Logo der Bayreuther Festspiele

Information Duties

acc. to Art. 13 GDPR

The protection of your personal data is a matter of particular concern to us. We therefore process your personal data (hereinafter referred to as “data”) exclusively on the basis of the applicable legal provisions. With this Privacy Policy, we would like to inform you comprehensively, in accordance with Article 13 of the European General Data Protection Regulation (EU GDPR), about the processing of your data within our company and about your data protection rights and claims.

1. Who is responsible for data processing and who can you contact?

The controller responsible for data processing is:

The company’s Data Protection Officer is:
Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
Email: c.volkmer@projekt29.de
Tel.: +49 941 2986930

2. Which data are processed and from which sources do these data originate?

We process data that we have received from you in the context of initiating or fulfilling contracts, on the basis of your consent, or in connection with your application to us or your employment with us.

Personal data include:

Customer data, such as first and last name, address, contact details (email address, telephone number, fax), and bank details.

Applicant and employee data, such as first and last name, address, contact details (email address, telephone number, fax), date of birth, data from CVs and employment references, bank details, and religious affiliation.

Business partner data, such as the names of their legal representatives, company name, commercial register number, VAT identification number, company registration number, address, contact persons’ details (email address, telephone number, fax), and bank details.

In addition, we also process the following other personal data:

  • Information on the type and content of contractual data, order data, turnover and invoice data, customer and supplier history, and consultation documents;
  • Advertising and sales data;
  • Information from your electronic communications with us (e.g. IP address, login data);
  • Other data that we receive from you in the course of our business relationship (e.g. during customer meetings);
  • Data generated by us from master/contact data and other data, such as customer needs and customer potential analyses;
  • Documentation of your consent declarations, for example for receiving newsletters.

3. For which purposes and on what legal basis are the data processed?

We process your data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (Bundesdatenschutzgesetz) 2018 as amended:

  • For the performance of (pre-)contractual obligations (Art. 6(1)(b) GDPR):
    Your data are processed for the execution of contracts online or in one of our branches, as well as for the execution of your employment relationship with our company. Data are processed in particular during contract initiation and contract performance.
  • For compliance with legal obligations (Art. 6(1)(c) GDPR):
    Processing is required in order to comply with various legal obligations, for example under the German Commercial Code or tax regulations.
  • For the purposes of legitimate interests (Art. 6(1)(f) GDPR):
    Based on a balancing of interests, data processing may take place beyond the actual performance of the contract in order to safeguard our legitimate interests or those of third parties. This includes, for example:

    • Advertising or marketing (see section 4);
    • Measures for business management and the further development of services and products;
    • Maintaining a group-wide customer database to improve customer service;
    • Legal enforcement.
  • On the basis of your consent (Art. 6(1)(a) GDPR):
    If you have given us your consent to process your data, for example for sending our newsletter.

4. Processing of personal data for advertising purposes

You may object to the use of your personal data for advertising purposes at any time, either in general or for individual measures, without incurring any costs other than the transmission costs according to the basic tariffs.

Under the legal requirements of Section 7(3) of the German Act Against Unfair Competition (UWG), we are entitled to use the email address you provided when concluding the contract for direct advertising of our own similar goods or services. You will receive these product recommendations regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations by email, you may object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic tariffs. Notification in text form is sufficient. Naturally, every email also contains an unsubscribe link.

5. Who receives my data?

If we use service providers as processors, we remain responsible for the protection of your data. All processors are contractually obliged to treat your data confidentially and to process them only within the scope of their services. Processors commissioned by us receive your data only insofar as this is necessary for the performance of their services. These include, for example, IT service providers for the operation and security of our IT systems, as well as advertising and address publishers for our own advertising campaigns.

Your data are processed in our customer database. This database supports the improvement of data quality (duplicate elimination, moved/deceased indicators, address correction) and allows enrichment with data from public sources.

Where necessary for contract performance, these data are made available to group companies. Customer data are stored on a company-specific and segregated basis, with our parent company acting as a service provider for the participating companies.

In the event of a legal obligation or in the context of legal enforcement, authorities, courts, and external auditors may be recipients of your data.

In addition, for the purpose of initiating and fulfilling contracts, insurance companies, banks, credit agencies, and service providers may receive your data.

6. How long will my data be stored?

We process your data until the termination of the business relationship or until the expiry of the applicable statutory retention periods (e.g. under the Commercial Code, tax regulations, Care Homes Act, or Working Hours Act), and beyond that until the conclusion of any legal disputes in which the data are required as evidence.

7. Are personal data transferred to a third country?

As a rule, we do not transfer data to third countries. In individual cases, data are transferred only on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate safeguards, or your explicit consent.

8. What data protection rights do I have?

You have the right at any time to access, rectification, erasure, or restriction of processing of your stored data, the right to object to processing, the right to data portability, and the right to lodge a complaint, subject to the requirements of data protection law.

Right of access:
You may request information about whether and to what extent we process your data.

Right to rectification:
If we process incomplete or inaccurate data, you may request rectification or completion at any time.

Right to erasure:
You may request the deletion of your data if we process them unlawfully or if processing disproportionately interferes with your legitimate interests. Please note that statutory retention obligations may prevent immediate deletion. Regardless of the exercise of your right to erasure, we will delete your data immediately and completely unless contractual or legal retention obligations apply.

Right to restriction of processing:
You may request restriction of processing if:

  • You contest the accuracy of the data, for the period necessary to verify accuracy;
  • The processing is unlawful and you oppose erasure and request restriction instead;
  • We no longer need the data for the intended purpose, but you require them for the establishment, exercise, or defense of legal claims;
  • You have objected to the processing.

Right to data portability:
You may request that we provide you with the data you have provided to us in a structured, commonly used, and machine-readable format, or that we transfer them directly to another controller, provided that:

  • Processing is based on your consent or a contract; and
  • Processing is carried out by automated means.

Right to object:
If we process your data on the basis of legitimate interests, you may object to such processing at any time, including profiling. We will then no longer process your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or processing serves the establishment, exercise, or defense of legal claims. You may object to processing for direct marketing purposes at any time without giving reasons.

Right to lodge a complaint:
If you believe that we are violating German or European data protection law, you may contact us to clarify the matter. You also have the right to lodge a complaint with the competent supervisory authority.

To exercise any of the above rights, please contact our Data Protection Officer. In case of doubt, we may request additional information to verify your identity.

9. Am I obliged to provide data?

The processing of your data is necessary for the conclusion and performance of the contract entered into with us. If you do not provide these data, we will generally be unable to conclude the contract or continue an existing contract and may have to terminate it. However, you are not obliged to give consent for the processing of data that are not relevant to contract performance or not legally required.