⚫ OFFLINEoldskoolChannel is offlineVisit channel
⚫ OFFLINEmissj4ckyChannel is offlineVisit channel

This privacy policy informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the associated websites, functions and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”). With regard to the terminology used, such as “processing” or “controller,” we refer to the definitions set out in Art. 4 of the General Data Protection Regulation (GDPR).

Controller

Mystik-One-Records
Heerstr. 101
47053 Duisburg

Types of Data Processed:

– Inventory data (e.g., names, addresses).
– Contact data (e.g., email addresses, telephone numbers).
– Content data (e.g., text entries, photographs, videos).
– Usage data (e.g., visited websites, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).

Categories of Data Subjects

Visitors and users of the online offering (hereinafter collectively referred to as “users”).

Purpose of Processing

– Provision of the online offering, its functions and content.
– Responding to contact requests and communication with users.
– Security measures.
– Reach measurement/marketing.

Definitions

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.

“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

The “controller” is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant Legal Bases

In accordance with Art. 13 GDPR, we inform you of the legal bases of our data processing activities. If the legal basis is not specified in this privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR; the legal basis for processing necessary for the performance of our services and the execution of contractual measures, as well as responding to inquiries, is Art. 6(1)(b) GDPR; the legal basis for processing necessary for compliance with our legal obligations is Art. 6(1)(c) GDPR; and the legal basis for processing necessary for the purposes of our legitimate interests is Art. 6(1)(f) GDPR. In cases where vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.

Security Measures

We take appropriate technical and organizational measures, in accordance with Art. 32 GDPR and considering the state of the art, implementation costs, the nature, scope, context and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity and availability of data through controlling physical access to the data, as well as access, input, transmission, ensuring availability and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data and responses to risk to data. We also take into account the protection of personal data when developing or selecting hardware, software and processes, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).

Cooperation with Processors and Third Parties

If we disclose data to other persons or companies (processors or third parties), transmit it to them or otherwise grant them access to the data in the course of our processing activities, this is done only on the basis of a legal permission (e.g., if a transmission of data to third parties, such as payment service providers, is required for contract performance under Art. 6(1)(b) GDPR), if you have consented, if a legal obligation requires it, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called “processing agreement,” this is done in accordance with Art. 28 GDPR.

Transfers to Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or the disclosure or transmission of data to third parties, this is done only if it is necessary for the fulfillment of our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have data processed in a third country only if the special conditions of Art. 44 et seq. GDPR are met. This means the processing takes place, for example, on the basis of special guarantees such as the officially recognized determination of a level of data protection equivalent to that of the EU (e.g., for the USA under the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Rights of Data Subjects

You have the right to request confirmation as to whether relevant data is being processed and to obtain information about this data, as well as further information and a copy of the data in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.

Under the provisions of Art. 17 GDPR, you have the right to request that relevant data be deleted without delay, or alternatively, under the provisions of Art. 18 GDPR, to request a restriction of the processing of the data.

You have the right to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request its transfer to other controllers.

Furthermore, in accordance with Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.

Right of Withdrawal

You have the right to withdraw consent granted in accordance with Art. 7(3) GDPR with effect for the future.

Right to Object

You may object at any time to the future processing of data concerning you in accordance with Art. 21 GDPR. The objection may particularly be made against processing for direct marketing purposes.

Cookies and Right to Object to Direct Advertising

“Cookies” are small files stored on users’ devices. Various information can be stored in cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during and after their visit to an online offering. Temporary cookies, also known as “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online offering and closes their browser. Such a cookie may store, for example, the contents of a shopping cart in an online shop or a login status. “Permanent” or “persistent” cookies remain stored even after the browser is closed. For example, login status may be saved if users visit the site again after several days. Likewise, user interests may be stored in such a cookie and used for reach measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the controller operating the online offering (otherwise, if only the controller’s cookies are used, they are referred to as “first-party cookies”).

We may use both temporary and permanent cookies and will inform you about this in our privacy policy.

If users do not want cookies to be stored on their device, they are asked to deactivate the appropriate option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Excluding cookies may lead to functional limitations of this online offering.

A general objection to the use of cookies for online marketing purposes can be declared via numerous services, especially in the case of tracking, through the U.S. website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be disabled in the browser settings. Please note that this may result in not all functions of this online offering being available.

Deletion of Data

The data we process will be deleted or restricted in its processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and no legal retention obligations prevent deletion. If the data is not deleted because it is required for other lawful purposes, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Under German law, retention is particularly for 10 years pursuant to Section 147(1) AO and Section 257(1) Nos. 1 and 4, Section 257(4) HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years pursuant to Section 257(1) Nos. 2 and 3, Section 257(4) HGB (commercial letters).

Under Austrian law, retention is particularly for 7 years pursuant to Section 132(1) BAO (accounting documents, receipts/invoices, accounts, vouchers, business papers, statements of income and expenses, etc.), for 22 years in connection with properties, and for 10 years for documents relating to electronically provided services, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU member states for which the Mini-One-Stop-Shop (MOSS) is used.

Registration Function

Users may create a user account. During registration, the required mandatory information is communicated to users and processed based on Art. 6(1)(b) GDPR for the purpose of providing the user account. The processed data includes, in particular, login information (name, password, and an email address). The data entered during registration will be used for the purposes of using the user account and its purpose.

Users may be informed by email about information relevant to their user account, such as technical changes. If users cancel their user account, their data relating to the user account will be deleted, subject to a legal retention obligation. It is the responsibility of users to save their data before the end of the contract if cancellation occurs. We are entitled to irreversibly delete all data stored during the contract term.

In the context of using our registration and login functions and using the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protecting against misuse and unauthorized use. This data will not be passed on to third parties unless necessary to pursue our claims or unless there is a legal obligation under Art. 6(1)(c) GDPR. IP addresses will be anonymized or deleted after no later than 7 days.

Hosting and Email Delivery

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services, and technical maintenance services that we use for the purpose of operating this online offering.

In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospects and visitors of this online offering on the basis of our legitimate interests in the efficient and secure provision of this online offering in accordance with Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a processing agreement).

Collection of Access Data and Logfiles

We, or our hosting provider, collect data on every access to the server on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR (so-called server log files). The access data includes the name of the retrieved website, file, date and time of retrieval, amount of data transferred, report on successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Logfile information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum period of 7 days and then deleted. Data whose further storage is necessary for evidence purposes is excluded from deletion until the respective incident is fully resolved.

Online Presences in Social Media

We maintain online presences within social networks and platforms in order to communicate with customers, prospects and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply.

Unless otherwise stated in our privacy policy, we process user data when users communicate with us within the social networks and platforms, e.g., write posts on our online presences or send us messages.

Integration of Third-Party Services and Content

Within our online offering, we use content or service offerings from third-party providers on the basis of our legitimate interests (i.e., interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter collectively referred to as “content”).

This always requires that the third-party providers of this content perceive the IP address of the users, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of such content. We strive to use only such content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users’ devices and may include technical information about the browser and operating system, referring websites, visit times, as well as further information on the use of our online offering, and may also be combined with such information from other sources.

YouTube

We integrate videos from the “YouTube” platform belonging to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google ReCaptcha

We integrate the “ReCaptcha” function for detecting bots, e.g., for inputs in online forms, from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Use of Facebook Social Plugins

We use social plugins (“plugins”) of the social network facebook.com on the basis of our legitimate interests (i.e., interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR). The service is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can be interactive elements or content (e.g., videos, graphics or text posts) and are recognizable by one of the Facebook logos (white “f” on a blue tile, the terms “Like,” “Gefällt mir,” or a “thumbs up” symbol) or marked with the phrase “Facebook Social Plugin.” The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield agreement and thus provides a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

When a user accesses a function of our online offering that contains such a plugin, their device establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the online offering. In doing so, usage profiles of the users may be created from the processed data. We therefore have no influence on the scope of data that Facebook collects using this plugin and inform users accordingly to the best of our knowledge.

By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offering. If the user is logged into Facebook, Facebook can assign the visit to the user’s Facebook account. If users interact with the plugins, for example by clicking the Like button or commenting, the corresponding information is transmitted directly from their device to Facebook and stored there. Even if a user is not a Facebook member, it is still possible that Facebook obtains and stores their IP address. According to Facebook, only anonymized IP addresses are stored in Germany.

The purpose and scope of data collection and the further processing and use of the data by Facebook, as well as the related rights and options for protecting users’ privacy, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about them via our online offering and link it to their stored Facebook data, they must log out of Facebook before using our online offering and delete their cookies. Additional settings and objections to the use of data for advertising purposes are available in the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the U.S. website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform-independent, meaning they apply to all devices, such as desktop computers or mobile devices.


Created with Datenschutz-Generator.de by Attorney Dr. Thomas Schwenke