Data collection on our website: Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator’s contact details can be found in the website’s required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyse how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
You can object to this analysis. We will inform you below about how to exercise your options in this regard.
2. General information and mandatory information
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
Hamburg Kreativ GmbH
Telefon: 040-237 24 35-0
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to object to data collection in special cases and direct mail (Article 21 GDPR)
If your personal data is processed to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail. If you object, your personal data will then no longer be used for the purpose of direct advertising (objection under Art. 21 (2) GDPR).
Complaint to the competent supervisory authority
In the case of violations of the GDPR, the persons concerned have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. The right of appeal is without prejudice to any other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process on the basis of your consent or in fulfillment of a contract automatically, in itself or to a third party in a standard, machine-readable format. If you require the direct transfer of the data to another person in charge, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Encrypted payments on this website
If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.
Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon in your browser line is visible.
In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the imprint. The right to restrict processing exists in the following cases:
- If you deny the accuracy of your personal information stored with us, we usually need time to verify this. For the duration of the audit you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data is unlawful, you may request the restriction of data processing instead of deletion.
- If we no longer need your personal information but you need it for the purpose of exercising, defending or enforcing legal claims, you have the right to demand that your personal data be restricted instead of being deleted.
- If you have filed an objection pursuant to Art. 21 (1) GDPR, a balance must be made between your interests and ours. As long as it is not clear whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
- If you have restricted the processing of your personal data, these data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for important public reasons Interest of the European Union or of a Member State.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
3. Data protection officer
Statutory data protection officer
We have appointed a data protection officer for our company.
Hamburg Kreativ Gesellschaft mbH
– Datenschutzbeauftragte –
Telefon: 040-237 24 35-37
4. Data collection on our website
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
Server Log Files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
Browser type and browser version
Operating system used
Host name of the accessing computer
Time of the server request
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Processing of data (customer and contract data)
We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.
Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transferred when signing up for services and digital content
We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract with us, for example, to banks entrusted to process your payments.
Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.
The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Eventbrite, Inc. is a Delaware corporation with its principal place of business at 155 5th Street, Floor 7, San Francisco, CA 94103, Reg. No. 4742147. If you are resident in the European Economic Area (“EEA”) or Switzerland, Eventbrite, Inc. is the responsible party with respect to Personal Data (defined below) collected through the Services. Eventbrite’s representative for European data protection law purposes is Eventbrite NL B.V. with its principal place of business at Silodam 402, 1013AW, Amsterdam, The Netherlands.
The data you enter will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Mandatory legal provisions - in particular retention periods - remain unaffected. The legal basis for data processing is Art. 6 para. 1 lit. f DSGVO.
The website operator has a legitimate interest in making registration for programs as uncomplicated as possible and in contacting potential future participants. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.airtable.com/privacy.
5. Analytics and advertising
This website uses the open source web analytics service Matomo. Matomo uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before it is stored.
Matomo cookies remain on your device until you delete them.
The storage of Matomo cookies is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
The information generated by the cookies about your use of this website will not be disclosed to third parties. You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website.
If you do not agree with the storage and use of your data, you can disable this feature here. In this case, an opt-out cookie will be stored in your browser to prevent Matomo from storing your usage data. If you delete your cookies, this will mean that the opt-out cookie will also be deleted. You will then need to reactivate it when you return to our site if you wish your activity not to be tracked.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) GDPR. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
Sendinblue (formerly Newsletter2Go)
This website uses the services of Sendinblue to send newsletters. This service is provided by Sendinblue Gmb, Köpenicker Straße 126, 10179 Berlin, Germany.
Sendinblue is a service which organizes and analyzes the distribution of newsletters. If you provide data (e.g. your email address) to subscribe to our newsletter, it will be stored on Sendinblue servers.
We use Sendinblue to analyze our newsletter campaigns. When you open an email sent by Sendinblue, a file included in the email (called a web beacon) connects to Sendinblue’s servers. This allows us to determine if a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to a specific recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to your interests.
If you do not want your usage of the newsletter to be analyzed by Sendinblue, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter directly on the website.
Data processing is based on Art. 6 (1) (a) GDPR. You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of Sendinblue. Data we have stored for other purposes (e.g. email addresses for the members area) remains unaffected.
Completion of a data processing agreement
We have entered into a data processing agreement with Sendinblue, in which we require Sendinblue to protect the data of our customers and not to disclose said data to third parties.
7. Plugins and Tools
This site uses the Google Maps map service via an API. It is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
Further information about handling user data, can be found in the data protection declaration of Google at https://policies.google.com/privacy?hl=de.
We use “Google reCAPTCHA” (hereafter “reCAPTCHA”) on our websites. Provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).
With reCAPTCHA we want to check if the data entry on our websites (for example in a contact form) is done by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (such as IP address, website visitor’s time spent on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.
The reCAPTCHA analyzes are completely in the background. Site visitors are not advised that an analysis is taking place.
We use the webchat plugin “tlk.io” on our website. Provider is www.tlk.io
The plugin works with the smallest amount of user data in order to create a seamless experience when using tlk.io.
Our social media appearances
Data processing through social networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Twitter, Instagram, etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (such as like buttons or banner ads). By visiting our social media presences, numerous data protection relevant processing processes are triggered.
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way, you can see interest-based advertising in and out of your social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or logged in.
Our social media appearances are designed to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (for example, consent within the meaning of Article 6 (1) (a) GDPR).
Responsible and asserting rights
If you visit any of our social media sites (such as Facebook), we, together with the social media platform operator, are responsible for the data processing operations triggered during this visit. Your rights (information, correction, deletion, limitation of processing, data portability and complaint) can in principle be us as well as against the operator of the respective social media portal (for example, compared to Facebook) assert.
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
The data collected directly from us via the social media presence will be deleted from our systems as soon as the purpose for their storage is removed, you ask us to delete it, you revoke your consent for storage or the purpose for the data storage is dropped. Saved cookies remain on your device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected.
Social networks in detail
We have a profile on Facebook. Provider is the Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield.
You can customize your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads.
We use the short message service Twitter. Provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. Twitter is certified under the EU-US Privacy Shield.
You can customize your Twitter privacy settings in your user account. Click on the following link and log in: https://twitter.com/personalization.
We have a profile on YouTube. Details on their handling of your personal data can be found in the data protection declaration of YouTube: https://policies.google.com/privacy?hl=de&gl=de.