The protection of your private data is important for us. In what follows you can find the information about the handling of your data.
1.NAME AND CONTACT DATA OF THE PROCESSING CONTROLLER AND OF THE WORKS DATA PROTECTION OFFICER
This data protection information applies to the data processing by:
26, Rue du Grand Bureau,
1227 Les Acacias – Genève
2. COLLECTION AND STORAGE OF PERSONAL DATA AND THE NATURE AND PURPOSE OF ITS USE
a) During a Visit to the Website
On visiting the website www.gmbc.bam-music.org information is automatically sent to the server of our website by your browser. This information is temporarily stored in a so-called log file. The following information is thereby recorded without your involvement and is stored until its automatic deletion:
the IP address of the visiting computer
the date and time of access
the name and URL of the file called up
the website from which the access took place (referrer URL)
the browser used and, sometimes, the operating system of your computer and the name of your access provider
The data mentioned is processed by us for the following purposes:
to ensure smooth connecting to the website
to ensure comfortable use of our website
for evaluation of the system’s security and stability
for further administrative purposes
The legal basis for the data processing is article 6, paragraph 1, sentence 1, letter f of GDPR. Our legitimate interest arises from the above-listed purposes of data acquisition. In no case do we use the data collected for purposes of drawing inferences to your person. In addition to this, during visits to our website we employ cookies and analytic services. More detailed explanations on this can be found under points 4 and 5 of this data-protection statement.
b) Online Shop
The Online Shop is linked via www.gmbc.bam-music.org.
c) On Registering for our Newsletter
If, in keeping with article 6, paragraph 1, sentence 1, letter a. of GDPR, you have explicitly consented to this, we will make use of your e-mail address for regularly sending you our newsletter. We want to deploy a user-friendly and secure newsletter systems that both serves our business interests and corresponds to the expectations of the users. For this purpose we ask you only your name and e-mail address.
Double-Opt-In and Keeping Records. Registration for our newsletter uses a so-called double-opt-in procedure, so after the registration you are sent an e-mail in which you are asked to confirm your registration. This is to avoid someone can log-on with someone else’s e-mail address. The log-ons to the newsletter are recorded in order to be able to verify the registration process in keeping with the legal requirements. This includes storage of the times of registration and confirmation, as well as of the IP address. The changes in your data stored with the dispatch service are also recorded.
Dispatch Service: We sent our newsletter through “Email Subscribers”, a newsletter-dispatch WordPress plug-in of the Indian provider Icegram, 126, 1st Floor, Raghuleela Mega Mall, Kandivali (W), Mumbai – 400 067, MH, India. You can read the data-protection provisions of the dispatch service here: https://www.icegram.com/privacy-policy/.
You can opt-out at any time via a link at the end of each newsletter. Alternatively, you can send your cancellation by e-mail to firstname.lastname@example.org, again at any time.
d) On Using Our Contact Form
With enquiries of whatever sort we offer you the possibility of contacting us via a form provided on the website. Here the disclosure of a valid e-mail address is necessary, so that we know where the enquiry came from and are able to send a reply. Further disclosures can be made voluntarily.
The data processing for purposes of establishing contact with us is undertaken in keeping with article 6, paragraph 1, sentence 1, letter a of GDPR on the basis of your freely given consent.
The personal data collected by us for use of the contact form is automatically deleted after conclusion of your enquiry.
3. PASSING-ON OF PERSONAL DATA
No transfer of your personal data to a third party for purposes other than those listed below takes place. We only give your personal data to a third party if you have given your explicit consent to this in keeping with article 6, paragraph 1, sentence 1, letter a of GDPR, the passing-on is necessary, in keeping with article 6, paragraph 1, sentence 1, letter f of GDPR, for purposes of assertion, exercising or defence of legal claims and there is no reason to suspect that you have a predominant legitimate interest in your data not being passed on, a statutory obligation exists for the transfer, in keeping with article 6, paragraph 1, sentence 1, letter c of GDPR, this is legally permissible and, in keeping with article 6, paragraph 1, sentence 1, letter b of GDPR, is necessary for the processing of contractual relationships with you.
4.CREATION OF PSEUDONYMIZED USER PROFILES FOR WEB ANALYSIS
a) Tracking Tools
The tracking measures listed below and deployed by us are implemented on the basis of article 6, paragraph 1, sentence 1, letter f of GDPR. With the tracking measures used we want to ensure a needs-oriented design and the progressive optimization of our website. We also employ tracking measures to statistically record the use made of our website and to evaluate it, for purposes of optimizing of our offer for you. These interests are to be seen as legitimate in the sense of the above-mentioned regulation.
Explanations of the respective purposes of the data processing, as well as data categories, can be found in the corresponding tracking tools.
b) Google Analytics
For purposes of a needs-oriented design and continuous optimization of our pages we use Google Analytics, a web-analysis service of Google Inc. (https://www.google.de/intl/en/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”). In this connection, pseudonymized user profiles are created and cookies (see under point 4) are used. The information created by the cookie about your use of this website, such as
operating system used,
referrer URL (the site previously visited),
host name of the accessing computer (IP address),
time of server enquiry
is transferred to a Google server in the USA and is stored there. The information is utilized to evaluate the use made of the website, to compile reports on the website activities and to produce further services associated with the use made of the website and of the Internet, for purposes of market research and needs-oriented design of these Internet pages. Where appropriate, this information is also passed on to third parties, provided this is legally prescribed, or to the extent that third parties process this data on commission. In no case will your IP address be used in connection with other Google data.
You can prevent the installation of the cookies by adjusting the browser-software settings appropriately. In this case, however, we draw your attention to the fact that not all of the functions of this website may then be fully available.
You can also prevent the acquisition of the data generated by the cookie and relating to your use of the website (incl. your IP address) and the processing of this data by Google in that you download and install the browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).
You can find further information on data protection in connection with Google Analytics in the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=en).
c) Google Marketing and Remarketing Services
We make use, on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer in the sense of article 6, paragraph 1, letter f of GDPR), of the marketing and remarketing services (in short, “Google Marketing Services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).Google is certified under the Privacy Shield agreement and hereby offers a guarantee of complying with the European data-protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). The Google marketing services allow us to show targeted advertisements for and on our website, thereby presenting users only advertisements that potentially appeal to their interests. If, for example, a user is shown advertisements for products for which he or she has shown an interest on other websites, one then speaks of “remarketing”. To this end, on calling up our and other websites on which Google marketing services are active, a code from Google is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated in the website. With their help an individual cookie, i.e. a small file, is stored on the user’s device (instead of cookies, comparable technologies can also be used). The cookies can be set by various domains, amongst others by google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com and googleadservices.com. In this file it is noted which web pages were visited by the user, in which content he or she showed an interest, and which offers were clicked, as well as technical information on the browser and the operating system, referring websites, the time of the visit and further details on the utilization of the online offer. The user’s IP address is also recorded, whereby we state, in the context of Google Analytics, that within the member states of the European Union and in other states contracting to the agreement on the European Economic Area the IP address is shortened and is only transferred un-shortened to a server of Google in the USA, and shortened there, in exceptional cases. The IP address is not brought together with data of the user within other offers from Google. The aforementioned information can also be brought together with such information from other sources by Google. If the user subsequently visits other websites, he or she can be shown advertisements adapted to him/her, corresponding to his/her interests.
In the context of Google marketing services, the user’s data is processed pseudonymized, i.e. Google stores and processes, for example, not the name or e-mail addresses of the users, but processes the relevant data, with respect to the cookie, within pseudonymized user profiles. In other words, from Google’s viewpoint the advertisements are not administrated for and shown to a specific, identified person, but for the cookie owner, regardless of whom this cookie owner is. This does not apply if a user has explicitly permitted Google to process the data without this use of pseudonyms. The information collected by Google marketing services on the users is transferred to Google and stored on Google’s servers in the USA.
One of the Google marketing services made use of by us is the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies cannot therefore be subsequently tracked over the websites of Adwords customers. The information collected with the help of the cookies serves in the preparation of conversion statistics for Adwords customers that have opted for conversion tracking. The Adwords customers are told the total number of users who have clicked their advertisement and have been forwarded to a page containing a conversion-tracking tag. No information is contained, however, which allows users to be personally identified.
Further information on the use of data by Google for marketing purposes can be found on the overview page: https://www.google.com/policies/technologies/ads, Google’s data-protection statement being accessible under https://www.google.com/policies/privacy.
If you want to object to the interest-specific advertising undertaken by Google marketing services you can use the settings and opt-out options made available by Google: http://www.google.com/ads/preferences.
5. FACEBOOK CUSTOM AUDIENCES AND FACEBOOK MARKETING SERVICES
Within our online offer use is made, on the basis of our legitimate interests in analysis, optimization and economic operation of our online offer and for this purpose the so-called “Facebook Pixel” of the social-network company Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
Facebook is certified under the Privacy Shield agreement and hereby offers a guarantee of complying with the European data-protection law (https://www.privacyshield.gov/participant id=a2zt0000000GnywAAC&status=Active).
With the help of Facebook Pixels, Facebook is able to target the visitors to our online offer for the presentation of advertisements (so-called “Facebook ads”). Accordingly we make use of Facebook Pixels to limit the use of Facebook ads placed by us to Facebook users who have also shown an interest in our online offer, or who have certain characteristics (e.g. interest in certain topics or products, as determined on the basis of the web pages visited), which we transmit to Facebook (so-called “custom audiences”). With the help of Facebook Pixels we would also like to ensure that our Facebook ads appeal to potentially interested users and do not pester them. With the help of Facebook Pixels we can furthermore anticipate the effectiveness of the Facebook advertisements for statistical and market-research purposes, in that we can see whether users, after clicking a Facebook advertisement on our website, are passed on (so-called “conversion”).
When you access our web pages Facebook Pixels is directly integrated by Facebook and can store a so-called cookie, i.e. a small file, on your device. When you subsequently log on with Facebook, or visit Facebook in logged-on status, the visit to our online offer is noted in your profile. The data collected on you is, for us, anonymous, i.e. it offers us no inferences to the identity of the user. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and could be used by Facebook and for one’s own market-research and advertising purposes. If we transmit data to Facebook for purposes of comparison, this is locally encrypted in the browser and is then sent to Facebook via a secured https connection. This is undertaken solely for the purpose of comparison with data similarly encrypted by Facebook.
With the use of Facebook Pixels we also use the additional function “extended comparison”. Here user data (such as telephone numbers, e-mail addresses and Facebook IDs) is transferred (encrypted) to Facebook for creation of target groups (“custom audiences” or “look-alike audiences”). For further information on “extended comparison”: https://www.facebook.com/business/help/611774685654668.
The processing of the data by Facebook is undertaken within the framework of Facebook’s data-usage guidelines. Accordingly, you can find general information on the presentation of Facebook ads in the Facebook data-usage guidelines: https://www.facebook.com/policy.php. Special information and details about Facebook Pixels and its functioning can be found in the Facebook help area: https://www.facebook.com/business/help/651294705016616.
You can object to the recording and use of your data by Facebook Pixels for presentation of Facebook ads. To set which types of advertisements you will be shown within Facebook, you can call up the pages arranged by Facebook and follow the information given there on the settings of usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are used for all devices, such as desk-top computers or mobile devices.
6. INTEGRATION OF SERVICES AND CONTENTS OF THIRD PARTIES
In our online offer we make use, on the basis of our legitimate interests (i.e. interests in the analysis, optimization and economic operation of our online offer in the sense of article 6, paragraph 1, letter f of GDPR), of the content and service offers of third-party suppliers to integrate their contents and services, e.g. videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party supplier of this content recognizes the user’s IP address, since without the IP address the content cannot be sent to their browsers. The IP address is therefore necessary for the presentation of these contents. We try to make use of only such content that the respective providers of the IP address make use of solely for dispatch of the content. Third-party suppliers can furthermore use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. With the “pixel tags” information such as the visitor traffic on the pages of this website can be evaluated. The pseudonymized information can furthermore be stored in cookies on the user’s device, along with other technical information on the browser and operating system, referring web pages, time of the visit and further details on the use made of our online offer, and can also be linked to such information from other sources.
The following presentation offers an overview of third-party suppliers, as well as their content, and links to their data protection statements, which contain further information on the processing of data and, as partially referred to here, possibilities for objecting (the so-called opt-out):
If our customers make use of the payment services of third parties (e.g. PayPal, VISA, Amex, Klarna), the terms of business and the data-protection information provided by the respective third-party supplier apply. These can be accessed within the respective web pages or transaction applications.
External fonts from Google, Inc., https://www.google.com/fonts (“Google fonts”). The integration of Google fonts is undertaken by a server call-up by Google (usually in the USA). Data Protection Statement: https://www.google.com/policies/privacy/. Opt-out: https://www.google.com/settings/ads/.
Maps of the service “Google Maps” from the service provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data Protection Statement: https://www.google.com/policies/privacy/. Opt-out: https://www.google.com/settings/ads/.
Videos of the platform “YouTube” from the service provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data Protection Statement: https://www.google.com/policies/privacy/. Opt-out: https://www.google.com/settings/ads/.
RIGHTS OF DATA SUBJECTS
You have the right, in accordance with article 15 of GDPR, to demand information on personal data of yours processed by us. In particular, you can demand information on the purposes of the processing, the category of the personal data, the categories of recipients with respect to whom or which your data has been or will be disclosed, the planned period of storage, the existence of a right to correction, deletion, limitation of the processing or to objection, the existence of a right to lodge a complaint, the origins of your data, if this has not been collected by us, and on the existence of an automated decision-making process including profiling and, where applicable, sound information on the related details, in accordance with article 16 of GDPR, to demand the immediate correction of incorrect data, or to have any incomplete personal data of yours, that is stored by us, completed, in accordance with article 17 of GDPR, to demand the deletion of your personal data stored by us, provided the processing is not necessary for the exercising of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons that are in the public interest, or for assertion, exercising or defence of legal entitlements in accordance with article 18 of GDPR], to demand limitations on the processing of your personal data, if the correctness of the data is contested by you, if the processing is unlawful but you reject the deletion of the data and we no longer require it, though you need it for assertion, exercising or defence of legal entitlements, or if you have protested against its processing, in accordance with article 21 of GDPR], in accordance with art. 20 of GDPR, to demand to be sent your personal data, that you have provided us with, in a structured, standard and machine-readable format, or to demand its transfer to another controller, in accordance with article 7, paragraph 3 of GDPR, to revoke your previously given consent, with respect to us, at any time. This has the consequence that, from then on, we will no longer be entitled to undertake data processing dependent on this consent, in accordance with article 77 of GDPR, to lodge a complaint with a supervisory authority. As a rule you can choose, for this purpose, the supervisory authority at your customary place of residence or workplace, or that at the place of the registered address of our business.
7. RIGHT OF OBJECTION
If your personal data is processed, on the basis of legitimate interests in accordance with article 6, paragraph 1, sentence 1, letter f of GDPR, you have the right, in accordance with article 21 of GDPR, to object to the processing of your personal data, provided there are reasons for doing so that arise from your special situation, or the objection is aimed at direct advertising. In the latter case you have a general right of objection that will be implemented by us without the need for details referring to a special situation.
If you wish to make use of your right of objection, it is sufficient that you send an e-mail to email@example.com
8. DATA SECURITY
During the visit to the website we make use of the much used SSL (secure socket layer) procedure in conjunction with the respective highest encryption level that is supported by your browser. This is normally a 256-bit encryption. If your browser does not support a 256-bit encryption, we resort instead to 128-bit v3 technology. You can see whether a single page of our Internet presentation can be transferred encrypted from the closed depiction of the key or lock symbol in the lower status bar of your browser.
We otherwise make use of appropriate technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.