Data protection

We, GRIPS Theater gGmbH (GRIPS), take the protection of your personal data seriously. We want you to feel safe using our online offers. For us, this includes transparency when we save data about you, for what purpose we use them and what technical and organisational measures we have taken to protect data. It is also important to us to inform you about your rights and to provide you with a contact person if you have any questions.

The legal regulations of the EU General Data Protection Regulation (GDPR) form the basis for handling your data. The following explanation gives you an overview of the implementation.

  • Definition of terms

    The privacy policy of GRIPS is based on the terms used by the European legislator for directives and regulations when the General Data Protection Regulation (GDPR) was adopted. We use the following terms in this privacy policy, among others:

    Personal data: Personal data include all information which relates to an identified or identifiable natural person (hereinafter referred to as “data subject”).

    Data subject: The data subject is any identified or identifiable natural person whose personal data are processed by the controller.

    Processing: Processing is any process carried out with or without the help of automated procedures with personal data such as the collection, recording, organisation, ordering, storage, adaptation or modification, reading, querying, use, disclosure by transmission, dissemination or another form of provision, comparison or linking, restriction, deletion or destruction.

    Restriction of processing: Restriction of processing is the identification of stored personal data in order to limit their future processing.

    Profiling: Profiling is any type of automated processing of personal data in order to categorise them according to personality profiles and thereby analyse or predict the behaviour of natural persons.

    Pseudonymisation: Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information.

    Processor/recipient: A processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of GRIPS Theater. The recipient is a natural or legal person, public authority, institution or other body to whom personal data are disclosed, whether or not they are third parties.

    Consent: Consent is any declaration or other unambiguous and informed expression of intent given voluntarily by the data subject, in the form of a declaration or other unambiguous affirmative action, in which the data subject indicates that he/she agrees to the processing of his/her personal data.

  • Controller and data protection officer

    The controller within the meaning of the General Data Protection Regulation, other data protection laws in force in the Member States of the European Union, and other provisions of a data protection nature, is:

    GRIPS Theater gGmbH
    Altonaer Str. 22
    10557 Berlin

    If you have any concerns about data protection, you can contact our data protection officer at any time. You can reach the data protection officer at the email address datenschutz[at]grips-theater.de.

    If, after contacting the data protection officer, there is still the assumption that your own rights have been violated during the collection, processing or use of personal data by GRIPS, you can also contact the relevant data protection supervisory authority in accordance with applicable law.

  • Data processing on our website

    Server log files

    Personal data are only collected on this website to the extent that is technically necessary. GRIPS automatically collects and saves information that your browser transmits to us in its server log files. These data include:

    • Browser type and version,
    • the operating system used,
    • referrer URL, i.e. the page you visited before,
    • host name of the accessing computer / IP address,
    • name of the file accessed in each case,
    • the volume of data transferred,
    • notification of successful access,
    • requesting domain,
    • date and time of the server request.

    The storage is only used for internal system-related and statistical purposes. All of these data cannot be assigned to specific persons by GRIPS. These data will not be combined with any other data sources, and will be deleted after statistical evaluation. Data collected shall not be sold under any circumstances.

    Cookies

    This website uses cookies. Cookies are small text files which are temporarily stored on your device when you visit our website and store certain information. Cookies cannot access, read or change other data stored on your device. Without cookies you may not be able to use some of the services we provide on our website (e.g. our online shop).

    The following table provides an overview of the cookies used on our website:

    • cookie_consent_settings, trackingpermissions
      Provider and purpose: Stores the Cookie Manager settings.
      Category: Required
      Storage: 60 years
    • csrftoken
      Provider and purpose: Content Management System (CMS). Helps prevent so-called cross-site request forgery (CSRF) attacks.
      Category: Required
      Retention: 1 year
    • Google Analytics (_ga, _gat _gid, _gat_gtag_UA)
      Provider and purpose: Used to create usage statistics of our website and control repeated requests. This helps us understand how often, from which countries and with which devices our website is accessed and allows us to further optimize for these audiences. Cookies can distinguish individual users by means of a randomly generated ID to prevent multiple counts.
      Category: Analytics & optimization
      Retention: 1 minute (_gat, _gat_gtag_UA), 1 day (_gid), 1 year (_ga)
    • tmorder_Pe7cuJqqKr0
      Provider and purpose: Ticketmatic to show the shopping cart
      Category: Required
      Retention: Session

    Sentry

    We use Sentry, a software for application monitoring and error tracking. This software is provided by Functional Software Inc, 132 Hawthorne StreetSan Francisco, California 94107, USA ("Sentry"). To ensure the technical stability of our services, Sentry is used to log system errors. The information generated by Sentry is transferred to a server of our technical service provider MIR MEDIA, Cologne and stored there. The server is located in Germany. The data is stored for a maximum of 90 days after analysis and then deleted without residue. The processing of the data is based on our legitimate interest according to Art. 6 para. 1 lit f DSGVO/GDPR.

  • Use of personal data

    Personal data are only recorded using appropriate forms/ fields; the information contained therein is absolutely voluntary. Personal data are all information that relate to your person. These include name, address, email, etc.

    If you have provided us with personal data via a form or by email, we shall only use these to answer your inquiries or to process the contracts you have requested and concluded with us (orders), for statistical purposes and, if necessary, also for technical administration purposes.

    All GRIPS employees are bound by the statutory provisions and have committed themselves to compliance with them in writing.

    Your personal data shall not be passed on to third parties unless this is absolutely necessary for the purpose of processing the contract or billing. If specially funded offers are used (e.g. Theatre of the schools / GRIPS Fever), data may also have to be passed on to the respective funding body for billing purposes. Otherwise, we shall only pass on your data to bodies entitled to receive information if we are obliged to do so by law or a court order.

  • Right to information and right of revocation

    You have the right to information on the personal data stored about you, their origin and recipient, and about the purpose for which these data are stored. Upon request, we shall inform you as soon as possible whether and which personal data we have stored about you. If incorrect information has been stored, despite our efforts towards accuracy and relevance, we shall correct this at your request.

    Of course, you have the right to revoke your consent at any time. We delete the stored personal data immediately if you revoke your consent, unless we are obliged to continue to store them for legal reasons. Data will also be deleted if storage is not permitted for other legal reasons.

    Please send your request or your revocation to datenschutz[at]grips-theater.de.

  • Newsletter

    If you wish to receive the GRIPS newsletter, we require a valid email address and information that allow us to verify that you are the owner of the provided email address and that the owner of the email address agrees to receive the newsletter. Further data are not collected. You can revoke your consent to the storage of the data and email address, as well as their use for the delivery of the newsletter, at any time.

    The newsletter is sent via “MailChimp”, a newsletter platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE # 5000, Atlanta, GA 30308, USA. The specified email addresses are stored on the servers of MailChimp in the USA. MailChimp is certified under the US-EU data protection agreement “Privacy Shield” and is committed to complying with EU data protection regulations. MailChimp uses this information to send and evaluate the newsletter on our behalf. According to its own information, MailChimp can also use the data to optimise its own service. However, MailChimp does not use the data of the recipient of the newsletter to write to you or to pass them on to third parties.

    To protect the system against spambots and automated mass queries, the GRIPS uses the CAPTCHA service reCAPTCHA. This service is operated by Google Inc. The use of the HTTPS transmission protocol ensures that only the CAPTCHA input required for validation and the (anonymised) IT address of the querying party are transmitted to Google.

  • Web shop, ticket sales and reservations

    The web shop and ticketing system is provided by Ticketmatic Belgium, Philipssite 5A bus 22, 3001 Leuven. As part of the ticket reservation, ticket purchase, orders in the online shop and registration for newsletters, personal data are stored and processed in order to fulfil the contract. A data processing contract has been concluded with the company. In this contract, the service provider undertakes to process the data on our behalf and for the purposes specified by us and to protect them in accordance with the statutory provisions.

    All web forms are SSL encrypted. Ticketmatic uses the Amazon Europe server in Ireland to host its system. The data are stored on the server hard drive with full encryption so that the data centre staff has no access. Access to the database is password-protected and only possible for authorised GRIPS employees.

  • Cooperation partners

    In many cases, GRIPS cooperates with GRIPS Werke e.V., Altonaer Str. 22, 10557 Berlin in the implementation of theatre educational offers Inquiries from interested parties for the cooperation projects will be passed on to GRIPS Werke e.V. for the purpose of answering. As an association based in Germany, GRIPS Werke e.V. is also subject to the EU General Data Protection Regulation and, for its part, undertakes by means of a data processing contract to save and use the data only for the relevant purposes and not to pass them on to third parties.

  • Internal data storage

    For organisational reasons, it may be necessary to provide data to authorised employees via an external server in order to fulfil the contract. This is done via ownCloud GmbH, Rathsbergstr. 17, 90411 Nürnberg. According to the information of the company, customer data are not passed on to third parties. Access to the data by GRIPS employees is activated individually by the administrator so that only authorised persons have access.

    GRIPS Theater uses Microsoft Exchange for daily communication. Email addresses and emails are stored there and sometimes made available internally in address books to authorized employees. According to Microsoft, it does not use content from emails, chats, video calls, voicemails or documents, photos or other personal files. Instead, usage data that Microsoft has collected through direct interactions with the user, through some products and on third-party websites is used. According to its own privacy policy, Microsoft uses data for the following purposes: (A) product provision, updating, backup and support (B) further development of products based on user experience (C) personalization of products and provision of relevant information (D) advertising (opt-out is possible). Microsoft ensures that the data of European customers is stored in data centers in Austria, Finland, Ireland and the Netherlands. "CLOUD Act" signed. This obliges Internet companies and IT service providers from the USA (including Microsoft) to grant US authorities access to data stored by them, even if it is stored outside the USA. The complete and current data protection declaration for Microsoft can be found here

  • External links