According to § 5 TMG
Kinder Spiel & Spaß Fabrik
Betriebsnummer:51 55 4774
Online Dispute Participation (OS)
The European Commission provides a platform for online dispute resolution (OS), which you can find here
Protecting your personal data is our top priority. In this data protection declaration we inform you about what data we collect during your visit to our homepage, how we use it and protect it.
Please take a moment to read the following information so that you understand how we treat your data. If you have any questions about this, we will be happy to help you.
We care about your privacy and want to ensure that you feel safe and protected when using our website.
Responsible for the processing of your personal data on this website is:
Kinder Spiel & Spaß Fabrik
Tel. : 0631 34100900
CEO: Roswitha Henn-Nickel
The European Commission provides a platform for online dispute resolution (OS), which you can find here. We are willing to participate in an out-of-court arbitration procedure before a consumer arbitration board.
a. Scope & purpose of processing personal data
As a matter of principle, we only process your personal data as a user of this website insofar as this is necessary to provide a functional website and our content and services. Your personal data will only be processed with your specific consent, unless the data processing is also permitted by law without prior consent being obtained. The purposes of the processing result from the processing activities described in more detail below. Your data is transmitted in encrypted form (SSL SHA 256).
b. Legal basis for processing personal data
Insofar as we obtain your consent for the processing of personal data, Art. 6 Para. 1 a) GDPR serves as the legal basis. If the processing of your data is necessary to fulfill a contract to which you are a party, Art. 6 Para. 1 b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as processing of your personal data is necessary to fulfill a legal obligation to which we are subject, Art. 6 Para. 1 c) GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if your interests, fundamental rights and fundamental freedoms do not outweigh the first interest, Art. 6 Para. 1 f) GDPR serves as the legal basis for the processing.
c. Data Erasure and Storage Duration
Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this is provided for by law or other legal provisions that are binding on us. The data will also be blocked or deleted if a storage period prescribed by the aforementioned legal provisions expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
i.e. Types of data processed
Unless otherwise explained below, the following types of data are processed:
• User data (e.g. name, address when contacting or autograph requests);
• Contact details (e.g. e-mail address also when contacting us);
• Content data (e.g. text input when contacting)
• Usage data (e.g. access data from accessing our websites);
• Communication and metadata (e.g. IP addresses, device information).
e. purposes of processing
We process your personal data to provide the online offer, its functions and content, to answer contact requests and to communicate with users, security measures and to optimize our offer (marketing), unless other purposes are specified below.
f. Categories of data subjects
The so-called "persons affected" by the data processing are the visitors of this website and users of the online offer ("users").
g. Provisions for the provision of data and consequences of non-provision
If you only use the site for informational purposes, you are not obliged to provide any further personal data.
h. No automated decision making
We do not make any automated decisions.
When processing your personal data, you have the following rights, which we would like to inform you about below. You can contact us for this, the contact details can be found above under point 1.
a. Right to information (Article 15 GDPR)
Upon request, we will confirm whether personal data relating to you will be processed. If this is the case, you have the right to be informed about the following information
• the purposes of data processing,
• the categories of data processed, as well
• where applicable, the recipients or categories of recipients to whom data are disclosed due to legal obligations or contractual relationships; especially for recipients in third countries
• the planned storage period, or if this is not possible, the criteria for determining the period
• the existence of a right to correction or deletion of the personal data concerning you, or to restriction of processing by us or a right to object to this processing
• the existence of a right of appeal to the supervisory authority
• in the event that the personal data is not collected from the data subject: all available information about the origin of the data
• the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the scope and envisaged effects of such processing for the data subject
• in the case of transfer to a third country or to an international organization, about the appropriate guarantees related to the transfer.
Upon request, you will receive a copy of the data collected and processed from you. This is basically free of charge.
b. Right to rectification (Article 16 GDPR)
You have the right to demand the immediate correction of incorrect personal data concerning you. You have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data - also by means of a supplementary declaration.
c. Right to erasure (Art. 17 GDPR) (so-called right to be forgotten)
Upon request or after fulfillment or termination of the contract with us, your personal data will be deleted immediately if this does not conflict with tax or commercial law storage or documentation obligations or the safeguarding of the legitimate interests of the person responsible is at risk.
A right to erasure exists under the following conditions:
• The personal data were collected for purposes or otherwise processed for which they are no longer necessary.
• You revoke your consent on which the processing was based pursuant to Art. 6 Para. 1 a) GDPR or Art. 9 Para. 2 a) GDPR and there is no other legal basis for the processing.
• You object to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or an objection to the processing was filed in accordance with Art. 21 (2) GDPR.
• the personal data have been processed unlawfully.
• the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
• The personal data were collected in relation to information society services offered pursuant to Art. 8 Para. 1 GDPR (the consent was given by a child)
d. Right to restriction of processing (Article 18 GDPR) (blocking)
Under the following conditions, you have the right to request the restriction of processing, i.e. the blocking of your personal data for processing:
• You contest the accuracy of the personal data for a period of time that enables us to verify the accuracy of the personal data.
• the processing is unlawful, you reject the deletion of the personal data and instead request that the use of the personal data be restricted.
• The person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims.
• The user has objected to the processing pursuant to Article 21(1) GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh those of the user.
e. Right to data portability (Art. 20 GDPR) (data portability)
Upon request, your data can be made available in a structured, common and machine-readable format for you and a service provider working subsequently, in order to enable rapid transmission. This applies to everyone
If you only use the website for informational purposes, i.e. if you do not provide us with any other information, we only collect the personal data that your browser transmits to our server, unless otherwise explained below. If you want to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 Para. 1 S. 1 f) GDPR):
• date and time of retrieval,
• name of the accessed pages,
• IP address of the requesting device (anonymized),
• Referrer URL (source URL from which visitors came to our website),
• browser type, language & version,
• Operating system The IP address is stored for a maximum of 14 days for security reasons and then completely deleted.
Order processing: agency and hosting
For certain services in connection with the operation of this website, we use processors according to Art. 28 DSGVO: An agency for the support and technical optimization of the website as well as a so-called hoster. This hoster provides, among other things, IT infrastructure, computing power, database services, e-mail dispatch, security services, server storage space and technical maintenance services.
Here we process. or our processors on our behalf inventory data, contact data, content data, contract data, usage data, meta and communication data of our visitors to our website.
The processing by us and the named processors takes place exclusively within the framework of an agreement in accordance with Article 28 GDPR, the above-mentioned data are processed on the basis of our legitimate interests in a professional and secure provision of our website in accordance with Article 6 Paragraph 1 f) GDPR.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive by the browser you are using and enable certain information to flow to us as the site that set the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
This website uses temporary cookies to optimize this website. Temporary cookies are automatically deleted after a certain period of time. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser. HTTP and pixel cookies are also used. Some cookies are from us (so-called first-party cookies) and some from third parties (third-party cookies).
If these cookies and/or the information they contain are personal data, the legal basis for data processing is Art. 6 Para. 1 a) if you have given your consent, otherwise Art. 6 Para. 1 f) GDPR, on the basis of our legitimate interested in optimizing our website.
Cookie consent with Klaro! consent managers
Contact by e-mail, post & telephone
You have the option of contacting us in several ways: by e-mail, by telephone or by post. If you contact us, we use the personal data that you voluntarily make available to us in this context solely for the purpose of being able to process your request as part of the contact request. The legal basis for the processing of your data is Art. 6 Para. 1 a) GDPR if you have given your consent. If you have not given your individual consent, we will process your data on the basis of Art. 6 Para. 1 b) GDPR. Your data will be deleted when they are no longer required for the purpose of processing and there is no statutory storage obligation.
Please note that despite all precautionary measures, complete security when communicating via unencrypted e-mails can never be guaranteed.
On our website we also offer you the opportunity to write to us via a contact form (electronic contact). If you as a user take advantage of this option, the data you enter in the input mask will be transmitted to us in encrypted form (SSL) and stored. At the time the message is sent, your IP address will also be transmitted for security reasons. This is stored for 7 days for security reasons and to ward off attacks and prevent fraud.
The legal basis for the processing of your data is Art. 6 Para. 1 a) GDPR if you have given your consent. If you have not given your individual consent, we will process your data on the basis of Art. 6 Para. 1 b) GDPR. The processing of the personal data from the input mask serves us solely to process the contact. We delete this data as soon as we no longer need it for this purpose and provided that there are no legal storage obligations to the contrary.
The data will only be passed on to the named service providers on the basis of a proper agreement on order processing in accordance with Art. 28 GDPR.
With the exception of the processing shown, we do not pass on your data to recipients based outside the European Union or the European Economic Area.
Some of the processing mentioned here causes data to be transmitted to the servers of the providers of tracking or targeting technologies commissioned by us. Some of these servers are located in the USA, insofar as the provider is based there. The data transmission takes place on the basis of so-called standard contractual clauses of the EU Commission and according to the principles of the so-called Privacy Shield. You can also get more information about this here: https://www.privacyshield.gov/welcome.
We only pass on your personal data to third parties if you have given your express consent to do so (Art. 6 Para. 1 a) GDPR), or the disclosure is necessary in accordance with Art. 6 Para. 1 f) GDPR to protect our legitimate interests and You do not have an overriding interest in not disclosing your data worthy of protection, or there is a legal obligation for the transfer according to Article 6 Para. 1 c) DSGVO, or according to Article 6 Para. 1 b) DSGVO for the processing of contractual relationships with you.
Google Analytics (anonymized)
The information generated by the cookie about your use of this website is approx
• browser type/version,
• operating system used,
• referrer URL (the previously visited page),
• host name of the accessing computer (IP address),
• Time of server request
However, we use the addition “anonymizeIP” as part of Google Analytics. With this addition, the IP address of the Internet connection of the person concerned is shortened and anonymized by Google if our website is accessed from a member state of the European Union or from another state party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.
Google will use the above information on our behalf to evaluate the use of our online offering by users and to provide us with reports on the activities within this online offering and, if necessary, to provide us with other services in this context. For this purpose, pseudonymous usage profiles of the users can be created from the processed data.
The personal data of the users will be deleted after 14 months. The IP address transmitted by the user's browser is not merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly and prevent the collection of data generated by the cookie in relation to the online offer and its processing by Google by downloading the browser plug-in available under the following link and to install: http://tools.google.com/dlpage/gaoptout?hl=de.
For booking tickets for live/TV events, you will find web links to the Eventim pages. The provider is CTS Eventim AG & Co. KGaA, administration: Contrescarpe 75 A, 28195 Bremen.
These links are so-called affiliate links which, when clicked, allow Eventim to assign the user/buyer to the person responsible for this site. Personal data, such as your IP address, can be transmitted to Eventim and processed.
If you consent to the processing by using these affiliate links, the legal basis for the processing is Art. 6 Para. 1 a) GDPR. Otherwise, the legal basis is the prior contractual measures for booking your ticket in accordance with Art. 6 Para. 1 b) GDPR and our legitimate interests (business interests in arranging the ticket bookings) in accordance with Art. 6 Para. 1 f) GDPR.
If the processing is based on Article 6 Paragraph 1 f) GDPR, you have the right to object to the processing.
Doubleclick by Google
The cookies do not contain any other personal information.
The use of DoubleClick cookies only enables Google and its partner websites to place ads based on previous visits to our or other websites on the Internet. For example, you will only be shown products that you were also interested in on other sites, so-called "remarketing".
The information generated by the cookies is transmitted by Google to a server in the USA for evaluation and stored there. A transfer of data by Google to third parties only takes place due to legal regulations or in the context of order data processing. Google does not combine your data with other data collected by Google.
Google is certified under the Privacy Shield Agreement and guarantees compliance with data protection:
The legal basis for this processing is our legitimate interests, i.e. our interest in the analysis, advertising and optimization of our offer and the economic operation of our online offer within the meaning of Art. 6 Para. 1 f) DSGVO, insofar as you have not already started using this website have consented, Art. 6 Para. 1 a) GDPR.
You can prevent the storage of cookies by setting your browser software accordingly. Further information on the use of data by Google, setting and objection options can be found in Google's data protection declaration,(https://policies.google.com/technologies/ads,as well as in the settings for the display of advertisements on Google, https://adssettings.google.com/authenticated).
Integration of third-party services and content
As part of our website, we use on the basis of our legitimate interests, i.e. the interest in evaluating the use of our website and improving the operation of our website within the meaning of Art. 6 Para. 1 f) DSGVO.
We sometimes include offers from third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This may require that the respective third-party providers receive your IP address, since they would not be able to send the content to your browser without the IP address. The IP address is therefore required for the delivery and presentation of this content.
We may embed videos from the "YouTube" platform provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, for the purpose of making our website attractive and informative.
If you have a user account on YouTube or Google, the usage information may be associated with your profile. If you do not want this, you should log out of the provider's website beforehand.
The legal basis for the processing is our legitimate interests in accordance with Art. 6 Para. 1 f) GDPR in being able to offer a website that is interesting and useful for the user.
The data protection information of the provider can be found at: https://www.google.com/policies/privacy/. You can object, i.e. set a so-called opt-out, under this link: https://adssettings.google.com/authenticated.
Facebook Connect (tracking)
We offer you the opportunity to register directly with Facebook from our website using Facebook Connect or to call up our presence there.
The provider is Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You can recognize the Facebook plugins by the Facebook logo/the text “Show/share on Facebook”. You can find another overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/.
When you visit our website, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited our website with your IP address. If you click the Facebook button, share something or similar while you are logged into your Facebook account, the visit will be assigned. If you do not want Facebook to be able to associate your visit to our website with your Facebook user account, please log out of your Facebook user account before visiting our website.
By integrating the plugins, Facebook may also receive some information if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. Some of this data is pseudonymized or even anonymized. Through the link, we automatically receive the following information from Facebook Inc., insofar as you have released it: First name, last name, e-mail and date of birth of the user. This serves us to optimize our offers as well as to enable you to use the offers you have requested in an optimal and comfortable manner.
The legal basis for this is your consent through the informed use of these buttons, Art. 6 Para. 1 a) DSGVO, or if consent is not given in individual cases, on the basis of our legitimate interests (i.e. interest in evaluating the use of our website and improving operation of our offers within the meaning of Art. 6 Para. 1 f) GDPR.
Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
If the processing is based on our legitimate interests according to Art. 6 Para. 1 f) DSGVO, you have a right of objection.
Why do we use Google Fonts on our website?
With Google Fonts we can design our website better and give our visitors a nicer online visit. The fonts we use are on our own server and are not loaded and evaluated by Google.
We reserve the right to adjust security and data protection measures if this becomes necessary due to technical or legal developments. In these cases, we will also adapt these data protection notices accordingly. Therefore, please note the current version of our data protection information.
For a better understanding, we would like to make the definitions of the GDPR available to you below, insofar as they are relevant to our data protection information:
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). A natural person is considered to be identifiable if, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features, the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified. In simple terms, personal data is individual information about the personal or factual circumstances of a specific or identifiable natural person, i.e. not a legal entity such as a GmbH. Personal data primarily includes information such as name, address, e-mail address and also the IP address.
Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data such as collecting, recording, organizing, arranging, storing, adapting or changing, reading out, querying, using, disclosure by transmission, distribution or any other form of making available, matching or linking, restriction, deletion or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing (in the sense of blocking)
ProfilingProfiling is any type of automated processing of personal data, which consists in using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal Analyze or predict that natural person’s preferences, interests, reliability, behavior, whereabouts or relocation.
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and technical and organizational measures
are subject to ensure that the personal data are not assigned to an identified or identifiable natural person.
The person responsible is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the Member States, the person responsible or the specific criteria for his naming can be provided for by Union law or the law of the Member States.
Processor is a natural or legal person, public authority, institution or other body that processes personal data on behalf of the person responsible.
Recipient is a natural or legal person, public authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.
Third partyThird party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data.
Consent is any expression of will voluntarily given by the data subject in an informed manner and unequivocally for the specific case in the form of a declaration or other clear confirmatory action with which the data subject indicates that they consent to the processing of their personal data is.
Supervisory authority "Supervisory authority" is an independent state body set up by a Member State in accordance with Art. 51 GDPR.