General information on the processing of your data

We are required by law to inform you about the processing of your personal data (further referred to as “data”) that occurs when you use our website. This data protection information informs you about the details of the processing of your data and about your legal rights in this regard. For terminologies as for example “personal data” or “processing”, the same definition shall apply as in Art. 4 of the General Data Protection Directive “GDPR”. We reserve the right to adapt the data protection declaration with effect for the future, in particular in the event of further development of the website, the use of new technologies or changes to the legal basis or the corresponding jurisdiction. We recommend that you read the privacy policy from time to time and take a printout or copy for your records.

Scope

The data protection information applies to all pages of https://www.insideoutshop.de/. It does not extend to any linked websites or Internet presences of other providers.

 

Controller

Controller for the processing of data within the scope of this data protection information is:

Century Media Records GmbH

Schäferstr. 33a

44147 Dortmund

Tel.: 02318297338

E-Mail: shop@insideout.de

Requests on data protection

If you have any questions about data protection with regard to our company or our website, you can contact our data protection officer:

Werner Hülsmann

Münchener Str. 101

Gebäude 1/1.OG

85737 Ismaning

E-Mail: sonymusic.de@extdsb.org

Security

We have taken comprehensive technical and organizational precautions to protect your personal data from unauthorized access, misuse, loss and other external interference. We regularly review our security measures and adapt them to the state of the art.

 

Your Rights Regarding Your Personal Data

You have the following rights concerning the processing of your personal data that you are entitled against us:

 

  • Right of Access: Pursuant to Art. 15 GDPR you have the right to obtain information concerning your data processed by us.
  • Right of Rectification: If the information concerning you is not (or no longer) accurate, you may request a correction pursuant to Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
  • Right to erasure: Pursuant to Art. 17 GDPR, you can request the deletion of your personal data.

 

  • Right to Restriction of Processing: Pursuant to Art. 18 GDPR you have the right to request the restriction oft he processing of your personal data.
  • Right to Object to Processing: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is carried out on the basis of Article 6 (1) sentence 1 lit. e) or lit. f) GDPR, in accordance with Article 21 (1) GDPR. In this case, we will not further process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, fundamental rights and freedoms. Further processing will also take place if the processing serves the assertion and exercise of or defense against legal claims (Art. 21 (1) GDPR). In addition, according to Art. 21 (2) GDPR, you have the right to object at any time to the processing of your personal data for the purposes of direct marketing; this also applies to any profiling, insofar as it is related to such direct marketing. We refer you to the right of objection in this privacy policy in connection with the respective processing.
  • Right to Withdraw Consent: As far as you have given consent to the proceesing of your personal data, pursuant to Art. 7 (3) GDPR, you have the right to withdraw that consent..
  • Right to Data Portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format ("data portability") as well as the right to have this data transferred to another controller if the prerequisites of Art. 20 (1) lit. a, b GDPR are met (Art. 20 GDPr).

If you believe that the processing of your personal data violates data protection law, you additionally have the right to complain to a data protection supervisory authority of your choice pursuant to Art. 77 GDPR. This includes the data protection supervisory authority responsible for the controller:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Postfach 200444, 40102 Düsseldorf or: Kavalleriestraße 2-4, 40213 Düsseldorf, phone: 0211/38424-0, E-Mail: poststelle@ldi.nrw.de, https://www.ldi.nrw.de.

Use of our Website

You can use our website for purely informational purposes without disclosing your identity. When you access the individual pages of the website in this way, only access data is transmitted to our web space provider so that the website can be displayed to you. The following data is processed in this context:

  • Browser type/ browser version,
  • operating system used,
  • language and version of the browser software,
  • date and time of access,
  • host name of the accessing end device,
  • IP address,
  • Content of the request (specific web page),
  • Access status/HTTP status code,
  • Websites accessed via the website,
  • Referrer URL (the previously visited website),
  • Message as to whether the access was successful and
  • Amount of data transferred.

 

 

The temporary processing of this data is necessary to technically enable the course of a website visit and a delivery of the website to your end device. The access data is not used to identify individual users and is not merged with other data sources. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for the processing is Art. 6 (1) 1 lit. f) GDPR. Our legitimate interests lie in ensuring the functionality of the website and the integrity and security of the website. Storing access data in log files, in particular the IP address, for a longer period of time enables us to detect and ward off misuse. This includes, for example, the defense against requests that overload the service or any bot use. The access data is deleted as soon as it is no longer required to achieve the purpose of its processing. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website. The log data is generally stored directly and exclusively accessible to administrators and deleted after seven days at the latest.

You may object to the processing insofar as the processing is based on Art. 6 (1) 1 lit. f) GDPR. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

Information on devices

In addition to the access data mentioned above, technologies are used when accessing the website that store information in your device (e.g. desktop PC, laptop, tablet and smartphone) or access information which is already stored in your device. These technologies may be, for example, so-called Cookies, Pixels, LocalStorage, SessionStorage, IndexedDB or browser fingerprinting technologies. These technologies can be used to recognize you across devices and websites.

According to Section 25 (1) TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz), we generally require your consent for the use of these technologies. According to Section 25 (2) TTDSG, such consent is only not required if the technologies either enable the transmission of a message via a public telecommunications network or if they are essential in order to provide a service that you have expressly requested:

 

Technically necessary Information on Devices

Some elements of our website serve the sole purpose of transmitting a message (Section 25 (2) No. 1 TTDSG) or are essential to provide you with our website or individual functionalities of our website (Section 25 (2) No. 2 TTDSG):

  • Language settings,
  • Articles in the shopping cart,
  • log-in information.

The elements are deleted after the storage is no longer necessary.

You can prevent processing by making the appropriate settings in your browser software. For elements whose storage duration is not limited to the session, you can delete the elements in the settings of your browser software after your session has expired.

Technical non necessary Information on Devices

We also use elements on the website that are not technically necessary. We use these technologies in accordance with legal requirements only with your consent. Information on the individual technologies and functions can be found in our "Settings" as well as sorted by the individual functions in the following information:

Consent-Management-Platform „One Trust“

We have integrated the consent management tool of OneTrust LLC. (Dixon House,1 Lloyd's Avenue, London, England; hereinafter: "OneTrust") on our website to request consent for the processing of your terminal information and personal data via cookies or other tracking technologies. OneTrust" gives you the opportunity to consent or opt-out of the processing of your terminal information and personal data using cookies or other tracking technologies for the purposes listed on "OneTrust". Such processing purposes may include, for example, the integration of external elements, integration of streaming content, statistical analysis, reach measurement, individualized product recommendations and individualized advertising. You can use "OneTrust" to give or withhold consent for all features, or give or withhold consent for individual purposes or individual third-party providers. The settings you have made can also be changed by you afterwards. The purpose of integrating "OneTrust" is to allow users of our website to decide whether to set cookies and similar functionalities and, in the course of further use of our website, to offer them the opportunity to change settings they have already made. In the course of using "OneTrust", personal data as well as information of the end devices used, such as the IP address, are processed. The information about the settings you have made will also be stored on your device.

The legal basis for the processing is Art. 6 para. 1 p. 1 lit. c) GDPR in conjunction with. Art. 7 (1) GDPR, insofar as the processing serves to fulfill the legally standardized obligations to provide evidence for the granting of consent. Otherwise, Art. 6 (1) 1 lit. f) GDPR is the relevant legal basis. Our legitimate interests in the processing lie in the storage of user settings and preferences in relation to the use of cookies and the evaluation of consent rates. The user settings made are then stored again for this period, unless you previously delete the information about your user settings yourself in the device capacities provided for this purpose.

You may object to the processing insofar as the processing is based on Art. 6 (1) 1 lit. f) GDPR. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

Contacting our Company

When contacting our company, e.g. by e-mail, the personal data you provide will be processed by us in order to answer your inquiry. The legal basis for the processing is Art. 6 (1) 1 lit. f) GDPR or Art. 6 (1) 1 lit. b) GDPR, if the contact is aimed at the conclusion of a contract. If the request is aimed at concluding a contract, the provision of your data is required and mandatory. If the data is not provided, it will not be possible to conclude or execute a contract or to process the inquiry. We delete the data accruing in this context after processing is no longer necessary - usually two years after the end of the communication - or, if necessary, restrict the processing to compliance with the existing legally mandatory retention obligations.

You may object to the processing insofar as the processing is based on Art. 6 (1) 1 lit. f) GDPR. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

Processing for contractual obligations

We process your personal data if and insofar as this is necessary for the initiation, establishment, execution and/or termination of a legal transaction with our company. The legal basis for this results from Art. 6 (1) 1 lit. b) GDPR. The provision of your data is necessary for the conclusion of the contract and you are contractually obliged to provide your data. If you do not provide your data, it will not be possible to conclude and/or execute the contract. After the purpose has been achieved (e.g. contract processing), the personal data will be blocked for further processing or deleted, unless we are authorized to process it further on the basis of a consent granted by you (e.g. consent to process the e-mail address for sending electronic advertising mail), a contractual agreement, a legal authorization (e.g. authorization to send direct advertising) or on the basis of legitimate interests (e.g. retention for the enforcement of claims).

The transfer of your personal data to third parties takes place insofar as

  • it is necessary for the establishment, implementation or termination of legal transactions with our company (e.g. in the case of the transfer of data to a payment service provider/shipping company for the processing of a contract with your person), in accordance with Art. 6 (1) 1 lit. b) GDPR, or
  • a subcontractor or agent that we use exclusively in the context of providing the offers or services you have requested requires this data (such auxiliaries are, unless you are expressly informed otherwise, only authorized to process the data to the extent that this is necessary for the provision of the offer or service), or
  • an enforceable official order (Art. 6 (1) 1 lit. c) GDPR) exists, or
  • an enforceable court order exists (Art. 6 (1) 1 lit. c) DSGVO), or
  • we are obliged to do so by law (Art. 6 (1) 1 lit. c) GDPR), or
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person 6 (1) 1 lit. d) GDPR), or
  • it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (Art. 6 (1) 1 lit. e) GDPR), or
  • we can invoke our overriding legitimate interests or those of a third party for disclosure (Art. 6 (1) 1 lit. f) GDPR).

Any further transfer of your personal data to other persons, companies or bodies will not take place unless you have effectively consented to such a transfer. The legal basis of the processing is then Art. 6 (1) 1 lit. a) GDPR. We list the respective recipients in the context of this data protection information in relation to the respective processing operation.

Onlineshop

If you want to purchase a product in our online store, it is necessary and obligatory for the initiation and conclusion of the contract that you provide personal data, such as your first and last name, your address and your e-mail address. In addition, information from your shopping cart is processed. We process your data for order processing and, for this purpose, will in particular forward payment data to the payment service provider selected by you or to our credit institute. The legal basis for the processing is Art. 6 (1) 1 lit. b) GDPR. The provision of your data is necessary and mandatory for the conclusion or execution of the contract. If you do not provide your data, it will not be possible to conclude and/or execute a contract. To prevent unauthorized third parties from accessing your personal data, the data transfer in the course of the ordering process on the website is encrypted with state of the art technology. You can voluntarily create a customer account, in which we store your data for future visits to the website. When you create a customer account, the data you provide will be processed. You can edit or delete all further data independently in the customer account after successful registration. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal obligations to retain data. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after fulfillment of the contract, we restrict processing and reduce processing to compliance with existing legal obligations.

Shop System „Shopify“

We process your data to carry out orders via the store system "Shopify" of the provider "Shopify" (Shopify International Ltd. c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32. Ireland and Shopify, Inc, 151 O'Connor Street, Ground floor, Ottawa, ON K2P 2L8, Canada; hereinafter: "Shopify"), in way that the data provided as part of the order, such as first and last name, address, e-mail address and information from your shopping cart are also processed by "Shopify". The legal basis for the use of "Shopify" is Art. 6 (1) 1 lit. f) GDPR. Our legitimate interests in the use of "Shopfiy" are offering a customer-friendly and speedy order processing. This data processed in this context will be deleted as soon as it is no longer necessary for the processing purpose. "Shopify" also processes your data in Canada. The legal basis for the transfer to Canada is the adequacy decision of the EU Commission. We will gladly you with a copy of the clauses upon request. Further information on the purpose, scope of processing and data transfer to third countries by "Shopify" can be found at https://help.shopify.com/en/manual/your-account/privacy .

You may object to the processing insofar as the processing is based on Art. 6 (1) 1 lit. f) GDPR. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

Frau Prevention

The fraud prevention tool "minFraud" from the provider MaxMind, Inc. (51 Pleasant Street #1020 Malden, MA 02148, USA; hereinafter: "MaxMind") is integrated into "Shopify Plus" via a programming interface (API - Application Programming Interface) in our shop system. For the purpose of fraud prevention, "minFraud" processes first and last name, IP address, email address, phone number, payment data, billing address, shipping address, terminal information, such as location and time, and hosting provider information. The "minFraud" service is a data return service that helps businesses prevent online fraud by providing risk assessments and risk data for online transactions. The above data collected at the time of ordering is forwarded to the "minFraud" service for analysis, which then sends the data back with a risk assessment. Based on reputation information, which is based on a customer network (the "minFraud" network) and billions of transactions, a scoring value is created, which states how high the probability of fraud is for the checked transaction. The legal basis for this  data processing is Art. 6 (1) 1 lit. f) GDPR. Our legitimate interests lie in the prevention of fraud a. Through "minFraud", we can check digital transactions for purchases in the web store in advance and thus prevent fraud. This enables us to avert financial damage to our company and contribute to the prevention of criminal acts. Your data processed in this context will be deleted as soon as it is no longer necessary for the processing purpose.

"MaxMind" also processes your data in the USA. No adequacy decision of the EU Commission exists for a data transfer to the USA. "MaxMind" is exclusively integrated via "Shopify Plus". "Shopify" has concluded the standard data protection clauses issued by the Commission with "MaxMind" in order to commit "MaxMind" to an adequate level of data protection. Upon request, "Shopify" will provide you with a copy of the clauses. Further information on data transfer to third countries by "Shopify" can be found at https://help.shopify.com/de/manual/your-account/privacy/GDPR/gdpr-faq#stimmt-shopify-standardvertragsklauseln-zu. Further information on the purpose and scope of processing by "MaxMind" can be found at https://www.maxmind.com/en/privacy-policy.

You may object to the processing insofar as the processing is based on Art. 6 (1) 1 lit. f) GDPR. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

Customer Account

To create a customer account, indepently from the provision of our service, you have to register with the following information:

  • E-Mail-adresse and
  • The password chosen by customer as well as
  • adress and
  • first and last name.

There is no obligation to use a clear name, you are free to use a pseudonym. 

We use the double opt-in for registration. After you have submitted the data required for registration, you will receive an e-mail with an link to activate the account. Only after the link has been activated by clicking on it will access to your customer account be created and registration successfully completed. For subsequent registrations (logins), you must enter the access data (user ID and password) that you selected during the first registration. Your data will be deleted as soon as they are no longer required to achieve the purpose of the processing. This is the case for the data collected during the registration process, when the registration on the website is cancelled or modified.

The following functions are available to you in the login area:

  • Change your profile data and
  • Viewing orders that have been placed by you.

Insofar as you use the login area of the website, e.g. to edit your profile data or to view orders placed, we also process the personal data required to initiate or fulfill the contract, in particular address data and information on the method of payment. 

The legal basis for the processing is Art. 6 (1) 1 lit. b) GDPR. The provision of your data is necessary and mandatory for the conclusion or performance of the contract. If you do not provide your data, you will not be able to register or use the login area, i.e. it will not be possible to conclude and/or execute a contract.

Your data will be deleted as soon as they are no longer required for the processing purpose. This is the case after deletion of the customer account, unless we are required by law to retain the data. In this case, we restrict the processing. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years.

You may object to the processing insofar as the processing is based on Art. 6 (1) 1 lit. f) GDPR. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

E-Mail-Marketing

Advertising to existing customers

We reserve the right to use the e-mail address provided by you in the context of the order in accordance with the statutory provisions to send you the following content by e-mail during or after the order, unless you have already objected to this processing of your e-mail address:

  • Information on new features of our online store,
  • Interesting offers from our portfolio,
  • special offers/temporary offers and
  • updates on our products and offers as well as
  • Updates on ongoing presales.

The legal basis for the data processing is Art. 6  (1) 1 lit. f) GDPR. Our legitimate interests in the aforementioned processing lie in increasing and optimizing our services, sending direct advertising and ensuring customer satisfaction. We delete your data when you end the usage process, but no later than three years after termination of the contract. We use an external e-mail marketing service to send the e-mails. For more information about this service provider, please refer to the section "Email marketing service".

We would like to point out that you can object to the receipt of direct advertising as well as the processing for the purpose of direct advertising at any time without incurring any costs other than the transmission costs according to the basic rates. You have a general right to object without giving reasons (Art. 21 (2) GDPR). To do so, click on the unsubscribe link in the respective email or send us your objection to the contact details listed in the "Responsible party" section

Newsletter

On our website, you have the option of subscribing to our general and topic-specific e-mail newsletters (e.g. on the respective stores or Century Media Records), with which we inform you regularly about the following content:

  • Information about new features of our online store,
  • interesting offers from our portfolio and
  • Special offers/temporary offers.

To receive the newsletter, you must provide a valid e-mail address. We process the e-mail address for the purpose of sending our e-mail newsletter and as long as you have subscribed to the newsletter. We use an external e-mail marketing service to send the newsletter. For more information about this service provider, please see the section "Email marketing service".

The legal basis for the processing is Art. 6 (1) 1 lit. a) GDPR. 

You can revoke your consent to the processing of your e-mail address for the receipt of the newsletter at any time, either by clicking directly on the unsubscribe link in the newsletter or by sending us a message via the contact details provided under "Controller". This does not affect the lawfulness of the processing that took place based on the consent until the time of your revocation.

In order to document your newsletter registration and to prevent misuse of your personal data, registration for our e-mail newsletter takes the form of the so-called double opt-in. After entering the data marked as mandatory, we will send you an e-mail to the e-mail address you provided, in which we ask you to explicitly confirm your subscription to the newsletter by clicking on a confirmation link. In doing so, we process the date and time of your subscription to the newsletter and the time of your confirmation. In this way, we ensure that you really want to receive our e-mail newsletter. We are obliged by law to prove your consent to the processing of your personal data in connection with the registration for the newsletter (Art. 7 (1) GDPR). Due to this legal obligation, the data processing is based on Art. 6 (1) 1 lit. c) GDPR.

You are not required to provide your personal data during the registration process. However, if you do not provide the required personal data, we may not be able to process your subscription or not completely. If no confirmation of the newsletter subscription is received within 24 hours, we will block the information transmitted to us and automatically delete it after one month at the latest. After your confirmation, your data will be processed as long as you have subscribed to the newsletter.

In case of unsubscription by exercising the revocation of the declaration of consent, we process your data, in particular your e-mail address, to ensure that you do not receive any further newsletters from us. The legal basis for data processing is Art. 6 (1) 1 lit. c) GDPR in order to comply with our obligations to provide proof, otherwise Art. 6 (1) 1 lit. GDPR. Our legitimate interests in this case are to comply with our legal obligations to reliably no longer deliver newsletters to you.

You may object to the processing insofar as the processing is based on Art. 6 (1) 1 lit. f) GDPR. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

In addition, we process the aforementioned data for the establishment, exercise or defense of legal claims. The legal basis for the processing is Art. 6 (1) c) GDPR and Art. 6 (1) GDPR. In these cases, our legitimate interest is the assertion or defense of claims.

You may object to the processing insofar as the processing is based on Art. 6 (1) 1 lit. f) GDPR. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

Email Marketing Service

We use the email marketing service „Salesforce Marketing Cloud“ of the company Salesforces.com, Inc. (Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States, further: Salesforce”).

If you have signed up for the newsletter, the data provided during registration and the data processed during the use of our newsletter service will be processed on the servers of our aforementioned email marketing service. The email marketing service acts as our processor and is contractually limited in its authority to use your personal data for purposes other than providing services to us in accordance with the applicable data processing agreement.

The legal basis for the processing is Art. 6 (1) 1 lit. f) GDPR. Our legitimate interests in using an external email marketing service lie in the optimization and targeted control and monitoring of our newsletter content. 

"Salesforce" also processes your data in the USA. There is no adequacy decision of the EU Commission for a data transfer to the USA. We have concluded so-called standard contractual clauses with "Salesforce" to commit "Salesforce" to an adequate level of data protection. We will gladly provide you with a copy upon request. For more information, including on the storage period, please refer to the data protection provisions of "Salesforce" at https://www.salesforce.com/de/company/privacy/.

You may object to the processing insofar as the processing is based on Art. 6 (1) 1 lit. f) GDPR. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

Payment Service Provider (PSP)/ Payment Providers

PayPal 

On our website we offer payment via "PayPal". The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal"). For payment, you must log in to your "PayPal" account. Your payment data provided to "PayPal" will be processed by "PayPal" for the purpose of payment processing. Further information on data processing by "PayPal" can be found here: erhalten Sie hier: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

In order to be able to assign your payment, we process your delivery/invoice address, e-mail address and the selected payment method. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Three years after termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations. 

The legal basis is Art. 6 (1)1 lit. b) DSGVO. The provision of your payment data is necessary and mandatory for the conclusion or execution of the contract. If the payment data is not provided, it will not be possible to conclude and/or execute a contract with the payment method "PayPal".

Bank Transfer in Advance

On our website we offer you the payment via “bank transfer in advance". After your order, we will provide you with our bank details either during the ordering process or by sending a message to the e-mail address you provided during the ordering process. We process the data transmitted to us by your credit institution within the scope of the payment processing "bank transfer in advance" for the purpose of checking the bank transfer. In order to then be able to allocate your payment, we process your delivery/invoice address, reference number, e-mail address and the selected payment method. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations. 

 

The legal basis is Art. 6 para. 1 p. 1 lit. b) DSGVO. The provision of your payment data is necessary and mandatory for the conclusion or execution of the contract. If the payment data is not provided, it will not be possible to conclude and/or execute the contract using the payment method "bank transfer in advance".

 

Legal enforcement/ address determination/ debt collection

We reserve the right, in the event of non-payment, to pass on the data provided with the order to a lawyer and/or external companies (e.g. Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss) for the purposes of address determination and/or legal enforcement. The legal basis for the processing is Art. 6 (1) 1 lit. f) GDPR. Our legitimate interests lie in fraud prevention and the avoidance of default risks. In addition, we will share your data, if necessary, to ensure the exercise of our rights, as well as the rights of our affiliated companies, our cooperation partners, our employees and/or the users of our website and the processing is necessary to that extent. Under no circumstances will we sell or rent your data to third parties. The legal basis for the processing is Art. 6 (1) 1 lit. f) GDPR. We have a legitimate interest in processing for law enforcement. We delete the accruing data after the storage is no longer necessary or restrict the processing if there are legal retention obligations.

You may object to the processing insofar as the processing is based on Art. 6 (1) 1 lit. f) GDPR. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

Hosting

We use hosting services of the provider "Shopify" (Shopify International Ltd. Attn: Data Protection Officer c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32. Ireland and Shopify Inc ATTN: Chief Privacy Officer, 151 O'Connor Street, Ground floor, Ottawa, ON K2P 2L8, Canada) for the purpose of providing the following services: Infrastructure and platform services, computing capacity, and storage resources and database services. For these purposes, all data - including the access data mentioned under the item "Use of our website" - that are necessary for the operation and use of our website are processed. The legal basis for the processing is Art. 6 (1) 1 lit. f) GDPR. By using external hosting services, we pursue an efficient and secure provision of our web offer. "Shopify" also processes your data in Canada. The legal basis for the transfer to Canada is the adequacy decision of the EU Commission. We will gladly provide you with a copy of the clauses upon request. Further information on the purpose, scope of processing and data transfer to third countries by "Shopify" can be found under https://www.shopify.com/legal/privacy#information-sharing.

You may object to the processing insofar as the processing is based on Art. 6 (1) 1 lit. f) GDPR. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

Content Delivery Network

Cloudflare

In addition, we use the services of the Content Delivery Network (hereinafter: "CDN") of Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, United States; hereinafter: "Cloudflare") on our website for the purpose of faster retrieval of our online offer. When you visit the website, a library from the "CDN" is temporarily stored on your end device to prevent the content from being reloaded. In the process, your IP address is transmitted to the provider in the USA. "Cloudflare" partially processes your data in the USA. There is no adequacy decision of the EU Commission for a data transfer to the USA. We have concluded so-called standard contractual clauses with "Cloudflare" to commit "Cloudflare" to an adequate level of data protection. We will gladly provide you with a copy upon request. The legal basis for the processing is Art. 6 (1) 1 lit. f) DSGVO. With the use of "Cloudflare", we pursue the legitimate interest of faster retrievability as well as a more effective and improved presentation of our online offer. Further information on data protection and the storage period for "Cloudflare" can be found at: https://www.cloudflare.com/de-de/privacypolicy/.

You may object to the processing insofar as the processing is based on Art. 6 (1) 1 lit. f) GDPR. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

Services for Statistical, Analysis and Marketing Purposes

We use third-party services for statistical, analysis and marketing purposes. In this way, it is possible for us to provide you with a user-friendly, optimized use of the website. The third-party providers use cookies, pixels, browser fingerprinting or other tracking technologies to control their services. In the following, we inform you about the services of external providers currently used on our website as well as about the respective processing in individual cases and about your existing revocation options

Google Analytics

In order to optimally tailor our website to user interests, we use "Google Analytics", a web analytics service provided by "Google" (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter: "Google" and "Google Analytics"). "Google Analytics" uses so-called "cookies", which are stored on your end device for recognition purposes, as well as similar tracking methods for end device recognition such as tracking pixels, device fingerprinting and programming interfaces (e.g. APIs and SDKs) to process information from your end device. For this purpose, a randomly generated identification number (cookie ID/device ID) is assigned to your end device.

With the help of these technologies, "Google" processes the generated information about the use of our website by your end device as well as access data for the purpose of statistical analysis - e.g. call of a specific web page, number of unique visitors, entry and exit pages, dwell time, click, wipe and scroll behavior, actuation of buttons, registration for the newsletter, bounce rate and similar user interactions. For this purpose, it can also be determined whether different end devices belong to you or your household. Access data includes, in particular, the IP address, browser and device information, cookie ID/device ID, the website previously visited and the date and time of the server request. "Google" will process this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and, where separately indicated, providing us with other services relating to website activity. If you are registered with a Google service, "Google" can assign the website visit to your user account and create and evaluate user profiles across applications.

The legal basis for the processing is your consent in accordance with Art. 6 para (1)  1 lit. a) GDPR. "Google" also processes the data in part in the USA. There is no adequacy decision of the EU Commission for a data transfer to the USA. We have concluded so-called standard contractual clauses with "Google" in order to commit "Google" to an adequate level of data protection. We will provide you with a copy upon request. Your data in connection with "Google Analytics" will be deleted after fourteen months at the latest. Further information on data protection at "Google" can be found at: https://policies.google.com/privacy?hl=en&gl=de.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Settings" of the Consent Tool. In doing so, the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by the revocation.

Shopify

We also use tools from "Shopify" (Shopify International Ltd. Attn: Data Protection Officer c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32. Ireland and Shopify Inc ATTN: Chief Privacy Officer, 151 O'Connor Street, Ground floor, Ottawa, ON K2P 2L8, Canada) that use "cookies" or other tracking technologies that are stored on your terminal device. With the help of the cookies, "Shopify" processes the information generated about the use of our website by your device - e.g. that you have accessed a certain web page - and processes, among other things, the data mentioned in the section "Use of our website", in particular your IP address, browser information, the previously visited website and the date and time of the server request, for the purpose of statistical analysis of the website and product recommendations, use for troubleshooting as well as for improving our store. For this purpose, it may also be determined whether different devices belong to you or your household. "Shopify" will process this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and, where separately indicated, providing us with other services relating to website activity. The legal basis for the processing is your consent pursuant to Art. 6 (1)1 lit. a) GDPR. "Shopify" also processes your data in Canada. The legal basis for the transfer to Canada is the adequacy decision of the EU Commission. We will gladly provide you with a copy of the clauses upon request. Further information on the purpose, scope of processing and data transfer to third countries by "Shopify" can be found at https://help.shopify.com/en/manual/your-account/privacy

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Settings" of the Consent Tool. In doing so, the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by the revocation.

Adex

We also use the Data Managing Platform of the provider "The Adex GmbH" (Torstraße 19, 10119 Berlin; hereinafter: "Adex"), which uses so-called "cookies" or other tracking technologies that are stored on your device. The use of the Data Managing Platform "Adex" serves the analysis, conversion measurement, organization and individualization of marketing campaigns. For these purposes, "Adex" analyzes and categorizes incoming information generated by the user's terminal device about the use of and interactions with our website, access data, in particular IP address, the user ID and the date and time of the server request. "Adex" also evaluates usage behavior and access data from other sources, such as websites, apps and social media channels (published posts and generally accessible information), as well as the reach of advertisements, in order to support the individualized targeting of advertisements on websites, social media platforms as well as in apps. The use of "Adex" makes it possible to create target groups for specific user segments (e.g. fans of certain artists) and to use them later for individualized advertising targeting. In this process, a target group comprises a certain number of users who share the same characteristics. With the help of other marketing tools, interest-based advertisements can then be played. The legal basis for the processing is your consent in accordance with Art. 6 (1) 1 lit. a) GDPR. The storage period of the usage data is 6 days.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Settings" of the Consent Tool. In doing so, the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by the revocation.

Copyright by Spirit Legal