Legal Notice

Information on Legal Notice, Data protection and Privacy for the websites of change-challenge.org.

The purpose of this information on data protection is to inform you on the processing of your personal data when visiting and using the websites of change-challenge.org (hereinafter “C&C”, “we” or “us”) and in reference to our marketing measures on our own websites as well the websites of third parties and on social networks in accordance with the General Data Protection Regulation (hereinafter “GDPR”).

1. Scope, controller and definitions

1.1. Scope of this data protection information

1. This information on data protection applies to the visit and use of the C&C websites on which a customer account can be created and tickets can be purchased in our online ticket shops, including online ticket shops that can be accessed via websites of Partners (so-called “Partnershops”). This information also applies to our related marketing activities on our websites, third-party websites and in social networks. You can access, save and print this information on data protection at any time and free of charge on our websites.

2. This information on data protection only concerns the processing of personal data within the meaning of Section 1.1.1. Other websites are not covered by this privacy information and provide their own specific information on data protection.

1.2. Controller for the processing of your personal data 

Unless otherwise stated in this data protection declaration, the following is the controller for the processing of your personal data:

UBE Europe GmbH
Immermannstraße 65B
40210 Düsseldorf, Germany
E-mail: info@change-challenge.org

For processing in connection with the execution of orders through certain Partnershops – we are jointly responsible, together with the respective operator of the partner site, as described in detail in section 2.6 below.

1.3. Definitions

This information on data protection is based on the following terms on data protection, which we have defined for easier understanding:

1. The GDPRis the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).

2. Recipientis a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. Authorities, however, which within the framework of a specific inquiry mandate may receive personal data under Union law or the law of the Member States shall not be considered recipients; the processing of such data by these said authorities is carried out in accordance with the applicable directives on data protection in accordance with the purposes of the processing. Depending on the method of payment selected for ticket purchases, the recipients of your personal data may be banks or the postal service providers via whom we send you your ticket by post.

3. Personal data are all information relating to an identified or identifiable natural person, i.e. the data subject. An identifiable natural person is one who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data can, for example, be name, contact data, user behavior or bank data.

4. The Controller is the natural or legal person, public authority, agency or other body which alone or jointly with others decides on the purposes and means of processing personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his appointment may be laid down in accordance with Union law or the law of the Member States. For the data processing described in this privacy policy, UBE Europe GmbH is responsible; partly together with the operator of a partner-site (see section 1.2).

5. Processing is any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transfer, disseminating or otherwise making available, aligning or combining, restricting, erasing or destroying. Processing can be, for example, the collection and use of your order data for ticket sales.

2. Purposes, legal bases and, if applicable, data categories for processing your personal data

2.1. Processing of your data when you visit our websites as well as part of marketing measures on third-party websites and in social networks 

If you access our websites to obtain information about our products and services without registering in the customer account, purchasing a ticket in our ticket shop or otherwise actively providing us with information (purely informational use), we process your personal data. In addition, we process your personal data as part of marketing measures on third-party websites and social networks. Your personal data is processed for the following purposes and based on the following legal bases:

2.1.1. Processing for IT security purposes

1. When using our websites, we process your personal data that is technically necessary for us to make our websites available to you and to ensure stability and security when visiting them. For this purpose, we process the following personal data:

IP address.
Browser Fingerprints.
Browser User Agents.
Cookies (see Cookie information Websites).

2. Due to our legitimate interest in providing you with the websites and safeguarding IT security for you when using them, we process your personal data based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

2.1.2. Processing for analytical purposes

1. When you visit our websites, we may possibly analyze and document how you use our websites, e.g. number of website visitors, your surfing behavior on our websites, which events and areas on our website you are interested in, origin of website visitors and, if you purchase a ticket from us, your order and shopping cart data. For this purpose, we process the following personal data:

IP address
UU ID
WEB ID
Device Fingerprints
Browser Fingerprints
Cookies (see Cookie information Websites)
Geo IP-location

2. Due to our legitimate interests in carrying out analyses to improve our websites, as well as our products and services on the basis of these analyses, and of our legitimate interest in fraud prevention and to show you individual recommendations for our products and services when visiting our websites, we process your personal data according to Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

3. For this analysis, we use Google Analytics, a web analysis service of Google LLC (“Google”). Google Analytics uses cookies that enable an analysis of the use of our websites. The information generated by the cookie about the use of our websites is in general transferred to a Google server in the US and stored there. However, if IP anonymization is activated on our websites, Google will reduce the IP address of the website visitor within member states of the European Union or in other signatory states to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there. On behalf of C&C, Google will use this information to evaluate the use of the websites, to compile reports on the website activities and to provide C&C with further services associated with the use of the website and the Internet.

The IP address transferred by the user’s browser within the scope of Google Analytics is not merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of these websites.
You can also prevent Google from recording the data generated by the cookie and relating to your use of the websites (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

Execute objection (opt-out)(Google Analytics Tracking will be disabled when you click on the link)

An opt-out cookie is set to prevent future recording of your data when using these websites. Our websites use Google Analytics with the extension “_anonymizelp()”. As a result, IP addresses are processed further in abbreviated form; direct personal reference can thus be ruled out.

Google Analytics is used in accordance with the conditions on which the German data protection authorities have agreed with Google.
Further information on terms of use and data protection can be found at:

https://www.google.de/intl/de/policies/terms/regional.html

https://policies.google.com/privacy?hl=en&gl=de

Explanation of Google’s use of third party data: https://policies.google.com/technologies/partner-sites

In connection with the use of Google Analytics, your personal data is transferred to the US. Google LLC is subject to the EU-US Privacy Shield. This safeguards an adequate protection of your personal data. The complete text of the EU-US Privacy Shield Framework can be found under the following link:

EU-U.S. Privacy Shield Framework Principles Issued

2.1.3. Processing for the purpose of individual recommendations on our websites

1. If you visit our websites, we analyze and document your user behavior to display individual recommendations on the websites based on this data. For this purpose, we process the following personal data:

IP address
UU ID
WEB ID
Device Fingerprints
Browser Fingerprints
Cookies (see Cookie information Websites)
Geo IP-location

2. Due to our legitimate interest in displaying product recommendations and carrying out marketing measures, we process your personal data based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR. If you would like to object to the data processing due to our legitimate interest in displaying product recommendations and carrying out marketing measures, please click on the following link: Cookie Settings.

3. We use Google AdWords for the processing. If you would like to object to the data processing by Google AdWords, please click on the respective link (opt-out option):

Google AdWords: https://www.google.com/settings/ads/

4. In connection with the use of Google AdWords, your personal data is transferred to the US. Google LLC is subject to the EU-US Privacy Shield. This safeguards an adequate protection of your personal data. The complete text of the EU-US Privacy Shield Framework can be found under the following link:

https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004qAg

5. For further details on data processing by Google AdWords, please refer to the corresponding information on data protection:

Google AdWords: https://policies.google.com/privacy?gl=GB&hl=en

Explanation of Google’s use of third party data: https://policies.google.com/technologies/partner-sites

2.1.4. Processing for purposes of advertising and re-targeting on third party websites and social networks

1. If you visit our websites, we process your personal data for advertising measures in the form of remarketing and display advertising as well as with the help of social media plug-ins and for social media ads.

2. As part of display advertising, we carry out various marketing campaigns using tags (pixels) and cookies from our retargeting providers. When you visit our websites, tags and cookies are set and associated with products you have viewed or purchased. This allows you to see individual displays for C&C products. We also play banner ads to LinkeIn users who have a similar profile to our existing customers and website visitors. For this, we process:

Web page type called up,
viewed product number,
when purchasing a ticket: ordered product number, sales value and order number, as well as preferences and
cookie IDs.

Due to our legitimate interest in advertising our products and services with the aid of targeted marketing measures, we process your personal data on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR. If you do not want the retargeting function, you can basically deactivate it by making the appropriate settings (opt-out function) at the following link:

Google: http://www.google.com/settings/ads

LinkedIn: http://www.youronlinechoices.com/de/praferenzmanagement/

In connection with the use of tags and cookies from Google and LinkedIn, your personal data is transferred to the US. Google LLC and Facebook, Inc. are subject to the EU-US Privacy Shield. This safeguards an adequate protection of your personal data. The complete text of the EU-US Privacy Shield Framework can be found under the following link:

https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004qAg

For further details on data processing by the retargeting providers, please refer to the corresponding data protection information:

Google: https://policies.google.com/privacy?hl=de

Explanation of Google’s use of third party data: https://policies.google.com/technologies/partner-sites

LinkedIn: https://www.linkedin.com/legal/privacy-policy

4. If you have finished a ticket purchase from us, a cookie is set by Google AdWords. If you enter corresponding search terms in Internet search engines after your purchase, individual recommendations for C&C products and services can be displayed to you on the basis of your purchase with the help of this cookie (search engine marketing).

Your personal data is processed in the process. Due to our legitimate interest in displaying product recommendations and carrying out marketing measures, processing is carried out based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

If you would like to object to the data processing by Google AdWords, please click on the respective link (opt-out option):

Google AdWords: https://www.google.com/settings/ads/

In connection with the use of Google AdWords, your personal data is transferred to the US. Google LLC are subject to the EU-US Privacy Shield. This safeguards an adequate protection of your personal data. The complete text of the EU-US Privacy Shield Framework can be found under the following link:

https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004qAg

For further details on data processing by Google AdWords, please refer to the corresponding information on data protection:

Google AdWords: https://policies.google.com/privacy?gl=GB&hl=en

Explanation of Google’s use of third party data: https://policies.google.com/technologies/partner-sites

5. Our websites contain social media plug-ins (e.g. Facebook, LinkedIn “Like/Share-Button”). If you click on these on our websites and you have an account on the corresponding social network, a connection to the social network is established where the content you have “liked” appears. Besides the content that you have “liked”, we process:

Your IP address,
accessed web page and,
date and time of the end of your visit to the website

We process your personal data to increase the reach of our offer and to carry out marketing measures. Your personal data is processed based on your consent as defined in Art. 6 Para. 1 Sentence 1 lit. a) GDPR, which you grant us when activating the button and subsequently clicking the “Like/Share button” (so-called 2-click solution).
In doing so, your personal data is transferred to the US. Microsoft Corp. is subject to the EU-US Privacy Shield. This safeguards an adequate protection of your personal data. The complete text of the EU-US Privacy Shield Framework can be found under the following link:

https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004qAg

For further details on data processing, please refer to LinkedIn´s information on data protection:

https://www.linkedin.com/legal/privacy-policy

For further details on data processing, please refer to LinkedIn’s information on data protection:

https://www.linkedin.com/help/linkedin/answer/92055/understanding-your-privacy-settings?lang=en

2.1.5. Use of cookies 

1. When using our websites, cookies are stored on your computer. Cookies are small text files that are assigned and stored on your hard disk by the browser you use. Cookies allow certain information to flow to the controller that sets the cookie. These also contain personal data. This allows us to make our websites more user-friendly and effective. Cookies cannot run programs or transmit viruses to your computer.

2. For the use of cookies on the websites of our ticket shop, the Cookie Information websites of C&C (see Cookie information Websites) apply.

2.2. Ticket purchases in the online ticket shop and in our reservation offices. 

1. We process your personal data when you buy a ticket on our websites in the ticket shop through eventbrite, in our reservation offices and provide personal data. The processing is carried out for the purpose of contract execution and processing with you based on Art. 6 Para. 1 Sentence 1 lit. b) GDPR.

2. If you purchase a ticket for another person (third party), we process the third party´s personal data (name and, if applicable, contact data) provided by you for ticket personalization and, if applicable, for sending the ticket to the third party. These data are processed for the purpose of contract execution and processing with you based on Art. 6 Para. 1 Sentence 1 lit. b) GDPR. If you provide data of a third party when purchasing a ticket, make sure that the third party is sufficiently informed by you about the processing of his/her data at C&C and that you are entitled to provide the data.

3. When you purchase a ticket through our websites and choose either “purchase on account” or “hire purchase” payment methods, eventbrite uses tools to identify potential fraud. A corresponding check only takes place if you give your consent (opt-in). If the check is negative, the payment methods “purchase on account” or “hire purchase” are rejected. However, all other payment methods listed in the ticket shop are still available to you. When using the tools, it is possible to draw conclusions about your person. We process your personal data based on your consent as defined in Art. 6 Para. 1 Sentence 1 lit. a) GDPR and due to the fact of our legitimate interest and eventbrite´s legitimate interest in fraud prevention based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

4. When issuing personalized tickets, we may also process special categories of personal data, such as your health data, if you provide such information when purchasing a ticket and agree that we may process this data. This includes, for example, the information that you are a wheelchair user, have an allergy or intolerance to food or a severe disability. We process this data to provide you with special price categories, special access to an event and special seats during the event. Your data is processed based on your consent as defined in Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

2.3. Ticket sales via websites of special cooperation partners

1. If you purchase tickets through the websites of our cooperation partners (“Partner Sites”), your personal data will be processed in the respective Partnershop for the purpose of executing your order. As mentioned in section 1.2, certain cooperation partners are jointly responsible with us (Art. 26 GDPR) for processing your personal data in the context of ticket purchase within the meaning of this section.

2. We process your personal data as joint controllers with our special cooperation partners as defined in section 1.2, for the purposes and on the legal basis as described in detail in this Privacy Policy.

3. Please contact us if you have any inquiries regarding this Privacy Policy (see contact details in section 1.2). Upon request, we would also provide you with the essentials of the agreement on shared data protection responsibility with our respective cooperation partners.

4. The processing of data about users of a Partnershop in connection with the use of an Internet offer and its functions outside of order processes (including processing for the purposes of IT security, usage analysis and the display of advertising – if necessary using cookies) is not subject to the common data protection responsibility with the cooperation partner. C&C is solely responsible for these processing activities.

2.4. Credit assessment and profiling 

1. If the customer selects the SEPA direct debit payment method, Eventbrite reserves the right to obtain credit information from SCHUFA within the scope of this contractual relationship.

2. Credit risk is assessed based on mathematical-statistical procedures at the credit agency (SCHUFA Holding AG, Kormoranweg 5, D-65201 Wiesbaden, Germany), so-called scoring. For this purpose, your personal data, which are necessary for the credit assessment (name, address, birthday) are transferred to the credit agency. Eventbrite processes your personal data for the purpose of credit assessment to avoid payment default. Based on the transferred personal data, including address data, a statistical probability of a credit default and thus your solvency is calculated. The credit agency then transfers your score value to us. Furthermore, Eventbrite reserves the right to transmit data on non-contractual behavior or fraudulent behavior to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden in the event of continued non-payment of claims that are not substantiated and disputed. The data exchange with SCHUFA also serves the fulfilment of legal obligations to carry out creditworthiness checks of customers (§§ 505a and 506 BGB). The SCHUFA processes the data received and also uses them for the purpose of creating a profile (scoring) in order to provide its contractual partners in the European Economic Area and in Switzerland as well as any other third countries (insofar as the European Commission has issued a decision on the appropriateness of such data) with information for the purpose of assessing the creditworthiness of natural persons, among other things. This personal data is processed for the execution of your contract with us based on Art. 6 Para. 1 Sentence 1 lit. b) GDPR as well as due to our legitimate interest in avoiding a default of payment on your part, according to Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

3. If you choose the payment method installment purchase and invoice purchase, Eventbrite reserves the right to obtain creditworthiness information within the scope of this contractual relationship. For further information please refer to the General Terms and Conditions of Eventbrite or the Special Terms and Conditions for Installment Business of Eventbrite as well as the Privacy Policy of Eventbrite (information according to Art. 14 DS-GVO).

4. The decision as to whether payment by direct debit, hire purchase and/or invoice purchase is possible is based on an automated decision. If your customer and order data are similar to the data of an order with payment problems, one of our employees will check your order process separately and manually.

5. If the credit check is positive, payment by direct debit, hire purchase and/or purchase on account is possible; if it is negative, Eventbrite cannot offer you the payment method “direct debit”, “hire purchase” and/or “purchase on account”. Payment by another payment method is still possible.

6. The scope of the scoring is limited to whether payment by direct debit, hire purchase and/or purchase on account is possible. Eventbrite uses the scoring exclusively to prepare and execute the contract with you and to protect ourselves against possible payment defaults.

7. Further information on the activities of the SCHUFA can be found in the SCHUFA Information Sheet pursuant to Art. 14 DS-GVO or can be viewed online at https://www.schufa.de/en/data-privacy/

2.5. Shopping cart canceller e-mails

1. If you have started an order process in our ticket shop on our websites but have not completed it, we will send you a reminder e-mail to the e-mail address stored in your customer account regarding the purchase process you have started. You can complete this purchase process by logging into your customer account on our websites.

2. We process your personal data in order to remind you within the context of marketing measures of purchase processes that you have not yet completed. If you have not yet purchased a ticket from us, we will process your data based on your consent according to Art. 6 Para. 1 Sentence 1 lit. a) GDPR. If you have already purchased a ticket from us, we process your personal data provided in previous order processes due to our legitimate interest in carrying out marketing measures based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

2.6. Customer surveys

1. To continuously improve our products and services and adapt them to your needs, we regularly invite our customers to participate in customer surveys. In doing so, we will use the information you provide during the ticket purchase process to contact you.

2. Due our legitimate interest in improving our products and services, we process your personal data based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

2.7. Information e-mails, newsletters and web browser pushes

1. If you visit our websites for information purposes only or if you create a customer account, you can register for our newsletter. Via the newsletter, we inform you about products and services and advertise them, if necessary, personalized. In doing so, we process your personal data based on your consent as defined in Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

2. If you have purchased a ticket from us, we may send you information e-mails in order to inform you, for example, about the directions, parking spaces and other specifications. For this purpose, we process your personal data for the purpose of contract execution based on Art. 6 Para. 1 Sentence 1 lit. b) GDPR.

3. After purchasing a ticket, we send you individual newsletters about similar events, services and promotions. Due to our legitimate interests in informing you about changes to our products and services, in advertising our products and services and in carrying out marketing measures, we process your personal data on the basis based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

4. When you subscribe to our newsletter, we analyze and document whether you open the newsletter and how you use it. We process your personal data based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR to pursue our legitimate interest of structuring our newsletter in accordance with your needs and to improve the range of our marketing campaigns.

2.8. Customer Service

1. If you have any questions about events, your ticket purchase, your customer account or other C&C products and services, if you wish to exercise your rights under this information on data protection or if you wish to make a complaint, you can contact us (see contact details under Section 1.2).

2. Depending on the subject of your request, we may use your personal data stored in our systems in the course of other data processing (e.g. data that you have provided when purchasing tickets) to answer your questions. If and to the extent necessary to answer your inquiry, we also collect data from external sources.

3. Your personal data are processed for the purpose of executing the contract with you based on Art. 6 Para. 1 Sentence 1 lit. b) GDPR. If you exercise your rights towards us, we process your personal data for the purpose of fulfilling a legal obligation based on Art. 6 Para. 1 Sentence 1 lit. c) GDPR. If you wish to inform yourself about our products and services or to make a complaint, we process personal data due to our legitimate interests in carrying out marketing measures and responding to your complaint based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

4. If you send us health data within the scope of your inquiry (e.g. information that you have a severe disability), we process this personal data only and insofar as this is necessary to answer your request and you have given us your express consent for this as defined in Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

2.9. Reversed transactions on tickets

1. If necessary, it comes to a reversed transaction of your order. Your personal data will be processed based on Art. 6 Para. 1 Sentence 1 lit. b) GDPR.

2. If you have not purchased your ticket from us yourself, but received it as a gift from the buyer, for example, and now send in the ticket due to the cancellation or relocation of the event, we process the data that you as a different sender provide us with informally or via the form on our website. We process your personal data for the purpose of returning your ticket and making a refund based on Art. 6 Para. 1 Sentence 1 lit. b) GDPR.

3. If you have provided special personal data on yourself or a third party when purchasing a ticket, we process this data for the purpose of reversing the ticket transaction on the basis of your consent as defined in Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

2.10. Dunning, collection and enforcement and defense of legal claims

1. In the case of outstanding receivables to us, we notify you by e-mail, SMS, post or telephone and, if necessary, send you a reminder. If and to the extent that no payment is made by you as a result, a collection procedure is initiated. If and to the extent that no payment is made by you as a result, a collection procedure is initiated.

2. The collection procedure is carried out by a collection service provider commissioned by us. As far as this is necessary for the execution of the collection procedure, the collection service provider carries out address investigations and accesses public registers for this purpose.

3. We process your personal data for the purpose of executing and processing the contract with you based on Art. 6 Para. 1 Sentence 1 lit. b) GDPR and due to our legitimate interests in preventing misuse of our services and enforcing our legal claims, including collection, based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

4. In the context of a legal dispute with you, we process your personal data to enforce and/or defend our rights. If and insofar as this is necessary for executing the legal dispute, we also make use of data from other sources (e.g. public registers). We process your personal data based on a legal obligation based on Art. 6 Para. 1 Sentence 1 lit. c) GDPR and due to our legitimate interest in representing, enforcing and / or defending our legal interests, based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

2.11. Other processing

2.11.1. Performance of internal audits and compliance

1. If we implement compliance programs and measures, for example to implement the requirements of the German Corporate Governance Code (DCGK) and to identify and correct misconduct, corresponding processing of your data may also occur. Additionally, your personal data can be processed within UBE Europe GmbH in Germany and abroad in connection of internal audits.

2. We process your personal data to comply with our statutory obligations, based on Art. 6 Para. 1 Sentence 1 lit. c) GDPR. In addition, due to our legitimate interests in reviewing the processes and efficiency in the group of companies, correcting any misconduct and preventing fraud and, if necessary, in enforcing and/or defending our rights, we process your personal data on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

2.11.2. Preparation of analyses

Based on your data, which we process as defined in Section 2 of this information on data protection, we may prepare analyses. These serve as the basis for business decisions to improve our products and services, to adapt them to the needs of our customers and to carry out marketing measures. Due to our legitimate interest in improving our offer and carrying out marketing measures, we process your personal data based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR. The analyses created on this basis no longer contain any personal references, meaning it is no longer possible to draw any conclusions about your person.

3. Storage and erasure of your personal data

1. We store your personal data for as long and as far as it is necessary for the purposes for which they are processed (Section 2).

2. As soon as the data is no longer required for the purposes stated in Section 2, we store your personal data for the period in which you can assert claims against us or we against you (statutory limitation period usually of three years, beginning at the end of the year in which the claim arises; e.g. at the end of the ticket transaction).

3. In addition, we store your personal data for as long as and insofar as we are legally obliged to do so. Corresponding proof and storage obligations result, inter alia, from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act (e.g. Section 257 HGB; Section 147 AO). The retention period is up to ten years.

4. Categories of recipients of personal data

1. When providing, implementing and managing our products and services, we collaboratively transfer your personal data to companies within change-challenge.org as part of a work-sharing process. The transfer is based on our legitimate interest in carrying out internal administrative activities efficiently and collaboratively as well as in improving our products and services on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

2. If you purchase tickets on the websites of our partners, we transfer your personal data to them for marketing purposes if you give us your consent for this within the meaning of Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

3. When you purchase tickets on the websites of our special cooperation partners, we process your personal data as joint controllers with our partners. Based on the agreement concluded with our partners (Art. 26 in conjunction with Art. 6 Para. 1 Sentence 1 lit. b) GDPR), we transfer your personal data for the purpose of contract execution and, if applicable, processing with you based on Art. 6 Para. 1 Sentence 1 lit. b) GDPR. We also transfer your personal data to our partners for statistical evaluations due to our legitimate interest in improving our products and services together with our partners based on these analyses and carrying out marketing measures. Your personal data is processed based on Art. 6 Para. 1 Sentence 1 lit. b) GDPR.

4. In addition to this, your personal data is transferred to IT service providers who provide the platforms, databases and tools for our products and services (e.g. our website, the sale of tickets, sending of newsletters and information e-mails), create analyses of user behavior on our websites, display marketing campaigns and process your personal data on our behalf as part of ticket purchases. The transfer of your personal data takes place for the purpose of contract execution with you based on Art. 6 Para. 1 Sentence 1 lit. b) GDPR, due to our legitimate interest in improving and promoting our products, based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR and provided that you have given us your consent within the meaning of Art. 6 Para. 1 Sentence 1 lit. a) GDPR for the processing of your personal data.

5. When you purchase a ticket on our websites, we offer you various payment options. For the processing of the payment and, if necessary, a refund of the purchase price, we transfer your personal data to banks, payment service providers, financial service providers and credit card companies, depending on the selected payment method. We transfer your personal data for the processing of your ticket purchase and, if necessary, the reverse transaction based on Art. 6 Para. 1 Sentence 1 lit. b) GDPR. In addition, we may also transfer your personal data to credit agencies to check your creditworthiness. The transfer is made to execute the contract with you based on Art. 6 Para. 1 Sentence 1 lit. b) GDPR and due to our legitimate interest in avoiding payment defaults on your part, according to Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

6. If you select “PayPal” as payment option when purchasing tickets, we transfer your personal data. Your personal data is transferred based on your selected payment method and in order to process the payment with you. In doing so, your personal data is transferred to the US. In the case of the US, the EU Commission has not decided that an adequate level of data protection within the meaning of the GDPR exists; there is no such adequacy decision (Art. 45 GDPR). However, we transfer your data for the purpose of contract execution with you based on Art. 6 Para. 1 Sentence 1 lit. b) in conjunction with Art. 49 Para. 1 Sentence 1 lit. b) and c) GDPR.

7. If you fail to meet your payment obligations, we initiate a collection procedure. For the execution of the collection procedure, we transfer your personal data to collection service providers who carry out the procedure for us. We process your personal data for the purpose of executing and processing the contract with you based on Art. 6 Para. 1 Sentence 1 lit. b) GDPR and due to our legitimate interests in enforcing our legal claims, including collection, based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

8. In the context of legal disputes, we transfer your data to the competent court and, if you have appointed a lawyer, to him/her to carry out the legal dispute. We process your personal data based on a legal obligation on the basis of Art. 6 Para. 1 Sentence 1 lit. c) GDPR and due to our legitimate interest in representing, enforcing and / or defending our legal interests, based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

9. We are entitled to transfer your personal data to the Event Organizer if there is a suspicion that you have violated the Organizer’s general terms and conditions, so that the organizer can take legal action or assert other legal claims against you. The processing of your personal data is carried out for the purpose of implementing and executing the contract on the basis of Art. 6 Paragraph 1 S. 1 lit. b) DS-GVO as well as on the basis of the legitimate interests of the respective organizer for the purpose of legal prosecution on the basis of Art. 6 Paragraph 1 S. 1 lit. f) DS-GVO.

10. Guest lists are created for some events and sent to the organizer to check your eligibility to participate in the event, to allocate seats and to take menu requests into account. We transfer your personal data for the purpose of contract execution with you and with our contractual partners based on Art. 6 Para. 1 Sentence 1 lit. b) GDPR. If and as far as this is necessary for the event, we also transfer health data (e.g. information on allergies at food events), if you have provided this information when purchasing a ticket and given us your consent for the transfer of the data as defined in Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

11. Information e-mails and newsletters are sent by service providers commissioned by us and, in some circumstances, we may analyze and document your use of them. For this purpose, we transfer your personal data to the service providers. In doing so, we process your personal data as follows:

– If you give us your consent to send you newsletters when visiting our websites for information purposes only or when creating a customer account, we transfer your data on the basis of your consent within the meaning of Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

– After purchasing a ticket, we transfer your personal data in order to provide you with information on the event, for the purpose of executing the contract with you on the basis of Art. 6 Para. 1 Sentence 1 lit. b) GDPR.

– In addition, after purchasing a ticket, we transfer your personal data to inform you about changes to our products and services and to promote our products. The transfer of your personal data occurs due to our legitimate interest in carrying out marketing measures, based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

– In order to analyze the use of our newsletter, we transmit your personal data based on Art. 6 Para. 1 Sentence 1 lit. f) GDPR to pursue our legitimate interest of structuring our newsletter in accordance with your needs and to improve the range of our marketing measures.

12. We conduct customer surveys and customer evaluations. For this purpose, your contact details are sent to our mailing service providers, via whom we invite you to our surveys and evaluations. We process your personal data based on our legitimate interest in improving our products and services on the basis of your evaluation and conducting surveys and evaluations efficiently, on the basis of Art. 6 Para. 1 Sentence 1 letter f) GDPR.

13. Beyond this, we transfer your personal data only and insofar a legal obligation exists on our part to pass it on. The transfer takes place based on Art. 6 Para. 1 Sentence 1 lit. c) GDPR (e.g. to the police authorities in the context of criminal investigations or to the data protection supervisory authorities).

5. Justified interests in data processing and objection 

1. We process your personal data as defined in Section 2 due to our legitimate interests particularly in ensuring IT security on our websites, carrying out analyses and marketing measures, informing you about our products and services, increasing the scope of our products and marketing measures, preventing fraud and misuse, avoiding payment defaults, representing, enforcing and defending our legal interests (possibly also in court) and carrying out internal administration efficiently and collaboratively. Information on the balance of interests carried out can be obtained from:

info@change-challenge.org

2. To the extent, we process your personal data based on these legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR), you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation. Notwithstanding the above, in cases of direct advertising (such as newsletters or retargeting measures) you have the right to object at any time to the processing of your personal data without giving reasons. We will then no longer process your data for this/these purpose(s) unless our legitimate interests in processing overweight or the processing serves to establish, exercise or defend legal claims. Please send your request to:

– by e-mail to info@change-challenge.org, or

– in writing to UBE Europe GmbH, Change & Challenge Initiative, Immermannstraße 65B, 40210 Düsseldorf, Germany.

3. If you object to the data processing, we process your personal data collected in this context to answer your inquiry. Your personal data is processed in order to fulfil a legal obligation based on Art. 6 Para. 1 Sentence 1 lit. c) GDPR.

6. Consent and revocation of your consent

1. If you have given us your consent for the processing of your personal data, you can revoke this at any time. The revocation of your consent is effective for the future. The legality of the processing of your personal data up to the time of revocation remains unaffected.

Your consent to the use of your email address for the purpose of advertising or market or opinion research can be revoked:

Otherwise, please address your revocation:

– by e-mail to info@change-challenge.org, or

– in writing to UBE Europe GmbH, Change & Challenge Initiative, Immermannstraße 65B, 40210 Düsseldorf, Germany.

2. If you revoke your consent, we will process your personal data collected in this context to respond to your inquiry. Your personal data is processed in order to fulfil a legal obligation based on Art. 6 Para. 1 Sentence 1 lit. c) GDPR.

7. Your rights

1. You may at any time, in accordance with the GDPR, request that we

– provide you with information about the personal data concerning you that we process (Art. 15 GDPR),

– rectify any personal data concerning you that is inaccurate (Art. 16 GDPR) and/or

– erase (Art. 17 GDPR), block (Art. 18 GDPR) and/or release (Art. 20 GDPR) your personal data stored by us.

2. Please send your request:- by e-mail to info@change-challenge.org, or

– in writing to UBE Europe GmbH, Change & Challenge Initiative, Immermannstraße 65B, 40210 Düsseldorf, Germany.

3. If you assert your rights against us, we process your personal data collected in this context to answer your inquiry. Your personal data is processed in order to fulfil a legal obligation based on Art. 6 Para. 1 Sentence 1 lit. c) GDPR.

4. Without prejudice to your rights under Section 7, you may lodge a complaint with a data protection supervisory authority if you believe that C&C’s processing of personal data concerning you is in breach of the GDPR (Art. 77 GDPR).

8. Other

1. The provisions of this information on data protection (available free of charge on our websites), including the cookie information of UBE Europe GmbH (available free of charge on our websites) apply in the version valid at the time of use of our websites.

2. We reserve the right to supplement and amend the content of the information on data protection. The updated data protection information is valid from the time it is published on our websites.

3. We will inform you in good time about these amendments and supplements on our websites. You will be given the opportunity to view, print and save the amended information on data protection free of charge.

9. Contact details of the Data Protection Officer

Please direct any questions regarding data protection to:

Change & Challenge – Data Protection
UBE Europe GmbH
Immermannstraße 65B
40210 Düsseldorf
Germany
E-mail: info@change-challenge.org