Data Privacy Policy
Data Privacy Policy
Introduction
How can you contact us?
What do certain terms mean?
Which types of personal data do we process?
Why and on which legal grounds do we store personal data?
How do we use cookies, analysis and tracking tools, and social media logins?
Who do we transfer personal data to?
How do we work with our partners to provide services to you?
Why do we work with international partners?
Which data privacy settings can you change?
How can you withdraw your consent?
What are your rights?
How do we protect your personal data?
How can minors use our services?
What other information should you know?
Introduction
The purpose of this data privacy policy is to inform you about how we process personal data in our company. In doing so, we are complying with our obligations as per the German Telemedia Act (in German: Telemediengesetz or TMG for short) and the European General Data Protection Regulation (EU-GDPR, EU 2016/679), in particular those laid out in Articles 13-14 and Article 26 (2).
Please read this data privacy policy carefully. Contact us if you have any questions.
Protecting your privacy is always a top priority here at Silverdust. Silverdust is the organizer of the SUMMER BREEZE Open Air festival in Dinkelsbühl, Germany. In this context, Silverdust sells tickets and merchandise through an online shop. Silverdust also owns the online shop “Victorious Merch”, which sells merchandise for the band Amon Amarth. Silverdust Clothing is Silverdust’s own embroidery business for merchandise and a range of commissioned work. Protecting your personal data is very important to us.
This policy describes how we process certain information about you, your computer, or your mobile device (“device”). This information might contain personal data.
In this document, we also explain how we use cookies and analysis tools throughout our entire website and in our products and services.
Please note that we might add additional terms to our data privacy policy depending on the product or service in question.
We observe the currently applicable data privacy laws and this data privacy policy at all times. We only transfer data as described in this policy.
How can you contact us?
You can contact us at the following address:
Silverdust GmbH
Summer-Breeze-Weg 1
73453 Abtsgmünd, Germany
info@summer-breeze.de
What do certain terms mean?
Anonymization
The data is modified in such way that it is no longer possible to associate it with an individual.
Activity Data
Data we store about the user’s activities.
Analysis Tools
Software that allows us to evaluate user behavior.
Cloud
The use of IT infrastructures and services we do not maintain on our local computers on site but are provided via a network (e.g. the Internet) by a service provider we have engaged.
Cookies
Cookies are small text files stored on your computer or in your browser.
Devices
A (mobile) device, e.g. smartphones, tablets, notebooks, and PCs, with which you can use apps or programs and information services.
Personal Data
Information regarding a specific or identifiable natural, living person.
Pseudonymization
The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject.
Malware
Software programmed to cause damage to a device.
Which types of personal data do we process?
When you use our services, websites, or visit the Summer Breeze festival, we process a variety of data. This data may directly or indirectly include personal data. Indirectly means that it may include personal data if used together with other sources of data.
We collect much of this data in a pseudonymized or anonymized form.
Among other data, we collect the following information:
Information on your visit to our websites:
When you visit our website, we might store information on the region from which you accessed our website, information about your device, operating system, and browser, on how you use our website, and whether you have visited us before.
Information about your registration:
You will need to open an account to purchase some of our products or services. When you open your account, we collect personal data, for example: your name, IP address and, where applicable, your telephone number and address.
If you are using a mobile device, we might collect further information, e.g.: which device you used and its operating system.
Support requests:
If you contact us to submit a support request, for example, we save the data related to this request, e.g.: contact data and your name.
Ticketing:
When you purchase event tickets, we collect data at different points during the process, depending on the platform you use for your order. This may include personal data.
Location:
We need to know the location of your device in order for some features to work.
Cashless Payment and Access Control at the Festival:
At SUMMER BREEZE Open Air, goods and services can only be purchased using cashless payment. For this purpose, we use the cashless payment feature (“GET Pay”) provided by Global Event Technologies GmbH & Co. KG, Neualmerstraße 37, 5400 Hallein, Austria (“GET”). Access control is also partially managed using GET’s software and devices. GET processes personal data within the scope of GET Pay as a data processor, exclusively based on our instructions. For more information on how GET processes data, please see GET’s privacy policy for GET Pay at https://www.get.systems/privacy-policy/.
Below we inform you about the specific data processing procedures involved:
1 Operation of the Event Portal
Before the event, you can register on the web-based event portal (“Event Portal”) and top up your credit for the festival. A link on our event website will take you directly to the Event Portal, where you can register using your festival ticket number. When registering with your ticket number, the portal stores relevant ticket details (access info, ticket type, etc.). You may also enter additional personal data (name, date of birth, address, etc.) to complete your profile and help us contact you in case of issues or questions.
Registration for the Event Portal and the processing of your personal data is voluntary and enables cashless payments at the festival, allowing you to purchase goods and services quickly and securely. Even without registration, you will receive a festival wristband with an RFID chip upon arrival.
Legal basis: Processing is necessary for fulfilling the contract between you and us (Art. 6(1)(b) GDPR). Additionally, it is based on our legitimate interest in providing simple, secure, and fast access control and payment at the festival (Art. 6(1)(f) GDPR).
2 Topping Up Credit
Once registered, you can use the portal shop to purchase credit via various payment methods before the festival starts. This credit is loaded onto the RFID chip in your wristband at the festival entrance, so you’re ready to go immediately.
It is also possible to top up your chip without registering with GET. This can be done on-site using cash or debit/credit card at one of our top-up stations. No personal data is required for this. However, to request a refund of remaining credit after the festival, personal data is necessary.
Legal basis: Fulfilling the contract with you (Art. 6(1)(b) GDPR) and our legitimate interest in enabling simple, secure, and fast payment and access control (Art. 6(1)(f) GDPR).
3 Issuance of Festival Wristbands with RFID Chip
When attending SUMMER BREEZE Open Air, you’ll receive a wristband with an RFID chip linked to your ticket number. If you registered beforehand, your profile will also be linked to the chip, giving you instant access to your preloaded credit.
Through the Event Portal, we can track which tickets (and ticket numbers) have been issued wristbands. This helps us verify service usage and prevent fraud.
Legal basis: Fulfillment of the contract with you (Art. 6(1)(b) GDPR) and our legitimate interest in fraud prevention (Art. 6(1)(f) GDPR).
4 Access Control
The RFID wristbands are used for access control. Either you or our staff will scan the wristband upon entering the festival site or specific areas. The date and time of entry or exit are recorded.
Legal basis: Fulfillment of the contract with you (Art. 6(1)(b) GDPR) and our legitimate interest in fraud prevention (Art. 6(1)(f) GDPR).
5 Payments with the RFID Chip
To make payments, your RFID chip is scanned to verify sufficient balance. If the credit is sufficient, the amount is deducted. A receipt is generated in your profile, which you can view, save, and download later.
When redeeming cup deposits or processing refunds (e.g., for returned items), your chip is scanned and the amount is credited back.
Personal data is only processed if you’re identifiable via your profile, i.e., if you registered in the portal.
Legal basis: Fulfillment of the purchase or service contract with the merchant (Art. 6(1)(b) GDPR) and our legitimate interest in offering cashless payments at the event (Art. 6(1)(f) GDPR).
6 Refund of Credit After the Event
You can request a refund of unused credit through the Event Portal. Registration is required. After a transition period (starting October 31, 2025), refunds will no longer be processed through the portal but via email at cashless@summer-breeze.de.
Legal basis: Fulfillment or processing of the contract between you and us regarding the use of credit (Art. 6(1)(b) GDPR).
7 Support in Case of Problems
If you have issues with your chip or lose it, you can contact staff at the Cashless TroubleShooting Container. They can block the old chip in the system and issue a new one linked to your account and balance.
Legal basis: Fulfillment of the festival attendance contract between you and us (Art. 6(1)(b) GDPR).
For technical problems with the web-based portal, you can contact GET directly via the communication tools provided there. GET acts as a data processor on our behalf in this case.
8 Statistical Analysis of Transactions
Anonymized statistical analyses of transactions (e.g., goods sold, services used) are generated through the Event Portal. These analyses do not allow conclusions about individual visitors.
Legal basis: Our legitimate interest in evaluating visitor demand and improving the festival offering (Art. 6(1)(f) GDPR).
The portal also generates billing data for individual vendors and service points, which contain no personally identifiable visitor data. If audits are necessary, individual transactions may be traced—where technically feasible, this is done anonymously.
Legal basis: Vendors’ legitimate interest in verifying accurate billing (Art. 6(1)(f) GDPR).
9 Data Retention
Your personal data is deleted once the purpose or legal basis for storing it no longer applies—usually after the full refund of any remaining credit post-festival—provided no legal retention obligations apply. Retention obligations under §§ 257 HGB and 147 AO require storage for ten or six years, respectively. Additional retention periods may apply for our staff, e.g., five years under § 165 SGB VII for payroll documentation related to accident insurance. In some cases, data may be stored longer if legal claims are expected or need to be asserted by or against us or vendors. In such cases, data is stored only as long as necessary to assert or defend such claims.
10 Data Transfer to Third Countries
Event Portal data is generally stored within the European Union. If service providers outside the EU are used (especially subcontractors), the requirements of Articles 44ff GDPR are met to ensure adequate data protection. Transfers are usually based on an adequacy decision by the European Commission under Art. 45 GDPR. A list of such countries and adequacy decisions is available at:
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
For transfers to the USA, it is ensured that the data importer is certified under the EU-U.S. Data Privacy Framework. More information: https://www.dataprivacyframework.gov/list
Transfers may also be based on the EU Commission’s Standard Contractual Clauses.
Why and on which legal grounds do we store personal data?
Purposes of processing:
We process your data, whether they can be attributed to a person or not, for the following purposes:
• To meet our contractual obligations to you.
• To ensure the use of our products and services without problems.
• To ensure the user friendliness and ease of use of our products and services.
• To improve and optimize the features, security, safety, and stability of our products and services.
• For administrative purposes.
• To display ads tailored to your interests and provide you with relevant information.
• To comply with the requirements imposed by public law and other regulations.
Contract initiation and fulfillment
In principle, we only store the personal data we need to meet our contractual obligations to you.
Legal obligations
Public law requires us to collect, store, and transfer data to public authorities and their representatives. This may also be necessary to fulfill a public duty.
Consent
In some instances, your consent serves as a basis for our right to process data. In these cases, we will inform you about this possibility and give you the opportunity to grant us your consent.
In these cases, we will inform you about the purpose of data processing and about your right to withdraw your consent.
Legitimate interest
We also might process data based on a legitimate interest on our part. In this case, we are obligated to inform you about our interest and weigh our interests against your own. This applies to the following processes:
Time limits for storage and deletion
We only store the personal data we need to fulfill the purpose for which they are collected. The time limit for storage is based on statutory requirements and the duration of our contractual relationship.
Once the data is no longer in use, we will anonymize and/or delete it as required by law.
If you request that your data be deleted, please note that we will block your data immediately; however, technical restraints may cause a delay of up to 30 days until we can permanently delete your data.
Please also note that once we confirm your request to delete your data, it will no longer be possible to recover it.
How do we use cookies, analysis and tracking tools, and social media logins?
If you use one of our websites or services, your browser will download cookies. Cookies make it possible to identify your browser, for example, to ensure that our website is displayed correctly. We also use cookies on different pages of our website to analyze how you use our website. This information can then be used to optimize the site, for example: the shopping cart features for orders placed in our online shop.
In addition to our own systems, we also use tools from other providers (listed below) for marketing purposes to improve your user experience and make our products/services easier to use.
Analysis Tools
Google Analytics
We use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies that allow us to analyze how you use our website. The data on how you use our website is, as a rule, processed on European servers in compliance with the GDPR. Google might transfer data to a server in the USA and store it there. Before such a transfer, however, Google will truncate and anonymize your IP address if it originates from a member state of the European Union or of the European Economic Area (anonymizeIP procedure by Google). Only in exceptional cases will an IP address be transferred and stored on a server in the USA without being truncated first. Anonymization ensures that your IP address cannot be traced back to you. Google uses this data to evaluate how you use the website, to create reports on website activities for Silverdust, and to provide other services related to the use of the website and the Internet. If necessary, Google may transfer data to third parties if required by law or if third parties process said data on behalf of Google. Google will not link your IP address to other data collected and stored by Google.
You can prevent Google from collecting and processing data generated by cookies and data related to how you use the website (incl. your IP address) by downloading and installing the plug-in provided by Google for this purpose.
Who do we transfer personal data to?
We do no transfer your personal data to third parties for any reason other than those listed below.
We only transfer your personal data to third parties if:
• You have given us your express consent to process your personal data
• It is legally permissible and necessary to fulfill our contract with you
• A legal obligation makes it necessary for us to transfer data to a third party
• The transfer of data is based on a special interest and there is no reason to assume that you have a greater legitimate interest in your data not being disclosed
We transfer data to the following recipients or categories of recipients on the aforementioned grounds:
• Employees (internal and external)
• IT infrastructure service providers
• Payment processing providers
• Service providers offering support
• Software service providers
• Providers of analysis tools
• Other service providers
• Public authorities
Why do we work with international partners?
We use a global IT infrastructure network to provide our services, e.g. computers, cloud-based servers, networks, and software solutions.
These partners are based in different countries, some of them outside the European Union. Not all of these countries have established laws to protect data to the extent the European Union has. Therefore, we have taken a series of measures in accordance with the GDPR to ensure the greatest possible degree of protection for your personal data. These include:
• Collaborating with companies in a country that has the approval of the European Union obtained through an adequacy decision
• Collaborating with companies in accordance with the EU-US Privacy Shield
• Collaborating with companies based on EU standard contractual clauses
• Collaborating with companies on the basis of agreed guarantees
We insist that our partners guarantee the certainty of these measures within the context of the statutory requirements.
Furthermore, in special cases it is possible to transfer data with your express consent.
Which data privacy settings can you change?
When using our products, you have several different selection and configuration options. We will usually explain these options to you when you first use them or register a new account. By changing the settings, some services may no longer function properly.
How can you withdraw your consent?
If you gave us your consent to process your personal data in a certain way, e.g. to subscribe to a newsletter or receive third-party offers, you have the right to withdraw your consent – fully or partially – at any time. Please contact us to do so.
Should the data be processed after considering the legitimate interests as described in Art. 6 (1) lit f GDPR, you also have the right to object to your data being processed as long as there are reasons to do so based on your special circumstances or if they are processed for direct marketing purposes.
In the case of direct marketing, you have a general right to object without being required to provide details on special circumstances. Please inform us in writing if you object to us processing your personal data.
What are your rights?
Unless restricted by law, you have the following rights:
The right to information, rectification, erasure, restriction of processing, data portability, and the right to object.
Please note that we, as required by law, reserve the right to ask for identification and, if necessary, take additional measures to unambiguously verify your identity.
Right to information:
Contact us if you wish to obtain information about the personal data we have stored.
Right to rectification:
If the information we have stored is not correct, please provide us with your correct information in writing.
Right to erasure:
If you would like us to erase your data, we will do so in accordance with the statutory regulations.
However, please note that statutory regulations require us to store certain types of data for an extended period of time, e.g. during the retention period for accounting documentation of 10 years (German Fiscal Code) or on the grounds of warranty (3 years).
Furthermore, please note that we will block your data immediately. However, due to technical limitations, it can take up to 30 days for your data to be deleted permanently.
Please also note that once we confirm your request to delete your data, it will no longer be possible to recover it.
Right to restriction of processing:
You have the right to restrict how and to what extent your data is processed. Please inform us about the categories of data you consider relevant and the reasons for restricting their processing. We will review the facts immediately and inform you about the results.
Right to data portability:
Please inform us in writing about which data you wish to have transferred and to whom. We will review your request immediately and inform you about the results.
Right to lodge a complaint:
If you are not satisfied with how we protect your data, you have the right to lodge a complaint with the supervisory authority responsible for data protection in your country. For example, for Silverdust GmbH, this would be the Commissioner for Data Protection and Freedom of Information of Baden-Württemberg, whom you can contact by writing to:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Postfach 10 29 32, 70025 Stuttgart, Germany (PO box)
Königstrasse 10a, 70173 Stuttgart, Germany
.
How do we protect your personal data?
Silverdust has taken measures in line with the data protection laws that correspond to the latest codes of practice in the industry to protect your personal data. We review and, if necessary, adjust these measures on an ongoing basis. Our goal is to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized access by third parties.
We encrypt our communication with SSL (Secure Socket Layer) to transfer data between our websites, apps and back-end systems.
We protect the systems and processes with a variety of technical and organizational measures. These include, among others: data encryption, pseudonymization, anonymization, logical and physical access restriction and control, firewall and recovery systems, integrity tests.
Our employees undergo regular training on how to handle personal data sensitively and must observe data privacy as required by law.
How can minors use our services?
Minors may not use and install our products and services.
What other information should you know?
Changes to the current privacy policy.
This data privacy policy is reviewed at irregular intervals to keep it up to date with the current developments in our company, our products and services, statutory regulations, and social developments.
Last updated: July 4th, 2025