This privacy notice (hereinafter “Privacy Notice”) informs you about the type, scope and purpose of the processing of personal data (hereinafter also referred to as “data”) within our website and the associated websites, functions and contents as well as external websites, e.g. our social media profile (hereinafter jointly referred to as "website"). With regard to the terms used, such as "personal data" or their "processing", we refer to the definitions in article 4 of the General Data Protection Regulation (GDPR).
We ask you to inform yourself regularly about the contents of our data protection declaration. We will adapt this Newsletter Privacy Notice as soon as changes in the data processing make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
The controller in the sense of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:
Budde Music Publishing GmbH
14199 Berlin, Germany
Phone: +49 (0) 30 824 005 10
Data Protection Officer
The data protection officer of the controller is:
The use of published contact details for marketing purposes is prohibited; offenders sending unwanted spam messages are expressly disclaimed. We expressly reserve the right to take legal action in the event of unsolicited advertising information, such as spam e-mails.
1. General Notes
Legal basis for the processing of personal data
In accordance with article 13 GDPR, we inform you of the legal basis of our data collection. If the legal basis is not mentioned in the Privacy Notice, the following applies: The legal basis for obtaining consents is article 6 para. 1 lit. a and article 7 GDPR, the legal basis for processing the performance of our services and the implementation of contractual measures as well as responding to requests is article 6 para. 1 lit. b GDPR (this also applies to processing that is necessary prior to entering into a contract), the legal basis for processing for compliance with a legal obligation is article 6 para. 1 lit. c GDPR, and the legal basis for processing for the purpose of our legitimate interests is article 6 para. 1 lit. f GDPR.
Processing of Personal Data
We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this Privacy Notice.
We only process personal data of our visitors and users if this is necessary to provide a functional website as well as our contents and services. The processing of personal data of our users takes place only after user’s consent. An exception applies in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
The personal data of the person concerned will be erased or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if EU regulations, laws or other provisions by the European or national legislator to which the person responsible is subject are applicable. The data will also be erased or blocked if a storage period prescribed by the aforementioned laws expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
Security of processing
We take appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with article 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. The measures include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability and its separation Furthermore, we consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by technology design and by default (article 25 GDPR).
The security measures include in particular the encrypted transmission of data between your browser and the server. For security reasons and to protect the transmission of confidential content, such as requests you send to us, our website uses SSL encryption. You can recognize an encrypted connection by the fact that the browsers address line changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
Transfers to third countries
We only process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third-party services or disclosure or transfer of data to third parties on the basis of the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if the special requirements of article 44 et seqq. GDPR are applicable. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").
Cooperation with processors and third parties
If we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transmit them or otherwise grant them access to the data, this shall only take place on the basis of a legal permission, if you have consented, if there is a legal obligation or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called "order processing contract" we do this on the basis of article 28 GDPR.
Rights of the Data Subject
You have the right to request confirmation as to whether the personal data (hereinafter also referred to as “data”) are being processed and to access information about these data as well as further information and a copy of the data in accordance with article 15 GDPR. In accordance with article 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate personal data concerning you. In accordance with article 17 GDPR, you have the right to demand that the relevant data be erased immediately or, alternatively, to obtain a restriction of processing the data in accordance with article 18 GDPR. You have the right to receive the data you have provided to us in accordance with article 20 GDPR and to request its transmission to another controller. In accordance with article 77 GDPR, you also have the right to lodge a complaint with a supervisory authority.
Right of withdrawal
You have the right to revoke consents granted pursuant to article 7 para. 3 GDPR with effect for the future.
Right of objection
You can object to the future processing of the data concerning you in accordance with article 21 GDPR at any time. The objection may be lodged in particular against processing for direct marketing purposes.
Erasure of personal data
The data processed by us will be erased or their processing restricted in accordance with articles 17 and 18 GDPR. Unless expressly stated in this Privacy Notice, the data stored by us will be erased as soon as it is no longer required for its intended purpose and the erasure does not conflict with any statutory obligations. If the data are not erased as they are necessary for other legally permissible purposes, their processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial law or tax reasons.
In accordance with statutory requirements, the records are kept in particular for 6 years in accordance with § 257 (1) HGB (German Commercial Code) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) AO (German Fiscal Code) (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
2. Data collection on our website
Server Log Files
Every time you visit our website, our system automatically collects data and information in so-called server log files, which your browser automatically transmits to us. The following data is collected:
a) Information about the browser type and version used
b) The user's operating system
c) The IP address of the user
d) The date and time of access
e) Websites from which the user's system reaches our website
These data are not combined with other data sources.
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this the IP address of the user must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. Our purpose and our legitimate interest in data processing are based on article 6 para. 1 lit. f GDPR. An evaluation of the data for marketing purposes does not take place in this context.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For data collected for providing the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment to a particular client is no longer possible.
The collection of data for providing the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no right to object with regard to the user.
The websites partly use so-called cookies. Cookies serve to make our website more user-friendly, effective and secure. Some elements of our website require that the browser can be identified even after a page change. Cookies are small text files that are stored on your computer and saved by your browser. These cookies contain a characteristic character string that enables a unique identification of the browser when the website is called up again.
Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit our website.
You can configure your browser in such a way that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. Cookies that have already been saved can be deleted at any time. When cookies are deactivated, the functionality of this website may be limited.
The following data is stored and transmitted in the cookies:
a) Log-in information
b) Layout Cookies
c) Search terms
The user data collected by technically necessary cookies are not used to create user profiles.
The legal basis for the processing of personal data using technically necessary cookies is artice 6 para. 1 lit. f GDPR. For these purposes, our legitimate interest also lies in the processing of personal data in accordance with article 6 para. 1 lit. f GDPR.
a) Language settings
b) Search terms entered
c) Frequency of page views
d) Use of website functions
Those user data collected is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to a specific user. The data will not be stored together with other personal data of the users.
Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimize our offer.
The legal basis for the processing of personal data using cookies for analytical purposes is article 6 para. 1 lit. a GDPR.
3. Website Analysis Services
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website within the meaning of artice 6 para. 1 lit. f. GDPR) Google Analytics, a web analysis service of Google LLC ("Google"). The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
We have concluded a commissioned data processing contract with Google and fully implement the strict requirements of the German data protection authorities for the use of Google Analytics.
Google will use this information on our behalf to analyse the use of our website by users, to compile reports on the activities within this website and to provide us with further services connected with the use of this website and the internet. Pseudonymous user profiles can be created from the processed data.
We use Google Analytics only with IP anonymization enabled. This means that Google will shorten the IP address of users within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the website and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Further information on data use by Google, possible settings and objections can be found on Google's websites: https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when using our partners' websites or apps"), https://policies.google.com/technologies/ads (Data use for advertising purposes), https://adssettings.google.com/authenticated (Manage information that Google uses to show you advertising).
4. Online presence in social media
Within our website and based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of article 6 para. 1 lit. f. GDPR) we use content or services from third parties in order to integrate their content and services, e.g. videos (hereinafter collectively referred to as "content") into our website. This always requires that the third party providers of this content obtain the IP address of the users, as they otherwise would not be able to send the content to the users' browsers. The IP address is therefore required for displaying the content. We do our best to use only those contents whose respective providers use the IP address only for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. "Pixel tags" can be used to evaluate information such as visitor traffic on the pages of the particular website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our website, and may also be linked to such information from other sources.
Our website includes plugins from the social network Facebook, provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA. You can identify the Facebook plugins by the Facebook logo on our page. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When you visit our website, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our website with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the contents of our website on your Facebook profile. This allows Facebook to associate the visit to our website with your user account.
If you do not want Facebook to be able to link your visit of our website with your Facebook account, please log out of your Facebook account and delete your cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
If you do not want YouTube to be able to link your visit to our website with your YouTube account, please log out of your YouTube account.
You can subscribe to a free newsletter on our website. Please see our separate newsletter privacy notice.
6. Contact Form
There is a contact form on our website which can be used for contacting us electronically.
If you send us enquiries using the contact form, your details from the enquiry form, including the contact data you provide there, will be stored for the purpose of processing the enquiry and in the event of follow-up questions. In addition, the date and time of the request is stored. We will not pass on this data without your consent. Your consent is obtained for the processing of the data within the sending process and reference is made to this Privacy Notice. Alternatively, you can contact us via the e-mail addresses provided. In this case, the user's personal data transmitted by e-mail will be stored.
The legal basis for the processing of data is article 6 para. 1 lit. a GDPR if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is article 6 para. 1 lit. f GDPR. If the e-mail contact is intended to conclude a contract, the additional legal basis for processing is article 6 para. 1 lit. b GDPR.
The processing of the personal data from the input mask is used solely within the scope of contacting us. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed within the sending process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is finished when the circumstances indicate that the matter in question has been finally clarified.
The user can withdraw his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case, unless deletion is prohibited by law.
7. Buddemusic inside
Buddemusic inside (https://inside.buddemusic.com) is a service for contracting partners to receive accounting statement and to update contact data. The legal basis for the processing of personal data within the framework of Buddemusic inside is the performance of our services or the execution of a contract or pre-contractual measures pursuant to article 6 para. 1 lit. b GDPR.
In order to ensure that only the contracting partners or a person commissioned by the contracting partner have access to the relevant information, we only set up an account by e-mail. In this case, the requestor's personal data transmitted with the e-mail will be stored.
For the use of Buddemusic inside no additional personal data are required. The information available on Buddemusic inside is personal and confidential. If the login data is passed on to third parties, this person can access the data in the way you can.
You have the possiblity to edit some of your personal data in your user account on Buddemusic inside. We store and use edited personal data in order to be able to give you access to Buddemusic inside and to fulfil our contractual obligations with you.
The personal data will be erased as soon as it is no longer necessary to achieve the purpose of its collection and the erasure is not prevented by any legal retention obligations or other EU regulations, laws or other provisions by the European or national legislator. The collected data will be stored as long as an account with Buddemusic inside exists.