Privacy Policy

1. Controller

The controller responsible for data processing on this website is: Leiste e. V. Leistenmühle 76870 Kandel Email: leistefestival@gmail.com

2. Data We Collect

When purchasing a ticket, we collect the following personal data: first and last name of each attendee, and an email address. Payment data is processed exclusively by our payment provider Stripe and is not stored by us. When you visit the site, our error monitoring service Sentry may capture technical information (browser type, JavaScript errors); IP addresses are not stored permanently. To protect the checkout endpoint against abuse, we process IP addresses briefly for rate limiting via Upstash; these entries expire automatically within minutes.

3. Purpose and Legal Basis

We process your data to fulfil the ticket purchase contract and for entry verification at Leiste Festival 2026. The legal basis is Art. 6(1)(b) GDPR (performance of a contract). Joining our Telegram channel is voluntary and based on your consent under Art. 6(1)(a) GDPR.

4. Disclosure to Third Parties

Your data is processed with the help of the following service providers. Where they act as processors on our behalf, we have concluded Data Processing Agreements pursuant to Art. 28 GDPR: - Stripe Payments Europe, Ltd. (Dublin, Ireland) — payment processing; Stripe acts as an independent controller for payment data. Privacy: stripe.com/en/privacy - Vercel Inc. (USA) — website hosting and content delivery. Privacy: vercel.com/legal/privacy-policy - Supabase, Inc. (servers in Frankfurt, Germany) — database for ticket information. Privacy: supabase.com/privacy - Functional Software, Inc. d/b/a Sentry (EU servers) — error monitoring. Privacy: sentry.io/privacy - Upstash, Inc. (EU region) — rate limiting to protect against abusive requests. Privacy: upstash.com/trust/privacy - netcup GmbH (Karlsruhe, Germany) — domain registration and DNS. Privacy: netcup.de/kontakt/datenschutzerklaerung.php Where data is transferred to providers based outside the EU (e.g. Vercel Inc. in the USA), the transfer is made on the basis of EU Standard Contractual Clauses pursuant to Art. 46(2) GDPR.

5. Retention Period

Your data will be deleted no later than 6 months after the festival, unless statutory retention obligations apply. You may request deletion of your data at any time.

6. Your Rights

You have the right to access, rectification, erasure, restriction of processing, and data portability (Art. 15–20 GDPR), as well as the right to object (Art. 21 GDPR). To exercise these rights, contact: leistefestival@gmail.com

7. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent data protection supervisory authority. In Rhineland-Palatinate, this is the State Commissioner for Data Protection and Freedom of Information (LfDI RLP), www.datenschutz.rlp.de.

8. Cookies

This website sets one technically necessary cookie (NEXT_LOCALE) to remember your language preference. This cookie is required for the site to function and does not require your consent.