Information on handling your data on our website
An obligation under the General Data Protection Regulation.
The following points are intended to provide you with information about your data. The legislator has determined which information is necessary for this purpose.
Anyone who wants to know more can find this in the General Data Protection Regulation in Articles 12 to 22 and 34. The text of the General Data Protection Regulation is available on the Internet at the following https://gdpr-info.eu/. If you have further questions about the General Data Protection Regulations, you can contact the Data Protection Officer and / or the Administration at any time.
2. What is Personal Information?
Any information that relates to a specific or identifiable person. A person is identifiable if identification can be obtained directly or indirectly. This can be done, for example, by assignment to an identifier such as a name, to an identification number, to location data, to an online identification or to one or more specific features.
3. Basic information
3.1 Who is responsible for the processing of my data?
Responsible for the processing of my Data is:
MP Musikhandel GmbH & Co. KG
3.2 How can you contact us?
Contact Person: Dipl.-Ing. Hubert Dierselhuis
Phone: +49 5451 909-0
3.3 Which authority is responsible for control and compliance with data protection law?
Landesbeauftragte für Datenschutz und Informationsfreiheit
Postfach 20 04 44
+49 211 38424-0
3.4 How can I contact the company Data Protection Supervisor?
Data protection supervisor is Mario Arndt. The data protection Supervisor can be reached as follows:
Mario Arndt - DEUDAT GmbH
4. Further important information
4.1 Why does the company process your data?
The data processing takes place
- to provide you with the content of our website,
- to adapt our website to the interests and needs of our visitors,
- for statistical purposes, and to ensure optimisation of the website (IP address).
4.2 Why is the company allowed to process your data?
The data protection law (= EU General Data Protection Regulation) allows in this specific case the processing of your IP address, as you have clearly confirmed by your behavior that you agree to the processing of your IP address to deliver the content of our website (according to Art. 6 para. 1 lit. a GDPR). The data protection law also allows the processing of the data transmitted by your browser for the production of anonymous usage statistics, if we have a legitimate interest in compiling the statistics and your interest or your fundamental rights and freedoms do not predominate (according to Art. 6 para. 1 lit. f GDPR).
4.3. Which data is collected from you?
This website collects data about page hits.
- Referrer (previously visited website)
- Requested website or file
- Browser type, Browser language and Browser version
- Operating system used
- Used device
- Date of access
- Time of access
- Screen resolution
Popular browsers offer the preference option of not allowing cookies. Note: There is no guarantee that you will be able to access all the functions of this website without restrictions if you make the appropriate settings.
4.4. For which statistics will your data be used?
This website collects data about access to the site and saves it as a log file.
The collected data are anonymised by our service provider and are only used for statistical evaluation and improvement of the website.
As a website operator, however, MP Musikhandel GmbH & Co. KG reserves the right to review the log files should concrete evidence point to unlawful use.
The following data is determined as follows:
- Traffic: Visitors, Sessions, Page views and Search Engine Robots.
- Visitor behaviour: duration per session, page views per session and bounce rate.
- Page Analysis: Home Pages, Exit Pages, Error Pages, Most Visited Pages, High Bounce Pages, and Search Terms.
- Origin pages: All pages of origin and referring pages.
- Visitors locations
- Browser & Systems: Browser, Browser Versions, Operating Systems and Operating System Versions.
4.5 Who can receive data from you?
As part of the processing, your data may be transmitted to:
- People within our company who are directly involved in data processing
- Service providers who are contractually bound and are required to maintain secrecy and perform subtasks of data processing.
Google Analytics: This website uses the "Google Analytics" service provided by Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA) to analyze users' website usage. The service uses "cookies" - text files stored on your device. The information collected by the cookies is usually sent to a Google server in the US and stored there.
On this website IP anonymisation is implemented. The IP address of users is shortened within the member states of the EU and the European Economic Area. This reduction eliminates the personal reference of your IP address. Under the terms of the agreement, which website operators have entered into with Google Inc., they use the information collected to compile an evaluation of website activity and site activity, and provide Internet-related services.
Google-Tag-Manager: This website uses Google Tag Manager. Google Tag Manager is a solution that lets Musik Produktiv manage what are known as website tags. The Tag Manager does not collect personal information.
MailChimp: This website uses the services of MailChimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. When you enter data for the purpose of receiving newsletters (e.g. e-mail address), this data is stored on MailChimp's servers in the USA.
With the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web-beacon) connects to the servers of MailChimp in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you do not want any analysis by MailChimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you have provided to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-Standard_Contractual_Clauses.
We have concluded a so-called "Data Processing Agreement" with MailChimp, in which we oblige MailChimp to protect our customers' data and not to pass it on to third parties.
Trusted Shops: The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops Trustmark and the collected reviews as well as to offer Trusted Shops products to buyers after an order.
This is necessary to safeguard our legitimate prevailing interests in an optimal marketing by ensuring the safety of your purchase according to Article 6 (1) f GDPR. The Trustbadge and the services advertised with it are an offer of the Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, _Germany. The Trustbadge is made available by a CDN provider (Content-Delivery-Network) as part of order processing. The Trusted Shops GmbH uses also service provider from the USA. An adequate level of data protection is guaranteed. Further information to the data security of the Trusted Shops GmbH can be found here: https://www.trustedshops.co.uk/imprint/
When the Trustbadge is called up, the web server automatically saves a server log file which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. Individual access data are stored in a security database for the analysis of security problems. The log files are automatically deleted 90 days after creation at the latest.
Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered for use. The contractual agreement made between you and Trusted Shops applies. For this purpose personal data is automatically collected from the order data. Whether or not you are already registered as a Trusted Shops customer is automatically checked by means of a neutral parameter, the e-mail address hashed by cryptological one-way function. The e-mail address is converted to this hash value, which cannot be decrypted by Trusted Shops before it is transmitted. After checking for a match, the parameter is deleted automatically.
Payment service provider: For the processing of payments, we pass on your payment data to the credit institution commissioned with the payment or to the payment service selected in the ordering process.
We work with the following payment service providers:
- PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxemburg
- SIX Group AG, Schweiz
- Sofort GmbH
- BillPay GmbH
- Consors Finanz (BNP Paribas S.A. Frankreich)
- Amazon Payments Europe S.C.A, Luxemburg
4.6 Will we transfer data from you to countries outside the European Union?
Personal Data will be transferred by us to a third country outside the EU only if they have arranged this by selecting a payment service provider.
4.7 How long will we save your data?
The log files are automatically deleted on the servers after 90 days.
4.8 Do you have to provide your data?
In order to achieve the results described in point 4.1, it is necessary that you give us your personal information.
You can optionally use the search function.
In the case of complaints, you can always contact the responsible supervisory authority. The competent authourity for our company can be found at 3.3.
You have the right to have this judicially examined, according to article 78 of the GDPR, against a supervisory authority and, according to article 79 GDPR, against our company.
4.9 Automated decision-making / profiling
An automatic decision-making / profiling does not take place.
5. What rights do you have?
5.1 Notice about your rights
As a data subject, you have, inter alia, the following rights under the General Data Protection Regulation (hereinafter also referred to as "the affected rights"):
5.2 Right to information (according to Article 15 GDPR)
You have the right to request information about whether we process personal information about you or not. When we process personal information from you, you are entitled to be informed
- why we process your Data (see also 4.1);
- which data we process from you;
- which type of recipients receive or should receive data from you (see also 4.3);
- how long we will save your data; If it is not possible to give an indication of the storage duration, we must inform you of how the retention period will be determined (eg after expiry of statutory retention periods) (see also 4.5);
- that you have a right to rectification and deletion of the data concerning you, including the right to limit the processing and / or the possibility of objection (see also points 5.2, 5.3 and following);
- that you have the right of appeal to a supervisory authority;
- where your data comes from, if we did not collect it directly from you;
- whether your data will be used for an automatic decision and, if so, what logic the decision is based on and what impact and scope the automated decision may have for you;
- that, if data about you is transmitted to a country outside the European Union, you are entitled to information as to whether and, if so, based on which guarantees, an adequate level of protection of the data recipient is ensured;
that you have the right to request a copy of your personal data. Data copies are always provided in electronic form.
The first copy is free of charge, additional copies may require a reasonable fee. A copy can only be provided if the rights of other persons are not affected.
5.3 Right to correct the data (according to Article 16 GDPR)
You have the right to request correction of your data if it is incorrect and / or incomplete. This right also includes the right to be completed by supplementary statements or communications. A correction and / or supplement must be made without culpable hesitation.
5.4 Right to erasure of personal data (according to Article 17 of the GDPR)
You have the right to demand deletion of your personal data from us if
- the personal data is no longer required for the purposes for which it was collected and processed;
the data has been processed on the basis of your consent and you have revoked your consent;
however, this does not apply if there is other permission by Law for data processing;
- you have lodged an objection to data processing the legal authorization of which is in the so-called "legitimate interest" (referred to in Article 6 (1) (e) or (f)); however, deletion does not have to take place if there are legitimate reasons for further processing;
- you have lodged an objection to data processing for direct marketing purposes;
- your personal data has been processed unlawfully;
- it concerns data of a child, which were raised for services of the information society (= electronic service) on the basis of the consent (according to Article8.1 GDPR).
A right to delete personal data does not exist if
- the right to freedom of expression and information conflicts with the request for cancellation,
- the processing of personal data,
- to fulfill a legal obligation (eg statutory retention obligations),
- to perform public duties and interests under applicable law (including "public health") or
- required for archiving and/or research purposes;
- the personal data required to assert, exercise or defend legal claims.
The deletion must be carried out immediately (without culpable hesitation). If personal data has been made public by us (eg on the Internet), we must ensure, as far as is technically possible and reasonable, that other data processors are also informed about the deletion request, including the deletion of links, copies and/or replications.
5.5 Right to restriction of data processing (according to Article 18 of the GDPR)
You have the right to restrict the processing of your personal data in the following cases:
- If you have disputed the accuracy of your personal information, you may request that your data not be used elsewhere for the duration of the verification of accuracy, thereby limiting its processing.
- In the case of unlawful data processing, you may request the restriction of data usage instead of data deletion.
- If you require your personal data to assert, exercise or defend your rights, but we no longer need your personal information, you may require us to restrict the processing to the purposes of law enforcement.
- If you have objected to a data processing (pursuant to Art. 21 (1) GDPR) (see also point 5.7) and it is not yet clear whether our interests in processing outweigh your interests, you may request that your data be kept and not used for other purposes and thus their processing be restricted for the duration of the processing check.
Personal data whose processing has been restricted to their request may, subject to storage - only
- with your permission,
- to assert, exercise or defend legal claims
- to protect the rights of other natural or legal persons, or
- be processed for reasons of important public interest.
Should a processing restriction is lifted, you will be notified in advance.
5.6 Right of Data Transfer (according to Articlel 20 GDPR)
You have the right to request the data that you have provided to us in a common electronic format (eg as a PDF or Excel document).
You may also request us to transfer this information directly to another (through a specific) company, if technically possible for us.
The prerequisite for having this right is that the processing takes place on the basis of a consent or for the fulfilment of a contract (see point 4.2) and is carried out with the help of automated procedures.
The exercising of the right to data transfer does not affect the rights and freedom of others.
If you exercise the right to data transfer, you continue to have the right to data deletion under Article 17 of the GDPR.
5.7 Right to object to certain data processing (Article 21 GDPR)
If your data is processed for the purpose of performing public interest or legitimate interests (see 4.2), you may object to such processing. You must explain to us the reasons that arise from your particular situation for your opposition. This can be i.e. special family circumstances or legitimate secrecy interests.
In the event of objection, we shall refrain from any further processing of your data for the purposes stated under point 4.1, unless:
- there are compelling, legitimate grounds for processing that outweigh your interests, rights and freedoms, or
- the processing is necessary for the assertion, exercise or defense of legal claims.
You may object to the use of your data for the purpose of direct mail at any time; this also applies to profiling insofar as it is connected with direct mail. In the case of oblection, we may no longer use your data for direct marketing purposes.
⇒ Direct mail and/or profiling is not initiated or carried out by us.
5.8 Prohibition of automated decision-making / profiling (according to Article 22 GDPR)
Decisions by us that have a legal consequence or that significantly affect you must not be based solely on the automated processing of personal data. This includes profiling. This prohibition does not apply as far as the automated decision
- is required for the conclusion or fulfillment of a contract with you,
- is permitted by law, if such legislation contains reasonable measures to protect your rights and freedoms and your legitimate interests, or
- with your consent.
Decisions that are based exclusively on automated processing of special categories of personal data (= sensitive data) are only permitted if based on
- your express consent or
- a significant public interest in processing
and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
5.9 Exercise of the affected rights
For exercising the rights of the persons concerned, please contact the authorities mentioned under point 4. Requests that are submitted electronically are usually answered electronically. The information, communications and measures to be provided under the GDPR, including "the exercise of the data subject rights, are generally provided free of charge. Only in the case of manifestly unfounded or excessive claims are we entitled to levy an appropriate fee for the processing or to refrain from taking action (in accordance with Article 12 (5) GDPR).
If there are reasonable doubts about your identity, we may request additional information from you for identification purposes. If identification is not possible, we are entitled to refuse to process your request. We will - if possible - notify you separately an identification was not possible. (see Articles 12 (6) and 11 GDPR).
Information and information requests are usually processed immediately, within one month of receipt of the request. The deadline may be extended by a further two months, as far as this is necessary taking into account the complexity and / or the number of requests; In the event of an extension, we will inform you of the reasons for the delay within one month of receiving your request. If we do not respond to a request, we will immediately notify you of the reasons for doing so within one month of receipt of the request and inform you of the possibility to lodge a complaint with a supervisory authority or to seek judicial remedy. (see Article 12 (3) and (4) of the GDPR).
Please note that you can only exercise your rights in the context of restrictions and restrictions imposed by the Union or the member states (Article 23 of the GDPR).