Privacy Policy

1. The Controller

Name and address of the controller
The controller, within the meaning of the General Data Protection Regulation and other national data protection laws of the member states and provisions pertaining to data protection, is:

Mica Media GmbH
Brandenburgische Strasse 55A
10707 Berlin
Email: mail@micaelaschaefer.de
Web: www.micaela-s.de

2. Definitions
This Privacy Policy uses terms which were used by the European regulator upon the enactment of the EU General Data Protection Regulation (hereinafter referred to as "GDPR"). This Privacy Policy should be easy to read and understand. To ensure this, important terms are explained below:

2.1 Personal data means all information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). An identifiable natural person is anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2 Data subject means any identified or identifiable natural person whose personal data is processed by the controller.

2.3 Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.4 Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

2.5 Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

2.6 The controller or the person responsible for processing means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

2.7 A processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

2.8 The recipient means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.

2.9 Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

2.10 Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. Provision of the website and creation of log files
When using the website for informational purposes only, that is, if you do not register or otherwise provide us with information, we automatically collect the following data and information each time the website is accessed from the computer system of the computer used to access the website:

• Your IP address in case of failed login to email client
Data is stored in the log files of our server. This data is not stored together with any other personal data pertaining to the user.
Use of this general data and information does not allow us to draw any conclusions about the data subject. The data is only evaluated statistically.
The legal basis for temporary storage of log files is Art. 6(1)(f) GDPR.
The temporary storge of data by the system is necessary to ensure the functionality of our information technology systems and the technology of our website. These purposes also encompass our legitimate interest in data processing in accordance with Article 6(1)(f) GDPR.
Data will be deleted as soon as it is no longer needed to achieve its purpose – in this case at the end of the usage process.
Where data is stored in log files, it will be deleted after seven days at the latest. Further storage is possible. In this case, IP addresses will be deleted or anonymised in such a way that they can no longer be attributed to the accessing client.
Collection of data for the provision of the website and the storage of data in log files is imperative for the operation of the website, so there is no opt-out.

4. Use of cookies

Privacy policy on the use and application of Facebook Conversions API

We use Facebook Conversions API on our website, a server-side event tracking tool. The service provider is the American company Meta Platforms Inc. Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European region.

Facebook also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the legality and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, Facebook uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Facebook's data processing terms and conditions, which correspond to the standard contractual clauses, can be found at: https://www.facebook.com/legal/terms/dataprocessing

You can learn more about the data processed through the use of Facebook Conversions API in the Privacy Policy on https://www.facebook.com/about/privacy

Privacy policy on the use and application of Facebook Pixel

We use on this website the Facebook Pixel from Facebook, a social media network of the company Meta-Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

The code implemented on this page can evaluate the behavior of visitors who have arrived at this website from a Facebook advertisement. This can be used to improve Facebook ads and this data is collected and stored by Facebook. The collected data is not visible to us, but can only be used in the context of ad placements. Cookies are also set through the use of the Facebook Pixel code.

By using the Facebook pixel, the visit to this website is communicated to Facebook so that visitors can see suitable ads on Facebook. If you have a Facebook account and are logged in, the visit to this website will be assigned to your Facebook user account.

The legal basis for the use of the Facebook pixel is Art. 6 para. 1 lit. f DSGVO.

You can find out how the Facebook pixel is used for advertising campaigns at https://www.facebook.com/business/learn/facebook-ads-pixel.

You can change your settings for advertisements in Facebook at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen provided you are logged into Facebook.

You can manage your preferences regarding usage-based online advertising at http://www.youronlinechoices.com/de/praferenzmanagement/. You can disable or enable many providers at once there, or set preferences for individual providers.

More information about Facebook's data policy can be found at https://www.facebook.com/policy.php.

Transfer to third countries
USA - See above explanations regarding Webtrends, Google Analytics and the FACEBOOK pixel.

Storage period
Facebook pixel: 180 days

5. Booking form and emails
There is a booking form on our website which can be used for electronic contact. If you make use of this option, the data entered in the input screen will be sent to us and stored. This data is:
• E-mail address
• Message
• Name
• Telephone number

The following data is also stored at the time of sending the message:
• IP address of the user
• Date and time of registration
During the dispatch process, your consent is obtained for the processing of data and reference is made to this Privacy Policy.
You are welcome to contact us by email. In this case, your personal data that is transmitted along with the email will be stored. If this includes information about communication channels (e.g. email address, telephone number), you also agree that we may contact you via this communication channel in order to respond to your request. Such data will not be disclosed to third parties in this context. This data will be used exclusively to respond to your enquiry.
The legal basis for processing the data, if the user's consent to this has been obtained, is Art 6(1)(f) GDPR. If the purpose of contact is to conclude a contract, then an additional legal basis for the processing is Art 6(1)(b) GDPR.
We only process personal data provided in input forms to process the contact request. The data from your email enquiries will of course only be used for the purpose for which you made it available to us when contacting us. The other personal data processed during the sending process helps prevent misuse of the input form and to ensure the security of our information technology systems. This is also our legitimate interest in data processing.
Data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data that was taken from the input form for bookings and data that was sent by email, this is the case when the respective conversation with the user has been completed. The conversation is considered to have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved. Personal data that was additionally collected during the transmission procedure will be deleted within seven days at the latest. If e-mail contact relates to the completion of a contract, data will be deleted after expiry of the statutory (commercial or tax) storage periods required for this.
You have the option at any time to object to the processing of the e-mail and the request. If you exercise this right, it will not be possible to continue our conversation. To do this, please contact the controller in accordance with Section 1.

6. Newsletter

With your consent, you can subscribe to our free newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent. For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the specified e-mail address, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

If you purchase goods or services from us and provide us with your e-mail address, we may subsequently use it to send you a newsletter. In such a case, the newsletter is used exclusively for direct advertising for our own similar goods or services.

The only mandatory data for sending the newsletter is your e-mail address. The provision of further data (name) is voluntary and will be used to address you personally.

The information will be stored as long as you have subscribed to the newsletter.
The legal basis for the processing of the data after the user has subscribed to the newsletter is Art. 6 para. 1 p. 1 lit. a) DSGVO if consent has been given. The legal basis for sending the newsletter on the basis of the customer relationship is Art. 7 (3) UWG. The use of the dispatch service provider, performance of statistical surveys and analyses as well as logging of the registration process, are carried out on the basis of our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f) DSGVO.

The collection of the user's e-mail address is used to deliver the newsletter.
The collection of other personal data (IP address, time of registration/confirmation) during the registration process serves to prevent misuse of the services or the e-mail address used.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, your e-mail address and other personal data will be stored as long as the subscription to the newsletter is active.

The other personal data collected during the registration process (IP address, time of registration/confirmation) are usually deleted after a period of seven days.

You can cancel the receipt of our newsletter at any time and thus revoke your consent by clicking on the "Unsubscribe Newsletter" field in our newsletter unsubscribe or by sending us an e-mail to e-mail or a message to the contact details provided in the imprint.

This also enables revocation of consent to the storage of personal data collected during the registration process (IP address, time of registration/confirmation, other data).
With revocation of the newsletter, we simultaneously delete your data in the system of the newsletter service provider.

6.1 Provider Brevo

You can register for our newsletter free of charge on our website. In order for this to work, we use the email delivery service Brevo for our newsletter. This is a service of the German company Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (formerly Newsletter2Go). Among other things, Brevo is an email marketing tool that allows us to send you customized newsletters. With Brevo, we don't have to install anything and can still draw from a pool of really useful features. Below, we will go into more detail about Brevo's email marketing service and inform you about the most important privacy-related aspects.

The newsletter service also offers us helpful analysis options. This means that when we send out a newsletter, we learn, for example, whether and when the newsletter was opened by you. Also whether and on which link you click in the newsletter is detected and recorded by the software. This information helps enormously to adapt and optimize our service to your wishes and concerns. After all, we naturally want to offer you the best possible service. So, in addition to the data already mentioned above, such data about your user behavior is also stored.

We are of course very pleased if you subscribe to our newsletter. This way we can always keep you up to date and inform you first hand about what is going on in our company. However, you should know that during the newsletter registration process, all the data you enter (such as your e-mail address or your first and last name) is stored and managed on our server and at Brevo. This also involves personal data. For example, in addition to the time and date of registration, your IP address is also stored. In the course of registration, you also agree that we can send you the newsletter and it is further referred to this privacy policy. Furthermore, data such as click behavior in the newsletter may also be processed.

The data for the newsletter tool is stored on servers in Germany. The collected data that make you identifiable as a person (i.e. personal data) will be deleted by Brevo in principle no later than two years after the termination of the contractual relationship with us. However, you can also request the deletion of your data individually at any time. Requests will be processed within 30 days. Data that we collect and send to Brevo will be deleted by us as soon as you unsubscribe from our newsletter.

You have the option to cancel your newsletter subscription at any time. All you have to do is revoke your consent to the newsletter subscription. This usually takes only a few seconds or one or two clicks. Most of the time, you will find a link to cancel your newsletter subscription right at the end of each email. If you really can't find the link in the newsletter, please contact us by mail and we will cancel your newsletter subscription immediately. After unsubscribing, the personal data will be deleted from our server and from the Brevo servers, which are located in Germany. You have a right to free information about your stored data and, if applicable, also a right to deletion, blocking or correction.

The sending of our newsletter by Brevo is based on your consent (Article 6 (1) a DSGVO). This means that we may only send you a newsletter if you have actively registered for it beforehand. If consent is not required, then the newsletter is sent on the basis of legitimate interest in direct marketing (Article 6 (1) (f) DSGVO), provided this is legally permitted. We record your registration process so that we can always prove that it complies with our laws.

If you wish to obtain more detailed information on data processing, we recommend that you consult the company's privacy policy at https://www.brevo.com/de/legal/privacypolicy/?tid=331687441749.

7. SSL encryption
Our website uses SSL encryption if confidential or personal data is transmitted. This encryption is used, for example, for payment transactions and enquiries to us via this website. You need to monitor your own computer to ensure that this encryption is actually active. Encryption status can be monitored in the browser, which changes from “http: //” to https: // where encryption is active. When encryption is active, your data cannot be read by third parties. If encryption is not active, please contact us confidentially via another contact option.

8. Purchases and bookings
If you would like to order from our online shop, you will need to provide your personal data which we need to complete your order and conclude the contract. The information required for processing the contract is marked separately; any additional information is optional. Data is entered into an input screen, transmitted to us, and then stored. The following data is collected for ordering via the online shop:
• IP address
• Date and time of order
• Name
• Address (possibly different delivery address)
• Email address
• Phone number
Data is only sent to third parties where is this is necessary for the purpose of the contract or for accounting purposes and/or for the collection of the payment, or you have expressly consented to this. In this regard, we only pass on the data required in each case. The data recipients are
• the respective delivery/dispatch company when dispatching goods (forwarding of name and address)
• collection companies/lawyers, insofar as the payment must be collected (forwarding of name, address, order details)
• credit agencies to verify identity to check for creditworthiness (forwarding of name, address, date of birth, etc.). In this case, data is only sent if advance payments for orders are made (e.g. purchase on account). Further information can be obtained from Klarna.
• Payment service providers – depending on the choice of means of payment
• Tax consultants
• Management
• When booking for live events, the organisers, unless the booking is made directly by the organiser
• The service providers who are responsible for us within the framework of order processing contracts: e.g. hosting service providers, All-Inkl, Strato, 1&1
• Other recipients such as Sendcloud, Shopify, DHL, HERMES, UPS
You can voluntarily create a customer account for the online shop through which we can store your data for future purchases. When you create an account under "My account", the data you provide will be stored revocably.
The legal basis is Art. 6(1)(b) GDPR. With regard to voluntary data, the legal basis for the processing of the data is Article 6(1)(a) GDPR.
The data collected is needed to fulfil the contract with you (for sending goods and confirming the content of the contract). We therefore use the data to answer your enquiries, process your order, and if necessary to check the creditworthiness or recovery of a claim and for the purpose of technical administration of the website. The voluntary information is provided to prevent misuse and, if necessary, to clarify criminal offences. We may also process the data you provide in order to inform you of other interesting products from our own portfolio or to send you emails containing information.
Data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. We are obliged by commercial and tax law to store your address, payment, and order details for a period of ten years after implementation of the contract. However, after 5 years we limit the processing of your data, that is, your data will only be used to comply with legal obligations. If there is a continuing obligation between ourselves and you, we store the data for the entire term of the contract and for ten years thereafter (see above). With regard to data provided voluntarily, we will delete the data at the end of 5 years after implementation of the contract, unless another contract is concluded with you during this period.
If the data is required to fulfil or set up a contractual relationship with you, premature erasure of data is only possible insofar as contractual or legal obligations do not preclude erasure. You are otherwise free to have personal data provided during registration deleted in its entirety from the database of the controller in accordance with Section 1. With regard to data provided voluntarily, you can declare your revocation to the controller at any time in accordance with Section 1. In this case, the data you have provided voluntarily will be deleted immediately.

9. Payment services

9.1 PayPal
We have integrated PayPal features on this website. PayPal is an online payment service provider. Payments are processed via virtual private or business accounts. In addition, PayPal offers the option of processing virtual payments via credit card, if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and provides buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If you select "PayPal" as the payment option during the order process in our online shop, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transmission of personal data required for payment processing.
The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data necessary for payment processing. Personal data related to the respective order is also necessary for the processing of the purchase contract.
The transmission of data is intended for payment processing and fraud prevention. In particular, we will transmit personal data to PayPal if there is a legitimate interest for the transmission.
PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfil contractual obligations or for data to be processed on its behalf.
The data subject has the opportunity to withdraw consent to the handling of personal data at any time by contacting PayPal. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.
The applicable data protection regulations of PayPal can be accessed at https://www.paypal.com/de/webapps/mpp/ua/privacy-full .

9.2 Klarna
We have integrated Klarna features on our website. Klarna is an online payment service provider that allows you to purchase on account or pay in flexible instalments. In addition, Klarna offers other services such as buyer protection and identity and credit checks. If you select either "purchase on account" or "instalment purchase" as the payment option during the booking process, your data will be automatically transmitted to Klarna. By selecting one of these payment options, you consent to the transmission of your personal data necessary for processing the purchase on account or instalments, or for identity and credit checks. The operating company of Klarna is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden. Personal data transmitted to Klarna is usually:
• Name
• Address
• Date of birth
• Gender
• Email address
• IP address
• Telephone number and
• if applicable, other data necessary to process an invoice or instalment purchase.
Personal data related to the respective order is also necessary for the processing of the purchase contract. In particular, there may be a reciprocal exchange of payment information, such as bank details, card number, expiry date and CVC code, number of items, item number, data on goods and services, prices and taxes, information on previous purchasing behaviour or other information relating to your financial situation.
The purpose of this data transfer is, in particular, to verify identity, administer payments and prevent fraud. In particular, we will transmit personal data to Klarna if there is a legitimate interest for the transmission. Personal data exchanged between Klarna and us will be transferred by Klarna to credit reference agencies. Such transmission is intended for the purposes of identity verification and credit checks.
Klarna will also pass on personal data to affiliate companies (in the Klarna Group) and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed on their behalf.
In order to make decisions regarding the establishment, implementation or termination of a contractual relationship, Klarna collects and uses data and information about the previous payment behaviour of the data subject as well as probability values for their behaviour in the future (so-called scoring). The scoring calculation is carried out on the basis of scientifically recognised mathematical and statistical methods
You have the option to revoke your consent to the handling of personal data at any time by Klarna. A revocation does not affect personal data that must be processed, used or transmitted for contractual payment processing.
The applicable data protection regulations of Klarna can be found at https://www.klarna.com/de/datenschutz/

9.3 Credit cards
On this website, we have integrated components for payment by credit card that enable cashless payment for products and services via the internet. The operating company is Stripe Inc., 510 Townsend Street, San Francisco, CA 94103 USA, www.stripe.com. If you select "credit card" as the payment option during the order process in our online shop, your data will be automatically transmitted to the credit card company. By selecting this payment option, you consent to the transfer of personal data required for payment processing.
In processing your purchase by credit card, your name, credit card number, CVC and expiry date of the credit card are transmitted to the credit card company in encrypted form. The credit card company then carries out the payment to us after a technical check.
Transmission of this data is only for the purpose of payment processing.
Further information can be found at https://stripe.com/de/privacy.

10. Disclosure of personal data to third parties

10.1 Links to external websites
This website contains links to external websites. We are responsible for our own content. We have no influence over the content of external links and are therefore not responsible for it; in particular we do not adopt their content as our own. If you are directed to an external site, the privacy policy provided there shall apply. If you notice any illegal activities or content on this page, please let us know. In the event of this we will check the content and respond accordingly (notice and take down procedure).

10.2 Leased server space
Please note that we lease server space from  myLoc managed IT AG, Am Gatherhof 44, 40472 Düsseldorf, www.webtropia.com . The provider of the server space may automatically receive information when you visit our website. This is automatically stored by it in server log files (see Section 3), which your browser automatically transmits. Further information on this data can be found in Section 3.

10.3 Integration of YouTube videos
We have integrated YouTube videos into our online offering, which are stored at http://www.YouTube.com and can be played directly from our website. YouTube is operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. You Tube LLC is a subsidiary of Google Inc. These are all integrated and embedded in the "Extended Privacy Mode", i.e. no data about you as user are transferred to Youtube if you do not play the videos. Only when you play the videos will the following data be transmitted. We have no influence on this data transfer. When you visit this website, YouTube is notified that you have accessed the corresponding sub-page of our website. The following data is transmitted:
• Device-specific information, such as the hardware used; the version of the operating system; unique device identifier and information about the mobile network, including your telephone number
• Log data in the form of server logs. These include, but are not limited to, details of how the services were used, such as search queries; IP address; hardware settings; browser type; browser language; date and time of your request; source page; cookies used to uniquely identify your browser or Google Account
• Location-related information. Google may collect information about your actual location. This includes, for example, your IP address, your wi-fi access points or cellular towers
• For more information about the data collected by Google, INC, please visit the following link: https://policies.google.com/privacy?hl=de&gl=de.
This takes place regardless of whether YouTube provides a user account via which you are logged in, or no user account exists. If you are logged into Google, your data will be assigned directly to your account.
The legal basis for the processing of personal data is Art. 6(1)(a) GDPR. The European Court of Justice considers the USA to be a country with an inadequate level of data protection. There is therefore a risk that your data will be processed by US authorities for control and monitoring purposes without you having the benefit of your data subject rights or other means of redress.
The integration of videos serves to make the website clearer for the user and to increase the search engine ranking of the website on Google and to refer more specifically to our specially produced videos. YouTube stores your data as a user profile and uses it for the purposes of advertising, market research and/or requirements-oriented design of its website. This type of evaluation is carried out (even for users who are not logged in) to provide interest-based advertising and to inform other users of the social network about your activities on our website. If you do not wish to be associated with your YouTube profile, you should not click on the video.
Duration of storage is in accordance with YouTube's storage deadlines.
You have the right to object to the creation of these user profiles, and must contact YouTube and the controller to exercise this right, namely Google Ireland Ltd., Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland.
For more information on the purpose and scope of data collection and processing by YouTube, please refer to the YouTube's privacy policy. Here, you will also find further information on your rights, and settings options for protecting your privacy:  http://www.google.de/intl/de/policies/privacy .

Opt-Out: https://www.google.com/settings/ads/

10.4 Spotify
We integrate features from the music service Spotify on our website. This service is provided by Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. Spotify plugins can be identified on our site by the green Spotify logo.
By visiting our website, a direct connection can be established between your browser and Spotify via the plugin.  This enables  Spotify to receive information that you have visited our site from your IP address. If you are logged into your Spotify account while visiting our website and you click the Spotify button, you can link the content of our website to your Spotify profile. However, this allows Spotify to associate the visit to our site with your user account.
The integration of the plugin takes place in order to enable you to discover music in connection with our website.
Spotify processes and transmits data to servers located in multiple countries. Further information can be found in Spotify's privacy policy.
The legal basis for the integration of the plugin is Art. 6(1)(f) GDPR. Our legitimate interest lies in the purpose stated.
If you do not wish Spotify to associate your visit to our website with your user account, you need to log out of your Spotify user account before visiting our website and before clicking on the plugin.
For more information on data protection at Spotify, please visit https://www.spotify.com/en/legal/privacy-policy/.

10.5 Google WebFonts
This site uses web fonts provided by Google so as to be able to uniformly display fonts. However, we have integrated web fonts locally, so that no data is transferred to Google or other third parties.
11. Social networks
This website includes share buttons used by social networks. These are normally inactive and do not transmit any data to social networks. When you hover over these buttons, you are informed that data will be transmitted if you click. When you are on our website, the following applies. When you are on our social network fan pages, the information given in the separate privacy policy for social networks applies.
Our social media privacy policy

11.1 Facebook
We use "Share" buttons from the social network Facebook Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) . This plugin allows you to bookmark pages on this website and share them with other members of the social network. You can recognise this plugin from the Facebook logo or the usual "Share" button. An overview of Facebook plugins can be found at http://developers.facebook.com/docs/plugins/.
Data is passed on regardless of whether you have an account with Facebook and are logged in there.
If you click on the Facebook "Share" button while you are logged in to your Facebook account, the content of this website can also be linked to your Facebook profile. In this case, Facebook may also associate your visit to our website with your user account. When you click on a button and link to the website, for example, Facebook also stores this information in your user account and publicly communicates this to your contacts. We recommend you log out regularly after using a social network, especially before clicking a button, to avoid this being associated with your profile.
If you are not a member of Facebook or you logged out of Facebook before visiting this website, Facebook may still be able to obtain and store your IP address. If you do not want Facebook to be able to associate your visit to our website with your Facebook user account, you should not activate the plugin.
In principle, the following data is transmitted to Facebook:
• Browser-related data such as IP address, browser type, operating system, time and date of the request, website visited.
• User ID (if you are logged in to your Facebook account)
According to Facebook, your IP addresses will be anonymised immediately after collection in Germany. By activating the plugin, your personal data will be transmitted to Facebook and stored in the USA. Since Facebook collects data in particular via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the greyed-out box.
Facebook stores data collected about you as a user profile and uses this for advertising, market research and/or demand-oriented design of its website. This evaluation is made (even for non-logged-in users) in particular to provide interest-based advertising and to inform other social network users about your activities on our website. Plug-ins enable us to offer you the option of interacting with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest.
The legal basis for the use of plugins is Art. 6(1)(a) GDPR. There is therefore a risk that your data will be processed by US authorities for control and monitoring purposes without you having the benefit of your data subject rights or other means of redress.
We have no influence on the data collected or the platforms' data processing, nor are we aware of the full extent of data collection, the purposes of such processing, or how long your data will be stored. We have no information on deletion of data collected by Facebook.
At any time, you may revoke your consent to the processing of your personal data, by setting your browser software to prevent cookie storage (by deactivation or restriction).
You can change your settings and object to the use of your data for advertising purposes in Facebook profile settings here https://www.facebook.com/settings?tap=ads. You can find out more about the purpose and scope of data collection and processing, and your rights regarding Facebook at http://www.facebook.com/policy.php, http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo.

11.2 Xing
We use social plugins for the social network Xing (Xing AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany) on this website. This plugin allows you to bookmark pages on this website and share them with other members of the social network. This plugin can be identified by Xing's "share button".
We use the "two-click" solution. This means that if you visit our website, initially, no personal data will be sent to Xing. We offer you the option of communicating directly with Xing via the button. Xing only receives the information that you have accessed our website when you click on the designated field and activate it.
If you click on the "Share" button while you are logged into your Xing account, the content of this website can be linked to your Xing profile. In this case, Xing may also associate your visit to our website with your user account. When you click on a button and link to the website, for example, Xing also stores this information in your user account and publicly communicates this to your contacts. We recommend you log out regularly after using a social network, especially before clicking a button, to avoid this being associated with your profile.
In principle, the following data is transmitted to Xing:
• IP address, browser type, date and time of access, source page, operating system, screen resolution
• Linking this data to your social media account data
According to Xing, your IP addresses will be anonymised immediately after collection in Germany. By activating the plugin, your personal data will be transmitted to Xing and stored there. Since Xing collects data in particular via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the greyed-out box.
Xing stores data collected about you as a user profile and uses this for advertising, market research and/or demand-oriented design of its website. This evaluation is made in particular to provide interest-based advertising and to inform other social network users about your activities on our website. Plug-ins enable us to offer you the option of interacting with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in data processing.
The legal basis for the use of plugins is Art. 6(1)(f) GDPR.
We have no influence on the data collected or the platforms' data processing, nor are we aware of the full extent of data collection, the purposes of such processing, or how long your data will be stored. We also have no information on the deletion of the collected data by Xing.
You have the right to object to the creation of these user profiles, and must contact Xing to exercise this right.
Further information on the purpose and scope of data collection and processing as well as on your respective rights in respect of Xing can be found at http://www.xing.com/privacy. You will also find information there on settings options to protect your privacy.

11.3 Twitter
This website incorporates Twitter functions (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA). By using Twitter and the "Retweet" button, you can follow a post or page on Twitter, and the websites you visit will be linked to your Twitter account and shared with other users. You can recognise this plugin from the "ReTweet" button or the usual blue bird. You can find an overview of the Twitter buttons and their appearance here:  https://twitter.com/about/resources/buttons.
Our company uses the "two-click" solution. This means that if you visit our website, initially no personal data will be sent to Twitter. We offer you the option of communicating directly with Twitter via the button. Twitter only receives the information that you have accessed our website when you click on the designated field and activate it.
If you click on the Twitter button while you are logged into your Twitter account, the content of this website can be linked to your Twitter profile. In this case, Twitter may also associate your visit to this website with your user account. When you click on a button and link to the website, for example, Twitter also stores this information in your user account and publicly communicates this to your contacts. We recommend you log out regularly after using a social network, especially before clicking a button, to avoid this being associated with your profile.
In principle, the following data is transmitted to Twitter:
• IP address, browser type, date and time of access, source page, operating system, screen resolution
• Linking this data to your social media account data
By activating the plugin, your personal data will be transmitted to Twitter and stored in the USA.
Twitter stores the data collected about you as a user profile and uses it for the purposes of advertising, market research, and/or demand-oriented design of its services. This evaluation is made in particular to provide interest-based advertising and to inform other social network users about your activities on our website. Plug-ins enable us to offer you the option of interacting with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in data processing.
The legal basis for the use of plugins is Art. 6(1)(f) GDPR. There is therefore a risk that your data will be processed by US authorities for control and monitoring purposes without you having the benefit of your data subject rights or other means of redress.
We have no influence on the data collected or the platforms' data processing, nor are we aware of the full extent of data collection, the purposes of such processing, or how long your data will be stored. We also have no information on the deletion of the collected data by Twitter.
You have the right to object to the creation of these user profiles, and must contact Twitter to exercise this right.
Further information on the purpose and scope of data collection and processing and on your respective rights in respect of Twitter can be found at https://twitter.com/privacy. You can change your privacy settings on Twitter at any time at http://twitter.com/account/settings.

11.4 Instagram
This website uses social plugins from the social media network Instagram Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) . This plugin allows you to bookmark pages on this website and share them with other members of the social network. You can recognise the plugin by the square camera, sometimes with the lettering "in".
Our company uses the "two-click" solution. This means that if you visit our site, initially no personal data will be sent to Instagram. We offer you the option of communicating directly with Instagram via the button. Instagram only receives the information that you have accessed our website when you click on the designated field and activate it.
Data is passed on regardless of whether you have an Instagram account and are logged in there.
If you click on the Instagram button while you are logged in to your Instagram account, the content of this website can be linked to your Instagram profile. In this case, Instagram may also associate your visit to our website with your user account. When you click on a button and link to the website, for example, Instagram also stores this information in your user account and publicly communicates this to your contacts. We recommend you log out regularly after using a social network, especially before clicking a button, to avoid this being associated with your profile.
If you are not a member of Instagram or you logged out of Instagram before visiting this website, Instagram may still be able to obtain and store your IP address. If you do not want Instagram to associate your visit to our website with your Instagram account, you must log out of Instagram before visiting our website and you must not activate the plugin.

In principle, the following data is transmitted to Instagram:
• IP address, browser type, date and time of access, source page, operating system, screen resolution
• Linking this data to your social media account data
By activating the plugin, your personal data is transmitted to Instagram and stored in the USA.
Instagram stores data collected about you as a user profile and uses this for the purposes of advertising, market research and/or demand-oriented design of its website. This evaluation is made (even for non-logged-in users) in particular to provide interest-based advertising and to inform other social network users about your activities on our website. Plug-ins enable us to offer you the option of interacting with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in data processing.
The legal basis for the use of plugins is Art. 6(1)(f) GDPR. There is therefore a risk that your data will be processed by US authorities for control and monitoring purposes without you having the benefit of your data subject rights or other means of redress.
We have no influence on the data collected or the platforms' data processing, nor are we aware of the full extent of data collection, the purposes of such processing, or how long your data will be stored. We also have no information on the deletion of the collected data by Instagram.
You have the right to object to the creation of these user profiles, and must contact Instagram to exercise this right.
Further information on the purpose and scope of data collection and processing as well as on your respective rights in respect of Instagram can be found at http://instagram.com/about/legal/privacy/.

11.5 Pinterest
This website uses social plugins from the social media network Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA 94301, USA). This plugin allows you to bookmark pages on this website and share them with other members of the social network. You can recognise this plugin from the Pinterest logo or the usual "P" button.
Our company uses the "two-click" solution. This means that if you visit our website, initially, no personal data will be sent to Pinterest. We offer you the option of communicating directly with Pinterest via the button. Pinterest only receives the information that you have accessed our website when you click on the designated field and activate it.
Data is passed on regardless of whether you have a Pinterest account and are logged in there.
If you click on the Pinterest button while you are logged in to your Pinterest account, the content of this website can be linked to your Pinterest profile. In this case, Pinterest may also associate your visit to our website with your user account. When you click on a button and link to the website, for example, Pinterest also stores this information in your user account and publicly communicates this to your contacts. We recommend you log out regularly after using a social network, especially before clicking a button, to avoid this being associated with your profile.
If you are not a member of Pinterest or you logged out of Pinterest before visiting this website, Pinterest may still be able to obtain and store your IP address. If you do not want Pinterest to associate your visit to our website with your Pinterest account, you must log out of Pinterest before visiting our website and you must not activate the plugin.
In principle, the following data is transmitted to Pinterest:
• IP address, browser type, date and time of access, source page, operating system, screen resolution
• Linking this data to your social media account data
By activating the plugin, your personal data will be transmitted to Pinterest and stored in the USA.
Pinterest stores the data collected about you as a user profile and uses it for the purposes of advertising, market research, and/or demand-oriented design of its website. This evaluation is made (even for non-logged-in users) in particular to provide interest-based advertising and to inform other social network users about your activities on our website. Plug-ins enable us to offer you the option of interacting with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in data processing.
The legal basis for the use of plugins is Art. 6 paragraph GDPR. There is therefore a risk that your data will be processed by US authorities for control and monitoring purposes without you having the benefit of your data subject rights or other means of redress.
We have no influence on the data collected or the platforms' data processing, nor are we aware of the full extent of data collection, the purposes of such processing, or how long your data will be stored. We also have no information on the deletion of the collected data by Pinterest. If you do not want Pinterest to associate your visit to our website with your Pinterest account, you must log out of Pinterest before visiting our website.
You have the right to object to the creation of these user profiles, and must contact Pinterest to exercise this right.
Further information on the purpose and scope of data collection and processing as well as on your rights in respect of Pinterest can be found at https://about.pinterest.com/de/privacy-policy.

12. Competitions
Please note the following information about how we collect personal data when you take part in one of our competitions. Personal data includes all data which may be personally designated to you, e.g. your name, address, and email address. We collect the following data so that you can take part in competitions and we can announce the prize. We provide detailed information about this in our terms and conditions of participation.

13. Rights of the data subject
If your personal data is processed, you are a data subject under the GDPR and you have the following rights with respect to the controller under Section 1:
- Right to be informed
- Right to rectification
- Right to restrict processing
- Right to erasure
- Right to information
- Right to data portability
- Right to object to processing
- Right to withdraw consent under data protection law
- Right to withdraw consent under data protection law
- Right not to apply an automated decision
- Right to lodge an appeal to a supervisory authority

13.1 Right to be informed
You can ask the controller to confirm whether we are processing your personal data. If processing has taken place, you can request information from the controller at any time free of charge as to the personal data stored about you, and about the following information:
• the purposes for which the personal data is processed;
• the categories of personal data that are processed;
• the recipients or categories of recipients to whom the personal data concerning you has been or is still being disclosed;
• the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;
• the existence of a right to rectification or deletion of the personal data concerning you, a right to restriction of processing by the controller or a right to object to this processing;
• the existence of a right of appeal to a supervisory authority;
• all available information about the origin of the data if the personal data is not collected from the data subject;
• the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to be informed as to whether your personal data will be transmitted to a third country or an international organisation. In this regard, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in relation to transfer.

13.2 Right to rectification
You have a right to rectification and/or completion of data with respect to the controller if your processed personal data is incorrect or incomplete.

13.3 Right to restrict processing
You can require the immediate restriction of processing of your personal data by the controller under the following circumstances, :
• if you dispute the accuracy of the personal data concerning you for a period that allows the controller to verify the accuracy of the personal data;
• the processing is unlawful and you oppose erasure of the personal data and instead request the restriction of the use of the personal data;
• the controller no longer needs the personal data for the purposes of the processing, but you need it to assert, exercise or defend legal claims, or
• if you object to the processing in accordance with Art. 21(1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be processed – with the exception of its storage – with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of significant public interest of the Union or a Member State. If processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

13.4 Right erasure
You may ask the controller to erase personal data concerning you without delay if one of the following reasons applies:
• The personal data concerning you is no longer required for the purposes for which it was collected or otherwise processed.
• You withdraw your consent, upon which processing in accordance with Article 6(1)(a) or Article 9(2)(a) GDPR was based, and there is no other legal basis for its continued processing.
• You object in accordance with Article 21(1) GDPR, and there are no overriding legitimate reasons for its continued processing, or you submit an objection to its processing in accordance with Article 21(2) GDPR.
• Your personal data has been unlawfully processed.
• Your personal data must be deleted in order to comply with a legal obligation under Union or Member State law to which the controller is subject.
Your personal data has been collected in relation to services offered by information society services pursuant to Article 8(1) GDPR.
If the controller has made your personal data public and is required to erase it in accordance with Art. 17(1) GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform controllers who process the personal data that you, as the data subject, have requested the erasure of all links to such personal data and all copies or replications of such personal data.
The right to erasure does not exist insofar as the processing is necessary
• to exercise the right to freedom of expression and information;
• to fulfil a legal obligation which requires the processing under Union or Member State law to which the controller is subject, or to perform a task which is in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the field of public health in accordance with Article 9(1)(h) and Art. 9(3) GDPR;
• for archiving, scientific, or historical research purposes in the public interest or for statistical purposes in accordance with Article 89(1) GDPR, to the extent that the law referred to in (a) is likely to render impossible or seriously prejudicial the attainment of the objectives of such processing; or
• to assert, exercise or defend legal claims.

13.5 Right to information
If you have exercised your right to require the controller to rectify, erase, or restrict processing, the controller is required to inform all recipients of your personal data of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed as to these recipients by the controller.

13.6 Right to data portability
You have the right to obtain a copy of your personal data provided to the controller in a structured, commonly-used and machine-readable format. You also have the right to transfer this data to another controller without hindrance by the controller who was initially provided with the personal data, provided that
• processing is based on consent in accordance with Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on the basis of a contract in accordance with Article 6(1)(b) GDPR and
• the processing is carried out using automated procedures
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You may contact the controller at any time to assert your right to data portability.

13.7 Right to object
You have the right to object to the processing of your personal data at any time for reasons arising from your specific situation, carried out in accordance with Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
You have the option, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.
In order to exercise the right to object, you may contact the controller directly.

13.8 Right to withdraw consent under data protection law
You have the right to withdraw your consent under data protection law at any time. Revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent prior to its revocation. You can contact the controller to this end.

13.9 Rights relating to automated decision-making in individual cases including profiling
You have the right to not be subjected to a decision based solely on automated processing – including profiling – which has a legal bearing on you, or that significantly affects you in a similar manner. This does not apply if the decision
• is necessary for the conclusion or performance of a contract between you and the controller,
• is permitted by Union or Member State legislation to which the controller is subject, and this legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
• is made with your express consent.
However, such decisions may not be based on special categories of personal data pursuant to Article 9(1) GDPR unless Article 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including as a minimum the right to obtain the intervention of a person on the part of the controller, to state a position and to challenge the decision.
If you wish to assert rights with regard to automated decisions, you may contact the controller at any time.

13.10 Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you contravenes the GDPR. The supervisory authority to which the appeal is submitted will inform you about the status and results of the appeal, including the possibility of a judicial remedy in accordance with Article 78 GDPR. The supervisory authority responsible for us is:

Der Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstrasse 219
10969 Berlin
www.datenschutz-berlin.de

14. Changes to these guidelines
We reserve the right to change our data protection practices and this policy to adapt it to any changes in relevant laws and/or regulations or to better meet your needs. We will notify you of possible changes to our data protection practices here. Please note the current version date of this privacy policy.

As of 01.08.2023