Data protection

As it is important to us that you feel safe and comfortable using our website, and because protecting your privacy is a high priority for us, we would now like to inform you of how we treat the capture, use and circulation of personal data.
Thalia Theater GmbH is responsible for data collection and processing, represented by Artistic Director Joachim Lux and Commercial Director Tom Till.


Usage data

When you access the Thalia Theater GmbH website, a data set will be saved on the web server. The data set comprises of:

  • the complete IP address
  • the time of the call
  • the call method
  • the accessed URL
  • the version in use
  • the HTTP protocol
  • the result value
  • the size of the call
  • the call in KBytes of the page, activated on the page before the call (referrer)
  • the used programmes (browser and operating system)
  • We use this information on the legal grounds set out in Art. 6 Para. 1 S. 1 lit. f DSGVO and for the purpose of allowing access to our website, for the control and administration of our systems as well as improving the design of the website. The usage data is anonymised and the link to the individual person is therefore erased. The creation of personalised user profiles is therefore also precluded.
  • The above mentioned data consisting of existing, anonymised data sets is saved with statistical tools via our provider Mittwald Medien GmbH and evaluated only for statistical purposes. Statistics on the frequency of access to individual web pages helps us better design the website to fit your needs. Your data will not be given to third parties or be subject to any other analysis.



In order to make a visit to our website more attractive and to enable you to use certain functions, e.g. ordering transactions, we use so-called cookies. Cookies are small files, which we permanently store on your computer for various reasons. In order to allow our customers to use a virtual shopping basket we use so-called Session Cookies and Session IDs (cryptic numbers with which the connection to the user account is managed during the session). These Session IDs are automatically deleted when you leave our website. The processing of personal data using technically essential cookies is based on legal grounds detailed in Art. 6 Para. 1 S. 1 lit. f DSGVO and improving our services. The legal grounds for processing can be found in Art. 6 Para. 1 S. 1 lit. a DSGVO.


Use of web tracking tools

Our website uses Matomo (formerly Piwik), referring to a so-called web analysis service. Matomo transfers your abbreviated IP address to our server and saves it for user analysis purposes, which serves website optimisation on our side. This process will immediately anonymise your IP address so that you, the user, can remain anonymous. Information about the way you use the website will not be given to third parties. The data processing is in line with the basis of Art. 6 Para. 1 S. 1 lit. f DSGVO and done in the interest of improving our website. You can revoke permission to process your data at any time by using the Matomo opt-out function.



In order to protect your data from unauthorised access as comprehensively as possible, transactions as part of our online ticket service will be subject to a128-Bit-SSL encryption.


Server log files

The site provider automatically collects and stores information in so-called server log files that your browser automatically submits to us. These are:

Browser type and browser version

  • operating system used
  • referrer URL
  • host name of the accessing computer
  • time of server inquiry

This information cannot be connected to a certain person. We will not combine this data with other data sources. We reserve the right to examine data at a later date if we are made aware of concrete evidence for illegal use.


Redirecting to other websites and social networks

Our website contains links to other sites. You will recognise these, for instance because they feature logos that open a new browser window when they are clicked upon. When you are directed away from the Thalia website, we cannot offer any guarantees about those sites and their compliance with data protection regulations. If you have any questions about data protection please contact the individual provider. On the basis of Art. 6 Para. 1 S. 1 lit. f DSGVO and in the interests of publicity and staying connected with our audiences, we are officially represented on the following social networks:

At no time will we collect, save or process the personal data of our users on these pages. Furthermore we will not undertake or initiate any other data processing. Any data you post on our Facebook page e.g. comments, videos or photographs will not be used or processed by us at any time for any other purposes. Social networks can use so-called web tracking methods on their pages. Please be aware: we cannot rule out the possibility that social networks will use your profile information to evaluate your habits, personal relationships, preferences etc. We have no influence over the way in which social networks process your data. Should you access our pages on social networks please be away of both our privacy statement and the declarations of the individual sites.



You must register before purchasing tickets online. You can use your account again later for further orders. Once you have logged in you can access and change your data at any time. To complete registration we require your email address, title, first name and surname, postal address and payment details. This data is used to register you and identify you via an account to issue you with tickets and be able to send them out to you und process your payment. Providing optional details (e.g. title or phone number) helps us to deliver our services to you at the highest possible standard and to be able to get in touch with you as quickly as possible for questions and to inform you of changes to performances. If you buy a concession ticket (e.g. owing to a severe disability) we will use this information to calculate the reduced ticket price and will save the reason for the concession authorisation e.g. so that ID can be examined upon entry. Data processing is on the basis of contract initiation according to Art. 6 Para. 1 S. 1 lit. b DSGVO. You can delete your account at any time. We will then stop the corresponding data processing without this affecting the legitimacy of prior processing.    


If Thalia Theatre has received your address or email address during the ticket purchasing process, Thalia can use this data to send out direct marketing for other Thalia Theatre performances unless you have explicitly said this is not allowed. You can revoke consent at any time and this can be directed to: or Thalia Theatre, Raboisen 67, Communication Department, 20095 Hamburg. Should you do this, your customer data and accounting documents will still be stored for ten years according to legal retention requirements, however they will no longer be used for Thalia Theatre direct marketing. Personal data will not be shared unless you have given explicit permission or we are obliged to because of legal regulations (e.g if any criminal offences are uncovered). The disclosure of credit card numbers to unauthorised third parties is excluded in any case.  You can revoke your consent by deleting your account. We will then stop the corresponding data processing without this affecting the legitimacy of prior processing. 


Online Ticket Service

We require your personal data when you purchase tickets via the online ticketing system. This data will only be used by Thalia Theater GmbH and its vendors to deliver and/or improve existing and future services on the basis of Art. 6 Para. 1 S. 1 lit. b DSGVO. To purchase tickets online we process your email address, title, first name and surname, your postal address and details of your payment method. This data is used to register you and identify you via an account to issue you with tickets and to be able to send them out to you und process your payment. Providing optional details (e.g. title or phone number) helps us to deliver our services to you at the highest possible standard and to be able to get in touch with you as quickly as possible for questions and changes to performances. Thalia Theater GmbH does not trade the personal data of its customers. Personal data will not be disclosed to any third parties for marketing purposes unless the customer has explicitly given permission. Disclosing credit card numbers to unauthorised third parties is excluded in any case. Data is deleted after 10 years. 



We will only send you our newsletter if you subscribe via our form. If you would like to receive this newsletter we require a valid email address for you to receive our so-called opt-in email. By clicking the link in the email the recipient confirms the email address with which they have subscribed to the newsletter and the newsletter subscription is activated. Processing takes place on the basis of your consent, according to Art. 6 Para. 1 S. 1 lit. a DSGVO. The details you submit will only be used to send you emails and where applicable your address will be used to send out our newsletter. We will also save the time at which you submit your opt-in confirmation. If, in the future, you no longer wish to receive the newsletter, you can click on the link in every newsletter to unsubscribe at any time. Unsubscribing does not affect the legitimacy of the prior data processing. If consent is revoked we will stop the processing of relevant data. You will only receive further information about our website if you have actively clicked on this option, and you can revoke this at any time. 


Contacting us

Details given to us in the context of making contact will only be used in line with Art. 6 Para. 1 S. 1 lit. b DSGVO, in order to process your request and to send you any information you asked for. Data will be deleted after 3 months.



If you apply for any of our advertised jobs, your personal information and data will only be used for the intended purpose, adhering to data privacy provisions. You agree to your data being processed and forwarded exclusively for the application process. Data processing will be carried out on the basis of § 26 BDSG. You can revoke your consent at any time, without this affecting the legality of any prior processing. If you revoke your consent we will stop processing the corresponding data. Otherwise your data will be deleted after six months in keeping with legal retention periods.


Embedding YouTube videos

We embed YouTube videos on some of the pages of our website. Clicking on these pages means content will be downloaded from YouTube. In this instance, YouTube will also receive your IP address, which is technically necessary in order to access the content. We have absolutely no influence over the way in which YouTube processes your data. When we embed YouTube videos we are certainly conscious to activate the additional data protection mode offered by YouTube. 


Data recipients

In keeping with the order processing rules in Art. 28 DSGVO we pass your data on to service providers who support us in running our website and the associated processes. Our service providers are strictly bound by our instructions and contractually bound accordingly. We work with the following service providers:
Hosting service provider Mittwald CM Service GmbH & Co.KG, Karnbrock Information Solutions GmbH, Web Analysis Service Matomo, Hamburger Staatstheater Data Centre (GbR), TeleCash GmbH & Co. KG. Jet Ticket [JetTicket Software GmbH, Spitalstraße 5, A-7350 Oberpullendor] supports us with card sales, handling and management.
To fulfil our contract we pass on your data to the shipping company charged with the delivery of your order, in so far as this is necessary to deliver the ordered goods. To handle payments, we must transfer data to the banking institution and payment service provider we have authorised to process the payment, and those payment services they have chosen to involve in the order process.


Data transfer to other countries

Sometimes we transfer your personal data to other countries outside of the EU. We are responsible for ensuring an adequate level of data privacy protection:

In the case of Jet Ticket (UK) the EU Commission has put an adequate level of data privacy protection in place according to Art. 45 Para. 1 DSGVO. We will never sell your personal data to a third party nor market it in any other way.


Your rights as a user

When processing personal data, the DSGVO protects your following rights as a website user: 

1. Right to access (Art. 15 DSGVO)
You have the right to request confirmation of whether your relevant personal data will be processed; and if this is the case you also have the right to access this personal data and information as individually stipulated in Art. 15 DSGVO.

2. Right to collection and deletion (Art. 16 and 17 DSGVO)
You have the right to demand the immediate correction of relevant incorrect personal data and where appropriate the completion of incomplete personal data.
Furthermore you have the right to demand that relevant personal data be immediately deleted, should it meet one of the criteria laid out in Art. 17 DSGVO, e.g. when the data is no longer required for the original purpose.      


3. Right to limited processing (Art. 18 DSGVO)

You have the right to limit the amount of time for which your data is processed, if any of the conditions listed in Art. 18 DSGVO are valid, e.g. if there is a discrepancy in the way in which data is processed, for the duration of a possible period of examination.


4.Right to Data Transfer (Art. 20 DSGVO)

In certain cases, itemised in Art. 20 DSGVO, you have the right to receive your relevant personal data in a structured, accessible and machine-readable format and to ask for this data to be sent to a third party. 


5. Right of appeal (Art. 21 DSGVO)

If data is collected on the basis of Art. 6 Para. 1 S. 1 lit. f (data processing for safeguarding legitimate interests), you have have the right to object to data processing for reasons that arise from your particular situation. We will then stop processing your personal data unless there are provable, compelling, legitimate reasons for processing that outweigh the interests, rights and freedoms of the person affected, or unless the processing is in the interest of establishing, exercising or defending legal claims.


6.Right to appeal to a regulatory authority

According to Art. 77 DSGVO you have the right to complain to a regulatory authority, if you believe that your data has been processed in a way that infringes data protection law. The right of appeal can be exercised via a regulatory authority in the member state of your residence, your workplace or the location of the suspected infringement. In Hamburg the relevant regulatory authority is the Hamburg Commission for Data Protection and Freedom of Information (HmbBfDI), Klosterwall 6, 20095 Hamburg.


Data protection officer

Our data protection officer is responsible for monitoring our data protection obligations. He is available for information or suggestions on the topic of data protection. Our data protection officer Jürgen Danielsen can be reached via e-mail:  or by phone: +49 40 32814 252