Name and address of the controller

The controller in the sense of the General Data Protection Regulation and other national data protection laws in the Member States as well as other statutory data protection provisions is:

Oh, my music! publisher UG & Co. KG
Anika Jankowski
Prießnitzstraße 34
01099 Dresden
Germany

A data protection officer is not appointed because the related facts under Article 37 GDPR do not exist.

SSL encryption

The website operators use SSL encryption to provide the best possible protection for your data. You can identify an encrypted connection by the prefix “https://” in the page link in your browser’s address line. SSL encryption protects all data that you provide to this website – for instance during inquiries or logins – from third-party access.

General information about data protection

1. Scope of processing for personal data

We fundamentally process our users’ personal data only to the extent that this is necessary in order to provide them with a functional website along with our content and services. As a rule, our users’ personal data is only processed with the user’s consent. Exceptions apply in cases where it is not possible to obtain prior consent for practical reasons, and where processing of the data is permitted by statutory provisions.

2. Legal basis for processing personal data

If and to the extent that we obtain consent from the data subject for processing transactions, Art. 6 Sec. 1 lt. a EU General Data Protection Regulation (GDPR) serves as the legal basis. In processing personal data that is needed in order to fulfill a contract with the data subject, Art. 6 Sec. 1 lt. b GDPR serves as the legal basis. This also applies to processing transactions that are necessary in order to perform pre-contractual measures. If and to the extent that personal data must be processed in order to fulfill a legal obligation to which our company is subject, Art. 6 Sec. 1 lt. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require personal data to be processed, Art. 6 Sec. 1 lt. d GDPR serves as the legal basis. If processing is necessary in order to protect a legitimate interest of our company or a third party and unless the data subject’s interests, basic rights and basic freedoms override the former interest, Art. 6 Sec. 1 lt. f GDPR serves as the legal basis for processing.

3. Data erasure and storage period

The data subject’s personal data shall be erased or blocked as soon as the storage purpose no longer applies. Longer storage may occur where required by European or national law in Union ordinances, laws or other regulations to which the controller is subject. The data shall also be blocked or erased if a storage period established by the abovementioned standards expires, unless the data must continue to be stored in order to conclude or fulfill a contract.

Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information about the accessing computer system. This includes information about the browser type and version used, the user’s operating system, the user’s internet service provider and IP address, date and time of access, websites from which the user’s system accesses our web page, and websites that the user’s system accesses via our website. This data is stored in log files in our system, with the exception of the user’s IP addresses or other data that can be used to identify a user. This data is not stored together with other personal data concerning the user.

2. Legal basis for storage

The legal basis for temporary storage of the data is Art. 6 Sec. 1 lt. f GDPR.

3. Purpose of data processing

The system must temporarily store the IP address in order to deliver the website to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session. This also constitutes our legitimate interest in data processing as per Art. 6 Sec. 1 lt. f GDPR.

4. Duration of storage

Data shall be erased as soon as it is no longer needed to achieve the purpose for which it was collected. In the case of data collection for the purpose of making the website available, this is the case when each session ends.

5. Objection right

Data must be collected in order to make the website available, and stored in log files in order to operate the website. Therefore, the user does not have the right to object to this.

Technically necessary cookies

1. Description and scope of data processing

Our website uses cookies that are technically necessary. Cookies are text files stored in the user’s web browser and/or by the web browser in the user’s computer system. When a user accesses a website, a cookie may be placed in the user’s operating system. This cookie contains a unique sequence of characters that allows the browser to be clearly identified the next time the website is accessed. We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identified even after switching to a new page. The user data collected by technically necessary cookies is not used to create user profiles.

2. Legal basis for data processing

The legal basis for processing personal data by means of cookies is Art. 6 Sec. 1 lt. f GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify website use for the users. Some of the functions on our website cannot be offered without the use of cookies. These functions require the browser to be recognized even after switching pages. This also constitutes our legitimate interest in processing personal data as per Art. 6 Sec. 1 lt. f GDPR.

4. Duration of storage, objection and/or blocking right

Since the cookies are stored on the user’s computer, only the user can block or restrict the transmission of cookies by changing his or her own settings in the web browser. Previously stored cookies can be erased at any time. This can also take place automatically. If cookies are blocked for our website, you may no longer be able to fully use all of the website functions.

Email contact

1. Description and scope of data processing

Our website provides an email address that you can use to contact us. In this case, the user’s personal data provided in the email shall be stored. Data provided in this context is not shared with third parties. The data is exclusively used to process the conversation.

2. Legal basis for data processing

The legal basis for processing data provided while sending an email is Art. 6 Sec. 1 lt. f GDPR. If the aim of the email contact is to conclude a contract, an additional legal basis for processing is Art. 6 Sec. 1 lt. b GDPR.

3. Purpose of data processing

Processing of personal data from the email exclusively allows us to process the contact request. This also constitutes our necessary legitimate interest in processing the data.

4. Duration of storage

The data shall be deleted as soon as it is no longer needed to achieve the purpose for which it was collected, in other words when the respective conversation with the user has ended. The conversation has ended when circumstances indicate that the issue in question has been definitively resolved.

5. Objection right

The user has the right to object to the storage of his or her personal data at any time. In order to assert this objection right, please send an email to us. All personal data stored in the context of the contact request shall then be erased. In this case, the conversation cannot be continued.

Application by email

1. Description and scope of data processing

Our website provides an email address that can be used to apply for our posted job openings. The application materials you submit shall exclusively be used to review your suitability for the posted job and to complete the application process. They shall not be shared with third parties.

2. Legal basis for data processing

The legal basis for processing data submitted to us as part of an application is § 26 Section 1 Sentence 1 BDSG.

3. Purpose of data processing

We shall exclusively process personal data from the email for the purpose of processing your application.

4. Duration of storage

The data shall be erased when the application process has ended, in other words, when the job is filled or the application process is canceled.

5. Erasure right

The user has the right at any time to withdraw his or her application and to request the erasure of the personal data. In order to assert this erasure right, please send an email to us. All personal data stored in the context of the application shall then be deleted unless different statutory storage periods apply.

Analysis using SlimStat

1. Scope of data processing

This website uses WP-SlimStat (http://wordpress.org/extend/plugins/wp-slimstat), a web analytics service. We have set WP-SlimStats to block cookies and mask the IP addresses. We use this information to analyze the use of our website. This information is stored in our server area in Germany and is not shared with third parties.

2. Legal basis

Web analysis is performed on the basis of Art. 6 Sec. 1 lt. f GDPR.

3. Purpose

We have a legitimate interest in the anonymized analysis of user behavior in order to optimize our web offering as well as our advertising.

4. Duration of storage

The duration of storage shall be a maximum of 426 days (14 months), after which the data shall be erased.

5. Blocking option

If you choose the Do Not Track (DNT) function in your browser, your page visit shall not be analyzed.

Embedded YouTube videos

1. Scope of data processing

We embed YouTube videos on some of our web pages. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. As a rule, when a page containing YouTube videos is opened, cookies are placed and information is collected about the visitor. However, we have embedded the videos in expanded data protection mode, which means that a connection shall be established with YouTube, but cookies shall only be placed if you actually open the video. If you have an account with the service or with partners of the service and are logged in to this account, your surfing behavior can be assigned to you personally when a cookie is placed. You can prevent this by logging out of the service account before opening the video.

2. Legal basis

The legal basis is Art. 6 Section 1 Sentence 1 lt. f GDPR.

3. Purpose

The purpose of embedding videos is to ensure effective publicity for us. This also constitutes our legitimate interest.

4. Duration, blocking right

Information about the service’s data protection policies, particularly the storage and erasure periods, can be found in the provider’s data privacy policy under:

https://www.google.de/intl/de/policies/privacy/

Rights of the data subject

If personal data concerning you is processed, you are considered a data subject in the sense of the GDPR and you have the following rights with regard to the Controller:

1. Right of access

You have the right to request confirmation from the Controller as to whether personal data concerning you is being processed by us. Where this is the case, you can request information from the Controller about the following:

(1) the purposes for which personal data is being processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom the personal data has been or shall be disclosed;

(4) the envisaged period for which your personal data shall be stored, or, if this is not known, the criteria used to determine that period;

(5) the existence of a right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) all available information as to the source of the data, where the personal data was not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Art. 22 Sec. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether your personal data is transferred to a third country or an international organization. In this context, you can request information about the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

2. Right to rectification

You have the right to obtain from the Controller the rectification and/or completion of inaccurate personal data concerning you if your processed personal data is incorrect or incomplete. The Controller shall perform such rectification without undue delay.

3. Right to restriction of processing

Under the following conditions, you can request a restriction of processing for your personal data:

(1) if you contest the accuracy of your personal data, for a period enabling the Controller to verify the accuracy of the personal data;

(2) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3) if the Controller no longer needs the personal data for the purposes of the processing, but you require it in order to establish, exercise or defend legal claims; or

(4) if you have objected to processing pursuant to Art. 21 Sec. 1 GDPR pending verification of whether the legitimate grounds of the Controller override your ground.

Where processing of your personal data has been restricted, this data shall, with the exception of storage, only be processed with your consent or in order to establish, exercise or defend legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If processing has been restricted pursuant to the above requirements, you shall be informed by the Controller before the restriction is lifted.

4. Right to erasure

a) Erasure obligation

You have the right to obtain from the Controller the erasure of personal data concerning you, and the Controller has the obligation to erase such data without undue delay where one of the following grounds applies:

(1) Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

(2) You withdraw your consent on which the processing was based pursuant to Art. 6 Sec. 1 lt. a or Art. 9 Sec. 2 lt. a GDPR, and where there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21 Sec. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 Sec. 2 GDPR.

(4) Your personal data was unlawfully processed.

(5) Your personal data must be erased for compliance with a legal obligation under Union or Member State law to which the Controller is subject.

(6) Your personal data was collected in relation to the offer of information society services pursuant to Art. 8 Sec. 1 GDPR.

b) Information shared with third parties

Where the Controller has made your personal data public and is obliged pursuant to Art. 17 Sec. 1 GDPR to erase the personal data, the Controller, taking account of the available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers that are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.

c) Exceptions

The erasure right shall not apply to the extent that processing is necessary:

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation that requires processing under Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

(3) for reasons of public interest in the area of public health pursuant to Art. 9 Sec. 2 lt. h and i as well as Art. 9 Sec. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 Sec. 1 GDPR, in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) to establish, exercise or defend legal claims.

5. Notification right

If you have asserted your right to rectification, erasure or restriction of processing toward the Controller, the Controller shall notify all recipients to whom your personal data has been disclosed about this rectification or erasure of personal data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to obtain information from the Controller about these recipients.

6. Right to data portability

You have the right to receive your personal data, which you have provided to the Controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data was provided, where:

(1) the processing is based on consent pursuant to Art. 6 Sec. 1 lt. a GDPR or Art. 9 Sec. 2 lt. a GDPR or on a contract pursuant to Art. 6 Sec. 1 lt. b GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others. The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on Art. 6 Sec. 1 lt. e or f GDPR, including profiling based on these provisions. The Controller shall no longer process your personal data unless the Controller can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless the processing serves the purpose of establishing, exercising or defending legal claims. Where your personal data is processed for direct marketing purposes, you shall have the right to object at any time to the processing of your personal data for the purpose of such marketing; this includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes. In the context of the use of information society services, notwithstanding Directive 2002/58/EC, you may exercise your objection right by automated means using technical specifications.

8. Right to withdraw consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawal of your consent shall not affect the lawfulness of any processing that took place on the basis of your consent before the time of the withdrawal.

9. Automated individual decision-making, including profiling

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:

(1) is necessary for entering into, or performance of, a contract between you and the Controller,

(2) is authorized by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or

(3) is based on your explicit consent.

However, such decisions shall not be based on special categories of personal data pursuant to Art. 9 Sec. 1 GDPR unless Art. 9 Sec. 2 lt. a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in points (1) and (3), the Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express your own point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant about the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.