1. About us

We as Compeso GmbH are responsible for the collection, processing and storage of your data. You can find details about us at any time in our legal notice. Careful handling of your personal data is our top priority. We adhere to the legal provisions during processing, e.g. the General Data Protection Regulation (GDPR) and the associated national provisions. This data protection declaration applies to all of our company’s websites that can be accessed under our domains (i.e.,,, Since we would like to give you a comprehensive overview of the processing of personal data in our company, you will find an overview of all of our services below, within the scope of which we collect and process personal data. In so far separate or additional conditions apply to individual services or we ask you for your consent, we will notify you separately before using the respective service. We also take various security measures to protect your personal data. For example, the transmission between your web browser and our servers is always transport-encrypted; In addition, we maintain a variety of technical and organizational measures to always protect your data.

2. Why we process your data

In principle, you can use our website without revealing your identity. If you register for one of our personalized services or would like to contact us, we will ask you for your name and other personal information. It is up to you to decide whether you want to enter this (extended) data or not. Data that we absolutely need from you to provide our services is marked as such. Your personal data is collected and processed for the following purposes on the basis of the following legal bases:

  • Contract initiation according to Art. 6 para. 1 lit. a) and b) GDPR
  • Contract processing according to Art. 6 para. 1 lit. b) GDPR
  • Customer management in accordance with Art. 6 para. 1 lit. b) and c) GDPR
  • Communication and data exchange in accordance with Art. 6 para. 1 lit. a), b), c), f) GDPR
  • External presentation and advertising in accordance with Art. 6 para. 1 lit. f) GDPR
  • Implementation of declarations of consent in accordance with Art. 6 para. 1 lit. a) GDPR
  • Ensuring the proper operation of a data processing system in accordance with Art. 6 para. 1 lit. c) and f) GDPR

3. Which data we might collect and process from you

We might collect different categories of personal data from you. Personal data is all information that relates to an identified or identifiable natural person; A natural person who can be identified directly or indirectly, in particular by association with an identifier such as a name, is regarded as identifiable. Personal data includes, for example. Information such as your name, address, telephone number and date of birth (if given). Statistical information that cannot be directly or indirectly associated with you – such as the popularity of individual websites of our offer or the number of users of a page – are not personal data. There is data collected directly and indirectly. In both cases, data is only collected to the extent necessary; the data will only be processed for the purposes mentioned in section 2. It is up to you to decide whether you want to send us data that optimizes the use of our services for you, but is not necessary for this. Corresponding data fields are marked as ‘voluntary’. The data immediately collected include:

  • Salutation and names, e.g. to personalize your contact request
  • Email address and, if applicable, a password you have chosen, e.g. to contact us using our contact form
  • Address data, e.g. for the purpose of sending offers in printed form
  • Data that you actively and consciously transmit through us when using our services, e.g. Information about your POS / box office system used
  • Other data that you voluntarily provide to us, e.g. data fields filled in by you, marked as ‘voluntary’

In addition, data about you is indirectly collected when you use our services:

  • Technical connection data, e.g. the requested page of our website
  • Your IP address, shortened by the last three digits
  • Date and hour during the process
  • used terminals
  • Data collected as part of website tracking

Minors: Our website is not aimed at minors and we do not knowingly collect personal data from minors / non-adults. If persons under the age of 16 transmit personal data to us, this is only permitted if the legal guardian has given his own consent or has given the young person’s consent. According to Art. 8 para. 2 GDPR the contact details of the legal guardian are provided to convince us of the consent or consent of the legal guardian. This data and the data of the minor are then processed in accordance with this data protection declaration. If we determine that a minor under the age of 16 has sent personal data to us without the legal guardian himself or the consent of the minor, we will delete the data immediately.

4. Who has access to your data and to whom we transmit your data

a) access

Access to your personal data stored by us is restricted to our employees and the service providers commissioned by us, who have to deal with this personal data due to their tasks. If known third parties have access to your data, we have obtained your permission or there is a legal basis for this. We also use service providers to provide services and to process your data (including hosting and video delivery). In so far these special provisions apply, we have carried them out for you in the following service. The service providers process the data only on our instructions and are obliged to comply with the applicable data protection regulations. All processors have been carefully selected and will only have access to your data to the extent and for the required period of time, which is necessary for the provision of the services or to the extent that you have consented to the data processing and use.

b) Data exchange within the group of companies

Data exchange within the group of companies (even if not particularly signed) to which we belong takes place exclusively within the EU / EEA and only serves internal administrative purposes. By group of companies we mean affiliated companies within the meaning of Art. 4 No. 19 GDPR. Transmission to third countries and legal basis The servers of some of the service providers we use are located in the USA and other countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as is the case in the member states of the European Union. If your data is processed in a country that does not have a recognized high level of data protection like the European Union, we use contractual regulations or other recognized instruments to ensure that your personal data is adequately protected. We would like to point this out to you again as part of the individual services. Insofar as personal data is transferred to third countries, this takes place on the basis of the adequacy decision of the EU Commission on the EU-U.S. Privacy Shield in accordance with Art. 45 GDPR or the EU Standard Contract 2010 in accordance with Art. 46 para. 2 lit. c) GDPR in conjunction with the decision of the EU Commission of 05.02.2010 (2010/87 / EU) or according to Art. 49 para. 1 lit. a GDPR.

c) Transmission to law enforcement and law enforcement agencies

In exceptional cases, we might have to transmit personal data to law enforcement and law enforcement agencies. This takes place on the basis of corresponding legal obligations, e.g. from the Code of Criminal Procedure, the Tax Code, the Money Laundering Act or state police law.

5. Storage periods

We store personal data within the framework of the legal regulations or your consent. We use the following criteria to determine the specific storage period: – Legal retention obligations, e.g. according to AO and HGB (German commercial law book) – Existence of consent, e.g. Your consent or their revocation – contractual retention obligations – existence of a contractual relationship, e.g. last activity, if there is no long-term debt relationship – no longer the purpose of data collection and data storage – technological and forensic requirements, e.g. to ward off attacks and their pursuit

6.Your rights

You have a number of legal rights, which we would like to draw your attention to below. In addition, our data protection officer is of course available to answer any questions you have about your personal data that we have collected and processed about you at . Right to information and data portability you have the right to information about your personal data processed by us at any time. If the data processing is based on your consent or in accordance with Art 6 para. 1 b) GDPR based on a contract, you can in accordance with Art. 20 para. 1 GDPR also require you to receive the personal data stored about you in a structured, common and machine-readable format. At your request, we will also forward the data directly to the recipient you have specified. Furthermore, in accordance with Art. 16 to 18 GDPR, you can request us to correct, restrict (block) or delete your personal data if the data has been processed incorrectly by us, there is a reason for restricting further data processing, or data processing has become illegal for various reasons, or if its storage is not permitted for other legal reasons. We would like to point out that your right to deletion may be restricted by statutory retention periods. Our data processing is based solely on our legitimate interest in accordance with Art 6 para. 1 f) GDPR, you can object to this processing in accordance with Art. 21 para. 1 GDPR. We will then stop processing your data unless we can prove that the processing is worthy of protection, which outweighs your interests, rights and freedoms, or the processing serves to assert, exercise or defend a legal claim. If you have allowed us to process your personal data with your consent, you have the right under Art. 7 para. 3 GDPR a right of withdrawal with effect for the future is available. You are free to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates the European General Data Protection Regulation or other national and international data protection laws.

To exercise your rights, you can send us an informal message to the contact details below. Please also send your revocation of your consent, stating which declaration of consent you would like to revoke, to the following contact details: Responsible DPO COMPESO GmbH

7. Use of our website – profiling, cookies and web tracking

a) Fundamentals of cookies and opt-out options

We use so-called cookies in some areas of our website, e.g. in order to recognize the preferences of the visitors and to design the website accordingly accordingly. This enables easier navigation and a high degree of user friendliness of a website. Cookies also help us to identify particularly popular areas of our website. Cookies are small files that are stored on a visitor’s hard drive. They allow information to be held for a certain period of time and the visitor’s computer to be identified. We use permanent cookies for better user guidance and individual performance. We also use so-called session cookies, which are automatically deleted when you close your browser. You can set your browser so that it informs you about the placement of cookies. So the use of cookies becomes transparent for you. If you completely exclude the use of cookies, you cannot use individual functions of our website – including the option of cookie-based opt-out from tracking. If necessary, please allow the opt-out cookies of those services for which you want to prevent tracking. Please also keep in mind that deleting all cookies means that opt-out cookies will also be deleted. You may have to reset them. Cookies are also browser-bound, i.e. they must always be set separately for each browser you use on each of you devices. The links required for this can be found below in the description of the respective service. The following cookies are used by us – provided you allow this and have not set one or more opt-out cookies – for the purpose described in more detail:

b) Google Ads

Our website uses the ‘Google Ads’ service, which enables marketers to place ads in the hit lists of Google search and also in the Google advertising network. This takes place on the basis of previously defined keywords, by means of which the hit lists are only displayed if a keyword-relevant search is carried out.

Google Ads aims to advertise our website by displaying relevant advertisements on third-party websites, in the hit lists of Google search and by displaying relevant third-party advertisements on our website.

By clicking on a corresponding Google ad that refers to our website, Google sets a cookie. The cookie enables both us and Google to understand whether you came to our website via an ad and generated sales.

The data obtained in this way is used by Google to generate statistics (e.g. total number of users referred via Google Ads, success of our ads campaign) for our website. Neither we nor any other Google Ads advertiser receives information from Google that could be used to identify you.

However, the cookie is used to store personal information, such as the websites you visit. Google may share this information with third parties.

You can object to interest-based advertising by Google at any time by calling the following opt-out link:

Receiver of this data: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA


c) YouTube Video, embedded via iFrame in the extended data protection mode

We use YouTube, a service from Google, to display video content to you. To protect your privacy, we have activated the extended data protection mode. YouTube also uses cookies to collect information about visitors to its website. YouTube uses these, among other things, to collect video statistics, to avoid fraud and to improve user-friendliness. Calling up a video usually leads to a connection to the Google DoubleClick network. If you start the video, this could trigger further data processing processes, especially if you are already logged in to YouTube. We have no influence on that. Further information on data protection at YouTube can be found in their data protection declaration Recipient of the data: Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA Privacy-Shield:

d) DoubleClick by Google

DoubleClick by Google uses cookies to present advertisements that are relevant to you. A pseudonymous identification number is assigned to your browser in order to check which advertisements have been shown in your browser and which advertisements have been called up. The cookies contain no personal information. The use of DoubleClick cookies only enables Google and its partner websites to place ads based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted and stored by Google for evaluation. Google only transfers the data to third parties on the basis of legal regulations or within the framework of order processing. Google will not merge your data with other data collected by Google. If you do not agree with this form of processing, you can prevent the storage of cookies by setting your browser accordingly. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website and from processing this data by Google here: = DE Download and install the accessible browser plug-in. Alternatively you can use the DoubleClick cookies on this page Recipient of the data: Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA Privacy-Shield:


8. Additional information and provisions for individual services

Data that you send us via our contact form are processed for the purpose of communication and data exchange, i.e. to respond to your specific request. This data is stored for as long as its processing is necessary for this purpose or until any subsequent retention periods expire.