1) Introduction and Contact Details of the Controller
1.1 We are pleased that you are visiting our website or using our application (hereinafter "App") and thank you for your interest. Below we inform you about the handling of your personal data when using our website and our App. Personal data is all data with which you can be personally identified.
1.2 The controller responsible for data processing on this website or regarding this App within the meaning of the General Data Protection Regulation (GDPR) is: Michael Krymarys, Online Marketing & Audio Services, Koopstraße 19, 20144 Hamburg, Germany, Email: support (at) audio.tips. The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
2) Data Collection upon Visit and Use
2.1 Data collection when visiting our website (server log files)
In the case of merely informative use of our website, i.e., if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the page server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently if there are concrete indications of illegal use.
2.2 Log files when using our mobile App
When you download our mobile App via an app store, the required information is transferred to the app store, in particular the username, email address, and customer number of your account, the time of the download, payment information, and the individual device identification number. We have no influence on this data collection and are not responsible for it. We only process the data insofar as it is necessary for downloading the mobile App to your mobile device.
When using our mobile App, we collect the personal data described below to enable the comfortable use of its functions. We collect the following data, which is technically necessary for us to offer you the functions of our mobile App and to ensure stability and security:
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request
Access status / HTTP status code
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Language and version of the browser software
Operating system used and its interface
IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our App. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the aforementioned log files if there are concrete indications of illegal use. Furthermore, we require your unique device number (IMEI = International Mobile Equipment Identity), unique network subscriber number (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), possibly MAC address for WLAN usage, and the name of your mobile device.
2.3 SSL or TLS encryption
For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website and our App use SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.
3) Single Sign-On Procedures
3.1 Google Sign-In
In our App as well as on our website, we provide a single sign-on function from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. In addition to transmitting data to the aforementioned provider location, data may also be transmitted to: Google LLC, USA.
If you have an account with the provider, you can log in with these account data to create a user account or to register. When visiting this site, this login function can establish a direct connection between your browser and the provider's servers, even if you do not have an account with the provider or are not logged into one. The provider thereby receives the information that you have visited our site. The information collected in this respect (possibly including your IP address) is transmitted directly by your browser to a server of the provider and stored there. However, the information is not used to personally identify you and is not passed on to third parties.
These data processing operations are carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in a user-friendly and interactive design of our online presence. If you click the login button to register, the provider will transmit to us the general and publicly accessible information stored in your account (user ID, name, address, email address, age, and gender) exclusively on the basis of your explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR. We store and use this data to set up a user account (salutation, first name, last name, address data, country, email address, date of birth), provided you have released them. Conversely, data (e.g., information about your browsing or purchasing behavior) can be transferred by us to your account with the provider based on your consent. The consent given can be revoked at any time with effect for the future. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework. Further information is available at: https://business.safety.google/intl/de/privacy/.
4) Hosting & Content Delivery Network
4.1 Shopify
For hosting our website and displaying the page content, we use the system of: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada. All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement that ensures the protection of data and prohibits unauthorized disclosure to third parties. In the event of data transfer to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.
4.2 Firebase Cloud Storage
We use the web hosting service "Firebase Cloud Storage" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") for the purpose of hosting and displaying App content. All data collected in the App is processed on Google's servers. Data may be transmitted to servers of Google LLC in the USA. We have concluded a data processing agreement. For transmission to the USA, there is an affiliation with the EU-US Data Privacy Framework. Further information: https://firebase.google.com/support/privacy.
4.3 Supabase
We use the web hosting service "Supabase" of Supabase, Inc., 970 Toa Payoh North #07-04, Singapore 318992, Singapore, for the purpose of hosting and displaying App content. All data collected in our App is processed on Supabase servers, which are located exclusively within the European Union. We have concluded a data processing agreement. Further information: https://supabase.com/privacy.
4.4 Cloudflare
We use a Content Delivery Network from: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA. This service enables us to deliver large media files such as graphics, page content, or scripts faster via a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website or App in accordance with Art. 6 Para. 1 lit. f GDPR. We have concluded a data processing agreement. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework.
5) Cookies
To make visiting our website or using our App attractive and to enable certain functions, we use cookies (small text files that are stored on your device).
Session cookies: These are automatically deleted after closing the browser or the App.
Persistent cookies: These remain on your device for longer and enable the saving of page settings or the recognition of the user. They are deleted automatically after a specified duration.
Insofar as personal data (such as browser data, location data, or IP addresses) are also processed by individual cookies, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR for the execution of the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the case of consent, or in accordance with Art. 6 Para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality and a customer-friendly design of the page visit or App use.
You can configure your browser or mobile operating system so that you are informed about the setting of cookies and individually decide on their acceptance or generally exclude their acceptance. Please note that if you do not accept cookies, the functionality of our website or App may be restricted.
6) Registration, Customer Account & Location Data
6.1 Registration on the website
You can register on our website by providing personal data. Which personal data are processed for registration is determined by the input mask used for registration. We use the so-called double opt-in procedure for registration, i.e., your registration is only completed when you have previously confirmed your registration via a confirmation email sent to you for this purpose by clicking on the link contained therein. If your confirmation in this regard is not made within 24 hours, your registration will be automatically deleted from our database. The provision of the aforementioned data is mandatory. You can provide all further information voluntarily by using our portal. When you use our portal, we store the data required for the fulfillment of the contract, including any details regarding the method of payment, until you permanently delete your access. Furthermore, we store the voluntary data you provided for the duration of your use of the portal, unless you delete it beforehand. You can manage and change all information in the protected customer area. The legal basis is Art. 6 Para. 1 lit. f GDPR. In addition, we store all content published by you (such as public posts, wall entries, guestbook entries, etc.) in order to operate the website. We have a legitimate interest in providing the website with complete user-generated content. The legal basis for this is Art. 6 Para. 1 lit. f GDPR. If you delete your account, your public statements, especially in the forum, will remain visible to all readers, but your account will no longer be accessible. All other data will be deleted in this case.
6.2 Opening a customer account
In accordance with Art. 6 Para. 1 lit. b GDPR, personal data will continue to be collected and processed to the required extent if you provide them to us when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website. Deletion of your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the controller. After deletion of your customer account, your data will be deleted, provided that all contracts concluded through it have been fully processed, no statutory retention periods conflict with this, and we have no continuing legitimate interest in further storage. In the App, personal data will continue to be collected and processed in accordance with Art. 6 Para. 1 lit. b GDPR if you provide them to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. We store and use the data provided by you for contract processing. After complete processing of the contract or deletion of your customer account, your data will be blocked with respect to tax and commercial retention periods and deleted after expiration of these periods, unless you have expressly consented to further use of your data or a legally permitted further data usage has been reserved on our part.
6.3 Collection of location data
Our offer includes so-called Location Based Services, with which we offer you special deals tailored to your respective location. You can only use this function after you have agreed via a pop-up that we may collect your location data via GPS and your IP address in anonymized form for the purpose of providing the service. You can allow or revoke this function at any time in the settings of the App or your mobile operating system. Your location is only transmitted to us if you use functions while using the App that we can only offer you if we know your location.
7) Data Processing for Handling Donations & Contacting Us
7.1 Handling of donations
For the processing of donations that you may send to us, we generally process the following personal data: first and last name, address, email address. Your data will be stored by us together with the information on the donation amount, donation frequency, and donation purpose and kept for ten years. Depending on the selected payment method, the above-mentioned data will also be forwarded to the payment service provider you have selected for the donation and processed there exclusively and only as far as necessary for the processing of your donation. The above-mentioned processing operations are carried out on the basis of Art. 6 Para. 1 lit. b GDPR and serve exclusively to properly execute and account for your donation payment. The storage over a period of 10 years is based on Art. 6 Para. 1 lit. c GDPR in conjunction with § 147 AO (German Fiscal Code), according to which we are subject to a corresponding retention obligation regarding the business transaction.
7.2 Contacting us
Personal data is collected when you contact us (e.g., via contact form or email). The data collected in the case of using a contact form can be seen from the respective contact form in the App or on the website. This data is stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. In the online shop, processing takes place exclusively for the purpose of processing and answering your request and only to the extent necessary for this. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted after final processing of your inquiry. This is the case if it can be inferred from the circumstances that the matter in question has been finally clarified and provided there are no conflicting statutory retention obligations.
8) Comment Function
As part of the comment function on this website as well as in the App, information on the time of the creation of the comment and the commentator name you selected will be stored and published in addition to your comment. Furthermore, your IP address is logged and stored. This storage of the IP address is done for security reasons and in case the person concerned violates the rights of third parties or posts illegal content through a submitted comment. We need your email address to contact you if a third party should object to your published content as illegal. The legal bases for the storage of your data are Art. 6 Para. 1 lit. b and f GDPR. We reserve the right to delete comments if they are objected to by third parties as illegal.
Follow-up comments can be subscribed to by you as a user. You will receive a confirmation email for this purpose to ensure that you are the owner of the specified email address (double opt-in procedure). The legal basis for data processing in the case of subscribing to comments is Art. 6 Para. 1 lit. a GDPR. You can cancel ongoing comment subscriptions at any time with effect for the future; for further information on the cancellation option, please refer to the confirmation email.
9) Use of Customer Data for Direct Marketing & Order Processing
9.1 Registration for the email newsletter
If you register for our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. The provision of further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an email newsletter after you have explicitly confirmed your consent by clicking on a verification link sent to the specified email address. By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. Upon registration, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace a possible misuse of your email address at a later point in time. The collected data is used strictly for the purpose of promotional approach. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller. After unsubscription, your email address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use or we reserve the right to use data beyond this, which is permitted by law.
9.2 Sending the newsletter to existing customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by email. In accordance with Section 7 Para. 3 UWG (German Unfair Competition Act), we do not need to obtain separate consent from you for this. The data processing takes place solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 Para. 1 lit. f GDPR. If you initially objected to the use of your email address, an email will not be sent. You are entitled to object to the use at any time with effect for the future by notifying the controller. Only transmission costs according to the basic rates apply for this. Upon receipt of your objection, the use will be stopped immediately.
9.3 Shopping cart reminders via email
If you abandon your purchase before completing the order, you have the option of being reminded once of the content of your virtual shopping cart via email. The only mandatory information is your email address; further data is voluntary. We use the double opt-in procedure for sending these emails. By activating the confirmation link, you give us your consent in accordance with Art. 6 Para. 1 lit. a GDPR. We store the IP address, date, and time of registration. Data is used strictly for this specific purpose. Unsubscribing is possible at any time by sending a message to the controller. After unsubscription, the email address will be deleted from the distribution list immediately.
9.4 Newsletter service providers
Sending takes place via the following providers:
MailChimp: The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
SendGrid: SendGrid Inc., 1801 California St #500, Denver, CO 80202, USA.
Shopify Email: Shopify International Limited, Dublin, Ireland; data transfer also to Shopify Inc., Canada.
The transfer takes place in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in effective marketing. Subject to your explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR, the providers conduct statistical success evaluations using web beacons or tracking pixels (opening rates, interactions, IP address, browser type, operating system). Tracking consents can be revoked at any time. We have concluded data processing agreements. For the USA, there is an affiliation with the EU-US Data Privacy Framework; for Canada, an adequacy decision is in place.
10) Online Marketing, Order Processing & Payment Services
10.1 Order processing
Insofar as necessary for the processing of the contract for delivery and payment purposes, the collected data will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b GDPR. If we owe you updates for goods with digital elements or digital products, we process your contact details in accordance with Art. 6 Para. 1 lit. c GDPR to fulfill our statutory information obligations.
SendOwl: We use SendOwl, London, United Kingdom, for order processing. Name, address, and other data are forwarded exclusively for processing the online order in accordance with Art. 6 Para. 1 lit. b GDPR. An adequate level of data protection is ensured by an adequacy decision of the EU Commission.
10.2 Online marketing tools
HubSpot: We use the marketing service of HubSpot Ireland Ltd., Dublin. It enables automated marketing, channel management, success analysis, and email marketing. Cookies are used (IP address, location, time). Processing only takes place with explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR. Revocation is possible via the cookie consent tool. A data processing agreement has been concluded.
Affiliate programs: We participate in affiliate programs of Amazon EU S.a.r.l., Apple Inc., AWIN AG, belboon GmbH, Sunlab GmbH (Clickfire), MUSIC STORE professional GmbH, and Rakuten Marketing France SAS. To measure success, evaluate orders, and calculate commissions, cookies/technologies are used on the partner sites, for which we are not responsible under data protection law. The processing of the IP address and device information on our site only takes place with consent in accordance with Art. 6 Para. 1 lit. a GDPR. Revocation is possible via the partner sites. Apple Music uses standard contractual clauses for the USA.
10.3 Payment service providers
For all described transmissions to payment services, processing takes place in accordance with Art. 6 Para. 1 lit. b GDPR.
Apple Pay: Processing via the Apple Pay function (Face ID/Touch ID required). Data is transmitted encrypted to Apple and then to the card issuer. Apple retains anonymized transaction data for product improvement.
Coinbase Commerce: Toshi Holdings Pte. Ltd., Singapore. Only transaction-inherent information is stored on the blockchain for processing; personal data is generally not transmitted. Standard contractual clauses are used.
Google Pay: Processing via the app (NFC required). Google transmits a one-time transaction number (token). Google reserves the right to store transaction-specific information (date, amount, merchant) in accordance with Art. 6 Para. 1 lit. f GDPR.
Klarna / PayPal / Stripe: In the case of advance performance (e.g., credit card), the data is forwarded for payment processing. For payment methods where the provider makes advance performance (e.g., purchase on account / installment purchase), a credit check is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in determining solvency. Score values (mathematical-statistical methods including address data) may be used for this. You can object to the processing at any time, although the provider may remain entitled to do so if necessary for contract processing.
PayPal Checkout: Uses PayPal's own and local methods (Apple Pay, Google Pay, iDeal, bancontact, blik, eps, MyBank, Przelewy24). In the case of purchase on account, data is passed on to Ratepay GmbH, Berlin.
Shopify Payments: Processing via Shopify International Limited, Dublin.
11) Web Analysis Services
Google (Universal) Analytics
This website or App uses Google (Universal) Analytics, a web analysis service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website or App. By default, when you visit the website or App, Google (Universal) Analytics sets cookies, which are stored as small text blocks on your device and collect certain information. The scope of this information also includes your IP address, which is, however, shortened by Google by the last digits to exclude any direct personal reference. The information is transmitted to Google servers and processed there; transmissions to Google LLC based in the USA are also possible.
Google uses the collected information on our behalf to evaluate your use of the website or App, to compile reports on activities for us, and to provide other services related to the use. The shortened IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data. The collected data is stored for a period of two months and then deleted.
All processing described above, in particular the setting of cookies, only takes place if you have given us your explicit consent for this in accordance with Art. 6 Para. 1 lit. a GDPR. Without your consent, Google (Universal) Analytics will not be used during your visit. You can revoke your consent at any time with effect for the future by deactivating this service via the provided "Cookie Consent Tool". We have concluded a data processing agreement with Google.
Special functions of Google Analytics:
Demographic characteristics: Google (Universal) Analytics uses the special "demographic characteristics" function and can use it to compile statistics that make statements about the age, gender, and interests of site visitors by analyzing advertising and information from third-party providers. The data cannot be assigned to a specific person and is deleted after two months.
Google Signals: As an extension, Google Signals can be used to generate cross-device reports. If personalized ads are activated and devices are linked to your Google account, Google can analyze your usage behavior across devices and create database models. We only receive statistics, no personal data. Deactivation is possible in the settings of your Google account under "Personalized ads".
UserIDs: The "UserIDs" function can be used as a further extension. If you have consented, created an account, and log in on different devices, activities and conversions can be analyzed across devices.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework. Further information can be found at: https://business.safety.google/intl/en/privacy/, https://policies.google.com/privacy, and https://policies.google.com/technologies/partner-sites.
12) Page and App Functionalities
12.1 Video and music services
YouTube: This website uses plugins to display and play videos from Google Ireland Limited, Dublin, Ireland. Data may also be transmitted to: Google LLC, USA. When calling up a page with a plugin or when playing a video, a connection to the servers is established and IP addresses are transmitted. Cookies are set for user behavior, statistics, and abuse prevention. If you are logged in, data is assigned directly to your account; to prevent this, you must log out beforehand. Processing only takes place with consent in accordance with Art. 6 Para. 1 lit. a GDPR.
Apple Music: Integration of functionalities of Apple Distribution International, Cork, Ireland. A direct connection is established between the browser and servers; information (including IP address) is transmitted, but not used for personal identification. If played while logged in, it is assigned to the Apple account. The legal basis is Art. 6 Para. 1 lit. f GDPR (legitimate interest in an appealing acoustic design).
SoundCloud: Provider: SoundCloud Global Limited & Co. KG, Rheinsberger Str. 76/77, 10115 Berlin, Germany. Functionality and data processing analogous to Apple Music on the basis of Art. 6 Para. 1 lit. f GDPR.
Spotify: Provider: Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. Functionality and data processing analogous to Apple Music on the basis of Art. 6 Para. 1 lit. f GDPR.
TIDAL: Provider: TIDAL Music AS, Lakkegata 53, 0187 Oslo, Norway. Functionality and data processing analogous to Apple Music on the basis of Art. 6 Para. 1 lit. f GDPR.
Right to object (music services): You can object to the loading of the functions with add-ons such as "NoScript".
12.2 Single Sign-On procedures
Apple Single Sign-On: Provider: Apple Distribution International, Cork, Ireland. Data processing in accordance with Art. 6 Para. 1 lit. f GDPR (user-friendly design). Upon registration, account information (user ID, name, address, email address, age, gender) is transmitted to us on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). We use this to set up the user account.
12.3 Further services & security
Supabase: To verify registration and login attempts, we use Supabase, Inc., 548 Market St, San Francisco, CA 94104, USA. Based on our legitimate interest in data security (Art. 6 Para. 1 lit. f GDPR), login data (email, username, password) is transmitted for authentication. A data processing agreement and standard contractual clauses are in place. In the App, users can create their own image material. Storage takes place on the basis of our legitimate interest in resource-saving management in accordance with Art. 6 Para. 1 lit. f GDPR.
Google Web Fonts: To ensure the uniform display of fonts, Web Fonts from Google Ireland Limited are used. The browser loads required fonts into the cache and transmits browser information including the IP address to Google in Ireland or the USA. Processing only takes place with explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR.
hCaptcha: We use the service of Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA. It checks for natural persons and blocks spam/bots. The IP address, recognition data of the browser/operating system, and duration of the visit are collected. The legal basis is Art. 6 Para. 1 lit. f GDPR.
Google reCAPTCHA: Provider: Google Ireland Limited. Checks for abusive automated processing. Collection of IP address and device data. If cookies are used, the legal basis is consent (Art. 6 Para. 1 lit. a GDPR), otherwise legitimate interest (Art. 6 Para. 1 lit. f GDPR).
Typeform: For surveys and online forms, we use TYPEFORM SL, Barcelona, Spain. In addition to form entries, the operating system, browser, date/time, and IP address are collected and stored password-protected. The legal basis is Art. 6 Para. 1 lit. b GDPR (fulfillment of contract) or Art. 6 Para. 1 lit. a GDPR (consent).
13) Tools and Miscellaneous
13.1 Cookie consent tool
We use a tool to obtain valid user consent for cookies that require consent. It displays an interactive user interface for checking boxes. Corresponding services are only loaded if consent is given. The tool sets technically necessary cookies to save preferences. The legal basis is Art. 6 Para. 1 lit. f GDPR and Art. 6 Para. 1 lit. c GDPR (legal obligation for consent management).
13.2 Cloudflare
To ward off cyberattacks, viruses, and malware, we use Cloudflare Inc., USA. IP addresses and user behavior (URLs, headers) are recorded and compared with lists of known attackers in order to automatically block access if necessary. The legal basis is Art. 6 Para. 1 lit. f GDPR (protection of website integrity).
14) Rights of the Data Subject
14.1 Comprehensive rights of data subjects
Applicable data protection law grants you comprehensive rights regarding the controller:
Right of access (Art. 15 GDPR): Right to information about processed data, purposes, categories, recipients, storage duration, origin of the data, and the existence of automated decision-making.
Right to rectification (Art. 16 GDPR): Immediate correction of incorrect data or completion of incomplete data.
Right to erasure (Art. 17 GDPR): Right to deletion if the requirements are met, provided that processing is not necessary for exercising the right of freedom of expression, fulfilling legal obligations, or legal claims.
Right to restriction of processing (Art. 18 GDPR): When disputing accuracy, in cases of unlawful processing, assertion of legal claims, or while an objection is being examined.
Right to notification (Art. 19 GDPR): The controller communicates corrections/deletions to all recipients; you have a right to be informed about these recipients.
Right to data portability (Art. 20 GDPR): Receipt of data in a structured, machine-readable format or transmission to other controllers.
Right to withdraw consent (Art. 7 Para. 3 GDPR): Revocation of consent once given at any time with effect for the future.
Right to lodge a complaint (Art. 77 GDPR): Complaint to a supervisory authority (member state of residence, place of work, or place of the infringement).
14.2 Right to Object
If we process your personal data based on our overriding legitimate interest, you have the right at any time, for reasons arising from your particular situation, to object to this processing. If you exercise this right, we will terminate the processing unless there are compelling legitimate grounds for the processing or the processing serves the establishment, exercise, or defense of legal claims. In the case of direct advertising, you have the right to object at any time without special reasons.
15) Duration of Storage of Personal Data
The duration is measured according to the respective legal basis, the purpose of processing, and, if applicable, statutory retention periods (e.g., commercial and tax law).
With consent (Art. 6 Para. 1 lit. a GDPR): Storage until revocation.
For a contract / pre-contract (Art. 6 Para. 1 lit. b GDPR): Deletion after expiration of retention periods, provided it is no longer necessary for the fulfillment of the contract or there is no legitimate interest in further storage.
In the case of legitimate interest (Art. 6 Para. 1 lit. f GDPR): Storage until objection, unless there are compelling reasons.
For direct marketing (Art. 6 Para. 1 lit. f GDPR): Storage until objection in accordance with Art. 21 Para. 2 GDPR. Unless otherwise stated, deletion occurs when the data is no longer necessary for its purposes.
