Skip to content

Privacy policy

Data protection

We thank you for your interest in our website the information it contains. We take data protection seriously, and would like to inform you about how we – ASSITEJ e.V., the Children’s and Youth Theatre Centre in the Federal Republic of Germany (KJTZ), and the funding projects CULTURAL RESET (Neustart Kultur) and Pathways into Theatre (Wege ins Theater) – collect, process, and save your personal data, specifically with regard to the European General Data Protection Regulation (GDPR). If you receive information from us which you do not wish to receive, you can contact us at any time.

You will find further information on how we protect and process your data in the following privacy policy. Please contact us if you have any questions. The data protection officer for ASSITEJ e.V. is Anne-Sophie Garthe (datenschutz@jungespublikum.de). You are also welcome to contact us through our contact form. (Project: Data protection)


1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is defined as any data which can be used to identify a person. For more detailed information on the topic of data protection, please refer to the rest of our privacy policy.

Who is responsible for the website’s data collection?
Data is processed on this website by the website operator. You can find their contact details on the website’s Impressum page.

 

How do we collect your data?
One way in which we collect your data is when you share it with us. This can include, for example, what you write in a contact form. Data can also be collected automatically when you visit the website through our IT systems. This is especially the case with technical information (such as your browser, your operating system, or the time when you visited the site). This is collected as soon as you load the webpage.

 

What do we use your data for?
Some of the data is collected to ensure that the website is displayed correctly. We use other data to analyse how you use the website.

 

What rights do you have regarding your data?
You have the right to request the origin, recipient, and purpose of your stored personal data at any time, free of charge. Aside from this, you also have the right to request that we correct, block or delete this data. For this purpose, or if you have any other questions, please contact our data protection officer Anne-Sophie Garthe (datenschutz@kjtz.de). You also have the right to make a complaint with the relevant authority.


2. General advice and legally required information

Data protection
The operator of this website takes the protection of your personal data very seriously. We handle your personal data confidentially and in accordance with statutory data protection regulations, as well as this privacy policy. If you use this website, various personal data will be collected. Personal data means data which can identify you personally. The following privacy policy explains what data we collect and what we use it for. It also explains how and to what purpose this takes place. We would also like to point out that there can be security loopholes when transmitting data over the Internet (for example, when communicating by email). It is unfortunately not possible to entirely prevent third parties from accessing data in this way.

 

Information on the data controller
The data controller for the website’s data processing is:

ASSITEJ e.V. Bundesrepublik Deutschland
Kinder- und Jugendtheaterzentrum in der Bundesrepublik Deutschland (part of the legal entity of ASSITEJ e.V. Bundesrepublik Deutschland)
Schützenstraße 12, 60311 Frankfurt am Main

Represented through the members of the Executive Board:
Brigitte Dethier (Chair), Jutta Maria Staerk, Wolfgang Stüßel, Julia Dina Heße (Deputy Chair) and Johannes Leppin (Treasurer)

 

Contact:
Telephone + 49 (0)69 296 661 or + 49 (0)69 291 538
Email: info@jungespublikum.de

The controller is the natural or legal person who, alone or jointly with others, determins the purposes for collecting data and the means through which it is processed (eg. names, email addresses, etc).

 

Data protection officer, ASSITEJ e.V.:
Anne-Sophie Garthe
Email: datenschutz@jungespublikum.de

 

Hosting the website externally
This website is hosted externally. The personal data that this website collects will be saved onto the host’s server. This includes, for example, IP-Addresses, contact requests, metadata, communication data, contract data, contact details, names, website access, and other data which the website can generate. External hosting is used for the purpose of fulfilling our contract with potential and existing users (GDPR Article 6 (1)(b)) as well as offering a secure, safe and efficient online service through a professional service provider (GDPR Article 6 (1)(f)). Provided the relevant consent has been requested, the data is processed exclusively on the legal basis of GDPR Article & para. 1 lit. a and TTDSG (Telecommunications Digital Services Data Protection Act) Sec. 25 para. 1, as long as this consent includes the storage of cookies or access to information in the device the user is using to access the website (for example, device fingerprinting), as defined by the TTDGS. Consent can be revoked at any time. Our host will only process your data to the necessary extent in order to provide the necessary service, and will follow all of our instructions with regard to its handling.

We use the following host:
HostPress GmbH
Bahnhofstr. 34
D-66571 Eppelborn

Processing contract
We have signed a contract for processing with the above-named provider. This contract is required under data protection law, and stipulates that the provider may only process our website visitors’ data in accordance with our instruction, and in compliance with GDPR.

 

Storage period
Unless a more specific storage period has been specified in this privacy policy, your personal data will be kept until the data processing purpose no longer applies. If you submit an authorised request to delete your data, or if your revoke the necessary consent to process your data, then your data will be deleted, provided there are no other legally permissible reasons to keep it (for example, if it must be retained according to tax or commercial law). In this instance, the data will be deleted once the relevant reason no longer applies.

 

General information on the legal basis for data processing on this website
Once you have consented to data processing, we will process it on the basis of GDPR Article 6 (1)(a) or Article 9(2)(a), provided that special data categories are processed according to GDPR Article 9 (1). In the event that you explicitly consent to the transfer of your data into non-EU countries, your data will also be carried out in accordance with GDPR Article 49 (1)(a). If you have consented to saving cookies or allowing access to the device you are using (for example, through device fingerprinting), then your data will be processed according to the TTDSG, Sec. 25, para. 1. You can revoke your consent at any time. If your data is required to fulfil a contract or to carry out the necessary steps prior to entering a contract, then your data will be processed on the basis of GDPR Article 6 (1)(b). Furthermore, we will process your data if this is necessary to fulfil a legal obligation, in accordance with GDPR Article 6 (1)(c). We may also process data on the basis of our legitimate interests, as defined in GDPR Article 6 (1)(f). Information on the relevant legal basis of each individual case with be explained in the following paragraphs of this privacy policy.

 

Information on the transfer of data to the USA and other third-party countries
Some of the tools we use come from companies that are based in the US or other third-party countries who do not have secure data protection laws. When these tools are active, it is possible that your personal data will be transferred into these countries and processed there. We would like to advise you that it cannot be guaranteed that your data will be as well protected in those countries as it would be in the EU. For example, US companies are obliged to give personal data to security services, without you being able to take action against this legally as a data subject. The possibility cannot be ruled out, therefore, that US authorities ( eg. intelligence agencies) will process, analyse, and permanent store your data on US servers for surveillance purposes. We have no influence on these activities.

 

Revoking your consent to data processing
Most data processing is only possible with your explicit consent. You can withdraw consent that you have already given at any time. For this, an informal email to us detailing this is sufficient. This has no effect on the lawfulness of any data processing that takes place prior to the revocation.

 

Right of complaint to the responsible regulatory authority
In the event that data protection law has been breached, the affected data subject has to the right to complain to the responsible regulatory authority.  The regulatory authority who is responsible for questions relating to data protection is the state data protection officer of the federal state in which our company is headquartered. You can find a list of the different data protection officers as well as their contact details at the following link. (Please note that not all information may be available in English.)
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
(Page last visited: 06.10.2022)

 

Right to data transferability
You have the right to have data that we process automatically on the basis of your consent or according to the fulfilment of a contract, issued to you or to a third party in a standard format that a computer can read. In the event that you request the transfer of data to another controller, this will only be done if it is technically feasible.

 

SSL or TLS encryption
This page uses SSL or TLS encryption for security reasons in order to protect the transfer of confidential content, such as, for example, enquiries or event registrations which are sent to as the website operator. You can recognise an encrypted connection if the address in the browser changes from “http://” to “https://”, and by the lock symbol in the navigation bar. Once SSL or TLS encryption has been activated, third parties will not be able to read the data that you transmit to us.

 

Information, blocking and deletion
Within the scope of the current legal regulations, you have the right to free information on your saved personal data, where it comes from, who has received it, and the purpose for it being processed, as well as, if applicable, the right to correct, block, or delete this data. If you would like to contact us regarding this, or with other questions relation to your personal data, you can contact us at any time, either at the details on the Impressum page, or through the data protection officer (email: datenschutz@jungespublikum.de).

 

Objection to advertising emails
We expressly prohibit the use of the contact data that we are obliged to publish on our Impressum page in order to send unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action in the event that we receive unsolicited advertising information, such as spam emails.


3. Data collection on our website

Cookies
Some of the web pages use what are known as cookies. Cookies cause no damage to your computer, and do not contain viruses. We use cookies in order to make our website more user-friendly, effective, and secure. Cookies are small text files that your browser saves and stores on your computers. The majority which we use are known as “session cookies”. They are automatically deleted once you have finished visiting our website. Other cookies stay on the device that you have used until you delete them yourself. These cookies allow us to recognise your browser again on your next visit.

You can change your browser settings so that you are informed when cookies are saved to your device, and only allow them in individual cases, exclude them in individual cases, or more generally. You can also set your browser to automatically delete any cookies after it is closed. Deactivating cookies can reduce the functionality of the website. Cookies that are required for electronic communication, or that are necessary to provide certain functions that you have requested, are stored on the basis of GDPR Article 6 (1) (f). The website operator has a legitimate interest in saving cookies in order to provide an optimal service that is free of technical errors. Any other cookies (such as those used to analyse usage) which are saved on your device are addressed separately in this privacy policy.

 

Cookies used for user analysis by Matomo Analytics
When visiting our website, we can statistically analyse your browsing behaviour. For this purpose, we use the usage analysis service Matomo Analytics. Matomo Analytics uses what are known as cookies to carry out the analysis process. These are text files that are stored on your computer, which contain information that is transferred to the Matomo analysis service when you view a page. Your IP-address is collected, but immediately made anonymous, so that none of your personal data can be identified during the analysis. The information that is collected is not sent on to third parties.

IP-anonymisation
We anonymise IP-addresses when using Matomo’s analytics services. This involves shorting the IP-address before it is analysed, so that it can no longer be clearly attributed to you.

Cookie-free analysis
We have configured Matomo so that it does not save any cookies in your browser.

Hosting
We exclusively host Matomo on our own servers, so that all of the analytics data stays with us and is not passed on to anyone else.

 

Contact form
If you use the contact form, the details you include within it, including any contact details, will be stored in our internal address database Cobra CRM, provided by the company cobra computer’s brainware GmbH (Address: Weberinnenstr. 7, 78467 Konstanz, Germany; email: info@cobra.de) for the purpose of processing the enquiry, and in the event of any follow-up questions. Cobra CRM is a database for collecting and professionally managing customer data. The database is directly stored on a local service and is protected against unauthorised access from third parties. We will not pass on your personal details without your explicit consent. We also only process the data that you have entered into the contact form with your explicit consent, in accordance with GDPR Article 6 (1)(a).

You can revoke your consent at any time. To do so, you only need to send us an informal email about it. The legal basis for processing your data up until the revocation remains unaffected by it. The data you have entered into the contact form remain with us until you either ask us to delete it, revoke your consent to storing it, or until the purpose for storing it no longer applies (for example, we have processed your enquiry). Any mandatory legal requirements – in particular, data storage periods – remain unaffected.

 

Server log files
The website provider automatically collects and stores information in what is known as server logs. These are automatically sent to us from your browser as soon as you visit our website.

The server log files contain the following information:

  • The type and version of browser
  • The operating system
  • The referrer of the URL
  • The host name of the computer accessing the website
  • The time of the server request
  • The IP address

This data is not aggregated with any other data sources. The basis for this data processing is GDPR Article 6 (1)(f9, which permits data processing when it is necessary for the fulfilment of a contract, or to fulfil the necessary steps prior to entering one.

 

Enquiries by email, telephone, or fax
If you contact us by email, telephone, or fax, your enquiry, including all personal data (such as your name and the contents of the enquiry), will be stored and processed by us for the purpose of handling your request. We will not pass this data on without your express consent. This data is processed in accordance with GDPR Article 6 (1) (b), provided your enquiry is necessary to fulfil a contract, or to carry out the necessary measures before a contract is signed. Otherwise, we process data in the legitimate interest of effectively handling any enquiries addressed to us (GDPR Article 6 (1)(f)), or based on your consent if it has been requested (GDPR Article 6 (1)(a)). Consent can be revoked at any time. The data you have entered into the contact form remain with us until you either ask us to delete it, revoke your consent to storing it, or until the purpose for storing it no longer applies (for example, we have processed your enquiry). Any mandatory legal requirements – in particular, data storage periods – remain unaffected.

 

Data processing (Customer and contract data)
We collect, process, and use personal data only when it is necessary to establish or amend the content of a legal relationship (in other words, inventory data). This is in accordance with GDPR Article 6 (1) (b), provided your enquiry is necessary to fulfil a contract, or to carry out the necessary measures before a contract is signed. We collect, process and use personal data about the use of our website (usage data) only insofar as this is necessary to enable the user to utilise the service or to bill the user. The data we have collected will be deleted after the contract is concluded or after the business relationship has terminated. Legally required storage periods remain unaffected.


4. Plug-ins and tools

Newsletter registration via the „News & Mail“ service (Data collection and transfer to third parties)
On our website, you have the opportunity to register for our newsletter or to subscribe up to our mailing list via a registration form. For this purpose, we use the News & Mail Service tool, provided by the company 4OfficeAutomation GmbH (Address: Schlägelweg 46a, D-31275 Lehrte; email: kontakt@mynewsletter.rocks). This tool functions as part of our internal address database Cobra CRM, provided by the company cobra computer’s brainware GmbH (Address: Weberinnenstr. 7, 78467 Konstanz, Germany; email: info@cobra.de) for the purpose of processing the enquiry, and in the event of any follow-up questions. Cobra CRM is a database for collecting and professionally managing customer data. The database is directly stored on a local service and is protected against unauthorised access from third parties.

If you would like to receive the newsletter that we offer on our website, we need your email address, as well as information which allows us to check that you are the owner of the email address given, and that you agree to receiving the newsletter. Further information is not collected, or only on a voluntary basis.

When you register, you will go through the double opt-in procedure. This means that, once you have sent off the registration form, you will receive an email from us at the address you have given, in which you confirm that you would like to keep receive emails. Only once we have received the confirmation of your registration will we save your details into the web-based and password-protected „News & Mail Service“, which is then forwarded to the Cobra database via an API. Your data will be used exclusively to send you the Newsletter, and any mails from the mailing lists you have subscribed to. You can unsubscribe at any time; in this instance, your data will be removed from the mailing lists and, if you wish, from the address database.

 

Data analysis through the News & Mail Service

With the help of “News & Mail Service”, it is possible for us to analyse our newsletter campaigns. We can see, for example, who has opened a newsletter email, or which links, if any, have been clicked on. In this way, we can find out which links are clicked on most frequently. If you do not want your actions to be analysed through “News & Mail Service”, you will have to unsubscribed from the newsletter. We provide a link for this express purpose in every newsletter email we send out.

You can find more detailed information on these functions at the following link: https://www.mynewsletter.rocks/en/

Legal basis
The data is processed on the basis of your consent (GDPR Article 6 (1)(a)). You can revoke your consent at any time. This has no effect on the lawfulness of any data processing that takes place prior to the revocation.

Storage period
The data you provide us for the purpose of subscribing to the newsletter will be stored either by us or by the newsletter service provider, until you unsubscribed from the newsletter, after which it will be deleted. Data which we store for other purposes will remain unaffected by this. After you unsubscribe from the mailing list, your email address may be stored by us or the newsletter service provider in a blacklist, if we think this is necessary to prevent future mailings. The blacklist data will only be used for this purpose, and will not be merged with other data. This serves both your interest as well as our interest in complying with legal regulations when sending newsletters (in other words, a legitimate interest in accordance with GDPR Article 6 (1) (f)). Your data will be stored on this blacklist indefinitely. You can object to your data being saved to this list, if you believe that your interests outweigh our legitimate interest.

For more information, please refer to the MyNewsletter.Rocks privacy policy at: https://www.mynewsletter.rocks/en/datenschutz/

Processing contract
We have signed a contract for processing with the above-named provider. This contract is required under data protection law, and stipulates that the provider may only process our website visitors’ data in accordance with our instruction, and in compliance with GDPR.

 

 

Usage and data transfer – Youtube and Google
Our website uses plugins from the website Youtube, which is owned by Google. The website The website is operated by Youtube (Address: LLC, 901 Cherry Ave., San Bruno, CA 94066, USA)

If you visit a page that contains a Youtube plugin, the plugin will generate a connection with Youtube’s servers. This plugin will then tell YouTube’s server which web pages you have visited.

If you are logged into your YouTube account, this allows YouTube to connect your browsing history to your personal profile. You can prevent this by logging out of your YouTube account.

Using Youtube serves our interest of presentation our online offers in an engaging manner. This constitutes a legitimate interest according to GDPR Article 6 (1)(f).

You can find further information on how YouTube handles user data in YouTube’s privacy policy, which can be accessed at: https://www.google.de/intl/de/policies/privacy.

The provision and exchange of information via the KJTZBOX (Nextcloud)
The controller operates a central cloud storage service called KJTZBOX – this is a Nextcloud application, which includes several other integrated applications.

You can find more detailed information on this at the following link: https://nextcloud.com/de/about/

External hosting
The cloud storage service KJTZBOX is externally hosted. Any personal data collected by the application is stored on the host’s servers. This may include IP addresses, contact details, meta and communication data, names, web pages you have accessed, and other data generated by the BOX. External hosting is carried out for the purpose of fulfilling the contract of any potential and existing users (GDPR Article 6 (1)(b)), as well as in the interest of providing a secure, fast, and efficient online service through a professional provider (GDPR Article 6 (1)(f)). If the relevant consent has been requested, then data will be processed in accordance with GDPR Article 6 (1)(f) as well as TTDSG Sec. 25 para. 1, as long as this consent includes the storage of cookies or access to information in the device the user is using to access the website (for example, device fingerprinting), as defined by the TTDGS. Consent can be revoked at any time. Our host will only process your data to the necessary extent in order to provide the necessary service, and will follow all of our instructions with regard to its handling.

We use the following external host:

Hetzner Online GmbH
Industriestr. 25
D-91710 Gunzenhausen

Processing contract
We have signed a contract for processing with the above-named provider. This contract is required under data protection law, and stipulates that the provider may only process our website visitors’ data in accordance with our instruction, and in compliance with GDPR.

Data processing
You data will be processed to fulfil the purpose of transferring data, preparing documents, and managing users and groups. It is also processed to assist the technical provision of the necessary services that are required to use Nextcloud, as well as for its administration, security, and functionality. The following types of data are required in order to prepare and use Nextcloud, or are generated during its use:

  • User data (eg. username, password, role, group membership)
  • User-generated content and communication data (eg. documents, media)
  • Technical usage data (eg. generated files, error messages)
  • Automatically manage log data (eg. times when the service was accessed)

Usually, the cloud storage can only been used once a user has been identified (or in other words, has logged in), which then accesses the database that is included with the user’s administrative privileges. An exception to this is when someone supplies information through a sharing link – this does not require any user identification. As a rule, only cookies are required to allow users to easily and securely use the website.

Within the KJTZ, all Nextcloud administrators can access people’s data. Data is transferred by the host PSCE IT GmbH as part of the application’s technical operations. User data is kept for as long as it is necessary to do so. You can revoke the consent that allows us to process your data at any time.

Storage period
After you have stopped using Nextcloud, or after you have objected to the processing of your data, your data will be deleted within six weeks. Sever backup data will be deleted after six months. Log files are kept for 14 days and then deleted automatically. This does not include Data which we are legally required to keep for longer periods. Users can delete any content and communication data that they generate themselves, of their own accord and at any time.

ZOOM communication software
We use the tool Zoom in order to carry out telephone conferences, online meetings, video conferences, and digital events and discussion programmes, as well as to record and minutes these if necessary. “Zoom” is a service provided by Zoom Video Communications Inc. (Address: Zoom Video Communications, Inc.; 55 Almaden Blvd, Suite 600; San Jose, CA 95113), who are headquartered in the USA.

The following data will be processed when you use Zoom software:

  • Information on the user (first name, surname, email address, if applicable also pronouns and telephone number
  • Department (optional)
  • Meeting metadata (topic, description (optional), participants’ IP-addresses, information on the devices/hardware)
  • Meeting recording, if applicable (MP4-file with recordings of video, audio and any presentations, M4A-file with audio, text file with the meeting chat)
  • Data when dialling in via a telephone (details on incoming and outgoing phone numbers, country name, start and end time, if applicable other connection details such as the device’s IP-address)
  • Text, audio, and video data (e.g. any data inputted into the chat, the microphone, or the camera on the device being used)

The amount of data collected also depends on what data you provide either before or when you participate in an “online meeting”.

If we want to record “online meetings”, we will inform you of this explicitly in advance and, if necessary, ask for your consent. The fact that you are being recorded will be shown in the Zoom app, which means that the start, progress, and end of the recording will be signalled visually and audibly. For the purposes of recording and editing, we will document any discussions had in the chat, and process the questions posed by participants.

Note on the use of software
As soon as you load Zoom’s website, the operator of Zoom’s web page becomes responsible for data processing. It is, however, only necessary to access Zoom’s website in order to download the software needed to use Zoom. You can also use Zoom if you enter the Meeting ID and, if necessary, other access details, directly into the Zoom app. If you do not want or are unable to use the Zoom app, then you can also access the basic functions via the browser version, which you will likewise find on Zoom’s website.

Storage period
If you are registered as a Zoom user, then any reports on “online meetings” (including meeting metadata, telephone dialling data, and questions and answers as well as any data from the survey function from webinars) can be stored from up to 12 months at Zoom. Automated decision making, as explained in GDPR Article 22, is not used.

Legal basis
The legal basis for organising, recording, and documenting our online meetings comes from GDPR Article 6 (1)(f). There is a legitimate interest in the effective implementation of online meetings, as well as the efficient preparation and revision of our online events, in order to better optimise our offers on funding and discussions.

 

Survey and polling toll “Microsoft Forms”
The tool “Microsoft Forms” is part of the app package Microsoft 365, which in turn is a combination of an online service, an Office web application, and an Office software subscription. We use the app Microsoft Forms in order to carry out external surveys and polls, for example, for the evaluation of projects and events. Participation in these surveys and polls is entirely voluntary and done anonymously, which means that, in the context of these surveys and polls, we will not collect any contact details which allow us to trace the results directly back to the sender.

Usage note
The web-based survey/poll form is opened via a link which we will send to you. Microsoft uses cookies, or small text files, which do not require your direct consent, and are activated as soon as you open the link. The cookies are used to collect data on your behaviour as a user.

Microsoft also collects the following additional user data:

  • IP-address
  • Preferred language
  • Date and time that the questionnaire was opened
  • Date and time that the questionnaire was sent

Data is collected and transmitted by the data processor Microsoft Ireland Operations Ltd (Address: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland). This can also lead to your data being transferred to outside the European Union. The transfer of data to the USA can be carried out in accordance with GDPR Article 45, in conjunction with the European Commission’s adequacy decision C(2023) 4745, as the data recipient has committed to complying with the data processing principles as laid out in the Data Privacy Framework.

For further information on data protection, please refer to the Microsoft’s services agreement and privacy policy.

Legal basis
We use these surveys and polls in the legitimate interest of documenting, optimising, and expanding our process and services for the benefit of those who use our website. We base this on the legal framework of GDPR Article 6 (1) (f).

Storage period
Data that is collected during surveys will be kept as long as is necessary to fulfil the purpose of the data collection.

 


Contact

Anne-Sophie Garthe (she/her)
Data protection officer
datenschutz@jungespublikum.de
069 69296661

Please use our contact form if you would like to share any questions or suggestions with us.