Data protection declaration for website visitors of JOKE Event Austria GmbH
according to Art. 13 and 14 of the General Data Protection Regulation

1. Introduction
This privacy policy provides you with information about which personal data we process when you visit our website, contact us, receive our newsletter, use our services and browse our online presence.
JOKE Event Austria GmbH, Albertgasse 35 in 1080 Vienna, Austria (hereinafter "JOKE Event") is responsible for the website. Any processing of data takes place exclusively in accordance with the relevant legal regulations, in particular the General Data Protection Regulation (GDPR), the Data Protection Act (DSG) and the Telecommunications Act 2021 (TKG) in the currently applicable version.
If you have any questions about the processing of your personal data, please contact the address below or send an email to privacy@joke-event.de.

2. General information on data protection

2.1. Name and contact details of the person responsible:
JOKE Event Austria GmbH
Albertgasse 35
1080 Vienna
Austria
(hereinafter "JOKE Event")
Tel.: + 43 664 80 900 500
E-Mail: kontakt@joke-event.at

2.2. Personal data and general information
Personal data is all data that contains information about personal or factual circumstances, such as name, address, e-mail address, telephone number, date of birth, age or gender.
We collect, process and store your personal data when you visit our website in order to enable you to contact us and to justify and carry out the audit and certification process. We not only process data that we collect from you ourselves, but also receive from third parties involved (Article 14 GDPR). This is generally only processed and stored to the extent that this is necessary to fulfil the contractual and/or legal obligations under Article 6 Paragraph 1 Letters b and c of the GDPR or if we have obtained your consent to process your personal data in advance under Article 6 Paragraph 1 Letter a of the GDPR. If processing is necessary to protect our legitimate interests or those of a third party, such as our partners in particular, and if this does not outweigh your interest in confidentiality, we base the processing of your personal data on Article 6 Paragraph 1 Letter f of the GDPR. Under certain circumstances, “sensitive” data, such as data relating to criminally relevant conduct in accordance with Article 10 of the GDPR, may also be processed, in particular to assert, exercise or defend legal claims within the framework of the contractual relationship. If this is the case, we base the processing on the legal basis of Art. 9 (2) (f) GDPR, among others. We delete or store your personal data in a way that is protected from access as soon as the purpose of the processing no longer applies, provided that we as the responsible party have not been legally obliged to store the data beyond the period for which the purpose was fulfilled. Furthermore, we reserve the right to store your personal data for as long as specific legal claims are asserted against us.

2.3. Technical and organizational security measures
We use the latest security technologies to protect the confidentiality, integrity and availability of your personal data. Our website therefore uses so-called SSL or TLS encryption (Secure Sockets Layer / Transport Layer Security). You can recognize an encrypted connection by the address line of your browser, which changes from "http://" to "https://", and by the lock symbol in the browser line. If encryption is activated, the data you send to us cannot be read or manipulated by third parties.
In addition, we have taken comprehensive technical and organizational precautions to protect your personal data from unauthorized access, misuse, loss and other external disruptions. To this end, we regularly review our security measures and adapt them to the state of the art. If you have any questions about encryption or our security measures, please do not hesitate to contact us at privacy@joke-event.de.

3. Processing activities
We process your data for the following purposes:

3.1. Contact
When contacting us, it is necessary to process your personal data, especially if you are interested in our event services and event concepts, as well as if you have enquiries about our service portfolio or in the course of applications for advertised positions.

3.1.1. Scope of data processing
For the purpose of contacting you, we process your personal data only to the extent necessary to process your contact request. This includes in particular the personal data that you send us via our various communication channels or that is necessary to process your request. If you already provide us with information about yourself or your company here, we collect, generate and store the personal data only to the extent necessary to comply with our legal and contractual obligations. If we obtain data from other sources, this is stated below.

3.1.2. Purpose of processing
We process your data solely for the purpose of facilitating your communication with us. We use automated systems for this purpose. We have, of course, taken all technical and organizational measures to ensure the security of your data.

3.1.3. Legal basis for data processing
For inquiries related to our service portfolio, event concepts and our job advertisements, the processing of personal data for this purpose takes place in fulfillment of our (pre-) contractual obligations in accordance with Art. 6 Para. 1 lit. b GDPR. If you send us a general inquiry, we process the data based on our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR.

3.1.4. Recipient of the data
We will transmit your data to the following recipients for the purpose of contacting you:
• In the case of applications: We use the recruiting and personnel management software Personio (Personio GmbH & Co. KG, Rundfunkplatz 4, 80335 Munich, Germany) to process applications for advertised positions. The data you submit as part of the application process is stored and processed in Personio in order to make the application process efficient.

Furthermore, if there is reasonable suspicion of abusive behavior, we reserve the right to forward the data collected for this purpose to the relevant authorities and courts, as well as to our legal representatives and insurance companies and to all other recipients specifically required in individual cases. This is done due to our legitimate interest in proper legal prosecution in accordance with Art. 6 (1) (f) GDPR.

3.1.5. Storage period
In principle, personal data is stored until your request has been processed, unless it is required for the further course of a business relationship. Application documents are stored for a period of six months after the application process has been completed and then deleted. In the event of a hiring, the statutory retention periods apply. If we have reasonable grounds to suspect abusive behavior and forward the data to the responsible public authorities, this data is stored on a separate data medium and deleted after the legal proceedings have ended. If you have any questions about the specific retention period for your personal data, please do not hesitate to contact us at the address provided or by email at privacy@joke-event.de.

3.1.6. Further processing of the data
Further processing may occur in the case of commissioning event services and the resulting contract management, creditor and debtor management as well as applications in human resources management. Please contact us for further information at privacy@joke-event.de.

3.1.7. Automated decision-making
The data processed within the scope of this processing activity will not be used for automated decision-making, nor will we carry out so-called “ profiling ”.

3.2. Visit to our website
When you visit our website, personal data is processed.

3.2.1. Scope of data processing
When you access our website, we automatically collect and store information in so-called server log files, which your browser automatically transmits to us. This is:
• Browser type
• Browser version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Date and time of the server request
• Your IP address

3.2.2. Purpose of data processing
We process this data for the purposes of logging system usage, the authorization process and evaluating server log files for problem analysis. If you do not provide us with your data, it may be the case that access is not possible.

3.2.3. Legal basis for data processing
Processing the data mentioned is in our legitimate interest as the operator of the website. In principle, the individual data sets are not merged, but we reserve the right to check the data if we become aware of concrete evidence of illegal use, in particular malicious attacks.
You can object to the processing of your personal data at any time by stating your reasons by sending an email to privacy@joke-event.de.

3.2.4. Recipient of the data
To operate our website, including hosting, and to ensure the security of our IT systems, we use service providers who may have access to your personal data as part of their work. Sub-service providers may be used if necessary. To the extent that these service providers may have access to your personal data, they will process your data within the framework of order processing agreements (Art. 28 GDPR). The service provider is contractually obliged to always protect your personal data, to take appropriate technical and organizational measures with regard to the security of the data and under no circumstances to process your data for their own purposes or to pass it on to third parties.

In this context, we may transfer your personal data to processors or sub-processors in countries outside the European Union ("EU") and the European Economic Area, namely to the USA. These data transfers are based on the EU Commission's adequacy decision of July 10, 2023 (C(2023) 4745). Our service providers are certified under the Data Privacy Framework.
Furthermore, we reserve the right to forward the data collected for this purpose to the relevant authorities and courts if there is reasonable suspicion. This is done due to our legitimate interest in proper legal prosecution in accordance with Art. 6 (1) (f) GDPR.
Your personal data will not be transferred to third countries.

3.2.5. Storage period
The data collected here is rotated daily and automatically stored for a period of 30 days after a one-day retention period . If we have reasonable grounds to suspect abusive behavior and forward the data to the relevant public authorities, this data is stored on a separate data medium and deleted after the legal proceedings have been concluded.

3.2.6. Further processing of the data
The data processed for this purpose will be further processed within the framework of our IT security if there is reasonable suspicion.

3.2.7. Automated decision-making
The data processed when you visit our website is neither used for automated decision-making, nor do we carry out so-called “ profiling ”.

3.3. Corporate communications
Your data is jointly responsible according to Art. 26 GDPR with the respective platform operator. These are:
• Facebook, operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour , Dublin 2, Ireland;
• Instagram, operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour , Dublin 2, Ireland;
• LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ( “ LinkedIn” );
• Youtube , operated by Google Ireland Ltd., Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, affiliate of Google, Inc. in the USA (“YouTube”)
• Xing, operated by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany (“Xing”)
We expressly point out that we only have access to the data that you as a user have made available to these platforms. Despite joint responsibility, we have no influence on any evaluations, transmissions, in particular to the parent companies of the social networks in third countries or other processing of your data for other purposes. If you have any questions about the processing of your data that go beyond the purpose stated here and/or to assert your rights, please contact the respective platform operator. We would be happy to support you with this; please contact us at privacy@joke-event.de.
Further information on the processing of your data and the content of the Joint Controller Agreement can be found at
• Facebook & Instagram:
https://www.facebook.com/about/privacy
• LinkedIn:
https://www.linkedin.com/legal/privacy-policy
• Youtube:
https://www.google.de/intl/de/policies/privacy
• Xing:

https://privacy.xing.com/de/datenschutzerklaerung

• Vimeo:

https://vimeo.com/privacy

3.3.1. Scope of data processing
We operate “fan pages” on various social media platforms for corporate communications. As part of our corporate communications, the personal data you provide on the social media platforms is processed when you interact with us via these channels. This is usually:
Surname, first name, title, gender, telephone and fax number and other information required for addressing that arises through modern communication technologies, online identity of the respective social media platform (user name, photo, avatar, logo), published and unpublished contributions to the social media presence (e.g. comments, inquiries, ratings [e.g. "likes"], photos, videos, etc.), public and non-public reactions to our contributions (replies, comments, etc.), logging of inquiries and correspondence via social media channels, content and time of creation of the protocol, other response behavior to activities (positive reaction to contributions).

3.3.2. Purpose of data processing
The purpose of data processing is to enable simple and uncomplicated correspondence through our online presence and to inform you about our services. You can contact us via direct messages, the like function or the comment function. When you contact us, we will only see the data that you have stored on your profile. We would like to point out that your comments and likes will be stored indefinitely unless you delete them and can be viewed by other users.

3.3.3. Legal basis for data processing
We process your personal data within the scope of our legitimate interests according to Art 6 Para 1 lit f GDPR in order to enable quick and easy correspondence.
If you do not want us to process your data, we ask you not to interact with our posts.
If you have already done so, you can object to the processing of your data at any time, stating your reasons. Please send us an email to privacy@joke-event.de.

3.3.4. Recipient of the data
We will not transmit your data to any other recipients. The extent to which your data is transmitted by the social media platforms as part of the joint responsibility depends, among other things, on your privacy settings . We would also like to point out that when you use social media, even if you are not logged in, data is processed by the operator of the relevant platform and may be transmitted to third parties based in a third country, in particular the USA. The level of data protection in the USA does not correspond to the European data protection standard, and access by the US authorities may occur. We have no influence on this. You can find further information on this under the above links to the data protection provisions of the respective platforms.

3.3.5. Storage period
Your direct messages to us are stored for a period of 1 year after the last contact. We have no influence on the storage period of your further interactions, such as comments and likes in particular. If you would like this data to be deleted, we ask you to remove this interaction via your account. If you need support with this, we are available at privacy@joke-event.de.

3.3.6. Further processing of the data
The data will not be further processed for any other purpose.

3.3.7. Automated decision-making
The data mentioned will not be processed for automated decision-making, nor will we carry out so-called “ profiling ”.

3.4. Fan page and company profile
facilitate communication and interaction with visitors to our website and our social media presence, we operate a so-called fan page on the social media platform Facebook, operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We also use Instagram, operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland and LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). We also operate a channel on the video platform YouTube , operated by Google Ireland Ltd., Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, an affiliate of Google Inc. in the USA.

3.4.1. Facebook
The operation of the fan page and in particular the use of “Facebook Insight” results in a joint processing of data in accordance with Art. 26 GDPR by us and by Meta Platforms Ireland Ltd for the purpose of improving marketing and evaluating it through Meta Platforms Ireland Ltd.
Furthermore, the setting of so-called "third party cookies" enables Facebook to provide us with statistics that we can use to control and improve the marketing of our activities. This is done within the scope of our legitimate interests according to Art. 6 para. 1 lit f GDPR. Cookies are small text files that are stored by Meta Platforms Ireland Ltd via your browser to your device and stored there, regardless of whether you are a registered user of the platform or not. The information that the Meta Platforms Ireland Ltd are called up again on subsequent visits to the social media platform and therefore make it possible to recognize your device. The information stored in the cookies is received, recorded and processed by the operator of the social media platform with direct personal reference.
The one from Meta Platforms Ireland Ltd are stored for up to two years after they are set or updated, but can be deleted at any time. You can also prevent the installation of cookies by setting your browser accordingly. Further information about the transmission of your data by Facebook, including to third countries, can be found in the privacy policy at https://www.facebook.com/privacy/explanation . Information about cookies can be found in the Cookie Policy at https://www.facebook.com/policies/cookies/.
Please note that despite joint responsibility, we have no influence on the manner in which the data is collected, made available and processed, receive an evaluation exclusively in anonymized form and therefore cannot transmit it to third parties.
We receive the following information after statistical evaluation by Meta Platforms Ireland Limited:
Information about people:
People who have subscribed to our Facebook page: gender, age, place of residence and language.
Reach of posts:
People who saw our post within the last 4 weeks.
Social Interactions of People:
People who have liked , tagged, commented on, shared or otherwise interacted with our posts within the last 4 weeks.
Information about subscribers:
Total number of visitors to our Facebook page, number of new subscribers, demographic information or subscribers by origin (country, city, location), gender, age and language.
Information about visitors:
Page and tab views: Information on how often each tab and each button (e.g. website, telephone number, “Plan route” button) on our fan page was displayed or clicked.
Visitor behavior:
Information about whether the visitor hovers over the name or profile picture of the fan page to see a preview of the page content, as well as information about whether the fan page visitor is logged in on a computer or mobile device.
External links:
Information on how often people came to our fan page via a link from a website outside of Facebook.
Information about contributions:
Visitors' online behavior: Information about when people who like our page are on Facebook.
Beitragsarten:
Informationen über den Erfolg der einzelnen Beitragsarten auf Grundlage der durchschnittlichen Reichweite und Interaktion, beliebteste Beiträge von Seiten, die wir im Auge behalten: Anzeige von Interaktionen zu Beiträgen von Seiten, die wir im Auge behalten.
Interactions with our videos:
Video views: Information about how often a video we shared was viewed for more than 3 or 30 seconds. Top videos: Information about the videos on our fan page that were viewed the most for at least three seconds.
Reach:
Post reach: Number of people broken down by paid and organic reach, Positive interactions: Likes, comments, shares and recommendations, Negative interactions: Hidden posts, reported as spam, unlikes, number of fan page subscribers, Total reach: Number of people who saw an action from our page.
Further information about the evaluation of your data can be found at https://de-de.facebook.com/legal/terms/information_about_page_insights_data.

3.4.2. Instagram
As with Facebook, the operation of the fan page results in joint processing of data in accordance with Art. 26 GDPR by us and by Meta Platforms Ireland Ltd as operator of Instagram for the purpose of improving marketing and evaluations thereof by Meta Platforms Ireland Ltd.
Furthermore, the setting of so-called "third party cookies" enables Instagram to provide us with statistics that we can use to control and improve the marketing of our activities. This is done within the scope of our legitimate interests according to Art. 6 para. 1 lit f GDPR. Cookies are small text files that are stored by Meta Platforms Ireland Ltd via your browser to your device and stored there, regardless of whether you are a registered user of the platform or not. The information that the Meta Platforms Ireland Ltd are called up again on subsequent visits to the social media platform and therefore make it possible to recognize your device. The information stored in the cookies is received, recorded and processed by the operator of the social media platform with direct personal reference.
The one from Meta Platforms Ireland Ltd. are stored for up to two years after setting or updating when the fan page is accessed, but can be deleted at any time. In addition, you can prevent the installation of cookies by setting your browser accordingly. For more information about the transmission of your data by Instagram, including to a third country, please refer to the Instagram privacy policy at the following link: https://help.instagram.com/519522125107875.
We receive the following information via our Instagram channel after statistical evaluation by Meta Platforms Ireland Limited:
Information about people:
People who visit our Instagram page: gender, age range and location.
Information about visitors:
Total number of likes and subscribers, number of new subscribers, demographic information of subscribers by origin (country, city, location), gender, age and language.
Information about contributions:
Post Types: Information about the success of each post type based on average reach, comments and interaction.
Interactions with our videos:
Video views: Information about how many times a video we shared was viewed for more than 3 or 30 seconds.
Reach:
Post reach: Number of people broken down by paid and organic reach, Positive interactions: Likes, comments, shares and recommendations, Negative interactions: Hidden posts, reported as spam, unlikes, number of fan page subscribers, Total reach: Number of people who saw an action from our page.

3.4.3. LinkedIn
As with Facebook, data is processed jointly by us and Google Ireland Ltd in accordance with Art. 26 GDPR for the purpose of improving marketing and statistical evaluations thereof by LinkedIn Corporation, regardless of whether you are a registered user of the platform or not.
Please note that despite joint responsibility, we have no influence on the manner in which the data is collected, made available and processed, receive an evaluation exclusively in anonymized form and therefore cannot transmit it to third parties.
We receive the following information after statistical evaluation by LinkedIn:
Information about people:
Followers: Information on location and country of access, career level, industry, company size, field of activity.
People reached: People for whom our post was published in the last 28 days.
People who interact: People who have liked, commented, shared, or otherwise interacted with our posts in the last 28 days.
Information about followers:
Total number of followers, number of new followers in the last 28 days.
Information about visits:
Information on how often each post was clicked, information on which device the followers use to access the profile, percentage comparison to the previous day's accesses
Information about contributions:
Followers' online behavior: average reach and interaction broken down by paid and organic reach

3.4.4. Youtube
As with the other social media platforms, data is processed jointly by us and Google Ireland Inc. in accordance with Art. 26 GDPR for the purpose of improving marketing and statistical evaluations of this by Google Ireland Inc., regardless of whether you are a registered user of the platform or not. We expressly point out that we only have access to the data that you as a user have made available. Despite joint responsibility, we have no influence on any evaluations, transmissions, in particular to the parent company in third countries, or other processing of your data for other purposes. If you have any questions about the processing of your data that go beyond the purpose stated here and/or to assert your rights, please contact the platform operator. We would be happy to support you with this; please contact us at privacy@joke-event.de.
Further information on the processing of your data and the content of the Joint Controller Agreement can be found at https://www.google.de/intl/de/policies/privacy.
Please note that despite joint responsibility, we have no influence on the manner in which the data is collected, made available and processed, receive an evaluation exclusively in anonymized form and therefore cannot transmit it to third parties.
We receive the following information after statistical analysis by Google Ireland Ltd., provided you are logged into your YouTube or Google account: Gender, age, place of residence and language; Reach of posts: People for whom our post was published within the last 4 weeks; Social interactions of people: People who have “ liked ”, tagged, commented on or shared our posts within the last 4 weeks or have carried out other social interactions. Page and tab views: Information on how often the videos were clicked on or played in full; Visitor behavior: Information on whether the visitor hovers the mouse over the name or profile picture of the channel to see a preview of the page content or videos, as well as information on whether the visitor is logged in on a computer or mobile device, information about the users’ operating systems; External references: Information on how often people accessed our videos via a link from a website outside of YouTube . Information on when the people who liked our channel or subscribed to our content; Post types: Information about the success of each video based on average reach and interaction; Top posts from Pages we monitor: Viewing interactions on posts from Pages and channels we monitor. Video views: Information about how many times a video we shared was viewed for more than 3 or 30 seconds, information about how long a video was watched in total, information about which service the video was shared with, information about the language for video information, information about subtitles, information about how many times a video was viewed, information about the average watch time, information about the watch location; Top videos: Information about the videos most viewed for at least three seconds. Post reach: Number of people our post was delivered to, broken down by paid and organic reach, Positive interactions: Likes, comments, shares and recommendations, Negative interactions: Hidden posts, reported as spam, unliked.

3.4.5. Xing
As with the social networks mentioned above, we also operate a company profile on the Xing platform, operated by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany ("Xing"). In accordance with Art. 26 GDPR, this involves a joint processing of personal data by us and New Work SE, in particular for the purposes of improving marketing and for statistical evaluation of the use of our company profile.
Please note that despite joint responsibility, we have no influence on the manner in which data is collected, provided and processed by Xing. We only receive anonymized evaluations from Xing, for example on reach, interaction rates or demographic characteristics of users, which help us to optimize our content and offers.
The following information may be available to us after a statistical evaluation by Xing:
Information about followers/visitors:
Total number of profile visitors, new followers, approximate demographic information (career level, industry, company size, location), without us being able to draw conclusions about individual people.
Interactions with posts:
Information about how often posts were viewed, commented on, shared or liked in order to evaluate the reach and relevance of our content.
Access information:
Information about which devices or regions are used to access our Xing profile.
Further information about data processing by Xing and its data protection regulations can be found at: https://privacy.xing.com/de/datenschutzerklaerung.

3.4.6. Vimeo
In addition, we use a channel on the video platform Vimeo, operated by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA ("Vimeo"). As with the previously mentioned video platforms (e.g. YouTube), we and Vimeo also jointly process personal data in accordance with Art. 26 GDPR in order to improve our marketing and obtain statistical evaluations of the use of our videos.
Here, too, we expressly point out that, despite joint responsibility, we have no influence on the type and extent of data collection, provision and processing by Vimeo. We only have anonymized statistics available, for example on the number of video views, average playback time, interactions (likes, comments) or geographical information on the views.
We may receive the following information after statistical evaluation by Vimeo:
Reach and usage statistics:
Number of views, average playback time, video sequences viewed, retrieval locations (countries, regions), devices used (desktop, mobile).
Interactions:
“Likes”, comments and shared content, whereby this information is usually in a non-personal, aggregated form.
For further information on data processing by Vimeo, including possible data transfers to third countries and the exercise of your rights as a data subject, please refer to Vimeo's privacy policy at: https://vimeo.com/privacy.
Please note that we have no influence on the setting of cookies by Vimeo or on the extent of data collection or processing. We also do not receive any personal data that could be used to identify a specific person. If you have any questions about the further processing of your data, please contact the respective platform operator directly. We will be happy to support you if required. Please contact us at privacy@joke-event.de.

3.5. Statistical analyses with Google Analytics

3.5.1. Scope of data processing
We use the web analysis service Google Analytics on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your device and enable an analysis of your use of the website. The information on your use generated by the cookie is usually transferred to a Google server in the USA and stored there.
We have activated IP anonymization on our website so that your IP address is shortened within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The following personal data is processed within the framework of Google Analytics: IP address (anonymized), geographical location, browser type and version, operating system, referrer , duration of visit, page views and navigation paths of the website as well as information about the time, frequency and pattern of your use.

3.5.2. Purpose of data processing
We process data from our website users using Google Analytics to measure the reach of our website, analyze visitor numbers, determine the success of our marketing campaigns via online platforms, improve the user-friendliness of the website and optimize its content. By evaluating interactions with our website, we can identify which content is particularly relevant to our users and continually tailor our offering to their needs.

3.5.3. Legal basis for data processing
The processing of your personal data by Google Analytics is based on your consent in accordance with Art. 6 (1) (a) GDPR, provided that you have given your consent via our cookie banner or a corresponding opt -in tool.
Google Analytics will not be used without your consent. You can withdraw your consent at any time with effect for the future by changing your settings in our cookie banner or by installing a corresponding browser add-on from Google to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout.

3.5.4. Empfänger der Daten
Im Rahmen der Nutzung von Google Analytics werden die erzeugten Informationen in der Regel an Server von Google in den USA übertragen. Google kann dabei als Auftragsverarbeiter auftreten und Ihre Daten gegebenenfalls an Dritte weitergeben, sofern dies gesetzlich vorgeschrieben ist oder soweit Dritte diese Daten im Auftrag von Google verarbeiten.
Bitte beachten Sie, dass in den USA möglicherweise kein der DSGVO entsprechender Datenschutzstandard besteht und US-Behörden unter Umständen Zugriff auf Ihre Daten nehmen können. Wir haben keine Einfluss auf diese Verarbeitungsvorgänge. Um den Schutz Ihrer Daten zu gewährleisten, haben wir mit Google einen Vertrag zur Auftragsverarbeitung nach Art 28 DSGVO geschlossen und setzen – soweit technisch möglich und verfügbar – von Google bereitgestellte EU-Standardvertragsklauseln ein, um ein angemessenes Datenschutzniveau herzustellen.

3.5.5. Further processing of the data
The data collected as part of Google Analytics is used exclusively for the purposes stated under point 3.5.2. We do not process the data for purposes other than those stated. Google itself can use the data to improve its own services, but is also bound to the purposes stated within the framework of joint responsibility and the agreements concluded with us. For further information that goes beyond the processing described by us, please refer to Google's privacy policy: https://policies.google.com/privacy.

3.5.6. Automated decision-making
We do not use the data collected as part of Google Analytics for automated decision-making within the meaning of Art. 22 GDPR. Profiling that would have legal or similarly significant consequences for you does not take place either. The evaluation of your usage data is purely statistical in order to improve our online offering for you and adapt it to your interests.

4. Rights of those affected
As a person affected by our data processing, you generally have the following rights:

4.1. Right to information
You have the right to request information at any time and informally about which data concerning you is processed by us as the responsible party - together with further information such as the purposes of processing and recipients, information about the origin of the data and information about automated decision-making including the logic involved. Furthermore, you have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization, including the right to be informed about the appropriate guarantees for this in accordance with Art. 46 GDPR.

4.2. Right to rectification and right to restriction of processing
You can request that incorrect or incomplete data be corrected or completed. You also have the right to request that the processing of data be restricted so that it may only be processed with your consent or for the establishment, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest, for example if the accuracy of the data is contested.

4.3. Right to data portability
You can request that you - or, if technically feasible, an identifiable third party - be provided with a copy of the data that has been made available to us in a structured, common and machine-readable format.

4.4. Right to erasure
You may request that your data be deleted under certain circumstances, for example if it is not processed in accordance with data protection regulations.

4.5. Right to object
You have the right to object to the processing of your personal data at any time, stating your reasons. In this case, we will no longer process the personal data concerning you unless we can provide and demonstrate compelling legitimate grounds for the processing that outweigh your interests, or the processing serves to assert, exercise or defend legal claims.

4.6. Right to withdraw your consent
If we have obtained your consent in advance to process your data in accordance with Art. 6 Paragraph 1 Letter a of GDPR, you have the right to revoke your declaration of consent under data protection law at any time and without giving reasons by sending an email to privacy@joke-event.de . The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. We will delete your data immediately unless legal provisions require retention.

4.7. Right to complain
If you believe that the processing of your data violates your right to confidentiality or that your data protection rights have otherwise been violated in any way, you can complain to the responsible supervisory authority. In Austria, the competent authority is
Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna.
This does not affect the possibility of filing an action before the regional court in accordance with Section 29 Paragraph 2 of the Data Protection Act and any other legal remedies, such as in particular the assertion of claims for damages in the event of unlawful processing.

5. Adaptation of the privacy policy
We reserve the right to adapt this privacy policy at any time in compliance with the applicable data protection regulations. Users are requested to regularly inform themselves about the content of the privacy policy.
(as of December 2024)