customize privacy settings
Privacy Policy
This privacy policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the websites, functions and content associated with it (hereinafter collectively referred to as “online offer”). With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in art. 4 of the General Data Protection Regulation (GDPR).
Person in charge:
name/company: Music Eggert – Inhaber Rolf Eggert
street, number: Paulstraße 2
post code, place, country: 19249 Lübtheen, Deutschland
phone number: +49 38855 / 51 353
e-mail: [email protected]
Data protection officer:
name: Steffen Grabowski
phone number: +49 395 / 70 79 114
e-mail: [email protected]
Types of data processed:
Inventory data (e.g. names, addresses).
Contact details (e.g. e-mail, phone numbers).
Content data (e.g. text input).
Usage data (e.g. visited websites, interest in content, access times).
Meta-/communication data (e.g. device information, IP addresses).
Processing of special categories of data (art. ninth paragraph 1 GDPR):
In principle, no special categories of data are processed unless they are supplied for processing by the user (e.g. entered in forms).
Categories of data subjects:
Visitors and users of the online offer.
In the following, we also refer to the persons concerned as “users.”
Purpose of processing:
Provision of the online offer, its contents and functions.
Responding to contact requests and communicating with users.
Safety measures.
Date: 06.11.2020
1. Relevant legal bases
In accordance with art. 13 GDPR we inform you of the legal bases of our data processing. Unless the legal basis is stated in the privacy policy, the following applies: The legal basis for obtaining consent is art. 6 para. 1 lit. a and art. 7 GDPR, the legal basis for the processing for the performance of our services and the implementation of contractual measures as well as the response to inquiries is art. 6 para. 1 lit. b GDPR, the legal basis for the processing for the fulfilment of our legal obligations is art. 6 para. 1 lit. c GDPR, and the legal basis for the processing to safeguard our legitimate interests is art. 6 para. 1 lit. f GDPR. In case that vital interests of the data subject or another natural person require the processing of personal data, art. 6 para. 1 lit. d GDPR is the legal basis.
2. Changes and updates to the Privacy Policy
We ask you to regularly inform yourself about the content of our privacy policy. We adjust the privacy policy as soon as the changes to the data processing we perform make this necessary. We will inform you as soon as the changes result in an act of participation on your part (d. (e.g. consent) or other individual notification is required.
3. Safety measures
3.1. We shall meet in accordance with the provisions of art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying degrees of probability and seriousness of the risk to the rights and freedoms of natural persons, appropriate technical and organisational measures to ensure a level of protection appropriate to the risk. These measures shall include in particular the safeguarding of the confidentiality, integrity and availability of data by controlling physical access to data, as well as access, input, disclosure, safeguarding of availability and segregation thereof. Furthermore, we have established procedures to ensure that data subjects‘ rights are exercised, data is deleted, and we respond to any threat to the data. In addition, we take into account the protection of personal data already during the development, or selection of hardware, software and procedures, according to the principle of data protection by technical design and by data protection-friendly presettings (art. 25 GDPR).
4. Cooperation with processors and third parties
4. 1. If we disclose data to other persons and companies (processors or third parties) within the scope of our processing, they transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, according to art. 6 para. 1 lit. b GDPR is necessary for the performance of the contract), if you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosters, etc.).
4. 2. If we use third parties with the processing of data on the basis of a so-called „Contract processing contract”, this is done on the basis of art. 28 GDPR.
5. Transfers to third countries
If we have data in a third country (i.e. processing outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third-party services or disclosure or the transfer of data to third parties occurs, it takes place for the fulfilment of our (pre-) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests only. Subject to legal or contractual permissions, we process or leave the data in a third country only if the special conditions of art. 44 ff. processing GDPR. I. e. processing takes place e.g. on the basis of special guarantees, such as the officially recognised determination of an EU level of data protection or compliance with officially recognised specific contractual obligations (so-called “standard contractual clauses”).
6. Rights of data subjects
6. 1. You have the right to obtain confirmation as to whether or not data in question are being processed and to obtain information on such data and to receive further information and a copy of the data in accordance with art. 15 GDPR.
6. 2. Accordingly art. 16 GDPR you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
6. 3. You have, in accordance with the provisions of art. 17 GDPR the right to demand that the data in question be deleted immediately, or alternatively, in accordance with art. 18 GDPR to require a restriction of the processing of the data.
6. 4. You have the right to demand that the data concerning you that you have provided to us in accordance with art. 20 GDPR and to request their transmission to other controllers.
6. 5. Referred to art. 77 GDPR you have also the right to lodge a complaint to the competent supervisory authority.
7. Right of withdrawal
You have the right to give your consent according to the law art. 7 para. 3 GDPR with effect for the future.
8. Right of objection
You may decide on the future processing of the data concerning you in accordance with art. 21 DSGVO at any time contradict. The objection may be made in particular against processing for direct marketing purposes.
9. Deletion of data
9. 1. The data we process will be deleted or restricted in their processing in accordance with art. 17 and 18 GDPR. Unless expressly stated in the context of this privacy policy, the data stored by us will be deleted as soon as they are no longer necessary for their purpose and the deletion does not preclude any statutory retention obligations. If the data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. I. e. the data is blocked and not processed for other purposes. This applies e.g. for data which must be kept for commercial or tax law reasons.
9. 2. According to legal requirements, the storage is carried out in particular for 6 years according to § 257 para. 1 HGB (trade books, inventories, opening balances, annual accounts, trade letters, accounting documents, etc.) as well as for 10 years according to § 147 para. 1 AO (books, records, management reports, accounting documents, trade and business letters, documents relevant to taxation, etc.).
10. Contacting
10. 1. When contacting us (e.g. by e-mail) the information of the user for the processing of the contact request and its processing according to. Art. 6 para. 1 lit. b) GDPR processed. We would like to point out that unencrypted communication via e-mail is not considered to be safe. If possible, please use a secure means of communication such as a letter.
10. 2. User information can be stored in our Customer Relationship Management System (CRM System) or similar query organization.
10. 3. We use the “Zendesk” CRM system from Zendesk Inc. (1019 Market Street, San Francisco, CA 94 103 in the USA) based on our legitimate interests (efficient and fast processing of user requests). To this end, we have a contract with Zendesk Inc. standard contractual clauses in which Zendesk Inc. undertakes to process user data only in accordance with our instructions and to comply with the EU level of data protection.
10. 4. We delete the requests if they are no longer required. We verify the necessity at least annually. In the case of statutory archiving obligations, the deletion takes place after their expiration (end of commercial law (6 years) and tax law (10 years) retention obligation).
11. Collection of access data and log files
11. 1. We raise on the basis of our legitimate interests within the meaning of art. 6 para. 1 lit. f. GDPR data on every access to the server on which this service is located (so-called server log files). Access data include the name of the retrieved website, file, date and time of retrieval, amount of data transmitted, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
11. 2. Logfile information is used for security reasons (e.g. to investigate abuses or fraud) for a maximum period of seven days and then deleted. Data whose further storage is required for evidentiary purposes are exempt from deletion until the final clarification of the respective incident.