Privacy Policy
Privacy policy in accordance with Art. 13, 14 GDPR – Fulfilment of information obligations
Thank you for visiting our Oeticket Business website!
Our privacy policy gives you an insight into data processing when using the Oeticket Business website. The legal basis for this processing is the General Data Protection Regulation (hereinafter "GDPR") and the Austrian Data Protection Act ("DSG").
Further information on data processing at the controller's company can be found here: https://www.oeticket.com/en/help/data-protection/.
1. Data processing in general
1.1 Controller
2. Data Controller
In accordance with Article 4 para. of the EU General Data Protection Regulation (GDPR), the designated data controller is
CTS Eventim Austria GmbH
Mariahilfer Straße 41-43
A-1060 Vienna
Tel: +43 1 589540
Fax: +43 1 5852323
Email: datenschutz@eventim.at
The company has appointed a data protection officer. You can reach him at datenschutz@oeticket.com.
2.1. Data processing in accordance with Art. 13 GDPR
We process data that is provided to us by various individuals through their own disclosures, for example when concluding contracts.
2.2. Data processing in accordance with Art. 14 GDPR
In addition, we process personal data that has not been provided directly by the data subject. This may occur, for example, when managing directors provide us with the names and contact details of their employees in the context of project collaboration or a business relationship.
2.3. Data subjects & data categories
We process the following data from interested parties: Name of contact person, telephone number, e-mail, company name and type of organisation.
The following data is processed from business customers (companies, event organisers, artists, etc.): Company, name of contact persons, professional address and contact data, bank details and contract data.
We process and publish the names of authors in connection with the works (photos or videos) that they have created. This personal data is deleted automatically as soon as the use of the image data is discontinued.
2.4. Legal basis – general
The legal basis for data processing is
- Consent in accordance with Art. 6 para. 1 lit. a GDPR (e.g. when processing your e-mail address for advertising purposes).
- the initiation and fulfilment of the contract pursuant to Art. 6 para. 1 lit. b GDPR.
- legal obligations pursuant to Art. 6 para. 1 lit. c GDPR (e.g. statutory retention and documentation obligations, publication obligations under copyright law).
- legitimate interests of our company pursuant to Art. 6 para. 1 lit. f GDPR (e.g. use of software).
We will inform you separately about the legal basis and purpose of the processing for each of the data processing operations described below.
2.5. Forwarding of data
The disclosure of your personal data is carried out for the purpose of contract performance in accordance with Art. 6 para. 1 lit. b GDPR, in order to provide our services to you.
- Transfer within the group: The personal data we collect may be shared, where necessary, within our corporate group, including with parent and subsidiary companies. This is because various entities provide services for us, such as IT support. The data transfer is based on internal contractual agreements.
- Transfer to clients or joint controllers: When we act on behalf of third parties or as a joint controller (e.g., in the context of partner websites, events, or webshops), we may share personal data with those parties. The transfer is based on contractual agreements with our business partners.
- Transfer to processors: We work with data processors to efficiently deliver our services. This includes companies handling contract fulfilment, payments, account management, newsletter distribution, and IT services.
- Other transfers: We reserve the right to disclose personal data to authorities or legal representatives if legally required or necessary in the context of legal proceedings.
2.6. Storage/deletion of data
- Contractual retention obligations: We will delete or anonymise your data after the expiry of contractually agreed periods.
- Withdrawal of consent: If you withdraw your consent to the processing of your personal data, we will delete or anonymise your data unless there is another legal basis for the processing.
- Statutory retention obligations: In order to comply with statutory retention periods (e.g. on the basis of tax laws or accounting regulations), we are obliged to continue to store personal data for a period specified by law even after the end of the contract or revocation of consent. After these periods have expired, we will delete or anonymise your data.
The following EU regulations and national laws must be observed by the data controller (list not necessarily complete):
- Federal Fiscal Code (BAO)
- Commercial Code (UGB)
- Trade Regulation Act (GewO)
- General Civil Code (ABGB)
- Value Added Tax Act (UStG)
- Whistleblower Protection Act (HSchG)
- Network and Information Systems Security Act (NISG)
- Data Protection Act (DSG)
- General Data Protection Regulation (GDPR)
3. Data processing on our website
3.1. Contact us via our contact form
You have the option of contacting us using the contact form. The following data must be provided: Name, telephone number and e-mail address. You can voluntarily enter your company and website here. If you contact us via the contact form, we will store the data you provide in order to respond to your enquiry. Once processing has been completed, we delete the data or restrict its processing in accordance with applicable statutory retention obligations.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)
3.2. Registration Partner Login/Connect ID
You have the option of registering on our website as a partner in our partner login. For this we require login data consisting of your user name and password. After logging in, you will receive an overview of the events that your customers have purchased via your affiliate ID in the selected period. You can find detailed information in the list. The relevant figures are summarised for you.
Further information on data processing in connection with your partner login/Connect ID can be found here: [Link DSE Connect ID]
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)
3.3. Deeplink Generator
As part of our offers, we provide our affiliate partners with a deep link generator to create deep links. These links make it possible to redirect visitors to specific product pages. When using our deeplink generator, an affiliate ID, a unique identifier, is used. The affiliate ID is collected and used to track referrals. This enables us to correctly allocate sales and other actions generated via our users' affiliate links and to calculate the corresponding commissions. It also helps us to optimise our offers by analysing the effectiveness of our users' marketing strategies and continuously improve our services.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)
4. Data processing when visiting our website
4.1. Informational use of the website
When using the website for information purposes only, we only collect the personal data that your browser transmits to our server (server log files). If you wish to view our website, we collect at most the data that is technically necessary for us to display our website to you and to ensure stability and security:
- IP address
- Date and time of the enquiry
- Time zone difference to Coordinated Universal Time (UTC)
- Content of the request (specific page)
- Access status/HTTP status code
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software.
This data is not merged with personal data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use and to pass the data on to the law enforcement authorities.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)
4.2. Cookies
Cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the organisation that sets the cookie (in this case, us or a third-party provider). Cookies cannot execute programmes or transmit viruses to your computer.
The cookie allows you to be recognised when you visit the website without having to re-enter data that you have already entered.
The information contained in the cookies is used, for example, to determine whether you are logged in or what data you have already entered, or to recognise you as a user when a connection is established between our web server and your browser.
We distinguish between technical cookies that are used exclusively to ensure the operation of a website and other cookies that are set by us or third-party providers for the purpose of statistical analyses, tracking or advertising/marketing.
Legal basis: Art. 6 para. 1 lit. f GDPR (for technical cookies), Art. 6 para. 1 lit. a GDPR (for all other cookies)
5. consentmanager
In order to obtain consent for the use of cookies and services requiring consent on our website in accordance with data protection regulations, we use the consentmanager CMP tool from consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden.
The consent management tool records and stores the selection of cookies and consent-based services of the respective user of our website. With the express consent of the website visitor, it is ensured that statistical and marketing cookies and consent-based services are only set after consent has been given.
The tool collects, logs and stores the settings of the website visitor. In order to ensure that the selected settings can be clearly assigned to the respective website visitor, certain user information (including the IP address) is collected, transmitted and stored by the consent tool.
Further information can be found in the privacy policy of consentmanager AB at https://www.consentmanager.net/en/privacy/
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)
6. Amazon CloudFront CDN (AWS)
Amazon CloudFront is a content delivery network (CDN) operated by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg.
The CDN service allows website content such as web videos or other large media files to be delivered quickly and securely. Proxy servers store the files locally, thereby improving access speed during download. Using the Amazon CloudFront CDN helps us to optimise the loading speed of our website.
The CDN service processes the IP address of the website visitor. The IP address is automatically deleted from CloudFront's logs.
Further information can be found in the Amazon Web Services privacy policy at https://aws.amazon.com/privacy/?nc1=f_pr.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)
7. Cloudflare
Our website uses Content Delivery Network (CDN) provided by Cloudflare, Inc., 101 Townsend Street, San Francisco, 94107 California, USA. The CDN service allows website content such as web videos or other large media files to be delivered quickly and securely. To do this, proxy servers store the files locally, thereby improving access speed during download. Using the Cloudflare CDN helps us to optimise the loading speed of our website.
The CDN service processes the IP address of the website visitor. The IP address is automatically deleted from Cloudflare's logs.
Further information can be found in Cloudflare's privacy policy at https://www.cloudflare.com/security-policy.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)
8. Elfsight
To improve the user experience and display dynamic content (e.g. social media feeds, customer reviews or interactive forms), we use selected web widgets from the third-party provider Elfsight, LLC, Paronyana Street 19/3, 0015 Yerevan, Armenia ( ). This content is integrated via external servers and delivered technically via script. This may result in the transmission of IP addresses and browser information to Elfsight.
Further information can be found in Elfsight's privacy policy at https://elfsight.com/privacy-policy/.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent)
9. Google Tag Manager
We use Google Tag Manager on our website, a service provided by Google Ireland Limited ("Google"), a company registered and operating under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager enables us to integrate and manage website tags such as tracking codes or conversion pixels. It collects data on the website and forwards it to associated analysis tools, which store and evaluate this data. Although Google Tag Manager collects data (e.g. IP address), it does not store this data and has no access to it. It merely acts as an interface between the website and the analysis software.
For more detailed information, please visit: https://www.google.com/intl/de/tagmanager/faq.html.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent)
10. JsDelivr
We use the jsDelivr CDN on our website to ensure fast loading speeds. This is an open source service provided by the Polish software company ProspectOne, Królewska 65A/1, 30-081, Kraków, Poland.
The CDN service allows website content such as web videos or other large media files to be delivered quickly and securely. To do this, proxy servers store the files locally, thereby improving access speed during download. Using the JsDelivr CDN helps us to optimise the loading speed of our website.
The CDN service processes the IP address of the website visitor. The IP address is automatically deleted from JsDelivr's logs.
Further information can be found in the English privacy policy of jsdelivr at https://www.jsdelivr.com/terms.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)
11. unpkg
Our website uses the Content Delivery Network (CDN) service "unpkg.com" to deliver certain JavaScript libraries and front-end components. This is an open-source project provided by a third-party provider (Michael Jackson, USA) that allows files to be integrated directly from the public npm repository into our website.
When the relevant pages are accessed, a connection to the CDN provider's servers (usually via Cloudflare, based in the USA) is established automatically. Unpkg is used for technical optimisation and faster delivery of web content.
Further information on the project can be found at https://unpkg.com
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)
12. Videoask
We use the VideoAsk service on our website, a product of Typeform S.L., Carrer Bac de Roda 163, 08018 Barcelona, Spain. VideoAsk enables us to provide interactive video forms that allow you to communicate with us via video, audio or text input.
When you visit pages that contain a VideoAsk element, a connection to the servers of VideoAsk or Typeform is established. In doing so, personal data such as your IP address, technical information about your device (e.g. browser type, operating system) and, depending on your use, video, audio or text input may be processed and transmitted to VideoAsk.
Further information can be found in the VideoAsk privacy policy at https://www.videoask.com/privacy
The integration of Vidzflow also loads additional services from Typeform.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)
13. Vidzflow
Our website uses the Vidzflow service provided by Woice, d.o.o., a Slovenian company based at Ulica škofa Maksimilijana Držečnika 6, 2000 Maribor, Slovenia, to embed and provide videos. Vidzflow is a specialised video hosting and streaming service that can be integrated directly into Webflow websites.
When you visit pages with embedded Vidzflow videos, a connection to the Vidzflow servers is established. This may involve the collection of personal data such as your IP address, technical information about the device you are using (e.g. browser type, operating system, screen resolution), time of access and, depending on the interaction, usage data on video behaviour (e.g. playback time, interactions with forms or buttons in the video) may be collected and transmitted to Vidzflow.
Further information on data processing by Vidzflow can be found at https://cdn.prod.website-files.com/6424a84a1a90881fe7724044/65c278da0eaea8bed9769154_Vidzflow%20PrivacyPolicy_30jan2024.docx.pdf
The integration of Vidzflow also loads additional services such as Zencoder and Embedly.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)
14. Webflow (hosting and CMS)
Our website is hosted by the service provider Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, 94103 California, USA. Webflow provides both the website building system and the technical infrastructure for operating this site, including hosting, CMS and content delivery.
As part of this hosting, content such as images, scripts and other files are delivered via Webflow's content delivery infrastructure.
For more information, please refer to Webflow's privacy policy at https://webflow.com/legal/privacy
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)
15. Your rights
You have the following rights with regard to your personal data:
- Right to information, correction and deletion
- Right to restriction of processing
- Right to object to processing
- Right to data portability
- Right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40 - 42, 1030 Vienna, telephone: +43 1 52 152-0, Email: dsb@dsb.gv.at
If you believe that we have violated Austrian or European data protection law in the processing of your data and thereby infringed your rights, please contact us so that we can clarify any questions you may have.
Please send your enquiries and concerns by email to office@eventim.at or contact us using the contact details provided.
16. Changes to this privacy policy
We reserve the right to make changes to our privacy policy from time to time. All changes to the privacy policy will be published by us on this page. Please note the current version of our privacy policy in this regard.
17. Further data protection information
Further information about data processing within the company of the controller is available here: https://www.oeticket.com/help/data-protection/.
