Orchestral Tools - Privacy Policy

Privacy policy

Thanks for your interest in Orchestral Tools. Data protection is a high priority for us.

As the operator of the website at www.https://www.orchestraltools.com/ (also "Website") and the SINE Player, we are the responsible controller for the personal data of the user ("you") of this Website and the SINE Player within the meaning of the applicable data protection law, in particular the General Data Protection Regulation ("GDPR").

As part of our duty to provide information (Art. 13 f. GDPR), we will inform you below about which data is processed when you visit our website and the SINE Player and on what legal basis this is done. You will also receive information about your rights vis-à-vis us and the competent supervisory authority.

1. Information on the controller

OT Distribution GmbH & Co KG
Am Untergrün 6
79232 March
Germany
Email: support@orchestraltools.com 

2. Data Protection Officer

We have appointed a company data protection officer:

Tobias Escher
Am Untergrün 6
79232 March
Germany
dataprotection@orchestraltools.com

3. Informational use of our website

When you access our website merely to visit it, so-called log files are processed by being automatically recorded by our system.

The following log files are processed automatically:

IP address of the requesting computer
Type of Internet browser used
Version of the Internet browser used
Operating system and, for Apple products, its version
Pages accessed
Date and time of the visit
Time zone difference to Greenwich Mean Time (GMT)
Access status/http status code
Amount of data transferred
Success or error of the charging process
USER ID if a customer account exists

The log files contain your IP address and possibly other personal data. It is therefore generally possible to identify you.

However, we only store your data temporarily and, in particular, not together with other personal data. The data will be deleted as soon as you leave the website. The temporary processing and storage of the above-mentioned data is necessary to provide our website and to ensure the security of our information technology systems. These purposes also justify our legitimate interest in processing the data on the legal basis of Art. 6 para. 1 sentence 1 lit. f GDPR.

4. Provision of our website

a. Hosting

Our website is operated on the servers of the provider Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg ("AWS"), with server location in Germany. This means that the data we collect when you visit and use this website is stored by our hosting provider.

The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. f GDPR, as it is in our legitimate interest to use the services of a professional provider for the secure and efficient provision of our website. We have concluded a data processing agreement with Amazon Web Services.

b. Content Delivery Network

We use the Amazon CloudFront content delivery network (CDN) from AWS to increase the security and delivery speed of our website. This is in our legitimate interest (Art. 6 para. 1 lit. f GDPR). A CDN is a network of globally distributed servers that is able to deliver optimized content to the website user. For this purpose, personal data may be processed in server log files by AWS. Please compare the explanations under "Hosting".

The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. f GDPR. It corresponds to our legitimate interest in not operating a content delivery network ourselves and the interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).

Your personal data will be stored by AWS for as long as it is necessary for the purposes described. You can find information on the processing of your personal data here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/data-protection-summary.html

AWS has implemented compliance measures for international data transfers. These apply to all global activities where AWS processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). We have concluded a data processing Agreement with Amazon Web Services. Further information can be found at: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

5. Customer account/registration

You have the option of creating a customer account on our website using your personal data. If you decide to create a customer account, you must provide us with the following information:

Salutation
First and last name
Country
Email address
Password

Your data is used for the purpose of managing your customer account and providing the associated functions, such as processing your customer data and displaying your orders. The legal basis for the storage of your customer account data is Art. 6 para. 1 sentence 1 lit. b and f. GDPR.

We store the data you have provided to us as part of your login/registration as long as you do not delete your customer account with us. If you make changes to your details, the old details will be deleted and only the updated data will be saved. In addition, we only store your data in order to comply with our legal obligations (e.g. tax obligations) (Art. 6 para. 1 sentence 1 lit. c GDPR). In this case, we block your data to the extent that it is only processed for the necessary purposes.

In addition to the data you provide to us, we may also store the time (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data is in our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in order to ensure the security of our systems and to counteract misuse. This additional data will be deleted as soon as it is no longer required, at the latest when the contract with you has been completed.

You can have your voluntary customer account deleted at any time. To do so, please send us an email to support@orchestraltools.com.

6. Orders

When you place an order on our website, we need the following data to fulfill the contract with you:

First name, last name, and billing address to send you your invoice.
Email address to send you the order confirmation and to provide you with contract documents immediately after the order.
Your payment information to process the payment of your order is processed by our payment service provider, Stripe (see section Section 7).

We also process the data required in each case in order to reverse our contract after a revocation or for any other reason or to check claims. We also store your aforementioned data in order to be able to display your order history on our website.

The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. b and f GDPR. The data will be stored for as long as it is necessary to process your order. It is in our legitimate interests to enable you to track your current and previous orders on our website. Beyond this, we only store your data in order to comply with our legal obligations (e.g. tax obligations pursuant to Section 147 AO and Section 257 HGB) (Art. 6 para. 1 sentence 1 lit. c GDPR). In this case, we block your data to the extent that it is only processed for the necessary purposes.

In addition to the aforementioned data, we store the time (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data is in our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in order to ensure the security of our systems and to counteract misuse. This additional data will be deleted as soon as it is no longer required, at the latest when the contract with you has been completed.

7. Payment processing

We use the payment service provider Stripe for billing and payment processing. Stripe is an international financial services provider with various business units. According to the company, Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland ("Stripe") is primarily responsible for customers from the EEA, Switzerland, Great Britain and the Asia-Pacific region; for certain authorized payment services, Stripe Technology Europe, Limited, The One Building, 1, Grand Canal Street Lower, Dublin 2, Ireland (EEA and Switzerland) and Stripe Payments UK, Ltd, 211 Old Street, The Warehouse, Dublin 2, Ireland (EEA and Switzerland) are also responsible, depending on the location. Stripe Payments UK, Ltd, 211 Old Street, The Warehouse, 7th Floor, London EC1V 9NR, United Kingdom (Great Britain). For customers from North, Central and South America, on the other hand, the US parent company Stripe Inc. 354 Oyster Point Boulevard, South San Francisco, California, 94080 is generally responsible.

Due to the implementation of Stripe, cookies are set on our website. You can find information on this in our cookie information and Stripe's cookie policy: https://stripe.com/legal/cookies-policy

According to its own information, Stripe processes the following end customer data in particular in connection with billing and payment processing:

Email address
(Billing and delivery) address
Information on the respective payment method (e.g., credit card details, account information)
Order date
Ordered service
Any other information you enter when paying via Stripe

According to its own information, Stripe uses the collected data primarily for payment processing and the associated services (e.g., issuing and sending invoices, fraud prevention), but also for other purposes if necessary. Stripe transmits the data to various recipients, including recipients who are not based within the EU. Stripe bases this data processing and transfer on various legal bases, which you can find in Stripe's privacy policy (https://stripe.com/privacy) and the further data privacy information in the Stripe Privacy Center (https://stripe.com/privacy-center/legal#stripe-legal-bases-tables).

As a small company, we can only provide billing and payment processing for our international customer base with the help of the automation services of a global financial services provider such as Stripe. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. In this respect, our legitimate interests lie in offering an efficient and secure payment method while at the same time developing international customers and securing payments in international business transactions. In addition, the use of Stripe in our online store is necessary for the display of prices and the shopping cart. In addition, the data processing in connection with the payment of your orders is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the execution of the contracts concluded with you. A contract for commissioned data processing has been concluded with Stripe in accordance with Art. 28 GDPR. You can find the agreement here: https://stripe.com/de/legal/dpa

When using the following payment methods, data is also transmitted to the respective provider of your payment method:

PayPal: If you pay at Stripe with PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg), PayPal will receive your payment data for payment processing and PayPal may carry out a credit check. You can find information on this at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_DE

Credit card: If you pay with your credit card on our website, your credit card provider will receive the information that you have placed an order with us. Your credit card provider may carry out a credit check. You can find more information on this on the respective website of your credit card provider.

8. Contact form or email

You can contact us electronically via the contact form on our website or by email, e.g., to provide us with feedback, to send us inquiries about the services we offer or to ask us general questions. If you use this option, you transmit the following data to us:

Name
Object
Email address
Description of the request

The legal basis for the processing of your data for the purpose of processing your contact is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time. In addition, the legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR. It is our legitimate interest to process your data transmitted to us in order to contact you. The data will be stored until it is no longer required to achieve the purpose of the conversation with you and your contact request has been fully clarified.

If your contact is aimed at concluding a contract with us, the additional legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. b GDPR.

The data will be stored for as long as it is necessary for the performance of the contract or pre-contractual measures or until you withdraw your consent. Beyond this, we only store your data in order to comply with legal obligations (e.g., tax obligations) (Art. 6 para. 1 sentence 1 lit. c GDPR).

In addition to the data you provide to us, we store the time (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data is in our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in order to ensure the security of our systems and to counteract misuse. This data, which we also collect when you contact us, is deleted as soon as it is no longer required, at the latest when your contact request has been fully clarified.

You can inform us at any time that you would like us to delete the data provided during the conversation. In this case, to the extent permitted, all personal data from the conversation will be deleted and it will not be possible to continue the conversation.

Helpscout customer support software

We use the software tool helpscout.net from Help Scout Inc, 131 Tremont Street, 3rd Floor, Boston, MA 02111-1338, USA ("Help Scout") to process our customer inquiries via contact form and email. If you contact us by email or via the contact form, the following personal data will be transmitted to Help Scout:

Your name
Your email address
The subject
The category
The message

The legal basis for the use of Help Scout is Art. 6 para. 1 sentence 1 lit. f GDPR. It is in our legitimate interest to integrate a professional contact form on our website and to handle our customer service professionally in Help Scout.

Help Scout relies on standard contractual clauses for third country transfers. Furthermore, we have concluded a data processing agreement with Help Scout. You can find Help Scout's privacy policy here https://www.helpscout.com/company/legal/privacy/ and the data processing agreement here https://www.helpscout.com/company/legal/dpa/

9. Contact us by phone or post

You have the option of contacting us by telephone or post. Your personal data transmitted in this way will be stored by us. The data is processed exclusively in order to process your contact appropriately, whereby this corresponds to our legitimate interest. The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. f GDPR. The data will be stored until it is no longer required to achieve the purpose of the conversation with you and your contact request has been fully clarified.

If your contact is aimed at concluding a contract with us, the additional legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. b GDPR. This data is stored for as long as it is required for the performance of the contract or pre-contractual measures. In addition, we only store your data in order to comply with legal obligations (e.g. tax obligations) (Art. 6 para. 1 sentence 1 lit. c GDPR).

10. Newsletter

On our website, we offer you the opportunity to subscribe to our newsletter free of charge. In addition to your declaration of consent, we only need your email address.

The legal basis for sending the newsletter and the associated processing of further voluntary information is Art. 6 para. 1 sentence 1 lit. a GDPR. By sending the newsletter registration, you consent to the processing of your data by us.

As part of your newsletter registration, we also store the date and time of the transmission of your data to us, as well as your IP address. The processing of this data corresponds to our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in order to ensure the security of our systems and to counteract misuse.

Your data will be processed exclusively in connection with the sending of newsletters. The purpose of processing your email address is to enable us to send you the newsletter. Other data during the registration process is used either to address you personally or to ensure the security of our services and prevent misuse of the email address used.

Your data will only be stored for as long as is necessary to achieve the purpose. Your email address will therefore be stored for the duration of your active newsletter subscription if you have given your consent. The data that we also collect automatically during your registration (IP address, date and time) will be deleted at the latest when you cancel your newsletter subscription. Data stored by us for other purposes remains unaffected by this.

Newsletter service provider

To send the newsletter, we use the email dispatch tool of CleverReach GmbH & Co KG, Schafjückenweg 2, 26180 Rastede, Germany ("CleverReach"). This means that the aforementioned information (email address, date and time of your newsletter registration and newsletter confirmation, IP address, other information that you voluntarily provide to us) is stored on Cleverreach's servers. Cleverreach's servers are located exclusively in the EU.

The processing of your data by CleverReach is based on an data processing agreement in accordance with Art. 28 GDPR, which we have concluded with CleverReach.

Newsletter tracking:

Due to a tracking pixel implemented in our newsletter, we can track whether the newsletter has been opened. We can also track whether links contained in the newsletter have been clicked on. This is done by briefly redirecting the recipient via the server of our newsletter service provider after clicking on a link and then forwarding them to the destination address. The IP address, browser, date and time of retrieval and opening of the newsletter and the click behavior on links contained in the newsletter are recorded and statistically evaluated. This function is helpful for us to understand whether our newsletter is opened and which topics are of particular interest.

Your user behaviour will only be evaluated if you have consented to the newsletter being sent and the associated personalized data evaluation. By creating a personal user profile, we would like to tailor our advertising to your interests and optimize our offers on our website for you. The legal basis for data processing is your consent in accordance with Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act TTDSG and Art. 6 (1) sentence 1 lit. a GDPR.

We receive aggregated statistics that our service provider (see below) creates automatically. As a rule, we therefore only have an overview of the percentage of recipients who have opened the newsletter or which content was particularly well received.

RIGHT TO WITHDRAW / Unsubscribe from newsletter

You can unsubscribe or withdraw the consent to receive our newsletter at any time. Unfortunately, it is not possible to withdraw your consent to newsletter tracking separately. If you wish to object to newsletter tracking, you must therefore also unsubscribe from the newsletter. You will find the link to do this at the end of each newsletter. By doing so, you withdraw your consent with effect for the future or object to any further use of your data for the purpose of sending the newsletter and tracking. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

11. Links to our profile pages in the social networks

On our website, we use small icons and possibly other links that refer to our website on the third-party platforms (social networks) listed below. These are hyperlinks, so no data is automatically transmitted by you, but only when you click on the icons or the corresponding link and a new window opens in your browser with the website of the third-party provider.

a. Facebook page (formerly "Facebook Fanpage")

We operate a so-called Facebook page on the social media platform Facebook (Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4 Ireland ("Meta")), which we link to on our website via the Facebook icon. As long as you do not click on the link, Meta will not receive any data from you. If you click on the link, for example to view our company profile on Facebook or to "like" our Facebook page, Meta will receive data from you (which data Meta receives also depends on whether you are logged in to Meta with your user profile while clicking on the page or not). Meta also uses so-called cookies, which are stored on your device when you visit our Facebook page even if you do not have your own Facebook profile or are not logged into it during your visit to our Facebook page. These cookies allow Meta to create user profiles based on your preferences and interests and to show you customized advertising (inside and outside Facebook). Cookies remain on your device until you delete them. You can find more information about the cookies used on Facebook at https://www.facebook.com/policies/cookies/

According to its own information, Meta uses this data for a wide variety of purposes and transmits it worldwide, both internally to other Meta companies and to a wide variety of external partners. Meta bases this data processing on various legal bases, details of which can be found in Meta's Data Policy. The data policy can be found at the following link: https://www.facebook.com/policy.php

While Meta uses this data under its own responsibility for various purposes, we can only see aggregated data on our company Facebook page, i.e. statistics (e.g. user growth, user demographics, use of individual functionalities), which no longer have any personal reference. This data, which is called "page insights", is created using so-called "events" logged by Meta. An "event" can be, for example, the fact that someone has marked a certain post with a "Like". As the website operator, we do not have access to the personal data that is processed in the context of events, but only to the summarized page insights. Events that are used to create Page Insights do not store any IP addresses, cookie IDs or any other identifiers that are assigned to people or their devices, apart from a Facebook user ID for people logged in to Facebook. You can find more information about Page Insights at the following link: https://www.facebook.com/legal/terms/information_about_page_insights_data

In accordance with the provisions of the GDPR, we are jointly responsible with Meta for data processing on our Facebook page (Art. 26 GDPR). Accordingly, we have concluded an agreement with Meta provided by Meta in which this joint responsibility is regulated. You can find the agreement at the following link https://www.facebook.com/legal/terms/page_controller_addendum

This means that Meta is primarily responsible for the aggregated Insight Data. In addition, Meta will comply with all obligations under the GDPR with regard to the processing of Insight Data (including Art. 12, 13 GDPR, Art. 15-21 GDPR and Art. 32-34 GDPR). If you send us a request regarding our Facebook page, we will inform Meta promptly. Meta will respond to the request in accordance with our agreement.

Our legitimate interests in the processing of personal data lie in the use and linking of different communication channels, marketing via high-reach social media platforms and the analysis and evaluation of the success of our communication and marketing efforts. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. If you consent to data processing (in particular to the setting of cookies), the processing is also carried out on the basis of Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (TTDSG) or Art. 6 (1) sentence 1 lit. a GDPR. You can withdraw your consent in accordance with the aforementioned legal bases at any time.

If you use our Facebook page to contact us (e.g., by creating your own posts, responding to one of our posts or sending us private messages), we process the data you provide exclusively to process your contact. The legal basis for the processing of your personal data is therefore Art. 6 para. 1 sentence 1 lit. f GDPR. It is our legitimate interest to process your data transmitted to us in order to contact you. The data will be stored until it is no longer required to achieve the purpose of the conversation with you and your contact request has been fully clarified. You can inform us at any time that we should delete the data provided in the course of the conversation. In this case, to the extent permitted, all personal data from the conversation will be deleted and it will not be possible to continue the conversation.

Note on data transfers to the USA:

However, Meta Platforms Ireland Limited is a subsidiary of the US group Meta, which means that your personal data may also be transferred to Meta's US group companies (Meta Platforms, Inc.) and Meta servers located in the USA. The USA is a third country within the meaning of the GDPR, for which an adequacy decision of the EU Commission (the so-called "EU-US Data Privacy Framework" or "EU-US DPF") exists. Meta Platforms Inc. is certified as a US company under the EU-US DPF, see https://www.dataprivacyframework.gov/list.

b. website on Instagram

We operate a company profile on the social media portal Instagram. The operator of Instagram is Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4 Ireland, whereby the platforms Facebook and Instagram share the technical infrastructure according to Meta's own information. In the following, the term "Instagram" is used for the social media portal and the term "Meta" for the operator of this portal.

On our website, we link to our company profile on Instagram using the Instagram icon. As long as you do not click on the link, Meta will not receive any data from you. If you click on the link, for example to view or subscribe to our company profile on Instagram, Meta will receive data from you (which data Meta receives also depends on whether you are logged in to Instagram with your user profile while clicking on the page or not). In addition, Meta uses so-called cookies, which are stored on your device when you visit our corporate website even if you do not have your own Instagram profile or are not logged into it during your visit to our corporate website. These cookies allow Meta to create user profiles based on your preferences and interests and to show you customized advertising (inside and outside Instagram). Cookies remain on your device until you delete them. You can find more information about the cookies used by Meta at https://privacycenter.instagram.com/policies/cookies/

According to its own information, Meta uses this data for a wide variety of purposes and transmits it worldwide, both internally to other Meta companies and to various external partners. Meta bases this data processing on various legal bases, which you can find in detail in Instagram's privacy policy and Facebook's data policy. Instagram's privacy policy can be found at the following link: https://privacycenter.instagram.com/policy

While Meta uses this data under its own responsibility for various purposes, we can only see aggregated data on our company website, i.e. statistics (e.g. user growth, user demographics, use of individual functionalities), which no longer have any personal reference. These are called "Instagram Insights". You can find more information about Instagram Insights on the corresponding information page of Meta, which refers to all Meta products (and thus also to Instagram). You can access this information page at the following link: https://www.facebook.com/legal/terms/information_about_page_insights_data

In accordance with the provisions of the GDPR, we are jointly responsible with Meta for data processing on our Instagram company profile (Art. 26 GDPR). Accordingly, we have concluded an agreement with Meta provided by Meta in which this joint responsibility is regulated. You can find the agreement in German at the following link https://www.facebook.com/legal/terms/page_controller_addendum

This means that Meta is primarily responsible for the aggregated Insight Data. In addition, Meta will comply with all obligations under the GDPR with regard to the processing of Insight Data (including Art. 12, 13 GDPR, Art. 15-21 GDPR and Art. 32-34 GDPR). If you send us a request regarding our Instagram company profile, we will inform Meta promptly. Meta will respond to the request in accordance with our agreement.

Our legitimate interests in the processing of personal data lie in the use and linking of different communication channels, marketing via high-reach social media platforms and the analysis and evaluation of the success of our communication and marketing efforts. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. If you consent to data processing (in particular to the setting of cookies), the processing is also carried out on the basis of Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (TTDSG) or Art. 6 (1) sentence 1 lit. a GDPR. You can revoke your consent in accordance with the aforementioned legal bases at any time in the privacy settings on our website under "Manage consent".

If you use our Instagram page to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), we process the data you provide exclusively to process your contact. The legal basis for the processing of your personal data is therefore Art. 6 para. 1 sentence 1 lit. f GDPR. It is our legitimate interest to process your data transmitted to us in order to contact you. The data will be stored until it is no longer required to achieve the purpose of the conversation with you and your contact request has been fully clarified. You can inform us at any time that we should delete the data provided in the course of the conversation. In this case, to the extent permitted, all personal data from the conversation will be deleted and it will not be possible to continue the conversation.

Note on data transfers to the USA:

c. website on LinkedIn

We operate a website on the social media portal LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn")), which we link to on our website via the LinkedIn icon.

As long as you do not click on the link, LinkedIn will not receive any data from you. If you click on the link, for example to view our website on LinkedIn, LinkedIn will receive data from you (which data LinkedIn receives also depends on whether you are logged in to LinkedIn with your user profile while you click on the page or not). LinkedIn also uses so-called cookies, which are stored on your device when you visit our company website, even if you do not have your own LinkedIn profile or are not logged into it during your visit to our corporate website. These cookies allow LinkedIn to provide its own services, determine the performance of the services and display relevant ads (including job ads) inside and outside LinkedIn. Cookies remain on your device until you delete them. You can find more information about the cookies used by LinkedIn at

According to its own information, LinkedIn uses this data for a wide variety of purposes and transmits it to a wide variety of recipients, including recipients who are not based in the EU. LinkedIn bases this data processing on various legal bases, which you can find in LinkedIn's privacy policy. The privacy policy can be found at the following link https://linkedin.com/legal/privacy-policy

While LinkedIn uses this data under its own responsibility for various purposes, we can only see aggregated data on our LinkedIn website, i.e., statistics that no longer have any personal reference. These are called "page analytics". You can find more information on "Page Analytics" on the corresponding LinkedIn information page at https://www.linkedin.com/help/linkedin/answer/a547077/linkedin-page-analytics-overview?lang=en

In addition, if you decide to become a follower when you visit our LinkedIn website, we will also receive your name and your position in the company according to the information in your LinkedIn user profile, as well as the date on which you became our follower. https://www.linkedin.com/help/linkedin/answer/4499/linkedin-page-analytics-overview?lang=en In accordance with the provisions of the GDPR, we are jointly responsible with LinkedIn for data processing on our LinkedIn website (Art. 26 GDPR). Accordingly, we have concluded an agreement with LinkedIn provided by LinkedIn in which this joint responsibility is regulated. You can find the agreement at the following link https://legal.linkedin.com/pages-joint-controller-addendum

This means that LinkedIn is primarily responsible for the aggregated Insight data. In addition, LinkedIn will fulfill all obligations under the GDPR with regard to the processing of Insight data (including Art. 12 -22 GDPR and Art. 32-34 GDPR). If you send us a request regarding our LinkedIn website, we will inform LinkedIn promptly. LinkedIn will respond to the request in accordance with our agreement.

Our legitimate interests in the processing of personal data lie in the use and linking of different communication channels, marketing via high-reach social media platforms and the analysis and evaluation of the success of our communication and marketing efforts. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. If you consent to data processing (in particular to the setting of cookies), the processing is also carried out on the basis of Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (TTDSG) or Art. 6 (1) sentence 1 lit. a GDPR. You can revoke your consent in accordance with the aforementioned legal bases at any time.

If you use our LinkedIn profile to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), we will only process the data you provide in order to process your contact. The legal basis for the processing of your personal data is therefore Art. 6 para. 1 sentence 1 lit. f GDPR. It is our legitimate interest to process your data transmitted to us in order to contact you. The data will be stored until it is no longer required to achieve the purpose of the conversation with you and your contact request has been fully clarified. You can inform us at any time (see section 1 above) that we should delete the data provided in the course of the conversation. In this case, to the extent permitted, all personal data from the conversation will be deleted and it will not be possible to continue the conversation.

Note on data transfers to the USA:

LinkedIn Ireland Unlimited Company processes data inside and outside the USA, so your personal data may also be transferred to US LinkedIn group companies (LinkedIN Corp.) and LinkedIn servers located in the USA. The USA is a third country within the meaning of the GDPR, for which an adequacy decision of the EU Commission (the so-called "EU-US Data Privacy Framework" or "EU-US DPF") exists. LinkedIN Corp is certified as a US company under the EU-US DPF, see https://www.dataprivacyframework.gov/list. LinkedIn also relies on so-called standard contractual clauses. Further information can be found here: https://www.linkedin.com/help/linkedin/answer/a1343190/

d. website on YouTube

We operate a company profile on the video sharing platform YouTube. The operator of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In the following, the term "YouTube" is used for the video sharing platform and the term "Google" for the operator of the platform.

On our website, we link to our company profile on YouTube using the YouTube icon. As long as you do not click on the link, Google will not receive any data from you. If you click on the link, for example to view or subscribe to our company profile on YouTube, Google will receive data from you (which data Google receives also depends on whether you are logged in to YouTube with your user profile while you click on the page or not). Google also uses so-called cookies, which are stored on your device when you visit our company profile, even if you do not have your own YouTube profile or are not logged into it during your visit to our company profile. These cookies allow Google, among other things, to collect and analyse data on target group interactions and website statistics (inside and outside YouTube). Cookies remain on your device until you delete them. You can find more information about the cookies used by Google at https://policies.google.com/technologies/cookies?hl=en&utm_source=ucb

According to its own information, Google uses this data for a wide variety of purposes and transmits it worldwide, both internally to affiliated companies and to companies, organizations or persons outside Google. Google bases this data processing on various legal bases, which you can find in detail in Google's privacy policy. You can find Google's privacy policy at the following link: https://policies.google.com/privacy?hl=en

While Google uses this data under its own responsibility for various purposes, we can only see aggregated data on our company website, i.e., statistics (e.g., playbacks, playback times and types of access sources), which no longer have any personal reference. This performance data is analyzed using the "YouTube Analytics" tool. You can find more information about the performance data on the corresponding information page of Google under the following link: https://support.google.com/youtube/answer/9002587?hl=en&sjid=407169541051816916-EU

Our legitimate interests in the processing of personal data lie in the use and linking of different communication channels, marketing via high-reach social media platforms and the analysis and evaluation of the success of our communication and marketing efforts. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. If you consent to data processing (in particular to the setting of cookies), the processing is also carried out on the basis of Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (TTDSG) or Art. 6 (1) sentence 1 lit. a GDPR.

If you use our YouTube profile to contact us (e.g., by creating your own posts, responding to one of our posts, or sending us private messages), we will only process the data you provide in order to process your contact. The legal basis for the processing of your personal data is therefore Art. 6 para. 1 sentence 1 lit. f GDPR. It is our legitimate interest to process your data transmitted to us in order to contact you. The data will be stored until it is no longer required to achieve the purpose of the conversation with you and your contact request has been fully clarified. You can inform us at any time that we should delete the data provided in the course of the conversation. In this case, to the extent permitted, all personal data from the conversation will be deleted and it will not be possible to continue the conversation.

Note on data transfers to the USA:

However, Google Ireland Ltd. is a subsidiary of the US group Google, which means that your personal data may also be transferred to US Google group companies (in particular Google LLC) and Google servers located in the USA. The USA is a third country within the meaning of the GDPR for which the EU Commission has issued an adequacy decision (the so-called "EU-US Data Privacy Framework" or "EU-US DPF"). Google LLC is certified as a US company under the EU-US DPF, see https://www.dataprivacyframework.gov/list.

e. Soundcloud

We operate a profile page on the Soundcloud platform (SoundCloud Global Limited & Co. KG Rheinsberger Str. 76/77, 10115 Berlin, Germany ("Soundcloud")), which we link to on our website via the Soundcloud icon. As long as you do not click on the link, Soundcloud will not receive any data from you. If you click on the link to view our performance on Soundcloud, Soundcloud will receive data from you (which data Soundcloud receives also depends on whether you are logged in to Soundcloud with your user profile while clicking on the page or not). In addition, Soundcloud uses so-called cookies, which are stored on your device when you visit our Soundcloud page even if you do not have your own Soundcloud profile or are not logged into it during your visit to our Soundcloud page. Cookies remain on your device until you delete them. You can find more information about the cookies used on Soundcloud at https://soundcloud.com/pages/cookies

According to its own information, Soundcloud uses this data for a wide variety of purposes and transmits it worldwide, both internally to other companies in the Soundcloud Group and to various external partners. Soundcloud bases this data processing on various legal bases, which you can find in detail in Soundcloud's data policy. The data policy can be found at the following link: https://soundcloud.com/pages/privacy

While Soundcloud uses this data under its own responsibility for various purposes, we can view various statistical data (such as plays, "likes", reposts of tracks, comments and shares) on our Soundcloud profile on the jointly responsible Soundcloud Fan Insights service. Further information on the processing of this usage data can be found at https://soundcloud.com/pages/fan-insights and in the privacy policy https://soundcloud.com/pages/privacy

In accordance with the provisions of the GDPR, we are jointly responsible with Soundcloud for data processing on our Soundcloud profile (Art. 26 GDPR). Accordingly, we have concluded an agreement with Soundcloud provided by Soundcloud in which this joint responsibility is regulated. You can find the agreement in German at the following link https://soundcloud.com/pages/fan-insights-joint-controller-addendum

This means that Soundcloud is primarily responsible for the Fan Insight data. In addition, Soundcloud will comply with all obligations under the GDPR with regard to the processing of Insight data (including Art. 12, 13 GDPR, Art. 15-22 GDPR and Art. 32-34 GDPR). If you send us a request regarding our Soundcloud page, we will inform Soundcloud promptly. Soundcloud will respond to the request in accordance with our agreement.

Our legitimate interests in the processing of personal data lie in the use and linking of various communication channels, marketing via high-reach social media platforms and the analysis and evaluation of the success of our communication and marketing efforts. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. If you consent to data processing (in particular to the setting of cookies), the processing is also carried out on the basis of Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (TTDSG) or Art. 6 (1) sentence 1 lit. a GDPR. You can withdraw your consent in accordance with the aforementioned legal bases at any time.

If you use our Soundcloud page to contact us (e.g., by creating your own posts, responding to one of our posts, or sending us private messages), we process the data you provide exclusively to process your contact. The legal basis for the processing of your personal data is therefore Art. 6 para. 1 sentence 1 lit. f GDPR. It is our legitimate interest to process your data transmitted to us in order to contact you. The data will be stored until it is no longer required to achieve the purpose of the conversation with you and your contact request has been fully clarified. You can inform us at any time that we should delete the data provided in the course of the conversation. In this case, to the extent permitted, all personal data from the conversation will be deleted and it will not be possible to continue the conversation.

Reference to international data transfers:

According to its own information, Soundcloud is a globally active company, which means that data may be transferred outside the European Economic Area. Soundcloud relies on so-called standard contractual clauses or other legal mechanisms. Further information on this can be found in Soundcloud's privacy policy: https://soundcloud.com/pages/privacy

12. Integration of third-party services 

a. Integration of YouTube videos on our website

We integrate videos from YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for the purpose of making our website appealing. In the following, the term "YouTube" is used for the video portal, the term "Google" for the operator of this portal.

When integrating YouTube videos, we use the extended data protection mode, in which, according to the provider, information about you is only shared with Google if you activate the video by clicking on the play button of the video.

If you activate the video, Google may use cookies to collect information for analysis and advertising purposes and to improve user-friendliness. According to Google, the data is processed pseudonymously. However, especially if you are logged into your Google or YouTube account, the data may be linked directly to these accounts.

According to its own information, Google uses this data for a wide variety of purposes and transmits it to a wide variety of recipients, including recipients who are not based within the EU. Google bases this data processing on various legal bases. You can find an overview of this in Google's privacy policy, which you can access at the following link: https://policies.google.com/privacy?hl=en

In addition, so-called Google Fonts (fonts provided by Google) may be loaded when the video is played.

We have embedded YouTube videos on our website in such a way that they are only loaded once you have given your consent. The legal basis for the integration of the YouTube service on our website and the associated processing of your data is therefore your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

If YouTube sets cookies when you actively click on and play a YouTube video on our site, we process your data on the basis of your consent (Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (TDDDG) or Art. 6 (1) sentence 1 lit. a GDPR). You can revoke your consent in accordance with the aforementioned legal bases at any time in the privacy settings on our website under "Manage consent". You can find information on YouTube cookies at https://policies.google.com/technologies/cookies?hl=en

Note on data transfers to the USA:

Facebook pixels are used exclusively on the basis of your consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future. You can find more information on how to revoke your consent in this data protection declaration under the “Cookies” section.

You can also opt out of the use of cookies, which serve to measure reach and for advertising purposes, via the deactivation page of the network advertising initiative
http://optout.networkadvertising.org/
and additionally via the US website
http://www.aboutads.info/choices
or the European website object.

If personal data is transmitted to the USA when using Facebook Pixel, further protective mechanisms are required to ensure the data protection level of the GDPR. In order to guarantee this, we have agreed standard data protection clauses with the provider in accordance with Article 46 (2) (c) GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be ensured even with this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.

13. Use of tracking technologies

a. Meta pixels and use of other Meta technologies

On our website, we use the analytics tool Meta Pixel (formerly "Facebook Pixel") from Meta Platforms Inc. or Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland ("Meta"). The Meta Pixel works with a JavaScript code snippet that is executed when someone opens a page or performs a certain action. We use it to analyze the effectiveness of our advertising. We cannot identify individual users via our Facebook Business profile or address them specifically with advertising, but only user groups.

We use the Meta Pixel in such a way that the sending of pixel actions to Meta is interrupted until the cookie consent has been given. The legal basis for the setting of these cookies and the subsequent further processing of your personal data is your consent (Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (TTDSG), Art. 6 (1) sentence 1 lit. a GDPR). You can revoke your consent at any time via the data protection settings on our website under "Manage consent".

The meta pixel can record the following data:

HTTP header - all information that is usually contained in HTTP headers, e.g., IP addresses, information about the web browser, the location of the page, the document, the referrer, and the person using the website.
Pixel-specific data - including the pixel ID and the Facebook cookie.
Click data for buttons - all buttons that visitors to the website have clicked on, the labels of these buttons and all pages that were accessed as a result of these button clicks.
Optional values - we can optionally set custom data events to send additional information about the visit. Examples of custom data events include conversion value and page type.
Form field names - Including website field names such as "email", "address", "quantity", for the purchase of a product or service.

With the Meta Pixel, we want to ensure that visitors to our website who fulfill certain characteristics (interest in certain products, gender, certain age, live in a certain city, etc.) are shown advertisements on Facebook. Meta calls the grouping of users based on certain characteristics "Custom Audiences". The advertising on Facebook should be shown to potentially interested parties and not to those who are unlikely to be interested in our product. Our Custom Audience therefore consists of the "Website Custom Audiences" function, i.e., the Meta Pixel matches visitors to our website with people on Facebook so that we can then create a Facebook ad for this target group. This is called “retargeting."

The pixel also helps to statistically track the effectiveness of advertisements. This is called Meta “conversion.” The Meta Pixel tells us whether people in the target group have visited our website, searched for a specific product on our website, looked at a specific product or product category, whether a purchase has been initiated, whether a purchase has been completed. The Meta Pixel also tells us whether people were directed to our site from a paid search engine result and whether people are interested in special offers. We can only see from the statistics whether or that this has happened - we cannot identify individual people.

In addition, our custom audience may also consist of "engagement custom audiences" (custom audiences by interaction) in relation to user interactions on Instagram or Facebook. "Engagement" means, for example, that a person has clicked on a video on our Facebook page or that the person has followed our Instagram profile or left a comment there. With Engagement Custom Audiences, we can show ads to these people.

While Engagement Custom Audiences are based on actions within the meta technologies, Website Custom Audiences are based on actions that take place on our website and are recorded by the meta pixel. Data is therefore only collected via the Meta Pixel in the latter case.

We also use the "Lookalike Audience" function. This allows us to reach new people who are likely to be interested in our company because they are similar to our existing customers.

In your Facebook profile, you can choose whether you want to receive personalized advertising. You can object to the collection by the Meta Pixel and the use of your data for Facebook Ads (as part of a Custom Audience). If your browser does not accept third-party cookies, the Meta Pixel will not be set.

The Facebook data policy can be found here: https://www.facebook.com/policy.php. Further information from Meta about the Meta Pixel and cookies used can be found here: https://www.facebook.com/business/help/651294705016616and https://www.facebook.com/policies/cookies

We have concluded a data processing agreement with Meta. You can find out more at https://www.facebook.com/legal/technology_terms, https://www.facebook.com/legal/terms/dataprocessing and

Note on data transfers to the USA:

The Meta Pixel is used on the basis of a contract that we have concluded with Meta Platforms Ireland. However, Meta Platforms Ireland is a subsidiary of the US group Meta Platforms Inc., which means that your personal data may also be transferred to US Meta group companies (in particular Meta Platforms Inc.) and Meta servers located in the USA. The USA is a third country within the meaning of the GDPR, for which an adequacy decision of the EU Commission (the so-called "EU-US Data Privacy Framework" or "EU-US DPF") exists. Meta Platforms Inc. is certified as a US company under the EU-US DPF, see https://www.dataprivacyframework.gov/list.

b. Google Analytics 4

The analytics service Google Analytics 4 is implemented on our website, which is offered for users from the European Economic Area, Switzerland and Liechtenstein by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter: "Google Analytics 4"). You can find Google's privacy policy at the following link: https://policies.google.com/privacy?hl=en. You can find information on cookies here: https://policies.google.com/technologies/cookies?hl=en

We have concluded a data processing agreement with Google Ireland Limited in accordance with Art. 28 GDPR.

Google Analytics 4 can record the following information, among others:

Type of internet browser used
Version of the internet browser
The operating system you are using,
Selected language,
Data on the requesting end device,
Referrer (previously visited website),
Your IP address (according to Google, the IP address is only used temporarily to determine a rough location of the requesting end device (city level) and then deleted),
(Rough) location data, i.e. city (including its longitude and latitude), continent, country, region and subcontinent of the requesting end device,
Date and time of the server request,
The duration of the session,
Click and scroll behavior including media playback, internal searches, content sharing,
Webshop interactions, such as product views and orders.

Google Analytics 4 only uses the IP address to derive location data. According to Google, IP addresses are otherwise not logged or stored.

We are only shown statistics via Google Analytics 4, which we use to optimize our website and offers. We have also configured Google Analytics 4 so that Google is not allowed to use the data for its own analysis of online trends or to improve its own products and services.

Before we use Google Analytics 4 to analyse your website visit, we obtain your consent to the processing of your personal data (Art. 6 para. 1 sentence 1 lit. a GDPR) and to the setting of the necessary cookies (§ 25 (1) of the German Telecommunications-Telemedia Data Protection Act (TDDDG)). Further information on the cookies used can be found in our cookie information.

The legal basis for the processing of your personal data and the setting of cookies in the context of Google Analytics 4 is therefore your consent in accordance with Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (TDDDG) and Art. 6 (1) sentence 1 lit. a GDPR. You can revoke your consent at any time via the data protection settings on our website under "Manage consent". You can also prevent the collection of your personal data by Google Analytics 4 and the processing of this data by Google by downloading and installing the browser add-on available at the following link (https://tools.google.com/dlpage/gaoptout?hl=de) to deactivate Google Analytics. You can also make data protection settings for Google under the following link: https://safety.google/privacy/privacy-controls/

Finally, you can also prevent the storage of Google cookies yourself by making the appropriate settings in your browser settings.

Note on data transfers to the USA:

The use of Google Analytics 4 is based on a contract that we have concluded with Google Ireland Ltd. However, Google Ireland Ltd. is a subsidiary of the US Google Group, which means that your personal data may also be transferred to US Google Group companies (in particular Google LLC) and Google servers located in the USA. The USA is a third country within the meaning of the GDPR for which the EU Commission has issued an adequacy decision (the so-called "EU-US Data Privacy Framework" or "EU-US DPF"). Google LLC is certified as a US company under the EU-US DPF, see https://www.dataprivacyframework.gov/list.

c. Google Tag Manager

We use the Google Tag Manager tag management system on our website (hereinafter: "Google Tag Manager"), which is offered for users from the European Economic Area, Switzerland and Liechtenstein by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. You can find Google's privacy policy at the following link: https://policies.google.com/privacy?hl=en. You can find information on cookies here: https://policies.google.com/technologies/cookies?hl=en

We have concluded a data processing agreement with Google in accordance with Art. 28 GDPR.

Google Tag Manager is a tag management platform that allows us to load additional tools using a so-called “tag.” According to Google, in order to monitor the stability, performance and installation quality of the system and to obtain data for diagnosis, Google Tag Manager can be used to collect certain aggregated data for tag triggering. According to Google's own information at https://support.google.com/tagmanager/answer/9323295, this data does not contain any IP addresses or measurement IDs that are linked to a specific person. With the exception of the data in standard HTTP request logs, which are all deleted within 14 days of receipt, and the diagnostic data described above, Google Tag Manager does not collect, store or share any information about visitors to our website. This also applies to the URLs of visited pages.

If the tools loaded by Google Tag Manager collect data for their part, Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

Legal basis: Google Tag Manager is used to serve cookies, but only processes technical information and therefore does not require consent under the TDDDG. The legal basis for the use of Google Tag Manager is therefore Art. 6 para. 1 lit. f. GDPR. Our legitimate interest lies in the uniform and proper integration of cookies across different end devices.

Note on data transfers to the USA:

The use of Google Tag Manager is based on a contract that we have concluded with Google Ireland Ltd. However, Google Ireland Ltd. is a subsidiary of the US Google Group, which means that your personal data may also be transferred to US Google Group companies (in particular Google LLC) and Google servers located in the USA. The USA is a third country within the meaning of the GDPR for which the EU Commission has issued an adequacy decision (the so-called "EU-US Data Privacy Framework" or "EU-US DPF"). Google LLC is certified as a US company under the EU-US DPF, see https://www.dataprivacyframework.gov/list.

d. Google Ads

We use the Google Ads conversion tracking tool on our website (hereinafter: "Google Ads"), which is offered for users from the European Economic Area, Switzerland and Liechtenstein by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. You can find Google's privacy policy at the following link: https://policies.google.com/privacy?hl=de. You can find information on cookies here: https://policies.google.com/technologies/cookies?hl=en

By using the "Conversion Tracking" analysis service as part of our advertising measures, we receive information about the effectiveness of our advertising campaigns. This is done by evaluating visitor actions.

If you interact with an advertisement placed via Google and thus reach our website, for example by clicking on an advertisement or watching a video advertisement, a cookie is stored on your end device. This cookie is generated specifically for our website by Google.

Both Google and we can assign whether you have interacted with an advertisement and thus reached our website during the storage period of the cookie on your end device when you visit our site.

The purpose of the cookie is to measure the interaction of visitors with advertisements and to avoid frequent repetition of the same advertisement. We only receive statistical evaluations from Google regarding the effectiveness of our advertising measures. We also obtain your consent before setting cookies (legal basis § 25 para. 1 of the German Telecommunications-Telemedia Data Protection Act (TTDSG) and Art. 6 para. 1 lit. a GDPR). You can revoke your consent in accordance with the aforementioned legal bases at any time in the privacy settings on our website under "Manage consent".

You can prevent the storage of cookies directly in your browser settings. However, we would like to point out that you may not be able to make full use of the functions of our website. You also have the option of making data protection settings under the following link: https://safety.google/privacy/privacy-controls/

Note on data transfers to the USA:

The use of Google Ads is based on a contract that we have concluded with Google Ireland Ltd. However, Google Ireland Ltd. is a subsidiary of the US Google Group, which means that your personal data may also be transferred to US Google Group companies (in particular Google LLC) and Google servers located in the USA. The USA is a third country within the meaning of the GDPR for which the EU Commission has issued an adequacy decision (the so-called "EU-US Data Privacy Framework" or "EU-US DPF"). Google LLC is certified as a US company under the EU-US DPF, see https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

e. Hotjar

We use the analysis service Hotjar, of Hotjar Limited, Level 2, St Julians Business Centre 3, Elia, Zammit Street, St Julians STJ 1000, Malta, Europe ("Hotjar"), on our website to better understand the needs of our users and to optimize the offer and experience on our website.

Hotjar's technology gives us a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click on, what they like and dislike, etc.) and this helps us to tailor our offering to our users' feedback. Hotjar works with cookies and other technologies to collect data about the behavior of our visitors and their end devices, in particular the IP address of the device (is only recorded and stored in anonymized form during your website use), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for displaying our website. This data is transferred to Hotjar, stored there, analysed and the result is made available to us in anonymized form. Your usage data is not linked to your full IP address. The IP address is only stored in anonymized form.

Hotjar uses cookies to enable the analysis service. You can find information on this in our cookie information below.

We obtain your consent before setting cookies. The legal basis for the setting of cookies is therefore Art. 6 para. 1 sentence 1 lit. a GDPR, § 25 para. 1 of the German Telecommunications-Telemedia Data Protection Act TTDSG. You can revoke your consent in accordance with the aforementioned legal bases at any time in the privacy settings on our website under "Manage consent". You can also withdraw your consent to the use of web analysis at any time by either downloading and installing the Do-not Track header provided at https://www.hotjar.com/policies/do-not-track/.

We have concluded an data processing agreement with Hotjar. You can find more information on this at https://www.hotjar.com/legal/support/dpa/.

Hotjar's privacy policy can be found at the following link: https://www.hotjar.com/legal/policies/privacy/. You can find information on cookies here: https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies

f. Adobe fonts

We use Typekit web fonts from Adobe Fonts for the visual design of our website. Adobe Fonts is a service provided by Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland ("Adobe"), which grants us access to a font library.

To integrate the fonts we use, your browser must establish a connection to an Adobe server in the USA and download the font required for our website. Adobe then receives the information that our website has been accessed from your IP address.

Further information on Adobe Fonts can be found in the Adobe Fonts privacy policy, which you can access here: https://www.adobe.com/de/privacy/policies/adobe-fonts.html

The legal basis for the setting of cookies is Art. 6 para. 1 sentence 1 lit. f GDPR, § 25 para. 2 of the German Telecommunications-Telemedia Data Protection Act (TTDSG). Our legitimate interest in the integration of Adobe Fonts is the uniform presentation of the typeface on our website and shorter loading times.

Note on data transfers to the USA:

The use of Adobe Fonts is based on a contract that we have concluded with Adobe Systems Software Ireland Companies. However, Adobe Systems Software Ireland Companies is a subsidiary of the US group Adobe Inc., which means that your personal data may also be transferred to US Adobe group companies (in particular Adobe Inc.) and Adobe servers located in the USA. The USA is a third country within the meaning of the GDPR, for which an adequacy decision of the EU Commission (the so-called "EU-US Data Privacy Framework" or "EU-US DPF") exists. Adobe Inc. is certified as a US company under the EU-US DPF, see https://www.dataprivacyframework.gov/list

14. Consent management tool Usercentrics

To obtain and document the consent of our visitors to the cookies and services we use, we use the cookie consent tool of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany ("Usercentrics").

The legal basis for the use of Usercentrics is Art. 6 para. 1 sentence 1 lit. c and f GDPR, as the legally secure obtaining of consent is legally required and it is in our legitimate interest to use the services of a professional service provider to manage and document the cookie settings of our visitors.

Information on data processing by Usercentris can be found here: https://usercentrics.com/privacy-policy/

15. Data processing in connection with the Sine Player

When you use our SINE Player, we process your data in accordance with the description of the data processing procedures on the website mentions in sections 1 to 16 of this privacy information.

The following data is also processed when you use the SINE Player:

a. System activation

After using SINE Player for the first time, you must authorize your end device for the use of SINE Player instruments. We store your system ID, the user name of your end device and the date of activation. This data is used to generate a HASH value which we can use to identify your end device beyond doubt. We process this information for the duration of your customer account. The purpose of data processing is to protect our copyright usage rights to the virtual instruments. The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the protection of copyright usage rights.

b. Downloads

When you download our virtual instruments, we process your USER ID, the date, and the name of the respective instrument. Legal basis for data processing Art. 6 para. 1 lit. b.) GDPR. We store this data permanently until the contract is fulfilled and to support customer support.

16. Your rights

If we process your data, you are a "data subject" within the meaning of the GDPR. You have the following rights: right of access, right to rectification, right to restriction of processing, right to erasure, right to information (our notification obligation) and right to data portability. You also have the right to object, the right to withdraw consent and the right to lodge a complaint with the supervisory authority.

Below you will find some details on the individual rights:

a. Right of access

You have the right to request confirmation from us as to whether we are processing your personal data. If we process your personal data, you have the right to obtain information in particular about the processing purposes, categories of personal data, recipients or categories of recipients and, if applicable, the storage period.

b. Right of rectification

You have the right to correct and/or complete the data that we have stored about you if this data is incorrect or incomplete. We will make the correction or completion without delay.

c. Right to restriction of processing

Under certain circumstances, you have the right to request that we restrict the processing of your personal data. An example of this is if you dispute the accuracy of your personal data and we need to verify the accuracy for a certain period of time. Your data will only be processed to a limited extent for the duration of the check. Another example of restriction is if we no longer need your data, but you need it for a legal dispute.

d. Right to erasure

In certain situations, you have the right to request that we delete your personal data immediately. This is the case, for example, if we no longer need your personal data for the purposes for which we collected it or if we have processed your data unlawfully. Another example would be if we process your data on the basis of your consent, you withdraw your consent and we do not process the data on any other legal basis. However, your right to erasure does not always apply. For example, we may process your personal data in order to comply with a legal obligation or because we need it for a legal dispute.

e. Notification obligation

If you have exercised your right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom we have disclosed your personal data of the rectification, erasure or restriction of processing of your data, unless this proves impossible or involves a disproportionate effort.

f. Right to data portability

Under certain conditions, you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format and the right to have this data transmitted to another controller. This is the case if we process the data either on the basis of your consent or on the basis of a contract with you and that we process the data using automated procedures.

You have the right to obtain that we transfer your personal data directly to another controller, insofar as this is technically feasible and the freedoms and rights of other persons are not affected by this.

g. Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6 (1) GDPR. This also applies to profiling based on these provisions.

After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. This also applies to profiling insofar as it is associated with direct advertising. If you object to the processing of your personal data for direct marketing purposes, we will no longer process it for these purposes.

h. Right of withdrawal

In accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent at any time. Withdrawal of consent does not retroactively invalidate the lawfulness of the processing.

i. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. In particular, you may exercise your right to lodge a complaint in the Member State of your place of residence, your place of work or the place of the alleged infringement if you believe that the processing of your personal data infringes the GDPR.

The competent supervisory authority for Baden-Württemberg is the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Lautenschlagerstr. 20, 70173 Stuttgart, phone +49 711 6155410, fax +49 711 61554115, email poststelle@lfdi.bwl.de.

You can find an overview of the respective state data protection officers and their contact details under the following link:

https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

17. Status of this privacy policy

Status: July 25, 2025

Cookie information

We use cookies on our website. Cookies are text files that are sent to your browser by our web server when you visit our website and are stored on your computer for later retrieval. Cookies are then sent to the server of our website with every server request or page view. A cookie can therefore identify your Internet browser when you visit the website again. Some of the functions that we have integrated into our website also use web storage objects. These work in a similar way to cookies, but are temporarily stored in your browser and are generally not transmitted to the server.

There are session cookies, which are deleted when the browser is closed, and there are persistent cookies, which are stored on the hard disk until their preset expiration date is reached or until they are actively removed by you. Web storage objects are divided into local storage objects, which never expire, and session storage objects, which are deleted when the browser is closed.

A distinction is made between first party cookies (only visible from the domain you are currently visiting) and third party cookies (visible across domains and regularly set by third parties).

Cookies and web storage objects are divided into the following categories:

Technically necessary: These are absolutely necessary to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes or store which web pages you have visited. The legal basis for setting technically necessary cookies and web storage objects is Section 25 (2) of the German Telecommunications-Telemedia Data Protection Act TTDSG.

Optional: These are used, for example, for analysis and marketing purposes and to display external content such as videos. Analysis cookies and web storage objects collect information about how you use a website, which pages you visit and, for example, whether errors occur when using the website. Marketing cookies and web storage objects are used to show you customized advertising on the website or offers from third parties and to measure the effectiveness of these offers. These are technologies that are not technically necessary. The legal basis for setting these cookies and web storage objects is therefore your consent in accordance with Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (TTDSG).

Please note the following: You can ensure yourself that no cookies and similar technologies are stored on your computer at all, or that the storage of only certain cookies is permitted. You can select this in your Internet browser settings. You can also view and delete the stored cookies there. If you block all cookies, it is possible that not all functions of our website will be available to you.

a. Right of revocation / removal

As stated at the beginning of this section, you can enable or restrict the transmission of cookies and similar technologies by changing the settings in your internet browser. You can delete cookies and web storage objects that have already been saved by your internet browser at any time. If cookies and web storage objects are restricted or deactivated for our website, it is possible that not all functionalities can be used. You can revoke your consent at any time in the privacy settings on our website under "Manage consent".

b. Information about the cookies and web storage objects on our website:

We use the following technically necessary cookies and web storage objects on our website:

Name	Purpose	Storage duration
__stripe_mid	Fraud prevention and detection	Session
__stripe_sid	Fraud prevention and detection	Session
m	Fraud prevention and detection	Session
session	Login session for Stripe Dashboard	2 months, 29 days
lsession	Login session for Stripe Express Dashboard, for Stripe Express users	7 days
stripe.csrf	Protection against counterfeiting through cross-website requirements, for users of Stripe Dashboard	1 year
cliauth_secret	To confirm authentication for the Stripe CLI	Session
art_token, cbt_token, cct_token, cdt_token, ect_toksvt_token, lc_token, prt_token, act_token	To confirm authentication for account recovery, bank account changes, login challenges, password resets, support requests, adding an email or a new device	Session
NID	Used by reCAPTCHA, an extra security measure that is sometimes used when logging into Stripe	Session
locale	Localization setting for the language used on the website and in the documents	Session
country	Localization settings for the country to customize the availability of the product and features	Session
long	Programming language for the code examples in Stripe documents	Session
has_intentionally_selected_curl	Displays the code examples in Curl in Stripe documents	Session
persisted-tab-#{id}	When the page is updated, it remembers which document tab you are on	Session
disable_cmd_f_override	Deactivates the search shortcut cmd + f / ctrl + f for stripe documents and uses the standard behavior of the browser instead (only searches the current page)	Session
double_cmd_f_uses	Tracks the use of the shortcut cmd + f / ctrl + f in Stripe documents; to improve usability by not showing the user again a function that he has already used	Session
expanded-topics	When page updates are made, remembers which topics are expanded in Stripe documents	Session
checkout-test-session, checkout-live-session	To provide the memory function of Legacy Checkout	Session
_ga, _gat, _gat_UA-12675062-5, _gid	Google Analytics cookies for analysis and to improve services	Session
cid	Stripe analytics "Client ID" to improve services	Session
site_sid, __stripe_id	"Session ID" from Stripe for analyzes and to improve services	2 hours, 30 minutes
__stripe_orig_props	To assess the effectiveness of marketing campaigns	Session
utma, utmb, utmc, utmt, __utmz	Runkit's Google Analytics	10 minutes
_mkto_trk	Tracks page views and the effectiveness of email campaigns	Session
cString	This holds the ControllerID and SettingsID, the language, settings version and services with their consent history	-
ucData	This holds information about the Google Consent Mode	-

To top

We use the following optional cookies and web storage objects on our website objects:

Name	Purpose	Storage duration
messagingplugin#	-	-
fr	-	-
_fbp	-	-
pxcelBcnLcy	This is used to provide advertisements or retargeting	6 months
__gads	Login session for Stripe Express Dashboard, for Stripe Express users	7 days
pm_sess	This is used to make sure that requests come from a user	30 minutes
ANID	This is used to show advertisements on websites outside of Google	1 year, 1 month
_gcl_au	This is used to store and track conversions	2 months, 29 days
FPGCLAW	This cookie is used to track campaign related information on the user	2 months, 29 days
FPGCLGB	This cookie is used to track campaign related information on the user	2 months, 29 days
_gcl_gb	This cookie is used to track campaign related information on the user	2 months, 29 days
gac_gb wpid<>	This cookie is used to track campaign related information on the user	2 months, 29 days
_gcl_aw	This cookie is set when a user arrives at the website via a click on a Google ad	2 months, 29 days
YSC	This is used to store and track interaction	Session
1P_JAR	This is used to collect information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website	30 days
AID	This is used to link activities on other devices the user has previously logged into with a Google account	1 year, 1 month
FPAU	This is used to collect information about the users and their activity on the website through embedded elements with the purpose of analytics and reporting	2 months, 29 days
_ga	Used to distinguish users	2 years
ga	Used to persist session state	2 years
_hjClosedSurveyInvites	Hotjar cookie that is set once a visitor interacts with an External Link Survey invitation modal	1 year
_hjDonePolls	Hotjar cookie that is set once a visitor completes a survey using the On-site Survey widget	1 year
_hjMinimizedPolls	Hotjar cookie that is set once a visitor minimizes an On-site Survey widget	1 year
_hjShownFeedbackMessage	Hotjar cookie that is set when a visitor minimizes or completes Incoming Feedback	1 year
_hjid	Hotjar cookie that is set when the customer first lands on a page with the Hotjar script	1 year
_hjTLDTest	When the Hotjar script executes we try to determine the most generic cookie path we should use	Session
_hjUserAttributesHash	User Attributes sent through the Hotjar Identify API are cached for the duration of the session	Session
_hjCachedUserAttributes	This cookie stores User Attributes which are sent through the Hotjar Identify API	Session
_hjLocalStorageTest	This cookie is used to check if the Hotjar Tracking Script can use local storage	Session
_hjIncludedInPageviewSample	This cookie is set to let Hotjar know whether that visitor is included in the data sampling	30 minutes
_hjIncludedInSessionSample	This cookie is set to let Hotjar know whether that visitor is included in the data sampling	30 minutes
_hjAbsoluteSessionInProgress	This cookie is used to detect the first pageview session of a user	30 minutes
_hjFirstSeen	This is set to identify a new user's first session	Session
hjViewportId	This is set to identify a new user's first session	Session
_hjRecordingEnabled	This is added when a Recording starts and is read when the recording module is initialized	Session
_hjSessionUser {site_id}	This cookie is set when a user first lands on a page with the Hotjar script	1 year
_hjSession{site_id}	This cookie holds the current session data	30 minutes
_hjSessionTooLarge	This cookie causes Hotjar to stop collecting data if a session becomes too large	Session
_hjSessionRejected	If present, this cookie will be set to '1' for the duration of a user's session	Session
_hjSessionResumed	This cookie is set when a session/recording is reconnected to Hotjar servers after a break in connection	Session
__sak	This is used to store information about the visitor's video preferences	-
LAST_RESULT_ENTRY_KEY	This is used to save the user settings when retrieving a Youtube video integrated on other web pages	-
yt-player-bandaid-host, yt-player-bandwidth, yt-player-headers-readable	This is used to determine the optimal video quality based on the visitor's device and network settings	-
yt-remote-cast-installed, yt-remote-connected-devices, yt-remote-device-id, yt-remote-fast-check-period, yt-remote-session-app, yt-remote-session-name	This is used to store the user's video player preferences using embedded YouTube video	-
YEC	This is used to store the user's video player preferences using embedded YouTube video	1 year, 1 month
CONSENT	This is used to detect if the visitor has accepted the marketing category in the cookie banner	2 years
DEVICE_INFO	This is used to track user's interaction with embedded content	5 months, 26 days
remote_sid	This is used for the implementation and functionality of YouTube video content on the website	Session
test_cookie	This is a test for cookie setting permissions in user's browser	1 day
VISITOR_INFO1_LIVE	This is used to measure the users bandwidth to determine whether they get the new or old player interface	6 months
YSC	This is set by the YouTube video service on pages with embedded YouTube videos	Session
PREF	This is used to store information such as your preferred page configuration and playback settings	8 months
pm_sess	This is used to maintain your browsing session	30 minutes
CGIC	This is used to provide search results by auto-completing search queries based on a user's initial input	6 months
UULE	This is used to determine the users geographic location	6 hours
_Secure-YEC	This is used to store the user's video player preferences using embedded YouTube videos	1 year, 1 month

To top

c. Status of this cookie information

July 25, 2025

Privacy policy

1. Information on the controller

2. Data Protection Officer

3. Informational use of our website

4. Provision of our website

5. Customer account/registration

6. Orders

7. Payment processing

8. Contact form or email

9. Contact us by phone or post

10. Newsletter

11. Links to our profile pages in the social networks

a. Facebook page (formerly "Facebook Fanpage")

b. website on Instagram

c. website on LinkedIn

d. website on YouTube

e. Soundcloud

12. Integration of third-party services

13. Use of tracking technologies

a. Meta pixels and use of other Meta technologies

b. Google Analytics 4

c. Google Tag Manager

d. Google Ads

e. Hotjar

f. Adobe fonts

14. Consent management tool Usercentrics

15. Data processing in connection with the Sine Player

16. Your rights

17. Status of this privacy policy

Cookie information

c. Status of this cookie information

${ modal.header }

12. Integration of third-party services 