Data Protection Policy

1. Name and contact details of the responsible person
This data protection policy provides information on the processing of personal data on the website of Steamhammer / SPV GmbH.

Responsible:
SPV Schallplatten, Produktion und Vertrieb GmbH
Boulevard der EU 8
D-30539 Hannover
Germany
Managing Director: Frank Uhle

Contact:
phone: +49 511 8709 0
fax: +49 511 8709 181
mail: info@spv.de

Contact details of the Data Protection Officer:
The data protection officer of the law office can be reached under the above-mentioned law office and under dsb_dpo@spv.de.

2. Scope and purpose of the processing of personal data

2.1. Calling this website
When calling this website http://shop.steamhammer.de, the Internet browser used by the visitor automatically sends data to the server of this website and stores it in a log file for a limited time. Until the automatic deletion, the following data is stored without further input of the visitor:

- IP address of the visitor's terminal,
- date and time of access by the visitor,
- Name and URL of the page accessed by the visitor,
- Website from which the visitor arrives at the company's website (so-called referrer URL),
- Browser and operating system of the visitor's terminal and the name of the access provider used by the visitor.
The processing of these personal data is acc. Article 6 (1) (1) (f) of the General Data Protection Regulation (GDPR). The company has a legitimate interest in the processing of data for the purpose of
- build up the connection to the website of the company quickly,
- to enable a user-friendly application of the website,
- to identify and ensure the safety and stability of the systems and
- to facilitate and improve the administration of the website.
The processing is not for the purpose of gaining knowledge about the person or any personal data of the visitor of the website.

2.2. Order process
The data that is entered by the customer as part of an order processing is stored. This includes:

  • Name first Name
  • Address
  • payment data
  • E-mail address

    • All necessary data required for delivery or order processing will be passed on to our service providers. Once your data is no longer required or required by law, it will be deleted.

    2.3. Credit check
    To ensure your and the security of the operator of this website, we conduct a credit check before concluding a contract. In addition to checking the past transactions with the operator and any changes to your personal data, the operator also resorts to third party service providers.
    Your personal data (name, address, date of birth) will be transmitted to the following service providers as part of the credit check, depending on the payment method:

    Company, Address
    PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
    Stripe, 185 Berry Street, Suite 550, San Francisco, CA 94107, USA

    3. Disclosure of data
    Personal data will be transmitted to third parties, if
    - it was expressly consented to by the data subject under Article 6 (1) (1) (a) GDPR,
    - the disclosure pursuant to Art. 6 (1) (1) (f) GDPR is required to assert, exercise or defend legal claims and there is no reason to believe that the data subject has an overriding legitimate interest in not disclosing their data,
    - there exists a legal obligation for the transmission of data according to Art. 6 (1) sentence 1 letter c) GDPR, and / or
    - it is required by Article 6 (1) (1) (b) of the GDPR to fulfill a contractual relationship with the data subject.
    In all other cases, personal data will not be disclosed to third parties.

    4. Cookies

    5. Use of Facebook/Instagram-Links

    Our website contains links to the external social networks Facebook and Instagram. This website is operated exclusively by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). The references are indicated in the framework of our Internet appearance by the Facebook Logo or the addition "Likes" (there are no Facebook Plugins used).

    If these links are followed by a click, the Facebook plugins will be activated and your browser will connect directly to the Facebook servers.

    If you follow the links while visiting our website and are logged in to Facebook via your personal user account, the information that you have visited our website will be forwarded to Facebook. The visit of the website Facebook can assign to their account.

    This information is transmitted to Facebook and stored there. To prevent this, you must log out of your Facebook account before clicking on the link.

    The functions assigned to the references of Facebook, in particular the transmission of information and user data, are not activated by visiting our website, but only by clicking on the corresponding links.

    The purpose and scope of the data collection by Facebook as well as the further processing and use of your data as well as your respective rights and setting options for the protection of your privacy can be found in the privacy policy of Facebook (https://www.facebook.com/policy.php).

    6. Embedded YouTube videos and links to YouTube

    In our website we use YouTube. This is a video portal of YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, hereinafter referred to as "YouTube."

    YouTube is a subsidiary of Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereafter referred to as "Google."

    Certified under the EU-US Privacy Shield
    https://www.privacyshield.gov/participant?id=a2zt0...

    Google guarantees, and thus its subsidiary YouTube, that the EU's data protection requirements will also be met when processing data in the USA.

    We use YouTube in conjunction with the Enhanced Privacy Mode feature to show you videos. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the quality improvement of our website. The Enhanced Privacy Mode feature, according to YouTube, means that the data specified below will only be transmitted to the YouTube server when you actually start a video.

    Without this "Enhanced Privacy," you will be connected to the YouTube server in the United States as soon as you visit one of our websites that embed a YouTube video.

    This connection is required in order to be able to display the respective video on our website via your Internet browser. In the course of this, YouTube will at least collect and process your IP address, the date and time as well as the website you are visiting. It also connects to Google's DoubleClick ad network.

    If you're logged in to YouTube at the same time, YouTube will provide the connection information to your YouTube account. If you want to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.

    For the purpose of functionality as well as for the analysis of user behavior, YouTube permanently stores cookies via your Internet browser on your device. If you do not agree with this processing, you have the option to prevent the storage of cookies by a setting in your Internet browser. For more information, see "Cookies" above.

    Further information about the collection and use of data as well as your related rights and protections when using Youtube are available on Google at https://policies.google.com/privacy.

    7. Twitter - Social plug-in

    On our website we use the plug-in of the social network Twitter. Twitter is an Internet service provided by Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, hereafter referred to as "Twitter."

    Certified under the EU-US Privacy Shield
    https://www.privacyshield.gov/participant?id=a2zt0...

    Twitter warrants that EU data protection standards will be respected, including when processing data in the United States.

    The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the quality improvement of our website.

    If the plug-in is stored on one of the pages you visit on our website, your Internet browser downloads a representation of the plug-in from the servers of Twitter in the USA. For technical reasons, it is necessary that Twitter processes your IP address. In addition, however, the date and time of the visit to our website are recorded.

    If you are logged in to Twitter while visiting any of our plug-ins, the information collected through the plug-in will be recognized by Twitter. The information collected in this way may be assigned to your personal account by Twitter. If you use the so-called "Share" button of Twitter, for example, this information will be stored in your Twitter user account and, if applicable, published via the Twitter platform. If you want to prevent this, you must either log out of Twitter before visiting our website or make the appropriate settings in your Twitter account.

    Further information about the collection and use of data as well as your related rights and protections of Twitter are available under
    https://twitter.com/privacy.

    8. Google Analytics

    This website uses for the optimization and analysis of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR the "Google Analytics" service offered by Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA), due to our legitimate interests. The service (Google Analytics) uses "cookies" - text files that are stored on your device. The information collected by the cookies is usually sent to a Google server in the US and stored there.

    Google LLC complies with European data protection law and is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt0...

    On this website accesses the IP anonymization. The IP address of the users is shortened within the member states of the EU and the European Economic Area and in the other contracting states of the agreement. Only in individual cases, the IP address is initially transferred unabridged to the United States to a Google server and shortened there. This reduction eliminates the personal reference of your IP address. The user's IP address provided by the browser will not be combined with other data stored by Google.

    Under the terms of the Data Processing Agreement, which we have created as a website operator with Google Inc., the information we collect will be used to compile an evaluation of website activity and website activity, and to provide services related to internet usage.

    The data collected by Google on our behalf will be used to evaluate the use of our online offering by individual users, such as: For example, to generate activity reports on the website to improve our online offering.

    You have the option to prevent the storage of cookies on your device by making the appropriate settings in your browser. There is no guarantee that you will be able to access all features of this website without restriction if your browser does not allow cookies.

    Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. The following link leads you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=de

    Alternatively, by clicking on this link you prevent Google Analytics from collecting data about you within this website. By clicking on the link above you download an "opt-out cookie". Your browser must allow cookies to be stored. If you delete your cookies regularly, you will need to click on the link each time you visit this website.

    Please find here more information on data usage by Google Inc .:

  • https://policies.google.com/privacy/partners?hl=en (data collected by Google Partners)
  • https://adssettings.google.com/authenticated (settings about ads you see)
  • https://policies.google.com/technologies/ads?hl=en (Use of cookies in ads)


    • 9. Using Script Libraries (Google Webfonts)

    To render our content correctly and graphically appealing across browsers, we use script libraries and font libraries on this website, such as: Google Webfonts (https://www.google.com/webfonts/). Google web fonts are transferred to the cache of your browser to prevent multiple loading. If the browser does not support Google Web fonts or prohibits access, content will be displayed in a standard font.

    The call of script libraries or font libraries automatically triggers a connection to the operator of the library. It is theoretically possible - but currently also unclear whether and if so for what purposes - that operators of such libraries collect data.

    The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy/

    10. Linkfire

    We use the linkfire ApS music sales analysis tool from Linkfire ApS, Artillerivej 86, 3rd, 2300 Copenhagen S, Denmark.

    With its help, we can show you various online providers of a product clearly in just one single link. In addition, we can track users' actions after they have clicked on such a linkfire link. The data collected in this way is anonymous to us, ie we do not see the personal data of individual users. However, this data is stored on Linkfire's servers in Denmark. We have no control over the scope and continued use of the data by Linkfire.

    The purpose and scope of the data collection and further processing and use of the data by Linkfire, as well as your related rights and settings options to protect your privacy, please refer to the Privacy Policy of Linkfire: https://linkfire.com/privacy.

    If you do not want Linkfire to collect information about you, you have the option to disable this function via the "opt-out" button on the above website.

    11. Your rights as a data subject

    As far as your personal data is processed during the visit of our website, you have the following rights as a "data subject" within the meaning of the GDPR.

    11.1. Information

    You can ask us for information about whether personal data is processed by us. No right of access exists if the granting of the coveted information against the duty of confidentiality acc. § 83 StBerG would violate or the information for other reasons, in particular because of a predominant legitimate interest of a third party, must be kept secret. Deviating from this, there may be an obligation to provide the information if your interests outweigh the interests of secrecy, in particular taking into account any imminent damage. The right of access is also excluded if the data are stored only because they may not be deleted due to statutory or statutory retention periods or serve exclusively for purposes of data protection or data protection control, if the disclosure of information would require a disproportionate effort and processing other purposes is excluded by appropriate technical and organizational measures. If in your case the right to information is not excluded and your personal data are processed by us, you can ask us for information about the following information:

    - purposes of processing,
    - categories of personal data that is processed,
    - recipients or categories of recipients to whom your personal data are disclosed, in particular for recipients in third countries,
    - if possible, the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining the duration of storage,
    - the right of rectification or erasure or restriction of the processing of personal data concerning you or a right of contradiction to such processing,
    - the existence of a right of appeal to a data protection supervisory authority,
    - if the personal data has not been collected from you as the data owner, the information available on the origin of the data,
    - the existence of automated decision-making, including profiling and meaningful information on the logic involved, as well as the scope and intended impact of automated decision-making, where appropriate;
    - if applicable, in the case of transmission to recipients in third countries, unless there is a decision by the EU Commission on the adequacy of the protection level under Art. 45 (3) GDPR, information on which suitable guarantees pursuant to Art. Art. 46 para. 2 GDPR for the protection of personal data.

    11.2. Correction and completion

    If you detect that we have inaccurate personal information, you may require us to promptly correct this incorrect information. In case of incomplete personal data concerning you, you can request the completion.

    11.3. Deletion

    They are entitled to be deleted ("right to be forgotten"), unless the processing is necessary for the exercise of the right to freedom of expression, the right to information or to fulfill a legal obligation or to perform a task of public interest and one of the following is true:

    - The personal data is no longer necessary for the purposes for which they were processed.
    - You have revoked your consent to use your personal data.
    - You have contradicted to the processing of your personal data that we have made public.
    - You have contradicted to the processing of personal data not disclosed to us and there is no legitimation for the processing.
    - Your personal data has been processed unlawfully.
    - The deletion of personal data is required to fulfill a legal obligation to our company.

    There is no entitlement to cancellation if, in the case of legitimate non-automated data processing, deletion is not possible or only possible with disproportionately high outlay due to the special nature of the storage and your interest in deletion is low. In this case, the deletion is replaced by the restriction of processing.

    11.4. Restriction of processing
    You may require us to restrict processing if any of the following applies:
    - You deny the accuracy of your personal data. The restriction may be required in this case for the duration that allows us to verify the accuracy of the data.
    - The processing is unlawful and you require instead of deletion the restriction of the use of your personal data.
    - Your personal information is no longer needed by us for the purposes of processing, but you need to assert, exercise or defend legal claims.
    - You have contradiction acc. Art. 21 para. 1 GDPR. The limitation of processing may be required as long as it is not certain that our justified reasons outweigh your reasons.

    Restriction of processing means that the personal data will be processed only with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest. Before we lift the restriction, we have a duty to inform you.

    11.5. Data portability
    You have the right of data transferability if the processing is based on your consent (Article 6 (1) sentence 1 (a) or Article 9 (2) (a) GDPR) or on a contract to which you are a party and the processing is done using automated procedures. The right to data portability in this case includes the following rights, provided that this does not affect the rights and freedoms of others: You may require us to receive the personal information you provide us in a structured, common and machine-readable format , You have the right to transfer this data to another person without hindrance on our part. If technically feasible, you may require us to transfer your personal information directly to another person in charge.

    11.6. Opposition
    Insofar as the processing is based on Article 6 (1) sentence 1 (e) of the GDPR (exercise of a task in the public interest or in the exercise of official authority) or on Article 6 (1) (1) (f) GDPR (legitimate interest of the controller or a third party), you have the right, at any time, to object to the processing of the personal data concerning you for reasons of your particular situation. This also applies to a profiling based on Art. 6 (1) sentence 1 letter e) or letter f) of the GDPR. After exercising your right to object, we will no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.

    You may at any time object to the processing of the personal data relating to you for direct marketing purposes. This also applies to a profiling associated with such direct mail. After exercising this right of objection, we will no longer use the personal data concerned for direct marketing purposes.

    You have the option of informing us informally, by telephone, by e-mail, if necessary by fax or to our postal address listed at the beginning of this data protection policy.

    11.7. Revocation of Consent
    You have the right to revoke your consent at any time with effect for the future. The revocation of the consent can be communicated by phone, by e-mail, possibly by fax or to our postal address informal. The revocation does not affect the lawfulness of the data processing which has taken place on the basis of the consent until receipt of the revocation. Upon receipt of the revocation, the data processing, which was based solely on your consent, is set.

    11.8. Complaint
    If you believe that the processing of your personal information is unlawful, you may lodge a complaint with a data protection supervisory authority that has jurisdiction over your place of residence or employment or the location of the alleged breach.

    12. Status and Update of this Data protection policy
    This data protection policy is as of May, 25th 2018. We reserve the right to update the privacy statement in due course to improve data protection and / or adapt it to changes in regulatory practice or jurisdiction.