Privacy Policy

This data protection declaration clarifies the type, scope and purpose of personal data (hereinafter referred to as “pb. data”) within our online offer. With regard to the terms used, such as “processing” or “person responsible”, we refer to the definitions in Art. 4 of the Basic Data Protection Regulation (DSGVO).

This data protection declaration applies to the online ticket stores operated by Medien.Bayern GmbH, Rosenheimer Str. 145e, 81671 Munich (“us”, “we”, “Medien.Bayern”) at (“Website”).

We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the Privacy Policy as soon as changes in the data processing performed by us make this necessary. We will inform you as soon as the changes make it necessary for you to take action to cooperate (e.g. to give your consent) or any other individual notification.


Medien.Bayern GmbH
Rosenheimer Str. 145 e
81671 Munich
Managing Director: Stefan Sutor (Chairman) | Lina Timm
Link to the imprint:

Data protection officer

If you have any questions or suggestions regarding data protection, please contact our external data protection officer:

Types of personal data to be processed, which you make available to us within the scope of our offers

  • Inventory data (e.g. names, addresses)
  • Contact details (e.g. e-mail, phone numbers)
  • Contract data (e.g. subject of contract, ticket category)

Purpose of the processing

  • Processing of contractual agreements
  • Security measures
  • Applicable legal basis

In accordance with Art. 13 DSGVO we inform you about the legal basis of our data processing. If the legal basis is not stated in the data protection declaration, the following applies:

    • the legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO
    • the legal basis for processing for the purpose of fulfilling our services and implementing contractual measures as well as responding to inquiries is Art. 6 para. 1 letter b DSGVO
    • the legal basis for the processing to fulfill our legal obligations is Art. 6 para. 1 lit. c DSGVO
    • the legal basis for the processing to protect our legitimate interests is Art. 6 para. 1 letter f DSGVO
    • In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.

Cooperation with third parties and with contract processors

Provided that in the course of our processing of pb. data to other persons and companies (processors or third parties), we may disclose such data to them or otherwise give them access to pb. data, this is only done on the following basis:

    • for the fulfilment of the contract (e.g. if a transfer of pb. data to third parties, such as payment service providers, in accordance with Art. 6 para. 1 lit. b DSGVO)
    • on the basis of a so-called “order processing contract” (according to Art. 28 DSGVO, e.g. web host, shipping service provider).

Rights of the data subjects

You have the right to ask for a confirmation whether pb. data is processed and to receive information about this data and to receive further information and a copy of the pb. data according to art. 15 DSGVO.

You have the right to ask for the completion of the pb. data concerning you, according to art. 16 DSGVO.

Under Art. 17 DSGVO you have the right to request that pseudonym data concerning you be completed or corrected, deleted immediately, or alternatively, according to Art. 18 DSGVO, a restriction on the processing of pb. data. data processing.

Right of withdrawal

You have the right to revoke consents granted (Art. 6 para. 1 a DSGVO) in accordance with Art. 7 para. 3 DSGVO with effect for the future.

Right of objection

You may object to future processing of the pb. data concerning you in accordance with Art. 21 DSGVO at any time. The objection can be made in particular against processing for the purposes of direct advertising (Art. 6 para. 1 f DSGVO).

Right of appeal to the supervisory authority

You have the right to complain to the supervisory authority about the processing of your personal data Art. 77 DSGVO.

The Media Data Protection Officer is the supervisory authority within the meaning of Art. 51 DS-GVO.

Mr. Andreas Gummer
Media data officer
Bayerische Landeszentrale für Neue Medien
Heinrich-Lübke-Str. 27
81737 Munich

Deletion of personal data

The pb. data processed by us will be deleted or restricted in their processing in accordance with articles 17 and 18 DSGVO. Unless expressly stated in this data protection declaration, the pb. data stored by us will be deleted or limited in their processing. Data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any legal storage obligations. If the pb. data are not deleted because they are required for other and legally permissible purposes, their processing is restricted. I.e. the pb. Data will be blocked and not processed for other purposes. This applies, for example, to pb. data that must be retained for commercial or tax law reasons.

According to legal requirements in Germany, the storage is in particular for 10 years according to §§ 147 para. 1 AO, 257 para. 1 No. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years according to § 257 para. 1 No. 2 and 3, para. 4 HGB (commercial letters).


The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services that we use for the purpose of operating this online offer. For these services, we have used carefully selected contractors with whom we have concluded contract processing agreements.

Collection of access data and log files

We, or our hosting provider, on the basis of our legitimate interests as defined in Art. 6 para. 1 lit. f. DSGVO data about every access to the server on which this service is located (so-called server log files). The access data includes

  • Target URL
  • file
  • Date and time of retrieval
  • transferred data volume
  • Message about successful retrieval
  • Browser type and version
  • the user’s operating system

For security reasons (e.g. to investigate abuse or fraud), log file information is stored for a maximum period of 30 days and then deleted. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

Business management analyses and market research

In order to run our business economically and to identify market trends, customer and user wishes, we analyze the data available to us on business transactions, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. DSGVO, whereby the persons concerned include customers, interested parties, business partners, visitors and users of the online offer.

The analyses are carried out for the purpose of business management evaluations, marketing and market research. In doing so, we can take into account the profiles of registered users with information on e.g. their purchase transactions. The created analyses are used internally only. The overall economic analyses and general trend determinations are made anonymously as far as possible. If they are not prepared anonymously, we will take technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the security of the processing, i.e. after taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons (Art. 32 DSGVO).

If we forward analyses to third parties, these are only anonymized, summarized values.

We use carefully selected contract processors for these analyses.


When contacting us (e.g. via contact form, e-mail, telephone or social media), your data will only be processed for the purpose of handling your contact request and, if applicable, its contractual handling in accordance with Art. 6 Para. 1 lit. b) DSGVO. Your data may then be stored in a customer relationship management system (“CRM system”) or comparable inquiry organization. In this case, we use a carefully selected CRM service provider as the order processor.
We will delete the inquiries if they are no longer required. We check the necessity every two years; furthermore, the legal archiving obligations apply.