Data protection notice

Below, we would like to explain to you which data we collect about you and what we do with these data. We also inform you about your privacy rights and explain to whom you can turn with questions about data protection.
Who we are
Data controller (responsible for data processing):
Deutsche Oper am Rhein
Theatergemeinschaft Düsseldorf-Duisburg gGmbH
Heinrich-Heine-Allee 16a
40213 Düsseldorf
Tel. 0211 89 25 210
ticket@operamrhein.de

Managing directors: Prof. Christoph Meyer, General Director; Alexandra Stampler-Brown, Executive Director

Concerning questions about this Data Protection Notice, processing of your data, your rights or other data protection topics, our data protection officer (DPO) would be pleased to help you.

Contact details of our data protection officer:
Deutsche Oper am Rhein
Data protection officer
Theatergemeinschaft Düsseldorf-Duisburg gGmbH
Heinrich-Heine-Allee 16a
40213 Düsseldorf
datenschutz@operamrhein.de
Scope of application
This data protection notice refers to:
  • visitors of our website operamrhein.de and theater-duisburg.de,
  • visitors of our web shops webshop.operamrhein.de and theaterduisburg.eventim-inhouse.de,
  • our customers and visitors to our stage performances,
  • purchasers of (group) tickets and subscriptions.

Our website offers links which lead to the websites of other operators for which this Data Protection Notice does not apply.
Do I have to provide my data?
When you visit our websites, user data are automatically stored. Some of the collected data are necessary for the use of a website. In addition, we also process your data in order to safeguard our legitimate interests according to a balance of interests. This will enable us to continuously improve the services we offer to you. On the following pages, you will learn about the background of our interests as well as whether and how you can object to the use of your data or disable the use of the data.
In order to use one of our offers or to send a request, you will be asked to provide your personal data. You can decide for yourself whether to take advantage of these offers and to provide your data. We also offer services for which we process your data only if you have given us your consent. The granting of consent is always voluntary. Consent that has been granted may be revoked at any time.
Please note that if you provide information about other persons, you must have obtained their prior approval and informed them of the purposes for which the information is being disclosed, as set forth in this Data Protection Notice.
We also ask you to share this information with the people you include in the use of our services, such as family members or authorised persons.
Definiton of essential terms
Personal data

In the following information, „personal data“ is a very frequent term, but what does it actually mean?
The term “personal data” is defined legally in Article 4 (1) GDPR as follows:

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Procession
The term “processing” is defined legally in Article 4 (2) GDPR as follows:

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Processing Website Visitor Data
This section explains which data will be processed when you visit one of our websites.



PROCESSING PURPOSES AND LEGAL BASES
We distinguish between various types of processing personal data which are described below. The processed data and cookies are listed in tables.

Service Provision
In order to visit and use our websites or to watch the trailer videos accessed via QR codes in our performance progamme booklet, the specified data must be collected. We process this data to protect our legitimate interest in providing a functioning website (Art. 6 (I) f) GDPR).


Data Security
Every access to our website is stored in a log file. We process these data for the purpose of data security. Processing your data for that purpose is based on our legitimate interest in guaranteeing data security (Art. 6 (I) f) GDPR).

Optimisation of Our Websites
We constantly optimise our websites in order to offer you the best user of shopping experience. For this purpose we process the specified data about your use of our website. We use your data for evaluation of the usability, functionality and appeal of our website. For that purpose, your data will be aggregated to statistics without personal information. With that you support our trouble-shooting, optimisation of user experience and development of our websites. We will not match visitor data with your name or other personal information that you provide to us (if any). Processing your data for the described purposes is based on our legitimate interests in troubleshooting, optimization and development of our webshop/site (Art. 6 (I) f) GDPR). Please refer to the chapter ‘Information About Cookies’ for more information on objection against such processing.
Here you can opt-out from the described processing:
<Platzhalter für Opt-Out von etracker>

Inquiries
We process your data that you give to us when you have a question or another concern. This may include data that you send to us via email or submit via contact form. Processing your data is required for dealing with your concern. It is based on our legitimate interest in answering your questions and inquiries (Art. 6 (I) lit. f) DS-GVO).

Display of Videos In order to be able to use some of the videos on our website, the specified data need to be processed. Your data will only be processed to display videos and passed on to the service provider Google Ireland Ltd (hereafter referred to as "Google") as soon as you give your consent by activating the video service (Art. 6 (I) lit. a) GDPR). This makes Google aware that our website has been accessed via your IP address. In addition, Google cookies will be set. The processed data can also be used by Google for their own purposes, including the analysis of usage behaviour or market research and marketing purposes. Access from or storage in third countries with a data protection level that deviates from that of the EU cannot be excluded. More information about the use of personal data can be found in Google's privacy policy.
You can delete the cookies set at any time in your browser’s settings.
This does not apply when you view videos accessed via QR codes in our performance programme booklet. These videos are played through your own video player software.

Display of Publications
In order to be able to see the publications on our website, the specified data need to be processed. Your data will only be processed to display the contents and passed on to the service provider Issuu ApS (hereafter referred to as "Issuu") as soon as you give your consent by activating the service (Art. 6 (I) lit. a) GDPR). This makes Issuu aware that our website has been accessed via your IP address. In addition, Issuu cookies will be set. The processed data can also be used by Issuu for their own purposes, including the analysis of usage behaviour or market research and marketing purposes. Access from or storage in third countries with a data protection level that deviates from that of the EU cannot be excluded. More information about the use of personal data can be found in Issuu’s privacy policy.
You can delete the cookies set at any time in your browser's settings.

Information About Cookies
Cookies which are necessary for the service provision are set on our websites. The processing is based on our our legitimate interest (Art. 6 (I) f) GDPR) in providing a working website.
Displaying publications and YouTube videos on our website will have cookies by Google Ireland Ltd (hereafter referred to as "Google") or Issuu ApS (hereafter referred to as “Issuu”) set, which may be used by the respective provider for analysis of user behaviour and for market research or marketing purposes. The cookies are not set until you consent to the processing. You can delete the cookies any time in your browser’s settings.



Specification Purpose Lifecycle Objection
BIGipServer~ASP~webshop.operamrhein.de Identification of the session (service provision) Until closing the browser (end of session) Not applicaple
iutk Sets an individual user ID. Can be used by Issuu for analysis of user behaviour, market research or marketing purposes. 180 days You can delete the cookies any time in your browser’s settings.
ANID Can be used by Google for analysis of user behaviour, market research or marketing purposes. 8 years You can delete the cookies any time in your browser’s settings.
VISITOR_INFO1_LIVE Can be used by Google for analysis of user behaviour, market research or marketing purposes. 180 days You can delete the cookies any time in your browser’s settings.
YSC Can be used by Google for analysis of user behaviour, market research or marketing purposes. session You can delete the cookies any time in your browser’s settings.
NID Can be used by Google for analysis of user behaviour, market research or marketing purposes. 6 months You can delete the cookies any time in your browser’s settings.
CONSENT Stores your consent for displaying the content 2 years Not applicaple
II. PROCESSED DATA
Data Service provision Data security Optimisation of websites Inquiries Display of videos / publications
IP address X X X X
name of the accessed file X X X
transferred data volume X X X
accessed website X X X
contents of accessed website X
next accessed pages during the session (visit of our website) X
referrer URL (the previously visited website) X X
user agent sent by your browser X X X
session cookie X X
date and time of access X X X
operating system X X X
browser type X X
shopping cart contents X X
user location: country, region, city, approximate latitude and longitude (geolocation) X
type, brand and version of device X
duration of visit X
interactions with the website: clicks, scroll events, downloads, internal search terms, clicked external links, played videos/displayed publications, logins, ordered items X
campaign details X
time stamp of leaving the website X
form of address X
first and last name X
e-mail address X
phone number X
date and time of inquiry X
Sources of data
We do not collect your personal data from third parties.

PROCESSING COSTUMER DATA
This section explains which data will be processed for what purpose and based on which legal basis.

I. Purchases
We process your data for handling your purchases of tickets, programme booklets, subscriptions, gift cards, excursions and souvenirs, as well as for reservations. Furthermore your data are also processed for handling cancellations or returns.
If you buy gift cards, you can choose between print and virtual gift card. We administer virtual gift cards in our ticket system and afterwards, you will receive the chosen cards by mail or may collect them yourself in the box office in Duisburg or opera shop in Düsseldorf.
If you purchase a subscription, you will be issued a subscription ID card. The ID card holds all information about the designated stage performances for the whole season. Moreover, you will receive the monthly programme by mail.
You can submit your contact data (phone number or e-mail) on a voluntary basis if you want us to serve you with important information about stage performances. This includes cancellations, postponements, programme modifications etc. Your address is required, if the purchased products will be delivered to you.
The legal basis for the processing your data for the purposes described above is the performance of the contract (art. 6 (I) b) GDPR).
If you purchase tickets at the box office on the evening of the performance, we will collect no personal data, because you receive your tickets immediately and can visit the performance subsequently.

II. Group tickets
When you purchase tickets for a whole group (e.g. school group) and you are the contact person for that process, we process your data for communication purposes in order to initiate, perform and complete the contractual relationship (purchase contract) with your institution. We either collect your data from you or we receive them from your institution.
The legal basis for the processing your data for the purposes described above is our legitimate interest in performing the contract with your institution (art. 6 (I) f) GDPR).

III. Payments
We perform your payment data for processing payments.
When paying via PayPal, your data will be forwarded to PayPal (Europe) S.à r.l. et Cie,S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereafter referred to as "PayPal"). When paying via credit card your data will be forwarded to the respective credit card provider.
The legal basis for the processing your data for the purposes described above is the performance of the contract (art. 6 (I) b) GDPR).

IV. Your Costumer Account
We process personal data in order to create a customer account in our customer master data, and for processing your purchase or administration of your customer data and purchases in the webshop.
The legal basis for the processing your data for the purposes described above is the performance of the contract (art. 6 (I) b) GDPR).

V. Communication or Inquiries
Processing your data for communication purposes is necessary to serve you with important information about the booked stage performance. This includes cancellations, postponements, programme modifications etc. Subscribers will be informed about potential reopenings.
You may contact us in several ways. We will then process your personal data within the context of the commercial relationship for the purpose of communication, including handling your inquiry. This also includes e.g. praises, criticism or questions about lost properties.
The legal basis for the processing your data for the purposes described above is the initiation or performance of the contract (art. 6 (I) b) GDPR).

VI. Requesting Publications
You may request publications (e.g. seasonal programme, monthly programmes, information material) to be sent to you by mail or e-mail. Your data are required for shipping or sending e-mails.
The legal basis for the processing your data for the purposes described above is the performance of the contract (art. 6 (I) b) GDPR).

VII. Information and advertising
We process your personal data for the purpose of advertising our own events, activities or offers and for shipment of information material. We create customer profiles in order to inform you about contents which correspond to your interests. Information will be sent by mail or e-mail.
Processing your data for shipment and creating profiles is based on our legitimate interests in advertising our events and offers (art. 6 (I) f) GDPR). Processing your data for sending e-mails is based on a legal permission (art. 6 (I) c) GDPR in conjunction with § 7 (III) UWG (Garman Law Against Unfair Competition or Gesetz gegen den unlauteren Wettbewerb)).

VIII. Newsletter
We process your personal data for sending you our e-mail newsletter. This is based on your consent (art. 6 (I) a) GDPR). We also process your data for selecting proper recipients of our offers. This is based on our legitimate interests in a systematic dispatch of our offers (art. 6 (I) f) GDPR).

IX. Costumer Surveys
We carry out customer surveys with the aim of identifying our company‘s opportunity for improvement and opportunity for supporting our customers. We process your data to invite you to our surveys.
Processing your data for that purpose is based on our legitimate interest in demand analyses and in the identification of our opportunity for supporting our customers (art. 6 (I) f) GDPR).

X. Price draws
We sometimes hold prize draws. Processing your data for your participation in our prize draw is based on the performance of the contract (Art. 6 (I) b) GDPR).

XI. Complaints
We process your data for handling your complaint. The legal basis for processing your data for the purpose of handling complaints is the performance of the contract (art. 6 (I) b) GDPR).

XII. Product recalls
If there is a product recall from a manufacturer, we process your data in order to notify you and respective public authorities (if necessary). The legal basis for processing your data in the context of product recalls is the compliance with legal requirements (Product Safety Act in conjunction with art. 6 (I) c) GDPR).





Overview of processed data
Data I. Purchases II. Group tickets III. Payment IV. Your Costumer Account
first name, last name
x
x x x
form of address x x x
email address x x x x
phone number x x x x
address x x x x
customer ID x x x x
shipment date x x
purchase details: date, contents, amount, order number, order type, order status x x x
other details e.g. desired seat x x x
invoice details (date, number, contents, net/gross amount etc.) x x
reservation, reserve until x x
performance details (title, date, time) x x
type of gift card x x
fee, seat category
x x
type of subscription, term, end of contracte x
transfer of subscription x
stage performances designated or chosen for the subscription x
different invoice recipient x x
payment method x x x
payment details depending on payment method (bank account, SEPA mandate, credit card data) x x x x
(IBAN, Sepa-Mandat, KEINE Kreditkartendaten)
sum x x x x
cart x x x
reduced fee, reason for reduced fee x x x
use of family card, honorary office card, City-Power-Card x x
Data V. Communication or Inquiries VI. Request of Publications VII. Information and Advertising VIII. Newsletter
first and last name
x
x x x
form of address x x x x
e-mail address x x x x
phone number x x
address x x x
customer ID x x x x
shipment date x
requested publications x
purchase details: date, contents, amount, order number, order type, order status x x x
reservation, reserved until x
seat number x
performance details (title, date, time) x x x
fee, seat category x x
your concern (praise, criticism, lost property etc.), correspondence and date x
reduced fee, reason for reduced fee x x
use of family card, honorary office card, City-Power-Card x x
type of gift card x
Preis, Platzgruppe x
type of subscription, term, end of contract x x x
type of school x x x
type of dispatch, campaign x x
customer group (private person/school/group) x x
newsletter subscription yes/no x x
advertisement consent yes/no x x
Data IX. Customer Surveys X. Prize Draws XI. Complaints XII. Product Recalls
first and last name
x
x x x
form of address x x x x
e-mail address x
(für Benachrichtigung und Zusendung des Gewinns)
x x
phone number x x
adress x x
(für Zusendung des Gewinns)
x x
customer ID x x
shipment date x x
purchase details: date, contents, amount, order number, order type, order status x x
invoice details (date, number, contents, net/gross amount etc.) x x
seat number x
performance details (title, date, time) x
fee, seat category x
Issue x x
SOURCES OF DATA
In general, we collect your data directly from you. We may receive your data from the purchaser if you receive tickets as a gift or accompany another person. We may also receive your data from an order that you send to institutions (such as schools) which collect orders and pass them on to us as a bundle.
Other processing purposes
In addition, the above-mentioned data are used for the following purposes in the context of a balance of interests (Art. 6 (I) (f) GDPR). The interests are described below:

1. Should a security incident occur in our company that affects your data, we are obliged to report the case to our data protection supervisory authority (Article 33 GDPR). Since our legitimate interest is to comply with this statutory reporting obligation as quickly as possible, it may happen that in the context of the investigation of the corresponding security incident data about you are processed. Reports of these security incidents to data protection supervisory authorities do not contain any of your personal data.
2. As it is in our interest to ensure the security of our systems, we regularly conduct security and efficiency tests that allow us to process your above-mentioned data.
3. Since it is our interest to solve legal disputes, we process your data in that specific case. It is also in our interest, in the event of litigation, to keep evidence until all relevant statutory limitation periods pursuant according to sections 195ff. of the German Civil Code, have expired. For this purpose, we retain the relevant data about you in accordance with these limitation periods. The retention periods cannot be globally predicted, since they depend on the particular matter in dispute and the respective statutory limitation period, which can be up to 30 years. The regular limitation period is three years.
4. In addition, it is in our interest to investigate suspected cases and to hand over relevant information to law enforcement authorities in case of a specific criminal suspicion.
5. For meeting our tax-law obligations, we engage tax counsellors. Furthermore, we engage financial auditors for meeting our duty of auditing the financial statements according to § 316 (1) Commercial Code (or German “Handelsgesetzbuch”, short HGB). Finally, as it is our legitimate interest to cooperate with auditors from tax authorities in order to prove the correct invoicing and financial statements. Documents which are regarded for these purposes may contain your personal data.
6. Errors can occur to anyone and in any organisational process. In order to optimise our processes and minimising our error rate, we process the data which are available to our company for identifying sources of error. The processing takes place in order to protect our legitimate interests in the improvement of our processes.
7. If you get in touch with one of our employees before, during or after performances of Deutsche Oper am Rhein and submit your personal data for a response, we process such data for dealing with your concern, since it is our interest to solve your concerns satisfyingly or to meet legal obligations (if such obligations arise from the issue).
8. It is our legitimate interests to allow assessments in the context of budgetary law by our holders and external funding sources. These parties assess the orderly use of resources. Assessed documents such as invoices and receipts may contain your personal data.
9. We perform (internal) audits and other control activities (e.g. data protection officer’s monitoring activities), because it is our legitimate interest to comply with legal provisions, to obtain transparency about our business processes, to constantly optimise these processes and to prevent and identify harmful acts against our business. In doing so, documents or data sets with your personal data may be processed.
10. We process your data for purposes of managing our company, for identification and persecution of financial risks, for concentrating our sales activities and for fulfilment of (contractual) obligations regarding our customers. For that purpose, the processed data will be used for the creation of reports and for evaluation. The processing takes place for protecting our legitimate interests in company and sales management as well as for fulfilment of our obligations regarding our customers.
11. We process your data for testing IT systems and software products and for migrations. The processing is necessary for satisfying our legitimate interest in evaluating if new products are correct and if migrations are complete.
12. We maintain a black list, which lists former customers or prospects whom we no longer wish to begin business relations with. For example, repeated payment failures as well as contract-abusive, deceitful or business-damaging behaviour count to the reasons. The processing occurs in line with the freedom of contract for the protection of our legitimate interest in protecting our company against financial damages or defamation.
13. Finally, we process your data for meeting legal requirements concerning infection prevention or health protection, e.g. for being able to retrace chains of contact.
Deletion or retention periods
The data used to optimise our website will be deleted thirteen months after their collection.
Data from inquiries will be deleted after six months.
Data concerning purchases will be deleted ten years after completing the annual financial statement of the year in which the purchase was made.
If the purchase is not completed, the shopping cart contents will be deleted after 15 minutes of inactivity.
Data processed for purposes of information and advertisement will be deleted five years after your last purchase.
If you unsubscribe from our newsletter and have no customer account, we delete your e-mail address after that.
You can have us delete your customer account any time. It suffices to send a message to us, in particular using the contact details presented above. We will delete your customer account if you have not logged in to it for a period of five years.
The data processed for the purpose of data security will be deleted seven days after their collection.
For the preservation of evidence, we retain data in accordance with the statutory limitation periods according to sections 195 and following of the German Civil Code. The storage duration of your data may exceed the duration stated above. The statutory limitation periods can be up to 30 years. The normal limitation period is 3 years.

Information about automated individual decision-making
There are no automated individual decisions.
Who receives your data?
The following list shows which organisations (“data recipients”) receive your data in which cases. You can read about the specific data in the corresponding sections of this data protection notice. Transfer of your data may sometimes occur due to contractual or legal requirements. In other cases, we use selected vicarious agents and service providers who work for us as com-missioned data processors (in accordance with Art. 28 GDPR) and may obtain access to your data in the required scope. Commissioned data processors are subject to numerous contractual obligations and may, in particular, process your personal data only on our instructions and solely for the fulfilment of the orders received from us.

  • Auditors
  • Banks, payment service providers
  • Auditors from our holders and external funding sources
  • Caterers
  • Data protection officer
  • Service providers for customer surveys
  • Service providers for distribution of our newsletter
  • Service providers for mass file destruction
  • Service providers for optimisation of our web shop and websites
  • Service providers for printing, letter shops
  • Recipient’s e-mail provider
  • Tax authorities
  • Courts, lawyers, contractual partners, consultants, business partners, law enforcement authorities, opposing lawyers, state or federal criminal police (for legal disputes or actual suspicious cases)
  • IT service providers
  • Suppliers
  • Tax counsellors
  • Service providers for telecommunication
  • Financial auditors
  • Customs authorities

Data Recipients in Non-EU Countries

You can purchase our tickets, programme booklets, subscriptions and souvenirs from countries beyond the EU (= so-called third countries) as well. When doing so, your data will be transferred to this country. The transfer of your data is necessary to perform the contract with you (art. 49 (I) b) GDPR). It is transferred for processing your purchase and the shipment and in order to communicate with you. We point out to the fact that the data protection level in third countries without an adequacy decision of the EU commission can deviate from that of the European Union. According to the EU commission, there is an adequate level of data protection in the following third countries: Andorra, Argentina, the Faroes, Guernsey, Isle of Man, Israel, Japan, Jersey, Canada (limited), New Zealand, Switzerland, South Korea, Uruguay, United Kingdom (cited 4/8/2022).
Our IT service providers have affiliates or subprocessors that can access your data from outside the EU or the European Economic Area (EEA). The level of data protection in third countries without an adequacy decision from the EU commission may differ from the European level of data protection. The EU Commission determines which non-EU/EEA countries ('third countries') have an adequate level of data protection. There is an adequacy decision with the issue no. C(2019) 304 for the transfer of personal data to our IT service provider's subprocessor in Japan. Our IT service providers are responsible for using EU standard contractual clauses in accordance with Commission Decision No. (EU) 2021/914 for transfer of personal data to other third countries. A model of these EU standard contractual clauses can be found on the websites of the EU Commissioner for Justice and in the Official Journal of the EU.
Videos of the Youtube platform are integrated into this website. When displaying or watching a video, information about your use of this website will be transferred to Google Ireland Limited (hereafter referred to as "Google") and cookies will be set. The processed data may be used by Google to analyse user behaviour or for market research or marketing purposes. Access to these data from or storage in countries with a level of data protection that deviates from that of the EU cannot be excluded. Please find further information about the use of personal data by Google in Google’s Privacy Policy.
We use the Issuu player to display our publications on our website. When displaying one of the publications, information about your use of this website will be transferred to Issuu ApS (hereafter referred to as "Issuu") and cookies will be set. The processed data may be used by Issuu to analyse user behaviour or for market research or marketing purposes. Access to these data from or storage in countries with a level of data protection that deviates from that of the EU cannot be excluded. Please find further information about the use of personal data by Issuu in Issuu’s Privacy Policy.

Your rights
You have the legal right to:

  • Access to your personal that we process (Art. 15 GDPR)
  • Rectification and completion of your data (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Withdrawal of your consent (Art. 7 GDPR)with effect for the future. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
  • You have the right to demonstration of your own point of view and refutation of an automated decision (Art. 22 GDPR).

    ******************************************************
  • You also have the right to object to the processing of your data which is based on our legitimate interests or the legitimate interests of a third party at any time, on grounds relating to your particular situation (Art. 21 GDPR). This also applies to profiling based on these provisions within the meaning of Art. 4 (4) GDPR.

  • Objection to direct marketing – You have the right to object to the processing of your data for the purpose of direct marketing at any time without giving reasons.[X021]
    ********************************************************

To exercise these rights, you can contact us via the contact details mentioned above.

You also have the legal right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).