Privacy Policy of Hypd

About us

We, Hypd, a brand of Ticketrunner GmbH, are pleased about your interest in our services and our company. We are committed to protecting your privacy and your personal data. The following data protection declaration informs you comprehensively about the handling of your personal data and about your rights in this connection when using the website to purchase products and other services in relation to the offers made by the brand ambassadors as well as the use of the services, offers and applications within the framework of the brand ambassador programme also under the corresponding subdomains and the corresponding mobile apps. (hereinafter: the Services).

I. Definitions

The definitions used in our data protection declaration correspond to those of Art. 4 of the Basic Data Protection Ordinance (GDPR).

1. ”Personal Data“

Any information relating to an identified or identifiable natural person (hereinafter referred to as"data subject"); an identifiable natural person is one who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics which express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person;

2. “Processing“

means any operation carried out with or without the aid of automated procedures or any such series of operations relating to personal data such as the collection, collection, organisation, filing, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction;

3. ”Restriction of processing“

is the marking of stored personal data with the aim of restricting their future processing;

4. “Pseudonymization“

is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person;

5. “Person in Charge“

means the natural or legal person, authority, body, office or other body which alone or jointly with others decides on the purposes and means of processing personal data; where the purposes and means of such processing are specified by Union law or by the law of the Member States, the controller or the criteria for his appointment may be laid down by Union law or by the law of the Member States;

6. “Contract Processor“

is a natural or legal person, authority, institution or other body processing personal data on behalf of the data controller;

7. “Recipient“

is a natural or legal person, authority, institution or other body to which personal data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union law or the law of the Member States under a particular investigation mandate shall not be considered recipients; the processing of such data by the said authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing;

8. ”Third Party“

means a natural or legal person, authority, institution or other body other than the data subject, the data processor, the data processor and the persons authorised to process the personal data under the direct responsibility of the data processor or the data processor;

9. “Consent“

the data subject shall receive any voluntary statement of intent in the specific case, in an informed and unequivocal manner, in the form of a statement or other clear affirmative act, which the data subject indicates that he/she agrees to the processing of his/her personal data.

II. Person in Charge

The person responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other provisions of data protection law is

Ticketrunner GmbH

Longericherstrasse 12

50767 Köln


III. Scope and Legal Basis of Data Usage

1. Scope

We only collect and use personal data of our users to the extent necessary to provide our website, content and services. Your personal data will only be collected and used with your consent or if the processing of the data is permitted by law.

2. Legal Basis

If you have given us your consent for the processing of personal data, the legal basis is Art. 6 para. 1 lit. a GDPR.

If the processing serves the fulfilment of a contract concluded between you and us (if necessary also via a trademark ambassador) or if it is necessary for the implementation of pre-contractual measures, Art. 6 para. 1 lit. b GDPR is the legal basis.

Any processing of personal data required to fulfil a legal obligation to which we are subject (e.g. statutory retention and storage obligations) is based on Art. 6 para. 1 lit. c GDPR as the legal basis.

Processing which is necessary to protect our interests or the legitimate interests of a third party and in which their interests, fundamental rights and freedoms do not outweigh this legitimate interest may be based on Art. 6 para. 1 lit. f GDPR.

3. Transfer of Data to Third Parties / Processing in Third Country

Your personal data may be transferred to third parties if you have given your express consent, if this is required by law or if this is based on another legal basis mentioned above.

If you are a brand ambassador participating in or working for a brand owner's campaign or have acquired products or services in this context, we will also transfer your data to the respective campaign creators to the extent necessary to fulfil your request or to carry out the ambassador campaign.

We only work with carefully selected campaign producers who meet our standards for the protection of your personal data and the legal requirements.

In some cases, we use carefully selected external service providers and cooperation partners to process personal data.

This is done within the framework of so-called order processing on the basis of Art. 28 GDPR.

The processing of personal data in a third country, outside the European Union or the European Economic Area, is only carried out on the basis of special guarantees, such as the official recognition by the EU Commission of a level of data protection corresponding to the EU or the observance of officially recognised special contractual obligations, the so-called "standard contractual clauses". A data protection level corresponding to the EU is also given in particular if the service provider has submitted to the "EU-US Privacy-Shield” (

4. Data Deletion and Storing Time

We will delete or block your personal data as soon as the purpose for storage ceases to apply.

Within this framework we store your data at the most up to three years after the last establishment of contact with us and/or since the last registration over their account with Hypd.

Beyond this, however, data may be stored if this is provided for by national or European laws or other regulations to which we are subject. Your data will be blocked or deleted when a storage period prescribed by these regulations expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

5. Children (Minimum Age)

Our services are basically aimed at adults. Persons under 16 years of age may not transmit any personal data to us without the consent of their parents or legal guardians.

IV. Scope of Processing in Detail

1. Website Visits

We process the following personal data when you visit our website

Log files/processing of IP addresses

When you visit our website, our system always temporarily stores your IP address. This also represents a personal date.

To make the page available to you, it is necessary that the information is collected by the computer system of the calling computer (server log files). The data are as follows: Name of the requested file, your IP address, date and time of access, the amount of data transferred and the requesting provider (access data). The access data is used exclusively for the purpose of delivering the website content. An evaluation of the data for marketing purposes does not take place in this context. All access data will be deleted no later than seven days after the end of your visit to the site.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR. The storage takes place on our legitimate interest in the stability and security of the website.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website and IT security; you have no possibility of objection in this respect.

Use of cookies

We use so-called "cookies" on our website. These are small text files that are copied from a web server to your hard disk. Cookies contain information that can later be read by a web server in the domain where the cookie was issued to you. Cookies cannot run programs or place viruses on your computer. Cookies can be blocked by your browser. The help function in the menu bar of most web browsers explains how and to what extent you can disable new cookies or generally disable the use of cookies. In this case, however, we can no longer offer you some functionalities of our website.

In this context we use the following cookies:

_session_id, unique token, sessional, Website session cookie. Ensures that the user remains logged in.
_hypd_visit (_ticketrunner_visit) Is automatically queried by our website provider via their internal status tracker to record the number of website visitors
_hypd_uniq (_ticketrunner_uniq) Visitor data are stored; expires daily at midnight of the following day (depending on the visitor) and counts the visits of an individual user
cart, unique token Active for 2 weeks, remember the items in your shopping cart
_secure_session_id, unique token, sessional storefront_digest, unique token Stored for an indefinite period of time, provided that the login takes place with password and serves to determine whether the user has usage rights.
g Analytics Tracking from Google Analytics.
gat Analytics Tracking from Google Analytics. This cookie keeps bandwidth usage low (throttling).
PREF Only active for a few moments; is queried by Google and tracks who visits the page from where.
fr Tracking the Facebook Connect ID. Only active when the user logs on to Facebook.
hjIncludedInSample HotJar Cohort Cohort Analytics Tracking
_mkra_ctxt Use of Intercom Session.

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR. The use of cookies serves our legitimate interest in optimizing and further developing the websites and services.

We use the following analysis tools when operating the website and the services:

Google Tag Manager

Google Tag Manager is a solution that allows us to manage different so-called tags via a common user interface. The Tag Manager itself does not process any personal data. With regard to the processing of users' personal data, reference is made to the following information. Usage guidelines:

Google Analytics

We use the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies" to enable an analysis of your use of this website. The usage information generated in this way is usually transmitted to a US-American Google server and stored there. Pseudonymous user profiles can be created from the processed data.

Google Analytics is only used on this website with IP anonymisation activated. This means that your IP address will be reduced by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be transmitted and shortened on the US-American Google server. The IP address transmitted by your browser is not merged with other Google data.

You can prevent the storage of Google Analytics cookies and the collection of data generated by the cookie and related to your use of the online offer and the processing of this data by Google by downloading and installing the following browser plug-in:


We use the web analysis service Hotjar. The provider is Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta.

For more information about Hotjar, see'About Hotjar' on the provider's support page:

Hotjar helps us provide you with a better user experience and service, helps you diagnose technical problems and analyses user trends. Above all, the functionality of the Hotjar-based website can be improved through the services of Hotjar by making them more user-friendly, more valuable and easier for end users to use.

When visiting a Hotjar-based website, you can prevent Hotjar from collecting your data at any time by going to the following opt-out page and clicking'Disable Hotjar':

or activate'Do Not Track (DNT)' in your browser.

Information on data protection at Hotjar can be found on the following page:


In addition, we use the Intercom Messenger, an external CRM system for processing user inquiries and tool for web analysis on our websites of Intercom Inc. 55 2nd St, 4th Fl., San Francisco, CA 94105, USA ("Intercom"). All data that we transmit via Intercom is sent with 256 bit encryption and stored in the USA.

Intercom is subject to the Privacy Shield Agreement and thus offers the guarantee to comply with European data protection law (

Intercom uses the data of the users only for the technical processing of the inquiries and does not pass them on to third parties. Users are assigned by the respective session cookie. During the processing of service requests, it may be necessary to collect further data (name, address). The use of Intercom is optional and serves to improve and accelerate our customer and user service.

During the chat connection the following data will be processed: Location, IP address, browser and website visited. This is done on the basis of our legitimate interests in the analysis, optimization and economic operation of our website and services. The legal basis is Art. 6 para. 1 lit. f. GDPR.

Details on the use of data by Intercom can be found in the data protection declaration on the following pages:

2. Registration / Creation of A User Account as Brand Ambassador

To use the services, for example to become a brand ambassador for a campaign, you must register on our website or create an appropriate user account. The following data is collected during the registration process:

     •   Name and surname
     •   email
     •   Password (self-chosen)
     •   telephone number
     •   nation
     •   profile

The data within the scope of this registration process is entered into an input mask and transmitted to us and stored. Once you have registered, you will receive an e-mail in which you must click on a link to confirm your registration. This is how we prevent unauthorized third parties from registering using your e-mail address. To complete the registration you have to enter the phone number (country) and upload a profile picture.

The legal basis for the processing of the data is your consent, Art. 6 para. 1 lit. a GDPR. If the registration serves the fulfilment of a contract to which you are a contracting party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.

3. Registration / Login via Facebook-Login

Another optional way to use the services, for example to become a brand ambassador for a campaign, is to use the Facebook login. When you register via Facebook Login, Facebook asks you for permission to share certain information from your Facebook account with us. This includes your first name, last name, email address to verify your identity and gender, your general location, a link to your Facebook profile, your time zone, your birthday, your profile picture, your "Likes" and your friends list. This information is collected by Facebook and is provided to us in accordance with the terms of Facebook's Privacy Policy, which can be found at

You can control the information we receive from Facebook through the privacy settings in your Facebook account.

4. Use of Services

In the context of the use of your user account and the use of the services, in particular in the context of a campaign, we process and collect the following personal data in addition to those already mentioned:

     •   address details
     •   lineage
     •   date of birth
     •   Genre interests and preferences, also related to campaigns
     •   Data on accounts on social networks on Facebook, Instagram, LinkedIn, Google, Snapchat, under different names of accounts, but also data such as Facebook number of friends, Instagram number of followers
     •   Online IDs, such as Instagram Token ID; Facebook Access Token
     •   Image, film and sound data (especially in the context of an advertising campaign or a competition)
     •   First names of interested parties for the creation of a landing page and statistics of the user
     •   data relating to your use of the website and the services, insofar as these cannot be processed in an anonymised form
     •   Results or points from competitions and advertising campaigns, participating ambassador campaigns
     •   Purchasing and order data, in particular tickets, articles and services
     •   We process this data for the following purposes:
     •   Providing personalized visits to our services
     •   Organisation and execution of campaigns, especially competitions and advertising campaigns, but also activation for a campaign
     •   Provision and calculation of a bonus system, preparation for the users and the partners involved in each case
     •   Cooperation with the respective campaign producers and partners
     •   Recommend current and future ambassador campaigns that may be of interest to you
     •   Recommend tickets, articles and services that may be of interest to you
     •   Contacts including user account-related messages
     •   Sending email notifications you have subscribed to
     •   Execution, processing and, if necessary, delivery of tickets, articles and services purchased via our services
     •   Creation of a personalized landing page for those interested in tickets, articles and services advertised by the ambassador;
     •   Further develop our offerings, website and services to provide you with an even better user experience and to make our services as convenient and useful as possible.

We process the personal data for the purposes mentioned above on the basis of the legal bases mentioned under III.2. These are in particular the fulfilment of contractual obligations (Art. 6 para. 1 lit. b GDPR), insofar as the data are required for the execution of the contract, as well as your consent to the processing of the data (Art. 6 para. 1 lit. a GDPR) and the protection of legitimate interests (Art. 6 para. 1 lit. f GDPR).

Justifiable interests in this context are our interest in the further development and optimisation of the services, our interest in optimised and user-friendly communication, our interest in the provision of campaigns or partners of interest to users and, where applicable, our interest in effective public relations work.

5. Connections to Social Networks

Facebook Plug-In

We use Facebook Plug-Ins (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) to ensure an attractive presentation of our online offering. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

This establishes a connection to the Facebook servers when you visit our site and informs them that you are visiting our site. This also applies if you do not have a Facebook account or are not currently logged in to Facebook. If you are logged into your Facebook account, Facebook will map your user behavior directly to your personal profile. You can prevent this by logging out of your Facebook account.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights and setting options for the protection of your privacy can be found in the data protection information of Facebook:

Instagram Plug-In

For the same legitimate interest, we also use Instagram plug-ins (Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA).

This establishes a connection to Instagram's servers when you visit our site and informs them that you are visiting our site. This also applies if you do not have an Instagram account or are not currently logged in to Instagram. If you are logged into your Instagram account, Instagram will map your user behavior directly to your personal profile. You can prevent this by logging out of your Instagram account.

Please refer to Instagram's privacy policy for the purpose and scope of data collection and the further processing and use of the data by Instagram as well as your rights and setting options for protecting your privacy:

6. Hosting

Content-Delivery-Network von Cloudflare

A Content-Delivery-Network (CDN) is a service with which we can deliver certain files of our online content (especially large media files) faster with the help of regionally distributed servers connected via the Internet.

We use a content delivery network offered by Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare is certified under the Privacy Shield Agreement and undertakes to comply with European data protection law (

The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimisation of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR.

For more information, see Cloudflare's privacy policy:

7. Integration of External Content

Google Web Fonts

In order to display our contents correctly and graphically appealing across all browsers, we use script libraries and font libraries ("Google Fonts") from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on this website. Google Web Fonts are transferred to your browser's cache to avoid multiple loading. If your browser does not support Google Web Fonts or does not allow access, content will be displayed in a default font.

These web fonts are integrated by a server call, usually a Google server in the USA. This transfers to the server which of our Internet pages you have visited. The IP address of the browser of the visitor's terminal device is also stored by Google.

Google's privacy policy can be accessed via the following link:

An opt-out option can be found here:

V. Data Protection

We attach great importance to fulfilling our obligation to protect your personal data. We use a variety of security technologies and procedures to protect your personal data from unauthorized access, use or disclosure.

For example, we store the personal data you provide on computer systems with limited access in facilities to which access is restricted.

To protect your personal information, we take all appropriate and industry-standard precautions. In this way we ensure that your data is neither lost nor misused, made public, shared, changed or deleted. If you have entrusted us with your credit card details, this information is encrypted with secure socket layer technology (SSL) with AES-256 encryption. We follow PCI-DSS requirements to ensure the highest possible security of your data.

VI. Rights of Persons Concerned

As far as you as the data subject in terms of. According to Art. 4 No. 1 GDPR, you have the following rights regarding the processing of your personal data according to the GDPR.

1. Right to Confirmation and Information

Under the conditions of Art. 15 GDPR, you have the right to request confirmation as to whether personal data relating to you are being processed and to obtain, at any time and free of charge, from the data controller, information on the personal data relating to your person stored and a copy of this information.

2. Right to Correction

Under the conditions of Art. 16 GDPR, you have the right to demand the immediate correction of incorrect personal data concerning you. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data - also by means of a supplementary declaration.

3. Right to Deletion

Under the conditions of Art. 17 GDPR, you have the right to demand that we immediately delete the personal data concerning you, provided that one of the reasons stated in Art. 17 GDPR exists and insofar as processing is not necessary.

4. Right to Limitation of Processing

Under the conditions of Art. 18 GDPR, you have the right to request us to restrict processing.

5. Right to Data Transferability

Under the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, current and machine-readable format, and you have the right to transmit this data to another person responsible without our interference, provided that the other conditions of Art. 20 GDPR are met.

6. Right to Revoke Consent

You have the right to revoke your consent to the processing of personal data given to us at any time with effect for the future. You can send the revocation to the above mentioned contact data or to the e-mail address:

7. Automated Decisions in Individual Cases including Profiling

You have the right not to be subjected exclusively to automated processing - including profiling - that has legal effect against you or significantly impairs you in a similar manner.

8. Right of Objection

Under the conditions of Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you. If the conditions for an effective objection are met, processing by us may no longer take place. The foregoing general right of objection applies to all processing purposes described in this Privacy Information that are processed on the basis of Article 6(1)(f) GDPR.

After exercising your right of objection, we will not process your personal data further for these purposes, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend legal claims.

This does not apply if the processing is for direct marketing purposes. Then we will not process your personal data for this purpose.

9. Right of Appeal to a Supervisory Authority

a supervisory authority, in particular in the Member State where you reside, work or suspect of infringement, if you believe that the processing of personal data concerning you is contrary to the provisions of the GDPR.

You also have the right to complain to the supervisory authority responsible for us:

Landesbeauftragte für Datenschutz und Informationsfreiheit


Postfach 20 04 44

40102 Düsseldorf

Tel.: 0211/38424-0

Fax: 0211/38424-10



1. Links to other Websites

Our site may contain links to other websites. Although we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the content, security and privacy practices of other websites, nor for the use of your personal information by such websites. This Privacy Policy does not apply to third party websites that are not owned or controlled by us, even if you access them through our Service. We encourage you to carefully review the privacy policies of these sites so that you know how they collect, use and share your information.

2. Contact

If you have any questions regarding this privacy statement or our handling of your personal data, please contact us at: .

We will process your request immediately and endeavour to find a satisfactory solution.

3. Amendment of this Privacy Policy

In order to improve Hypd, we are constantly developing our website and services. We will always keep this data protection declaration up to date and adapt it accordingly if and insofar as this should become necessary. We will of course inform you of any changes to this data protection declaration in good time and in an appropriate form. Should further consent be required from you for processing your data, we will obtain it from you in good time before the relevant changes take effect or, in the event of non-issuance, we will discontinue the data relating to processing.

Status of the data protection declaration: September 13, 2018