Privacy Policy - VST Host für Live Performances

Privacy Policy

Introduction

With the following privacy policy, we would like to inform you about the types of personal data (hereinafter also referred to as “data”) we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).

The terms used are not gender-specific.

Responsible Person

The controller responsible for data processing on this website is:

EK Media Solutions GmbH
Caspar-Schrenk-Weg 8

79117 Freiburg

Phone: +49 761 63452
Email: info@soundmanager-vst-host.com

The controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Applicable Legal Basis

In the following, we inform you of the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the provisions of the GDPR, the national data protection regulations applicable in your or our country of residence or registered office may also apply. Should more specific legal bases be relevant in individual cases, we will inform you of these in this Privacy Policy.

Consent (Art. 6 (1) sentence 1 lit. a GDPR) – The data subject has given their consent to the processing of their personal data for one or more specific purposes.

Performance of a Contract and Pre-contractual Requests (Art. 6 (1) sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Legal Obligation (Art. 6 (1) sentence 1 lit. c GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.

Legitimate Interests (Art. 6 (1) sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

Security Measures

In accordance with legal requirements, and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, transfer, availability, and separation of the data. Furthermore, we have implemented procedures to ensure the exercise of data subject rights, the deletion of data, and responses to threats to the data.

Furthermore, we take into account the protection of personal data already during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection, through technical design and by implementing data protection-friendly default settings.

SSL Encryption (https): To protect the data you transmit via our online services, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transmission and Disclosure of Personal Data

In the course of processing personal data, it may occur that the data is transmitted to other entities, companies, legally independent organizational units, or individuals, or disclosed to them. Recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks, or providers of services and content integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to ensure the protection of your data.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if processing takes place in the context of the use of services of third parties or the disclosure or transmission of data to other persons, entities, or companies, this is carried out only in accordance with the legal requirements.

Subject to explicit consent or transmission required by contract or law, we process or allow data to be processed only in third countries with a recognized level of data protection or on the basis of special guarantees, such as contractual obligations through so-called standard protection clauses of the EU Commission, the existence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Use of Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie primarily serves to store information about a user during or after their visit within an online offering. Stored information may include, for example, language settings on a website, login status, a shopping cart, or the position at which a video was watched. The term "cookies" also includes other technologies that fulfill the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also referred to as "user IDs").

The following types of cookies and their functions are distinguished:

Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their browser.

Permanent Cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user revisits a website. Likewise, user interests, which are used for reach measurement or marketing purposes, can be stored in such a cookie.

First-Party Cookies: First-party cookies are set by us directly.

Third-Party Cookies (also: Third-Party Provider Cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.

Necessary (also: essential or strictly required) Cookies: Cookies may be absolutely necessary for the operation of a website (e.g., to store logins or other user inputs, or for security reasons).

Statistics, Marketing, and Personalization Cookies: Furthermore, cookies are generally used for audience measurement as well as when a user's interests or behavior (e.g., viewing certain content, using functions, etc.) are stored in a user profile on individual websites. Such profiles serve, for example, to display content to users that corresponds to their potential interests. This process is also referred to as "tracking," i.e., the monitoring of users' potential interests. Insofar as we use cookies or "tracking" technologies, we will inform you separately in our privacy policy or in the context of obtaining consent.

General Information on Withdrawal and Objection (Opt-Out): Depending on whether processing is based on consent or legal permission, you have the right at any time to withdraw consent given or to object to the processing of your data through cookie technologies (collectively referred to as "opt-out"). You can first declare your objection via your browser settings, e.g., by deactivating the use of cookies (although this may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared through a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can obtain further information on objections within the details provided about the service providers and cookies used.

Used Services and Service Providers:

Complianz:

On our website, the consent technology of Complianz is used to obtain consent for the storage of certain cookies on your device or for the use of certain technologies, as well as to document this in compliance with data protection regulations. The provider of this tool is Complianz, Kalmarweg 14-5 JG Groningen, Netherlands (hereinafter referred to as "Complianz").

The Complianz Consent Tool is installed locally on our server. No connection is established to the servers of the provider Complianz, ensuring a privacy-friendly solution. In order to assign the consents you have given or their withdrawal, Complianz stores a cookie in your browser. The collected data is stored exclusively on our server in accordance with GDPR requirements.

The data collected via the Complianz Consent Tool remains stored until the Complianz cookie is deleted by you, you request us to delete it, or the purpose for data storage no longer applies. Mandatory and necessary statutory retention obligations remain unaffected.

The Complianz Consent Tool is used to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 (1) lit. a GDPR for technically non-essential cookies, and Art. 6 (1) lit. f GDPR for technically necessary cookies.

You have the right to withdraw your consent at any time with effect for the future. You can do this by adjusting the cookie settings on our website or by deleting the corresponding cookie in your browser. In addition, under the GDPR you have further rights, such as the right of access, rectification, or erasure of your personal data.

Processing of Personal Data and Purposes of Processing

Contractual and Business Services: We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as "contractual partners"), within the scope of contractual and comparable legal relationships as well as related measures, and in the context of communication with the contractual partners (including pre-contractual), e.g., to respond to inquiries.

We process this data to fulfill our contractual obligations, to safeguard our rights, and for purposes related to administrative tasks and business organization. The data of contractual partners is disclosed to third parties within the framework of applicable law only insofar as this is necessary for the aforementioned purposes, to fulfill legal obligations, or with the consent of the contractual partners (e.g., to involved telecommunications, transport, and other auxiliary services, subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Contractual partners are informed about further forms of processing, e.g., for marketing purposes, within the scope of this privacy policy.

Which data is required for the aforementioned purposes is communicated to the contractual partners prior to or in the course of data collection, e.g., in online forms, by special markings (e.g., colors) or symbols (e.g., asterisks or similar), or personally.

We delete the data after the expiration of statutory warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for archiving purposes due to legal requirements (for tax purposes usually 10 years). Data disclosed to us by the contractual partner in the course of an assignment is deleted in accordance with the specifications of the assignment, generally after the end of the assignment.

Insofar as we use third-party providers or platforms to deliver our services, the terms and conditions and privacy policies of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Economic Analyses and Market Research: For business management reasons and in order to identify market trends, the wishes of contractual partners, and user needs, we analyze the data available to us regarding business transactions, contracts, inquiries, etc. The group of affected persons may include contractual partners, prospects, customers, visitors, and users of our online services.

The analyses are carried out for the purpose of business evaluations, marketing, and market research (e.g., to determine customer groups with different characteristics). In doing so, we may, where available, take into account the profiles of registered users along with their information, e.g., regarding services used. The analyses are for our internal use only and are not disclosed externally, unless they are anonymous analyses with aggregated, i.e., anonymized values. Furthermore, we respect the privacy of users and process the data for analysis purposes as pseudonymously as possible and, where feasible, anonymously (e.g., as aggregated data).

Contact

When contacting us (e.g., via contact form, email, telephone, or social media), the information provided by the inquiring persons is processed insofar as this is necessary to respond to the contact requests and any requested measures.

The response to contact requests within the scope of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre-)contractual inquiries, and otherwise on the basis of our legitimate interests in responding to the inquiries.

Provision of Online Services and Web Hosting

To ensure that our online services are provided securely and efficiently, we make use of the services of one or more web hosting providers, from whose servers (or servers managed by them) the online services can be accessed. For these purposes, we may utilize infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.

The data processed in the context of providing the hosting services may include all information relating to the users of our online services that arises during usage and communication. This regularly includes the IP address, which is necessary to deliver the content of online services to browsers, as well as all inputs made within our online services or on websites.

Collection of Access Data and Logfiles: We ourselves (or our web hosting provider) collect data on every access to the server (so-called server logfiles). The server logfiles may include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider.

The server logfiles can be used for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, so-called DDoS attacks), and also to ensure the utilization and stability of the servers.

Used Services and Service Providers:

IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany Website: https://www.ionos.de Privacy Policy: https://www.ionos.de/datenschutzerklaerung

Web Analysis and Online Marketing

We process personal data for the purposes of online marketing, which in particular may include the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on the potential interests of users, as well as the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (known as a "cookie") or similar methods are used, through which information relevant to the presentation of the aforementioned content is stored about the user. Such information may include, for example, viewed content, visited websites, online networks used, as well as communication partners and technical details such as the browser used, the computer system employed, and information on usage times. If users have consented to the collection of their location data, this may also be processed.

User IP addresses are also stored. However, we use available IP masking methods (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) are stored within the framework of online marketing processes, but rather pseudonyms. This means that neither we nor the providers of online marketing processes know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is generally stored in cookies or by similar methods. These cookies can later be read on other websites that use the same online marketing process, analyzed for the purpose of presenting content, supplemented with additional data, and stored on the server of the online marketing process provider.

Exceptionally, clear data may be assigned to the profiles. This is the case when users are, for example, members of a social network whose online marketing process we use and the network links the users' profiles with the aforementioned information. We ask you to note that users may enter into additional agreements with the providers, e.g., by giving consent during registration.

We generally only gain access to aggregated information about the success of our advertisements. However, within the framework of so-called conversion measurements, we can determine which of our online marketing processes have led to a so-called conversion, i.e., for example, to the conclusion of a contract with us. Conversion measurement is used solely to analyze the success of our marketing activities.

Unless otherwise stated, please assume that the cookies used are stored for a period of two years.

Possibility to Object (Opt-Out): We refer to the privacy notices of the respective providers and the opt-out options provided by them (so-called “opt-out”). If no explicit opt-out option has been specified, you have the possibility to disable cookies in your browser settings. However, this may restrict functions of our online services. We therefore additionally recommend the following opt-out options, which are offered collectively for specific regions: a) Europe: https://www.youronlinechoices.eu b) Canada: https://www.youradchoices.ca/choices c) USA: https://www.aboutads.info/choices d) Cross-regional: https://optout.aboutads.info

Used Services and Service Providers:

Google Analytics: Online Marketing and Web Analysis; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Opt-Out Option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://adssettings.google.com/authenticated.

Plugins and Embedded Functions as well as Content

We integrate functional and content elements into our online offering that are retrieved from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, graphics, videos, social media buttons, and posts (hereinafter collectively referred to as "content").

The integration always requires that the third-party providers of these contents process the users’ IP addresses, since without the IP address they could not send the contents to the users’ browsers. The IP address is therefore necessary for the display of these contents or functions. We strive to use only such contents whose respective providers use the IP address solely for delivering the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Through the “pixel tags,” information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the users’ devices and may include, among other things, technical information about the browser and operating system, referring websites, visit times, as well as further details on the use of our online offering, and may also be combined with such information from other sources.

Used Services and Service Providers:

YouTube: Video Content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Opt-Out Option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://adssettings.google.com/authenticated.

Planning, Organization and Support Tools

We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organization, administration, planning, and the provision of our services. In selecting third-party providers and their services, we comply with legal requirements.

In this context, personal data may be processed and stored on the servers of third-party providers. Various types of data may be affected, which we process in accordance with this privacy policy. These data may in particular include master data and contact details of users, data relating to transactions, contracts, other processes, and their contents.

If users are referred to third-party providers or their software or platforms in the course of communication, business, or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes. We therefore ask you to observe the privacy notices of the respective third-party providers.

We use services such as Zoom and Microsoft Teams exclusively in the context of support requests or for direct communication with our customers. In doing so, we ensure that all legal and data protection requirements are met and provide transparent information about their use.

Used Services and Service Providers:

Google Maps: Online Map Service; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;

Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy;

Zoom Video Communications: Software for Video Conferences; Service provider: Zoom Inc, 55 Almaden Blvd, San Jose, USA; Website: https://zoom.com; Privacy Policy: https://explore.zoom.us/de/privacy/

Microsoft Teams: Software for Video Conferences; Service provider: Microsoft Corporation, Redmond, WA 98052-6399, USA; Website: https://www.microsoft.com; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement

Deletion of Data

The data we process will be deleted in accordance with legal requirements as soon as the consents permitting their processing are revoked or other authorizations cease to apply (e.g., if the purpose for processing this data no longer exists or the data is no longer required for that purpose).

If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

Further information on the deletion of personal data may also be provided within the individual privacy notices of this privacy policy.

Changes and Updates to the Privacy Policy

We kindly ask you to regularly review the content of our privacy policy. We update the privacy policy whenever changes in the data processing we carry out make this necessary. We will inform you if such changes require an action on your part (e.g., consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that these addresses may change over time. We therefore ask you to verify the information before making contact.

Rights of Data Subjects

You have the right:

1) In accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent at any time. As a result, we are no longer permitted to continue the data processing that was based on this consent in the future;

2) In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, where applicable, meaningful information about its details;

3) In accordance with Art. 16 GDPR, you have the right to request without undue delay the rectification of inaccurate personal data stored by us or the completion of incomplete personal data;

4) In accordance with Art. 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;

5) In accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data, insofar as you contest the accuracy of the data, the processing is unlawful but you oppose the erasure of the data, we no longer need the data but you require it for the establishment, exercise, or defense of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR;

6) In accordance with Art. 20 GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request the transmission of such data to another controller;

7) In accordance with Art. 21 GDPR, you have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data that is carried out pursuant to Article 6 (1) (e) GDPR (data processing in the public interest) and Article 6 (1) (f) GDPR (data processing based on a balancing of interests); this also applies to profiling based on these provisions pursuant to Article 4 (4) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims;

If your objection concerns the processing of data for direct marketing purposes, we will immediately cease such processing. In this case, it is not necessary to provide reasons relating to your particular situation. This also applies to profiling insofar as it is connected with such direct marketing. If you wish to exercise your right to object, it is sufficient to send an email to info@soundmanager-vst-host.com

8) In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority at your habitual residence, place of work, or at the location of our company’s registered office;

Changes and Updates to this Privacy Policy