Privacy Policy / Datenschutzerklärung

for german version please click [here]

Privacy policy according to the EU-Data Protection Regulation (GDPR) and the new German Bundesdatenschutzgesetz (BDS-neu) as well as other applicable data protection laws.

Owner, publisher and responsible for the content, coordination and maintenance of this website is:



Websites:
geneticmusic.de
shop.geneticmusic.de

For Legal Information/Impressum [click here]


1) General Information:

The owner of this website takes the protection of your data very seriously. We proceed your personal data confidentially and according to the applicable laws and this declaration. Personal data are data that you can personally be identified with. This declaration explains which data we gather, why we need it and how we use it. It will also explain your rights regarding your personal data.


2) Logging and processing your data on our website and how we use your data:

By visiting and browsing our websites geneticmusic.de and shop.geneticmusic.de your personal data is being processed. This happens through various possible ways:


2a) Contact Form:

If you send us a message or request through the contact form, the personal data you type into the form (e.g. email-address, name, subject, message, date and time) will be send to us and stored. This data will not be shared with any third party. We only use it to process and answer your request. Therefore the processing of the data you put into the contact form takes place exclusively on the consent you give by clicking the “SEND”-button (Art. 6. 1 a GDPR). You have the right to withdraw this consent at any time. To do so an informal email to info@geneticmusic.de is sufficient. The lawfulness of processing your data on consent until your withdrawal stays unaffected. The data put into the contact form by you remain with us until you ask us to delete it, or until you withdraw your consent of its storage or until the purpose of storing the data expires (e.g. after we have completed your request).
We like to point out that any processing of data in the internet (e.g. communication by email) can imply lacks of security, even if a SSL-encryption is being used. A totally flawless protection of data against access of third parties is not possible. You are welcome to get in touch with us by post or phone instead (contact details see above).


2b) Online-Shop:

By using our online shop personal data of our customers is being collected (e.g. name, address, phone number, email-address, IP-Address), as well as data regarding the sales contract (e.g. ordered items). This data is necessary to proceed orders and enable the customer’s payment for orders as well as the delivery of our products. While browsing our online shop we use so-called session cookies. These are essential for having a shopping cart and to ensure a trouble-free order process. The processing of this data is according to Art. 6. 1 b GDPR. We share this data with third parties only for the purpose of payment and delivery, or to comply with legislation.

On the basis of Art. 6. 1 b GDPR we use the payment service Paypal (PayPal Europe S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg), which our customers can optionally choose during the order process to make their payment. Data necessary to make that payment is being transmitted to Paypal for that purpose (e.g. recipient related data, email-address, name, order total). This data is being processed and stored by Paypal. Therefore we refer to Paypal’s privacy policy (https://www.paypal.com/de/webapps/mpp/ua/privacy-full). Using Paypal to make a payment in our shop is optional. Alternatively there is the option to pay by bank transfer. In that case we will not transmit any data to a third party.

For the purpose of delivering the ordered goods we transfer personal data (e.g. name, delivery address, in some cases phone number) to shipping companies (like e.g. UPS, Deutsche Post, DHL). This is obligatory for us to fulfil our side of the sales contract (Art. 6. 1 b GDPR).


2c) User Account:

Customers have the option to create a non-public user account in our shop. To store the login status we place a so-called permanent cookie. Data put into the user account and in order to be able to provide the account, we store personal data (e.g. user name, password, email-address, IP-address or time of user activity). Before creating the account, customers must give their consent to store personal data (Art. 6. 1 a GDPR). Customers can delete their account instantly at any time. We are obliged to archive certain data due to commercial or tax laws according to Art. 6. 1 c GDPR.


2d) Newsletter:

On our website customers can optionally subscribe to our newsletter. To send newsletters we use the service of Newsletter2Go GmbH, Nürnberger Straße 8, 10787 Berlin, Germany. The privacy policy of Newsletter2Go can be viewed here: https://www.newsletter2go.de/datenschutz/. We use the service of Newsletter2Go according to Art. 6. 1 f GDPR as well as on the basis of our data processing contract with Newsletter2Go (according to Art. 28. 3 GDPR). Newsletter2Go processes data of the newsletter recipients in a pseudonymous way, without associating users or people, to optimize and improve their services and the distribution of newsletters and for statistical purposes. The data of our newsletter recipients are not shared with any third party by Newsletter2Go and not used to send emails to the recipients on their own behalf. In order to validate that a subscription to the newsletter is really initiated by the owner of this email address, Newsletter2Go uses the so-called Double-Opt-In method. This means, not only the subscription is registered but also the dispatch of a confirmation email and the herewith requested answer to confirm the subscription. No further data is being collected. Subscribers can unsubscribe from the news list at any time, either on our website or by using the unsubscribe link provided in every news mail.


2e) Hosting and Server-Log-files:

To be able to run our website and online shop we use the services of 1und1 (1&1 Internet SE, Elgendorfer Str. 57, 56410 Montabaur), e.g. to provide the platform, capacity, storage space, database, security services, technical maintenance. We use the services of 1und1 according to Art.6. 1 f GDPR as well as on the basis of our data processing contract with 1und (according to Art. 28. 3 GDPR). On that basis we or 1und1 are processing usage data, meta- and communication data of customers, potential customers and any visitor of our websites. The collection of this data is happening automatically when entering our website and it is used for technical optimization, to ensure an errorless provision of the website, statistical analysis and to offer information about how the website is being used. We also refer to the terms and conditions and privacy policy of 1und1 (https://hosting.1und1.de/terms-gtc/terms-gtc/). According to Art. 6. 1 f GDPR the provider of our websites (1und1.de) automatically processes and stores information in so-called Log-files, which your browser automatically submits:

    Browsertype and browser version
    Operating sytem in use
    Type of device in use
    your Internet-Service-Provider
    Hostname of the accessing device
    date and time of the server request
    Referrer URL (last website visited)
    Requested website or file
    IP-address in anonymous form (only to locate the request)
    Duration of the seeion
    Page requests per session

The temporary storage of the IP-address is necessary to enable the delivery and display of the website to the user. For that reason the IP-address has to be stored for the duration of the session. The storage in log-files is necessary to ensure the functionality of the website and to optimize the website and ensure the security of the technical systems. No analysis for marketing purposes is happening. The collection and storage of this data is obligatory for the operation of the website. Therefore the user has no right of objection. No consolidation of this data with other data sources is taking place. Basis for the data processing is Art. 6. 1 f GDPR, which allows the processing of data in order to fulfil a contract.


2f) Implementation of third party services:

On our websites we implement contents or services of third parties (according to Art 6. 1 f GDPR), e.g. videos or fonts (hereafter referred to as “content”).  In order to send content to the browser of the user the processing of the IP-address is necessary. Furthermore third party suppliers can use so-called Pixel-Tags (invisible graphics, also called web beacons) for statistical or marketing purposes or to analyse user traffic. Also cookies might be placed on the user device, to get information about browser and operating system, referring websites, duration of a session or further usage information. We cannot guarantee that this data is not combined with data from other sources.

On our websites we use the services of Youtube, Google Fonts and Google ReCaptcha of the following third party supplier:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Datenschutzerklärung: https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated


3) Further Information:


3a) Cookies:

Like almost all websites we are using so-called cookies (small text-files that are being placed on your device). Cookies make the navigation easier and enable the correct display of our website. By using cookies we cannot identify you as a person. Generally you can browse our website without using cookies. To do so you can disable cookies in the settings of your browser. Please note that certain parts of our website might not work properly if you have disabled cookies in your browser. We use cookies on the basis of Art. 6. 1 f GDPR.


3b) Social media:

We run online presences in social networks and platforms in order to inform about our products and to communicate with customers or people interested in our products. When using those networks and platforms, the terms and conditions and privacy policies of those sites apply. On the basis of Art. 6. 1 f GDPR we might process user data that has voluntarily been provided to us in these networks e.g. by public comments or private messages. The right of deletion of this data is of course unrestricted as well as all the other rights (see. Section 4).


3c) Accounting:

In compliance with our legal duty to have an orderly accounting, as well as with legal retention periods, we store customer- and order-related data according to Art. 6. 1 c GDPR. For this purpose we might also be obliged to share data with third parties such as fiscal authorities, tax consultants or auditors.


3d) Erasure of data

We abide by the principles of data reduction and data economy. We store your personal data only for the time necessary to fulfil its purpose, or for as long as the authorities require their archiving. After that the data is being deleted.


3e) Integrity and confidentiality

By using appropriate measures of security, as well as appropriate technical and organisational measures, we protect the stored data from unintentional loss, destruction or damage. To the very best of our ability we prevent unauthorized access to the stored data and the devices (e.g. servers).


4) Your rights:


4a) Right of access:

You have the right of access which includes information about what data we have stored, its usage, the origin, recipients and the duration and purpose of its collection at any time free of charge.


4b) Right of withdrawal, rectification, blocking and erasure (right to be forgotten):

You have the right to withdraw your consent to process your data, as well as the right of rectification, blocking and erasure of the data at any time free of charge. If you have questions about personal data or about your rights you can always contact us (see contact details in the legal section of our website). Also you have the right to complain to the responsible supervising authority (see 4d).


4c) Withdrawal of your consent to process your data:

Many processes using data are only possible with your explicit consent. You can withdraw your given consent at any time. To do so an informal email to info@geneticmusic.de is sufficient. The lawfulness of processing your data based on consent before its withdrawal stays unaffected.


4d) Right to complain to a supervisory authority

In the case of a breach of data protection laws, the affected person has the right to complain to a supervisory authority, which is the commissioner for data protection of the county our company is located (Nordrhein-Westfalen: www.ldi.nrw.de) or of the county the affected person is living or working or in the place of the alleged infringement.

 

last modified: May 24th 2018