PRIVACY POLICY

Privacy Policy

This privacy policy explains the type, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) on our website and the associated web pages, functions, and content, as well as external online presences, such as our social media profile (hereinafter jointly referred to as the “website”). We refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR) with regard to the terms used, such as “processing” or “controller”.

Controller

G+F Music Management GmbH
Wiener Straße 253
8051 Graz
E-Mail: office@djoetzi.com

Imprint : www.djoetzi.at/en/imprint

Types of data processed:

– User data (e.g. names, addresses).
– Contact data (e.g. email addresses, phone numbers).
– Content data (e.g. text input, photographs, videos).
– Usage data (e.g. websites visited, interest in content, access times).
– Meta/communication data (e.g. device information, IP addresses).

Categories of data subjects

Visitors and users of the website (hereinafter also referred to as “users”).

Purpose of processing

– Provision of the website, its functions and contents.
– Responding to contact requests and communicating with users.
– Security measures.
– Reach measurement/marketing

Terms used

“Personal data” refers to all information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is regarded as identifiable, if he/she can be directly or indirectly identified, especially by means of association with an identifier such as a name, with an identification number, with location data, with an online identifier (e.g. cookies) or with one or several special features reflecting the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.

“Processing” means any operation carried out with or without the aid of automated procedures or any such series of operations in connection with personal data. The term is broad and covers virtually every aspect of dealing with data.

“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or an identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

“Controller” refers to the natural or legal person, public authority, agency, or any other body that alone or jointly with others determines the purposes and means of the processing of personal data.

A “processor” is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.

Applicable legal bases

In accordance with art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not mentioned in the Data Protection Declaration, the following applies: the legal basis for obtaining consent is art. 6 para. 1 lit. a and art. 7 GDPR, the legal basis for processing for the fulfilment of our services and the execution of contractual measures as well as for replying to enquiries is art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is art. 6 para. 1 lit. f, GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 para. 1 lit. d GDPR applies as the legal basis.

Security measures

In accordance with art. 32 GDPR, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account current technology, implementation costs, the nature, scope, context and purposes of processing, and the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability, and separation. Furthermore, we have established procedures that guarantee the assertion of data subjects’ rights, deletion of data, and reaction to data risks. In addition, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and privacy-friendly defaults (art. 25 GDPR).

Cooperation with processors and third parties

If we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transmit the data to them, or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, in accordance with Art. 6 para. 1 lit. b GDPR, is required for contract fulfilment), you have consented, a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this only takes place if it occurs for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if the particular requirements of Art. 44 ff. GDPR are met. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

Rights of the data subjects

You have the right to request confirmation as to whether the data concerned are being processed and to request information about these data as well as further information and a copy of the data in accordance with art. 15 GDPR.

According to art. 16 GDPR, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.

In accordance with art. 17 GDPR, you have the right to demand that relevant data be deleted immediately or, alternatively, to demand a restriction on the processing of the data in accordance with art. 18 GDPR.

You have the right to request the data concerning you that you have provided to us in accordance with art. 20 GDPR and to request their transmission to other controllers.
In accordance with art. 77 GDPR, you have the further right to lodge a complaint with the competent supervisory authority.

Right of withdrawal

You have the right to revoke your consent according to art 7. para. 3 GDPR with effect for the future.

Right of objection

You can object to the future processing of the data concerning you in accordance with art. 21 GDPR at any time. The objection may be lodged in particular against processing for direct marketing purposes.

Cookies and right of objection to direct advertising

Cookies are small files that are stored on the user’s computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his/her visit to a website. Temporary cookies, “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves a website and closes his/her browser. For example, the content of a shopping cart in an online shop or a login status can be stored in a cookie of this nature. Cookies are referred to as “permanent” or “persistent” if they remain saved even after the browser is closed. For example, the login status can be saved if users visit after several days have passed. Likewise, the interests of users may be stored in a cookie of this nature and used for reach measurements or marketing purposes. “Third-party cookies” are cookies that are offered by providers other than the data controller who operates the website (otherwise, if the only cookies are run by the data controller, they are referred to as “first-party cookies”).

We may use temporary and permanent cookies and clarify this within the framework of our Privacy Policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Cookies that are already saved can be deleted in the system settings of the browser at any time. Deactivating the use of cookies can restrict some of this website’s functionality.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, you can deactivate the storage of cookies in the browser settings. Please note that in this case not all functions of the website can be used in full.

Deletion of data

The data processed by us will be deleted or their processing restricted in accordance with art. 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage obligations. If the data are not deleted because they are necessary for other and legally permissible purposes, the processing of the data will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

In particular, pursuant to legal requirements in Germany, storage lasts for 10 years pursuant to §§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB (German Commercial Code) (books, records, management reports, accounting records, trading books, documents relevant for taxation, etc.) and for 6 years in accordance with § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial letters).

In particular, pursuant to legal requirements in Austria, storage lasts for 7 years in accordance with section 132 para. 1 BAO (Austrian Federal Tax Code: accounting documents, receipts/invoices, accounts, receipts, business papers, statement of income and expenditure, etc.), for 22 years in connection with properties, and for 10 years for documents in connection with electronically provided services, telecommunications, radio and television services provided to non-entrepreneurs in EU Member States and for which the Mini-One-Stop-Shop (MOSS) is used.

DISQUS comment function

On the basis of our legitimate interests in efficient, secure, and user-friendly comment management in accordance with Art. 6 para. 1 lit. f. GDPR, we use the comment service DISQUS, provided by DISQUS, Inc., 301 Howard St, Floor 3 San Francisco, California- 94105, USA. DISQUS is certified under the Privacy Shield Agreement, thus providing a guarantee to comply with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

To use the DISQUS comment function, users can log in via their own DISQUS user account or an existing social media account (e.g. OpenID, Facebook, Twitter, or Google). DISQUS thereby obtains the user’s login data from the platforms. It is also possible to use the DISQUS comment function as a guest, without creating or using user accounts at DISQUS or one of the specified social media providers.

We merely embed DISQUS and its functions into our website, whereby we can influence the comments of the users. However, the user enters into a direct contractual relationship with DISQUS, within the framework of which DISQUS processes the user’s comments and is a contact person for any deletion of the user’s data. We refer you to the DISQUS Privacy Policy: https://help.disqus.com/terms-and-policies/disqus-privacy-policy and point out to users that they can assume that DISQUS stores not only the comment content but also their IP address and the time the comment is posted, as well as storing cookies on the user’s computer, which it can use to display advertisements. However, users may object to the processing of their data for the purpose of displaying advertisements: https://disqus.com/data-sharing-settings.

Comments and posts

If users leave comments or other posts, their IP addresses can be stored for 7 days on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR. This takes place for our security, in case someone leaves illegal content in comments and posts (abuse, forbidden political propaganda, etc.). In this case, we ourselves could be prosecuted for the comment or post and are therefore interested in the identity of the author.

Furthermore, we reserve the right, on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR, to process user information for the purpose of spam detection.

On the same legal basis, we reserve the right, in the case of surveys, to store the IP addresses of users for their duration and to use cookies to avoid multiple votes.

The data provided in the context of comments and posts will be permanently stored by us until the user objects.

Akismet Anti-Spam Testing

Our website uses the “Akismet” service provided by Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. The use is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) DSGVO. This service distinguishes real people’s comments from spam comments. All comments are sent to a server in the USA, where they are analysed and stored for four days for comparison purposes. If a comment has been classified as spam, the data will be stored beyond that time. This information includes the name entered, the e-mail address, the IP address, the comment content, the referrer, information about the browser used, the computer system, and the time of the entry.

For more information on Akismet’s collection and use of data, please refer to Automattic’s privacy policy: https://automattic.com/privacy/.

Users are welcome to use pseudonyms, or to refrain from entering their name or email address. You can completely prevent the transfer of data by not using our comment system. That would be a shame, but unfortunately we do not see any other alternatives that are just as effective.

Google Analytics

Based on our legitimate interests (i.e. interest in the analysis, optimisation, and economical operation of our website in accordance with Art. 6 para. 1 lit. f. GDPR), we use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the user’s use of the website is generally transmitted to and stored on a Google server in the USA.

Google is certified under the Privacy Shield agreement, thereby offering a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
On our behalf, Google will use this information to analyse the use of our website by users, to compile reports on activities on this website, and to provide us with other services related to the use of this website and the internet. Pseudonymous usage profiles of users may be created from the processed data in this respect.

We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is truncated by Google within the member states of the European Union or in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the US and truncated there.
The IP address sent by your browser will not be associated with other data held by Google. Users may prevent the use of cookies by selecting the appropriate settings in their browser; users can also prevent Google from collecting the data generated by the cookie regarding their use of the website and the processing of this data by Google by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on data use by Google, setting and objection options, can be found in Google’s privacy policy ( https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

Users’ personal data will be deleted or made anonymous after 14 months.

Target group formation with Google Analytics

We also use Google Analytics to display advertisements placed by Google and its partners within advertising services only to users who have also shown an interest in our website or who have certain characteristics (e.g. interest in certain topics or products that are determined by the websites visited) that we transmit to Google (known as “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we would also like to ensure that our advertisements correspond to the potential interest of users.

Online social media presence

We maintain online presences on social networks and platforms in order to communicate with active customers, interested parties, and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users who communicate with us on social networks and platforms, e.g. write posts on our pages or send us messages.

Integration of third-party services and content

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation, and economic operation of our website within the meaning of art. 6 para. 1 lit. f. GDPR), we include content or service offerings from third parties so that we can incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

This always presupposes that the third-party providers of this content can see the IP address of users, since without the IP address they would not be able to send the content to the users’ browsers. The IP address is therefore necessary in order to display this content. We strive only to use content from providers who use the IP address only to deliver content and nothing else. Third-party providers may also use so-called pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. “Pixel tags” can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visiting time, and other information about the use of our website. It may also be linked to such information from other sources.

Youtube

We integrate videos from the platform “YouTube” provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt out: https://adssettings.google.com/authenticated.

Google Fonts

We integrate fonts (“Google Fonts”) provided by the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt out: https://adssettings.google.com/authenticated.

Created with Datenschutz-Generator.de by RA Dr. Thomas Schwenke