Data Protection Declaration

Thank you for visiting our website. We would like to make sure that you enjoy browsing and feel safe. The following data protection regulations of Niedersächsisches Staatstheater Hannover GmbH will give you detailed information on the collection, processing and use of personal data.



  • General Treatment of your Personal Data

    The protection of your privacy is very important to us. We have therefore designed our internet services in a way that processes as little personal data as possible. In as far as we process personal data, this is done in accordance with the legal regulations. We collect your e-mail address and telephone number to make sure that we can inform you of cancellations or changes of shows in good time. We only pass on your data to third parties if we are legally entitled or obliged to do so (e.g. for purposes of contracts or criminal prosecution) or if you expressly wish us to.

  • Legally Responsible

  • Contact Persons

    If you have any questions concerning the collection, processing or use of personal data or regarding information, correction, blocking or deletion as well as the revocation of given approval, please contact:  Uwe Bösenberg, data protection officer of Niedersächsisches Staatstheater Hannover GmbH,

  • Protective Measures

    We have adopted technical and organisational measures to ensure the most comprehensive protection of your data. In addition to obliging our staff to comply with data secrecy and a careful vetting and control of service providers, we have also made our operating environment more than adequately secure.

    On some pages, we use an encryption procedure to avoid unwanted access, particularly in cases where you provide us with data to invoice ticket purchases. Your data are transmitted via the internet, using an SSL-encryption (Secure Socket Layer). When this procedure is used, the lock-symbol in your browser’s status bar is closed and the address bar begins with https://www... When you are merely asking for generally available information, we dispense with the encryption.

  • Processing of Personal Data

    We process personal data that you have actively transmitted to us. Furthermore, we automatically process personal data on account of your visit to our website. Therefore, the following activities may especially lead to processing of your personal data:

    • Visiting our website
    • Creating a customer account
    • Purchasing tickets or vouchers in our webshop
    • Contacting us
    • Applying for a vacancy tendered on our website
    • Analysis of which visitors go to our website and how they use it
    • Analysis of the success of our marketing measures
    • Personalisation of marketing measures
    • Defence against attacks on our technical infrastructure

    For details, please see the following explanations.

  • Website

    When you call up our website, your internet browser will automatically transmit data to our web server for technical reasons. These data will then be stored and processed by the company commissioned by us for this purpose. These data are (server log files):

    •  Browser type and browser version
    • Operating system used
    • URL of the referencing website
    • Host name of accessing computer
    • Date and time of the server request
    • IP of the terminal that you are using to visit our website

    The IP-address is a clearly identifiable numeric address from which your terminal device sends or accesses data to or from the internet. We or our service providers usually do not know who is behind an IP-address, unless you communicate data to us during your visit that enables us to identify you. A user may also be identified if legal measures are taken against them (e.g. in case of attacks against our website) and we are made aware of their identity in the context of the investigation proceedings. In general, therefore, there is no cause for concern that we could match your IP-address with you. By order of the responsible authorities, we may provide information about these data in individual cases if it is required for purposes of criminal prosecution, averting a danger, the accomplishment of legal tasks by intelligence services or military counter-intelligence services, or to enforce our rights to intellectual property. The IP-address is used to enable you technically to access and use our website and to recognise and defend against attack against our service provider or our website.

    With this processing procedure, we pursue the legitimate interest of safeguarding the functionality of our website and to defend it against illegal attacks (via our service providers). The legal basis of this processing is Art. 6, par. 1 f) GDPR.
    These IP-data are stored separately from other data that you enter during your use of our online services. As a rule, they will be deleted after 14 days if they should no longer be needed for the recognition of or defence against an attack.

    We have commissioned the foundation gGmbH, Almstadtstraße 4, 10119 Berlin,, as the data processing company to operate our website. Compliance with data protection regulations has been stipulated and is checked at regular intervals. The foundation gGmbH operates servers exclusively located in Germany.

  • Cookies

    In the operation of our website, we use cookies to guarantee the technical functionality of our website and to understand how visitors use the website.

    A cookie is a small text file that your browser stores on your terminal device when you call up our website. When you access our website again at a later date, we can read these cookies again. Cookies are stored for various periods of time. Whenever you want, you can set your browser options to determine which cookies it should accept, but this could lead to faulty functioning of our website. Furthermore, you can delete cookies at any time. If you do not do this, we can determine how long a cookie should be stored on your computer. There is a difference between session cookies and permanent cookies. Session cookies are deleted by your browser when you leave our website or close your browser. Permanent cookies are stored for the period of time that we define at the moment of storing them.

    We use cookies for the following purposes:

    • Technically required cookies that are necessary for the functioning of our website (e.g. to detect whether you have registered). Without these cookies, certain functions cannot be provided. These are session cookies.
    • Cookies for analysis, which serve to analyse your user behaviour. Please find more details in the paragraph on “Analysis of User Behaviour”.

    Most browsers used by our visitors have the option of selecting which cookies to store and enable users to delete (certain) cookies. If you limit cookie-storage on certain websites or do not accept cookies by third-party-websites, this can lead to diminished usability of our website.

    Here is some information on how to adapt cookie settings for the browsers used most frequently:

  • Usage Analysis

    On our website, we use the web analysis software Matomo (previously Piwik). This software utilises a so-called cookie. This is a small text file that is stored on your computer by your browser. By means of this cookie, the software obtains information on which website you called up and above all the following information:

    • Browser type, browser engine, browser version
    • Plug-ins
    • Operating system
    • Type of device
    • Monitor resolution
    • Location
    • Access history
    • Original website (e.g. Google)
    • Date and time
    • Dwelling time on the homepage and its subpages
    • Recurring visit yes/no
    • Anonymised IP-address

    The software never creates personal profiles but rather uses pseudonyms at all times. The software does not allow us to generate personalised user statistics for our website. Furthermore, it generates statistics that help us to better understand how our website is found so that we can improve our search engine optimisation and our marketing measures. With this processing, we pursue the legitimate interest of improving both our website and our marketing measures. The legal basis for processing is Art. 6, par. 1 f) GDPR. The anonymised data are deleted after 180 days.

    If you do not wish us to use Matomo for your visit to our website, you can state your objection here:

  • Contact Requests

    If you send us a message via one of the offered contact options (e.g. contact forms), we will use the data you have given us to process your enquiry. The legal basis for this is our legitimate interest in answering your enquiry according to Art. 6, par. 1 f) GDPR. If your enquiry is for the purpose of concluding a contract, a further legal basis is Art. 6, par. 1 b) GDPR. The data will be deleted after an appropriate period of time after completion of your enquiry. Should we be legally required to store the data for a longer period, they will be deleted once this period has elapsed.

  • Newsletter

    For our newsletter, we use the services of Inxmail GmbH, Wentzingerstraße 17, 79106 Freiburg,, who operate as data processing company for us.

    Registration for our Newsletters

    If you register for our e-mail newsletter, the data you have given us will be used for generating and sending the newsletter as well as for the confirmation of registration for our newsletter. The legal basis is Art. 6, par. 1 a) GDPR. For purposes of sending the newsletter, you have to click on the confirmation link in the verification e-mail that we send to you after registration to prove your agreement (DOI-procedure). With your click on the respective link, we will process the public IP-address of the computer from which this link is activated, together with the date and time of the click. We process these data in order to prove that you have confirmed that you would like to receive our newsletter. If the verification link is not clicked, we will automatically delete the registration data after 72 hours. We carry out anonymised link-tracking for statistical purposes. The legal basis for this processing is Art. 6, par. 1 f) GDPR. Our legitimate interest is the fulfilment of the obligation to provide proof of your subscription.

    Inclusion in our Newsletter Mailing List on the Basis of Implicit Agreement

    If we include you in the mailing list for our newsletter because you have provided us with your e-mail address in the process of purchasing tickets or vouchers for performances of Niedersächsiche Staatstheater Hannover GmbH and we have informed you according to the legal requirements, the basis for this processing is § 7, par. 3 UWG in connection with Art. 6, par. 6 1 f) GDPR, since, in the absence of any objection, we may assume that we are allowed to exercise our legal entitlement.

    Newsletter Repeal or Objection

    You can repeal your agreement at any time by unsubscribing from our newsletter or by objecting to receiving it in the future. You can find an unsubscribe-link at the bottom of every newsletter.

    Deleting Newsletter Data

    We will delete your data once you have unsubscribed from the newsletter. The data that serves as proof of your agreement to receive the newsletter will be deleted after the limitation period for such obligations to provide proof has elapsed.

    Link to your Customer Account

    If you should register for our newsletter with an e-mail address that already has a customer account in our webshop, we will indicate the subscription in the shop. If this provides us with your name and your form of address, we will use them to address you personally in our newsletter. The legal basis is Art. 6, par. 6 1 f) GDPR, since we pursue our legitimate interest in coherent data storage. We aim to connect data that can be attributed to specific persons for purposes of furnishing information and to be able to address you personally in our newsletter because we hope for a better impact of this newsletter. If you should have selected specific topics during your subscription of the newsletter, we will also add these to your customer account in order to send you information and special offers regarding your selected topics. You can change or delete your selected topics at any time via the respective profile-link at the end of each newsletter.

  • Social Media

    Below we would like to inform you about how we manage your data according to Art. 13 of the German Data Protection Regulation (GDPR) for our pages in the following Social Media formats:  

     Legally Responsible

    Niedersächsische Staatstheater Hannover GmbH
    Opernplatz 1
    30159 Hannover

    Please find our contact data in the imprint. 

    Data Processing by us

    Data that you have entered onto our social media pages, e.g. comments, videos, images, likes, public messages etc. are published by the social media platform and not used or processed by us at any time. We merely reserve the right to delete content if this should be necessary. As the case may be, we may share your content on our page if this is a function provided by the social media platform, or we may communicate with you via the social media platform. The legal basis for this is Art. 6 par. 1 p. 1 lit. GDPR. Data processing occurs in the interest of our public relations and communications departments.

    If you would like to object to specific data processing that we can influence, please turn to the contact data given in the imprint. We will review your objection or forward it to the social media platform as appropriate.

    If you make an enquiry via the social media platform, we may refer you to other, more secure ways of communication that guarantee confidentiality, as the case may be. You always have the option of sending confidential enquiries to the address stated in the imprint.

    As already stated, we take care to keep our social media pages as compliant with data protection as possible wherever the operator of the social media platform has given us the option to do so. 

    Data Processing by the Operator of the Social Media Platform

    The operator of the social media platform employs web-tracking methods. This web-tracking may occur independently of whether you are registered with the social media platform. As stated above, we have hardly any influence on the social media platform’s web-tracking methods. For example, we are unable to deactivate them.

    Please be aware that it cannot be ruled out that the provider of the social media platform uses your profile and behavioural data, e.g. to evaluate your habits, personal relationships, preferences etc. In this sense, we have no influence on the processing of your data by the provider of the social media platform. 

    Further information on data processing by the provider of the social media platform and more options for objections can be found in the provider’s data protection declaration:

    In cases where we are in charge of data processing together with the social media platform, you will find the essential content of this joint processing of your data here:


    Your Rights as a User

    Regarding the processing of your personal data, the GDPR grants you certain rights as a user that you can exert both towards us and Facebook:

    1.) Right of Information (Art. 15 GDPR):

    You have the right to demand confirmation on whether your personal data are being processed. If this is the case, you have the right to information about these personal data and to the information detailed in Art. 15 GDPR.

    2.) Right of Correction and Deletion (Art. 16 and 17 GDPR):

    You have the right to demand immediate correction of incorrect personal data that refer to you or to demand the completion of incomplete personal data, as the case may be.

    You also have the right to demand that personal data that refer to you are immediately deleted as long as one of the reasons detailed in Art. 17 DSGVO applies, e.g. if the data are no longer necessary for the pursued purposes.

    3.) Right of Restriction of Processing (Art. 18 GDPR):

    You have the right to demand a restriction of the processing if one of the requirements detailed in Art. 18 GDPR applies, e.g. if you have objected to the processing for the duration of a possible inquiry.

    4.) Right of Data Portability (Art. 20 GDPR):

    In certain cases detailed in Art. 20 GDPR, you have the right to obtain your personal data in a structured, established and machine-readable format, or respectively to demand the communication of these data to a third party.  

    5.) Right of Objection (Art. 21 GDPR)

    If data is collected on the basis of Art. 6, par. 1 p. 1 lit. f (data processing to protect legitimate interests), you have the right to object to the processing at any time for reasons that pertain to your special situation. In such cases, we will not continue to process your personal data, except where there are veritably compelling reasons worthy of protection for this processing which outweigh the interests of the persons concerned, of if the processing serves the assertion, exercise or defence of legal titles.

  • Webshop

    Our online tickets sales are operated by our partner “Eventim”. You can find their data protection regulations on When you purchase tickets or vouchers in our webshop, we will process the data you have entered for purposes of concluding and implementing the contract. Required amounts of data will be transferred to service providers for purposes of shipping and invoicing. If PayPal is used, all transactions are subject to PayPal’s data protection declaration, accessible on
    The legal basis for processing is Art. 6 par. 1 b) GDPR.

    If you claim a reason for a reduced ticket price during your purchase (e.g. because of a severe disability), we will use this to calculate the reduced ticket price and store the reason in order to be able to check credentials for this reduction, e.g. by the front-of-house staff.

    Your data are transmitted to commissioned shipping companies in as far as shipping is necessary. For purposes of payment handling, your payment data are transferred to the financial institute or to the payment service provider selected during your order.

    Your personal data will not be transferred unless you have expressly agreed to this or we are obliged to comply with legal regulations (e.g. for the exposure of crimes). Transfer of credit card numbers to non-authorised third parties is precluded in all cases.

    We also process these data to detect and avoid fraud attempts, based on Art. 6 par. 1 f) GDPR. This is in pursuit of the objective to protect ourselves from fraudulent transactions.

    Data that are stored in connection with a contract concerning purchase of tickets will be deleted after the legal requirement period to preserve records has elapsed. In as far as legal requirements for record keeping and preserving apply for the processing of a purchase contract, the legal basis for data processing is Art. 6 par. 1 c) GDPR.

    We will delete or anonymise data when they are no longer required for the implementation of the respective contract and no legal requirement periods for preserving records apply anymore.

    Tickets can be purchased without giving personal data in cash at our box offices.

    Creating a Customer Account

    To purchase a ticket online, you have to register first. You can use your customer account for other orders later if you have agreed to data usage according to Art. 6 par. 1 a) GDPR. You can log in to see or change your data here at any time. 

    For registration, we need your e-mail address, your form of address, first and family names, postal address, data for your selected payment method and your telephone number. These data are used to identify you when you log into your account, to issue and possibly ship tickets to you and to complete the payment transaction. Your voluntary data (e.g. your title or telephone number) will help us to optimise our service. 

    When you create a customer account in our webshop, we will process the data entered by you to create and administer the account and to enable you to use services in connection with your customer account. The legal basis for this processing is Art. 6 par. 1 a) GDPR. If creating a customer account occurs for purposes of concluding a contract with us, Art. 6 par. 1 b) GDPR is an additional legal basis for processing.

    Your data will be stored until your customer account is deleted. If we are legally required to store them beyond that point (e.g. to fulfil book-keeping requirements), or legally entitled to a longer storage period (e.g. due to an ongoing legal dispute with the owner of a customer account), the data will be deleted after the storage obligation or the legal entitlement. If you have not used your customer account over a period that leads us to assume that you will no longer use it, we will delete the customer account without detriment to you.

  • Contact Data in Luca

    The current Covid-regulations of the state of Lower Saxony state that all visitors must provide their contact data for purposes of consistent contact tracing, so that the health authorities can easily contact visitors in question in case of occurring infections or suspected cases. This data collection should occur primarily in digital form, following § 6 par. 1, sentence 8 of the Coronavirus Act of Lower Saxony.

    Staatstheater Hannover use the free guest-app Luca for this purpose in order to guarantee accessibility to the health authorities. If you would like to visit performances at Staatstheater Hannover, we ask you to register with Luca before your visit.

    The data protection declaration of Luca will inform you about the scope, nature and purpose of personal data processing:

    At no time will Staatstheater Hannover have access to the information about your contacts or locations that is stored with Luca because they have been encrypted by Luca. In case of an infection, the health authority in charge will call Staatstheater Hannover to provide them with the contact data of the visitors in question via a security code allotted to them. Only the health authority will be able to access this information on contacts or location. The Infection Protection Act in connection with the currently valid Coronavirus Act of the state of Lower Saxony and the Corona Regulations of the region of Hanover oblige Staatstheater Hannover to release the respective contact data. Data transfer to the health authorities will occur exclusively encrypted via Luca.

  • Video Streaming with PayWall

    Our website offers many kinds of multi-media content free of charge. Some videos and live streams, however, are subject to a charge and therefore protected by a PayWall – a payment barrier with admission control. You will have to purchase a ticket via our webshop that will include a one-time streaming code which you can use to activate access to payment-based videos.

    Kinds of Data Processing

    Once you have entered the streaming code on our website, these data will be subject to a verification enquiry. We have commissioned Stiftung gGmbH with operating our website and they will check the validity of the entered activating code by accessing the customer data entered during the purchase of the ticket (first and family name, city as well as e-mail address and customer number) once and storing them.

    Purpose of Processing

    The purpose of storing your customer data is to check the validity of your activation code and to guarantee access for you at all times in case you change devices or make another attempt to log in, thereby fulfilling our contractual obligation towards you. The legal basis is Art. 6 par. 1 b) GDPR.

    We will also process these data to recognise and defend our website against attempted fraud, based on Art. 6 par. 1 f) GDPR. Our aim is to protect ourselves from fraudulent access.

    We will delete or anonymise the data once they are no longer necessary for carrying out the respective contract and there is no legal obligation to preserve records.

    Comment function

    Before and during your access to the video, you have an option of posting questions or comments on the respective video’s page. If you write a comment and click “Senden”, this comment will be published immediately with your initials (e.g. “MM” for Martina Mustermann). This has the purpose of being able to trace authorship over the course of the chat. Comments are visible to all persons logged into the accessed video. In addition, a copy of your comment is sent to Staatstheater Hannover via e-mail. This is to guarantee that Staatstheater Hannover is able to fulfil its responsibility under press law and to monitor sent comments in a timely manner.

    If you use our comment function, you agree to our Netiquette. Staatstheater is entitled to delete comments at any time. All comments are deleted after the period of the video access is over.

    AirTime Tracking

    The video player used is furnished with statistics that capture AirTime – i.e. the actually minutes of film watched. At no time does this procedure create personal profiles; pseudonyms are used exclusively. The software allows us to generate non-personalised usage statistics about our video access. With this processing, we pursue our legitimate interest of improving our website as well as our marketing initiatives. Legal basis of this processing is Art. 6 par. 1 f) GDPR.

    The data processor for operating our website as well as the PayWall and access control to our fee-based video access is Stiftung gGmbH. Compliance with data protection is stipulated in the contract and checked at regular intervals. Stiftung gGmbH exclusively operates servers located in Germany.

  • Zoom

    We would like to inform you about the processing of personal data in connection with Zoom-usage in the following.

    Purpose of Processing

    We use Zoom as a tool to carry out online meetings, events and/or webinars (henceforth: online meetings). Zoom is a service of Zoom Video Communications, Inc., based in the US.

    If you access Zoom’s website, their service provider is responsible for data processing. However, accessing Zoom’s website is only necessary to download the software needed to use Zoom. You can also use Zoom by entering the respective meeting-ID and, as the case may be, other access data for the meeting directly into the Zoom-app. If you cannot or do not want to use the Zoom-app, the tool’s basic functions are also accessible via a browser version that you can also find on Zoom’s website.

    What Data will be Processed?

    Various kinds of data will be processed when you use Zoom. The range of data also depends on which data you enter before or while you take part in a meeting. In order to take part in an online meeting or enter the meeting space, you will have to at least state your name; this name can be selected freely. The following personal data are subject to processing:

    • User details: Name, e-mail address, phone number (optional), password (if “single-sign on” is not used), profile picture (optional), department (optional)
    • Meta data of the meeting: Topic, description (optional), participants‘ IP-addresses, information on device/hardware
    • Recordings (optional): We have generally deactivated the function of recording and storing online meetings via Zoom as an MP4-file or saving chats.
    • Telephone dial-up: Information on incoming and outgoing telephone number, name of the country, time of start and end. As need be, further connection data, like the device’s IP-address, may also be saved.
    • Text, audio and video files: You may have the option to use the chat, question or survey functions. To this extent, the text you have entered will be processed in order to present it during the online meeting and to possibly log it. In order to enable video presentation and audio rendering, the data of your device’s microphone and, if applicable, video camera will be processed for the duration of your meeting. You can switch off or mute your camera or microphone at any time via Zoom’s applications. 

    Scope of Processing

    We use Zoom to carry out online meetings. All participants are informed about the purpose and topic of the online meeting beforehand. Depending on the purpose of the online meeting, different deletion deadlines may apply.

    We generally do not record online meetings; otherwise we will let you know about this beforehand in a transparent fashion and – as far as required – ask for your permission. The fact that the meeting is being recorded will also be indicated in the Zoom-app.

    If it is necessary for purposes of logging the results of an online meeting, we will log chat content. But as a rule, this is not the case.

    In the case of webinars, we may process the questions posed by participants for purposes of recording and post-processing.

    If you have registered with Zoom as a user, reports on online meetings (metadata of the meeting, data on phone dial-up, questions and answers in webinars, survey function in webinars) can be saved for up to one month by Zoom.

    Automated decision-making within the meaning of Art. 22 GDPR will not be employed.

    Legal Basis of Data Processing

    In as far as personal data are processed, Art. 6 par. 1 lit. f) GDPR is the legal basis for data processing. In these cases, our legitimate interest is the effective operation of online meetings. 

    Other than that, the legal basis for data processing in the course of operating online meetings is Art. 6 par. 1 lit. b) GDPR as far as the meetings are carried out in the context of contractual relations.

    Recipient / Transfer of Data

    Personal data that are processed in the context of participating in Zoom-online meetings are generally not passed on to third parties unless they are destined to be passed on. Please note that content from online meetings or personal meetings for purposes of discussion often serves precisely to communicate information to customers, interested or third parties, and is thus destined to be passed on.

    Other recipients: The provider of Zoom will necessarily be made aware of the data mentioned above, as far as this is stipulated within the context of our data processing contract with Zoom.

    Data Processing outside the European Union

    Zoom is a service rendered by a provider from the US. Personal data processing will thus also occur in a third country. Our data processing contract with Zoom complies with the requirements of Art. 28 GDPR. 

    An appropriate level of data protection is guaranteed by the conclusion of so-called EU standard contractual clauses. As an additional protective measure, we have designed our Zoom-configuration in a way that lets us operate our online meetings via our own connecting servers, which are exclusively located in EU-datacentres: After log-in or, respectively, authentication via Zoom US, the connection with the online meeting is transacted on our systems, which are operated by DTS Systeme GmbH.

  • Job Applications

    If you submit an application to a vacancy tendered by us or send us an unsolicited application, we will process your data for purposes of carrying out the application process and for decisions regarding the establishment of an employment relationship. The legal basis for processing is § 26 BDSG and secondarily Art. 6 par. 1 f) GDPR.

    If we should be unable to consider your application, we will delete your application including all submitted documents two months after our rejection, unless further storage is in our legitimate interest in order to be able to prove compliance with legally binding duties, e.g. according to the General Equal Treatment Act (GETA). In these cases, deletion occurs when these reasons no longer exist. Legal basis for prolonged storage is § 26 BDSG and secondarily Art. 6 par. 1 f) GDPR.

    By withdrawing your application, you can object to further processing of your data at any time.

    If we enter into an employment relationship with you, we will inform you about processing of your data and your rights on a separate occasion.

  • Supplier and Invoice Data

    In the context of handling supplier contracts, we collect contact data (first and family name, postal address, e-mail address, telephone number, tax number) and bank details. Supplier data are primarily business-oriented and therefore not subject to data protection laws. As far as natural persons are concerned by this, we will process these data on the basis of the respective contract for the lawful transaction according to Art. 6 par. 1 lit. b) GDPR and will delete the data following the legal periods for preserving records, which according to trade and tax regulation is usually after ten years.

  • Your Rights

    Right of Information

    According to Art 15 GDPR, you have the right to demand confirmation on whether we process your personal data. If this is the case, you have the right to information about these personal data and to the information detailed in Art. 15 GDPR.

    Right to Correction

    According to Art. 16 GDPR, you have the right to demand immediate correction of incorrect personal data that refer to you. With consideration of the purposes of processing, you also have the right to demand the completion of incomplete personal data, also by means of a complementing declaration.

    Right to Deletion

    You have the right to demand that personal data that refer to you are immediately deleted. We are obliged to delete personal data immediately as long as one of the reasons detailed in Art. 17 GDPR applies. For details, please see Art. 17 GDPR.

    Right of Restriction of Processing

    According to Art. 18 GDPR, you have the right to demand a restriction of the processing of your personal data under certain conditions. 

    Right of Data Portability

    In certain cases detailed in Art. 20 GDPR, you have the right to obtain your personal data in a structured, established and machine-readable format, or respectively to demand the communication of these data to another responsible party with no hindrance from our side, as long as the processing is based on agreement according to Art. 6 par. 1 a) GDPR or Art. 9 par. 2a) GDPR or on a contract according to Art. 6 par. 1b) GDPR, and the processing occurs by means of automatic procedures.  

    Right of Objection

    According to Art 21 GDPR, if data is collected on the basis of Art. 6, par. 1 p. 1 lit. e) or f), you have the right to object to the processing these data; this also applies to any profiling based on these regulations.

    Should we process your personal data for purposes of direct marketing, you have the right to object to the processing of your personal data for purposes of such marketing at any time; this also applies to profiling if it is connected to such direct marketing.

    If you would like to exercise one of your rights, please contact us as the responsible party at the contact data stated above or use one of the other suggested ways of sending your message to us. If you have any questions, please contact us at

    Your Right of Complaint with a Supervisory Authority

    According to Art. 77 GDPR, you have the right to register a complaint with the supervisory authority, irrespective of any other legal redress concerning administrative or general law. This law applies especially in the member state of your residence, your workplace or the location of the alleged infraction, if you should be of the opinion that the processing of your personal data is in breach of the GDPR.

    The postal address of the state representative for data protection in Lower Saxony is: Prinzenstraße 5, 30159 Hannover.