Data Privacy Policy

Data Privacy Policy

Introduction
How can you contact us?
What do certain terms mean?
Which types of personal data do we process?
Why and on which legal grounds do we store personal data?
How do we use cookies, analysis and tracking tools, and social media logins?
Who do we transfer personal data to?
How do we work with our partners to provide services to you?
Why do we work with international partners?
Which data privacy settings can you change?
How can you withdraw your consent?
What are your rights?
How do we protect your personal data?
How can minors use our services?
What other information should you know?

Introduction

The purpose of this data privacy policy is to inform you about how we process personal data in our company. In doing so, we are complying with our obligations as per the German Telemedia Act (in German: Telemediengesetz or TMG for short) and the European General Data Protection Regulation (EU-GDPR, EU 2016/679), in particular those laid out in Articles 13-14 and Article 26 (2).
Please read this data privacy policy carefully. Contact us if you have any questions.
Protecting your privacy is always a top priority here at Silverdust. Silverdust is the organizer of the SUMMER BREEZE Open Air festival in Dinkelsbühl, Germany. In this context, Silverdust sells tickets and merchandise through an online shop. Silverdust also owns the online shop “Victorious Merch”, which sells merchandise for the band Amon Amarth. Silverdust Clothing is Silverdust’s own embroidery business for merchandise and a range of commissioned work. Protecting your personal data is very important to us.
This policy describes how we process certain information about you, your computer, or your mobile device (“device”). This information might contain personal data.
In this document, we also explain how we use cookies and analysis tools throughout our entire website and in our products and services.
Please note that we might add additional terms to our data privacy policy depending on the product or service in question.
We observe the currently applicable data privacy laws and this data privacy policy at all times. We only transfer data as described in this policy.

How can you contact us?

You can contact us at the following address:
Silverdust GmbH
Summer-Breeze-Weg 1
73453 Abtsgmünd, Germany
datenschutz@summer-breeze.de

You can contact our data protection officer here:
Goalgetter GmbH
datenschutz@summer-breeze.de
Willhoop 3
22453 Hamburg, Germany

What do certain terms mean?

Anonymization
The data is modified in such way that it is no longer possible to associate it with an individual.

Activity Data
Data we store about the user’s activities.

Analysis Tools
Software that allows us to evaluate user behavior.

Cloud
The use of IT infrastructures and services we do not maintain on our local computers on site but are provided via a network (e.g. the Internet) by a service provider we have engaged.

Cookies
Cookies are small text files stored on your computer or in your browser.

Devices
A (mobile) device, e.g. smartphones, tablets, notebooks, and PCs, with which you can use apps or programs and information services.

Personal Data
Information regarding a specific or identifiable natural, living person.

Pseudonymization
The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject.

Malware
Software programmed to cause damage to a device.

 

Which types of personal data do we process?

When you use our services, websites, or visit the Summer Breeze festival, we process a variety of data. This data may directly or indirectly include personal data. Indirectly means that it may include personal data if used together with other sources of data.
We collect much of this data in a pseudonymized or anonymized form.
Among other data, we collect the following information:

Information on your visit to our websites:
When you visit our website, we might store information on the region from which you accessed our website, information about your device, operating system, and browser, on how you use our website, and whether you have visited us before.

Information about your registration:
You will need to open an account to purchase some of our products or services. When you open your account, we collect personal data, for example: your name, IP address and, where applicable, your telephone number and address.
If you are using a mobile device, we might collect further information, e.g.: which device you used and its operating system.

Support requests:
If you contact us to submit a support request, for example, we save the data related to this request, e.g.: contact data and your name.

Ticketing:
When you purchase event tickets, we collect data at different points during the process, depending on the platform you use for your order. This may include personal data.

Location:
We need to know the location of your device in order for some features to work.

Why and on which legal grounds do we store personal data?

Purposes of processing:
We process your data, whether they can be attributed to a person or not, for the following purposes:
• To meet our contractual obligations to you.
• To ensure the use of our products and services without problems.
• To ensure the user friendliness and ease of use of our products and services.
• To improve and optimize the features, security, safety, and stability of our products and services.
• For administrative purposes.
• To display ads tailored to your interests and provide you with relevant information.
• To comply with the requirements imposed by public law and other regulations.

Contract initiation and fulfillment
In principle, we only store the personal data we need to meet our contractual obligations to you.

Legal obligations
Public law requires us to collect, store, and transfer data to public authorities and their representatives. This may also be necessary to fulfill a public duty.

Consent
In some instances, your consent serves as a basis for our right to process data. In these cases, we will inform you about this possibility and give you the opportunity to grant us your consent.
In these cases, we will inform you about the purpose of data processing and about your right to withdraw your consent.

Legitimate interest
We also might process data based on a legitimate interest on our part. In this case, we are obligated to inform you about our interest and weigh our interests against your own. This applies to the following processes:

Time limits for storage and deletion
We only store the personal data we need to fulfill the purpose for which they are collected. The time limit for storage is based on statutory requirements and the duration of our contractual relationship.
Once the data is no longer in use, we will anonymize and/or delete it as required by law.
If you request that your data be deleted, please note that we will block your data immediately; however, technical restraints may cause a delay of up to 30 days until we can permanently delete your data.
Please also note that once we confirm your request to delete your data, it will no longer be possible to recover it.

How do we use cookies, analysis and tracking tools, and social media logins?

If you use one of our websites or services, your browser will download cookies. Cookies make it possible to identify your browser, for example, to ensure that our website is displayed correctly. We also use cookies on different pages of our website to analyze how you use our website. This information can then be used to optimize the site, for example: the shopping cart features for orders placed in our online shop.
In addition to our own systems, we also use tools from other providers (listed below) for marketing purposes to improve your user experience and make our products/services easier to use.

Analysis Tools

Google Analytics
We use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies that allow us to analyze how you use our website. The data on how you use our website is, as a rule, processed on European servers in compliance with the GDPR. Google might transfer data to a server in the USA and store it there. Before such a transfer, however, Google will truncate and anonymize your IP address if it originates from a member state of the European Union or of the European Economic Area (anonymizeIP procedure by Google). Only in exceptional cases will an IP address be transferred and stored on a server in the USA without being truncated first. Anonymization ensures that your IP address cannot be traced back to you. Google uses this data to evaluate how you use the website, to create reports on website activities for Silverdust, and to provide other services related to the use of the website and the Internet. If necessary, Google may transfer data to third parties if required by law or if third parties process said data on behalf of Google. Google will not link your IP address to other data collected and stored by Google.
You can prevent Google from collecting and processing data generated by cookies and data related to how you use the website (incl. your IP address) by downloading and installing the plug-in provided by Google for this purpose.

Who do we transfer personal data to?

We do no transfer your personal data to third parties for any reason other than those listed below.
We only transfer your personal data to third parties if:
• You have given us your express consent to process your personal data
• It is legally permissible and necessary to fulfill our contract with you
• A legal obligation makes it necessary for us to transfer data to a third party
• The transfer of data is based on a special interest and there is no reason to assume that you have a greater legitimate interest in your data not being disclosed
We transfer data to the following recipients or categories of recipients on the aforementioned grounds:
• Employees (internal and external)
• IT infrastructure service providers
• Payment processing providers
• Service providers offering support
• Software service providers
• Providers of analysis tools
• Other service providers
• Public authorities

Why do we work with international partners?

We use a global IT infrastructure network to provide our services, e.g. computers, cloud-based servers, networks, and software solutions.
These partners are based in different countries, some of them outside the European Union. Not all of these countries have established laws to protect data to the extent the European Union has. Therefore, we have taken a series of measures in accordance with the GDPR to ensure the greatest possible degree of protection for your personal data. These include:
• Collaborating with companies in a country that has the approval of the European Union obtained through an adequacy decision
• Collaborating with companies in accordance with the EU-US Privacy Shield
• Collaborating with companies based on EU standard contractual clauses
• Collaborating with companies on the basis of agreed guarantees
We insist that our partners guarantee the certainty of these measures within the context of the statutory requirements.
Furthermore, in special cases it is possible to transfer data with your express consent.

Which data privacy settings can you change?

When using our products, you have several different selection and configuration options. We will usually explain these options to you when you first use them or register a new account. By changing the settings, some services may no longer function properly.

How can you withdraw your consent?

If you gave us your consent to process your personal data in a certain way, e.g. to subscribe to a newsletter or receive third-party offers, you have the right to withdraw your consent – fully or partially – at any time. Please contact us to do so.

Should the data be processed after considering the legitimate interests as described in Art. 6 (1) lit f GDPR, you also have the right to object to your data being processed as long as there are reasons to do so based on your special circumstances or if they are processed for direct marketing purposes.
In the case of direct marketing, you have a general right to object without being required to provide details on special circumstances. Please inform us in writing if you object to us processing your personal data.

What are your rights?

Unless restricted by law, you have the following rights:
The right to information, rectification, erasure, restriction of processing, data portability, and the right to object.
Please note that we, as required by law, reserve the right to ask for identification and, if necessary, take additional measures to unambiguously verify your identity.

Right to information:
Contact us if you wish to obtain information about the personal data we have stored.

Right to rectification:
If the information we have stored is not correct, please provide us with your correct information in writing.

Right to erasure:
If you would like us to erase your data, we will do so in accordance with the statutory regulations.
However, please note that statutory regulations require us to store certain types of data for an extended period of time, e.g. during the retention period for accounting documentation of 10 years (German Fiscal Code) or on the grounds of warranty (3 years).
Furthermore, please note that we will block your data immediately. However, due to technical limitations, it can take up to 30 days for your data to be deleted permanently.
Please also note that once we confirm your request to delete your data, it will no longer be possible to recover it.

Right to restriction of processing:
You have the right to restrict how and to what extent your data is processed. Please inform us about the categories of data you consider relevant and the reasons for restricting their processing. We will review the facts immediately and inform you about the results.

Right to data portability:
Please inform us in writing about which data you wish to have transferred and to whom. We will review your request immediately and inform you about the results.

Right to lodge a complaint:
If you are not satisfied with how we protect your data, you have the right to lodge a complaint with the supervisory authority responsible for data protection in your country. For example, for Silverdust GmbH, this would be the Commissioner for Data Protection and Freedom of Information of Baden-Württemberg, whom you can contact by writing to:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Postfach 10 29 32, 70025 Stuttgart, Germany (PO box)
Königstrasse 10a, 70173 Stuttgart, Germany
.

How do we protect your personal data?

Silverdust has taken measures in line with the data protection laws that correspond to the latest codes of practice in the industry to protect your personal data. We review and, if necessary, adjust these measures on an ongoing basis. Our goal is to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized access by third parties.
We encrypt our communication with SSL (Secure Socket Layer) to transfer data between our websites, apps and back-end systems.
We protect the systems and processes with a variety of technical and organizational measures. These include, among others: data encryption, pseudonymization, anonymization, logical and physical access restriction and control, firewall and recovery systems, integrity tests.

Our employees undergo regular training on how to handle personal data sensitively and must observe data privacy as required by law.

How can minors use our services?

Minors may not use and install our products and services.

What other information should you know?

Changes to the current privacy policy.
This data privacy policy is reviewed at irregular intervals to keep it up to date with the current developments in our company, our products and services, statutory regulations, and social developments.

Last updated: May 25, 2018