Privacy for OSC forms and inquiries.

Privacy policy

Status: 18 June 2024. SupraTix GmbH takes the protection of personal data seriously. Personal data means information that can be related to you personally, for example name, address, email address or usage behaviour.

When you visit the website, personal data may be collected and processed in accordance with applicable data protection law. The policy explains which data is collected during use of the online offering and how that data is used.

The online offering may be used by children under 16 only with separate consent from a legal guardian. Requests for the required form can be sent to datenschutz@supratix.com.

The terms personal data and processing are used within the meaning of Article 4 GDPR.

Controller and privacy contact

For privacy questions at SupraTix GmbH, Tobias Göcke can be reached at the address above and by email at datenschutz@supratix.com.

Types of data and purposes

The source policy names inventory data, contact data, content data, contract data, payment data, meta communication data and usage data.

Examples include name, username, address, birthday, organization, email address, phone number, text entries, programming work, imports, uploads such as images, videos and PDFs, product use, contract details, payment history, IP address, account activity, language settings, browser data, competencies and task activity.

Processing may serve contact handling, service delivery, contractual processing, security, technical operation, communication, organizational procedures, newsletter delivery and the provision of the online offering.

Processors, third parties and third countries

If SupraTix GmbH discloses data to processors or third parties, transmits data to them or otherwise grants access, this is done only on the basis of legal permission, consent, a legal obligation or legitimate interests.

Processors are engaged on the basis of a data processing agreement under Article 28 GDPR.

Transfers to third countries outside the European Union or the European Economic Area take place only where legally permitted. The source policy also names Privacy Shield and standard contractual clauses as safeguards used in the stated source context.

Legal bases and security

The legal bases named in the source policy include consent under Article 6(1)(a) and Article 7 GDPR, contract performance and pre-contractual steps under Article 6(1)(b) GDPR, legal obligations under Article 6(1)(c) GDPR, legitimate interests under Article 6(1)(f) GDPR and vital interests under Article 6(1)(d) GDPR.

SupraTix GmbH uses technical and organizational security measures to protect personal data against misuse, loss, destruction and unauthorized access.

Contact, deletion and rights

If you contact SupraTix GmbH by email or online contact form, the submitted data is stored to answer the request. Related data is deleted when storage is no longer required, unless statutory retention duties apply.

The source policy names the rights of access, rectification, deletion, restriction of processing, objection to processing and data portability. Data subjects may also complain to a data protection supervisory authority.

Processed data is deleted or restricted under Articles 17 and 18 GDPR when it is no longer required and no statutory retention duties prevent deletion. Commercial and tax retention duties may require six or ten years of storage.

Newsletter and cookies

Newsletters and electronic notifications with advertising information are sent only with recipient consent or another legal permission. Registration uses a double opt-in procedure and logs registration and confirmation times as well as IP address.

The website may use cookies. Some cookies are session cookies and are deleted after the visit. Other cookies may remain on the device until they are deleted. Browser settings can restrict or block cookies, but some website functions may then be limited.

Named services

Amazon Web Services

The source policy names Amazon Web Services, Inc. for services including S3, CloudFront, Lambda, EC2, Application Load Balancer, Elastic Cache, Elastic Transcoder, SNS and SQS, based on legitimate interests and a data processing agreement.

DATEV eG

The source policy names DATEV eG for CRM and accounting software, based on legitimate interests and a data processing agreement.

Creditreform Boniversum GmbH

The source policy names Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, for credit checks in contractual contexts and where a legitimate interest exists.

Advertising objection

The use of contact data published under legal notice obligations for sending unsolicited advertising and information material is rejected. The site operators reserve the right to take legal action in the event of unsolicited advertising information, such as spam emails.

OSC-specific addendum

This addendum covers public OSC forms, optional PDF uploads, the strategy form and web analytics on the OSC pages.

Public OSC forms

Contact, participation and strategy requests are processed to handle the request. Required fields are limited to what is needed for initial classification.

Optional PDF uploads

One PDF file can be submitted voluntarily, up to 10 MB. It is used only to review and process the request.

Strategy form

The strategy form on the OSC home page sends requests via /store/safe-contact-formular/ into the existing operator contact process.

supra_tracking and web analytics

If supra_tracking or web analytics are active, the processing is limited to the configured website analysis purpose and must remain transparent in the deployed page context.