G+F Music Management GmbH
Wiener Straße 253
Imprint : www.djoetzi.at/en/imprint
Types of data processed:
– User data (e.g. names, addresses).
– Contact data (e.g. email addresses, phone numbers).
– Content data (e.g. text input, photographs, videos).
– Usage data (e.g. websites visited, interest in content, access times).
– Meta/communication data (e.g. device information, IP addresses).
Categories of data subjects
Visitors and users of the website (hereinafter also referred to as “users”).
Purpose of processing
– Provision of the website, its functions and contents.
– Responding to contact requests and communicating with users.
– Security measures.
– Reach measurement/marketing
“Personal data” refers to all information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is regarded as identifiable, if he/she can be directly or indirectly identified, especially by means of association with an identifier such as a name, with an identification number, with location data, with an online identifier (e.g. cookies) or with one or several special features reflecting the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.
“Processing” means any operation carried out with or without the aid of automated procedures or any such series of operations in connection with personal data. The term is broad and covers virtually every aspect of dealing with data.
“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or an identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
“Controller” refers to the natural or legal person, public authority, agency, or any other body that alone or jointly with others determines the purposes and means of the processing of personal data.
A “processor” is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.
Applicable legal bases
In accordance with art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not mentioned in the Data Protection Declaration, the following applies: the legal basis for obtaining consent is art. 6 para. 1 lit. a and art. 7 GDPR, the legal basis for processing for the fulfilment of our services and the execution of contractual measures as well as for replying to enquiries is art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is art. 6 para. 1 lit. f, GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 para. 1 lit. d GDPR applies as the legal basis.
In accordance with art. 32 GDPR, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account current technology, implementation costs, the nature, scope, context and purposes of processing, and the varying likelihood and severity of the risk to the rights and freedoms of natural persons.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability, and separation. Furthermore, we have established procedures that guarantee the assertion of data subjects’ rights, deletion of data, and reaction to data risks. In addition, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and privacy-friendly defaults (art. 25 GDPR).
Cooperation with processors and third parties
If we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transmit the data to them, or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, in accordance with Art. 6 para. 1 lit. b GDPR, is required for contract fulfilment), you have consented, a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this only takes place if it occurs for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if the particular requirements of Art. 44 ff. GDPR are met. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
Rights of the data subjects
You have the right to request confirmation as to whether the data concerned are being processed and to request information about these data as well as further information and a copy of the data in accordance with art. 15 GDPR.
According to art. 16 GDPR, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.
In accordance with art. 17 GDPR, you have the right to demand that relevant data be deleted immediately or, alternatively, to demand a restriction on the processing of the data in accordance with art. 18 GDPR.
You have the right to request the data concerning you that you have provided to us in accordance with art. 20 GDPR and to request their transmission to other controllers.
In accordance with art. 77 GDPR, you have the further right to lodge a complaint with the competent supervisory authority.
Right of withdrawal
You have the right to revoke your consent according to art 7. para. 3 GDPR with effect for the future.
Right of objection
You can object to the future processing of the data concerning you in accordance with art. 21 GDPR at any time. The objection may be lodged in particular against processing for direct marketing purposes.
Cookies and right of objection to direct advertising
Cookies are small files that are stored on the user’s computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his/her visit to a website. Temporary cookies, “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves a website and closes his/her browser. For example, the content of a shopping cart in an online shop or a login status can be stored in a cookie of this nature. Cookies are referred to as “permanent” or “persistent” if they remain saved even after the browser is closed. For example, the login status can be saved if users visit after several days have passed. Likewise, the interests of users may be stored in a cookie of this nature and used for reach measurements or marketing purposes. “Third-party cookies” are cookies that are offered by providers other than the data controller who operates the website (otherwise, if the only cookies are run by the data controller, they are referred to as “first-party cookies”).
Deletion of data
In particular, pursuant to legal requirements in Germany, storage lasts for 10 years pursuant to §§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB (German Commercial Code) (books, records, management reports, accounting records, trading books, documents relevant for taxation, etc.) and for 6 years in accordance with § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial letters).
In particular, pursuant to legal requirements in Austria, storage lasts for 7 years in accordance with section 132 para. 1 BAO (Austrian Federal Tax Code: accounting documents, receipts/invoices, accounts, receipts, business papers, statement of income and expenditure, etc.), for 22 years in connection with properties, and for 10 years for documents in connection with electronically provided services, telecommunications, radio and television services provided to non-entrepreneurs in EU Member States and for which the Mini-One-Stop-Shop (MOSS) is used.
DISQUS comment function
On the basis of our legitimate interests in efficient, secure, and user-friendly comment management in accordance with Art. 6 para. 1 lit. f. GDPR, we use the comment service DISQUS, provided by DISQUS, Inc., 301 Howard St, Floor 3 San Francisco, California- 94105, USA. DISQUS is certified under the Privacy Shield Agreement, thus providing a guarantee to comply with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
To use the DISQUS comment function, users can log in via their own DISQUS user account or an existing social media account (e.g. OpenID, Facebook, Twitter, or Google). DISQUS thereby obtains the user’s login data from the platforms. It is also possible to use the DISQUS comment function as a guest, without creating or using user accounts at DISQUS or one of the specified social media providers.
Comments and posts
If users leave comments or other posts, their IP addresses can be stored for 7 days on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR. This takes place for our security, in case someone leaves illegal content in comments and posts (abuse, forbidden political propaganda, etc.). In this case, we ourselves could be prosecuted for the comment or post and are therefore interested in the identity of the author.
Furthermore, we reserve the right, on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR, to process user information for the purpose of spam detection.
The data provided in the context of comments and posts will be permanently stored by us until the user objects.
Akismet Anti-Spam Testing
Our website uses the “Akismet” service provided by Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. The use is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) DSGVO. This service distinguishes real people’s comments from spam comments. All comments are sent to a server in the USA, where they are analysed and stored for four days for comparison purposes. If a comment has been classified as spam, the data will be stored beyond that time. This information includes the name entered, the e-mail address, the IP address, the comment content, the referrer, information about the browser used, the computer system, and the time of the entry.
Users are welcome to use pseudonyms, or to refrain from entering their name or email address. You can completely prevent the transfer of data by not using our comment system. That would be a shame, but unfortunately we do not see any other alternatives that are just as effective.
Google is certified under the Privacy Shield agreement, thereby offering a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
On our behalf, Google will use this information to analyse the use of our website by users, to compile reports on activities on this website, and to provide us with other services related to the use of this website and the internet. Pseudonymous usage profiles of users may be created from the processed data in this respect.
We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is truncated by Google within the member states of the European Union or in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the US and truncated there.
Users’ personal data will be deleted or made anonymous after 14 months.
Target group formation with Google Analytics
We also use Google Analytics to display advertisements placed by Google and its partners within advertising services only to users who have also shown an interest in our website or who have certain characteristics (e.g. interest in certain topics or products that are determined by the websites visited) that we transmit to Google (known as “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we would also like to ensure that our advertisements correspond to the potential interest of users.
Online social media presence
We maintain online presences on social networks and platforms in order to communicate with active customers, interested parties, and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.
Integration of third-party services and content
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation, and economic operation of our website within the meaning of art. 6 para. 1 lit. f. GDPR), we include content or service offerings from third parties so that we can incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always presupposes that the third-party providers of this content can see the IP address of users, since without the IP address they would not be able to send the content to the users’ browsers. The IP address is therefore necessary in order to display this content. We strive only to use content from providers who use the IP address only to deliver content and nothing else. Third-party providers may also use so-called pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. “Pixel tags” can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visiting time, and other information about the use of our website. It may also be linked to such information from other sources.