Insider’s Corner
become an

Privacy Policy

Edition from 

Data processing principles at Urban Hotbed
External data processors  
Your rights
Complaints ​​ ​​
Rectifying and requesting access to data we process
Erasing personal data
Issuing data
Objecting to the processingof your data and
withdrawing authorisation already granted
Ways in which we collect and process personal data
Website visitors
Users of Urban HotCards
Registered users of our products
Customers, prospective business customers & partners


Data processing principles at Urban Hotbed

These principles apply to all information processed by us

On this page, we’ll provide you with detailed information about how your data is handled. Protecting your privacy and the data that’s transmitted when you visit our website is very important to us – especially in times of cross-sector “collection mania” among advertisers.

The terms we’ve used in the following, such as “personal data” or its “processing”, conform wherever possible to the official definitions in Article 4 of the European ​German application on European General Data Protection Regulation ​(GDPR).

As soon as changes to our data processing make it necessary, we’ll update this policy and inform you whenever your consent or notification is required.

The data controller responsiblefor collecting, processing and using your personal data is the website operatorUrban Hotbed  Bardo N. Nelgen.

For access requests, to rectify, block or erase data, as well as to withdraw consent already granted, you can reach us by e-mail, phone +49 6132 657476, fax +49 6132 442254 or by post to

Urban Hotbed
Bardo N. Nelgen
Rosenweg 2,
55263 Wackernheim,

Data transmission to and from our online offering is always encrypted with the strongest encoding allowed by your web browser or other software used to call the content.

External data processors  

(in accordance with Article 28 GDPR)

Companies who help us process your data

We don’t always have suitable infrastructure within the company to reliably and securely process your data. That’s why we’ve outsourced processing for certain tasks to the following competent partners:

United Internet AG ​(technical operation of the server hardware)

Our servers are located in 1&1 data centres and are operated there on the hardware side by its employees and configured using the software provided by the company. By necessity, therefore, the company has access to connection data, as well as on-site hardware access to the server computers used.

The data centres and networks used have state-of-the-art security and TÜV certification according to ISO 27001.

Kröber + Partner ​(accounting & tax)

Our company accounting is carried out by the consultancy team from Kröber + Partner in Mainz, who process and analyse our business transaction data working with thedata centres.

Push messaging ​(via Apple / above mobile / Google)

Sending web push notifications to an end-user device always requires system level access which can be carried out only by the respective system’s manufacturer(s). For the send process it’s therefore essential to transfer the notification message to the provider responsible for its delivery to the particular operating system.

For data protection reasons, when an Urban HotCard is updated, only the fact that an update is available for a pass on a particular device is transmitted to the notification service provider, but NOT the content of the pass.

Your rights

Complaints ​​ ​​

(in accordance with ​Article 13 ​or ​Articles 77‒79 ​GDPR ​)

Official channels for contacting the supervisory authorities

If you realise that we’ve not complied with one or more aspects of the data protection provisions, please inform us immediately using one of the communication channels mentioned above so that we can remedy the situation as soon as possible.

Independently of this – and in addition to regular legal action – you always have the option of filing anofficial complaint.

For our company headquarters in Wackernheim (Rheinhessen) the relevant supervisory authority is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit in Rheinland-Pfalz

Prof. Dr. Dieter Kugelmann
Hintere Bleiche 34
55116 Mainz

Phone +49 6131 2082449
Fax +49 6131 2082497

Complaints report a privacy violation

Rectifying and requesting access to data we process

(as stipulated in Article 15 and Article 16 GDPR)

How we guarantee your right of access

We’re happy to confirm whether we process certain data belonging to you and to rectify or complete this data according to your instructions.

Only pseudonymised data, as used by us for web analysis, is excluded from this update, because this data was already separated from your personal identity at the point of capture and can therefore no longer be linked to you afterwards.

We’ll inform you without delay as soon as the respective measure has been implemented.

Upon request, we’ll also explain to you the ways in which data is collected and the planned retention period, as well as the purposes of processing and categories we use to classify personal data, and the methods used for automated decision making (including “profiling”).

Erasing personal data

(in accordance with Article 17 and 18 GDPR)

Information about advance deletion on request

Unless otherwise expressly stated in this privacy policy, we automatically delete any of your information that we’ve saved as soon as the data is no longer required for the purpose for which it was captured.

In addition, you can request that we delete certain data without delay. If it’s not possible to delete the data completely, for example, if it has to be retained for commercial or tax law purposes, the processing of this data will be restricted. The data will be blocked and no longer processed.

We’ll inform you without delay as soon as the respective measures have been implemented.

Issuing data

(Article 20 GDPR)

If you prefer to collect your data yourself....

As a registered user or business partner, you can of course request that the information captured about you is transferred either to yourself or to a third-party appointed by you.

We can provide you with this data in a range of standard commercial formats in digital or analogue form, as a printout or as a file (in a format such as PDF, XML, XLS, JSON-LD, ....). Please let us know what you require.

Unfortunately, if you’re NOT registered with us as a user or customer, it’s also not possible for us to trace data generated when you use our offering back to you as an individual. Even pseudonymised information, as used by us for web analysis, is already separated from references to your personal identity (such as session IDs or IP addresses) at the point of capture.

Objecting to the processingof your data and
withdrawing authorisation already granted

(as stipulated inArticle 21 GDPR)

How to object to the processing of your data

You can object to our processing of your personal data on grounds relating to your particular situation. For the required contact details, see “data controller responsible” above.

If, in the past, you instructed us to process your data for particular purposes or you otherwise consented to such processing, you can generally withdraw this authorisation yourself viathe settings in your user profileand also, at any time, using theabove-mentioned communication channelswith future effect.

We’ll check your request without delay and inform you of the result of our checks/implementation.

Ways in which we collect and process personal data
(classified by user groups)

Website visitors

Information created when you visit our online offering and how we process it

In principle, you can use our online offering without specifying any personal details.

By viewing our website with a web browser, however, this automatically generates a set of information that our servers use to process the request, such as generating a page or a download, or performing an activity such as logging you in or running personalised searches.In addition, we use probes embedded in the web pages to collect some framework parameters that allow us to adapt our offering better to your requirements.

In certain circumstances, this type of information allows inferences to be made about your personal identity.

We collect the data of website visitors in the following ways:

Contact form

If you contact us using a web form (in accordance withArticle 6 GDPR) and, in doing so, transmit personal data (as a rule: title, last name and e-mail address), we use this data andggf.any other information you may provide to process your request and any responses sent to you which directly result from this.

We process and save this information until the dialogue initiated by you comes to an end. Afterwards, personal data is deleted or blocked, provided there is no legal retention period to prohibit this.

Contacts that develop into a business relationship are explicitly excluded from this regulation.

Log entries: ensuring nothing gets lost

Our web server (so the computer that generates the online content and delivers it to you), monitors which resources are called from which IP address and how often – primarily to prevent abuse – and records these activities.

This allows us to uncover malicious access attempts or “data collectors” in time and to initiate suitable countermeasures, such as temporary blocks. To be able to recognise time patterns, this data is saved temporarily on the servers.

The following information is saved in log files:
Your computer’s current Internet Protocol address (hereafter abbreviated to IP). IPs are assigned internationally by region and therefore always allow inferences to be made about the location of the access point of your internet provider that was used for access.
The names of the files requested and functions called
Parameters entered by you for this purpose, such as the content of a search field or filter settings
Date and time of access
Whether your access to a viewed page or a file download was executed successfully and the quantity of data transmitted in the process
The operating system and web browser used for access, including their respective version numbers
Technical details about the type of information your browser can process; in particular, this also includes information about the device category, such as smartphone, tablet, or television
Which access provider was used to call the data
If you came to us via a link from another website, the address of the referring page (if transmitted)
Which links you followed within our website

We use this data to process the respective page view, such as delivering optimised content for your device, and we record this information for statistical purposes, for example, to find out which content is called particularly often from mobile devices, as well as to be able to recognise and avert attacks on our technical infrastructure at an early stage.

After 7 days, we therefore delete all IP addresses that are presumed not to be associated with search engines, hackers or any other type of programme-based access. Only anonymised statistics (for example, the fact that a particular download was called at time X) are stored permanently.

Data whose continued retention is required for evidence purposes is also excluded from deletion until the respective incident has been completely resolved.

Our web beacon:a shining light of knowledge

The digital probe embedded in our web pages, a “web beacon”, is a small diagnostic programme that allows us to evaluate how our offering is used by different visitors.

This includes, for example, which links users prefer to click, how big the website is displayed by the respective device, how far users scroll down a page, and, as a result, which aspects of our content are particularly interesting for users.

The information captured by the web beacon includes:
The file names of the files requested/functions called
Parameters entered by you for this purpose, such as the content of a search field or filter settings
Date and time of access
The operating system and web browser used for access, including their respective version numbers
Technical details about the type of information your browser can process; in particular, this also includes information about the device category, such as smartphone, tablet, etc.
If you came to us via a link from another website, the address of the referring page (if transmitted)
Which links you followed from our website to other websites
Programme parameters of your device, for example, whether it supports certain add-on modules or your screen’s resolution
Cookies:just like Hansel and Gretel... – 3 cookies for your perfect online experience

Cookies are small pieces of text containing data individually related to you that your web browser leaves on your computer for particular websites.

You can delete ALL cookies may we have created at any time using the corresponding function provided by your web browser. Many web browsers also allow you to manually prevent all websites or individual domains from setting any cookies or only certain types of cookies.

If you generally don’t want information to be stored in cookies on your device, you should configure your web browser so that it never accepts them at all.

Please note, however, that without cookies, we can’t offer you any services which require you to be reliably and securely identified, such as posting content on our platform in your name or making digital purchases.

By using cookies to uniquely identify you as a registered user of our offering, we can adapt the content of our web pages to your individual entries and clearly distinguish personal information that you send us via your web browser from information belonging to a third party.

With an additional cookie, we can also identify topics of particular interest to our users and optimise our offering accordingly.

When you visit our website, it saves a total ofup to 3 cookieson the device you use to access it (smartphone, tablet, laptop, etc.).

Cookie 1:The Session Cookie

The session cookie is sent when a page in our domain is called for the first time. It identifies you as an individual user for the duration of the current visit, including the selected language setting and the type of content requested, for example, supported file formats or formatting for mobile devices.

If you log in or enter personal data in online forms, it also ensures the respective interaction is correctly assigned to your customer account.

The session cookie becomes invalid as soon as you close your web browser. Depending on how your browser is configured, it then automatically deletes it.

Cookie 2:The Continuation Cookie

The continuation cookie is used exclusively to identify multilevel transactions and is only ever used for a single page view, for example, if you configure a product for download in multiple steps, or you want to try out different options.

The continuation cookie becomes invalid when the respective transaction ends, and your browser usually deletes it immediately or, at the latest, when you close your web browser or the relevant tab.

As a precautionary measure, our server may keep the assigned data available im memory for up to another 24 hours, for example, in case your internet connection was interrupted, or you want to complete an interaction you started on the go when you get back home.

Cookie 3:The Research Cookie

The research cookie of the web analysis system we use, “Matomo” (previously: “Piwik”), remains stored on your device after the browser session has ended. It can then continue to identify you as a website user when you revisit the website. Especially when combined with the use of the complimentary web beacon, this allows us to classify pseudonymous “user types” and develop offers tailored to the resulting target groups.

To ensure your privacy is protected in the process, all data that could normally be used to make inferences about your personal identity, such as your IP address, your user ID or transaction numbers, is automatically removed from the gathered information as soon as the data record is created. The user profile identified by this cookie for market research purposes is therefore stored only in pseudonymous form, as in “one particular user for this resource at this time”.

All pseudonymous data captured in this way remains permanently and exclusively on our own servers within in the Federal Republic of Germany and is used solely for analytic purposes. We expressly refrain from merging this data with personal data from transactions.

We use the insights gained from the analysis to adapt our offering to new target groups, to discover new market niches and to simplify navigation through our portal.

You can delete the research cookie at any time or block it in your web browser without this in any way restricting the usability of our offering.

Data collection by third-party suppliers

Who – besides us – knows you visited our website

Hardly any website operator still manages to run its offering without the help of specialised service providers. Here you’ll find a list of companies who support us with the operation of Urban Hotbed:

Monotype /

To present you with an attractive layout on our website, we mainly use the “Proxima Nova” type family by Mark Simonson from the collection of the typography company Monotype Imaging Inc. in the USA.

Since our license is tied to a particular usage volume, a statistical file is requested by Monotype’s licensing platform,, every time a page is viewed. In this way, the company can always be informed about the time sequence and number of calls of individual pages, the web browser used, as well as the rough geographic distribution of use.

According to its own statements, however,Monotype merely processes the fact that a licensed page view of our website has taken place – so NO personal data is captured in the process.

Advertising and sales partnerships

At different points within our offering, we advertise an up-to-date selection of items on a commission basis from the online shops of suppliers such as Apple, Google or Amazon.

If you decide to follow one of these links, the respective company captures data when you view its website, at its own discretion, including the fact that you were referred there by us.

Users of Urban HotCards

…and other “Apple Passes”

The Urban HotCard is a voucher in the form of a digitally signed information package that can be displayed as a ticket or membership card using “wallet” software.

The underlying concept of mobile passes was developed by the Apple Corporation (therefore referred to as “Apple Passes” below) and in the meantime has gained countless fans on all current operating systems – especially for loyalty cards and airline boarding passes.

In contrast to these personalized vouchers, simple advertising coupons and registration-free “stamp cards” are managed only pseudonymously for the entire duration of their use. This is only allow us keeping a tally of how many are currently in circulation and to monitor their redemption quota. If you still want to assign such pseudonymous Urban HotCard to your user account, you can always do so on your user account’s settings page.

Push-update service for wallets

To keep a user of an Urban HotCard up to speed on the services associated with the card, the information displayed on the card can be updated remotely (also known as “push updates”). This allows, for example, departure times to be updated on travel tickets or loyalty cards to be “topped up” with a particular amount.

When an Urban HotCard is used, the respective wallet programme therefore registers your mobile device with us so that it can be informed of updates that are available for your HotCard as and when required. In this case, your device usually automatically loads the latest version of your HotCard directly from our server.

Your device normally transmits the following information when you subscribe to automatic updates:
Producer of your operating system
Producer of your wallet programme
Pseudonymous, device-specific ID (a “token”) that allows us to securely address the push update to your device

Because your system provider’s infrastructure is used for the push notification (usually Apple/Google), it needs to be informed about a pending update of the wallet content on your device, but NOT about the content of the data that we transmit directly to your device.

If your device downloads an updated version of your HotCard, this is recorded on our server with a time stamp in the data record belonging to the card.

If you don’t want your HotCards to be updated automatically nor the data mentioned above to be transmitted to us, you can deactivate remote updates for an individual Apple pass or for all Apple passes on your device – depending on the wallet programme and operating system used.

Cloud services provided by your wallet

If you’ve activated a cloud service for your wallet programme, the content of a downloaded Urban HotCard might be transmitted to the producer of the device and/or wallet to make it available on other devices or to process the content in other ways.

In this case, please also refer to the privacy policy of the respective cloud provider, such as Apple or Google.

Registered users of our products

Additional data we save belonging to registered users

In principle, you can use our online offering without specifying any personal details.

If, however, you want to benefit from extended functionality, such as defect reporters or individual settings, we have to be able to assign your transactions to you as an individual via a user account.

In particular, this includes the following:
Download of Urban HotCards with a monetary value, such as travel tickets, admission tickets, personalised discounts, pick-up slips

The capturing of actual personal information starts when you log in or when you first register on our platform and ends when you log out.

We use the data that you make available to us to provide digital functions, services that you have requested, access control, as well as to meet our legal accountability obligations. In doing so, we ensure that you alone post content in your name on our URBAN HOTBED platform and that, for example, digital products you’ve purchased can only be downloaded by you.

Data is NEVER transferred to a third party, unless you’ve instructed us to transfer the data, or the transfer is required to pursue legitimate interests or meet legal obligations.

If, at some point, you want to leave us – which we think would be a real shame – you can delete your user account again, including your individual settings, just as easily as you created it.

By doing so, however,all personal data assigned to the accountis also deleted IRRETRIEVABLY.

Exceptions apply for the following groups of data:
Data for which a legal retention period exists
Changes that you have contributed to a complete piece of work in collaboration with other users if removing these changes would affect the work of others (for example, the removal of individual paragraphs from wiki texts).
Coupons, membership cards or documents whose expiry date has not been reached yet, up to the end of their validity plus a 14 day cancellation period, or as legally required
Information provided by you from the “defect reporter” if this is already being processed
Data that you individually, voluntarily and specifically allow us to keep and continue using, as defined by you when you delete your user account

If you’d like to keep some of the data, we strongly recommend that you request your  data be issued to you before it’s deleted.

Note:Pseudonymised data, as used by us for web analysis, is not assigned to your customer account at the point of capture and therefore cannot be deleted together with the account.

Customers, prospective business customers & partners

Sustainable cooperation is based on trust

If you’re one of our business partners, and we’ve collected information from you to perform contractual services, for service/customer relationship management or for marketing and advertising purposes, or you’ve used a web form to initiate contact for business reasons, we process the information you provide as part of our business operations and save it on servers specifically used for this purpose. We thoroughly secure access to this data using state-of-the-art encrypted transmission channels, as well as suitably complex passwords.

This information includes, in particular, contractual data, such as contracting parties and contact persons, object of the contract, duration or customer category, and payment data, such as your bank account details and payment history.

Every two years, we check whether this data needs to be retained, also with respect to legal archiving obligations.