Data Privacy Statement

The responsible entity according to the European General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection regulations is:

 

Out Of Line Music GmbH

Geschäftsführer: Andre Kobliha

Seestraße 15

12623 Berlin

Tel: +49 (0)30 5655353 0

Email: info@outofline.de

www.outofline.de

 

I. Provision of our website and log files

 

Scope of processing of personal data

 

  1. When you visit our website, your browser connects to the web server of our host Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel, (herinafter: Wix) with whom we have an order processing contract. This generates connection data that Wix saves in so-called log files.

 

Log files contain the IP address / host name of the device you are using to access our website, the date and time of your access, the name and URL of the file accessed, the website that access is made from (referrer URL), the type of browser you are using to access and information about your computer’s operating system.

 

The processing of your data by Wix can take place in the territory of the European Union, Israel or a third party country, territory or one or more specific sectors within this third party country, of which the European Commission has determined that they guarantee an adequate level of protection (disclosure on the basis of an adequacy decision). Any transfer to a third party country outside the European Union which does not guarantee an adequate level of protection according to the European Commission regulations takes place in accordance with our order processing contract in accordance with the standard contractual clauses (2010/87 / EU).

 

2. Purpose of data processing

Wix uses the data on our behalf to display and deliver our content, as well as for statistical purposes.

3. Legal basis for processing

The legal basis for the temporary storage of this data and the log files is based on Art. 6 Para. 1 lit. f GDPR.

 

4. Duration of storage

Your IP address will be saved by Wix to detect and defend against cyber attacks for a maximum of 7 days and then be anonymized. We can access the log files for 6 weeks, but only in their anonymized format.

 

5. Objection and removal option

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Therefore, the user has no option to object.

 

II. Newsletter registration

 

1.Scope of processing of personal data

You may subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input template is transmitted to Mailjet SAS, a French company located at 13-13 bis, Rue de l’Aubrac, 75012 Paris, with whom we have an order processing contract. Since the input template requires you to enter your e-mail address, other data in addition to this e-mail address- depending on its format - may also be transmitted, such as your name, company name and / or other specific data.

 

During the registration process your consent for the processing of data is obtained in reference to this data protection statement.

 

Your consent to the newsletter delivery is logged by date stamp.

 

2. Purpose of data processing

The processed data will be used exclusively for the delivery of our newsletter.

 

3. Legal basis for processing

The legal basis for processing the data after you have registered for the newsletter is Art. 6 Para. 1 lit a GDPR.

 

4. Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose that it was collected for. Therefore, the e-mail address is stored for as long as the newsletter subscription is active.

 

5. Objection and removal option

You may cancel your newsletter subscription at any time. A corresponding link to unsubscribe is provided in every newsletter.

 

III. Cookies

Our website uses so-called cookies. Cookies do not cause any damage to your computer. Cookies serve to make our offer more user-friendly, more efficient and safer. Cookies are small text files that are stored on your computer and saved by your browser.

 

Many of the cookies we use are so-called "session cookies". They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit. You can find detailed information about the cookies we use and their storage duration here: https://support.wix.com/de/article/cookies-und-deine-website-bei-wix. We use the following cookies for the following storage periods:


XSRF TOKEN                                    Used for security reasons.                                                                       Session          Essential

hs                                                       Used for security reasons.                                                                      Session           Essential

svSession                                          Used in connection with the user registration.                                     2 years           Essential

SSR caching                                     Used to identify the system the website was rendered from.             1 minute         Essential

_wixCIDX                                           Used for system monitoring / troubleshooting.                                   3 months        Essential

_wix_browser_sess                          Used for system monitoring / troubleshooting.                                    Session           Essential

consent-policy                                  Used for the parameters of the cookie banner.                                    12 months      Essential

smSession                                         Used to identify registered website members.                                    Session           Essential

TS *                                                    Used for security and fraud prevention purposes.                               Session           Essential

bSession                                            Used to measure system effectiveness.                                               30 minutes    Essential

fedops.logger.sessionId                   Used to measure system effectiveness.                                                12 months     Essential

 

You can prevent the storage of cookies by adjusting your browser’s software settings accordingly.

 

IV. Flickrocket

 

1. Description and scope of data processing

If you enter a download code on our website, our website forwards this download code, the date, the time and your IP address to the ACE limited liability company, Heinrich-Hertz-Str. 2, D-44227 Dortmund, Germany (hereinafter: ACE). The ACE checks the correctness of the download code and then provides you with the requested mp3 files for download.

 

2. Legal basis for data processing

The legal basis for the processing of data is your consent according to Art. 6 Para. 1 lit a GDPR.

 

3. Purpose of data processing

The purpose of data processing is to enable you to download the mp3 files.

 

4. Duration of storage

Your IP address and other data will be deleted immediately after the download. Only the download code you have given will be saved.

 

V. Contact Form and e-mail-contact

1. Description and scope of data processing

A contact form is available on our website that can be used to contact us electronically. If you utilize this option, the data entered into the input template will be transmitted to us and saved.

 

This data consists of:

• Name

• E-mail address

• The personal data contained in your message

 

When the message is sent, the following data is stored as well:

• IP address

• Date and time of contact

 

For the processing of the data, your consent is obtained during the sending process in reference to this data protection statement.

 

Alternatively, you may contact us using the e-mail address we have provided. In this case, the personal data transmitted within the e-mail will be saved.

 

In this context, the data will not be passed on to third parties. The data will only be used to process the conversation.

 

2. Legal basis for data processing

Legal basis for the processing of data is Article 6 (1) lit.f GDPR, if user consent is on file. The legal basis for the processing of the data that is transmitted in the course of sending an e-mail is Article 6 (1) lit.f GDPR.

 

If the purpose of e-mail correspondence is to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.

 

3. Purpose of data processing

The purpose of processing of your personal data provided via the input template serves only to handle your communication with us. Herein also lies our necessary legitimate interest in processing your data, if you contact us by e-mail.

Any other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

4. Duration of storage

Data will be deleted as soon as it is no longer required to achieve the purpose it was collected for. In terms of personal data provided via the input template as well as those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it is clear that resolving of an issue has been completed.

 

The additional personal data collected during the sending process will be deleted after a maximum of seven days.

 

5. Objection and removal option

You may withdraw your consent to the processing of your personal data at any time.

If you contact us by e-mail, you may object to the storage of your personal data at any time. In this instance, however, the conversation cannot be continued.

 

You may object and revoke your consent to data storage by utilizing the contact form or by sending an e-mail to info@ outofline.de. All personal data that was stored in the course of making contact will be deleted.

 

VI. Your rights

If your personal data is processed, you are affected according to the GDPR and you have the following rights against the responsible entity:

 

1. Right to information

You may request confirmation from the responsible entity as to whether your personal data is being processed by us. If this is the case, you may request the following information from the responsible entity:

(1) The purposes your personal data is processed for;

(2) The categories of personal data being processed;

(3) The recipients and categories of recipients to whom your personal data has been disclosed or is still being disclosed;

(4) The planned duration of storage of your personal data, or, if specific information hereto is not available, criteria for the determination of the duration of storage;

(5) The existence of a right to correction or deletion of your personal data, a right to limitation of data processing via the responsible entity, or a right to object to this processing;

(6) The right to file a complaint with a regulatory authority;

(7) Any available information regarding the origin of the data if that personal data is not collected from the data subject;

(8) The existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and meaningful information about the logic involved and the scope and intended effects such processing will have on the data subject in such instances.

 

You have the right to request information about whether your personal data is being transmitted to a third party country or to an international organization. In this context, you may request  information about the applicable guarantees according to Art. 46 GDPR in connection with the transmission.

 

2. Right to rectification

You have a right to correction and / or completion towards the responsible entity if your personal data that is being processed is incorrect or incomplete. The responsible entity must immediately make the corrections.

 

3. Right to restriction of processing

You may request the limitation of the processing of your personal data under the following conditions:

 

(1) If you dispute the accuracy of your personal data for a period of time that enables the responsible entity to verify the accuracy of your personal data;

(2) The processing is unlawful and you refuse to delete your personal data but request the limitation of use of your personal data instead;

(3) The responsible entity no longer needs access to your personal data for the purposes of processing, but in case you need them to assert, exercise or defend legal claims, or

(4) If you have filed an objection to the processing in accordance with Art. 21 Paragraph 1 GDPR and it has not yet been determined whether the legitimate reasons of the responsible entity outweigh your reasons.

 

If the processing of your personal data has been limited, apart from its storage this data may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest by the European Union or one of its member states. If the processing limitation has been restricted according to the above conditions, you will be informed by the responsible entity before this restriction is lifted.

 

4. Right to deletion

a. Deletion obligation

You may demand that the responsible entity deletes your personal data immediately, and the responsible entity is also obliged to delete personal data immediately if one of the following reasons applies:

(1) The personal data in question is no longer needed for the purposes that it was collected or otherwise processed for.

(2) You revoke your consent to data processing in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there is no other legal basis in place for processing.

(3) You object to the data processing according to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to processing according to Art. 21 para. 2 GDPR.

(4) The personal data in question has been processed unlawfully.

(5) The deletion of your personal data is necessary to fulfill a legal obligation under European Union law or the law of its member states that the responsible entity is obliged to.

(6) Your personal data was collected in relation to services offered by the information company in accordance with Art. 8 (1) GDPR.

 

b. Information to third parties

If the responsible entity has made your personal data public and they are obliged to delete it in accordance with Art. 17 Paragraph 1 GDPR, they shall take reasonable and appropriate measures, in consideration of available technology and implementation costs, to make any responsible parties who are processing your personal data aware that you, as the data subject, have requested them to delete all links to this personal data as well as copies or replications of this personal data.

 

c. Exceptions

 

The right to deletion does not exist if processing is necessary

 

(1) To exercise the right to freedom of speech and information;

(2) To fulfill a legal obligation that requires processing under the law of the European Union or of its member states that the responsible entity is obliged to, or to perform a task that is in public interest or to exercise official regulations if such authority was transferred to the responsible entity;

(3) For reasons of the interests of public health in accordance with Art. 9 Para. 2 lit. h and I, as well as Art. 9 Para. 3 GDPR;

(4) For archiving purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Art. 89 para. 1 GDPR, if the aforementioned right under section a) is likely to make the realization of the objectives of this processing impossible or seriously impair it, or

(5) To establish, exercise or defend legal claims.

 

5. Right to be informed

If you have asserted the right to correction, deletion or restriction of processing against the responsible entity, they are obliged to inform all recipients whom your personal data has been disclosed to of this correction or deletion of the data or restriction of processing, unless this turns out to be impossible or involves an unreasonable effort. You have the right to be informed about these recipients by the responsible entity.

 

6. Right to data portability

You have the right to receive the personal data you provided the responsible entity with in a structured, current and machine-readable format. Further, you have the right to transfer this data to another responsible party without hindrance from the responsible entity that this personal data was supplied to, provided that

(1) the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR and

(2) the processing is carried out using automated methods.

 

Further to exercising this right, you also have the right to have your personal data transmitted directly from one person in charge to another person in charge, if this is technically feasible. This must not impair the freedoms and rights of other people. The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been transferred to the responsible entity.

 

7. Right to Object

You have the right to object to the processing of your personal data based on Art. 6 Para. 1 lit. e or f GDPR at any time for reasons that arise from your particular situation; this also applies to profiling based on these provisions. The responsible entity will no longer process your personal data unless they can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If your personal data is processed in order to operate direct mail marketing, you have the right to object to the processing of your personal data for the purpose of such advertising at any time; this also applies to profiling if it is connected to such direct advertising.

 

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

 

You have the option of exercising your right to objection in connection with the use of information company services - regardless of Directive 2002/58 / EC - by means of automated methods that use technical specifications.

 

8. Right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of revocation.

 

9. Automated decision in individual cases including profiling

You have the right not to be subjected to a decision based solely on automated processing - including profiling - which has legal effect on you or significantly affects you in a similar manner. This does not apply if the decision

 

(1) is necessary for the conclusion or carrying out of a contract between you and the responsible entity,

(2) is permissible on the basis of legal provisions of the European Union or its member states that the responsible entity is obliged to, and these legal provisions contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests or

(3) takes place with your expressed consent.

 

However, these decisions must not be based on special categories of personal data according to Art. 9 Paragraph 1 GDPR, unless Art. 9 Paragraph 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests. With regard to instances mentioned in (1) and (3), the responsible entity shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at minimum the right to obtain intervention by a person on the part of the responsible entity, to express their own point of view and to contest the decision.

 

10. Right to complain to a supervisory authority

Without prejudice towards any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority, in particular within the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is in violation of the GDPR. The supervisory authority that the complaint was filed with informs the complainant of the status and the results of the complaint, including the possibility of a judicial remedy according to Art. 78 GDPR.