Skip to content
Cuadra 7

← Back to home

Privacy Policy

Last updated: 2026-04-24

This is the English summary of our privacy policy. The German Datenschutzerklärung is legally authoritative for visitors from Germany and the EU.

1. Controller

The controller for data processing on this website is:

Alejandro del Carpio
Heußweg 3
20257 Hamburg, Germany
Email: [email protected]

2. General principles

We only process personal data when necessary to provide the website, our content and services, either on the basis of your consent (Art. 6(1)(a) GDPR) or a legitimate interest (Art. 6(1)(f) GDPR).

3. Hosting (Cloudflare)

This site is hosted by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). Pages are served from Cloudflare's global edge network, including servers within the European Union. When you visit, Cloudflare processes technical access data (IP address, browser type, timestamp, requested URL) in server logs to operate the service and prevent abuse. Cloudflare participates in the EU-US Data Privacy Framework. Legal basis: Art. 6(1)(f) GDPR. More information: Cloudflare's privacy policy.

4. Cookies and consent

We only use strictly necessary cookies and, with your explicit consent, cookies from Meta Pixel and Google Analytics to measure our advertising and usage. Before loading these services we ask for your consent via a banner. You can change your choice any time via the "Cookies" link in the footer.

5. Meta Pixel and Conversions API

With your consent we use the Meta Pixel and the accompanying Meta Conversions API (CAPI) from Meta Platforms Ireland Ltd. (4 Grand Canal Square, Dublin 2, Ireland) to measure the performance of our Facebook and Instagram ads and define audiences.

Meta Pixel (client-side): sets cookies (_fbp, _fbc) and transmits browsing data (pages visited, clicks, conversions) directly to Meta from your browser.

Meta Conversions API (server-side): when you submit a form on one of our landing pages, we additionally send a Lead conversion event to Meta from our server, including a hashed email address (SHA-256), IP address, user-agent and the Meta cookies _fbp/_fbc. Meta deduplicates the client and server events via a shared event_id, so a conversion is counted exactly once. Purpose: more accurate attribution, which iOS/browser tracking restrictions would otherwise erase on the client side.

Data transfer to the USA cannot be ruled out; Meta participates in the EU-US Data Privacy Framework. Legal basis: Art. 6(1)(a) GDPR (consent covers both Pixel and CAPI). You can withdraw your consent any time via the "Cookies" link in the footer. More: Meta's privacy policy.

6. Meta Lead Ads (Instant Forms)

If we run Meta Lead Ads ("Instant Forms") on Facebook or Instagram with direct email sign-up and you submit such a form, Meta transmits the submitted contact data (email, optionally first name) to us via a webhook interface. We store this data exclusively to confirm and send the newsletter via our newsletter system Brevo (see §8).

Legal basis: Art. 6(1)(a) GDPR (consent given when submitting the Lead form inside Facebook / Instagram). You can withdraw your consent any time, in particular via the unsubscribe link in every newsletter email.

7. Google Analytics 4

With your consent we use Google Analytics 4, a web analytics service by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics sets cookies (_ga, _ga_XXXX) and collects data about your use of the site. Data may be transmitted to Google servers, including in the USA; Google participates in the EU-US Data Privacy Framework. We have activated IP anonymisation (anonymize_ip).

Legal basis: Art. 6(1)(a) GDPR (consent). Withdrawable at any time via the "Cookies" link in the footer. More: Google's privacy policy.

8. Newsletter (Brevo) and engagement tracking

We use Brevo (Sendinblue SAS, 106 boulevard Haussmann, 75008 Paris, France) to send our newsletter. Brevo processes the submitted data (email, first name, origin site, IP address, timestamp) on our behalf within the European Union.

Registration uses a double opt-in flow: after you subscribe, we send a confirmation email with a link you must click to complete the sign-up. Legal basis: Art. 6(1)(a) GDPR. You can unsubscribe at any time via the link in every email.

Engagement tracking: Brevo reports to us via webhook whether individual newsletter emails were opened or their links clicked, as well as bounce and unsubscribe events. We store this information as contact attributes (last engaged at, last opened at) to identify inactive subscribers and keep our mailing list clean. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in list hygiene).

9. Event reminder (RSVP)

On each event page you can optionally say that you plan to attend a specific show ("I'm going"). In that case we store your email address together with the event slug in a Cloudflare D1 database to send you a single reminder email 24 hours before the concert. After the reminder is sent, the row is flagged with a reminded_at timestamp and is not reused. Legal basis: Art. 6(1)(a) GDPR (consent by submitting the form).

10. Contact form

Messages sent via the contact form are delivered through Brevo's transactional service (see §8) to our mailboxes ([email protected], [email protected]). We process: name, email, role, message, timestamp. Legal basis: Art. 6(1)(f) GDPR (handling of your request).

11. Spam protection (Cloudflare Turnstile)

To prevent automated submissions we use the invisible CAPTCHA system Cloudflare Turnstile on our forms. Turnstile processes technical browser signals; no personal data is stored beyond the form submission itself. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in abuse protection).

12. Fonts

The site prefers the typefaces "Archivo Black", "Inter" and "Fraunces", with Georgia and Helvetica as system fallbacks. There is no connection to Google Fonts or any other third-party font service; fonts are served from the Cloudflare server or fall back to system-installed fonts.

13. Ticketing

Event pages may link to ticket providers (including Eventbrite, Reservix, Fever, TixforGigs and venue-owned sites). When you click a ticket link you leave our site; the data processing is then governed exclusively by that provider's own privacy policy.

14. Event aggregation

We aggregate publicly available concert information from Hamburg venues and national ticketing platforms to curate our editorial event calendar. No personal data of third parties is collected or stored; imported information is limited to: band name, title, date, venue, ticket link and short description.

15. Your rights

Under the GDPR you have the right to:

  • Access your data (Art. 15)
  • Rectification of inaccurate data (Art. 16)
  • Deletion (Art. 17)
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Complain to a supervisory authority (in Hamburg: Hamburg Commissioner for Data Protection and Freedom of Information)

16. Contact

Privacy questions or to exercise your rights: [email protected].