Data protection regulations of the stuttgart rail project-ulm 

Purpose and scope of the processing of personal data

We process the personal data of our users exclusively in order to provide a functional website in connection with our content and services. Alternatively, the user has expressly consented to the processing. The processing of our users' personal data generally only takes place with the user's consent. An exception is made in situations where it is not possible to obtain consent in advance and data processing is permitted by law.

If we obtain the consent of the data subject for the processing of personal data, this serves as the legal basis in accordance with Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR).

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing. Our legitimate interest in the processing lies in the operation of the website, the dispatch of orders and advertising purposes. Some functions of our website cannot be offered without the use of cookies.

Some data processing operations are only possible with your express consent. You can withdraw your consent at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the legislator in regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned regulations expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Each time the website is accessed, the system automatically collects data and information from the accessing computer. Information is collected about the browser type and version used, the user's operating system, the user's Internet service provider, the user's IP address, the date and time of access, the websites (from which the user's system accesses our website) and websites that are accessed by the user's system via our website. The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. We do not pass this data on to third parties. However, we may use service providers for commissioned data processing. In this case, there is the possibility of transfer to a service provider.

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. The data is stored in log files to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of the information technology systems. These purposes include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.

Our website uses cookies. We use cookies to make our website more user-friendly. The user data collected in this way is pseudonymized by technical precautions. The data processed by cookies, which are required for the proper functioning of the website, are necessary to safeguard the legitimate interests of the organizer and third parties in accordance with Art. 6 para. 1 lit. f GDPR.

For all other cookies, you have given your consent to this via our opt-in cookie banner within the meaning of Art. 6 para. 1 lit. a GDPR.

When accessing the website, users are informed by a cookie banner about the use of cookies for analysis purposes and referred to this privacy policy. This cookie banner also enables the user to prevent this type of cookie directly. These cookies are not stored until the user has given their explicit consent.

As a matter of principle, we do not pass on personal data to third parties. However, we may use service providers for commissioned data processing. In this case, it is possible to pass on data to a service provider.

Data processing only takes place in the European Union.

You have the right to information about the personal data we process about you. You also have the right to rectification, erasure or restriction of processing, insofar as you are legally entitled to do so.

Furthermore, you have the right to object to the processing within the framework of the legal requirements. The same applies to the right to data portability.

In particular, you have the right to object to the processing of your data in accordance with Art. 21 (1) and (2) GDPR if this is based on a balancing of interests.

Finally, you have the right to lodge a complaint with a supervisory authority responsible for data protection.

Use of the ticket software ditix.io

We use the ticket system on our website ditix.io diginights GmbH, Ferdinand-Braun-Straße 17, 74074 Heilbronn, to sell tickets, etc. for our events.

To enable ticket sales and dispatch via ditix.io the data entered during the ordering process is transferred to the servers of the ticket software and stored there.

This data is only used to fulfill the contract and is deleted after the statutory retention periods have expired.

When purchasing tickets, etc., you can optionally use ditix.io you can subscribe to a newsletter. If this option is activated when purchasing a ticket, this information is also transmitted to the ticket software servers and stored there.

In addition, a confirmation email will be sent to the email address provided in the order process, asking you to confirm your subscription to the newsletter. Newsletters will only be sent after confirmation by clicking on the link provided in the confirmation email.

After confirmation, we use the e-mail addresses obtained in this way for marketing and information campaigns relating to the event for which tickets were purchased and other similar events.

You can unsubscribe from the newsletter at any time via a link provided in the newsletter ("Unsubscribe").

If you unsubscribe from the newsletter, the data stored for the purpose of sending the newsletter will be deleted automatically.

Our website uses additional functions of web analysis services after opt-in by the visitor. The detailed list including a description and further detailed information on the cookies used can be viewed in the cookie banner.

There are several contact forms on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. This includes the name entered, the email address, the subject and the message.

This data is not stored. This website processes the data provided directly and sends it as an e-mail to an internal mailbox of the site operator.

This enables the website operator to contact you via the email address provided. In this case, the personal data of the user transmitted with the email will be used by the website operator for the purpose of establishing contact.

No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation.

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

You have the right to free information about your stored personal data, the origin of the data, its recipients and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time within the framework of the applicable legal provisions. You can contact us at any time using the contact options listed in the legal notice if you have any further questions on the subject of personal data.

Under the following conditions, you may request the restriction of the processing of your personal data:

• if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
• if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may only be processed - apart from being stored - with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the controller.

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to third parties. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. The following link provides a list of data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html