Please find the German version here: https://bakenight.com/pages/datenschutzerklarung
Of BakeNight GmbH, Mariendorfer Damm 1, 12099 Berlin, Germany.
I. Name and contact details of the responsible entity
Mariendorfer Damm 1, 12099 Berlin, Germany
Server Log Files
We collect data, so-called “server log files”, on any access to the server on which the www.bakenight.com website is located. This access data includes, for example, the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
The legal basis for the data processing is Art. 6, para. 1, lit. f), EU GDPR.
We provide a contact form to give you the opportunity to contact us electronically. The data entered in the contact form will be transmitted to us and stored. For this purpose, the e-mail address is required. Additional information is voluntary.
The legal basis for the data processing is your consent, under Art. 6, para. 1, lit. a), Art. 6, our contract with you under para. 1, lit. b) and our legitimate interests under Art. 6, para. 1, lit. f), EU GDPR.
We offer a regular newsletter that requires you to provide your e-mail address in order to receive it. Before we send you the newsletter, you must expressly confirm that you wish to receive our newsletter using double opt-in procedure. You will then receive a confirmation and authorization e-mail containing a link. By clicking on this link, you confirm that you wish to receive the newsletter. This registration is recorded in order to provide legal proof of the registration process.
You may unsubscribe from the newsletter at any time. The corresponding link can be found in every newsletter sent. Alternatively, you may revoke your consent by contacting us at email@example.com.
The legal basis for the data processing is your consent under Art. 6, para. 1, lit. a), EU GDPR.
The legal basis for the data processing is our legitimate interests under Art. 6, para. 1, lit. f), EU GDPR.
When ordering a ticket, the following data must be provided.
The following fields are optional (when ordering as a company):
Street and house number
When ordering books, the address must also be provided.
III. For what purposes will the data be used?
Personal data is only collected, stored and processed to the extent necessary for the provision of the service, the execution of the contract or the response to the inquiry. We only process your personal data in strict compliance with data protection regulations. In particular, such data will only be processed if a legal permit has been obtained. In particular:
Server Log Files
The mentioned data is processed by us to establish a connection to our website. The processing is necessary to ensure the security and stability of the system. We use the log data solely for statistical evaluations, for the purpose of business operations, the security of the service and the optimization of the offer. We reserve the right to check the log data if there is suspicion of illegal use of the service provided on the basis of concrete indications.
The contact form allows you to contact us easily. Collecting your e-mail address is essential in order to be able to answer your request. If, in addition, data such as name, address or similar, is processed, the processing serves to individualize the respective user, to be able to respond as best as possible to his request and to prevent any misuse of the contact form.
The purpose of the newsletter is to give the subscriber the opportunity to take part in competitions and to receive current information. Collecting the e-mail address serves to send the newsletter.
The order data is used to process the order and send the ticket to the customer via e-mail. We ask for the phone number in order to be able to reach the customer in case of event cancellations or changes of location on short notice.
Artists may download a guest list before the event. Only the first and last names of the participants are listed on the guest list. Artists have no access to the e-mail address or telephone numbers of the guests.
The order data is used to send the books.
IV. Is any data passed on to third parties, and if so, which?
In principle, the data transmitted by you will not be made available to third parties. In some cases, however, it may be necessary to pass on your personal data to companies that are entrusted by us with the provision of individual services. Third parties are in turn obliged to comply with the statutory provisions in the handling and processing of this data.A transmission to authorities and state institutions entitled to information is carried out only within the scope of legal duties to provide information, and in the case of a mandatory court ruling. In such cases, we may provide information, e.g. to assert, exercise and defend legal claims, enforce existing contracts, in the context of allegations of fraud
We use the services of external payment service providers to process payments. You can choose your preferred method of payment when ordering. Depending on the chosen payment method, your payment details (card number, validity, and security code, for credit card payments) will be transmitted to the payment service provider cooperating with Art Night for the purpose of payment processing. There is no storage of this data at Art Night.
Book orders are handled by our cooperation partner “OZ Verlag”. We send the order data (name, address, e-mail) to OZ Verlag when ordering the book, so that the book can be sent to the customer.
A transfer of personal data outside the framework described is only carried out with explicit consent.
Under no circumstances will we sell or rent personal data to third parties.
V. How long is the data stored?
LVI. Your data will only be stored for as long as necessary to fulfill the purposes mentioned above. As soon as this is no longer the case, e.g. after complete execution of the contract, they are deleted or blocked if required by commercial or tax retention obligations. The data will be deleted from the date from which legal storage obligations no longer apply, unless you have expressly agreed to further use.
- Your rights as data subject As a data subject of the processing of personal data, you have the rights listed below. These rights arise in particular from the provisions of the General Data Protection Regulation and are reproduced here, in some cases in a simplified form.
- Right to information Right to information In accordance with Art. 15, EU GDPR, you have the right to ask us to confirm whether personal data concerning you will be processed. If this is the case, you have the right to receive information about this personal data, and the information specified in Art. 15, para. 1, lit. h) 2, EU GDPR. These include, in particular, the purpose of the processing, the categories of data processed, the recipients to whom the data has been or will be disclosed, if possible the planned duration of the storage or the criteria for the duration of the storage.
- Right to rectification In accordance with Article 16, EU GDPR, you have the right to request us to correct any incorrect personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
- Right to erasure In accordance with Article 17, EU GDPR, you have the right to request us to delete personal data concerning you without delay. We are obliged to delete personal data immediately if one of the provisions of Art. 17, para. 1, EU GDPR, applies. These reasons include, for example, that the data is no longer necessary for the purposes for which it was collected or otherwise processed.
- Right to restriction of processing In accordance with Art. 18, EU GDPR, you have the right to request us to restrict processing if one of the conditions described in Art. 18, EU GDPR, applies. This includes, for example, that you dispute the accuracy of the personal data. Then we may only process the data to a limited extent for as long as it takes to verify the accuracy of the personal data.
- Right to data portability In accordance with Art. 20, EU GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, current and machine-readable format. You have the right to transfer this data to another data controller, i.e. another body that processes the data, without hindrance, provided that the original processing was based on consent or was necessary for the execution of a contract.
- Right of objection In accordance with Art. 21, EU GDPR, you have the right to object at any time to the processing of personal data concerning you if this data is processed on the basis of Art. 6, para. 1, lit. e) (where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in BakeNight) or f), EU GDPR (our legitimate interests), and if there are reasons resulting from your personal situation. The processing of data for the purpose of direct marketing may be objected to at any time. Personal data will then no longer be processed for this purpose. The right of objection can be exercised by means of an informal declaration. A written statement or an e-mail to the contact address above is sufficient.
- Right of revocation of consent In accordance with Art. 7, para. 3, EU GDPR, you have the right to revoke your consent to the processing at any time. The legality of the processing carried out on the basis of consent until revocation is not affected. The right of revocation can be exercised by means of an informal declaration. A written statement or an e-mail to the contact address above is sufficient.
- Automated individual decision-making, including profiling In accordance with Art. 22, EU GDPR, you have the right not to be subject to a decision based exclusively on automated processing – including profiling – which has legal effect against you or significantly impairs you in a similar manner. Art. 22, para. 1, EU GDPR, provides for exceptions to this, whereby Art. 22, para. 4, EU GDPR, contains partial exceptions.
Right of appeal to a supervisory authority In accordance with Article 77, EU GDPR, you have the right of appeal to a supervisory authority, in particular in the member state of your place of residence, place of work or of the place of suspected infringement, without prejudice to any other administrative or judicial remedy, if you believe that the processing of personal data concerning you is contrary to this Regulation.In the present case, the competent supervisory authority is:Berlin Commissioner for Data Protection and Freedom of Information
Phone: 030/13 889-0
VII. Third-Party Services
We use the following third-party services:Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)
YouTube, LLC, subsidiary of Google Inc., 901 Cherry Avenue, San Bruno, CA 94066, USA (“YouTube”)
Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook”)
Instagram Inc., subsidiary of Facebook Inc., 181 South Park Street, San Francisco, CA 94107, USA (“Instagram”)
Twitter Inc., 1355 Market Street, San Francisco, CA 94103, USA (“Twitter”)
Hotjar Limited, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (“Hotjar”)
Rocket Science Group, LLC, 675 Ponce De Leon AVE NE, Atlanta, GA, 30308, USA (“MailChimp”)
Klaviyo Inc., 344 Boylston Street, Boston, MA 02116, USA (“Klaviyo”)A third party may have their registered office in a third country, i.e. a country in which the GDPR has no direct legal effect. In this case, the transmission of data will only take place if your consent is given, if an appropriate level of data protection prevails or if another legal permission exists.
Google, Facebook/Instagram, Twitter, MailChimp and Klaviyo operate under the Privacy Shield Agreement (EU-US Privacy Shield), which means that the provisions of the Privacy Shield Agreement are equivalent to the data protection level of the European Union and that the data is treated accordingly.
- Facebook, Instagram, Twitter We have integrated plug-ins of social networks and services Facebook, Instagram and Twitter on our website.In order to ensure the highest possible level of protection, and to comply with the principle of data minimization, we use a 2-click method. This way, direct contact between the social network and you is only established when you actively click on the corresponding button.If the social network button is not clicked, no data is collected, activities are logged or a surfing profile is created. If the button is clicked, the respective service provider receives the information that you have accessed our website. No user account is required for this service, nor do you need to be logged in if you have a user account.However, if you have a user account with the service provider and are logged in, this data is assigned directly to the account. This can be prevented by logging out before clicking the button in your user account of the corresponding service. We have no way of influencing whether, to what extent, for what purpose, and for how long the service providers and social networks collect personal data. Further information on the handling of user data can be found here:
- Retargeting/RemarketingFacebook Pixel Within our internet presence, we use the Facebook Pixel of Facebook Inc. This allows tracking of the behavior of users after they have seen or clicked on a Facebook ad. This process is used to evaluate the effectiveness of Facebook advertisements, for statistical and market research purposes, and can help to optimize advertising measures.The data collected is anonymous to us, and does not give any indication of the identity of the users. However, Facebook stores and processes the data so that a connection to the respective user profile is possible, and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage guidelines. You can allow Facebook and its partners to serve ads on and off Facebook. A cookie may also be stored on your computer for these purposes.
- When using the Facebook Pixel, we use the additional function “extended matching”. With this function, data such as Facebook ID, telephone number or e-mail address are transmitted to Facebook to form “custom audiences”. More information can be found here. To prevent your data from being collected by the Facebook Pixel, you can click the following link: Facebook Opt-Out.
Google Tag Manager
Google AdWords Conversion Tracking
This website uses the online advertising program Google AdWords and conversion tracking as part of Google AdWords. The conversion tracking cookie is set when a user clicks on an ad served by Google. Cookies are small text files that are stored on your computer system. These cookies expire after 30 days, and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user has clicked on the ad and has been redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be traced from websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information that personally identifies users. If you do not wish to participate in tracking, you can object to this use by simply deactivating the Google conversion tracking cookie on your Internet browser under “User Settings”. You are then not included in the conversion tracking statistics.
- Technical and organizational measures We take technical and organizational measures to ensure that the security and protection requirements of the EU GDPR are met and that personal data is protected against loss, destruction, manipulation or access by unauthorized persons. The measures are always adapted to the current state of the art.
Privacy Statement – Supplement Social Media (according to EuGH, Urteil vom 05.06.2018, Az. C-210/16)Our company has online presence on various social media and platforms. This makes it easier for those interested to search for our services and provides an additional channel of communication.
The purpose of processing the user data through the respective social media and platforms is typically user-specific advertising, ie. the individualized advertisements can be placed which correspond to the alleged interests of the user or result from his previous usage behavior. For this purpose, cookies are stored on users’ devices. These cookies can save the user behavior and thus map the areas of interest.
The location of a social media or platform may be in a third country, ie. in a country where the GDPR has no direct legal effect. In this case, the transfer of data only takes place if you have given your consent, if there is an adequate level of data protection or if you have obtained another legal authorization. US providers may operate under the Privacy Shield Agreement, which means that the Privacy Shield Agreement’s requirements are similar to those of the European Union and that the data will be treated accordingly.
We would like to make it clear that in the case of requests for information and / or the assertion of other data subject rights, users should directly contact the respective third-party providers. These have access and access rights to the stored and processed data of users and can provide information and / or take action. If you contact us directly, we will try to support your request in the best possible way. However, since we have no insight and no access to the data stored by third parties, our options are limited.
Please inform yourself about the principles of data processing of the respective companies based on the corresponding data protection statements.
As of June 2018