Introduction and terms 1. Introduction With the operation of our website mutantrockrecords.com (hereinafter referred to as "website") we process personal data. These will be treated confidentially by us and processed in accordance with the applicable laws - in particular the Basic Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG-neu). With our data protection regulations we want to inform you which personal data we collect from you, for which purposes and on which legal basis we use them and if necessary to whom we disclose them. Furthermore, we will explain to you which rights you are entitled to in order to protect and enforce your data protection.
2. Terms Our data protection regulations contain technical terms that are new in the DSGVO and the BDSG. For your better understanding, we would like to explain these terms in simple words in advance:
2.1 Personal data "Personal data" means any information relating to an identified or identifiable person (Art. 4 No. 1 FADP). Details of an identified person can be e.g. the name or the e-mail address. However, personal data also includes data where the identity is not immediately apparent, but can be determined by combining one's own or third-party information and thus finding out who it is. A person becomes identifiable, for example, by providing their address or bank details, date of birth or user name, IP address and/or location data. Relevant here is all information that in any way allows conclusions to be drawn about a person.
2.2 Processing Art. 4 No. 2 DPA defines "processing" as any operation involving personal data. This concerns in particular the collection, recording, organisation, arrangement, storage, adaptation or modification, reading, querying, use, disclosure, transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction of personal data.
Responsible company 3. Responsible Responsible for the data processing:
Processing framework 4. Processing frame: website Within the framework of the website with the URL mutantrockrecords.com, we process the personal data of you listed in detail under points 5-15 below. We only process data of you that you actively provide on our website (e.g. by filling out forms) or that you automatically provide when using our services. Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we, as the client, are authorised to issue instructions to our contractor. For the operation of our website we use external service providers for hosting, as well as for maintenance, care and further development. If further external service providers are used for individual processing operations listed in paragraphs 5-15, they will be named there.
We host our website at the external service provider Strato (Strato AG, Pascalstraße 10, 10587 Berlin). A data transfer to third countries does not take place and is not planned. We will provide information about exceptions to this principle in the processing operations described below.
The processing operations In detail 5. Provision of the website and server log files 5.1 Description of the processing Every time you call up the website, we automatically record information that your browser sends to our server (so-called log files). The following data are involved:
• your IP address
These are also stored in the so-called log files of our system. The temporary storage of your IP address by the system is necessary in order to deliver our website to the end device of a user. For this purpose, the IP address of the user must be stored for the duration of the session. However, your IP address is not recorded in our log files.
5.2 Purpose Processing is carried out to enable the website to be accessed and to ensure its stability and security. Furthermore, the processing serves the statistical evaluation and improvement of our online offer.
5.3 Legal basis The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 5.2
5.4 Storage duration The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended. The log files will be deleted after 7 days.
6. Contact by e-mail 6.1 Description of the processing You can contact us via the e-mail addresses given on the website. In this case, the personal data transmitted with the e-mail will be processed by us.
6.2 Purpose By providing a contact form on our website, we want to offer you a convenient way to contact us. The data transmitted with and in your e-mail are used exclusively for the purpose of processing and answering your request.
6.3 Legal basis The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 6. .2If the e-mail contact is aimed at the conclusion or fulfilment of a contract, the data processing is carried out for the purpose of fulfilling the contract (Art. 6 para. 1 lit. b DSGVO).
6.4 Storage duration The data will be deleted by us as soon as they are no longer necessary for the purpose of their collection. This is usually the case when the respective communication with you has ended. The communication ends when it is clear from the circumstances that your request has been conclusively clarified. Insofar as statutory retention periods prevent deletion, deletion shall take place immediately after expiry of the statutory retention period.
• Cookie name: fm_cookie_confirm Purpose/function: "Cookie Confirm" is required to prevent the cookie warning from being displayed again on this website. Storage duration: This cookie expires at the end of the browser session. • Cookie name: _ga. Purpose/function: Google Analytics differentiation of visitors Storage period: This cookie expires 2 years after it was stored. • Cookie name: _gat. Purpose/function: Google Analytics throttling of request rates Storage duration: This cookie expires 1 minute after it has been placed. • Cookie name: _gid. Purpose/function: Google Analytics differentiation of users Storage period: This cookie expires 24 hours after it has been stored.
7.3 Legal basis The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 7.2. If you are asked by us for consent within the framework of a cookie banner or cookie content tool, the legal basis is Art. 6 para. 1 lit. a DSGVO. Such consent is voluntary.
8. Social networks 8.1 Description of the processing Our website does not use so-called social media plugins. The logos of the social networks Facebook, Twitter and Instagram displayed on our website are merely linked to the corresponding profiles of our company. If you click on one of the logos, you will be redirected to the external website of the respective social network.
8.2 Purpose We maintain profiles with the aforementioned social networks for the purpose of up-to-date and supportive public relations and corporate communication with customers and interested parties. We use the "Facebook Insights" function to make our posts on our Facebook fan page more attractive for our visitors. This enables us, for example, to use favoured visiting times of the visitors for a time-optimised planning of our contributions.
8.3 Legal basis The legal basis for data processing within the scope of our profiles on social networks is the protection of our predominant legitimate interests (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 8. .2If you are asked by us for consent within the framework of a cookie banner or cookie content tool, the legal basis is Art. 6 para. 1 lit. a DSGVO. Such consent is voluntary. If you are asked for consent by the respective operator of a social network, the legal basis is Art. 6 para. 1 lit. a DSGVO. Data processing in relation to our Facebook fan page is also carried out on the basis of a joint responsibility agreement pursuant to Art. 26 DSGVO between us and Facebook, which you can view here: https://www.facebook.com/legal/terms/page_controller_addendum
8.4 Recipient and transfer to third countries The respective social networks are operated by the companies listed below. For further information on data protection with regard to our profile on the social networks, please refer to the linked data protection regulations.
9. YouTube videos 9.1 Description of the processing Our website uses services from "YouTube" a video platform operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (hereinafter referred to as "YouTube"). YouTube is represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube by embedding individual videos from the platform on our website as so-called iFrames so that they can be played directly on our website. The videos are integrated in the "extended data protection mode" offered on YouTube, i.e. h. No personal data will be transferred from you to Google as long as you do not play the videos. Only when a video is played does a data transfer to Google take place, over which we have no influence. When you play an embedded video on a subpage of our website, Google is informed which subpage you have visited and which video you have viewed. Your IP address may also be transmitted to Google. If you are logged in as YouTube or Google user, Google will assign this information to your user account. Google stores your data as user profiles and uses them for advertising purposes, market research and/or for the design of Google websites to meet your needs. You have a right of objection to the creation of these user profiles, which you must exercise by contacting Google directly. Further information on data protection at Google can be found at https://policies.google.com/privacy?hl=de-DE
9.2 Purpose The processing is done to be able to show you videos on our website.
9.3 Legal basis The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 9.2
9.4 Recipient and transfer to third countries By integrating YouTube, personal data may be transmitted to YouTube LLC or Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework
10. SPOTIFY 10.1 Description of the processing On our pages functions of the music service Spotify are integrated. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. You can recognize the Spotify plugins by the green logo on our site. An overview of the Spotify plugins can be found at: developer.spotify.com
This allows a direct connection between your browser and the Spotify server to be established when visiting our pages via the plugin. Spotify is informed that you have used your IP address to visit our site. If you click on the Spotify button while logged into your Spotify account, you can link the content of our sites on your Spotify profile. This allows Spotify to associate your visit to our sites with your user account. If you do not want Spotify to associate your visit to our sites with your Spotify account, please log out of your Spotify account.
10.2 Purpose The processing is done to enable you to discover music by artists in connection with our website.
10.3 Legal basis The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 10.2
11.2 Purpose The processing is done in order to be able to evaluate the use of our website. The information thus obtained serves to improve our online presence and to design it in line with your needs.
11.3 Legal basis The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 11. .2If you are asked by us in the context of a cookie banner or cookie content tool for consent, which also covers the use of Google Analytics, then the legal basis is Article 6 paragraph 1 lit. a DSGVO. Such consent is voluntary.
11.4 Storage period and right of objection, withdrawal of consent We have explained the storage period as well as your control and setting options for cookies in section 7. You can object to data processing by Google Analytics at any time by downloading and installing the browser add-on offered by Google at https://tools.google.com/dlpage/gaoptout?hl=de . Alternatively you have the possibility to click on the following link. This will place an opt-out cookie on your end device, which will prevent the collection of your information on future visits to this website: Disable Google Analytics. The analysis data processed and stored with Google Analytics is automatically deleted by us after 14 months. If we obtain consent to use Google Analytics via a cookie banner or cookie content tool, such consent may be revoked by you at any time within the settings of the cookie banner or cookie content tool with effect for the future.
11.5 Recipient and transfer to third countries Google Analytics is a service provider for us within the scope of an order processing. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework
12. Google Tag Manager Our website uses the "Google Tag Manager", a service of the company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). The Google Tag Manager does not collect any personal data and does not set any cookies. This service only allows us to integrate and manage tags on our website. Tags are small code elements on our website that are useful for measuring traffic and visitor behaviour, measuring the impact of online advertising and social channels, using remarketing and targeting, testing and optimising the website. You can find more information about the Google Tag Manager here: https://www.google.com/intl/de/tagmanager/use-policy.html
13.2 Purpose DoubleClick's use of the DoubleClick cookie only enables Google and its partner websites to serve ads based on previous visits to our or other websites on the Internet.
13.3 Legal basis The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 13. .2If you are asked by us for consent within the framework of a cookie banner or cookie content tool, the legal basis is Art. 6 para. 1 lit. a DSGVO. Such consent is voluntary.
13.4 Storage period and right of objection, withdrawal of consent We have explained the storage period as well as your control and setting options for cookies in section 7. You can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of our website to their full extent. You can also prevent the collection of the data generated by the cookies and related to your use of the websites to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: adssettings.google.com/anonymous under the item DoubleClick deactivation extension. Alternatively, you can disable the Doubleclick cookies on the Digital Advertising Alliance site by clicking on the link: optout.aboutads.info below. If we obtain consent to use Doubleclick via a cookie banner or a cookie content tool, you can revoke this consent at any time in the settings of the cookie banner or cookie content tool with effect for the future.
14.3 Legal basis The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 15.2
Security measures 15. Security measures In order to protect your personal data from unauthorised access, we have provided our website with an SSL or TLS certificate. SSL stands for "Secure-Sockets-Layer" and TLS for "Transport Layer Security" and encrypts the communication of data between a website and the user's end device. You can recognize the active SSL or TLS encryption by a small lock logo, which is displayed on the far left in the address line of the browser.
Your rights 16. Rights of data subjects With regard to the data processing by our company described above, you are entitled to the following rights of data subjects:
16.1 Information (Art. 15 DSGVO) You have the right to ask us to confirm whether we process personal data concerning you. If this is the case, you have the right, under the conditions set out in Art. 15 DSGVO, to access this personal data and the other information listed in Art. 15 DSGVO.
16.2 Correction (Art. 16 DSGVO) You have the right to ask us to correct incorrect personal data concerning you and, if necessary, to complete incomplete personal data.
16.3 Deletion (Art. 17 DSGVO) You have the right to demand from us that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 DSGVO applies in detail, e.g. if your data is no longer required for the purposes pursued by us.
16.4 Restriction of data processing (Art. 18 DSGVO) You have the right to ask us to limit the processing if one of the conditions listed in Art. 18 DSGVO is met, e.g. if you dispute the accuracy of your personal data, the data processing will be limited for the time necessary to allow us to verify the accuracy of your data.
16.5 Data transferability (Art. 20 DSGVO) You have the right, under the conditions set out in Art. 20 DSGVO, to request the surrender of data concerning you in a structured, common and machine-readable format.
16.6 Revocation of consents (Art. 7 para. 3 DSGVO) You have the right to revoke your consent at any time in the case of processing based on consent. The revocation is valid from the time of its assertion. In other words, it works for the future. The processing will therefore not become retroactively illegal by the revocation of the consent.
16.7 Appeal (Art. 77 DSGVO) If you believe that the processing of personal data concerning you violates the DSGVO, you have the right to complain to a supervisory authority. They can exercise this right before a supervisory authority in the EU Member State of their residence, place of work or the place where the suspected infringement was committed.
16.8 Prohibition of automated decisions/profiling (Art. 22 DSGVO) Decisions that have legal consequences for you or that significantly affect you must not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision making including profiling with regard to your personal data.
16.9 Opposition (Art. 21 DSGVO) If we process your personal data on the basis of Art. 6 Para. 1 lit. f DSGVO (to safeguard overriding legitimate interests), you have the right to object to this under the conditions set out in Art. 21 DSGVO. However, this only applies if there are reasons arising from your particular situation. Following an objection, we will no longer process your personal data, unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms. Nor do we have to stop processing if it serves the assertion, exercise or defence of legal claims. In any case, and regardless of any specific situation, you have the right to object at any time to the processing of your personal data for direct marketing purposes.