Festivalbesucher:innen strömen über den Platz vor der PAROOKAVILLE Townhall – zentrale Info- und Registrierungspunkte unter einer markanten Kuppel, flankiert von Bäumen, Bars und dekorativen Bauten im Stadtstil.

Data Privacy

We are pleased that you are visiting our website and thank you for your interest. Due to legal regulations, we are obliged to inform you about the processing of personal data. Please therefore take note of the following information:

I. Name and address of the person responsible

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is

Parookaville GmbH
Katharinenquartier 4 - 6
47652 Weeze
Germany

Phone: +49 28 37 - 91 11 - 12
Fax: +49 28 37 - 91 11 - 11
E-mail: datenschutz@parookaville.com

II. Data Protection Officer

The data protection officer of Parookaville GmbH is Mr. Johannes Bergers.

III. Overview

When you contact us, personal data is processed in various situations. These situations can be categorized as follows:

Visiting the website (hereinafter under IV.)
Pre- and post-contractual customer contact, ticket purchase and personalization (hereinafter under V.)
Attendance at the event (see VI. below)

IV. Visiting the website

1. Hosting and CDN

Hosting

Description and scope of data processing:

We use an external hoster to provide the content of our website. This is the following provider:
Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp.

The following data is processed:

The personal data collected on this website is stored on the hoster's servers. This primarily concerns IP addresses, meta and communication data, website access and other data generated via a website, i.e. all data that is not processed below by another third party.

Legal basis for data processing:

The hoster is used on the basis of Art. 6 para. 1 lit. b GDPR (contract fulfillment and pre-contractual measures) and Art. 6 para. 1 lit. f GDPR (legitimate interest in providing the online offer).

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Purpose of data processing:

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers by providing relevant information and in the interest of a secure, fast and efficient provision of our online offer.

Duration of storage:

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

Content Delivery Network (CDN) - Cloudflare

Description and scope of data processing:

We use the services of Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA, to secure and optimize our website (e.g. to protect against DDoS attacks or to improve loading speed). The service acts as a reverse proxy so that all data transmitted between your browser and our server is routed via Cloudflare's infrastructure.

Cloudflare acts as our processor in this context. We have concluded an order processing contract.

The following data is processed:

Cloudflare only transmits data that is specified by the website operator. The content is not generated by Cloudflare itself, but comes from the website operator. In addition, Cloudflare may collect certain usage information from our website and processes data that we transmit or that we expressly instruct Cloudflare to process. As a rule, this is data such as

IP addresses,
contact details,
security identifiers,
DNS log data
Website performance data obtained from surfing behavior in the browser

Legal basis for data processing:

The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the secure and efficient provision of our online services.

Purpose of the data processing:

Ensuring technical security, protection against attacks and improving the loading times of our website.

Duration of storage:

Cloudflare may store access data for a short period of time for analysis and security purposes. Further information on this can be found in Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/

2. Cration of LOGFILES

Description and scope of data processing:

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is processed:

Information about the browser type and version used
The user's operating system
The user's internet service provider
The user's IP address
Date and time of access
Websites from which the user's system accesses our website
Websites that are accessed by the user's system via our website

Legal basis for data processing:

The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing:

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

Duration of storage:

3. TRACKING

Usercentrics

Description and scope of data processing:

We use Usercentrics to manage the consent to tracking measures requested by the data subjects. This is an offer from the provider Usercentrics GmbH, Rosental 4, 80331 Munich.
Further information on Usercentrics can be found at https://usercentrics.com/privacy-policy/

The following data is processed:

The IP address
Date and time of consent
User agent of the end user's browser
The URL of the provider
An anonymous, random and encrypted key.

The encrypted key and the cookie status are stored on the user's end device using a cookie in order to establish the corresponding cookie status on future page views.

Legal basis for data processing:

The legal basis for the storage of the data is Art. 6 para. 1 lit. c) GDPR in conjunction with Art. 7 para. 1 GDPR (fulfillment of requirements according to the TDDDG and the GDPR).

Purpose of data processing:

By using Usercentrics, we draw attention to the use of cookies on our website and make it possible to make a decision about their use (Consent Management Platform).

Duration of storage:

The above-mentioned Usercentrics cookie is automatically deleted after 12 months.
The user can prevent or terminate the installation of the cookie and its storage, and thus his cookie consent, at any time by changing his browser settings.

Tracking by Google Analytics (web analysis)

Description and scope of data processing:

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We have concluded an order processing agreement with Google for this purpose. Google LLC, based in California, USA, and, if applicable, US authorities can access the data stored by Google.

Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

If your data is transferred to the USA and processed there, this takes place in a so-called “third country” outside the European Union (EU) or the European Economic Area (EEA). The basis for this data transfer is the adequacy decision pursuant to Art. 45 para. 1 GDPR within the framework of the EU-US Data Privacy Framework. The provider is certified under this data protection agreement and is therefore committed to complying with the European level of data protection
You can prevent the storage of cookies by selecting the appropriate settings in your browser software; however, please note that if you do this, you may not be able to use the full functionality of this website.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: Browser plugin (https://tools.google.com/dlpage/gaoptout?hl=en).

We use the user ID function. This allows us to assign a unique and persistent identifier to individual or multiple sessions (and the activities performed therein) and thereby analyze user behavior across different devices.

The following data is processed:

As part of the aforementioned process, Google obtains knowledge of your personal data, in particular

information about the browser type/version
operating system used,
technical information about the browser and the end devices used (e.g. language setting, screen resolution)
the page you visited previously
the host name of the accessing device,
IP address
Internet provider
the time of the request,
approximate location
user ID
Conversions (e.g. newsletter registrations, downloads)
User behavior (e.g. clicks, length of visit)

This data is not merged with other Google data about you.

Legal basis for data processing:

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR.

Purpose of data processing:

On behalf of the operator of this website, Google will use the data collected to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.

Duration of storage:

The data will be stored for 14 months unless you make use of your opt-out options.

GOOGLE ADS

Description and scope of data processing:

We use conversion tracking on our website as part of Google Ads (formerly Google AdWords) to advertise our products and services online. Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for processing within Europe. We have concluded an order processing agreement with Google for this purpose.

Google Ads enables us to target our online advertising campaigns and measure the success of these campaigns. A so-called conversion tracking tool is used, which uses cookies to record how users interact with our ads and whether they subsequently perform certain actions (so-called conversions), such as making a purchase or subscribing to a newsletter.

By using this tool, we receive information about which keywords, ads and campaigns lead to desired user actions. This data helps us to analyze the success of our advertising measures and to continuously optimize our online marketing.

The following data is processed:

The following data in particular is processed in the context of Google Ads:

IP address
device information
Browsing history
Demographic data
Location data
Search terms
Interactions with ads and content
Websites visited
Apps used
Click behavior
Conversion data
User ID

Legal basis for data processing:

Google Ads conversion tracking is only used if you have consented to this in the cookie banner. The legal basis for the processing is therefore your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Purpose of data processing:

The use of Google Ads conversion tracking has the following purposes:

Optimization of our online marketing measures
Monitoring the success of our advertising campaigns (e.g. measuring conversions)
Improvement of our online offering through targeted advertising
Adapting our website and our advertising offer to your interests and needs

The information obtained enables us to use our advertising budget efficiently and make our offer more interesting and relevant for you as a user.

Duration of storage:

Conversion cookies usually expire after 30 days.
Cookies with the names “Conversion” and “_gac” (when used in conjunction with Google Analytics) have a storage period of up to 3 months.

Google Tag Manager

Description and scope of data processing:

We use the Google Tag Manager service to technically manage and deliver the services and cookies (including the Consent Manager / “cookie banner”) integrated on our website. Google Tag Manager itself does not set any cookies and does not collect any personal data directly for its own purposes.

Google uses cookies and cookie-like technologies such as pixel tags (web beacons) as part of the Google services integrated via the Tag Manager. Personal data is processed in the process.

This data is transmitted to Google and pseudonymized user profiles are created. It is not possible for us to identify you personally on this basis.

Your data may be processed in the USA and transferred there. The provider has certified itself in accordance with the EU-US Data Privacy Framework and has undertaken to comply with the EU level of data protection.

Further information and the applicable data protection provisions of Google can be found at:

https://policies.google.com/privacy (Data protection regulations)
https://policies.google.com/technologies/ads (How Google marketing services work)
https://policies.google.com/technologies/types (Cookie-types)

The following data is processed:

Browser type and version
Operating system used
Previously visited page
Host name of the accessing device
IP address
Time of the request
Offers, search terms and content you were interested in

Legal basis for data processing:

The processing is carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, which lies in the optimization of our website.

The adequacy decision pursuant to Art. 45 para. 1 GDPR (EU-US Data Privacy Framework) serves as the legal basis for the transfer of data to the USA.

Purpose of data processing:

The data processing serves:

the technical integration and management of cookies and services
the optimization of our website,
compliance with legal requirements by the Consent Manager,
the creation of pseudonymized user profiles for the interest-based design of our offer.

Duration of storage:

The cookies set by Google are automatically deleted after 30 days.
You can object to the use of interest-based advertising or customize it at: https://www.google.com/ads/preferences/?hl=de

Tracking by the Facebook pixel

Description and scope of data processing:

We use the so-called visitor action pixel (“Facebook pixel”, now “Meta pixel”) of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA or for the European area: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on our website.

This pixel makes it possible to track the behavior of users after they have been redirected to our website by clicking on a Facebook ad. This allows us to record and evaluate the effectiveness of our Facebook ads.

This data is collected and processed directly by Facebook. As the operator of the website, we only receive anonymized reports and evaluations that do not allow any conclusions to be drawn about individual users. However, Facebook itself can link the data collected to your Facebook profile and use it for its own advertising purposes.

The following data is processed:

When using the Facebook pixel, the following data in particular may be collected and processed:

Websites visited
Facebook ID
HTTP header (e.g. IP address, browser and device information)
Pixel-specific data (e.g. pixel ID, Facebook cookie data)
Click behavior and interactions on our website
Other technical information about your browser and operating system

Legal basis for data processing:

The Facebook pixel is only used on the basis of your prior consent in accordance with Art. 6 para. 1 lit. a GDPR, which you can give in the context of our cookie banner.

Purpose of data processing:

The aim of using the Facebook pixel is to:

to measure the effectiveness of our Facebook ads statistically and for market research purposes (conversion measurement)
to optimize future advertising measures in a targeted manner,
to display interest-based advertising (so-called “Custom Audiences”) on Facebook and in the Facebook advertising network.

This enables us to make our advertising measures more effective and more interesting.

Duration of storage:

We have no influence on the storage duration of the data collected by Facebook. This data is stored and processed by Facebook and can be linked to the respective user profile on Facebook.

Further information on data processing by Facebook can be found in the Facebook data policy: https://www.facebook.com/about/privacy/.

You can deactivate the “Custom Audiences” function in the advertising settings of your Facebook account under the following link:

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

Tracking by the Snap pixel

Description and scope of data processing:

We use the so-called Snapchat pixel on our website, a service provided by Snap Inc, 3000 31st Street, Santa Monica, CA 90405, USA.

This pixel makes it possible to track the behavior of users after they have been redirected to our website by clicking on a Snapchat ad. This allows us to record and evaluate the effectiveness of our Snapchat ads.

This data is collected and processed directly by Snap Inc. As the operator of the website, we only receive aggregated and anonymized evaluations. Snap Inc. may link the data collected to your Snapchat profile and use it for its own advertising purposes.

The following data is processed:

When using the snap pixel, the following data in particular may be collected and processed

Websites accessed
Snapchat ID
HTTP header (e.g. IP address, browser and device information)
Pixel-specific data (e.g. pixel ID, snap cookie data)
Click behavior and interactions on our website
Other technical information about your browser and operating system

Legal basis for data processing:

The Snapchat pixel is only used on the basis of your prior consent in accordance with Art. 6 para. 1 lit. a GDPR, which you can give in the context of our cookie banner.

Purpose of data processing:

The aim of using the Snapchat pixel is to measure the effectiveness of our Snapchat ads statistically and for market research purposes (conversion measurement), to optimize future advertising measures in a targeted manner, to play out interest-based advertising (custom audiences) on Snapchat.

Duration of storage:

We have no influence on the storage period of the data collected by Snap Inc. Further information on data processing by Snap can be found in the Snapchat privacy policy: https://values.snap.com/privacy/privacy-policy?lang=en-GB

Tracking by the Reddit pixel

Description and scope of data processing:

We use tracking technologies from Reddit Inc, 548 Market Street #16093, San Francisco, CA 94104, USA, on our website to measure the success of our Reddit ads. This allows us to understand which users have reached our website via our ads on Reddit and how they interact with them. This data is collected and processed directly by Reddit. We only receive aggregated evaluations that cannot be related to individual persons.

The following data is processed:

When using the Reddit pixel, the following data in particular may be collected and processed:

Visited websites
Reddit ID
HTTP header (e.g. IP address, browser information)
Pixel-specific data (pixel ID, cookie data)
Click behavior and interactions

Legal basis for data processing:

Reddit tracking is only used on the basis of your prior consent in accordance with Art. 6 para. 1 lit. a GDPR, which you can give in our cookie banner.

Purpose of data processing:

The processing is carried out for the purpose of analyzing the effectiveness of our Reddit advertisements as well as optimizing future campaigns and the targeted display of advertisements.

Duration of storage:

We have no influence on the storage duration of the data collected by Reddit. Details can be found in the Reddit privacy policy: https://www.redditinc.com/policies/privacy-policy

Tracking by the TikTok pixel

Description and scope of data processing:

We use the TikTok pixel on our website, a service provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. This pixel makes it possible to track the behavior of users after they have reached our website through a TikTok advertisement. This allows us to measure and optimize the effectiveness of our TikTok advertising. TikTok can link the data to your TikTok profile and use it for its own purposes.

The following data is processed:

When using the TikTok pixel, the following data in particular may be collected and processed:

Visited websites
TikTok ID
HTTP header (e.g. IP address, browser, device type)
Pixel and cookie data
User interactions (e.g. clicks, purchases)

Legal basis for data processing:

TikTok tracking is only used on the basis of your prior consent in accordance with Art. 6 para. 1 lit. a GDPR, which you can give in our cookie banner.

Purpose of data processing:

The objectives are to measure the success of TikTok campaigns, optimize them and place targeted advertising on TikTok.

Duration of storage:

We have no influence on the storage period at TikTok. Further information on processing can be found in the TikTok privacy policy: https://www.tiktok.com/legal/privacy-policy-eea

Tracking by the Pinterest tag / Pinterest pixel

Description and scope of data processing:

We use the Pinterest tag (Pinterest pixel) on our website, a service provided by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. The pixel is used to analyze the behavior of visitors following a Pinterest ad on our website. This allows us to measure and optimize the performance of our Pinterest advertising. Pinterest can link the data to your Pinterest account and use it for its own purposes.

The following data is processed:

When using the Pinterest pixel, the following data in particular may be collected and processed:

Visited pages
Pinterest user ID
HTTP header (IP address, browser information)
Pixel and cookie data
Interaction and purchase data

Legal basis for data processing:

Pinterest tracking is only used on the basis of your prior consent in accordance with Art. 6 para. 1 lit. a GDPR, which you can give in the context of our cookie banner.

Purpose of data processing:

The data is used to monitor the success of our Pinterest campaigns, to optimize future advertising and to display personalized advertising on Pinterest.

Duration of storage:

The storage period of the data collected by Pinterest is beyond our control. You can find details on this in the Pinterest privacy policy: https://policy.pinterest.com/de/privacy-policy

Server-Side-Tracking

Description and scope of data processing:

We use server-side tracking to collect and evaluate information about the behavior of visitors to our website. The tracking data is first transmitted to our own servers and processed there before being forwarded to an external service provider.

The server-side tracking is provided by EGO Digital, a service of EGO Marketing LLC, Egnate Ninoshvili Str. 12, Tbilisi, 0102, Georgia, as a processor on our behalf in accordance with Art. 28 GDPR. The company's servers are located in Germany. Further information on data protection at EGO Digital can be found at https://ego-digital.io/privacy-policy/.

The following data is processed:

The following data is processed in particular

IP address (possibly in abbreviated/anonymized form)
Usage and interaction data (e.g. pages visited, clicks, length of visit)
Technical information of the end device (e.g. browser type, operating system)
pseudonymized user IDs, cookie or token data (if set)
the aforementioned third-party tracking tools

Legal basis for data processing:

Data processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Purpose of data processing:

The purpose of the processing is the analysis of user behavior, the optimization of our website and offers as well as the evaluation of marketing measures.

Duration of storage:

The data will be deleted as soon as it is no longer required for the purposes for which it was collected, unless statutory retention obligations prevent deletion.

4. Integration of third-party content

This website uses content provided by third parties. This applies in particular to the integration of videos and plugins on our pages.

Integration of YouTube videos

Description and scope of data processing:

We include videos on our website from the YouTube platform, which is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is responsible for the European area.

When a page with an embedded YouTube video is accessed, a connection to the YouTube/Google servers is established. Information about your visit to our website is transmitted to YouTube. This takes place regardless of whether you are logged into a YouTube/Google account or not. In addition, YouTube may use cookies and similar technologies to evaluate information about user behavior and display personalized advertising.

Your data may be processed by YouTube in the USA and transferred there. The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

The following data is processed:

When embedding YouTube videos, the following data in particular may be collected and processed:

IP address
Information about the end device and browser used
Operating system
Pages visited (URL)
Time and duration of the visit
Referrer URL
YouTube/Google account data if applicable (for logged-in users)
Cookies and comparable identifiers

Legal basis for data processing:

The integration of YouTube videos and the associated data processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR via our cookie consent tool.

Purpose of data processing:

The purpose of integrating YouTube videos is to make our online offering more multimedia and user-friendly and to provide you with additional information in a clear form.

In addition, Google may use the data collected for its own purposes (e.g. profiling and personalized advertising).

Duration of storage:

We have no influence on the specific duration of storage and use of the data collected by YouTube. Further information can be found in Google's privacy policy: https://www.google.com/policies/privacy/

Integration of Spotify content

Description and scope of data processing:

Our website may include content from the Spotify music streaming platform (e.g. podcasts, playlists, songs). The provider of this service is Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden.

When you access a page with embedded Spotify content, a connection to the Spotify servers is established. It is technically necessary for your IP address to be transmitted to Spotify so that the content can be displayed correctly in your browser. In addition, Spotify may collect additional information about your device and usage behavior.

The following data is processed:

When accessing pages with embedded Spotify content, the following data in particular may be collected and processed:

IP address
Device and browser information
Operating system
URL of the page visited
Date and time of access
Referrer URL

If you are logged in to Spotify, Spotify may be able to associate your visit to our website with your user account.

Legal basis for data processing:

The integration of Spotify content is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR via our cookie consent tool.

Purpose of data processing:

The purpose of integrating this content is to make our website appealing and informative and to enable us to provide you with relevant audio content directly on our website.

Duration of storage:

We have no influence on the specific duration of storage and the further use of the data collected by Spotify.

Further information on data processing by Spotify can be found in Spotify's privacy policy:
https://www.spotify.com/de/legal/privacy-policy/

5. Newsletter registration

Description and scope of data processing:

You can subscribe to a free newsletter on our website. When registering for the newsletter, data from the input mask is transmitted to us. Subscription to the newsletter must then be confirmed by clicking (double opt-in).

As part of sending the newsletter, we carry out certain statistical evaluations to improve our offer. We record whether and when a newsletter is opened and which links are clicked on. For this purpose, the emails contain so-called web beacons (invisible image files) or similar technical aids, which are loaded from the server when the newsletter is opened.

The newsletter is sent by the provider Data Talks AB, Kungsbroplan 3 A, 11227, Stockholm, Sweden. We use this company as a processor and have concluded a data processing agreement.

The following data is processed:

E-mail address of the person(s) concerned

We also process data for the evaluation of user behavior during newsletter interaction:

technical information (e.g. browser type, time of access, IP address)
e-mail address and an anonymized identifier, which are linked.

We use this information exclusively to adapt the content of our newsletter to the interests of our readers and to continuously optimize our offer.

Legal basis for data processing:

You declare your consent to the processing of the data as part of the registration process. Reference is made to this privacy policy.
The legal basis for the processing of data after registration for the newsletter by the user is your consent, Art. 6 para. 1 lit. a GDPR.

Purpose of data processing:

The purpose of collecting the user's email address is to deliver the newsletter and to evaluate the interaction with the newsletter. The data is used exclusively for sending and evaluating the newsletter.

Duration of storage:

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's data will therefore be stored for as long as the subscription to the newsletter is active.

The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter. This also makes it possible to withdraw consent to the storage of personal data collected during the registration process.

6. Competitions

Description and scope of data processing:

From time to time, our website offers the opportunity to take part in competitions. For this purpose, it is necessary to provide a means of communication with the participants

The following data is processed:

Name of the participant
E-mail address of the participant

Legal basis for data processing:

The legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR, the contract concluded with us for participation in the competition.

Purpose of data processing:

The purpose of collecting the name and e-mail address of the participant is to inform the winner of the prize.

Duration of storage:

The data will be deleted as soon as it is no longer required for the purpose for which it was collected, namely once the winner has been drawn and notified.

V. Pre- and post-contractual customer contact, ticket purchase and personalization

1. Pre-registration, purchase/resale of tickets and personalization

Description and scope of data processing:

If you use the opportunity to register with us for ticket sales during pre-registration or to buy or resell tickets as part of ticket sales and to personalize purchased tickets to your person, we will collect, process and store your necessary personal data as part of the processing of your order.
For the complete processing of pre-registration, ticket purchase, resale and personalization of tickets, we work together with TicketPAY Europe GmbH, Herbert-Rust-Weg 27, 59071 Hamm, Germany, which we have appointed as a processor. The above-mentioned data is transmitted to this processor. The privacy policy of TicketPAY Europe GmbH is available here: https://manage.ticketpay.de/documents/agb/tpeu_privacy_de.pdf

The following data is processed:

Your name and address
Your date of birth
Your e-mail address

Legal basis for data processing:

The legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR, the implementation of pre-contractual measures and the contract then concluded with us for the purchase of tickets and access to our event (access authorization).

Purpose of data processing:

We store your data to process your ticket order. We also store the data to enable you to resell your ticket via our ticket exchange and to personalize the tickets you have purchased.

Duration of storage:

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the performance of the contract when the obligations arising from the contract have been fulfilled and warranty claims no longer exist. Retention obligations due to mandatory statutory provisions - in particular retention periods under tax and commercial law - remain unaffected by this.

2. PAROOKAVILLE Post

Description and scope of data processing:

In the run-up to our event, we may send you information about the “Parookaville” event by post (Parookaville Post).

The following data is processed:

Name
Postal address

Legal basis for data processing:

The legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR, based on the contract concluded with us for the purchase of tickets and access to our event (access authorization).

Purpose of data processing:

The purpose of data processing is to make contact in order to send information about the event in haptic form, regardless of the availability of an electronic device.

Duration of storage:

3. Bestandskundenansprache

Description and scope of data processing:

Irrespective of a separate newsletter registration via our website, we may use the e-mail address and the name of persons who have established a customer relationship with us in the past by purchasing a ticket or by personalizing a ticket purchased via a third party (so-called existing customers), provided that we have pointed this out to them in advance. In this context, we send e-mail messages with advertising content to existing customers.

The following data is processed:

Your name
E-mail address
Information on ticket purchase or ticket personalization
Any other contact details provided voluntarily

Legal basis for data processing:

The processing of personal data is based on our legitimate interest in direct advertising to existing customers in accordance with Art. 6 para. 1 lit. f GDPR. In doing so, we take into account that your legitimate interests or fundamental rights and freedoms do not prevail.

Purpose of data processing:

The purpose of the processing is to address our existing customers in order to inform them specifically about special offers, price changes, ticket quotas or other products and services in connection with our events.

Duration of storage:

The data will be stored for as long as a customer relationship exists or until you object to the use of your data for advertising purposes. You can object to the use of your personal data for contacting existing customers at any time. You will find a corresponding unsubscribe link in every e-mail. Your objection will mean that we will no longer contact you by e-mail for advertising purposes in future.

4. Customer-Relationship-Management (CRM) / Customer-Data-Platform (CDP)

Description and scope of data processing:

We use the customer data platform of the external service provider Datatalks (category: provider of CRM and CDP solutions) to manage customer and prospective customer relationships and to analyze and optimize marketing and sales activities. The processor Datatalks, based at Kungsbroplan 3A, 112 27 Stockholm, Sweden, processes personal data exclusively on our behalf and in accordance with our instructions on the basis of an order processing contract pursuant to Art. 28 GDPR

The following data is processed:

In particular, the following data is processed

Contact data (e.g. name, address, e-mail address, telephone number)
Contract and order data (e.g. products, services, contract content, invoice data)
Communication data (e.g. content of inquiries, correspondence)
Usage data (e.g. reactions to marketing measures, click behavior in newsletters, participation in promotions)

Legal basis for data processing:

Processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient customer and prospect management and marketing activities). If necessary (e.g. when sending newsletters or personalized advertising), it is carried out on the basis of Art. 6 para. 1 lit. a GDPR (consent).

Purpose of data processing:

Management of customer and prospective customer relationships
Analysis and optimization of marketing and sales activities
Improvement of our services
Targeted approach of customers and interested parties

Duration of storage:

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, provided there are no statutory retention periods. As a rule, deletion is based on the retention periods of the respective data (category), any objections to data processing and the expiry of the retention periods under commercial and tax law, provided that there is no further requirement.

VI. Realization of the event

1. Age verification

You are admitted to our event if you are at least 18 years of age at the time of the event. We will therefore carry out age verification upon admission to the event. Your ID data will not be stored.

2. RFID wristbands

Access to the site

Description and scope of data processing:

When you enter the event, you will receive a wristband from us on presentation of your ticket, on which your access authorization is stored. This wristband uses RFID technology. Only a unique sequence of numbers is stored on the wristband itself, but no data with direct personal reference.

We have the option of reading the number sequence and comparing it with our data in order to identify you. This enables us to grant you access to the event and the areas to which your booked ticket provides access. During the event, we may offer you the opportunity to voluntarily identify yourself with your wristband, for example to take part in competitions.

We work together with Global Event Technologies GmbH & CO KG, Neualmerstraße 37, 5400 Hallein, Austria (“GET”), which we have appointed as a processor, for the complete processing of access authorization. GET's privacy policy is available here: https://www.get.systems/privacy-policy/

The following data is processed:

Number sequence of the RFID chip
The access authorization data collected during the purchase and personalization process (above under V. 1.)

Legal basis for data processing:

The legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR, the contract concluded with us for the purchase of tickets and access to our event (access authorization).

Purpose of data processing:

We store and process your data to grant access to our event site by means of the RFID wristbands used.

Duration of storage:

Cashless Payment

Description and scope of data processing:

At the Parookaville Festival, payment is only possible without cash (cashless payment). For this purpose, we have commissioned Global Event Technologies GmbH & CO KG, Neualmerstraße 37, 5400 Hallein, Austria (“GET”) with the implementation of cashless payment. You can be redirected directly to GET via a link on our website, register there and top up the RFID wristband for payments by entering your payment details. We have concluded an order processing agreement with GET for this purpose. Registration with GET and the resulting processing of your personal data is voluntary.

The RFID wristband can also be used without registering with GET, directly by paying at one of the terminals or the “Bank of Parookaville” (counter). This makes it possible to top up the wristband without having to provide additional personal data. However, a refund of unused credit requires registration via GET.

When registering via GET, your personal data may be transferred to the USA. Detailed information on data processing at GET can be found in GET's data protection information at https://www.get.systems/privacy-policy/.

Legal basis for data processing:

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR when registering on GET.
The processing for the purpose of refunding credit on the RFID wristband is justified by our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to carry out the refunds as efficiently as possible.

Purpose of data processing:

We process your data to enable the use of the cashless payment system, in particular to enable top-ups, process cashless payments and carry out refunds as efficiently as possible.

Duration of storage:

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. When using cashless payments, this is usually the case when all obligations have been fulfilled (i.e. usually until any credit balance has been refunded). Retention obligations due to mandatory statutory provisions - in particular retention periods under tax and commercial law - remain unaffected by this.

3. Photo and video recordings during the event

Description and scope of data processing:

During our event, photos and video recordings are made that may also show visitors to the event. Insofar as persons are recognizable or identifiable in the recordings, this involves the processing of personal data. As our event is open to the public, we assume that you expect to be recorded accordingly as a participant in the event.

The recordings are not made secretly or covertly and not:

if you are affected in your private sphere,
if you would be portrayed in a situation that could be discrediting or entail the risk of discrimination,
if you have clearly expressed that you do not wish to be included.

The recordings are only made:

if a large number of people are being photographed together with you (group shots),
to depict the event as such,
if you merely appear as an “accessory” next to the landscape or location,
if you convey a representative impression of the event by standing out from the audience

The recordings are made by our own employees or by persons commissioned by us (processors within the meaning of Art. 28 GDPR).

Insofar as media representatives, photographers or cameramen accredited by us make recordings, they act under their own responsibility under data protection law.

The recordings are transmitted to the public and made available to the operators of media companies, websites and other services for the purpose of publication and use. This includes publication and distribution via our websites, social media channels and microblogging services (e.g. Twitter) as well as via radio, TV and print media (e.g. as part of press releases).

With a few exceptions, social media and microblogging services have their server locations abroad, in particular in the USA. The transfer of personal data to the USA takes place on the basis of the adequacy decision pursuant to Art. 45 para. 1 GDPR within the framework of the EU-US Data Privacy Framework. Providers that are certified under this data protection agreement thus undertake to comply with the European level of data protection. You can find a list of certified companies at https://www.dataprivacyframework.gov/.“

We do not transmit recordings with your personal data to other third parties beyond the recipient groups listed above, unless there is a legal obligation to do so.

The following data is processed:

Photos and video recordings in which you are recognizable or identifiable.

Legal basis for data processing:

The processing of personal data is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR), whereby your interests or fundamental rights and freedoms, which require the protection of personal data, do not prevail.

An objection (see VII. below) can be communicated to the person on site who is taking photographs or filming. In the event of a justified objection, we will make you unrecognizable in recordings that allow your person to be identified, remove your portrait or delete the images completely.

Purpose of data processing:

The recordings are created, stored, processed and published:

to the documentation of the event,
for reporting on the event,
to promote subsequent events,
for our public relations work.

Duration of storage:

The recordings not used for the above-mentioned purposes are stored for a period of two years and then deleted. The published recordings will be removed from our own websites and deleted after five years at the latest. If the recordings are used to document the event, they will be stored for an unlimited period of time.

When using selected images in social media and similar services, other conditions apply in accordance with the data protection guidelines of the respective network operators.

VII. Rights of the person concerned

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right to information

You can exercise your right to information in accordance with Art. 15 GDPR at any time as to whether personal data concerning you is being processed by us.

Right to rectification

You can exercise your right to rectification at any time in accordance with Art. 16 GDPR and request the rectification of inaccurate personal data concerning you.

Right to restriction of processing

You can exercise your right to restrict processing against us at any time in accordance with Art. 18 GDPR and request the restriction of processing, provided that the legal requirements for this are met.

Right to erasure

You can exercise your right to erasure against us at any time in accordance with Art. 17 GDPR and demand that personal data concerning you be erased immediately if this data is no longer necessary for the purposes for which it was collected or otherwise processed.

Right to information

You can exercise your right to information in accordance with Art. 19 GDPR at any time. If you have asserted a right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

Right to data portability

You can exercise your right to data portability vis-à-vis us at any time in accordance with Art. 20 GDPR. You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible.

Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures using technical specifications.

Right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

VIII. Status and changes

Status: 29.06.2025

The provisions of this Privacy Policy of Parookaville GmbH apply in their current version at the time of use of our website.

We reserve the right to amend this privacy policy at any time in compliance with the applicable data protection regulations. Adjustments will be made in particular if this appears necessary for better comprehensibility, if legal or official requirements make this necessary or if changes are made to our services or the type of data processing.

If adjustments are necessary that require the consent of the data subject, we will only make these changes with the express consent of the data subject. data subject. We will communicate significant changes by e-mail or by means of a corresponding notice on our website.

The current privacy policy is available at any time on our website at https://www.parookaville.com/en/datenschutz and can be printed out there. We recommend that you regularly inform yourself about the current status of this privacy policy.