Privacy policy for ticket sales in the online shop
With this description of our privacy policy, the Bavarian Palace Administration would like to inform you about the processing of personal data and your rights in this respect.
Our privacy policy applies to all persons who make or have contact with the Bavarian Palace Administration or who use services of the Bavarian Palace Administration, which includes the website.
Contact details of our data protection officer
You can reach our official data protection officer at:
Behördlicher Datenschutzbeauftragter der Bayerischen Schlösserverwaltung
-persönlich-
Schloss Nymphenburg, Eingang 16, 80638 München
Postal address: Postfach 20 20 63, 80020 München
Telephone: +49 89 17908-130
Telefax: +49 89 17908-154
E-Mail: datenschutzbeauftragter@bsv.bayern.de
Personal data
When you access these or other Internet pages, you transmit data to our Web server via your Internet browser. The data recorded during an ongoing connection for communication between your internet browser and our web server can be found under "Logging". For an order / purchase transaction in our online shop, the following personal data is also collected according to the DSGVO:
- First name and surname
- address
- email address
- Phone
- Bank and/or credit card details
Payment processing in the online shop
Your bank and payment data (credit card data), which you enter when placing an order in the online shop, are neither collected nor processed or stored on the EDP systems of the Bavarian Palace Department. Payments are processed exclusively on computer systems and under the technical and legal responsibility of our respective payment service providers. The following payment service providers are currently used by us for processing payments by credit card, Sofortüberweisung and Giropay.
For payment with "MasterCard, Visa, Sofortüberweisung and Giropay" we use the service provider:
Novalnet AG
Payment institution (ZAG)
Feringastraße 4
85774 Unterföhring
Data transmission
Within the scope of the statutory powers, your personal data will be disclosed to the following companies within the EU:
- Postal service providers, forwarding agents, shipping service providers, disposal of files/data carriers
- IT service provider within the scope of maintenance and software maintenance
- Service providers Credit assessment and debt collection
- Novalnet AG, Feringastraße 4, 85774 Unterföhring, Germany
Legal basis of the data processing
The legal basis for the processing of your personal data – where not otherwise stated – is article 6 paragraph 1 letter e of the General Data Protection Regulation (DatenschutzGrundverordnung ‘DSVGO’ (in conjunction with article 4 paragraph 1 of the Bavarian Data Protection Law (Bayerisches Datenschutzgesetz ‘BayDSG’). The data can only be processed with your consent in accordance with article 6 paragraph 1 letter a DSGVO.
Order processing for hosting and development of the ticket shop
Operation of the online shop:
amepheas GmbH, Heiligenstädter Lände 27c, A-1190 Wien
Telefon: +43 (1) 890 1606 0, E-Mail: info@amepheas.at, Web: www.amepheas.at
Development of the online shop:
amepheas AG, Levetzowstraße 23 B-C, D-10555 Berlin
E-Mail: info@amepheas.de, Web: www.amepheas.com
The servers of the online shop are hosted in the German data centres.
Server log files:
Three types of server log files are generated:
- Web server access log
- Web server error log
- Application error log
Web server access log
Multiple log files that are regenerated daily. The following data is stored in order to monitor the correct technical function of the web server and to ensure operational reliability: IP address, date, time, page views, status code, data volume, host name called up.
The IP addresses are anonymized after two weeks.
These log files are deleted after 90 days.
Web server error log
Multiple log files that are regenerated daily. Web server error logs contain information about failed page views. In addition to the error information, the calling IP and, depending on the error, the page called up are saved.
These log files are deleted after 90 days.
Application error log
Single log file. The application error log can contain the following personal information for the purpose of analyzing and correcting errors in the online shop: IP address, login name, e-mail address.
These log files are deleted after 30 days.
Cookies used
| Name | Purpose | Validity | Provider |
|---|---|---|---|
| ticketshop_session | Assigns the browser to a session on the server. This only influences the content that is seen by visitors and is not evaluated or processed by us. | 1 year | bayreuth.bsv-ticketshop.de |
| consent | Stores the consent to use cookies. | 1 year | bayreuth.bsv-ticketshop.de |
| XSRF-TOKEN | "Cross Request Forgery Token" is generated when filling out forms and automatically deleted after submission. | limited | bayreuth.bsv-ticketshop.de |
Length of time the personal data is stored
Your data will be stored by the Bavarian Palace Administration in compliance with legal retention periods for as long as is necessary for the purpose in hand.
Your data protection rights
Your rights as a data subject are as follows:
- You have the right to receive information concerning the data stored about you (article 15 DSGVO).
- If data are inaccurate, you have the right to obtain rectification (article 16 DSGVO).
- If there are no legitimate grounds for retaining your personal data, you can request its erasure or restriction of the processing and can also object to the processing (articles 17, 18 and 21 DSGVO).
- If the processing is based on consent or a contract and if the processing is carried out by automated means, you also have the right to have your data transmitted to you (right to data portability, article 20 DSGVO).
Should you make use of the above rights, we will ascertain whether this meets the legal requirements.
Independently of the above, you have right of complaint to the relevant supervisory authority.
The relevant supervisory authority for Bavarian public bodies is the Bavarian State Data Protection Officer (Landesbeauftragte für den Datenschutz), who can be contacted as follows:
PO Box: Postfach 22 12 19, 80502 München
Address: Wagmüllerstraße 18, 80538 München
Telephone: +49 89 212672-0
Telefax: +49 89 212672-50
E-Mail: poststelle@datenschutz-bayern.de
Internet: www.datenschutz-bayern.de
The relevant supervisory authority for the processing of personal data in connection with the tax code is the Federal Official for Data Protection and Freedom of Information (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit ‘BfDI’), who can be contacted as follows:
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Postanschrift: Husarenstraße 30, 53117 Bonn
Telephone: +49 0228 997799-0
Telefax: +49 228 997799-5550
E-Mail: poststelle@bfdi.bund.de
Internet: www.bfdi.bund.de
Right to withdraw consent
If you have consented to the processing of your personal data, you can withdraw this consent at any time with effect for the future. Until your consent is withdrawn, the processing remains legitimate.
Contact and further information
If you have any questions about data security in connection with this Internet site, please contact the official data protection officer.
