data protection

Thank you for your interest in the Jewish Chamber Orchestra Munich (hereinafter also: "JCOM") and our website. The website is operated by the Jewish Chamber Orchestra Munich gemeinnützige GmbH (gGmbH). Data protection is very important to us. We would therefore like to ask you to take the time to read this privacy policy carefully.

In this privacy policy, the pronouns “we”, “our”, etc. refer to the Jewish Chamber Orchestra Munich gGmbH. The pronouns “you”, “your”, etc. refer to the users of our website or to the data subject whose personal data is processed.

In principle, this website can be used without providing personal data. However, when using certain services on this website, the processing of personal data may be necessary. The collection, processing and use of personal data always takes place in accordance with the General Data Protection Regulation (hereinafter: "GDPR") and the applicable European and national legal provisions. Personal data is collected on a legal basis or on the basis of the consent of the data subject. Orchester Jakobsplatz München gGmbH follows the principle of economical data collection and assures the data subject that the data collected will be handled responsibly and securely.

In this privacy policy, we would like to inform you about which personal data we collect, process and use when you use the website and how we handle this data. In addition, we will inform you about the legal basis for the processing of your personal data and, if the processing is necessary to protect our legitimate interests, also about our legitimate interests, and explain to you the rights to which you are entitled.

The data protection declaration uses the terms used in the GDPR and defined in Art. 4 GDPR. To make these terms understandable and comprehensible for you, we would like to present them in advance:

Personal data is any data that relates to you or says something about you personally and can be associated with you, either on its own or in combination with other information. According to the GDPR, personal data is any information that relates to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more characteristics specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing is any operation or set of operations (whether or not by automated means) which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

The controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, decides on the purposes and means of the processing of personal data.

The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

The recipient of personal data is a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether a third party or not. Authorities which may receive personal data in the framework of a particular investigation in accordance with Union or Member State law shall not be considered recipients.

The third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons authorised to process the personal data under the direct authority of the controller or processor.

The consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.

The person responsible for the processing of personal data within the meaning of the GDPR is:

Jewish Chamber Orchestra Munich gGmbH
Authorized representative: Daniel Grossmann
Lechstr. 11
80638 Munich
Phone: +49 89 15909750
Fax: +49 89 15980509

INFO(AT)JCOM.DE

HTTP://WWW.JCOM.DE

Art. 6 (1) (a) GDPR and Art. 7 GDPR serve as the legal basis for processing personal data for which we obtain consent for a specific purpose. Art. 6 (1) (b) GDPR is the legal basis for processing personal data to fulfill our services and carry out contractual measures or pre-contractual measures. Processing to fulfill our legal obligations (e.g. tax obligations) is carried out on the legal basis of Art. 6 (1) (c) GDPR. If processing could be necessary in exceptional cases to protect the vital interests of the data subject or a natural person, this would be done on the basis of Art. 6 (1) (d) GDPR.

Finally, the processing of personal data can be based on the legal basis of Art. 6 (1) (f) GDPR. The processing of personal data can be lawful according to Art. 6 (1) (f) GDPR even if it is not covered by one of the aforementioned legal bases, but if it is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular if the data subject is a child. The European legislator emphasizes in its recital 47 sentence 1 GDPR that the assessment of the legitimate interest must take into account the relationship between the data subject and the controller and the resulting reasonable expectations of the data subjects must be taken into account. From the point of view of the European legislator, a legitimate interest can be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).

If the processing is based on the legal basis of Art. 6 (1) (f) GDPR, our legitimate interest is the conduct of our business activities and the proper operation and improvement of this website.

Every time you visit our website, your browser automatically sends certain information to the website server. The information recorded is the Internet Protocol address (hereinafter: "IP address") of your computer, your browser's request, the time and date of this request on our website, and the website from which you accessed our website. Furthermore, the product and version information about the browser used and the operating system of your computer is recorded. The data is also stored in the so-called log files of our system. The data in the log files is stored separately from the personal data provided by a person.

The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR based on our legitimate interest in improving the functionality of our website. We also use the information transmitted by your browser to our server in an anonymized form - i.e. without it being possible to draw conclusions about you - to operate our website and to analyze and improve our services. In this way, we can, for example, identify and eliminate possible errors on the website and determine on which days and at what times the website is used particularly heavily, which also helps us to make adjustments or improvements.

The stored data is deleted as soon as it is no longer required to achieve the above-mentioned purpose, which is usually the case when the visit to the website has ended. If the data is stored in the log files, the data is deleted after 7 days at the latest. Longer storage is possible, in which case the IP address of your computer is deleted or anonymized by shortening.

On the subpage of our website for JCOM online ticket sales, we use so-called cookies, which collect and store information about your use of our website each time you access this subpage. As soon as a data subject accesses the website, a cookie is transferred to the hard disk of the computer of the respective data subject. Cookies are small text files that are stored on your data storage device and that store certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent, information about the age of the cookie and an identification number for the cookie ("cookie ID"). Cookies enable our systems to recognize the user's device when you return to our website and thereby store information about your preferred activities on the website and make any preferences immediately available.

On the subpage of our website for JCOM online ticket sales, the cookie is used, among other things, to store the selected tickets in the virtual “shopping cart”, thus enabling and simplifying the ordering process.

The cookies we use only store the data about your use of the website explained above (see section 4.1). This is not done by assigning it to you personally, but by assigning a cookie ID. The cookie ID is not merged with your name, IP address or similar data that would enable the cookie to be assigned to you. If personal data is also processed through cookies, the processing is carried out either in accordance with Art. 6 Para. 1 lit. b) GDPR to carry out pre-contractual measures (e.g. to carry out the ordering process for JCOM online ticket sales) and in accordance with Art. 6 Para. 1 lit. f) GDPR on the basis of our legitimate interest in improving the functionality and user-friendliness of the ordering process on our website.

If a data subject does not wish to use browser cookies, he or she can set his or her browser so that cookies are not saved or are only saved after the data subject has expressly confirmed that they are saved. In addition, cookies that have already been saved can be deleted at any time using an Internet browser or, if applicable, another program. If cookies are deactivated, please note that our website may only be usable to a limited extent in this case.

Due to legal regulations, the website provides information for quick electronic contact (by email) with us. If a data subject contacts us by email, personal data (name, email address) will be collected. This data will be used and stored for the purpose of answering your request or for establishing contact and the associated technical processing. The legal basis for the processing of the data is our legitimate interest in accordance with Art. 6 Paragraph 1 Letter f) GDPR to answer your request. If the purpose of establishing contact is to conclude a contract (e.g. via a sponsorship partnership) or another contract, Art. 6 Paragraph 1 Letter b) GDPR is also the legal basis for the processing. Your data will be deleted after your request has been processed; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention periods to the contrary.

On the subpage of the website for the “Opera School Project” there is the possibility for the person with parental responsibility (hereinafter referred to as parents) of an interested child between the ages of 7 and 18 to contact us. The Opera School project is intended to give children the opportunity to work on and put on an opera from start to finish with other children and young people within 1.5 years. You can find detailed information about the opera school on our website. We have provided a contact form on the website for contacting us. Parents can enter the child’s name, date of birth, their own name, date of birth, address, telephone number, email address and how the child would like to participate in the opera school and send it to us. If the completed application form is sent to us, we collect and process the personal data provided by the child and the parent. Processing is carried out electronically. This data is used and stored for the purpose of answering your request or for contacting you and the associated technical processing. The processing of the parent's personal data takes place on the legal basis of Art. 6 Para. 1 lit. a) GDPR and Art. 7 GDPR. The processing of the child's personal data takes place on the legal basis of Art. 8 Para. 1 S. 2 GDPR with the consent of the parents. The consent is given for the purpose of answering the parents' and child's inquiry about the Opera School project and deciding on the child's acceptance into the Opera School project, as well as for the purpose of informing the parents and child about organizational matters and news if they participate. If the child is accepted into the project with the parents' consent, the child's data will also be processed on the legal basis of Art. 6 Para. 1 lit. b) GDPR to fulfill the contract to participate in the project.

If the project is not taken part in, the data provided will be automatically deleted. We would like to point out that parents and children can revoke their consent at any time (see also section 8.10). The data will then be deleted unless there are statutory retention periods to the contrary.

On the subpage of our website for JCOM online ticket sales, we offer users the opportunity to buy tickets for concerts by the Jakobsplatz Munich Orchestra online. You do not need to register for this. When you place an order on our website, we collect and process your name and email address as mandatory information. We also collect and process your address, the name of your company and your telephone number if you enter them in the order form. The processing is carried out on the basis of Art. 6 Para. 1 lit. b) GDPR to process your order and fulfill the purchase contract.

The duration for which personal data is stored depends on the respective statutory retention period (e.g. the retention period under tax and commercial law). After expiry of the period, the corresponding data is routinely deleted unless you have consented to longer storage in accordance with Art. 6 Para. 1 Clause 1 Letter a) of GDPR or legal regulations require longer storage.

Payments are processed via the payment service provider PayPal. The European operating company of PayPal is PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. Payments are processed via so-called PayPal accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address.

When paying via PayPal, data (e.g. name, address, email address, IP address, telephone number, mobile phone number or other data required for payment processing) of the data subject is automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing. The purpose of transmitting the data is to process the payment and prevent fraud.

The personal data is transmitted to PayPal on the basis of Art. 6 (1) (b) GDPR to process your order and fulfill the purchase contract. Furthermore, it is carried out on the basis of our legitimate interests in accordance with Art. 6 (1) (f) GDPR in a user-friendly design of payment processing. The personal data exchanged between PayPal and the person responsible for processing may be transmitted by PayPal to credit agencies. This transmission takes place for identity and credit checks. We would like to point out that PayPal may pass on personal data to affiliated companies or to other companies if this is necessary to fulfill contractual obligations or if the data is to be processed on behalf of them.

The data subject can revoke consent to the processing of personal data to PayPal at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

For further information on data protection at PayPal, please see PayPal’s privacy policy: HTTPS://WWW.PAYPAL.COM/DE/WEBAPPS/MPP/UA/PRIVACY-PREV.

You have the right to receive confirmation from us at any time upon request as to whether personal data concerning you is being processed. To do so, you can send a request to us by post or email (see contact details above in section 2). Furthermore, you have the right to receive information and a copy of this information about the personal data concerning you that we process within the scope of Art. 15 GDPR.

This information includes the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed and, where possible, the planned duration of storage or, if not, at least the criteria used to determine that duration. In addition, you have the right to know that you have the right to rectification or erasure of personal data concerning you or to restriction of processing or to object to data processing or that you have the right to lodge a complaint with a supervisory authority. If we do not collect personal information directly from you, you have the right to all available information about the origin of the data.

Furthermore, the data subject has the right to obtain information as to whether personal data have been transferred to a third country or to an international organisation and the data subject has the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

You have the right to request the immediate rectification of inaccurate data (Article 16 GDPR). Taking into account the purposes of processing, you also have the right to request the completion of incomplete data. If you would like to exercise your right to rectification, you can contact us at any time (see contact details above in section 2).

You have the right to request that we delete personal data concerning you under the conditions described in Art. 17 GDPR. These conditions include, in particular, the existence of a reason for deletion and that processing is not necessary. A right of deletion exists in particular if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, and in cases where you withdraw your consent (and there is no other legal basis for processing). Furthermore, a right of deletion exists if there is an objection (if there are no overriding legitimate reasons for processing), if the processing is unlawful or if there is an obligation to delete under Union law or the law of the Member State to which we are subject.

If Orchester Jakobsplatz München gGmbH, as the controller, has made the personal data public and is obliged to erase it, it shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, in order to inform data controllers which process the personal data that you, as the data subject, have requested the erasure by them of all links to these personal data or of copies or replications of these personal data and that processing is not required.

To exercise your right to erasure, you can contact us at any time (see contact details above in section 2).

As a data subject, you have the right to request that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data, as well as in the event that the processing is unlawful and you request restricted processing instead of deletion; furthermore in the event that the data is no longer required for the purposes we pursue, but you require the personal data to assert, exercise or defend legal claims. Furthermore, you have the right to restrict processing if you have objected to processing, as long as it has not yet been determined whether our legitimate reasons outweigh your interests.

To exercise your right to restrict processing, you can contact us at any time (see contact details above in section 2).

If you assert your right to rectification, erasure or restriction of processing against us, we will inform all recipients to whom personal data was disclosed, unless doing so should prove impossible or involve disproportionate expenditure. You have the right to be informed of these recipients in accordance with Art. 19 GDPR. To assert your right to information, you can contact us at any time (see contact details above in section 2).

You have the right to receive from us the personal data concerning you that you have made available to us in a structured, common, machine-readable format in accordance with Art. 20 GDPR, provided that this does not adversely affect the rights and freedoms of others. When exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another controller, where technically feasible.

To exercise your right to data portability, you can contact us at any time (see contact details above in section 2).

You have the right to object at any time to the processing of personal data concerning you, which is carried out, inter alia, on the basis of Art. 6 Paragraph 1 Letter e) or f) of GDPR, pursuant to Art. 21 GDPR, for reasons arising from your particular situation; this also applies to profiling based on these provisions. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

If Orchester Jakobsplatz München gGmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

You also have the right to object, for reasons related to your particular situation, to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless the processing is necessary to perform a task carried out in the public interest.

To exercise your right of objection, you can contact us at any time (see contact details above in section 2).

We do not use automated decision-making or profiling on this website.

We would also like to point out that, in accordance with Art. 22 GDPR, you have the right not to be subjected to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision is necessary for entering into or fulfilling a contract between the data subject and the controller, or if the decision is permitted by Union or Member State law to which the controller is subject and this law contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or if the decision is made with the data subject's explicit consent.

Where the decision is necessary for the conclusion or performance of a contract between the data subject and the controller, or is made with the data subject’s explicit consent, we shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

To exercise your rights in connection with automated decisions, you can contact us at any time (see contact details above in section 2).

You also have the right to contact the competent supervisory authority if you have any complaints.

You have the right to revoke your consent to the processing of personal data at any time. The legality of the processing that was carried out on the basis of the consent until the revocation remains unaffected. In the event of revocation, we will delete the data concerned immediately unless further processing can be based on a legal basis for processing without consent.

To exercise your right to withdraw your consent, you can contact us at any time (see contact details above in section 2).

The duration of storage of personal data depends on the respective statutory retention period (e.g. the retention period under tax and commercial law). After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required to fulfill or initiate a contract and/or we no longer have a legitimate interest in continuing to store it.

We would like to point out that the provision of personal data may sometimes be required by law (e.g. tax regulations) or contract (e.g. through the contractual agreement to provide information on the contractual partner) or may be necessary for the conclusion of the contract. The data subject may also be obliged to provide personal data. For example, when concluding a contract with OJM online ticket sales, you are obliged to provide us with personal data (e.g. name, address, contact details). Without providing this data, it would not be possible to conclude such a contract. Before providing personal data, the data subject should contact us. We will inform you as the data subject in each individual case whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract, whether the data subject is obliged to provide the personal data and what possible consequences non-provision of the data would have.

The website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or liability for third-party content or data protection conditions. Please make sure that you are familiar with the applicable data protection conditions before submitting personal data to these websites.

We do not pass on your personal data to third parties unless you have consented to the data being passed on or we are entitled or obliged to do so due to legal provisions and/or official or court orders. This may in particular involve the provision of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.

However, a technical transfer may take place if and to the extent that this is necessary for the operation of our website or for other reasons for the establishment, implementation or processing of your user relationship with us. This may be the case, for example, if the website is hosted by an external service provider, i.e. an external service provider operates the servers for us. If this does not involve order processing, the transfer is based on Art. 6 Para. 1 lit. b) GDPR.

We have integrated components of the company Facebook into this page. Facebook is a social network operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is the data controller. The purpose of integrating the Facebook plug-in is to enable our users to republish the contents of this website, to make this website better known and thus increase the number of users of this website.

You can recognise the Facebook plug-ins by the Facebook logo or the addition “Social Plugin from Facebook”/“Facebook Social Plugin”. You can find an overview of the Facebook plug-ins and what they look like at https://developers.facebook.com/docs/plugins.

If you visit a subpage of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the page. Your browser transmits information (including the IP address) to Facebook in the USA that your browser has accessed a corresponding subpage of our website. This data is stored there. This is also the case if you do not have a Facebook profile or are not logged in to it.

If you are logged in to Facebook, Facebook can assign the visit to the corresponding subpage of our website to your Facebook profile. This also applies if you activate the plugin, for example if you click a "Like" button or the share function. The information is also published on your Facebook profile and displayed to your Facebook friends. If you do not want this, you must log out of Facebook before visiting our website.

It is possible to install applications (including add-ons for your browser) that prevent the loading of Facebook plugins and data transmission to Facebook, e.g. with the script blocker “NoScript” (http://noscript.net/).

Facebook Inc., based in the USA, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.

The data processing described above is carried out in accordance with Art. 6 Paragraph 1 Letter f of GDPR on the basis of Facebook's legitimate interests. This includes, among other things, the display of personalized advertising in order to inform other Facebook users about your activities on our website. You have the right to object, but you must contact Facebook to do so.

The purpose and scope of the collection, processing and use of personal data by Facebook as well as your rights and setting options for protecting your privacy can be found in Facebook's privacy policy, which is available at HTTP://WWW.FACEBOOK.COM/POLICY.PHP.

We have integrated components from the company Twitter into this site. Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA operates a publicly accessible microblogging service that allows users to publish short messages of up to 140 characters (so-called tweets), share them with so-called followers, or link to them. The latter are also people logged in to Twitter. Some of the tweets can also be read by people not logged in to Twitter. The purpose of integrating the Twitter component is to enable our users to republish the contents of this website in order to make this website better known and thus increase the number of users of this website.

When you visit a subpage of our website that has a Twitter component integrated, your browser establishes a direct connection to the Twitter servers. The content of the component is transmitted directly from Twitter to your browser and integrated into the page. Your browser transmits information to Twitter that your browser has accessed a corresponding subpage of our website.

If you are logged in to Twitter, Twitter can assign the visit to the corresponding subpage of our website to your Twitter user account. This also applies if you activate the integrated Twitter component. The data or information transferred in this way is assigned to the Twitter user account and stored and processed by Twitter. If you do not want this, you must log out of Twitter before visiting our website.

The data processing described above is carried out in accordance with Art. 6 Paragraph 1 Letter f of GDPR on the basis of Twitter's legitimate interests. This includes, among other things, the display of personalized advertising in order to inform other Twitter users about your activities on our website. You have the right to object, but you must contact Twitter to do so.