PRIVACY POLICY

Privacy policy

Introduction and terms
1.    Introduction
With the operation of our website mutantrockrecords.com (hereinafter referred to as "website") we process personal data. These will be treated confidentially by us and processed in accordance with the applicable laws - in particular the Basic Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG-neu). With our data protection regulations we want to inform you which personal data we collect from you, for which purposes and on which legal basis we use them and if necessary to whom we disclose them. Furthermore, we will explain to you which rights you are entitled to in order to protect and enforce your data protection.


2.    Terms
Our data protection regulations contain technical terms that are new in the DSGVO and the BDSG. For your better understanding, we would like to explain these terms in simple words in advance:


2.1    Personal data
"Personal data" means any information relating to an identified or identifiable person (Art. 4 No. 1 FADP). Details of an identified person can be e.g. the name or the e-mail address. However, personal data also includes data where the identity is not immediately apparent, but can be determined by combining one's own or third-party information and thus finding out who it is. A person becomes identifiable, for example, by providing their address or bank details, date of birth or user name, IP address and/or location data. Relevant here is all information that in any way allows conclusions to be drawn about a person.


2.2    Processing
Art. 4 No. 2 DPA defines "processing" as any operation involving personal data. This concerns in particular the collection, recording, organisation, arrangement, storage, adaptation or modification, reading, querying, use, disclosure, transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction of personal data.


Responsible company
3.    Responsible
Responsible for the data processing:

Company:            F&M Feral Media - Falarz & Mieth GbR ("we")
Legal representative:         Tobias Falarz, Mathias Mieth (Managing Director)
Address:             Allersberger Str. 185 L1a, 90461 Nuremberg, Germany
Phone:             0049 / 911 / 93 73 093
E-mail:                 info@fm-feralmedia.com


Processing framework
4.    Processing frame: website
Within the framework of the website with the URL mutantrockrecords.com, we process the personal data of you listed in detail under points 5-15 below. We only process data of you that you actively provide on our website (e.g. by filling out forms) or that you automatically provide when using our services.
Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we, as the client, are authorised to issue instructions to our contractor. For the operation of our website we use external service providers for hosting, as well as for maintenance, care and further development. If further external service providers are used for individual processing operations listed in paragraphs 5-15, they will be named there.

We host our website at the external service provider Strato (Strato AG, Pascalstraße 10, 10587 Berlin). A data transfer to third countries does not take place and is not planned. We will provide information about exceptions to this principle in the processing operations described below.


The processing operations In detail
5.    Provision of the website and server log files
5.1    Description of the processing
Every time you call up the website, we automatically record information that your browser sends to our server (so-called log files). The following data are involved:

•   your IP address

These are also stored in the so-called log files of our system. The temporary storage of your IP address by the system is necessary in order to deliver our website to the end device of a user. For this purpose, the IP address of the user must be stored for the duration of the session. However, your IP address is not recorded in our log files.


5.2    Purpose
Processing is carried out to enable the website to be accessed and to ensure its stability and security. Furthermore, the processing serves the statistical evaluation and improvement of our online offer.


5.3    Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 5.2


5.4    Storage duration
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended. The log files will be deleted after 7 days.


6.    Contact by e-mail
6.1    Description of the processing
You can contact us via the e-mail addresses given on the website. In this case, the personal data transmitted with the e-mail will be processed by us.


6.2    Purpose
By providing a contact form on our website, we want to offer you a convenient way to contact us. The data transmitted with and in your e-mail are used exclusively for the purpose of processing and answering your request.


6.3    Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 6. .2If the e-mail contact is aimed at the conclusion or fulfilment of a contract, the data processing is carried out for the purpose of fulfilling the contract (Art. 6 para. 1 lit. b DSGVO).


6.4    Storage duration
The data will be deleted by us as soon as they are no longer necessary for the purpose of their collection. This is usually the case when the respective communication with you has ended. The communication ends when it is clear from the circumstances that your request has been conclusively clarified. Insofar as statutory retention periods prevent deletion, deletion shall take place immediately after expiry of the statutory retention period.


7.    Cookies
7.1    Description of the processing
Our website uses cookies. Cookies are small text files that are stored on the user's end device when a website is visited. Cookies contain information that enables the recognition of an end device and possibly certain functions of a website. In most cases we only use so-called "session cookies". These are automatically deleted when you end your internet session and close the browser. Other cookies remain stored on your end device for a longer period of time. We use the following cookies on our website:

•    Cookie name: fm_cookie_confirm Purpose/function: "Cookie Confirm" is required to prevent the cookie warning from being displayed again on this website. Storage duration: This cookie expires at the end of the browser session.
•    Cookie name: _ga. Purpose/function: Google Analytics differentiation of visitors Storage period: This cookie expires 2 years after it was stored.
•     Cookie name: _gat. Purpose/function: Google Analytics throttling of request rates Storage duration: This cookie expires 1 minute after it has been placed.
•     Cookie name: _gid. Purpose/function: Google Analytics differentiation of users Storage period: This cookie expires 24 hours after it has been stored.


7.2    Purpose
We use cookies to make our website more user-friendly and to offer the functions described in section 7.1


7.3    Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 7.2. If you are asked by us for consent within the framework of a cookie banner or cookie content tool, the legal basis is Art. 6 para. 1 lit. a DSGVO. Such consent is voluntary.


7.4    Storage period, revocation of consent
Cookies are automatically deleted at the end of a session or when the specified storage period expires. Since cookies are stored on your terminal device, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, individual functions of our website cannot be used or can only be used to a limited extent. If we obtain consent to the use of cookies via a cookie banner or a cookie content tool, you can revoke this consent at any time in the settings of the cookie banner or cookie content tool with effect for the future.


8.    Social networks
8.1    Description of the processing
Our website does not use so-called social media plugins. The logos of the social networks Facebook, Twitter and Instagram displayed on our website are merely linked to the corresponding profiles of our company. If you click on one of the logos, you will be redirected to the external website of the respective social network.

However, our profiles within the social networks also constitute data processing. If you are logged in to the respective social network when visiting such a profile, this information is assigned to your user account there. If you interact with our profile, e.g. "share", "link" or "retweet" a post, this information is also stored in your user account. Through the so-called "Insights" on our Facebook page, we have the possibility to obtain statistical data. These statistics are provided by Facebook. The "Insights function" cannot be waived. We cannot decide to turn this feature on or off. It is available to all Facebook fan page operators, regardless of whether you use the Insights function of Facebook or not. We are provided with data for a selectable period of time and for the following groups of affected persons: Fans, subscribers, people reached and people interacting. The categories of personal data concerned are the following: Total number of page views, "liked me" information including origin, page activity, post interactions, reach, post range (divided into organic, viral and paid interactions), comments, shared content, responses, and demographic analysis, i.e. country of origin, gender and age. The Facebook Terms of Use - which every user must agree to in order to use Facebook - allow us to identify subscribers and fans of our site and view their profiles.
The social networks with which you communicate store your data using pseudonyms as user profiles and use them for advertising purposes and market research. For example, you may see advertisements within the social network and on other third party websites that match your presumed interests. For this purpose, cookies are usually used, which the social network stores on your end device. Further information on cookies can be found in section 7. You have a right of objection to the creation of these user profiles, for the exercise of which you must contact the social networks directly.


8.2    Purpose
We maintain profiles with the aforementioned social networks for the purpose of up-to-date and supportive public relations and corporate communication with customers and interested parties.
We use the "Facebook Insights" function to make our posts on our Facebook fan page more attractive for our visitors. This enables us, for example, to use favoured visiting times of the visitors for a time-optimised planning of our contributions.


8.3    Legal basis
The legal basis for data processing within the scope of our profiles on social networks is the protection of our predominant legitimate interests (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 8. .2If you are asked by us for consent within the framework of a cookie banner or cookie content tool, the legal basis is Art. 6 para. 1 lit. a DSGVO. Such consent is voluntary. If you are asked for consent by the respective operator of a social network, the legal basis is Art. 6 para. 1 lit. a DSGVO. Data processing in relation to our Facebook fan page is also carried out on the basis of a joint responsibility agreement pursuant to Art. 26 DSGVO between us and Facebook, which you can view here: https://www.facebook.com/legal/terms/page_controller_addendum


8.4    Recipient and transfer to third countries
The respective social networks are operated by the companies listed below. For further information on data protection with regard to our profile on the social networks, please refer to the linked data protection regulations.

•    Facebook: Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA. Datenschutzbestimmungen: http://www.facebook.com/policy.php ; http://www.facebook.com/help/186325668085084 , www.facebook.com/about/privacy/your-info-on-other sowie www.facebook.com/about/privacy/your-info
•    Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; privacy policy: twitter.com/privacy
•    Instagram: Instagram LLC, 1601 Willow Rd, Menlo Park, California 94025, USA; privacy policy: help.instagram.com/155833707900388/

The social networks process your personal data also in the USA and have submitted to the EU-US privacy shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework


9.    YouTube videos
9.1    Description of the processing
Our website uses services from "YouTube" a video platform operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (hereinafter referred to as "YouTube"). YouTube is represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube by embedding individual videos from the platform on our website as so-called iFrames so that they can be played directly on our website. The videos are integrated in the "extended data protection mode" offered on YouTube, i.e. h. No personal data will be transferred from you to Google as long as you do not play the videos. Only when a video is played does a data transfer to Google take place, over which we have no influence. When you play an embedded video on a subpage of our website, Google is informed which subpage you have visited and which video you have viewed. Your IP address may also be transmitted to Google. If you are logged in as YouTube or Google user, Google will assign this information to your user account. Google stores your data as user profiles and uses them for advertising purposes, market research and/or for the design of Google websites to meet your needs. You have a right of objection to the creation of these user profiles, which you must exercise by contacting Google directly. Further information on data protection at Google can be found at https://policies.google.com/privacy?hl=de-DE


9.2    Purpose
The processing is done to be able to show you videos on our website.


9.3    Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 9.2


9.4    Recipient and transfer to third countries
By integrating YouTube, personal data may be transmitted to YouTube LLC or Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework


10.    SPOTIFY
10.1    Description of the processing
On our pages functions of the music service Spotify are integrated. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. You can recognize the Spotify plugins by the green logo on our site. An overview of the Spotify plugins can be found at: developer.spotify.com

This allows a direct connection between your browser and the Spotify server to be established when visiting our pages via the plugin. Spotify is informed that you have used your IP address to visit our site. If you click on the Spotify button while logged into your Spotify account, you can link the content of our sites on your Spotify profile. This allows Spotify to associate your visit to our sites with your user account. If you do not want Spotify to associate your visit to our sites with your Spotify account, please log out of your Spotify account.


10.2    Purpose
The processing is done to enable you to discover music by artists in connection with our website.


10.3    Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 10.2


10.4    Recipient and transfer to third countries
Spotify transmits, processes and stores information about our users on servers located in several countries. For more information, please see the Spotify privacy policy: https://www.spotify.com/de/legal/privacy-policy


11.    Google Analytics
11.1    Description of the processing
Our website uses "Google Analytics", a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Analytics uses cookies (see item 7), which enable an analysis of your use of our offer. We use Google Analytics in the offered version "Universal Analytics", which allows this analysis across devices by assigning the data to a pseudonymous user ID. The information generated by the cookie is usually transferred to a Google server in the USA and stored there. However, we use Google Analytics exclusively with IP anonymisation. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google. The statistics created by Google Analytics record in particular how many users visit our website, from which country or location the access takes place, which sub-pages are called up and which links or search terms are used to reach our website. The terms of use of Google Analytics can be found at https://marketingplatform.google.com/about/analytics/terms/de/ . An overview of data protection at Google Analytics is available at http://www.google.com/intl/de/analytics/learn/privacy.html . The privacy policy of Google can be viewed at https://policies.google.com/privacy?hl=de-DE


11.2    Purpose
The processing is done in order to be able to evaluate the use of our website. The information thus obtained serves to improve our online presence and to design it in line with your needs.


11.3    Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 11. .2If you are asked by us in the context of a cookie banner or cookie content tool for consent, which also covers the use of Google Analytics, then the legal basis is Article 6 paragraph 1 lit. a DSGVO. Such consent is voluntary.


11.4    Storage period and right of objection, withdrawal of consent
We have explained the storage period as well as your control and setting options for cookies in section 7. You can object to data processing by Google Analytics at any time by downloading and installing the browser add-on offered by Google at https://tools.google.com/dlpage/gaoptout?hl=de . Alternatively you have the possibility to click on the following link. This will place an opt-out cookie on your end device, which will prevent the collection of your information on future visits to this website: Disable Google Analytics. The analysis data processed and stored with Google Analytics is automatically deleted by us after 14 months. If we obtain consent to use Google Analytics via a cookie banner or cookie content tool, such consent may be revoked by you at any time within the settings of the cookie banner or cookie content tool with effect for the future.


11.5    Recipient and transfer to third countries
Google Analytics is a service provider for us within the scope of an order processing. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework


12.    Google Tag Manager
Our website uses the "Google Tag Manager", a service of the company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). The Google Tag Manager does not collect any personal data and does not set any cookies. This service only allows us to integrate and manage tags on our website. Tags are small code elements on our website that are useful for measuring traffic and visitor behaviour, measuring the impact of online advertising and social channels, using remarketing and targeting, testing and optimising the website. You can find more information about the Google Tag Manager here:  https://www.google.com/intl/de/tagmanager/use-policy.html


13.    DoubleClick by Google
13.1    Description of the processing
Doubleclick by Google is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Doubleclick by Google uses cookies to present you with advertisements relevant to you. This involves assigning a pseudonymous identification number (ID) to your browser in order to check which ads have been displayed in your browser and which ads have been called up. The cookies contain no personal information.


13.2    Purpose
DoubleClick's use of the DoubleClick cookie only enables Google and its partner websites to serve ads based on previous visits to our or other websites on the Internet.


13.3    Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 13. .2If you are asked by us for consent within the framework of a cookie banner or cookie content tool, the legal basis is Art. 6 para. 1 lit. a DSGVO. Such consent is voluntary.


13.4    Storage period and right of objection, withdrawal of consent
We have explained the storage period as well as your control and setting options for cookies in section 7. You can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of our website to their full extent. You can also prevent the collection of the data generated by the cookies and related to your use of the websites to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: adssettings.google.com/anonymous under the item DoubleClick deactivation extension. Alternatively, you can disable the Doubleclick cookies on the Digital Advertising Alliance site by clicking on the link: optout.aboutads.info below. If we obtain consent to use Doubleclick via a cookie banner or a cookie content tool, you can revoke this consent at any time in the settings of the cookie banner or cookie content tool with effect for the future.


13.5    Recipient and transfer to third countries
The information generated by the cookies is transferred by Google to a server in the USA for evaluation and stored there. Google adheres to the privacy provisions of the Privacy Shield Agreement and is registered with the Privacy Shield Program of the U.S. Department of Commerce. A transfer of data by Google to third parties only takes place on the basis of legal regulations or within the scope of commissioned data processing. Under no circumstances will Google combine your data with other data collected by Google. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework . The privacy policy of Google can be viewed at https://policies.google.com/privacy?hl=del=de


14.    Content Delivery Networks (CDN)
14.1    Description of the processing
Our website uses so-called Content Delivery Networks (CDN). CDNs reduce the loading time of common JavaScript libraries because the files are transferred from fast, remote or underutilized servers of external service providers. Another advantage compared to storing the JavaScript libraries locally on our server is that the files are regularly checked for security by external service providers and kept up-to-date. We have integrated the JavaScript library jQuery from external service providers for the implementation of some programming functions. When you visit our website, a connection is established to the servers of the aforementioned external services and the jQuery library is loaded into our website. This will transmit to the external service providers which website you have visited. Your IP address may also be transmitted. To prevent the execution of Java-Script altogether, you can install a Java-Script blocker in your browser.


14.2    Purpose
The processing is done to reduce the loading time of our website and to be able to integrate JavaScript library quickly and safely.


14.3    Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 15.2

14.4    Recipient and transfer to third countries
By integrating the JavaScript libraries, your data will be transferred to one of the following CDNs:
•    jQuery hosted on Google ajax.googleapis.com: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; For more information about Google's privacy policy, please visit https://policies.google.com/privacy?hl=de-DE
•    jQuery hosted at jQuery, www.jquery.com: JS Foundation, 1 Letterman Dr Suite D4700, San Francisco, California 94129, USA


Security measures
15.    Security measures
In order to protect your personal data from unauthorised access, we have provided our website with an SSL or TLS certificate. SSL stands for "Secure-Sockets-Layer" and TLS for "Transport Layer Security" and encrypts the communication of data between a website and the user's end device. You can recognize the active SSL or TLS encryption by a small lock logo, which is displayed on the far left in the address line of the browser.


Your rights
16.    Rights of data subjects
With regard to the data processing by our company described above, you are entitled to the following rights of data subjects:


16.1    Information (Art. 15 DSGVO)
You have the right to ask us to confirm whether we process personal data concerning you. If this is the case, you have the right, under the conditions set out in Art. 15 DSGVO, to access this personal data and the other information listed in Art. 15 DSGVO.


16.2    Correction (Art. 16 DSGVO)
You have the right to ask us to correct incorrect personal data concerning you and, if necessary, to complete incomplete personal data.


16.3    Deletion (Art. 17 DSGVO)
You have the right to demand from us that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 DSGVO applies in detail, e.g. if your data is no longer required for the purposes pursued by us.


16.4    Restriction of data processing (Art. 18 DSGVO)
You have the right to ask us to limit the processing if one of the conditions listed in Art. 18 DSGVO is met, e.g. if you dispute the accuracy of your personal data, the data processing will be limited for the time necessary to allow us to verify the accuracy of your data.


16.5    Data transferability (Art. 20 DSGVO)
You have the right, under the conditions set out in Art. 20 DSGVO, to request the surrender of data concerning you in a structured, common and machine-readable format.


16.6    Revocation of consents (Art. 7 para. 3 DSGVO)
You have the right to revoke your consent at any time in the case of processing based on consent. The revocation is valid from the time of its assertion. In other words, it works for the future. The processing will therefore not become retroactively illegal by the revocation of the consent.


16.7    Appeal (Art. 77 DSGVO)
If you believe that the processing of personal data concerning you violates the DSGVO, you have the right to complain to a supervisory authority. They can exercise this right before a supervisory authority in the EU Member State of their residence, place of work or the place where the suspected infringement was committed.


16.8    Prohibition of automated decisions/profiling (Art. 22 DSGVO)
Decisions that have legal consequences for you or that significantly affect you must not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision making including profiling with regard to your personal data.


16.9    Opposition (Art. 21 DSGVO)
If we process your personal data on the basis of Art. 6 Para. 1 lit. f DSGVO (to safeguard overriding legitimate interests), you have the right to object to this under the conditions set out in Art. 21 DSGVO. However, this only applies if there are reasons arising from your particular situation. Following an objection, we will no longer process your personal data, unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms. Nor do we have to stop processing if it serves the assertion, exercise or defence of legal claims. In any case, and regardless of any specific situation, you have the right to object at any time to the processing of your personal data for direct marketing purposes.

Status: November 2019