PRIVACY POLICY
DATA PROTECTION AT A GLANCE
General Information The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to identify you personally.
Security and protection of your personal data We consider it our primary task to maintain the confidentiality of the personal data you provide and to protect it from unauthorised access. That is why we apply the utmost care and state-of-the-art security standards to ensure maximum protection of your personal data. As a private-law company, we are subject to the provisions of the European General Data Protection Regulation (GDPR).
Consent Management (Usercentrics) We use the consent management platform Usercentrics on our website (Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany). This tool allows you to grant, refuse or adjust your data protection consent for certain data processing operations (e.g. tracking pixels, cookies). Your settings are processed on the basis of Art. 6 para. 1 lit. c GDPR to fulfil our legal obligation to provide a GDPR-compliant consent management system.
Data Controller The controller for data processing on this website in accordance with Art. 4 para. 7 GDPR is:
Dabo Eventos s.l. Avenida Primado Reig, No. 129, Ent-D 46020 Valencia (Valencia), Spain Brand: BD PRODUKTION Email: tickets@bdproduktion.de
ABOUT THE ORGANISER AND THE GROUP
BD PRODUKTION is a brand of Dabo Eventos S.L. and part of the international BD Events Group, which specialises exclusively in organizing professional tours. Our group operates across Europe under various brands to ensure optimal service in each country:
Germany & Austria: BD PRODUKTION
Romania & Netherlands: BD Events
Spain: BD Producciones
With profound expertise in high-calibre cultural events, we bring first-class productions to stages across Europe.
DATA COLLECTION WHEN VISITING OUR WEBSITE (SERVER LOG FILES)
If you use our website for purely informational purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser automatically transmits to our server. This data is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 lit. f GDPR):
IP address of the requesting computer
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each caseWebsite from which the request comes (referrer URL)
Browser used
Operating system and its interface
Language and version of the browser software
Web Hosting (Cyberfolks) Our website is hosted on the servers of Cyberfolks (Cyberfolks S.A., ul. Franciszka Krygiera 1, 70-110 Szczecin, Poland; operating in Romania through Cyberfolks S.R.L., Str. J.H. Pestalozzi 22, 300115 Timișoara, Romania). Cyberfolks provides the infrastructure and technical storage space for operating our website. When you visit our website, the server log files mentioned above are processed on Cyberfolks' European servers. We have concluded a data processing agreement (DPA) with the provider to ensure that the data processing is carried out in full compliance with the GDPR.
Contact Forms and Email Contact (Hostinger) When you contact us by email, the data you provide (your email address, and active details like your name and telephone number if applicable) will be processed on the servers of our email provider Hostinger (Hostinger International Ltd., 61 Lordou Vironos Street, 6023 Larnaca, Cyprus) and stored by us to answer your questions. We delete the data arising in this connection once storage is no longer necessary, or processing is restricted if statutory retention obligations apply (Art. 6 para. 1 lit. b GDPR).
THIRD-PARTY PROVIDERS AND TICKETING SYSTEMS (PRETIX, EVENTIM / EVENTIM.LIGHT)
Direct purchase via our website (Pretix) For direct ticket sales on our website, we use the ticketing system Pretix, provided by rami.io GmbH (pretix GmbH), Berthold-Mogel-Straße 1, 69126 Heidelberg, Germany. This is partially integrated via a JavaScript widget. When you interact with the Pretix widget or try to buy a ticket, Pretix sets necessary cookies to enable the purchase process and to save the selected tickets in your shopping cart. These cookies only become active when you interact with the widget.
Other metadata (such as IP addresses or browser information) is not stored by Pretix beyond the duration of the transaction. Use is based on Art. 6 para. 1 lit. b GDPR (performance of contract). We have concluded a data processing agreement (DPA) with rami.io GmbH. Further information can be found at: https://pretix.eu/about/en/privacy
Linking to Eventim / Eventim.Light (External redirection) On our website, there are links (buttons/links) to our ticket partners Eventim and Eventim.Light (CTS EVENTIM AG & Co. KGaA). If you click on these links, you will leave our website and be redirected directly to Eventim's external platform. From this point onwards, the data processing is outside our area of responsibility and Eventim's privacy policy applies exclusively.
Webhooks and Data Redirection To automate our processes and for error-free ticket processing, we use webhooks. In this process, order data is automatically forwarded to our internal systems or connected ticketing service providers upon a successful purchase.
ANALYTICS TOOLS AND ADVERTISING (BROWSER & SERVER-SIDE TRACKING)
In order to continuously improve our cultural offers and optimize advertising campaigns, we use advanced tracking technologies. These tools are only activated if you have given us your explicit consent via the Usercentrics cookie consent banner (Art. 6 para. 1 lit. a GDPR).
a) Google Analytics & Google Consent Mode v2 We use Google Analytics (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). In connection with Google Consent Mode v2, the system respects your choices in the consent banner. If you refuse consent, no cookies are set, but only anonymous, non-personal signals (so-called "pings") are transmitted to Google to enable aggregated conversion statistics without profiling your behavior.
b) Meta Pixel & Meta Conversions API (Server-Side Tracking) We use the Meta Pixel as well as the Meta Conversions API from Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). While the browser pixel collects data via cookies, the Conversions API enables direct server-to-server transmission. Interactions (such as viewing an event or a ticket purchase) are transmitted to Meta in pseudonymized form (SHA-256 hashed data such as email address or IP address). This serves to measure the effectiveness of our advertisements on Facebook and Instagram.
c) TikTok Pixel & TikTok Events API For the statistical evaluation of our advertising campaigns, we use the TikTok Pixel as well as the TikTok Events API (Server-Side interface) of TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland). Here, too, event data (e.g. ticket purchases) is transmitted directly from our server to TikTok, provided you have consented.
Information on Transfer to Third Countries: For all the US third-party providers mentioned (Google, Meta, TikTok), data transmission to third countries takes place on the basis of EU Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.
DISTANCE CALCULATION AND LOCATION-BASED RECOMMENDATIONS (GEOLOCATION)
a) Automatic distance calculation and use of the external service ipapi.co To make it easier for you to navigate our website and to automatically display the closest dates of our tour, our website determines your approximate location when you access it. For this purpose, your IP address is transmitted in real time to the external service provider ipapi.co (Kloudend Inc., located at 548 Market St, San Francisco, CA 94104, USA). ipapi.co analyses the IP address at the moment of the page view to derive the country and city, and provides us with this purely geographical data. On this basis, our website calculates the approximate distance (in kilometres) to the respective venues.
The IP address is only processed by ipapi.co for this temporary real-time query and is not permanently stored or logged there. Since the processing is carried out by a provider in the USA, the transfer of data is based on recognized data protection guarantees (such as the EU Standard Contractual Clauses).
The legal basis for this processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR in order to provide you with relevant, regionally optimized event information and correct ticket options.
b) Precise location query via the browser ("Find precise location") If the automatic assignment via the IP address is inaccurate, you have the option of having your exact location corrected manually. This only happens if you actively click on the "Find precise location" link or button provided on the website. This activates the geolocation interface of your browser (HTML5 Geolocation API).
In this case, your browser will ask you in a separate pop-up window whether you want to allow the website to access your exact location. This precise location determination is therefore based exclusively on your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. The GPS or network coordinates transmitted in this way are only used for the current session for a one-off recalculation and are discarded afterwards.
c) Storage duration and local browser storage (Session Storage) The data processed as part of the geolocation (both the rough location data determined via ipapi.co and the precise location data shared via the browser interface) are only used temporarily for the duration of your current website visit. To avoid unnecessary server queries with every page change, these coordinates are stored purely locally in the temporary storage of your browser (Session Storage).
As soon as you close the browser tab or the website, this memory is automatically completely deleted. We do not store this location data permanently on our servers at any time, do not combine it with other personal data, and do not create movement profiles.
d) Withdrawal of consent and right to object You can object to the automatic geolocation via your IP address for future visits by blocking the use of scripts or using a VPN service. Once consent has been given for precise location determination via the browser, you can withdraw it at any time with effect for the future by permanently withdrawing location sharing for our domain in the security settings of your respective browser or by clearing the browser cache.
RIGHTS OF THE DATA SUBJECT (YOUR RIGHTS)
Within the framework of the applicable legal provisions (GDPR), you have the following rights at any time regarding your personal data:
Art. 7 para. 3 GDPR (Withdrawal): You can withdraw consent once given to us at any time.
Art. 15 GDPR (Information): You have the right to request information about your personal data processed by us.
Art. 16 GDPR (Rectification): You can immediately request the correction of incorrect or completion of your data stored by us.
Art. 17 GDPR (Erasure): You have the right to request the deletion of your personal data stored by us ("right to be forgotten").
Art. 18 GDPR (Restriction): You can request the restriction of the processing of your data.
Art. 20 GDPR (Data Portability): You have the right to receive your data in a structured, commonly used and machine-readable format.
Art. 21 GDPR (Right to Object): If your data is processed on the basis of legitimate interests (Art. 6 para. 1 lit. f GDPR), you have the right to object to the processing.
Art. 77 GDPR (Right of Complaint): You have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
For questions or to exercise your rights, you can contact us at any time at tickets@bdproduktion.de.