Privacy Policy

Thank you for your interest in Music Mail Tonträger GmbH. Privacy has a particularly high priority for our management and we would, therefore, like to inform the general public about the type, scope and purpose of the personal data we process in this privacy policy. In addition, you will also find details of the rights of data subjects in our privacy policy.

As controller, Music Mail Tonträger GmbH has implemented numerous technical and organisational measures to ensure the highest possible protection of personal data processed through this website (https://digdis.de). We use an encryption process on our websites. Your data is transferred from your computer to our server and vice versa via the internet using TLS encryption. You can usually recognise this by the fact that the lock symbol is closed in the status bar of your browser and the address line begins with http://https://.

Nevertheless, internet-based data transmissions can be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

Definitions

Music Mail Tonträger GmbH’s privacy policy is based on the definitions used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our aim is to make our privacy policy easy to read and understand for the general public as well as for our customers and business partners. To ensure this, we would like to explain the definitions used in the following.

In this privacy policy, we use the following definitions:

a) Personal Data

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data Subject

‘Data subject’ means any identified or identifiable natural person whose personal data are processed by the controller.

c) Processing

‘Processing’ is any operation or set of operations which is performed on personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of Processing

‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation

‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or Person Responsible for Processing

‘Controller’ or ‘Person Responsible for Processing’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the scope of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third Party

‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent

‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Name and Address of Controller

Controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

Music Mail Tonträger GmbH
Bruckwiesenweg 34
70327 Stuttgart | Deutschland
Tel.: +49 711 36546900
email: info(at)digdis.de
Website: www.digdis.de

Name and Address of Data Protection Officer

The Data Protection Officer of the Controller is:

Luca Schreiner
Music Mail Tonträger GmbH
Bruckwiesenweg 34
70327 Stuttgart | Deutschland
Tel.: +49 711 36546911
email: luca(at)digdis.de

Any data subject may contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection and privacy.

Types of data collection and data processed

Input on our Website

a) Registration

Data subjects have the option to register themselves on Music Mail Tonträger GmbH’s website by providing their personal data. Which personal data is transmitted to Music Mail Tonträger GmbH can be determined from the data entry form used for registration.

b) Contact options via the website

If a data subject contacts Music Mail Tonträger GmbH by email or via a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted to Music Mail Tonträger GmbH on a voluntary basis by a data subject shall be processed for the purpose of handling the data subject’s request. This personal data is not passed on to third parties.

c) Application process

Personal data of applicants may also be processed electronically for the purpose of handling the application process. This is particularly the case if an applicant transmits the relevant application documents to Music Mail Tonträger GmbH by email or via a web form located on the website. If Music Mail Tonträger GmbH concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If an employment contract is not concluded with the applicant, the application documents are automatically deleted six months after notification of the negative decision, provided that no other justified interests of Music Mail Tonträger GmbH oppose deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Act on Equal Treatment (AGG).

Cookies and other methods of automatic data collection

a) Methods used for automatic data collection

Each time a data subject or automated system accesses the website, Music Mail Tonträger GmbH’s website collects a series of information such as IP addresses, browser type, Internet service provider, referring and exit pages, and date and time stamps. This data is stored in the log files of the server. Only information that is transmitted due to the browser settings of the user's terminal device is processed (no "browser fingerprinting").

Cookies: Music Mail Tonträger GmbH’s websites (https://digdis.de) use cookies. Cookies are text files that are placed and stored on the device used by a data subject to visit the website (e.g. computer, tablet or smartphone). Cookies can contain a so-called cookie ID. This consists of a string of characters by which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies.

b) Essential data for the operation of our website

The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing device or system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems. When registering on our website, for example, the IP address assigned by the internet service provider (ISP) of the data subject as well as the date and time of registration are stored. For this purpose, information stored in the user's terminal device is not accessed, but only information that is automatically transmitted to our server due to the user's browser settings is stored. The storage of this data takes place due to the fact that only in this way the misuse of our services can be prevented and, if necessary, this data makes it possible to investigate any criminal offences that have been committed. In this respect, the storage of such data is necessary to safeguard Music Mail Tonträger GmbH. In principle, such data is not shared with third parties, unless there is a legal obligation to do so or the disclosure serves law enforcement purposes.

When using this data, Music Mail Tonträger GmbH does not identify data subject. Rather, this information is required (1) to deliver the contents of our website correctly, (2) to ensure the long-term functionality of our information technology systems and the technology of our website, and (3) to provide law enforcement authorities with the information necessary for a prosecution in the event of a cyber attack. This data and information is analysed by Music Mail Tonträger GmbH with the aim of improving data security within our company, and with the ultimate aim of ensuring a high level of protection for the personal data we process. Data from the server log files are stored separately from any personal data provided by a data subject.

c) Data collected with consent

If the data subject consents to the accessing of his or her terminal device and the intended data processing that is the purpose of such accesssing, cookies of the web analysis service Google Analytics are set for statistical purposes and cookies of the advertising service Google Ads are set for advertising and marketing purposes as described in more detail in sections 8 and 9. The corresponding cookies can be prevented by not consenting to the cookie setting when visiting the website for the first time.

Purposes and legal bases of the processing

The personal data entered by data subjects when registering on our website and any further data entered by registered users are used to initiate and execute contracts between Music Mail Tonträger GmbH and the respective data subject or their employer or client. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Art. 6(1)(b) GDPR; if it is their employer or client, it is based on Art. 6(1)(f) GDPR (legitimate interest of the parties in the performance of the contract). The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services.

If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6 (1) c) GDPR.

In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. In such a case, the processing would be based on Art. 6(1)(d) GDPR.

Article 6(1)(a) GDPR serves as the legal basis for our company’s processing operations in which we obtain the consent of the data subject for specific data processing for a specific processing purpose. This is the case for data we process for statistical analysis and promotional purposes (see section 8 and sections 9.3 - 9.5).

Finally, operations may be based on Article 6(1)(f) GDPR if they are not covered by any of the other aforementioned legal bases and if the processing is necessary for the protection of a legitimate interest of our company or a third party, provided that there are no overriding interests, fundamental rights and freedoms of the data subject that prevent us from such processing. This is the case when label registrations via the website digdis.de are automatically checked for the country of origin of the user. This serves to prevent fraud before the conclusion of contracts.

Upon request by the data subject, our employees will provide further information on a case-by-case basis as to whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be.

Recipients

Music Mail Tonträger GmbH may have personal data processed on its behalf by service providers, for example an email dispatch service. In the course of the fulfilment of contracts, personal data may be transferred to third parties who provide specialised services that are essential for the fulfilment of the respective contract and who act as independent data controllers in terms of data protection law. These are, for example, distribution partners, parcel services, service providers for telephony and accounting, banks and payment service providers and the services listed in sections 7.2-9.

Transmissions to countries outside the European Economic Area

Mailchimp

We use the email dispatch service Mailchimp. This service processes first and last names, as well as the email addresses of our contractual partners in the USA. Mailchimp enables us to send contract-relevant newsletters to our contractual partners. This processing is subject to standard data protection clauses approved by the EU Commission.

Mixpanel

We use the web analytics service Mixpanel. This service processes IP log data and the email addresses of our contractual partners in the USA. Mixpanel enables us to better understand and reproduce technical errors that occur on our platform digdis.app. This processing is subject to standard data protection clauses approved by the EU Commission.

PandaDoc

We use the digital web service PandaDoc. This service processes first and last names, email addresses, as well as address data such as streets, house numbers, city names, postal codes and country information of our contractual partners in the USA. We use PandaDoc for entering into contracts with partners interested in our service electronically. PandaDoc makes it easier for us and our contractual partners to sign contracts, as this means that contract documents no longer have to be processed manually, as they are now signed digitally. This processing is subject to standard data protection clauses approved by the EU Commission.

Trello

We use the web service Trello. This service processes first and last names, email addresses, as well as address data such as streets, house numbers, city names, postal codes and country information of our contractual partners in the USA. Trello is used purely for project management purposes and helps us to document, for example, registrations of new customers and cancellations of existing customers and to assign corresponding processes to our team. This processing is subject to standard data protection clauses approved by the EU Commission.

SENTRY

We use the Sentry monitoring service. This processes IP and other log data from our contractual partners in the USA. Sentry enables us to better understand and reproduce technical errors that occur on our digdis.app platform. This processing is subject to standard data protection clauses approved by the EU Commission.

FAVRO

We use the web service FAVRO. This service processes first and last names as well as email addresses of our contractual partners in the USA. As is the case with Trello, FAVRO is used for project management purposes. FAVRO helps our international IT team to document and coordinate technical errors or improvements on our platform. This processing is subject to standard data protection clauses approved by the EU Commission.

Slack

We use the communication service Slack. This service processes the first and last names and e-mail addresses of our contractual partners in the USA. Slack is used for internal company communication and coordination of internal processes. This processing is subject to standard data protection clauses approved by the EU Commission.

Stripe

We use the payment service Stripe. This service only processes credit card numbers and email addresses of contractual partners who have upgraded to our dig dis! Pro or dig dis! Enterprise subscription services. The processing takes place in the USA. Stripe is necessary for the purchase and subscription processing of our additional services dig dis! Pro and dig dis! Enterprise, which are extensions of our digdis.app platform. The processing of data via Stripe is subject to standard data protection clauses approved by the EU Commission.

Zapier

We use the web service Zapier. This service processes first and last names, email addresses, as well as address data such as streets, house numbers, city names, postal codes and country information of our contractual partners in the USA. Zapier enables us to automate internal processes. This includes processes such as new customer registrations or general label onboarding. With Zapier, time-consuming and repetitive processes such as sending welcome emails to new contractual partners, transferring contact details to Trello [see 7.4] or assigning an employee for corresponding processes can be automated. This processing is subject to standard data protection clauses approved by the EU Commission.

MongoDB

We use the database service MongoDB. This service processes first and last names, e-mail addresses, as well as address data such as streets, house numbers, city names, postal codes and country information, as well as bank and tax data such as IBANs, account numbers, bank codes and tax numbers of our contractual partners. The processing takes place in the USA. Processing this data via MongoDB is essential for the functionality of our digdis.app platform. Certain tools and content on the digdis.app platform access our internal MongoDB database. This processing is subject to standard data protection clauses approved by the EU Commission.

For information on transfers to third countries via Google and Facebook, please refer to the following sections [8 - 9].

Facebook-Pixel

Music Mail Tonträger GmbH has integrated a Facebook-Pixel on this website. This only leads to access to the user's terminal device and data collection if the user gives his or her consent to this when visiting our website for the first time. The consent can be revoked at any time by the data subject deactivating the setting of cookies by clicking on the cookie settings in the footer of the website. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

Facebook is a social network. A social network is a social meeting place operated on the internet, an online community that typically allows users to communicate and interact with each other in virtual space. A social network can serve as a platform for exchanging opinions and experiences or enables the internet community to provide personal or company-related information. Facebook allows social network users to create private profiles, upload photos and network via friend requests, among other things.

Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, is the operating company of Facebook. For data subject resident outside the US or Canada, the controller of personal data processed via Facebook is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Like many other companies, we advertise on Facebook. Facebook-Pixel records certain "actions" (events) that a visitor performs on our website, for example, submitting a form, starting and completing a purchase, searches, viewing certain pages.

We are able to see the actions that our customers have taken on our Facebook-Pixel page in the Event Manager. Meta Platforms Ireland Limited provides us with reports about the impact of our advertising campaigns and other online content ("Campaign Reports") and analytics about users and their use of our websites, products and services ("Analytics") which allows us to verify if a user who clicks on our advertising actually performs an action on our website. Campaign reports and analytics are created by Meta Platforms Ireland Limited as our processor (Art. 28 GDPR). During this process, data is transferred to further subcontractors of Meta Platforms Ireland Limited, including those located outside the European Economic Area.

For this purpose and in accordance with Facebook’s European Data Transfer Addendum, standard contractual clauses (processor-processor) approved by the European Commission apply between Meta Platforms Ireland Limited and any subcontractors in countries outside the European Economic Area, insofar as no other transfer mechanisms permitted under the GDPR apply, such as adequacy decisions.

We are jointly responsible with Meta Platforms Ireland Limited for the uses of the event data described below (Article 26 GDPR). In this respect, we have entered into a joint processing agreement with Meta Platforms Ireland Limited ("Controller Addendum"), according to which we inform you about the processing as follows:

Event data for targeting our advertisements: We may provide event data to target our advertising campaigns to individuals who interact with our business. We may instruct Facebook Ireland, Ltd to create custom audiences, which are groups of Facebook users based on event data, to target advertising campaigns (including custom audiences via websites, custom audiences via mobile apps and offline custom audiences). Facebook processes Event Data to create such audiences for us.
Event data to improve ad delivery, personalise features and content, and improve and secure Facebook products.

Personal data processed jointly with Meta Platforms Ireland Limited are:

HTTP header information containing information about the web browser or application used (e.g. user agent, country-level locale/language).
Information on standard/option events such as "page view" or "app installation", other object properties as well as buttons clicked by website visitors, in each case depending on the configuration of the business tool.
Online identifiers, including IP addresses and, where provided, Facebook related identifiers or device identifiers (e.g. mobile operating system ad IDs) and information on opt-out/limited ad tracking status.

For information on how Meta Platforms Ireland Limited processes personal data, including the information required under Article 13(1)(a) and (b) GDPR, the legal basis on which Meta Platforms Ireland Limited relies and the ways in which data subjects can exercise their rights vis-à-vis Meta Platforms Ireland Limited, please see Meta Platforms Ireland Limited 's data policy: www.facebook.com/about/privacy.

In the "Controller Addendum", we have further agreed with Facebook that (in the internal relationship between us and Meta Platforms Ireland Limited) Meta Platforms Ireland Limited is responsible for enabling the rights of data subjects under Articles 15-20 GDPR in relation to the personal data stored by Facebook Ireland following joint processing.

Google

Gmail

Music Mail Tonträger GmbH uses the Google email service Gmail for sending, receiving and storing emails. This involves processing personal data such as first and last names, as well as e-mail addresses of our contract and service partners. Gmail is an elementary communication tool for exchanges with both contract and service partners. The advantages of Gmail compared to other e-mail services result from the numerous automation possibilities of the service. An adequate level of data protection for the transfer of data to Google entities in the USA is established through the agreement of EU standard contractual clauses. Further information and the applicable data protection provisions of Google, please visit their website: www.google.de/intl/de/policies/privacy/.

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is the operating company of Google.

Google Cloud

Music Mail Tonträger GmbH uses the Google cloud service “Google Cloud”. This service processes personal data such as first and last names, email addresses, as well as address data such as streets, house numbers, city names, postcodes and country information, bank and tax data such as IBANs, if applicable, account numbers, bank sort codes and tax numbers of our contractual partners. Google Cloud serves as a storage location for the data processed via MongoDB (see section [7.9]), which due to its data size must not be stored in-house, but via an external server provider such as Google Cloud in this case. MongoDB dynamically accesses the data stored via Google Cloud and writes, changes and/or deletes data depending on the action performed by the user on our digdis.app platform. An adequate level of data protection for the transfer of data to Google entities in the USA is established through the agreement of EU standard contractual clauses. For further information and the applicable data protection provisions of Google, please visit their website: www.google.de/intl/de/policies/privacy/.

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is the operating company of Google services.

Google Analytics

Music Mail Tonträger GmbH has integrated the component Google Analytics (with anonymisation function) on this website. Google Analytics is a web analytics service. Web analytics is the collection, compilation and evaluation of data about the behaviour of visitors to websites. A web analytics service collects, among other things, data on which website a data subject came to a website from (so-called referrers), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed. Web analytics is mainly used to optimise a website and to analyse the costs and benefits of internet advertising.

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is the operating company of Google services.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website and to provide other services related to the use of our website.

If the data subject gives his/her consent, Google Analytics sets a cookie on the data subject's information technology system the first time he/she visits our website. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyse the use of our website. Each time one of the individual pages of this website operated by the data controller is accessed and on which a Google Analytics component has been integrated, the internet browser on the data subject's information technology system is automatically triggered by the respective component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission settlements.

Cookies are used to store personal information, such as the time of access, the location from which access originated and the frequency of visits to our website by the data subject. Each time you visit our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the USA. This personal data is stored by Google in the USA. Google may share this personal data collected through the technical process with third parties. For the web analysis via Google Analytics we use the feature "_gat._anonymizeIp". This feature is used by Google to shorten and anonymise the IP address of the internet connection of the data subject if access to our website is from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

The data subject can prevent the use of cookies by our website at any time, as already described above, either by means of an appropriate setting of the Internet browser used and thus permanently object to the use of cookies or refuse consent to the use of cookies when visiting our website for the first time. Such a setting of the internet browser used would also prevent Google from installing a cookie on the information technology system of the data subject. Consent can be withdrawn at any time by the data subject deactivating the cookie setting by clicking on the cookie settings in the footer of the website. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Such a setting of the internet browser used would also prevent X from installing a cookie on the information technology system of the data subject. Consent can be revoked at any time by the data subject deactivating the cookie setting by clicking on the cookie settings in the footer of the website. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programmes.

Furthermore, the data subject has the possibility to object to the collection of data generated by Google Analytics relating to the use of this website as well as to the processing of such data by Google and to prevent such processing. For this purpose, the data subject must download and install a browser add-on under the link tools.google.com/dlpage/gaoptout. This browser add-on tells Google Analytics via JavaScript that no data and information about visits to internet pages may be transmitted to Google Analytics. The installation of the browser add-on is interpreted by Google as an objection. If the information technology system of the data subject is deleted, formatted or reinstalled at a later point in time, the data subject must reinstall the browser add‑on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within his or her control, it is possible to reinstall or reactivate the browser add-on.

For further information and the applicable privacy policy of Google, please visit their website: www.google.de/intl/de/policies/privacy/ and www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail here: www.google.com/intl/de_de/analytics/.

Privacy policy on the use and application of Google Ads

Google Ads have been integrated on this website. Google Ads is an internet advertising service that allows advertisers to place ads in both Google's search engine results and in Google’s advertising network. Google Ads allows an advertiser to specify certain keywords in advance by means of which an ad is displayed in Google's search engine results exclusively when the user retrieves a keyword-relevant search result with the search engine. In Google’s advertising network, the ads are distributed to topic-relevant internet pages by means of an automatic algorithm and taking into account the previously defined keywords.

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is the operating company of Google services.

The purpose of Google Ads is to advertise our website by displaying interest-relevant advertisements on the websites of third-party companies and in the search engine results of the search engine Google as well as to display third-party advertisements on our website.

If a data subject accesses our website via a Google advertisement, a so-called conversion cookie is stored by Google on the data subject's information technology system if the data subject consents to this. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days. If the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages, for example the shopping basket of an online shop system, have been called up on our website. The conversion cookie enables both us and Google to track whether a data subject who has accessed our website via a Google Ads advertisement has generated a sale, i.e. has completed or cancelled a purchase.

The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via Google Ads advertisements, i.e. to determine the success or failure of the respective ads and to optimise our ads for the future. Neither our company nor other advertisers of receive information from Google Ads that could identify the data subject.

The conversion cookie is used to store personal information, such as the websites visited by the data subject. Each time the data subject visits our website, personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the USA. This personal data is stored by Google in the USA. Google may share this personal data collected through the technical process with third parties. Google uses Google Ads’ data to continuously improve its services. Furthermore, information collected may be shared to improve other services, such as: Google Analytics. An adequate level of data protection for the transfer of data to entities in the USA is established through the agreement of EU standard contractual clauses.

The data subject can prevent the storage of cookies by our website at any time, as described above, either by means of an appropriate setting of the internet browser used and thus permanently object to the storage of cookies or object to the consent to the use of cookies when visiting our website for the first time. Such a setting of the internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the data subject.

The consent can be revoked at any time by the data subject by deactivating the setting of cookies by clicking on the cookie settings in the footer of the website. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

In addition, a cookie already set by Google Ads can be deleted at any time via the internet browser or other software programmes.

Furthermore, the data subject has the option of objecting to interest-based advertising by Google. To do this, the data subject must open the link www.google.de/settings/ads from any of the internet browsers used by him or her and make the desired settings there. For further information and the applicable data protection provisions of Google, please visit their website: www.google.de/intl/de/policies/privacy/.

Use of Google’s remarketing or "similar target groups" function

On our website we use the remarketing or “similar target groups” function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This function serves the purpose of analysing visitor behaviour and visitor interests.

Google uses cookies to carry out the analysis of website usage, which forms the basis for the creation of interest-based advertisements. If you subsequently visit another website in the Google display network, you will be shown advertisements that are highly likely to take into account previously accessed product and information areas. Your data may also be transferred to the USA. An appropriate level of data protection for the transfer of data to entities in the USA is established through the agreement of EU standard contractual clauses.

On our own website, Google can only place the necessary cookie in your browser if you give your consent the first time you visit our website. Consent can be withdrawn at any time by the data subject by disabling the use of cookies by clicking on the cookie settings in the footer of the website.

If our website communicates with a cookie that was previously placed on your browser on another website, the processing is carried out on the basis of Article 6 (1) f) GDPR for the legitimate interest of targeting website visitors with advertising by serving personalised, interest-based advertising ads to visitors to the provider's website when they visit other websites in the display network.

You have the right to object at any time to the processing of your personal data based on Article 6 (1) f) GDPR for reasons relating to your particular situation. You can permanently deactivate the use of cookies by Google by following the link below and downloading and installing the plug-in provided there: support.google.com/ads/answer/7395996

Alternatively, you can disable the use of cookies by third parties by visiting the Network Advertising Initiative's opt-out page at www.networkadvertising.org/choices/aufrufen and implementing the further opt-out information mentioned there.

You can find more information on remarketing and the associated privacy policy here: www.google.com/privacy/ads/

Duration of storage of personal data

Unless already specified in more detail in the other sections, the following shall apply: Music Mail Tonträger GmbH processes and stores personal data of the data subject only for the period of time necessary to fulfill the purpose of storage or as provided for by the European Directive and Regulation or other legislator in laws or regulations to which Music Mail Tonträger GmbH is subject.

If the purpose of storage no longer applies or if a storage period prescribed by the European Directive and Regulation or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Existence of automated decision-making

As a responsible company, we do not use automatic decision-making.

Rights of the Data Subject

If the legal requirements are met, data subjects have the right

to information about whether and, if applicable, which personal data concerning them we process (Article 15 GDPR),
to rectification (Article 16 GDPR),
to erasure or restriction of the processing of personal data (Articles 17 and 18 GDPR),
to object to the processing of personal data concerning them which we base on Article 6(1)(f) GDPR (legitimate interests) (Article 21 GDPR); in this case, we may only continue to process the data if we can demonstrate compelling legitimate grounds for doing so which override the interests of the data subject, or if we can base the processing on another legal basis,
on data portability (Art. 20 GDPR).

Data subjects who have given us consent (Article 7 and Article 6(1)(a) GDPR) have the right to withdraw their consent at any time (Article 7 of GDPR). The legality of the data processing up to the time of the revocation remains unaffected by the revocation.

To withdraw consent, to assert data subject rights, and any questions or complaints about our data processing, data subjects may contact our data protection officer at any time: luca@digdis.de.

Furthermore, pursuant to Article 77 GDPR, any person concerned by the processing of personal data has the right to lodge a complaint with a supervisory authority if he or she considers that the processing of personal data concerning him or her is unlawful. The competent supervisory authority for Music Mail Tonträger GmbH is Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg. You can also contact the data protection authority in your place of residence. Under the following link you will find the contact details of all data protection supervisory authorities: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node