Privacy Policy

Data protection information for the websites of FKP SCORPIO Konzertproduktionen GmbH (as amended on 9 November 2023)

This data protection information provides information in accordance with the General Data Protection Regulation (hereinafter "GDPR") on the processing of your personal data when visiting and using the websites of FKP SCORPIO Konzertproduktionen GmbH, for marketing measures on our own websites, when using our mobile apps and when visiting our festivals.

Part A Scope of application, responsible body and definitions

1. Scope of application

1.1. This data protection information applies to data processing by FKP SCORPIO Konzertproduktionen GmbH (hereinafter referred to as "FKP", "we" or "us") in connection with the visit and use of our websites and our marketing measures on our own and third-party websites and in social networks as well as when visiting our festivals.

1.2. This data protection information only concerns the processing of personal data within the meaning of section 3.4.

2. Controller

2.1. Unless otherwise stated in this data protection information, we are responsible for the processing of your personal data:
FKP SCORPIO Konzertproduktionen GmbH
Große Elbstr. 277a
22767 Hamburg
info@fkpscorpio.com 
Telephone: +49 40 607 798 000

2.2. Our company data protection officer is:
Rechtsanwalt Martin Glänzer
Eppendorfer Landstr. 33
20249 Hamburg
datenschutzbeauftragter@fkpscorpio.com 

3. Definitions

This data protection information is based on the following data protection terms, which we have defined to make them easier to understand:

3.1. The GDPR is the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).

3.2. Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing. Recipients of your personal data may, depending on the payment method selected when purchasing tickets, be banks or the post office / shipping service provider through which we send you your ticket by post.

3.3. The FKP Group comprises all companies affiliated with us in accordance with Section 15 AktG.

3.4. Personal data means any information relating to an identified or identifiable natural person, i.e. the data subject. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data may include name, contact details, user behaviour or bank details.

3.5. The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. FKP is the controller for the data processing described in this data protection information; in some cases together with the operator of a partner site (see section 1.2). 

3.6. Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing may include, for example, the collection and use of your order data for ticket sales.

Part B Types and purposes of processing your personal data

1. Processing when visiting our websites and in the context of marketing measures
If you visit our websites to find out about concerts and festivals without creating a customer account, buying a ticket in our ticket shop or otherwise actively providing us with information (purely informational use), we process your personal data. In addition, we process your personal data as part of marketing measures on third-party websites and in social networks. Your personal data is processed for the following purposes and on the following legal bases:

1.1. Processing for IT security purposes

1.1.1. When you visit our websites, we process your personal data that is technically necessary for us to provide you with our websites and to ensure stability and security when you visit our websites. For this purpose, information is temporarily stored in a so-called log file, namely:

•    IP address of the requesting computer,
•    Date and time of access,
•    Name and URL of the retrieved file,
•    Website from which the access was made (referrer URL),
•    Browser used and, if applicable, the operating system of your computer and the name of your access provider.

1.1.2. We may use Google reCaptcha v2 on our websites. reCaptcha is an offer from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) and serves to prevent abusive automated entries in web forms and thus to protect the hoster's technical systems. When you visit one of our websites in which reCaptcha is integrated, a connection to the Google servers is established. A reCaptcha cookie is set. Your IP address is transmitted to Google. In addition, reCaptcha collects the following data by means of "fingerprinting": 

•    Browser plugins used
•    The cookies set by Google in the last 6 months
•    Number of mouse clicks and touches you have made on this screen
•    CSS information for the page called up
•    Javascript objects
•    The date
•    The browser language.

We have a legitimate interest in protecting our website from abusive automated spying and SPAM; the legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR. Insofar as personal data is transferred to Google in the USA, this is done on the basis of standard contractual clauses of the EU Commission. This ensures adequate protection of your personal data. You can prevent the storage of cookies and fingerprinting by selecting the appropriate technical settings in your browser software; in this case, you may not be able to use all functions of our websites to their full extent.
You can find Google's privacy policy and terms of use at: https://www.google.com/policies/privacy/ and https://policies.google.com/terms  

1.2.4. We use the services of TikTok Technology Limited, 10 Earlsfort Terrace Dublin, D02 T380, Ireland ("TikTok").
We use the TikTok pixel. This is a JavaScript code snippet that enables us to understand and track your activities on our websites. The Tiktok pixel collects and processes information about you or the devices you use (in particular IP address, browser information, the previously visited website and the date and time of the server request, so-called "event data"). We can determine how successful the individual advertising measures are in relation to the advertising campaign data. To do this, we use cookies that can be used to measure certain parameters for measuring reach - e.g. display of adverts, duration of viewing or clicks by users. If you are registered with TikTok, TikTok can also assign the information collected to your TikTok account.
We also use the Custom Audiences online marketing tool. This allows us to show you personalised advertising when you use TikTok if you have a TikTok account. For this purpose, we send our own pseudonymised data records without direct reference to a specific person to TikTok in encrypted form for data enrichment and the creation of target groups for the placement of advertising. In addition, target groups are created based on the interaction with our adverts.
TikTok also processes your data in China and the USA. There is no so-called adequacy decision for these two countries. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. This ensures adequate protection of your personal data for data transfers to the USA. You can find more information on this at: https://www.tiktok.com/legal/page/eea/transferee-countries/de-DE  

1.2.5. We use the services of Adform A/S, Silkegade 3B, ST. & 1st, 1113 Copenhagen, Denmark ("Adform").
The Adform pixel is used on our websites to understand and track your activities on our websites. The pixel collects, among other things, device type/ID, time of clicking on the website or advertising material, the URL of the website, information automatically sent by your device (e.g. language setting, IP address, demographic data), interest data, socio-demographic data linked to a cookie or other ID.
We carry out remarketing measures with the help of Adform. With the help of these remarketing measures, you can be shown interest-related adverts when you visit other websites.
You can find more information on Adform's terms of use and data protection at: https://site.adform.com/privacy-center/platform-privacy

1.1.3. We process your personal data on the basis of our legitimate interest in providing you with the websites and ensuring IT security for you when you visit our websites, on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. 

1.2. Processing for analysis and marketing purposes

1.2.1. When you visit our websites, we may analyse and document how you use our websites, e.g. the number of website visitors, your surfing behaviour on our websites, which events and areas on our website you are interested in, the origin of website visitors and, if you buy a ticket from us, your order and shopping basket data. For this purpose, we use the cookies available in the cookie information and the following tracking and analysis tools. If you would like to object to data processing, please click on the following link: Cookie settings

1.2.2. For analysis and advertising purposes, we use the services of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland ("Google").
Firstly, we use the web analysis service Google Analytics. In this context, Google creates pseudonymised user profiles on our behalf with the help of cookies. The information generated when you use this website, such as

•    Browser type/version,
•    Operating system used, 
•    Referrer URL (the previously visited page),
•    Host name of the accessing computer (IP address),
•    Cookies,
•    Time of the server request,

is used by Google on our behalf to analyse your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is only stored in abbreviated form and the information about your use of the website is not merged with other Google data.
You can prevent the storage of Google Analytics cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent Google from collecting and processing the information generated by your use of the website by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de  

You can find more information on terms of use and data protection at:
https://www.google.de/intl/de/policies/terms/regional.html 
https://www.google.de/intl/de/policies/privacy 
Explanation of the use of third-party data by Google:
https://policies.google.com/technologies/partner-sites  
Further information on data protection in connection with Google Analytics can be found at: https://support.google.com/analytics/answer/6004245?hl=de 

Secondly, we use Google Ads (formerly: Google AdWords) to advertise our events on the internet. Thirdly, we use Google's conversion tracking on our websites and fourthly, we use the remarketing function.
Google Ads sets a cookie if you have reached our websites via a Google advert. This cookie is not used for personal identification, but Google and we can recognise that a user has clicked on the ad and has been redirected to our websites. With the help of conversion tracking, we learn the total number of users who have clicked on one of our adverts. The remarketing function analyses your interactions with our websites, e.g. which offers you were interested in, in order to be able to show you targeted advertising on other pages even after you have visited our websites. The cookies used serve to uniquely identify a web browser on a specific computer and not to identify a person.
In connection with the use of Google Adwords, your personal data will be transferred to the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. This ensures adequate protection of your personal data. You can find details at: policies.google.com/privacy/frameworks
If you do not wish to participate in the tracking process, you can also reject the setting of a cookie required for this - for example, by changing your browser settings to generally deactivate the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from this domain: www.googleadservices.com

You can also deactivate the use of cookies by Google by following the link below and downloading and installing the plug-in provided there: https://www.google.com/settings/ads/plugin 
You can find more information on terms of use and data protection at:
https://policies.google.com/privacy?hl=en&gl=uk 
https://services.google.com/sitestats/de.html 
http://www.google.com/privacy/ads/   

1.2.3.  We use services provided by Meta Platforms Technologies Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Dublin D02 X525 ("Meta").
Firstly, we use the Meta Pixel. In order to show you individual recommendations on our websites, we process the following personal data (so-called "event data"):

•    IP-address,
•    UU-ID, 
•    WEB-ID,
•    Device Fingerprints,
•    Browser Fingerprints,
•    Cookies
•    Geo IP-Location.

We have implemented a code on our websites for this purpose. The meta pixel is an excerpt from this JavaScript code that loads functions with which Meta can track your actions on our websites and link them to your Facebook profiles. We only use the standard functions of the meta pixel. The data collected is anonymous and cannot be used by us and can only be used in the context of adverts or marketing measures.
According to Meta, collected data may also be transferred to the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. This ensures adequate protection of your personal data.

You can find details at:
www.facebook.com/legal/EU_data_transfer_addendum
https://de-de.facebook.com/help/566994660333381 
You can find more information on terms of use and data protection at: https://www.facebook.com/privacy/explanation 

Secondly, we use the Custom Audiences remarketing function. With the help of Custom Audiences, interest-based advertising can be displayed to you when you visit Meta's social networks.

Your browser automatically establishes a direct connection with the Meta server. We have no influence on the scope and further use of the data collected by Meta through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Custom Audiences, Meta receives the information that you have accessed one of our websites or clicked on one of our adverts. If you are registered with a Meta service, Meta can assign the visit to your account. If you are not registered with Meta or have not logged in, there is a possibility that Meta will find out and store your IP address and other identifying features.

You can deactivate Custom Audiences when you are logged in to Facebook at: https://www.facebook.com/settings/?tab=ads 
You can find more information on terms of use and data protection at: https://www.facebook.com/privacy/explanation  

1.2.4. We process your personal data on the basis of our legitimate interest in designing and continuously optimising our websites to meet your needs and to evaluate the use of our websites in order to optimise our offer within the meaning of Art. 6 para. 1 sentence 1 lit. f) GDPR. If your personal data is collected and transmitted to a provider of the above-mentioned services, this is only done on the basis of your consent within the meaning of Art. 6 para. 1 sentence 1 lit. a) GDPR. If you wish to withdraw your consent, please click on the following link: Cookie information

1.3. Integration of video and music platforms (YouTube, Vimeo and Spotify, Deezer)

1.3.1. Video and music platforms are sometimes integrated on our websites, with which videos or music from these platforms can be played on our websites. Insofar as these platforms process your personal data, this is done on the basis of our legitimate interest in the most comprehensive and user-friendly presentation of our online offers within the meaning of Art. 6 Art. 1 lit. f) GDPR.

1.3.2. We may integrate YouTube services (provided by Google) on our websites so that videos can be played directly from our websites. To protect your personal data, we use the "extended data protection" option provided by YouTube. According to YouTube, in this mode, data is only transmitted to the YouTube servers when a video is played.

By playing a video, YouTube receives the information that you have accessed the corresponding subpage of our website. The following data is also transmitted:

•    IP address of the requesting computer,
•    Date and time of access,
•    Name and URL of the retrieved file,
•    Website from which the access was made (referrer URL),
•    Browser used and, if applicable, the operating system of your computer and the name of your access provider.

This happens regardless of whether you have a YouTube/Google account and are logged in. If you are logged in, your data will be assigned directly to your account. If you do not want this assignment, you must log out of your YouTube/Google account before playing the video. YouTube stores your data and uses it for the purposes of advertising, market research and/or customising its own websites. You have the right to object to this, which you must exercise vis-à-vis YouTube.
You can find further information on data protection from YouTube / Google at the following link: https://www.google.de/intl/de/policies/privacy   

1.3.3. We may also integrate services from Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When you visit a sub-page of our website on which a Vimeo video is embedded, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also receives your IP address. This applies regardless of whether you are logged in to Vimeo or have an account with Vimeo. The information collected by Vimeo is transmitted to Vimeo servers in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. This ensures adequate protection of your personal data.
If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behaviour directly to your personal profile. If you do not want this assignment, you must log out of your Vimeo account before playing the video. Further information on Vimeo's data protection can be found at the following link: https://vimeo.com/privacy  

1.3.4.In addition, we may integrate functions from Spotify. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. You can find an overview of the Spotify plugins at: developer.spotify.com  
The plugins allow a direct connection to be established between your browser and the Spotify server when you visit our website. Spotify receives the information that you have visited this website with your IP address. If you click on the Spotify button while you are logged into your Spotify account, you can link the content of this website to your Spotify profile. This allows Spotify to associate your visit to this website with your user account.
Further information on Spotify's data protection can be found at the following link: https://www.spotify.com/de/legal/privacy-policy/   

1.3.5. In addition, we may also integrate functions from Deezer. The provider is DEEZER S.A., 24 rue de Calais 75009 Paris, France. By using the Deezer functions, data is transmitted to Deezer. We have no knowledge of the content of the transmitted data or its use by Deezer. Further information on Deezer's data protection can be found at the following link: https://www.deezer.com/legal/personal-datas   

1.4. Use of cookies

1.4.1. Cookies are stored on your computer when you use our website. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive. Cookies are used to send certain information to the organisation that sets the cookie. These also contain personal data. This enables us to make our websites more user-friendly and effective. Cookies cannot execute programmes or transfer viruses to your computer.

1.4.2. For the use of cookies on our websites, the cookie information on the respective website applies (see cookie information).

1.4.3. If you give your consent for us to store certain or all cookies on your computer, a corresponding consent ID will be generated and stored. The processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. c) GDPR.

2. Processing when creating a customer account, when purchasing tickets in the online ticket shop and for information e-mails

2.1. On some of our websites, you can create a customer account through which you can purchase tickets. Registration and use of the customer account require the provision of personal data. Mandatory fields are marked accordingly in the input mask.
We process your personal data to enable you to create and use the customer account and to purchase tickets, as well as for verification purposes in the event of changes to personal data in the customer account. The processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b) and lit. f) GDPR.

2.2. We process your personal data when you purchase tickets on our websites and provide personal data in the process. The processing is carried out for the purpose of executing and processing the contract with you on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.
If you purchase a ticket for another person (third party), we will process the personal data of the third party provided by you (name and, if applicable, contact details) for ticket personalisation and, if applicable, for sending the ticket to the third party. This data is processed for the purpose of fulfilling and processing the contract with you on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. If you provide data of a third party when purchasing tickets, please ensure that the third party has been sufficiently informed by you about the processing of their data by FKP and that you are authorised to provide the data.
If you pay with a credit card, the so-called 3D-Secure 2.0 procedure (hereinafter: 3DS 2.0) is generally used. 3DS 2.0 is a globally valid standard of the card networks (Visa, MasterCard, JCB, Diners, AMEX etc.), which was developed by EMVCo, an association of card networks. 3DS 2.0 is one of the procedures used for strong customer authentication in accordance with EU Directive 2015/2366 (Payment Services Directive 2, PSD 23). PSD 2 is implemented in Germany in the Payment Services Supervision Act. The 3DS 2.0 procedure confirms that the person initiating an eCommerce transaction is also authorised to use the respective payment card, i.e. it is intended to prevent misuse of your credit card. The processing of the data required for 3DS 2.0 is carried out for the purpose of executing and processing the contract with you on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.
When issuing personalised tickets, we may also process special categories of personal data, such as your health data, if you have provided the relevant information when purchasing a ticket and have consented to us processing this data. This includes, for example, information that you are a wheelchair user, have an allergy or intolerance to food or a severe disability. We process this data in order to provide you with special price categories, access to an event and special seating during the event, for example. The processing of your data is based on your consent within the meaning of Art. 6 para. 1 sentence 1 lit. a) GDPR.
In certain cases, as part of your order, you will be asked to provide personal data (contact details) - and possibly data of other persons with whom you are attending an event - so that this data can be forwarded to health authorities at a later date for the purpose of tracing chains of infection in connection with Covid-19 ("visitor data collection"). Without providing this data, it is generally not possible to attend the corresponding event. We will process this data if there is a legal or official legal basis for doing so, which will then be specified. If you provide data of a third party when purchasing tickets, please ensure that the third party has been sufficiently informed by you about the processing of their data and that you are authorised to provide the data.
Under certain circumstances, health authorities may require contact details that you have provided as part of an order that originate from a period in which no pandemic-related visitor data has yet been collected. Here too, the data is passed on for the purpose of tracing chains of infection in connection with Covid-19.

2.3. If you have purchased a ticket from us or won tickets as part of our competitions, we may send you information e-mails, e.g. to inform you about how to get there, car parks and current access requirements (such as bag size). For this purpose, we process your personal data for the purpose of executing the contract with you on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.

3. Processing when using our mobile apps

3.1. We provide you with various mobile apps that you can download and use on your devices.

3.2. When using the mobile apps, we collect the following personal data to enable convenient use of the functions:

•    IP address
•    Date and time of the enquiry
•    Time zone difference to Greenwich Mean Time (GMT)
•    Content of the request (specific page)
•    Access status/HTTP status code
•    Amount of data transferred in each case
•    Website from which the request comes
•    Browser
•    Operating system and its interface
•    Language and version of the browser software.

3.3. We only collect data that we believe is technically necessary to ensure the stability and security of the apps; the legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR. We do not use cookies.

3.4. The apps are hosted by AWS via Appmiral, Scheldestraat 11, 2000 Antwerp, Belgium. The hosting provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (AWS). When you use our app, personal data is processed on the servers of AWS (EU-WEST 1 in Dublin). Personal data may also be transferred to the parent company of AWS in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. This ensures adequate protection of your personal data. You can find further information at: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.

3.5. Further information can be found in the data protection information of AWS (https://aws.amazon.com/de/privacy/?nc1=f_pr) and the data protection information of Appmiral (https://appmiral.com/privacy-policy/). 

4. Processing for competitions, when registering for our newsletter and when using a contact form

4.1. You can take part in various competitions on our websites. We process your personal data to organise the competition and to advertise our events. Your personal data is processed for the purpose of performing the contract with you and due to our legitimate interest in carrying out marketing measures on the basis of Art. 6 para. 1 sentence 1 lit. b) and f) GDPR.

4.2. You can register for our newsletter. We use the newsletters to inform you about concerts, festivals and events and to advertise these, including personalised information if necessary. In doing so, we process your personal data for marketing purposes on the basis of your consent within the meaning of Art. 6 para. 1 sentence 1 lit. a) GDPR. You can unsubscribe at any time, e.g. via a link at the end of each newsletter or by sending an unsubscribe request by email to datenschutz@fkpscorpio.com
The newsletter is sent by the company Newsletter2go GmbH, Köpenicker Str. 126, 10179 Berlin. You can find the privacy policy at: https://nl2go-prod-api-account.s3.eu-central-1.amazonaws.com/app_files/de/N2G_DSE.pdf  

4.3. For questions of any kind, we offer the option of contacting us via a form provided on the website. It is necessary to provide a valid e-mail address so that we can answer the enquiry. Further information can be provided voluntarily. The data processing for the purpose of responding to the contact is based on your consent within the meaning of Art. 6 para. 1 sentence 1 lit. a) GDPR. The personal data collected by us for the use of the contact form will be deleted after the enquiry has been dealt with.

5. Processing for ticket returns and customer service

5.1. If necessary, your order will be cancelled. Your personal data will be processed on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.
If you have not purchased your ticket from us yourself, but have received it as a gift from the purchaser, for example, and are now returning the ticket due to a cancellation or postponement of the event, we will process the data that you provide to us informally or via a form on our website. We process your personal data for the purpose of returning your ticket and the refund on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.
If you have provided special personal data about yourself or a third party when purchasing tickets, we will process this data for the purpose of ticket cancellation on the basis of your consent within the meaning of Art. 6 para. 1 sentence 1 lit. a) GDPR. Section B 2.2. applies accordingly in this respect.

5.2. If you have any questions about events, your ticket purchase, your customer account or events organised by FKP, or if you wish to exercise your rights under this data protection information or lodge a complaint, you can contact us.
Depending on the subject of your enquiry, we may use your personal data that has been stored in our systems as part of other data processing (e.g. data that you provided when purchasing a ticket) to answer your questions. If and to the extent that this is necessary to answer your enquiry, we also collect data from external sources (e.g. enquiry with the shipping service provider as part of a shipment tracking or an enquiry request).
Your personal data is processed for the purpose of performing the contract with you on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. If you exercise your rights against us, we process your personal data for the purpose of fulfilling a legal obligation on the basis of Art. 6 para. 1 sentence 1 lit. c) GDPR. If you wish to obtain information or complain about something, we process your personal data on the basis of our legitimate interests in carrying out marketing measures and responding to your complaint on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR.
If you provide us with health data as part of your enquiry (e.g. information that you have a severely disabled person's pass), we will only process this personal data insofar as this is necessary to answer your enquiry and you have given us your express consent within the meaning of Art. 6 para. 1 sentence 1 lit. a) GDPR.

6. Processing when visiting our festivals
Video surveillance may be used at our festivals. Your image, biometric data, gender and age, if applicable, as well as data on ethnic and racial origin and religious beliefs, if applicable, will be recorded.
Processing is carried out on the basis of Section 4 BDSG and Art. 6 para. 1 lit. f GDPR for the following purposes and interests: Exercise of domiciliary rights, protection of property, prevention and investigation of criminal offences. We pursue the legitimate interests: Defence against theft, trespassing & vandalism, Defence against damage to third-party property, Defence against assaults on persons, Subsequent preservation of evidence through recording. If the video recordings are recorded, we store them for a maximum of 72 hours. A longer storage period only takes place if this is necessary for the enforcement of legal claims or the prosecution of criminal offences in specific individual cases.
Data transfer of the recordings to third parties (e.g. the police) only takes place if this is necessary to pursue the purposes and legitimate interests.

Part C Retention and deletion of your personal data

1. We store your personal data for as long and to the extent necessary for the respective purpose (Part B) for which it is processed.

2. As soon as the data is no longer required for the purposes stated in Part B, we will retain your personal data for the period in which you can assert claims against us or we against you (statutory limitation period generally of three years, starting at the end of the year in which the claim arises; e.g. at the end of the year of the ticket transaction).

3. In addition, we store your personal data for as long as and to the extent that we are legally obliged to do so. Corresponding proof and retention obligations arise, among other things, from the German Commercial Code and the German Fiscal Code (e.g. Section 257 HGB; Section 147 AO). According to these, the retention obligations are up to ten years.

Part D Categories of recipients of personal data

1. When providing, implementing and managing our products and services, we may transfer your personal data to companies within the FKP Group as part of an intra-group process based on the division of labour. The transfer is based on our legitimate interest in carrying out internal administrative activities efficiently and in a division of labour, for fraud prevention, to ensure the security of our customer accounts and to improve our products and services, on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR.

2. Your personal data will be transmitted to service providers who provide the platforms, databases and tools for our products and services (e.g. our website, the sale of tickets, the sending of newsletters and information emails), create analyses of user behaviour on our websites, run marketing campaigns and process your personal data on our behalf in the context of ticket purchases. Your personal data is transmitted for the purpose of performing the contract with you on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR, on the basis of our legitimate interest in improving and promoting our products on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR and, if you have given us your consent to process your personal data, on the basis of your consent within the meaning of Art. 6 para. 1 sentence 1 lit. a) GDPR.

3. If you buy a ticket on our website, we offer you various payment options. In order to process the payment and, if necessary, refund the purchase price, we transmit your personal data to banks, payment service providers, financial service providers and credit card companies, depending on the payment method selected. We transmit your personal data for the processing of your ticket purchase and, if necessary, the refund on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.

4. If we send you your ticket by post, we will transfer your personal data to shipping service providers. The transmission takes place for the purpose of executing the contract with you on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.

5. In the event of legal disputes, we will transfer your data to the competent court and, if you have appointed a lawyer, to the lawyer in order to conduct the legal dispute. We process your personal data on the basis of a legal obligation pursuant to Art. 6 para. 1 sentence 1 lit. c) GDPR and on the basis of our legitimate interest in safeguarding, enforcing and/or defending our legal interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR.

6. Some of our information e-mails and newsletters are sent by service providers commissioned by us. For this purpose, we transmit your personal data to the service providers. We process your personal data as follows:
If you give us your consent to send you newsletters during a purely informational visit to our websites or when creating a customer account, we will transmit your data on the basis of your consent within the meaning of Art. 6 para. 1 sentence 1 lit. a) GDPR.
After purchasing a ticket or after successful participation in a competition, we transmit your personal data in order to provide you with information about the event for the purpose of executing the contract with you on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.

7. A transfer of personal data for the purpose of tracing chains of infection in connection with Covid-19 by us to the respective organiser (visitor data collection) is based on Art. 6 para. 1 sentence 1 lit. b) GDPR. Any transmission by the respective organiser to a (health) authority for the purpose of tracing chains of infection in connection with Covid-19 is carried out in most federal states on the basis of Art. 6 para. 1 sentence 1 lit. c) GDPR, in some federal states also Art. 6 para. 1 sentence 1 lit. a) GDPR. With regard to the details in this regard, we refer to the data protection information of the respective responsible organiser.

8. Beyond this, we will only transfer your personal data if and insofar as we are legally obliged to do so. The transfer takes place on the basis of Art. 6 para. 1 sentence 1 lit. c) GDPR (e.g. to the police authorities in the context of criminal investigations or to the data protection supervisory authorities).

Part E    Legitimate interests in data processing and objection

1. We process your personal data within the meaning of Part B on the basis of our legitimate interests, in particular to ensure IT security on our websites, to carry out analyses and marketing measures, to inform you about our products and services, to increase the reach of our products and marketing measures, to safeguard, enforce and defend our legal interests (including in court if necessary) and to carry out internal administration efficiently and in a division of labour.

2. Insofar as we process your personal data on the basis of these legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR), you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. We will then no longer process your data for this/these purpose(s), unless our legitimate interests prevail or the processing serves the establishment, exercise or defence of legal claims. Notwithstanding this, you can object to the processing of your personal data for direct marketing purposes (such as newsletters) at any time without giving reasons. Please send your request by e-mail to datenschutz@fkpscorpio.com or in writing to FKP SCORPIO Konzertproduktionen GmbH, Große Elbstraße 277, 22767 Hamburg, Germany.

3. If you object to data processing in accordance with section 2, we will process your personal data collected in this context to respond to your enquiry. The processing of your personal data is carried out to fulfil a legal obligation on the basis of Art. 6 para. 1 sentence 1 lit. c) GDPR.

Part F Consent and withdrawal of your consent

1. If you have given us your consent to process your personal data, you can revoke it at any time. The revocation of your consent is effective for the future. The lawfulness of the processing of your personal data up to the time of revocation remains unaffected. Please send your cancellation by e-mail to datenschutz@fkpscorpio.com or in writing to FKP SCORPIO Konzertproduktionen GmbH, Große Elbstraße 277, 22767 Hamburg.

2. If you revoke your consent, we will process your personal data collected in this context to answer your enquiry. The processing of your personal data is carried out to fulfil a legal obligation on the basis of Art. 6 para. 1 sentence 1 lit. c) GDPR.
 

Part G Your rights

1. You can demand from us at any time in accordance with the GDPR that we

•    provide you with information about the personal data concerning you that we process (Art. 15 GDPR),
•    rectify personal data concerning you that is inaccurate (Art. 16 GDPR), and/or
•    erase (Art. 17 GDPR), block (Art. 18 GDPR) and/or disclose (Art. 20 GDPR) your personal data stored by us.

2. Please send your enquiry by e-mail to datenschutz@fkpscorpio.com or in writing to FKP SCORPIO Konzertproduktionen GmbH, Große Elbstraße 277, 22767 Hamburg.

3. If you assert rights against us, we will process your personal data collected in this context to respond to your enquiry. The processing of your personal data is carried out to fulfil a legal obligation on the basis of Art. 6 para. 1 sentence 1 lit. c) GDPR.

4. Without prejudice to the rights set out in this Part G, you may lodge a complaint with a data protection supervisory authority if you consider that the processing of personal data concerning you by FKP infringes the GDPR (Art. 77 GDPR).

Part H Miscellaneous

1. The provisions of this data protection information (available free of charge on our websites) including the cookie information of FKP SCORPIO Konzertproduktionen GmbH (available free of charge on our websites) apply in the version valid at the time of use of our websites.

2. We reserve the right to amend and change the content of the data protection information. The updated data protection information applies from the time it is published on our website.