THE THUNDERBIRDS
CELEBRATING THE ROCK HISTORY FROM THE 50s TO THE 70s
Von den mitreißenden Rock`n`Roll-Songs der 50`er (Chuck Berry, Jerry Lee Lewis,…) über die Oldies der 60`er und 70`er bis zum Lebensgefühl der Songs aus der Fernseh-Kultserie „Irgendwie und Sowieso“ fehlt nichts im Programm der Thunderbirds.
Gestützt auf eine enorme Live-Erfahrung, ein nahezu unerschöpfliches Repertoire sowie ihre Spontanität, bringt die Band jeden Saal zum Kochen.
Ihre internationale Künstleragentur im "Kammermusikalischen", "Literarisch-Musikalischen" und "World-Music" Bereich
Merkle Kulturkonzepte - info@kulturkonzepte-merkle.de - +49 (0) 8374 / 586 606
Privacy (GDPR)
Merkle Kulturkonzepte
As of: March 2020
Table of Content:
1 Responsibility
2 General Information
3 Use of the Website
3.1 Videos and Press Area
3.2 Facebook
3.3 Contact and Booking Form
3.4 Cookies and Scripts
4 Newsletter & Emails
5 Legal Bases
6 Right to Access / Rights of the Data Subject
6.1 Right to Access
6.2 Right to Rectification
6.3 Restriction of Data Processing
6.4 Right to Deletion
6.4.1 Obligation to Delete
6.4.2 Information to Third Parties
6.4.3 Exceptions
6.5 Right to Notification
6.6 Right to Data Portability
6.7 Right to Object
6.8 Right to Withdraw the Data Protection Consent Statement
6.9 Automated Decision-making in Individual Cases
6.10 Right to Lodge a Complaint with a Supervisory Authority
7 Data Sharing with Third Parties
8 Deletion of Data
9 IT Security
1 Responsibility
The party responsible in terms of the General Data Protection Regulation (GDPR) and other national data protection laws of the EU member states, as well as other data protection regulations, is:
merkle kulturkonzepte
Angelika Merkle
Unterer-Vornerweg 3
D-87463 Dietmannsried
Germany
Tel.: ++49 (0) 8374 - 586 606
Fax: ++49 (0) 8374 - 586 605
info@kulturkonzepte-merkle.de
(see also imprint).
Our business consists of only 2 people (Gerold and Angelika Merkle), who have access to the data we store and process. We are not legally required to appoint a data protection officer under Article 37 of the GDPR. As far as we use third-party services, particularly IT specialists, in the course of our activities, we have concluded an appropriate data processing agreement with them under Article 28 GDPR.
2 General Information
As with any online service, the use of kulturkonzepte-merkle.de generates data that, especially since the GDPR came into force on 25 May 2018, are subject to special data protection regulations as personal data. This was also the case before the introduction of the regulation by the EU, but the new GDPR brings some changes and extensions of protection compared to the previously applicable national regulations of the BDSG.
In addition to obviously personal data such as name, address, email address, bank account numbers, religious and philosophical beliefs, preferences, and origin data, for example, the IP address of a website visitor is generally considered personal data and is protected accordingly.
Our business is based on trust, so it has always been our policy, even before the introduction of the GDPR, to handle all entrusted data with the utmost care. However, for our online service, we rely on third-party services, especially hosting providers.
The extent of data generated and how it is processed mainly depends on how you use our services.
3 Use of the Website
Each time the website is accessed, its IP address is processed by the web server for the duration of the visit. This is necessary, otherwise, no connection could be established to the site.
To provide our website, we use the services of the external provider "Wix.com Ltd" (host). Wix.com also provides the servers for our site. According to their own statements, Wix.com does not collect usage data from website visitors unless the customer (us) explicitly requests it, such as for statistical purposes. It should be mentioned that we do not keep any statistics on the use of this website, so no data is collected during a simple visit that would allow us to assign it to an individual person. However, regarding the actual collection and storage of data (e.g., for security purposes or error tracking) by our host, we have to rely on their statements. Those interested can read these at https://de.wix.com/about/privacy. Since Wix.com Ltd. is based outside the EU, it is likely that data collected by Wix.com is processed outside the EU. We do not know the specific server locations.
In addition, access to our site is always SSL-encrypted by default.
3.1 Videos and Press Area
Our business thrives on artistic staging. What better way to realize this than through audiovisual presentation? For this reason, you will find various videos on our site that you can watch directly here. We rely on external service providers for this, as Wix.com does not offer this service themselves, specifically "YouTube". Therefore, when you play a video on our site, you automatically access YouTube's servers due to technical reasons. If the embedded videos on our site have been uploaded to our own YouTube channel, we naturally try to minimize the data generated during the request (e.g., by regularly disabling usage statistics). However, if the videos come from other channels (e.g., channels operated by the artists themselves), we have no control over this. YouTube itself is a U.S.-based company, so data processing may occur outside the EU. We refer to YouTube's privacy policy at https://policies.google.com/privacy.
To provide high-resolution images for press purposes, we also rely on Amazon's cloud service. So when you click on one of the images in the press area, you are automatically redirected to the corresponding release on the Amazon cloud. Since a necessary data exchange with Amazon's server takes place here due to technical reasons, we cannot guarantee that Amazon does not process data outside the EU, even though Amazon's European subsidiary is based within the EU. We also refer to Amazon's privacy policy at https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=201909010 and the EU Privacy Shield declaration at https://www.amazon.com/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=202135380.
3.2 Facebook
Of course, we are also present on Facebook. The button in the upper section of the page is a direct link to our Facebook page. By using this, you leave our website and use Facebook's services. We refer to Facebook's privacy policy at https://www.facebook.com/privacy/explanation. Furthermore, no automatic data is sent to Facebook when using our website.
3.3 Contact and Booking Form
If you use our contact or booking form, you are directly contacting us. In doing so, you are consciously and voluntarily providing us with your (personal) data according to the form fields:
- Name/Company Name (Contact Form, Booking Form)
- Email address (Contact Form, Booking Form)
- Artist and fee (Booking Form)
- Date and location of the event (Booking Form)
- File number with the Artists' Social Security Fund (Booking Form)
- Name and address of the event venue, as well as capacity (Booking Form)
- Contact person with phone number (Booking Form)
- Hotel with address, phone number, email address, and distance to the venue (Booking Form)
In addition, the following data is automatically stored by Wix.com (as mentioned above):
- The IP address of the person making the inquiry
- The country from which the inquiry originates
- Browser usage data (browser with version)
- Date and time
When submitting the message, an automated email is sent to our email address "info@kulturkonzepte-merkle.de" through our mail and domain hoster HostEurope. HostEurope exclusively uses server locations within Europe, so data is only processed within the EU. An automated confirmation email is not sent.
Data stored on Wix.com's servers via the contact/booking form is deleted by us monthly.
3.4 Cookies and Scripts
Our site also uses so-called cookies. Cookies are small text files that are stored on your computer and saved by your browser. They do not harm your computer and do not contain malicious software. They are only used to make our service more user-friendly, efficient, and secure (e.g., to improve page load speeds on repeated visits). Most of the cookies we use are "session cookies". These are automatically deleted after your visit. Other cookies remain on your device until you delete them. These cookies allow us to recognize your browser on your next visit.
You can set your browser to be informed about cookies being set and to allow cookies only on a case-by-case basis, exclude the acceptance of cookies for certain cases, or generally, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may restrict the functionality of this website.
In addition to cookies, scripts (JavaScript) are also used on our website. These are required for the proper display and functioning of the website, but can also be used for statistical purposes (e.g., tracking). As already noted, we do not collect any statistical data about the use of our website, but we have no control over the use of these scripts, particularly because they are automatically used by the host when creating the website. These include static.parastorage.com, frog.wix.com, wixstatic.com, gstatic.com.
4 Newsletter & Emails
We use free newsletters to inform about new programs or special offers. However, these are only sent to those who have explicitly consented, for example, by providing a contact address for such purposes or by requesting to receive communications from us.
We do not use an automated dispatch system. Our newsletter is usually sent manually via Outlook once a week. Anyone who no longer wishes to receive the newsletter can unsubscribe at any time by clicking the link provided in the newsletter.
To sign up for the newsletter, you can send an email to info@kulturkonzepte-merkle.de or use the contact form. If the sign-up is through our contact form, we ensure that the email address is not misused by third parties. Therefore, we send a confirmation message to the provided address, asking for another confirmation. This does not apply if you send us a message from the account that will be used to receive the newsletter.
Emails sent to our email addresses ...@kulturkonzepte-merkle.de are processed through our mail and domain hoster HostEurope. HostEurope is a German provider that exclusively uses server locations within Europe (currently Strasbourg and Cologne), so data is processed only within the EU.
If we receive an email from you, we store this data, particularly if it serves to fulfill a contract. Irrelevant emails are immediately deleted. If the emails contain legally relevant content, we store them for proof purposes according to legal limitation periods (e.g., warranty or guarantee claims, tax-relevant content, etc.). In case of legal retention obligations, deletion will only occur after the respective retention period has expired.
Emails sent through our contact form or through our provider HostEurope are SSL/TLS encrypted. Unencrypted emails sent over the internet are not adequately protected from unauthorized access by third parties. Therefore, when sending us a message from your own account, make sure your provider allows encrypted email sending/receiving.
5 Legal Bases
The images and videos on our website are used with the explicit consent of the authors and the individuals depicted as part of fulfilling our contractual obligations (Art. 6(1)(b) GDPR).
In addition, we only store and process personal data where we have obtained the explicit prior consent from the data subject according to Art. 6(1)(a) GDPR or if this is necessary for the performance of a contract (Art. 6(1)(b) GDPR) or to comply with legal obligations under EU or national law (Art. 6(1)(c) and (e), Art. 3 GDPR).
Data that is temporarily stored (e.g., usage data to ensure the website functions properly) is processed based on Art. 6(1)(f) GDPR.
Further information on data deletion can be found below under points (6) and (8).
6 Right to Access / Rights of the Data Subject
Although many of the following rights may not be highly relevant to our data processing, we want to provide comprehensive information about the rights of data subjects.
6.1 Right to Access
Every data subject has the right to access the personal data concerning them. You may contact us at any time for this information. However, we must ensure that the request comes from the data subject.
If we process personal data concerning you, you have the right to request information about the following:
- The purposes for which personal data is processed
- The categories of personal data being processed
- The recipients or categories of recipients to whom your personal data has been or will be disclosed
- The planned duration of storage of your personal data or, if specific details are not possible, the criteria for determining the storage period
- The existence of the right to rectification or deletion of your personal data, the right to restrict processing by us, or the right to object to such processing
- The existence of the right to lodge a complaint with a supervisory authority
- All available information about the source of the data if the personal data was not collected from the data subject
- The existence of automated decision-making, including profiling according to Art. 22(1) and (4) GDPR, and – at least in such cases – meaningful information about the involved logic, as well as the significance and intended consequences of such processing for the data subject
- You have the right to request information about whether your personal data will be transferred to a third country or an international organization. In this context, you may request information about the appropriate safeguards according to Art. 46 GDPR in relation to the transfer.
6.2 Right to Rectification
You have the right to rectification and/or completion of your personal data if it is inaccurate or incomplete. We will make the necessary corrections immediately.
6.3 Restriction of Data Processing
Under the following conditions, you may request the restriction of processing your personal data:
- If you dispute the accuracy of your personal data for a period that allows us to verify the accuracy of the personal data
- The processing is unlawful, and you object to the deletion of the personal data, requesting instead the restriction of its use
- We no longer need the personal data for processing purposes, but you need it to assert, exercise, or defend legal claims
- If you have lodged an objection to processing according to Art. 21(1) GDPR and it is not yet clear whether our legitimate reasons override your reasons.
Once the processing of your personal data is restricted, these data may only be processed with your consent or to assert, exercise, or defend legal claims, to protect the rights of another natural or legal person, or for reasons of significant public interest of the EU or a member state.
If processing restrictions are imposed under the conditions mentioned above, you will be notified before the restriction is lifted.
6.4 Right to Erasure
6.4.1 Obligation to Erase
You may request the immediate erasure of your personal data, and we are obligated to erase such data immediately, provided that one of the following reasons applies:
- The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
- You withdraw your consent on which the processing was based according to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for processing.
- You object to the processing under Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing under Article 21(2) of the GDPR.
- The personal data concerning you has been processed unlawfully.
- The erasure of personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Federal Republic of Germany.
- The personal data concerning you was collected in relation to offered information society services under Article 8(1) of the GDPR.
6.4.2 Information to Third Parties
If we have made personal data concerning you public and are obligated to erase it according to Article 17(1) of the GDPR, we will take appropriate measures, considering available technology and implementation costs, including technical measures, to inform third parties or data processors that you, as the data subject, have requested the erasure of all links to these personal data or copies or replications of these personal data.
6.4.3 Exceptions
The right to erasure does not apply if the processing is necessary for:
- The exercise of the right to freedom of expression and information.
- Compliance with a legal obligation that requires processing under Union law or the law of the Federal Republic of Germany, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
- Reasons of public interest in the area of public health according to Article 9(2)(h) and (i) and Article 9(3) of the GDPR.
- Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes under Article 89(1) of the GDPR, provided that the right mentioned in section (a) is likely to prevent or seriously impair the achievement of the objectives of that processing.
- The establishment, exercise, or defense of legal claims.
6.5 Right to Information
If you have asserted the right to rectification, erasure, or restriction of processing, we are obliged to inform all recipients to whom your personal data has been disclosed about this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort.
You have the right to be informed about these recipients.
6.6 Right to Data Portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that:
- The processing is based on consent under Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, or on a contract under Article 6(1)(b) of the GDPR, and
- The processing is carried out by automated means.
In exercising this right, you also have the right to request that your personal data be transmitted directly from us to another controller, where technically feasible. The rights and freedoms of other persons must not be impaired by this.
The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
6.7 Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(e) or (f) of the GDPR.
We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
You have the option, in connection with the use of information society services, to exercise your right to object by automated means, using technical specifications.
6.8 Right to Withdraw Consent
You have the right to withdraw your data protection consent at any time.
The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
6.9 Automated Individual Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
- Is necessary for the conclusion or performance of a contract between you and us.
- Is authorized by Union or Member State law, which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests.
- Is based on your explicit consent.
However, such decisions must not be based on special categories of personal data under Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies, and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In cases of contract performance and consent, we take suitable measures to protect your rights and freedoms, including at least the right to obtain human intervention, express your point of view, and contest the decision.
6.10 Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.
The supervisory authority with which the complaint is lodged will inform the complainant about the progress and outcomes of the complaint, including the possibility of judicial remedy under Article 78 of the GDPR.
An overview of the supervisory authorities and data protection officers can be found at:
https://www.datenschutz-wiki.de/Aufsichtsbehörden_und_Landesdatenschutzbeauftragte (this is for informational purposes only; we do not accept responsibility for the completeness, correctness, or currency of the content).
7 Data Transfer to Third Parties
In principle, we do not transfer any personal data to third parties unless it is necessary to fulfill the contract. In this case, however, we will not do so without first obtaining the consent of the affected person!
We never share personal data with third parties for advertising purposes!
If processors (mainly IT specialists) have access to personal data in the course of their service, this will only be done on the basis of a corresponding data processing agreement according to Article 28 of the GDPR. We do not permit the processor to use the data for their own purposes.
8 Data Deletion
In addition to the right to erasure mentioned in section 6.4, we point out that we automatically delete personal data when there is no need for further storage. A need for storage may exist, especially if the data is still required to fulfill contractual services, check and enforce warranty and possibly guarantee claims, or defend against them. In the case of legal retention obligations, deletion will only occur after the retention period has expired.
In this context, we perform a review at least every 12 months to filter out and delete obsolete data.
9 IT Security
All data we store, manage, or process in our office is either in paper form or stored on our only office computer. We use password-protected access and the latest security software. All personal data is stored in encrypted databases or directories to which only the individuals listed under section 1 have access. We also make encrypted backups weekly, which helps with data breach investigation and damage determination. In case of a data breach (e.g., hacker attack, burglary), we report this immediately after we become aware of it, and if possible, within 72 hours to the relevant supervisory authority and affected persons. If a data breach occurs with a processor, the processor is not required under Article 33(2) of the GDPR to report directly to the supervisory authorities, but only to us. This must be done without delay and will be forwarded by us.