Data Protection Policy

 

  1. General

    1. We value protecting your personal data and believe it is important for you to inform yourself over the data we collect, how we use it, and what your options are. 

 

  1. Who is responsible for you data and who can I contact at GSBTB Open Music School and who can I contact if I have any questions about data protection?

    1. The GSBTB Open Music School is responsible for your data protection in relation to the GSBTB Open Music School. If you have any questions or concerns regarding the processing of your data, please feel free to contact us at anytime.

 

Contact:

Founder and Coordinator: Tom Young

Lenaustraße 3, 12047, Berlin

Contact: tom.young@gsbtb.org

 

    1. For any questions or inquiries that are sent via email or contact form, the user consents to the recognition of this information by establishing the first contact. This requires the specification of a valid email address and serves for the assignment of the request and the subsequent answering of the same. The specification of further data is optional. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions.

 

  1. Example of collected data:

    1. Inventory data (e.g. Name, Address)

    2. Contact data (e.g. Telephone number, E-Mail address)

    3. Content data (e.g. Videos, Photographs)

    4. User data (e.g. visited webpages)

    5. Meta/Communications data (e.g. IP Address, Device Information)

 

  1. Terms and Definitions

    1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

    2. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

    3. ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

    4. ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

    5. ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

    6. ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

 

 

  1. You have the right,

    1. to request information on categories of processed data, processing purposes, any recipients of the data, the planned storage duration (Art. 15 GDPR),

    2. to request the correction or addition of incorrect or incomplete data (Art. 16 GDPR);

    3. to withdraw a given consent at any time (Art. 7 (3) GDPR);

    4. to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, including profiling based on those provisions. (Art. 21 p.3 GDPR);

    5. to demand the deletion of data in certain cases pertaining to Art. 17 GDPR – especially if the data for the intended purpose is no longer required or processed unlawfully, or you consent to the above (c) revoke or disagree according to the above (d) explained;

    6. under certain circumstance, to request the restriction of data in the event where a deletion is not possible, for example when the deletion obligation is debatable (Art. 18 GDPR);

    7. in regards to data portability, i.e. you may receive your data provided to us in a common machine-readable format, such as CSV/resume and have the right to transfer it to others (Art. 20 GDPR);

    8. to file a complaint by the responsible authority over data processing. 

 

  1. Safety measures

    1. In accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk for the rights and freedoms of natural persons, we make suitable technical and organizational measures to ensure a level of protection appropriate to the risk.

    2. The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, forwarding, ensuring availability and their separation. In addition, we have set up procedures that ensure the exercise of data subject rights, deletion of data and reaction to data threats. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).

 

  1. Cooperation with processors and third parties

    1. If we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transmit them to them or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g. if the data is transmitted to third parties, such as to payment service providers, according to Art. 6 Para. 1 lit. b GDPR is required to fulfill the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

    2. If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.

 

  1. Cookies and right to object to direct mail

    1. "Cookies" are small files that are stored on the users' computers. Various information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, e.g. the contents of a shopping cart in an online shop or a login status can be saved. Cookies are referred to as "permanent" or "persistent" and remain stored even after the browser is closed. E.g. the login status can be saved if the user visits it after several days. The interests of users can also be stored in such a cookie, which are used for range measurement or marketing purposes. "Third-party cookies" are cookies that are offered by providers other than the person responsible for operating the online offer (otherwise, if they are only their cookies, they are referred to as "first-party cookies").

    2. We can use temporary and permanent cookies and clarify this in the context of our data protection declaration.

    3. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

    4. A general objection to the use of cookies used for online marketing purposes can be made for a large number of services, especially in the case of tracking, on the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/ explained. Furthermore, cookies can be saved by deactivating them in the browser settings. Please note that you may then not be able to use all the functions of this online offer.

 

  1. Deletion of Data

    1. The data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention requirements. If the data are not deleted because they are required for other legally permissible purposes, their processing will be restricted. I.e. the data will be blocked and not processed for other purposes. This applies e.g. for data that must be kept for commercial or tax reasons. 

    2. According to legal requirements in Germany, the storage takes place in particular for 10 years according to §§ 147 Abs. 1 AO, 257 Abs. 1 Nr. 1 and 4, Abs. 4 HGB (books, records, management reports, accounting documents, trading books, more relevant for taxation Documents, etc.) and 6 years according to § 257 Paragraph 1 No. 2 and 3, Paragraph 4 HGB (commercial letters).

 

  1. Contacting Us 

    1. When contacting us (e.g. via the contact form, email, telephone or via social media), the information provided by the user is used to process the contact request and to process it in accordance with. Art. 6 para. 1 lit. b. (within the framework of contractual / pre-contractual relationships), Art. 6 Para. 1 lit. f. (other inquiries) DSGVO processed. The user information can be stored in a customer relationship management system (“CRM system”) or a comparable inquiry organization.

 

    1. We delete the inquiries if they are no longer required. We review the requirement every two years; The statutory archiving obligations also apply.

 

  1. Newsletter

    1. With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter, you declare that you agree to the receipt and the procedures described.

    2. The newsletter is sent via the mailing service provider "MailChimp", a newsletter mailing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE # 5000, Atlanta, GA 30308, USA. You can view the data protection provisions of the shipping service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d / b / a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The shipping service provider is based on our legitimate interests in accordance with. Art. 6 para. 1 lit. f. GDPR and an order processing contract acc. Art. 28 para. 3 sentence 1 GDPR used.

    3. Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter “newsletter”) only with the consent of the recipient or with legal permission. If the content of the newsletter is specifically described when registering for the newsletter, it is decisive for the consent of the user. In addition, our newsletters contain information about our services and us.

    4. Double opt-in and logging: The registration for our newsletter takes place in a so-called double opt-in procedure. I.e. After registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that nobody can register with someone else's email address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation times as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

    5. Registration data: To register for the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name for the purpose of addressing you personally in the newsletter.

    6. The dispatch of the newsletter and the success measurement associated with it are based on the consent of the recipient in accordance with. Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with Section 7 Paragraph 2 No. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing acc. Art. 6 para. 1 according to f. GDPR in conjunction with Section 7 (3) UWG.

    7. The logging of the registration process is based on our legitimate interests in accordance with. Art. 6 para. 1 lit. f GDPR. Our interest is directed towards the use of a user-friendly and secure newsletter system that serves our business interests as well as the expectations of users and also allows us to prove consent.

    8. Cancellation / revocation - you can cancel the receipt of our newsletter at any time, i.e. Revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We can store the unsubscribed e-mail addresses up to three years based on our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.

 

  1. Hosting and e-mailing

    1. The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space

    2. and database services, email dispatch, security services and technical maintenance services that we use for the purpose of operating this online offer.

    3. We, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties and visitors to this online offer based on our legitimate interests in an efficient and secure provision of this online offer in accordance with. Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of an order processing contract).

 

  1. Online presence in social media

    1. We maintain an online presence within social networks and platforms in order to be able to communicate with the interested parties and active users and to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.

    2. Unless otherwise stated in our data protection declaration, we process user data provided that they communicate with us within social networks and platforms, e.g. Write articles on our online presence or send us messages.

 

  1. Video Platforms

    1. We can integrate the videos of the platform “Vimeo” from the provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Data protection declaration: https://vimeo.com/privacy. We point out that Vimeo can use Google Analytics and refer to the data protection declaration (https://www.google.com/policies/privacy) and opt-out options for Google Analytics (http://tools.google .com / dlpage / gaoptout? hl = de) or the Google settings for data usage for marketing purposes (https://adssettings.google.com/.).

    2. We embed the videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

  1. Social Media

    1. On the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. GDPR), we use social plugins (“plugins”) from the social network facebook and instagram.

    2. If a user is a Facebook member and does not want Facebook to collect data about him through this online offer and link it to his member data stored on Facebook, he must log out of Facebook before using our online offer and delete his cookies. Further settings and contradictions to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info / choices / or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices such as desktop computers or mobile devices.

    3. Functions and contents of the Instagram service, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, can be integrated into our online offer. For this purpose, e.g. Contents such as images, videos or texts and buttons belong with which users can share contents of this online offer within Instagram. If the users are members of the Instagram platform, Instagram can call the o.g. Assign content and functions to the profiles of the users there. Instagram privacy policy: http://instagram.com/about/legal/privacy/.