Imprint

imprint

 

Boris Brejcha
Postfach 11 59
63551 Gelnhausen
Germany
__
Phone: (+49) 171 2611261
E-Mail: contact@fckng-serious.de
VAT number: DE247294017

Data Privacy Policy

This is the data privacy policy for the homepage of www.borisbrejcha.de (“We”). We offer  information regarding music and tour dates and photo, audio and audivisual content (including downloads) and also provide an online merchandising shop for the of electronic music artist Boris Brejcha (via our website (“Website”) (jointly referred to as “Services”). We inform you in this data privacy policy about which personal data we are gathering and processing. We moreover inform you about your rights. The responsibility for protecting and processing personal data is an important concern for us. Your data is secured against unauthorised access, as well as loss, with the aid of various technical and contractual measures. For that purpose, we have implemented the necessary technical and organisational measures. Where any links placed lead to websites of third parties, please note that such companies prepare their own data privacy statements, which then apply to that extent. We only offer our services to people who are at least 16 years old. We therefore do not knowingly gather or process data from individuals under the age of 16 years.

I. Name and address of the Controller

The Controller, within the meaning of the General Data Protection Regulation and other national data privacy laws of the Member States, as well as any other provisions under data protection law, is:

Boris Brejcha, Postfach 11 59, 63551 Gelnhausen, Germany

II. Name and address of the Data Protection Officer

The Controller’s Data Protection Officer is:

RA Andrés Heyn, mailxdata-law.de, Holunderweg 20, 22453 Hamburg

III. General remarks concerning data processing

1. Scope of the processing of personal data

We essentially only gather the personal data that you inform us of when using our services within the scope of your registration and making use of services subject to a payment fee in case of merchandising sale, as the case may be. Personal data is data that contains details about personal or technical circumstances. When you log in and register as a user, we only need you to specify an e-mail address and a password, e.g. in case you register for our newsletter. The password is saved in encrypted form, which never permits any conclusion to be drawn about the actual password. It may be necessary to provide further data, e.g. your full name, address, bank account details, credit card number, etc. It is sometimes also necessary to ask for personal information such as name, address, e-mail address and telephone number for processing of your inquiries or providing technical support. We only pass on personal data to collaborating companies or external service providers (e.g. for payment purposes) if the latter is stipulated by law or legitimate, in particular in order to fulfil the contract, process payment or protect other users, or to fend off any risks to state and public security or prosecute criminal offences. 

Your protection worthy interests are taken into consideration, in line with the statutory data protection provisions. In the event of arrears of payment, we reserve the right to commission a debt collection agency or attorney-at-law with collecting the outstanding debt, and, in this context, pass on the necessary data. We will treat all such data as confidential, taking account of the statutory data protection provisions. Essentially, we do not pass on such information to third parties without your permission unless the latter is admissible in order to implement and execute the contract or process your enquiry or is necessary in order to attend to your case or in accordance with the statutory data protection provisions.

2. Legal basis for the processing of personal data

Should we obtain the data subject’s consent for processing procedures in regard to personal data, Art. 6(1)(a) General Data Protection Regulation (GDPR) serves as a legal basis for the processing of personal data. When processing personal data that is required in order to fulfil a contract, to which the data subject is a contracting party, Art. 6(1)(b) GDPR serves as a legal basis. This also applies to any processing procedures that are necessary in order to implement pre-contractual measures. Should it be necessary to process personal data to fulfil a legal obligation, to which our company is subject, Art. 6(1)(c) GDPR serves as a legal basis. In the event of vital interests of the data subject or another natural person making it necessary to process personal data, Art. 6(1)(d) GDPR serves as a legal basis. Should the processing be necessary in order to protect a legitimate interest on the part of our company or a third party, and should the interests, basic rights and basic freedoms of the data subject not outweigh the first-named interest, Art. 6(1)(f) shall serve as a legal basis for the processing.

3. Purpose of the processing of personal data 

We gather and process personal data to enable you to use our services. That also includes processing it for the purpose of data security, as well as the stability and operational security of our system, and also for invoicing purposes. We process data to assist you when you have any support queries. Data is also processed in order to unveil and prevent misuse of multiple accounts, e.g. for the purposes of fraud. Data processing serves to obtain new customers and make use of advertising that we believe is in line with your interests.

4. Deletion of data and duration of storage

The personal data of the data subject is deleted or blocked once the purpose of storing it no longer exists. It may, moreover, be stored beyond that time if this has been stipulated by the European or national legislative authority in EU ordinances, laws or other regulations to which the Controller is subject. The data may also be blocked or deleted if a storage period stipulated by said standards expires, unless the necessity for further storage of the data for concluding an agreement or fulfilling an agreement exists.

5. Data security

We endeavour to take precautions, to a reasonable extent, to prevent unauthorised access to your personal data, as well as the unauthorised use or falsification of such data and minimise the corresponding risks. Providing personal data, whether it is provided personally, by telephone or over the Internet, is always associated with risks, and no technological system is entirely free of the possibility of being manipulated or sabotaged.

We process the information gathered from you in line with German and European data protection law. All our employees are obliged to data secrecy and complying with the data protection provisions and are briefed in regard to it. In the case of payment transactions, your data is transmitted in encrypted form, using the SSL procedure.

IV. Provision of the services and creation of log files

1. Description and scope of the data processing

Every time you access our website our system automatically gathers data and information from the computer system of the accessing computer. 
In the process, the following data is gathered:

IP address, The URL of the referring website, from which the file was requested, the date and time of access, the browser type and operating system, The page visited by you, the volume of data transmitted, the access status (file transmitted, file not found, etc.), the duration and frequency of use

The data is likewise stored in the log files of our system. This data is not stored together with other personal data of the user. When mobile apps are accessed, the following data and information is gathered:

- IP address
- Date and time of access
- Type of device and operating system
- The volume of data transmitted
- The access status (file transmitted, file not found, etc.)
- The duration and frequency of use

2. Legal basis for the data processing 

The legal basis for the temporary storage of the data and the log files is Art. 6(1)(f) GDPR.

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable the services to be delivered to the user’s PC. For this purpose, the user’s IP address needs to be stored for the duration of the session. The data is stored in log files to ensure the functionality of the services. In addition, the data serves the purpose of optimising the services and ensuring that our IT systems are secure. It also serves to provide customised advertising. These purposes are also the reason for our legitimate and overwhelming interest in processing the data pursuant to Art. 6(1)(f) GDPR.

4. Duration of storage

The data is deleted once it is no longer necessary in order to achieve the purpose for which it was gathered.

In the event of data being stored in log files, this is at the latest the case once 30 days have expired. Storage extending beyond that is possible. In such a case, the user’s IP addresses are deleted or alienated, so that it is no longer possible for them to be allocated to the accessing client.

5. The possibility of objection and deletion

Gathering the data in order to provide the services and store the data in log files is necessary in order to operate the services and fix bugs. There is consequently no possibility for the user to object. 

The legal basis for the processing of the data when a contract is in place is Art. 6(1)(b) GDPR.

V. Contact form and e-mail contact/mailing list

1. Description and scope of the data processing

A contact form and newsletter is available on our website, which can be used for making contact with us electronically. Should a user make use of this option, the data entered into the input mask is transmitted to us and saved. This data includes:

E-mail address
User name
Heading
Question/issue

At the time of the message being sent, the following data is stored in addition:

The user’s IP address
The date and time when the message was sent

Alternatively, it is possible for you to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be saved.

No data is passed on to third parties in this context. The data will exclusively be used for processing the enquiry and for the newsletter.

2. Legal basis for the data processing 

When user consent exists, the legal basis for the processing of the data is Art. 6(1)(a) GDPR.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6(1)(f) GDPR. If the aim of the e-mail contact is the conclusion of a contract, the additional legal basis for the process is Art. 6(1)(b) GDPR.

3. Purpose of the data processing

The processing of the personal data from the input mask only serves the purpose of facilitating communication with you. If contact is made by e-mail, the legitimate interest in the processing of the data that is required is also precisely that. The other personal data processed when submitting the contact form serves the purpose of preventing abuse of the contact form and ensuring the security of our IT systems.

4. Duration of storage

The data is deleted once it is no longer necessary in order to achieve the purpose for which it was gathered. In regard to the personal data from the input mask of the contact form and data which has been transmitted by e-mail, this is the case if the respective conversation with the user has come to an end. The conversation is deemed to have come to an end if it can be inferred from the circumstances that the relevant facts have been conclusively clarified.

The additional personal data gathered when submitting the contact form is deleted at the latest upon expiry of a period of seven days.

5. The possibility of objection and deletion

The user has the opportunity to revoke his or her consent to the processing of the personal data at any time. Should the user take up contact with us, he or she may object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. All personal data that has been stored in the course of taking up contact will, in this case, be deleted.

VI. Cookies and similar devices

1. Description and scope of the data processing

Cookies

We deploy so-called “cookies”, i.e. text files or pixels that are stored on the user’s terminal. These are technologies with the aid of which certain user-specific settings and technical information with which the user can be identified can be gathered. We deploy cookies in order to design our services in a more user-friendly manner. Some elements of our services require it to be possible to identify the user. We may moreover use cookies that make it possible to analyse user behaviour. We also may use cookies to display advertising. The use of cookies is usual, and common practice on many websites. Cookies are stored on the user’s terminal. 

We use Cookies which are necessary for the functionality of the Online Shop. Necessary cookies. These cookies are necessary in order to use the services. Without these necessary cookies it may be the case that we may not able to provide you with certain services or features, or that the services are not displayed properly.

Functional cookies. Functional cookies make it possible for us to recognise your previous settings again, and provide you with extended and better adapted features, e.g. personal adjustment of the services or recognising whether we have enquired with you about certain things or whether you have enquired about any other services. All these features help us to improve the services for you.

Permanent cookies are cookies of the sort that can be found on your terminal for an extended period of time. Session cookies, in turn, are stored on your terminal temporarily and are deleted once the services have been closed.

a) GOOGLE ANALYTICS

We may deploy necessary cookies and cookies for website analysis purposes, which is Googles Analytics in particular.

Analytics Provider Opt-Outs: To disable analytics Cookies you can use the browser controls discussed above or, for some of our providers, you can use their individual opt-out mechanisms: Google’s Privacy Policy and Google Analytics Opt-Out

We use a performance cookie, which are sometimes also called analytical cookies (Analytics Cookies), and these gather information about your use of the services, enabling us to improve the functioning of the services. For example, performance cookies show us which pages are used most frequently, as well as what the entire usage pattern for the services looks like, and help us to recognise problems in using the services and establish whether our advertising is displayed effectively or not.

b) ADOBE TYPEKIT

We use Adobe Typekit services. The Typekit privacy policy explains how Typekit uses cookies and what information is collected:

https://www.adobe.com/privacy/policies/typekit.html

 If you have any other questions not answered by the information there, please contact Adobe's Privacy team at askprivacy@adobe.com


c) SOCIAL MEDIA LINKS AND BUTTONS

We may further provide links and buttons leading to social media and video/music platforms (Twitter, Instagram, Facebook, Youtube, Soundcloud, iTunes and Spotify etc.) on which Boris Brejcha is featured.

2. Legal basis for the data processing 

The legal basis for the processing of personal data using cookies etc. is Art. 6(1)(f) GDPR.

3. Purpose of the data processing

The purpose of using technically necessary cookies is to simplify use. Some functions of our software cannot be provided without deploying cookies. The user data gathered by technically necessary cookies is not used to create user profiles. The analytical cookies (Google Analytics Cookie) is used for the purpose of improving the quality and content of our services. By using the analytical cookies, we find out how the services are used, enabling us to continually optimise our services. These purposes are also the reason for our legitimate interest in processing the data pursuant to Art. 6(1)(f) GDPR. We moreover have a legitimate interest in showing advertising within our services. We are interested in finding new customers. In order for this to become possible, our advertising partners need to deploy cookies.

4. Duration of the storage, possibility of objection and deletion

Cookies are stored on the user’s device and transmitted to us by the latter. You, as a user, therefore also have full control over the use of cookies. By adjusting the settings in your web browser or mobile device, you can deactivate or limit the transmission of cookies. You can at any time delete any cookies already stored. This can also be done in an automated way. If cookies are deactivated, you may no longer be able to use all the functions of the services. The data is deleted once it is no longer necessary to achieve the purpose for which it was gathered.

VII. Rights of the data subject

If personal data of yours are processed, this means you are the data subject within the meaning of the GDPR, and you have the following rights in relation to the controller:

1. Your right to information

You may request confirmation from the controller whether any personal data concerning you is processed by us. 
Should this be the case, you can request information about the following from the controller:
– the purposes for which the personal data is processed;
– the categories of personal data that are processed;
– the recipients or categories of recipients to whom the personal data relating to you have been disclosed or will still be disclosed;
– the scheduled duration of storage of the personal data concerning you or, if this specific information is not available, criteria for laying down the period of storage;
– the existence of a right to correction or deletion of the personal data concerning you, a right to limitation of the processing by the controller or a right to object to such processing; 
– the existence of a right of appeal to a supervisory authority;
– if the data was not gathered from the data subject, any information available on the origin of the data;
– the existence of automated decision making, including profiling, in accordance with Art. 22(1) and (4) GDPR and – at least in such cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject. You are entitled to request information on whether the personal data concerning you is transmitted to a country outside the EU or an international organisation. In this context, you may request to be informed about the suitable warranties under Art. 46 GDPR in connection with the transmission.

2. The right of correction

 You have a right to correction and/or completion of the data by the controller if the personal data processed concerning you is incorrect or incomplete. The controller is required to make the correction without delay.

3. The right to limitation of the processing

You may, on the following prerequisites, request that the processing of the personal data concerning you be limited:
– if you dispute the accuracy of your personal data for a period of time that enables the controller to verify the accuracy of the personal data;
– if the processing is illegitimate and you decline to have the personal data deleted, and instead, request the use of the personal data to be limited;
– if the controller no longer needs the personal data for the purposes of the processing, but you need it in order to assert, exercise or defend legal claims; or
– if you have filed an opposition against the processing pursuant to Art. 21(1) GDPR and it has not yet been established whether the controller’s legitimate grounds outweigh your grounds.
Should the processing of the personal data concerning you have been limited, such data may – apart from being saved – only be processed with your consent or in order to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons involving a significant public interest on the part of the EU or a Member State.
Should the limitation of the processing have been limited in accordance with the above-mentioned prerequisites, you will be briefed by the controller before the restriction is lifted.

4. The right to deletion

a) Deletion obligation
You may request the controller to have the personal data concerning you deleted without delay, and the controller is obliged to delete such data immediately, as long as one of the following reasons exists:
The personal data concerning you is no longer necessary for the purposes for which it was gathered or otherwise processed.
You revoke your consent, on which the processing pursuant to Art. 6(1)(a) or Art. 9(2)(A) GDPR was based, and there is no other legal basis for the processing. 
Pursuant to Art. 21(1) GDPR, you file an opposition against the processing and no overriding legitimate grounds for the processing exist, or you file an objection to the processing pursuant to Art. 21(2) GDPR. 
The personal data concerning you has been processed illegitimately. 
The deletion of the personal data concerning you is necessary in order to fulfil a legal obligation under EU law or the law of the Member States, to which the controller is subject. 
The personal data concerning you was gathered in relation to information society services offered pursuant to Art. 8(1) GDPR.

b) Information given to third parties

Should the controller have made the personal data concerning you public, and should it be obliged, pursuant to Art. 17(1) GDPR, to delete it, it shall take appropriate measures, taking into account the available technology and costs of implementation, also of a technical nature, to inform parties responsible for processing the data, who process the personal data, that you, as a data subject, have requested them to delete any links to such personal data or copies or replications of such personal data.

c) Exceptions

The right to deletion does not exist if the processing is necessary
– in order to exercise the right to free expression of opinion and information;
– in order to fulfil a legal obligation that, according to the law of the EU or the Member States, to which the controller is subject, is required by the processing, or in order to take on a task that is in the public interest or is carried out in order to exercise official authority that has been assigned to the controller;
– for reasons in the field of public health that are in the public interest pursuant to Art. 9(2)(h) and (i), as well as Art. 9(3) GDPR;
– for archival purposes, scientific or historic research purposes or statistical purposes that are in the public interest pursuant to Art. 89(1) GDPR, if the right specified in Section a) is likely to make the implementation of the objectives of such processing impossible or seriously compromise them; or
– to assert, exercise or defend legal claims.

5. The right to a briefing

Should you have asserted the right to correction, deletion or limitation of the processing vis-à-vis the controller, the latter is obliged to inform all recipients to which it has disclosed the personal data concerned about the correction or deletion of the data or limitation of the processing, unless this proves impossible or involves disproportionate effort.
You are entitled to be informed about such recipients by the controller.

6. The right to data portability

You are entitled to receive the personal data concerning you that you have provided the controller with in a structured, common and machine-readable format. In addition, you have the right to transmit such data to another controller, without being impeded by the controller to whom you had provided the personal data, if the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, or a contract pursuant to Art. 6(1)(b) GDPR; and the processing is undertaken with the aid of automated procedures.

In exercise of this right, you moreover have the right to bring about that the personal data concerned is transmitted directly from one controller to another controller, provided that this is technically feasible. Freedoms and rights of other persons may not be impaired thereby.
The right to data portability does not apply to any processing of personal data which is necessary in order to take on a task that is in the public interest or in exercise of public authority that has been conferred upon the controller.

7. The right of objection

You are entitled, for reasons which arise from your particular situation, to file an objection against the processing of the personal data concerning you, which is being undertaken based on Art. 6(1)(e) or (f) GDPR. This also applies to any profiling based on such provisions. 

The controller will no longer process the personal data concerning you unless it can provide evidence of reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

Should the personal data concerning you be processed in order to engage in direct advertising, you are entitled to file an objection to the processing of the personal data concerning you for the purpose of such advertising at any time. This also applies to profiling, in so far as it is connected with such direct advertising.

Should you object to the processing for purposes of direct advertising, the personal data concerning you will no longer be processed for such purposes.

You have the opportunity, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right of objection by means of an automated procedure, where technical specifications are used.

8. The right to revoke declarations of consent under data protection law

You are entitled to revoke your declaration of consent under data protection law at any time. The legitimacy of the processing that has been undertaken based on the consent prior to revocation is not affected by the consent being revoked.

9. Automated decision in the individual case, including profiling

You are entitled not to be subjected to a decision based solely on automated processing, – including profiling –, which develops a legal impact in relation to you or considerably impairs you in a similar way. This does not apply if the decision 

a) is necessary for concluding or fulfilling a contract between you and the controller;
b) is permissible based on legal provisions of the EU or the Member States to which the controller is subject, and these legal provisions contain appropriate measures to preserve your rights and freedoms, as well as your legitimate interests; or
c) is taken with your explicit consent.
Such decisions may, however, not be based on special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms, as well as your legitimate interests.
In regard to the cases specified in (a) and (c), the controller shall take appropriate measures to preserve the rights and freedoms, as well as your legitimate interests, which at least includes the right to bring about the intervention of a person on the part of the controller, to explain one’s own point of view and to contest the decision.

10. The right to appeal to a supervisory authority

Notwithstanding any other legal remedy, or legal remedy under administrative or judicial law, you are entitled to file an appeal with a supervisory authority, in particular in the Member State that is your place of residence, your place of work or the place of the presumed infringement if you are of the opinion that the processing of the personal data concerned infringes the GDPR. 

The supervisory authority with which the appeal has been filed will inform the party filing the appeal about the status and the results of the appeal, including the option of a judicial legal remedy pursuant to Art. 78 GDPR.