This privacy policy applies to data processing conducted by smart tickets.de Gesellschaft für Vertriebslösungen mbH (henceforth referred to as "controller", "we" or "us"). It explains the nature, scope and purposes of the collection, processing and use of so-called personal data that is linked to the use of our services (e.g. registration for our ticket platform, purchase of tickets for events on our ticket platform).

Please read this privacy policy carefully. If you have any questions or comments, feel free to contact us at the e-mail address named under clause 2.

Personal data means any information that can be directly or indirectly related to a natural person, e.g. name, address, e-mail address, user behavior.

Our data processing can be divided into two categories:

• For the purpose of performance of a contract when you register on the ticketing platform or order tickets, all personal data that is necessary for the purpose of performing the contract will be processed.
• When our website https://www.tickets.de ("website") is used for information purposes only, we process only the data that your browser transmits to our server. Some of these may be personal data. These data are mainly used to optimize our website.

The responsible authority is smart tickets.de Gesellschaft für Vertriebslösungen mbH, Droysenstr. 13, 10629 Berlin, phone: +49(0)30-60981333, fax: +49(0)30-60981323, e-mail: tickets@tickets.de.

When opening our website, the browser you are using will automatically send information to the server of our website and save them temporarily in so-called log-files. We do not have any influence on this procedure. In the course of this procedure, the following data is collected and stored, without any action on your part, until the time of automatic deletion:

• The IP address of the internet-ready device you are using,
• Date and time of the access,
• Name and URL of the data you access,
• The website from which you are accessing (referrer URL),
• The browser you are using and, in certain cases, the operating system of your internet-ready device as well as the name of your access provider.

The legal basis for the processing of your IP address is Art. 6 (1) (f) of the General Data Protection Regulation ("GDPR"). The data collected does not enable us to draw any conclusions to your identity and we have no intention of drawing such conclusions. The following constitute our "legitimate interest" in the collecting of the data named above:

• The safeguarding of a smooth connection set-up,
• The safeguarding of a comfortable use of our website,
• The analysis of the system's security and stability and
• Further administrative purposes.

On our website we offer you the opportunity to register by providing personal data. You can use your customer account to purchase tickets for events of various organizers and to administer your tickets. The ticket purchase is arranged by us. The data is entered into an input mask and stored with us. The following data will be collected during registration:

• Your first and last name, your e-mail address, your self-given username, your password and your address;
• The following data can be entered voluntarily during registration: your gender, your company, your phone and mobile number.

The legal basis for collecting these data is Art. 6 (1) (b) GDPR. The data processing serves to establish, implement and process the contractual relationship regarding the use of the ticket platform and the procurement of tickets.

We delete the data collected and stored in connection with your customer account at the latest when you delete your customer account yourself or when you notify us that your customer account is to be deleted. However, premature deletion of your personal data is not possible if and to the extent that the data is still required for processing the contract or if we are legally obliged to further storage.

When you purchase tickets on our website, we collect the data that are necessary for the procurement of tickets and for the ticket issuance. These are:

• Your name,
• Your e-mail address,
• Your ticket information (event, number of tickets, ticket category, price),
• Ticket code(s) and
• Payment details.

If you buy personalized tickets not only for you but for other people ("other ticketholders"), we collect the names of all ticketholders because their tickets need to be issued in their name, and their e-mail addresses.

If you resell tickets via the ticket exchange, we also collect the following data from you as the seller: your name, e-mail address, ticket information (event, number of tickets, ticket category, price), ticket codes and bank account details for rebooking the ticket purchase price.

The legal basis for this collection and processing of your data as ticket buyer (or ticket seller on our ticket exchange is Art. 6 (1) (b) GDPR. With regard to the personal data of the other ticketholders legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest is that we are obliged toward you as a ticket buyer to issue the tickets for the other ticketholders you have named.

We save the data that are collected when purchasing or selling a ticket until the expiry of all legal and contractual warranty rights. After the expiry, we store the contract data that we are obliged to store according to commercial and/or tax law for the prescribed period of time. During this period (usually ten years as from the date on which the contract is concluded), the data will only be processed anew in case of an examination by the fiscal administration.

When you log in via Facebook Connect, a direct connection to the servers of Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA ("Facebook"), is established. Facebook learns that you have used your login data on our website.

As part of registration via the Social Login, the following personal data is transmitted to us by Facebook:

• Your Facebook ID
• Your e-mail address
• Your name and
• Your gender.

We use these data to identify you as our contractual partner and to set up your customer account. The legal basis for the use of these data is Art. 6 (1) (b) GDPR.

You can undo the connection between your Facebook profile and our website by changing the settings in your Facebook profile. However, the data that has already been transmitted to us via this connection will still be stored with us afterwards since you used it to create your customer account. After the connection has been cancelled, you will not be able to log in to our website via Facebook Connect anymore.

The purpose and scope of data collection by Facebook and the further processing and use of the data by Facebook as well as your rights and setting options for the protection of privacy can be found in Facebook's data protection information.

When you purchased a personalized ticket and transferred the right to attend the event to a third party (assignment), the name of the third party must be noted on the ticket (re-personalization) so that he or she will be granted entrance to the booked event. We re-personalize tickets by issuing a new personalized ticket in the third party's name (“new ticketholder”). Your old ticket will lose its validity due to the re-personalization. We collect the following data when re-personalizing personalized tickets:

• The data of the original purchaser: Name, e-mail address, user name and password of his / her customer account or his / her Facebook ID (only if the original purchaser registered via Facebook Connect), address, ticket information (event, number of tickets, category, price), ticket codes and payment details for the re-personalization fee (name of the credit card holder, card number, expiry date, verification code, IP address of the transaction).
• The data of the other ticket holders: Names of the ticket holder, e-mail address(es), ticket information and ticket codes.
• The data of the new ticket holder(s): Name, e-mail address, ticket information and ticket code(s).

The legal basis for the processing of the data of the original buyer is Art. 6 (1) (b) GDPR. With regard to the processing of the data of the other original ticket holders and the new ticket holders, the legal basis is Art. 6 (1) (f) GDRP. Our legitimate interest is that we are obliged vis-à-vis the original purchaser to ensure the transferability of the ticket. The other original ticket holders and the new ticket holders themselves have an interest in the re-personalization.

Furthermore, the original ticket holder whose ticket is to be re-personalized needs to prove to us that he / she is indeed the person in whose name the original ticket was issued. This is to prevent the unauthorized sale of tickets for inflated prices. In particular, the purchase of tickets under a fictitious name for the purpose of later re-personalization after resale by an unauthorized ticket dealer should be excluded. For this proof, the ticket holder must send us a copy of an official copyable identification document (not an identity card or passport). We only use your data to make sure that the name on the online ticket is the same as the name on the identification document. You are free to blacken the parts of the identification document that contain any other information. The legal basis for this data processing is Art. 6 (1) (f) GDPR. Our legitimate interest is the purpose named above. The copy of the official identification document will be deleted immediately after the re-personalization has been completed.

We store the other data that are processed during the re-personalization until the expiry of all legal and contractual warranty rights. After the expiry, we store the contract data that we are obliged to store according to commercial and/or tax law for the prescribed period of time. During this period (usually ten years as from the date on which the contract is concluded), the data will only be processed anew in case of an examination by the fiscal administration.

On our website we have a contact form that you can use to contact us electronically. If you use this form, the data you enter into the entry mask will be transferred to us and stored with us.

The legal basis for the processing of these data is Art. 6 (1) (f) GDPR. The processing serves solely to process your inquiry; this is also in our legitimate interest.

The data will be deleted as soon as the conversion following the establishment of contact is finally completed.

Based on Article 6 (1) (f) GDPR, we use "cookies" on our website to optimize the website. The optimization of our website is our legitimate interest in the sense of the aforementioned article. Cookies are small text files that are created automatically by your browser and are stored on your device (e.g. laptop, tablet, smart phone) when you visit our website. Cookies do not cause any damage to your device, nor do they contain viruses, trojans or any other malware. Information that arises in connection with the specifically used device is stored in the cookie. This does not mean that we are able to directly identify you. The use of cookies is intended to make the use of our services more enjoyable for you.

We use so-called session cookies to recognise that you have already visited individual pages of our website so you can register on our website and buy tickets there. Such cookies are deleted automatically after you have left our website.

We also use an ARRAffinity cookie to make sure that a user who accesses our website from different app servers always communicates with the same server. This cookie is saved until the end of the respective user session.

For the purpose of user convenience, we also use temporary cookies that are stored on your device for a specifically defined period of time. If you revisit our site to use our services, it is immediately recognised that you have already visited our website and what entries you have made and what settings you have chosen, so you do not have to enter everything again.

Most browsers accept cookies automatically. You can adjust the settings of your browser so that no cookies are stored on your device or a notice appears every time before a new cookie is set. Completely deactivating cookies may, however, result in the situation that you will not be able to use all the functions of our website to the full extent.

For the purpose of demand-oriented design and continuous optimization of our pages, we use Google Analytics, a web analysis service of Google Inc. ("Google") based on Art. 6 (1) (f) GDPR. In this context, pseudonymous user profiles are created and cookies are used. The information generated by the cookie about your use of our website, such as browser type/version, operating system, referrer URL (the website from which you are accessing ours), host name of the accessing computer (IP address), time of the server request, will be transmitted to a Google server in the United States and stored there. The information is used to analyze the use of our website, to compile reports on advertising activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and demand-oriented design of these Internet pages. This information may be transmitted to third parties if we are under a legal obligation to transmit them or if a third party processes these data on behalf of a controller.

Under no circumstances will your IP address be combined with other data from Google. The IP address is anonymized so that combining it with other data is impossible (so-called IP-masking).

You can adjust the settings of your browser so that no cookies are stored on your device. Completely deactivating cookies may, however, result in the situation that you will not be able to use all the functions of our website to the full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

For more information about privacy at Google Analytics, please visit the third-party website: https://support.google.com/analytics/answer/6004245?hl=en as well as Google's privacy policy: https://policies.google.com/privacy?hl=en.

We use on our website the social media plug-ins of a variety of social networks ("plug-in providers"). A social network is an online meeting point that enables users to communicate with one another and to interact online. The legal basis for the processing of your data is Art. 6 (1) (f) GDPR. The purpose of the use of social media plug-ins and the related analyses is to offer you the most comfortable and personalized service on our website and to run our website economically.

Since social media plug-ins are automatically disabled on our website, they do not send any data to their respective plug-in provider without intervention on your part. You need to enable social media plug-ins by clicking on the respective button to be able to use them.

After you enabled a social media plug-in, your browser will set up an immediate connection to the system of the respective plug-in provider. The content of the social media plug-in will be transmitted directly to your browser and integrated into our website. At the same time, the social media plug-in transmits the information that you have accessed a certain sub-page of our website to the plug-in provider, regardless of whether you have created a profile with the plug-in provider or logged in to their website or if you use the social media plug-in actively (e.g. by clicking the "like"-button or by posting a comment). In case of the active use of a social media plug-in the related information will be transmitted directly to the plug-in provider by your browser and stored with the plug-in provider. If you are logged in to the plug-in provider's website while visiting our website, the provider is able to connect your visit to our website to your profile.

We do not have any influence on the nature and scope of the data that is collected and transmitted. For information on the scope and purpose of the data collection, processing and use, please see the privacy policy of the respective plug-in provider. That privacy policy will also inform you about your rights and the setting options for the protection of your privacy. If you do not consent to a plug-in provider connecting the collected data about your visit to our website to your profile, please log out from the website of the plug-in provider before enabling the respective social media plug-in on our website. If you do not want plug-in providers to receive, store or use any data, please do not use or click on the respective social media plug-in.

The social media plug-ins of the social network Facebook are run by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (www.facebook.com), and – in Europe – Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Irland (www.facebook.de) ("Facebook"). An overview of Facebook's plug-ins can be found here: http://developers.facebook.com/docs/plugins; for more information on Facebook's data protection policy please check the following website: www.facebook.com/policy.php.

Whenever data are processed outside the European Economic Area in a country where data protection regulations are not equivalent to European data protection standards, this happens on the basis of the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC.

If you want to object to data collection by Facebook with effect for the future, you can do this here: https://www.facebook.com/settings?tab=ads.

Social media plug-ins of the social network Google+ are run by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). You can find an overview over the plug-ins of Google+ here: https://developers.google.com/+/plugins; for information on Google+'s data protection policy please see https://www.google.com/intl/de/+/policy/+1button.html.

Whenever data are processed outside the European Economic Area in a country where data protection regulations are not equivalent to European data protection standards, this happens on the basis of the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC.

If you want to object to data collection by Google+ with effect for the future, you can do this here: http://www.google.com/ads/preferences.

Social media plug-ins of the social network Twitter are run by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). You can find an overview over the plug-ins of Twitter here: https://about.twitter.com/en_us/company/brand-resources.html; for information on Twitter's data protection policy please see twitter.com/privacy.

Whenever data are processed outside the European Economic Area in a country where data protection regulations are not equivalent to European data protection standards, this happens on the basis of the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC.

If you want to object to data collection by Twitter with effect for the future, you can imply a so-called opt-out-cookie here: https://twitter.com/personalization.

We pass on your data to our payment service providers for the purpose of processing the ticket purchase. The legal basis for this is Art. 6 (1) (b) GDPR.

As far as this is necessary for the purpose of organizing the event (especially for admission control), the respective event organizer will receive your data from us. The legal basis is Art. 6 (1) (b) GDPR.

If you have given us your consent to do so (Art. 6 (1) (a) GDPR), we will also pass on your name and your e-mail address to the respective event organizer so he can send you his newsletter with information on his events or related products.

Furthermore, we sometimes use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked. The external service providers can be assigned to the following categories:

• IT service providers
• Providers of system-e-mails
• Cloudservice providers
• Web Analysis services.

The processing mentioned under point 3.4 causes a data transmission to the servers of the providers of tracking or targeting technologies commissioned by us. Data is transmitted in accordance with the principles of the so-called Privacy Shield and on the basis of so-called standard contractual clauses of the EU Commission.

Also for the generation of system emails, data is transmitted to the provider of system emails commissioned by us. Data is transmitted in accordance with the principles of the so-called Privacy Shield.

Beyond that we do not pass on your data to recipients established outside the European Union or the European Economic Area.

We will be happy to provide you with further information on the effective and appropriate guarantees for compliance with an appropriate level of data protection with a recipient of your data in a country outside the EU or the EEA upon request; for our contact information, see point 2. For further information on the partners of the EU-US Privacy Shield, see www.privacyshield.gov/list. For further information on the EU standard contractual clauses, see http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF.

You may revoke your consent to the processing of your data at any time with effect for the future. The legality of the processing of your personal data until revocation remains unaffected by this.

If the requirements under Article 21 (1) GDPR are met, you may object to the data processing on grounds relating to your particular situation.

The above general right to object applies to all processing purposes described in this privacy policy that are processed in accordance with Article 6 (1) (f) GDPR. We are only obliged to implement such a general objection if you give us reasons of overriding importance (e.g. a possible danger to life or health).

You have the following rights towards us regarding your personal data:

• Right of access (Art. 15 (1) and (2) GDPR)
• Right to rectification (Art. 16 clause 1 GDPR)
• Right to erasure ("right to be forgotten") (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR).

You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

We take effective technical and organizational measures to ensure data security, especially the security of your personal data to protect them from the dangers related to data transfer, and to prevent third parties from obtaining knowledge of said data. These measures are frequently updated to the latest state of technology.