Privacy policy

In this privacy statement, we explain which personal data (hereinafter also referred to as “data”) we process, for what purposes we do this and to what extent the processing takes place. This information applies to all processing of personal data that is related to our services and our online presence. This includes, in particular, our websites, mobile applications and our appearances on external platforms, for example in social networks (hereinafter collectively referred to as the “online offerings”). All terms used apply equally to all genders.

This privacy policy applies to all websites and online offerings operated by us on which it is published. It provides information on the processing of personal data in the context of the use of these online offerings. Linked websites of other providers are subject to their own privacy policies. We have no influence on the data processing by third parties on external websites.

Responsibility for the processing of your personal data in connection with this online offering lies with the following company. It decides on the purposes and means of data processing:

PACT Zollverein
Choreographisches Zentrum NRW Betriebs GmbH
Bullmannaue 20a
45327 Essen
Fon +49 (0)201.289 47 00
info@pact-zollverein.de

Data protection officer

Our data protection officer is available as your contact person for all questions relating to the protection of your personal data and the exercise of your data protection-related rights:

DATENDO GmbH
Hohenzollernring 55
50672 Cologne
E-Mail: dsgvo@datendo.de
www.datendo.de   

As a matter of principle, we only process personal data of our users insofar as this is necessary to provide a functional website and our content and services. The processing is only carried out on the basis of legal permission or after the consent of the data subject. Personal data is processed in particular:

• for the performance of contractual relationships (Art. 6 para. 1 (b) GDPR),

• on the basis of your consent (Art. 6 para. 1 (a) GDPR),

• to safeguard legitimate interests (Art. 6 para. 1 (f) GDPR), for example in ensuring IT security, improving our services and direct advertising,

• as well as for the fulfilment of legal obligations (Art. 6 para. 1 (c) GDPR).

If we obtain your consent for certain processing, the processing will only be carried out on the basis of this consent and exclusively for the purposes specified therein. Any consent given can be revoked at any time with effect for the future.

We take extensive technical and organisational security measures to protect your personal data as best as possible against loss, destruction, unauthorised access, alteration or dissemination. Access to our systems is reserved exclusively for authorised persons. These persons are obligated to handle personal data confidentially and are regularly trained in data protection. Our systems are protected from attacks and malware by up-to-date firewalls and antivirus programs. Personal data is backed up regularly to ensure data integrity and enable rapid recovery in the event of data loss. Our security measures are continuously improved in line with technological developments. For the transmission of data, we use modern encryption methods, in particular SSL/TLS, to prevent unauthorized access during transmission. Despite all care, however, complete security cannot be guaranteed when transmitting data on the Internet.

To operate this website, we use the services of external hosting service providers. The hosting provider provides the technical infrastructure for the operation of the website, in particular server capacities, storage space, database services, security services and maintenance services. As part of the provision of these services, all data arising in connection with the visit to our website is processed, in particular access data (e.g. IP address, date and time of access, browser information, referrer URL, pages and files accessed), and meta and communication data. The processing is carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 (f) GDPR in the secure and efficient provision of our online offer. Contracts for order processing have been concluded with the hosting providers in accordance with Art. 28 GDPR, which ensure that the data is processed in compliance with data protection regulations. Currently, hosting is with:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen

When you access our website, information is automatically sent to the server of our website by the browser used on your device and temporarily stored in so-called server log files. The IP address of the requesting device, the date and time of access, the URL accessed, the website visited prior to ours (referrer URL), the browser used and the operating system as well as other technical information are recorded. This data is processed to ensure a smooth connection to the website, for system security and stability as well as for administrative purposes. The log files are stored on the basis of our legitimate interest in accordance with Art. 6 para. 1 (f) GDPR, in particular to ensure the functionality of the website and to defend against attacks. This data will not be merged with other data sources. The log files are usually automatically deleted after 30 days at the latest, unless longer storage is necessary in individual cases for evidentiary purposes. 

In principle, your personal data will be passed on to third parties only where this is necessary for the fulfilment of contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests, provided that your legitimate interests do not oppose this. In the context of the data processing, we also use external service providers (e.g. IT service providers, hosting providers) to perform certain tasks. These service providers are carefully selected by us, contractually obligated in accordance with Art. 28 GDPR and process the data exclusively on our instructions. Any further transfer of personal data to recipients outside our company will take place only if this is permitted or required by law, for example to the authorities, tax consultants, banks, payment service providers, debt collection agencies or legal advisors.

Personal data will be transferred to countries outside the European Union (EU) or the European Economic Area (EEA) only if this is necessary for the fulfilment of contractual or legal obligations, if you have given your express consent or if another legal basis permits it. In these cases, we ensure that an adequate level of data protection is guaranteed in the relevant third country. This can be ensured by an adequacy decision of the European Commission (e.g. in the case of the USA by the EU-U.S. Data Privacy Framework), through appropriate safeguards in accordance with Art. 46 GDPR, such as in particular the conclusion of standard contractual clauses of the European Commission, or through other protective measures. A transfer will only take place if the necessary conditions are met in each case and adequate protection of the personal data is guaranteed.

We only store personal data for as long as it is necessary to fulfil the specific purposes for which it was collected or for as long as statutory retention periods require it to be stored. After the respective purpose has ceased to exist or the statutory deadlines have expired, the data will be deleted or blocked in accordance with the legal requirements. Deletion takes place in particular if the data is no longer required for the purposes pursued, if you have revoked your consent or if you have legitimately objected to further processing, provided that there are no overriding statutory retention obligations to the contrary. Legal retention periods can result in particular from commercial and tax regulations and are usually between six and ten years. Further information on the applicable retention and deletion periods can be found in the specific data protection notices for the respective processing activities.

As part of our business activities, we rely on the support of external service providers to provide our services, to provide technical support for our systems, to manage our IT infrastructure and to carry out administrative processes. These include, in particular, IT service providers, software providers, data centre operators, technical support service providers, and maintenance and service partners. These service providers are only granted access to personal data to the extent necessary for the performance of their respective duties. Insofar as these service providers process personal data on our behalf, they do so exclusively on the basis of corresponding order processing agreements in accordance with Art. 28 GDPR. The processing of the data is strictly bound by instructions and is carried out in compliance with all data protection requirements. Personal data will only be transmitted to other recipients if this is required by law, is necessary for the execution of contracts, you have given your prior consent or transmission is permissible in individual cases on the basis of our legitimate interests. Processing in third countries is only carried out in compliance with the legal requirements, in particular with the application of appropriate safeguards in accordance with Art. 44 et seq. GDPR (e.g. EU standard contractual clauses or adequacy decisions).

When contacting us by telephone, email, fax or via the contact forms provided, the personal data transmitted by the person making the enquiry in the course of communication will be processed. This includes, in particular, contact details and the content of the respective enquiry. The processing is carried out exclusively for the purpose of answering the enquiry and carrying out the associated communication and, depending on the context of the enquiry, is based on Art. 6 para. 1 (b) GDPR, provided that the enquiry is aimed at concluding or performing a contract, or on Art. 6 para. 1 (f) GDPR, our legitimate interest in processing enquiries and communicating with external contact persons. The data will only be passed on to third parties if this is necessary to process the request or if there is a legal obligation to do so. The data will be deleted as soon as the enquiry has been concluded and there are no statutory retention obligations to prevent it from being deleted.

With your consent, a service for displaying interest-based advertising from the provider RevContent, LLC, 19 3rd Street South, St. Petersburg, FL 33701, USA is integrated into our website. The service is loaded from the domain rvty.net via the script ReAsync.js. RevContent uses cookies and similar technologies to analyse user behaviour, conduct reach measurements, display personalised advertising and create profiles about the website visit and the interests derived from it (profiling). In doing so, technical usage data such as IP address, browser information, device identifiers, referrer URL, location data and interaction data may be processed and transmitted to servers in the USA. The legal basis for the use of RevContent is your consent in accordance with Art. 6 para. 1 (a) GDPR in conjunction with Section 25 para. 1 TTDSG, which you can grant or deny through our consent management. The transfer of personal data to the USA is carried out on the basis of the standard contractual clauses (SCC) of the EU Commission in accordance with Art. 46 GDPR; nevertheless, due to the legal situation in the USA, there may be a risk of access by US authorities over which we have no influence. You can revoke your consent at any time with effect for the future via our consent banner. You can find more information on data protection at RevContent: https://help.revcontent.com/en/article/revcontent-privacy-policy-ru7bze/

Technically necessary cookies from the security and performance service Cloudflare are used on our website to ensure the secure provision of our website and to prevent attacks. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. In the course of use, technically necessary connection data, in particular the IP address, may be processed. The cookies __cf_bm (for detecting and defending bot traffic, storage time 30 minutes) and _cfuvid (traffic security and load balancing, session cookie) are used. These cookies serve exclusively to maintain the technical security, stability and functionality of our website and are permissible without consent in accordance with Section 25 para. 2 (2) TTDSG. The legal basis for the associated data processing is Art. 6 para. 1 (f) GDPR, our legitimate interest in the secure and error-free provision of our online offering. Cloudflare also processes some data outside the European Union. An adequate level of data protection is ensured by the conclusion of standard contractual clauses in accordance with Art. 46 GDPR. You can find more information about data protection at Cloudflare: https://www.cloudflare.com/privacypolicy/ 

On our website, we use the CookieFirst consent management tool from Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018 DH Amsterdam, The Netherlands to obtain, manage and document legally required consent for the use of cookies and similar technologies. CookieFirst serves to fulfil our legal obligation under Art. 6 para. 1 (c) GDPR in conjunction with Art. 7 GDPR and Section 25 para. 1 TTDSG and is also based on our legitimate interest in a legally secure, transparent and user-friendly consent solution in accordance with Art. 6 para.1 (f) GDPR. When you visit our website, a cookie banner is displayed via CookieFirst that allows you to agree or reject certain categories of cookies. CookieFirst stores your consent decision in order to document and store it in a comprehensible way for later page views. In particular, the following data is processed: date and time of visit, browser and device information, anonymised IP address, language settings, consent status and a randomly generated unique identifier (consent ID). Your consent relates to the cookie categories “necessary”, “Performance” and “Functional”, which are explained in the CookieFirst banner. Consent will be stored for up to 12 months, unless you withdraw your consent beforehand. You can revoke or change your consent at any time with effect for the future via the “Cookie settings” link on our website. You can find more information on data processing by CookieFirst at https://cookiefirst.com/legal/privacy-policy/ 

We use the web analysis service Matomo on our website. This is a privacy-friendly open-source software for analysing usage behaviour on our website, which we host ourselves on our own server. The data will not be passed on to third parties. Matomo is used exclusively for statistical purposes in order to evaluate the use of our website and to optimise its content. The processing is carried out on the basis of your consent in accordance with Art. 6 para. 1 (a) GDPR in conjunction with Section 25 para. 1 TTDSG, which is obtained via our CookieFirst consent management tool. We have configured Matomo not to set cookies. In addition, your IP address will be anonymised before processing, meaning that direct personal reference is excluded. Your browser’s Do Not Track feature is taken into account. You can revoke your consent at any time with effect for the future via CookieFirst.

We offer the option of subscribing to an email newsletter. To send the newsletter, we use the service Newsletter2Go, a service provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin. For the purpose of sending the newsletter, the registering person’s data will be processed, in particular their surname, first name and email address. Registration is through the double opt-in procedure; the address will be added to the mailing list only after confirmation of the registration via a confirmation link. The legal basis for sending the newsletter is consent in accordance with Art. 6 para. 1 (a) GDPR in conjunction with Section 7 para. 2 (3) UWG. The consent is recorded in order to ensure that it can be proven in accordance with Art. 7 para. 1 GDPR. Newsletter2Go processes the data on our behalf on the basis of an order processing agreement in accordance with Art. 28 GDPR. You can unsubscribe from the newsletter at any time with effect for the future, in particular via the unsubscribe link contained in every email or by sending us a message. After unsubscribing, the contact details will be deleted from the mailing list, provided that there are no legal retention obligations to the contrary.

For the postal dispatch of a programme booklet, we process the personal data voluntarily provided by the person placing the order, in particular surname, first name and address. The legal basis for the processing is the recipient’s consent in accordance with Art. 6 para. 1 (a) GDPR, which is given when the order is submitted. The data will be used exclusively for the processing of the order and for the postal dispatch of the programme booklet. The data is not used for any further purposes, in particular for advertising purposes or for disclosure to third parties. The consent can be revoked at any time with effect for the future. In this case, no there will be no further mailings. The data will be deleted after the dispatch, provided that there are no statutory retention obligations to the contrary.

We integrate videos from the Vimeo platform. The provider is Vimeo.com, Inc., 555 West 18th Street, New York, New York 10011, USA. The integration is for the purposes of an appealing presentation of our online content and represents a legitimate interest within the meaning of Art. 6 para. 1 (f) GDPR; however, the actual data processing by Vimeo only takes place after your express consent via CookieFirst in accordance with Art. 6 para. 1 (a) GDPR in conjunction with Section 25 (1) TTDSG. When a Vimeo video is played, a connection to Vimeo’s servers is established, whereby the Vimeo server is informed which of our pages you have visited. In addition, Vimeo may set cookies for analysis and tracking purposes and process data about your usage behaviour, such as your IP address, technical device information, referrer URL, and interaction data. Vimeo may link the collected data with other services and activities of Vimeo or third parties and use it for profiling. A transfer of personal data to the USA cannot be ruled out. The “vuid” cookie is used to analyse video usage and has a storage period of two years. For more information on data processing by Vimeo, please visit https://vimeo.com/privacy. You can revoke your consent at any time via CookieFirst with effect for the future.

We embed videos from the YouTube platform on our website, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To protect your personal data, we use a so-called 2-click solution. This means that YouTube will only load and connect to YouTube when you actively click on the video and thus give your consent to data transfer. There is no connection to YouTube servers before the click and no personal data is transmitted to YouTube. YouTube will process technical data such as your IP address, device information, referrer URL and information about your user behaviour and, if necessary, set cookies or similar technologies for analysis and marketing purposes only after your consent. It cannot be ruled out that YouTube will merge your data with other Google services and transfer it to the USA. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 (a) GDPR in conjunction with Section 25 para. 1 TTDSG, which you expressly grant by clicking on the video. You can revoke your consent at any time with effect for the future by reloading the page or deleting stored cookies. Further information on data processing can be found in YouTube’s privacy policy under https://policies.google.com/privacy

We maintain publicly available company profiles on social networks in order to communicate with users, provide information about our company and carry out marketing activities. Currently in use are profiles on Facebook and Instagram, each a service of Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, as well as on Vimeo (Vimeo.com Inc., 555 West 18th Street, New York, New York 10011, USA) and YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). When visiting our social media pages, personal data of the users is processed by the respective providers, among other things for the creation of usage statistics, market research, interest-based advertising and the creation of user profiles. If you are logged into your respective social media account and visit our profile, the respective provider can assign the visit to your user account. We also use the respective platforms for advertising purposes, in particular for the display of target group-specific content and for interaction with users. Providers such as Meta and Google use cookies and similar technologies and may also process data outside the European Union. For Facebook and Instagram, there is joint responsibility within the meaning of Art. 26 GDPR between Meta and us, which results from the “Page Controller Addendum” agreement. The legal basis for the processing of personal data by us is Art. 6 para. 1 (f) GDPR, as we have a legitimate interest in effective corporate communication and in the external presentation of our company; if consent has been given to the respective provider, the legal basis is Art. 6 para. 1 (a) GDPR. The data processing by the platform operators may be carried out on the basis of the legitimate interests of the providers in accordance with Art. 6 para. 1 (f) GDPR and, in the case of advertising and analysis purposes, on the basis of your consent. Further information on data processing and the options for objection can be found in the data protection information of the respective providers under https://www.facebook.com/privacy/policy/, https://privacycenter.instagram.com/policy/, https://vimeo.com/privacy and https://policies.google.com/privacy.

We offer links on our website to the external ticket shop of the provider Rausgegangen GmbH, Aachener Straße 26, 50674 Cologne. Tickets are sold exclusively via the Rausgegangen.de platform. If you click on the corresponding link, you will be redirected to the Rausgegangen website. Personal data is only processed by Rausgegangen from this point; we have no influence over this processing. Rausgegangen GmbH is exclusively responsible for data processing in the context of ticket purchase. Information on data processing by Rausgegangen can be found under https://rausgegangen.de/privacy. No personal data is transmitted to Rausgegangen on our website in this context.

In connection with the planning, organisation and implementation of events, we process personal data of persons who wish to participate in our events. This includes, in particular, enquiries about events as well as ticket reservations or ticket enquiries by email or telephone. The processing is carried out exclusively for the purpose of processing participation in the respective event and is based on Art. 6 para. 1 (b) GDPR. No further processing for other purposes, in particular for advertising or marketing purposes, takes place. If personal data is processed for individual events via external providers such as ticket service providers, this is done exclusively within the framework of the respective contractual relationship with these providers. Data will not be passed on to other third parties, unless we are legally obliged to do so. Data will be deleted after the respective purpose has ceased to exist, taking statutory retention periods into account.

We publish information on participating artists on our website in the context of our cultural work. This includes, in particular, the names and biographical details of the persons. Publication takes place exclusively with the express consent of the persons concerned in accordance with Art. 6 para.1 (a) GDPR. The data will not be passed on to third parties. Publication is exclusively for the purpose of the editorial presentation of our artistic and programme work. The data will only be published for the duration of the consent and, if desired, will be removed at any time with effect for the future. Data subjects can withdraw their consent at any time. The revocation does not affect the lawfulness of the processing carried out up to the revocation.

When contacting our press office by email, telephone or fax, the personal data transmitted (in particular name, contact details, affiliation to the editorial office or the media outlet as well as the content of the enquiry) will be processed for the purpose of processing the press enquiry and correspondence. The legal basis is Art. 6 para. 1 (f) GDPR, our legitimate interest in professional press and public relations work. If you consent to be included in our press mailing list, we will process your contact details in addition to the regular dispatch of press releases; legal basis is Art. 6 para. 1 (a) GDPR in conjunction with Section 7 UWG. Consent can be revoked at any time with effect for the future; a corresponding notification is sufficient, in particular by email to presse@pact-zollverein.de. Recipients of the data may be technical service providers (e.g. email/host providers) within the scope of order processing. There will be no transfer to third parties, unless such disclosure is necessary to respond to your enquiry or is required by law. Data from press enquiries will be deleted after completion of the communication, provided that there are no legal retention obligations; data in the press mailing list will be stored until consent is revoked or an objection is made to the processing.

In connection with the rental of our premises, we process personal data of enquiring persons. This includes the data that is transmitted to us by email as part of the enquiry, in particular name, contact details and information on the purpose of the rental. The processing is carried out for the purpose of examining and responding to the enquiry as well as for deciding on the establishment of a contractual relationship in accordance with Art. 6 para. 1 (b) GDPR. If a rental arrangement is established, the data will be processed in addition to the purpose of preparing and executing the contract. This can also include the processing of data relevant to invoicing. After the conclusion of the tenancy, the data will be stored for as long as is necessary to fulfil contractual or legal obligations. Invoice and tax-relevant data will be stored for the duration of statutory retention periods. There is no further processing for other purposes.

We publish job offers on our website. If persons apply for a position advertised by us, the personal data will be processed for the purpose of deciding on the establishment of an employment relationship in accordance with Art. 6 para. 1 (b) GDPR in conjunction with Section 26 (1) BDSG. Application documents are not submitted via this website, rather are sent via separately designated contact channels. All information on the processing of personal data in the context of the application process will be made available to applicants separately in accordance with Art. 13 GDPR. There is no further storage or processing of personal application data via this website.

Automated decision-making including profiling in accordance with Art. 22 GDPR does not take place in the context of the use of our website.

When using our website purely for informational purposes, no personal data is collected that would be required to be provided by law or contract. The use of our website is therefore possible without providing personal data, as long as no voluntary contact is made. Personal data will only be processed if it is voluntarily transmitted via the contact options provided, for example by email or telephone in connection with ticket enquiries, event information or organisational queries. In these cases, the provision of the data is necessary in order to be able to process the respective enquiry; processing of the enquiry is not possible without provision of the necessary contact details. Personal data may be processed by external providers through the linking to external services such as ticket platforms or social networks. The use of these external offers is voluntary. If data is transferred to recipients in third countries, this will be done only if suitable guarantees within the meaning of Art. 46 GDPR are in place or on the basis of explicit consent.

As a data subject, you have various rights under the General Data Protection Regulation with regard to the processing of your personal data:

• First of all, you have the right to information (Art. 15 GDPR). This includes, in particular, information on whether and to what extent we process personal data about you, for what purposes this processing is carried out, which categories of data are affected and to which recipients this data has been or will be disclosed.

• In addition, you have the right to have incorrect or incomplete data corrected (Art. 16 GDPR) in order to keep the personal data stored by us up to date.

• You also have the right to have your personal data deleted (Art. 17 GDPR), provided that no statutory retention periods or other legal obligations preclude the deletion.

• You have the right to restriction of processing (Art. 18 GDPR) under certain conditions, for example if the accuracy of the data is disputed by you or the processing is unlawful and you demand the restriction of use instead of deletion.

• Furthermore, you have the right to data portability (Art. 20 GDPR), i.e. the right to receive the data you have provided in a structured, commonly used and machine-readable format and to transmit this data to another controller, provided that the processing is based on your consent or on a contract and is carried out automatically.

• You also have the right to object to the processing of your personal data (Art. 21 GDPR) if we base the processing on a legitimate interest or if it is carried out for the purpose of direct marketing.

• If the processing of your data is based on consent you have provided, you have the right to revoke this consent at any time with effect for the future (Art. 7 para. 3 GDPR).

• In addition, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR) if you believe that the processing of your personal data violates data protection regulations. The following supervisory authority is responsible for our company : State Commissioner for Data Protection and Freedom of Information – North Rhine-Westphalia, Postfach 200444, 40102 Düsseldorf, Tel.: 02 11/384 24-0, Email: poststelle@ldi.nrw.de, Homepage: https://www.ldi.nrw.de

For reasons of better readability and comprehensibility, this privacy policy partially dispenses with gender-specific differentiation. All personal designations apply equally to all genders in the spirit of equal treatment. This abbreviated language form does not contain any evaluation and pursues exclusively editorial reasons for linguistic simplification.

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, for example when introducing new services or functionalities on our website. The current version of the privacy policy will then apply to your next visit. This privacy policy was updated in October 2025.  

The privacy policy was created with the online data protection generator of the external data protection officer of DATENDO GmbH.