Privacy Policy

Home  –  Privacy Policy

  1. Name and address of the person responsible

    The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the company specified in the legal notice (hereinafter: “we” or “us” or “our”).

  2. Name and address of the data protection officer

    There is currently no obligation for the controller to appoint a data protection officer. Any data subject can contact us directly at any time with any questions or suggestions regarding data protection using the above contact details.
    Any data subject can contact us or our data protection officer directly with any questions or suggestions regarding data protection.

  3. Definitions

    The data protection notice of Discothek Haase is based on the defined terms of the General Data Protection Regulation (GDPR). Our data protection notice should be easy to read and understand. To ensure this, we explain the terms used in advance:

    1. Personal data
      Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    2. Person concerned
      Data subject is any identified or identifiable natural person whose personal data is processed by the controller.

    3. Processing
      Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    4. Restriction of processing
      Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

    5. Profiling
      Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

    6. Pseudonymization
      Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

    7. Controller or controller responsible for the processing
      Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

    8. Processor
      Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

    9. Receiver
      Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with EU or Member State law shall not be regarded as recipients.

    10. Third party
      Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

    11. Consent
      Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

  4. General information on data processing; legal bases, purposes of processing, duration of storage, objection and removal options

    1. General information on the legal basis
      Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

    2. General information on data erasure and storage duration
      The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

    3. General information on processing by our website
      Discothek Haase gives high priority to data protection, data security and confidentiality. The permanent protection of your personal data, your company data and your trade secrets is particularly important to us.
      In principle, you can visit our website without providing any personal data. However, if you make use of our company’s services via our website, this will require you to provide your personal data. As a rule, we use the data provided by you and collected by the website and data stored during use exclusively for our own purposes, namely to implement and provide our website and to initiate, implement and process the services/offers offered via the website (contract fulfillment) and do not pass them on to external third parties unless there is an official obligation to do so. In all other cases, we will obtain your separate consent. Your personal data is processed in accordance with the requirements of the General Data Protection Regulation and in compliance with the country-specific data protection regulations applicable to Discothek Haase. By means of this data protection notice, we would like to inform you about the type, scope and purpose of the personal data processed by us. In addition, this data protection notice informs you of your rights. Discothek Haase has implemented technical and organizational measures to ensure the appropriate protection of personal data processed through this website. Nevertheless, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed.

  5. Collection of general data and information

    The website of Discothek Haase collects a series of general data and information when a data subject or automated system calls up the website. This general data and information is stored in the server log files. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website can be recorded, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information used for security purposes in the event of attacks on our information technology systems.
    When using these general data and information, Discothek Haase does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the Discothek Haase analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

    Legal basis
    Art. 6 para. 1 lit. f GDPR (legitimate interest)

    Storage purpose
    Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

    Storage duration
    The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

    Objection / removal option
    No, as this is absolutely necessary for the operation of the website.

  6. Registration and use of the purchase and reservation functions on our website

    1. Reservation
      In order to make a reservation with us, you must register on our website by providing personal data. You must first provide the following information step by step:

      • Date and time of the visit
      • Number of guests (adults and children up to 16 years)
      • Music genre
      • Smoking area (Yes/No)
      • Selected lounge
      • Booked catering (snacks, alcoholic and non-alcoholic drinks)

      You can also provide the following additional information when making a reservation:

      • Name of the reservation
      • Additional requests for preparing the lounge
      • Important notes on reservations

    2. Ticket purchase
      If you purchase tickets via our website, we collect the following personal data about you:

      • Booked tickets
      • Quantity of tickets
      • Price (individual and total price)
      • Ticket code

    3. General payment and registration data
      After you have entered the above information, you must enter your personal data. You have the choice of reserving or purchasing without logging in, logging in or registering.

      1. Without registration
        If you wish to make a reservation without registering, the following personal data will be collected from you:

        • Gender
        • First name*
        • Surname*
        • E-mail address*
        • Telephone number*
        • ZIP CODE
        • City
        • Street
        • Confirmation of the reservation conditions, general terms and conditions and data protection regulations*

        * Mandatory information
        This data is processed once for the payment and stored by us in accordance with the statutory retention periods. The data will not be used to create an account.

      2. Registration
        If you first register on our website and then wish to reserve a table, the following personal data will be collected from you:

        • Gender
        • First name*
        • Surname*
        • E-mail address*
        • Mobile number*
        • ZIP CODE
        • City
        • Street
        • Password*

        * Mandatory information
        Once you have registered, an individual QR code will be generated for you, which you can use to access booked events and as proof of your membership.

      3. Payment
        We also require the following information to complete the order:

        • Payment data (PayPal)
        • Amount
        • Booking date

        For the processing of your payment, the information necessary for the booking will be transmitted to PayPal as a third party. Discothek Haase is aware that your personal data may be transferred to a third country in this context and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure the lawful and secure processing of your personal data. If you have made a reservation or placed an order, you will immediately receive an inquiry e-mail from us and a confirmation e-mail after confirmation.

        Legal basis
        Art. 6 para. 1 lit. b GDPR (fulfillment of contract)

        Storage purpose
        The input of the user’s personal data is required to fulfill a contract with the user or to carry out pre-contractual measures.

        Storage duration
        The data will be deleted as soon as it is no longer required for the purpose for which it was collected.
        This is the case for data during the reservation process for the fulfillment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.

        Objection / removal option
        As a user, you have the option of canceling your registration at any time. You can change the data stored about you at any time. If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

    4. Registration for the use of table reservations on our website
      In order to reserve a table with us, you must register on our website by providing personal data. The following personal data will be collected from you:

      • First name*
      • Surname*
      • E-mail address*
      • Telephone number*
      • POSTCODE*
      • City*
      • Street

      * Mandatory information
      You can also add an accompanying person. After you have reserved a table, you will immediately receive a request from us and a confirmation e-mail after confirmation.

      Legal basis
      Art. 6 para. 1 lit. b GDPR (fulfillment of contract)

      Storage purpose
      The input of the user’s personal data is required to fulfill a contract with the user or to carry out pre-contractual measures.

      Storage duration
      The data will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for data during the reservation process for the fulfillment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.

      Objection / removal option
      As a user, you have the option of canceling your registration at any time. You can change the data stored about you at any time. If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

  7. Registration via Facebook

    As an alternative to the registration option already described on our website, we offer you the option of registering using your Facebook account.

    • Facebook specific data
    • Facebook account
    • Log In
    • Facebook ID
    • Facebook e-mail
    • Zip code
    • Profile picture
    • General data
    • First name
    • Surname
    • Surname

    We process this information in order to create a user account for you. Your password remains with Facebook and is not stored by us at any time. We do not have access to your Facebook profile or your contacts. As part of the registration process, information about the registration and our service is transmitted to Facebook and linked to your account.

    Discothek Haase is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure the lawful and secure processing of your personal data.

    To log in to Facebook, you will be linked to the Facebook page. Personal data may be collected here based on your browser and Facebook profile settings. Facebook is solely responsible for this data processing. You can find more information on how Facebook processes your personal data at: https://de-de.facebook.com/policy.php

    Legal basis
    Art. 6 para. 1 lit. b GDPR (fulfillment of contract)

    Storage purpose
    We use the Facebook profile data based on our legitimate interest to give you an uncomplicated way to log in to our service using an existing account.

    Storage period
    The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case here with the deletion of the account.

    Objection / removal option
    You can delete your account at any time or register under a new customer account without using the Facebook log-in function.

  8. Bonus programs and vouchers

    If you use our services, we process your personal data for bonus programs (bonus points, regular guest benefits, membership system, etc.) and for the provision of vouchers. You are free to use the membership status or not. We process the following personal data about you for this purpose:

    • Membership status
    • Qualification for regular guest benefits
    • Points balance and points bookings
    • Information about active and redeemed vouchers

    This data is processed in order to provide you with discounts or, for example, the automatic allocation of vouchers depending on your membership status. We calculate the bonus points received on the basis of the activities carried out.

    Legal basis
    Art. 6 para. 1 lit. b GDPR (fulfillment of contract)

    Storage purpose
    The input of the user’s personal data is required to fulfill a contract with the user or to carry out pre-contractual measures.

    Storage duration
    The data will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for data during the reservation process for the fulfillment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.

    Objection / removal option
    If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion. In this case, data on bonus programs and vouchers will be deleted when the linked account is deleted.

  9. Preferences, bans, applications and feedback

    1. Information on house bans
      When you use our services and visit our locations, in addition to the personal data already explained, we collect your preferences based on the actions you have taken in order to present you with appropriate offers and also any information about house bans. If you receive a ban from us, this information will be stored in your account in order to enforce the ban. We do not pass on information about house bans to third parties. Obligations to pass on information arising from statutory regulations remain unaffected by this.

      Art. 6 Legal basis
      para. 1 lit. f GDPR (legitimate interest)

      Storage purpose
      We process information about house bans in order to enforce the regulations and bans issued. Our legitimate interest is to exclude certain persons in the event of serious violations of our applicable or statutory regulations in order to protect our facility and to protect our other guests and our employees.

      Storage duration
      The data will be deleted as soon as it is no longer required for the purpose for which it was collected. We process information about bans for the duration of the ban. In very serious cases, we reserve the right to impose a lifelong ban and to continue to process the necessary information even after the customer account has been deleted.

      Objection / removal option
      You cannot object to the processing because our legitimate interest in the protection of our employees, customers and our institution outweighs your interests or fundamental rights and freedoms that require the protection of personal data.

    2. Preferences
      When you use our services and visit our sites, in addition to the personal data already explained, we collect the preferences based on your actions in order to present you with appropriate offers and to inform you about news of interest to you as part of the newsletter function.

      Legal basis
      Art. 6 para. 1 lit. f GDPR (legitimate interest)

      Storage purpose
      We process your data in order to offer you our services and to inform you about offers that may be of interest to you. This is also our legitimate interest in processing your preferences.

      Storage duration
      The data will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for the data within the scope of the preferences until the account is deleted.

      Objection / removal option
      You can object to the processing at any time.

    3. Feedback
      As a registered user, you can give us feedback regarding our events, locations or our service. We process this information in order to continuously improve our offer and our services. For this purpose, we provide a contact form on our website. When you use this form, the following personal data is collected about you:

      • First name
      • Surname
      • E-mail address
      • Subject
      • Your message

      Legal basis
      Art. 6 para. 1 lit. f GDPR (legitimate interest)

      Storage purpose
      We process your data in order to use your feedback to improve our service and to respond to your inquiries. This is also our legitimate interest in using this data.

      Storage duration
      The data will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for the data relating to your feedback with the deletion of your account. This is the case for the data relating to your feedback after 6 months at the latest.

      Objection / removal option
      You can object to the processing at any time.

    4. Application form
      We provide a form on our website for potential applicants, which you can use to apply to us. For this purpose, we collect the following personal data about you via the contact form:

      • First name
      • Surname
      • E-mail address
      • Street & house number
      • Zip code & City
      • Telephone/mobile number
      • Date of birth
      • Application photo
      • Job you are applying for
      • Gastronomy experience (yes/no); plus further information
      • Abridged curriculum vitae
      • Status (student, pupil, self-employed, etc.)
      • Further information on employee status
      • Further information under Status Other
      • Interest in area (counter/bartender, waiter/service/cloakroom/cash desk/info office etc.)
      • Computer skills, foreign languages, 10-finger typing system
      • Other (hobbies/specialties/courses taken)
      • General knowledge that could be an advantage in gastronomy

      We process this personal data exclusively for the purpose of processing your application.

      Legal basis
      Art. 6 para. 1 lit. b GDPR in conjunction with § Section 26 (1) BDSG (decision on future employment relationship)

      Storage purpose
      We process your data for the application process and the decision on your employment.

      Storage duration
      The data will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for your application data if your application is successful and you are hired. If no employment relationship is established with you, we will retain your applicant data for 6 months. We will then delete your personal data immediately.

      Objection / removal option
      You can object to the processing at any time during the application process by withdrawing your application. You have no right to object to the retention of your application data, as we need this personal data to prove compliance with the provisions of the General Equal Treatment Act.

  10. U18 forms (Underage)

    If you are under 18 years of age and an event only allows you to enter if you are accompanied by an accompanying person or with the consent of your legal guardian, we require a U18 form that enables us to prove compliance with the legal regulations. For this purpose, we process the following personal data about you and your accompanying person/legal guardian:

    • First name
    • Surname
    • Gender
    • E-mail address
    • Phone number, mobile
    • Phone number, landline
    • Zip code
    • City
    • Street/house number
    • Date of birth
    • Consent to the legal information texts

    In addition, we document that you attended the event, including whether an accompanying person was present.

    Legal basis
    Art. 6 para. 1 lit. c GDPR (fulfillment of a legal obligation)
    Art. 6 para. 1 lit. b GDPR (fulfillment of contract)

    Storage purpose
    The processing is necessary in order to grant you access and thus to be able to provide you with the contractually agreed services. For events that only allow admission under the age of 18 in certain cases (with permission or accompanied), we are legally obliged to process a corresponding parental transfer or other proof of compliance with the protection of minors. The processing is therefore carried out to enable the verifiability of the regulation of the admission of minors to certain events.

    Storage duration
    The data will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for the data that we collect for the protection of minors after 10 years.

    Objection / removal option
    You cannot object to the processing, as the processing of personal data is based on a legal obligation. However, you are free not to participate in the event and thus prevent the processing.

  11. Picture gallery

    We process images, videos and soundtracks from visitors to our events on our website. We process this personal data based on our legitimate interest in promoting our services to the public and giving potential customers an impression of our offers. Under certain circumstances, images or recordings of you may be processed for this purpose, provided that you are only visible as a non-defining component of the photograph of our event (“accessory”). We also offer customers the option of uploading their own souvenir photos for events.

    Legal basis
    Art. 6 para. 1 lit. f GDPR (legitimate interest)
    Art. 6 para. 1 lit. a GDPR (consent)

    Storage purpose
    The purpose of the processing is to advertise our services to the public and to give potential customers an impression of our offers. This is also our legitimate interest. In the case of voluntarily uploaded images in which you can be seen, the legal basis for processing your personal data is your consent.

    Storage duration
    The data will be deleted as soon as it is no longer required for the purpose for which it was collected. The personal data will be deleted after one year at the latest.

    Objection / removal option
    You can object to this processing at any time by referring to the recording or the image with your person. We will then remove the recording or image from the website immediately.

  12. Newsletter

    On our website you have the opportunity to register for a newsletter. This newsletter informs you about news concerning us, such as offers or planned events. The newsletter is sent on the basis of your registration on the website using the double opt-in procedure. When you register for the newsletter, the following data from the input screen is transmitted to us:

    Legal basis
    Art. 6 para. 1 lit. a GDPR (consent)

    Storage purpose
    The storage of the e-mail address is necessary so that the newsletter can be sent to subscribers. The storage of the IP address and the date and time of registration are technically necessary in order to carry out the registration.

    Storage duration
    The personal data will be deleted as soon as the purpose for which it was originally collected no longer applies. Accordingly, the data will be stored for as long as the subscription to the newsletter remains active. The other personal data collected during the registration process will be deleted after a period of seven days.

    Objection / removal option
    Subscription to the newsletter can be terminated at any time by the person concerned. For this purpose, each newsletter email contains a link that can be used to unsubscribe. At the same time, the termination of the subscription also constitutes the withdrawal of consent to the processing of personal data collected during the registration process.

  13. Data processing due to corona measures

    Due to the corona pandemic, we process your personal data for a digital negative proof of compliance with the currently valid protective measures. If you make use of the digital proof function, no further proof is required for you on site. The proof you upload will be checked by our system and will indicate whether the proof is suitable for the event or not. We process the following personal data about you for this purpose:

    • First name
    • Surname
    • Date of birth
    • Type of proof
    • Date of proof
    • Picture of the proof

    In addition, there is further personal data resulting from the consent to be given by you:

    • Status
    • Date and time
    • Revocation, if applicable

    You can revoke your consent at any time with effect for the future.

    Legal basis
    Art. 6 para. 1 lit. c GDPR (legal obligation)
    Art. 6 para. 1 lit. a GDPR (consent)

    Storage purpose
    The personal data is collected and processed on the one hand for the fulfillment and verification of the corona measures. The purpose of digital processing is to enable the customer to enter the restaurant more quickly without having to present further proof in the evening.

    Storage duration
    The personal data will be deleted as soon as the purpose for which it was originally collected no longer applies. Due to the fact that we have to prove compliance with the corona measures, we process your proof and your consent for a period of 6 months.

    Objection / removal option
    The customer can revoke their consent to digital processing at any time. However, the proof remains stored, as the Discothek Haase is obliged to prove compliance with the measures due to the Corona measures.

  14. Information on the use of third-party services

    1. Data protection provisions about the application and use of Google Tag Manager
      Google Tag Manager is a solution that allows us to manage website tags via an interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager. Further information: https://tagmanager.google.com/

    2. Data protection provisions about the application and use of Google WebFonts
      This site uses so-called web fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. The web fonts are transferred to the browser cache when the page is called up so that they can be used for the display. If the browser does not support Google web fonts or prevents access, the text is displayed in a standard font.

      No cookies are set when you access the page. Data that is transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail. You can set your browser so that the fonts are not loaded from the Google servers (e.g. by installing add-ons such as NoScript or Ghostery for Firefox). If your browser does not support Google Fonts or you prevent access to the Google servers, the text will be displayed in the system’s default font.

      Discothek Haase is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure the lawful and secure processing of your personal data. Information on the data protection conditions of Google Webfonts can be found at: https://developers.google.com/fonts/faqPrivacy General information on data protection can be found in the Google Privacy Center at: http://www.google.com/intl/de-DE/privacy/

      Legal basis
      Art. 6 para. 1 lit. f GDPR. (legitimate interest)

      Storage purpose
      The purpose of storage is to improve our website, both visually and functionally.

      Storage duration
      The data will be deleted as soon as our legitimate interest no longer exists or we are obliged to delete the data due to statutory or legal orders.

      Objection / removal option
      As a user, you have the option to object to the processing of your data at any time.

    3. Data protection provisions about the application and use of Google reCAPTCHA
      On this website, we also use the reCAPTCHA function of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This function is primarily used to differentiate whether an entry is made by a natural person or abusively by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google.

      Discothek Haase is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure the lawful and secure processing of your personal data. Further information on Google reCAPTCHA and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/

      Legal basis
      Art. 6 para. 1 lit. f GDPR. (legitimate interest)

      Storage purpose
      The purpose of storage is to determine the individual intent of actions on the Internet and to prevent misuse and spam.

      Storage duration
      The data will be deleted as soon as our legitimate interest no longer exists or we are obliged to delete the data due to statutory or legal orders.

      Objection / removal option
      As a user, you have the option to object to the processing of your data at any time.

    4. Facebook pixel and Facebook conversion tracking
      Within our online offer, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes.

      Definition of
      With the help of the Facebook pixel, it is possible for Facebook to determine the visitors of our online offer as a target group for the display of ads (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “custom audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).

      Order processing
      The processing of data by Facebook takes place within the framework of Facebook’s data usage policy. Accordingly, general information on the display of Facebook ads can be found in Facebook’s data usage policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook pixel and how it works can be found in the Facebook help section: https://www.facebook.com/business/help/651294705016616. For the processing of data for which Facebook acts as a processor, we have concluded a data processing agreement with Facebook in which we oblige Facebook to protect our customers’ data and not to pass it on to third parties.

      Data transmission
      Discothek Haase is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure the lawful and secure processing of your personal data. You can also object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the network advertising initiative (https://optout.networkadvertising.org/) and additionally the US website (https://www.aboutads.info/choices) or the European website (https://www.youronlinechoices.com/uk/your-ad-choices/).

      Legal basis
      Art. 6 para. 1 lit. a GDPR (consent)

      Storage purpose
      The purpose of this use is to determine the visitors to our online offering as a target group for the display of advertisements (so-called “Facebook ads”). Our online offering is also tailored to the interests of users. Furthermore, this information is also used for evaluation for statistical and market research purposes. Furthermore, you can prevent the transmission of third-party cookies yourself by making the appropriate setting in the cookie banner or within your Internet browser.

      Storage duration
      Third-party cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of third-party cookies.

      Objection / removal option
      You can deactivate or restrict the transmission of third-party cookies by changing the settings in your Internet browser. Third-party cookies that have already been saved can be deleted at any time. This can also be done automatically. The transmission of Flash cookies cannot be prevented via the browser settings, but by changing the Flash Player settings.

    5. Font Awesome
      This site uses so-called web fonts provided by Fonticons, Inc. for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to the servers of Fonticons, Inc. As a result, Fonticons, Inc. becomes aware that our website has been accessed via your IP address. If your browser does not support web fonts, a standard font will be used by your computer.

      Discothek Haase is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure the lawful and secure processing of your personal data. Further information about Font Awesome can be found at https://fontawesome.com/help and in the privacy policy of Fonticons, Inc.: https://fontawesome.com/privacy.

      Legal basis
      Art. 6 para. 1 lit. f GDPR (legitimate interest)

      Storage purpose
      The purpose of storage is to improve our website, both visually and functionally.

      Storage duration
      The data will be deleted as soon as our legitimate interest no longer exists or we are obliged to delete the data due to statutory or legal orders.

      Objection / removal option
      As a user, you have the option to object to the processing of your data at any time.

    6. Data protection provisions about the application and use of external scripts JQuery and UNPKG (CDN)
      We use external JavaScript code. The libraries of the various providers are integrated externally via a CDN (Content Delivery Network) in order to always be able to access the latest and most secure version. This also reduces the loading times of our pages, as there is a high probability that you have already used the CDN on another page. In this case, your browser can access the copy stored in the cache and does not have to download it again. If your browser has not saved a copy in the cache, data such as your IP address will be transferred from your browser to the relevant CDN. The data may also be processed in the USA.

      Discothek Haase is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure the lawful and secure processing of your personal data. We use external code from the JavaScript framework jQuery, provided by the third-party provider jQuery Foundation (https://jquery.org). We use the CDN from UNPKG, provided by the third-party provider CDNJS / Cloudflare, https://unpkg.com/ / https://www.cloudflare.com . This script enables us to integrate content and libraries on our website.

      Legal basis
      Art. 6 para. 1 lit. f GDPR. (Legitimate interest)

      Storage purpose
      The purpose of storage is to improve our website, both visually and functionally.

      Storage duration
      The data will be deleted as soon as our legitimate interest no longer exists or we are obliged to delete the data due to statutory or legal orders.

      Objection / removal option
      As a user, you have the option to object to the processing of your data at any time.

    7. PayPal
      We use the external service provider PayPal to process payments for orders or reservations on our website. This enables you as a customer to make payments online using your PayPal account without disclosing your payment details to us. For this purpose, you will be linked to the PayPal page where you can log in and make the payment. For this purpose, we transmit the details of your order, including the personal data you have provided, to PayPal. PayPal is a third-party provider that has its own privacy policy. You can find more information on the use of your personal data by PayPal at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

      Discothek Haase is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure the lawful and secure processing of your personal data. PayPal is the sole controller for processing in the context of registration.

      Legal basis
      Art. 6 para. 1 lit. b GDPR. (Fulfillment of contract)

      Storage purpose
      The purpose of storage is to enable payment of the tickets or reservations you have ordered.

      Storage duration
      The data will be deleted as soon as our legitimate interest no longer exists or we are obliged to delete the data due to statutory or legal orders.

      Objection / removal option
      You have no option to object to data processing, as otherwise you will not be able to make a payment. You are free not to make a payment via our website, in which case no data will be processed by PayPal.

  15. Cookies

    Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. The following cookies are set on our website:

    1. PayPal
      Cookies are used on our website for the use of the PayPal payment service. These cookies are technically necessary for the operation of our website and therefore do not require consent. The cookie enables the integration of the PayPal payment system, which we use to process reservations and orders on our website.

      Legal basis
      Art. 6 para. 1 lit. f GDPR (legitimate interest)

      Storage purpose
      The purpose of the storage is to ensure a smooth payment function via our website.

      Storage duration
      The data will be deleted as soon as our legitimate interest no longer exists or we are obliged to delete the data due to statutory or legal orders.

      Objection / removal option
      As a user, you have the option to object to the processing of your data at any time. If you object to the use of PayPal cookies, the technical function of payment processing can no longer be guaranteed to you.

    2. Google Analytics (with anonymization function)

      General information
      We have integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, gathering and evaluation of data about the behavior of visitors to websites. Among other things, a web analysis service collects data on which website a data subject came to a website from (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed.

      Discothek Haase is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure the lawful and secure processing of your personal data. The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

      Anonymization of the IP address
      We use the addition “gat.anonymizeIp” for web analysis via Google Analytics. This is a function for shortening the IP address. Accordingly, your IP address is anonymized before it is transmitted from a member state or another state party to the Agreement on the European Economic Area to the USA. In exceptional cases, the IP address is only anonymized in the USA.

      Order processing
      The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our website, and to provide other services related to the use of our website.
      Google Analytics places a cookie on the data subject’s IT system. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. Each time one of the individual pages of this website is accessed, which is operated by the controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. During the course of this technical procedure, Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
      The cookie is used to store personal information, such as the access time, the location from which access was made and the frequency of visits to our website by the data subject. Each time our website is visited, this personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties. We have concluded an order processing contract with Google in this regard and observe the legal requirements of the GDPR and the requirements of the German data protection authorities regarding the use of Google Analytics.

      Objection to the setting of cookies
      The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a cookie on the data subject’s IT system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

      Objection via browser add-on
      Furthermore, the data subject has the option of objecting to and preventing the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google. To do this, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information on website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the data subject’s IT system is deleted, formatted or reinstalled at a later date, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person who is attributable to their sphere of control, it is possible to reinstall or reactivate the browser add-on. If the use of Google Analytics is objected to, it is possible that some functions of the website may no longer be fully usable.

      Further information
      Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/ and under http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link https://marketingplatform.google.com/intl/de/about/analytics/.

      Legal basis
      Art. 6 para. 1 lit. a GDPR (consent)

      Storage purpose
      Web analysis is mainly used to optimize a website and for the cost-benefit analysis of Internet advertising. The purpose of setting third-party cookies is to improve our offer for you by analyzing your user behavior. As a rule, only pseudonymized data is transmitted to the third parties. Furthermore, you can prevent the transmission of third-party cookies yourself by making the appropriate setting in the cookie banner or within your Internet browser.

      Storage duration
      Third-party cookies are stored on the user’s computer and transmitted to our site by the user. They are stored until the purpose of the processing no longer applies or you revoke your consent. As a user, you therefore have full control over the use of third-party cookies.

      Objection / removal option
      You can deactivate or restrict the transmission of third-party cookies by changing the settings in your Internet browser. Third-party cookies that have already been saved can be deleted at any time. This can also be done automatically. The transmission of Flash cookies cannot be prevented via the browser settings, but by changing the Flash Player settings

    3. Cookie Consent Management
      We store cookies in your browser to track the consents you have given or objections to the use of cookies. These cookies are deleted at the end of the session.

      Legal basis
      Art. 6 para. 1 lit. f GDPR (legitimate interest)

      Storage purpose
      The personal data is collected in order to obtain your consent and to store it for the duration of a session in order to enable the legally compliant use of analysis tools. This is also our legitimate interest.

      Storage duration
      The personal data will be deleted as soon as the purpose for which it was originally collected no longer applies. The cookies are deleted immediately at the end of the session.

      Objection / removal option
      You have the option to object to the setting of any cookies in your browser settings. If you do so, some functions of the website may only be available to a limited extent.

  16. Your rights

    If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

    1. Right to information
      You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
      If such processing has taken place, you can request the following information from the controller:

      1. the purposes for which the personal data are processed;
      2. the categories of personal data that are processed;
      3. the recipients or categories of recipients to whom the personal data concerning you have been or will be dislosed;
      4. the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the duration of storage;
      5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
      6. the existence of a right of appeal to a supervisory authority;
      7. all available information about the origin of the data if the personal data is not collected from the data subject;
      8. the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

      You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

    2. Right to rectification
      You may request the restriction of the processing of your personal data under the following conditions:

    3. Right to restriction of processing
      You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

      1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
      2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
      3. the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
      4. if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.

      If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

    4. Right to erasure

      1. Obligation to delete
        You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

        1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
        2. You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
        3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
        4. The personal data concerning you has been processed unlawfully.
        5. The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
        6. The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

      2. Information to third parties
        If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) GDPR, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

      3. Exceptions
        The right to erasure does not exist if the processing is necessary

        1. to exercise the right to freedom of expression and information;
        2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
        3. for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
        4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
        5. for the assertion, exercise or defense of legal claims.

        Furthermore, the right to erasure does not exist if the personal data must be stored by the controller due to statutory retention obligations and periods. In such a case, the personal data will be blocked instead of erased.

      4. Right to information
        If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
        You have the right to be informed about these recipients by the controller.

      5. Right to data portability
        You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, machine-readable and interoperable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

        1. the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
        2. the processing is carried out using automated procedures.

        In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.
        The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

      6. Right of objection
        You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures using technical specifications.

      7. Right to revoke the declaration of consent under data protection law
        You have the right to revoke your declaration of consent under data protection law at any time and without giving reasons. In the event of revocation, we will delete your personal data immediately and no longer process it. The withdrawal of consent does not affect the lawfulness of the processing carried out prior to the withdrawal.

      8. Automated decision in individual cases including profiling
        You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

        1. is necessary for the conclusion or performance of a contract between you and the controller,
        2. is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
        3. with your express consent.

        However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests. In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

      9. Right to lodge a complaint with a supervisory authority
        Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.


    Discothek Haase
    Status 02/2025