personal data.
3. We process the personal data entered by you so that it can be transmitted in electronic form at a later date at your instigation for the purpose of tracing chains of infection in connection with Covid-19 at the entrance to an event location. The processing is carried out within the framework of the provision of our "EVENTIM.CheckIn" service on the basis of Art. 6 para. 1 Sentence 1 lit. b) GDPR.
2.1.2 Processing for IT security purposes
1. When using "EVENTIM.CheckIn", we process personal data that is technically necessary for us to provide you with "EVENTIM.CheckIn" and to guarantee the stability and security when using "EVENTIM.CheckIn". For this purpose, we process the following personal data:
- UU-ID
- IP address
2. We process personal data on the basis of our legitimate interest in providing you with "EVENTIM.CheckIn" and ensuring IT security for you when using "EVENTIM.CheckIn" on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR.
2.1.3 Cookies
1. When using "EVENTIM.CheckIn", no cookies are stored on your end device.
3 Storage and erasure of your personal data
1. If you enter personal data in "EVENTIM.CheckIn", these are initially stored exclusively locally on your device; we have no access to them in this respect. You have the option of deleting this data at any time.
2. If you transmit personal data in "EVENTIM.CheckIn" at your instigation for the purpose of tracing chains of infection in connection with Covid-19, e.g. at the entrance to an event location in electronic form, this data will be stored on servers of CTS EVENTIM AG & Co. KGaA for a certain period of time (see clause 3 below). The storage is carried out on behalf of the respective responsible organiser or operator of the event location; CTS EVENTIM AG & Co. KGaA is in this respect a processor in the sense of Art. 4 Paragraph 8 GDPR.
3. In the event of a transmission according to the above item 2, the respective organiser or operator of the event location is obliged to delete the data after a certain statutory period of time (four weeks in most federal states); CTS EVENTIM AG & Co. KGaA does not assume any responsibility in this respect. With regard to the details in this regard, we refer to the data protection information of the respective responsible organiser or operator of the event location.
4 Categories of recipients of personal data
1. A transmission of personal data by means of "EVENTIM.CheckIn" for the purpose of tracing infection chains in connection with Covid-19 by CTS EVENTIM AG & Co. KGaA to the respective organiser or operator of the event location is exclusively at your instigation on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.
2. Any transmission by the respective organiser or operator of the event location to a (health) authority for the purpose of tracing chains of infection in connection with Covid-19 is in most federal states on the basis of Art. 6 para. 1 sentence 1 lit. c) GDPR, in some federal states possibly also Art. 6 para. 1 sentence 1 lit. a) GDPR. Regarding the details, we refer to the data protection information of the respective responsible organiser or operator of the event venue.
3. In addition, we transmit personal data only to the extent that we are legally obliged to do so. In such a case, the transfer is made on the basis of Art. 6 para. 1 sentence 1 lit. c) GDPR.
5 Legitimate interests in data processing and objection
1. We process personal data in the sense of item 2 on the basis of our legitimate interests to ensure the IT security of "EVENTIM.CheckIn" and to carry out the internal administration efficiently and collaboratively. Information on the balance of interests carried out can be obtained from:
2. Insofar as we process personal data on the basis of legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR.), you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. We will then no longer process your data for this/these purpose(s), unless our legitimate interests worthy of protection outweigh this/these or the processing serves to assert, exercise or defend legal claims. Please direct your request:
- by email to kundenservice@eventim.de,
- by tel. to +49 (0) 1806 533 933 (€ 0.20 /call incl. VAT from German landlines, max. € 0.60 /call incl. VAT from German mobile networks) or
- in writing to CTS EVENTIM AG & Co. KGaA, Data Protection, Hohe Bleichen 11, D-20354 Hamburg, Germany.
3. If you object to the data processing, we will process your personal data collected in this context to answer your inquiry. The processing of your personal data is carried out to fulfil a legal obligation on the basis of Art. 6 Paragraph 1 S. 1 lit. c) GDPR.
6 Consent and revocation of your consent
1. If you have given us your consent for the processing of your personal data, you can revoke this at any time. The revocation of your consent is effective for the future. The legality of the pro-cessing of your personal data up to the time of revocation remains unaffected. Please direct your revocation:
- by email to kundenservice@eventim.de,
- by tel. to +49 (0) 1806 533 933 (€ 0.20 /call incl. VAT from German landlines, max. € 0.60 /call incl. VAT from German mobile networks) or
- in writing to CTS EVENTIM AG & Co. KGaA, Data Protection, Hohe Bleichen 11, D-20354 Hamburg, Germany.
2. If you revoke your consent, we will process your personal data collected in this context to answer your inquiry. The processing of your personal data is carried out to fulfil a legal obligation on the basis of Art. 6 Paragraph 1 S. 1 lit. c) GDPR.
7 Your rights
1. You may at any time, in accordance with the GDPR, request that we
- provide you with information about the personal data concerning you that we process (Art. 15 GDPR),
- rectify any personal data concerning you that is inaccurate (Art. 16 GDPR) and/or
- erase (Art. 17 GDPR), block (Art. 18 GDPR) and/or release (Art. 20 GDPR) your personal data stored by us.
2. Please send your request:
- by email to kundenservice@eventim.de.
- by tel. to +49 (0) 1806 533 933 (€ 0.20 /call incl. VAT from German landlines, max. € 0.60 /call incl. VAT from German mobile networks) or
- in writing to CTS EVENTIM AG & Co. KGaA, Data Protection, Hohe Bleichen 11, D-20354 Hamburg, Germany.
3. If you assert your rights against us, we process your personal data collected in this context to answer your inquiry. Your personal data is processed in order to fulfil a legal obligation on the basis of Art. 6 Para. 1 Sentence 1 lit. c) GDPR.
4. Without prejudice to your rights under Section 7, you may lodge a complaint with a data protection supervisory authority if you believe that EVENTIM's processing of personal data concerning you is in breach of the GDPR (Art. 77 GDPR).
8 Other
1. The provisions of this data protection information including the cookie information of CTS EVENTIM AG & Co. KGaA of "EVENTIM.CheckIn" in the version valid at the time of use.
2. We reserve the right to supplement and amend the content of the information on data protection. The updated data protection information is valid from the time it is published on our websites.
3. We will inform you in good time about these amendments and supplements on our websites. You will be given the opportunity to view, print and save the amended information on data protection free of charge.
9 Contact details of the Data Protection Officer
Please direct any questions regarding data protection to:
Data Protection Officer
CTS EVENTIM AG & Co. KGaA
Hohe Bleichen 11
D-20354 Hamburg, Germany
Email: datenschutz@eventim.de
As of: 26.09.2024