bootstrap responsive templates





EN / DE

Privacy Policy

September 11, 2023

Overview of contents

Responsible

Barbara Duchow Productions
Barbara Duchow
Hamburg 22765, Germany

Email address:

lunattack@barbaraduchow.com

Imprint:

https://lunattack.com/impressum.html

Relevant legal bases

Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases apply in individual cases, we will inform you about these in the data protection declaration.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given their consent to the processing of personal data concerning them for a specific purpose or There are several specific purposes.
  • Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) - The processing is for the fulfillment of a contract, whose The contracting party is the data subject, or is necessary to carry out pre-contractual measures that take place at the request of the data subject.
  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR)< /strong> - Processing is necessary to fulfill a legal obligation to which the person responsible is subject.
  • Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) - Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, outweigh them.

< strong>National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes in particular the law to protect against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Note on the validity of the GDPR and Swiss GDPR: This data protection notice serves to provide information in accordance with the Swiss Federal Data Protection Act (Swiss GDPR) and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that the terms of the GDPR are used due to their broader spatial application and comprehensibility. In particular, instead of the terms “processing” of “personal data”, “overriding interest” and “particularly sensitive personal data” used in the Swiss DSG, the terms “processing” of “personal data” as well as “legitimate interest” and “special categories” used in the GDPR are used of data". However, the legal meaning of the terms will continue to be determined according to the Swiss DSG within the scope of the Swiss DSG.

Overview of processing operations

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed Data

  • Inventory data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication and procedural data.

Categories of data subjects

  • Customers.
  • Interested parties.
  • Communication partners.
  • Users.
  • Business and contractual partners.

Purposes of processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Contact inquiries and communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Tracking.
  • Office and organizational procedures.
  • Conversion measurement.
  • Management and response to inquiries.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.< /li>

Security measures

We take security measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and the purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, securing availability and their separation. We have also set up procedures to ensure that the rights of those affected are exercised, data are deleted and responses are made to data threats. Furthermore, we take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Transmission of personal data

As part of our processing of personal data, the data may be transmitted to other bodies, companies, legally independent organizational units or persons or disclosed to them become. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International data transfers

Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing in When using third-party services or disclosing or transmitting data to other people, bodies or companies, this only takes place in accordance with the legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Furthermore, data transfers only take place if the level of data protection is otherwise secured, in particular through standard contractual clauses (Art. 46 Para. 2 lit. c) GDPR), express consent or in the case of contractually or legally required transfer (Art. 49 Para. 1 GDPR). . We will also inform you about the basics of third-country transfers for the individual providers from the third country, with the adequacy decisions taking precedence as the basics. Information on third country transfers and existing adequacy decisions can be found in the EU Commission's information offering: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de.

EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection as secure for certain companies from the USA as part of the adequacy decision of July 10, 2023 . The list of certified companies and further information about the DPF can be found on the US Department of Commerce website at https://www.dataprivacyframework .gov/ (in English). As part of the data protection information, we will inform you which service providers we use are certified under the Data Privacy Framework.

Rights of the data subjects

Rights of the data subjects from the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

  • Right to object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you based on Article 6 Paragraph 1 lit. e or f GDPR, you have to lodge an objection; This also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
  • Right to revoke consent: You have the right to revoke your consent at any time.< /li>
  • Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: In accordance with legal requirements, you have the right to request that the data concerning you be completed or that incorrect data concerning you be corrected.
  • Right to deletion and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately, or alternatively, in accordance with the legal requirements, a restriction on the processing of the data To request data.
  • Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements or to request that it be transmitted to another person responsible.
  • Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your usual place of residence, your place of work or the place of the alleged infringement if you believe that the processing of personal data concerning you violates the requirements of the GDPR.

Use of cookies

Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, to save the login status in a user account, the contents of a shopping cart in an e-shop, the content accessed or the functions used of an online offer. Cookies can also be used for various purposes, e.g. for the purposes of the functionality, security and comfort of online offerings as well as the creation of analyzes of visitor flows.

Notes on consent: We use cookies in accordance with legal regulations. We therefore obtain prior consent from users, unless this is not required by law. In particular, consent is not necessary if the storage and reading of the information, including cookies, is absolutely necessary in order to provide users with a telemedia service they have expressly requested (i.e. our online offering). Strictly necessary cookies generally include cookies with functions related to the display and operability of the online offering, load balancing, security, storage of users' preferences and choices or similar to the provision of the main and secondary functions of those requested by users purposes related to the online offering. The revocable consent is clearly communicated to the users and contains information on the respective cookie use.

Notes on data protection legal bases: On which data protection legal basis we process users' personal data with the help of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing your data is their declared consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offering and improving its usability) or, if this is within the scope of the fulfillment of our contractual obligations, if the use of cookies is necessary for our purposes to fulfill contractual obligations. We will explain the purposes for which we process cookies in the course of this data protection declaration or as part of our consent and processing processes.

Storage period: With regard to the storage period, a distinction is made between the following types of cookies:

  • Temporary cookies (also: session or session cookies Cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their device (e.g. browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. User data collected using cookies can also be used to measure reach. Unless we provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years.

General information on revocation and objection (so-called “opt-out”): Users can revoke the consent they have given at any time and object to the processing in accordance with the legal requirements. To do this, users can, among other things, restrict the use of cookies in their browser settings (which may also limit the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be made via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ are explained.

  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).

Further information on processing processes, procedures and services:

  • Processing of cookie data based on consent: We use a cookie consent management process, in which the users' consent to the Use of cookies, or the processing and providers mentioned as part of the cookie consent management process, can be obtained and managed and revoked by users. The declaration of consent is saved so that it does not have to be asked again and to be able to prove consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) in order to be able to assign the consent to a user or their device. Subject to individual information about the providers of cookie management services, the following information applies: The duration of the storage of consent can be up to two years. Here, a pseudonymous user identifier is created and stored with the time of consent, information about the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and device used; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).

  • Business services

    We process data from our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") within the framework of contractual and comparable legal relationships as well as associated measures and as part of communication with the contractual partners (or pre-contractual), e.g. to answer inquiries.

    We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to protect our rights and for the purposes of the administrative tasks associated with these obligations and the company organization. In addition, we process the data on the basis of our legitimate interests in proper and business management as well as security measures to protect our contractual partners and our business operations from misuse and jeopardy of their data, secrets, information and rights (e.g. for the participation of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the scope of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, as part of this data protection declaration.

    We inform the contractual partners which data is required for the aforementioned purposes before or as part of the data collection, e.g. in online forms, through special marking (e.g. colors) or symbols (e.g. asterisks, etc.), or personally.

    We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after 4 years, unless the data is stored in a customer account, e.g. as long as it must be retained for legal archiving reasons . The statutory retention period is ten years for documents relevant to tax law as well as for commercial books, inventories, opening balance sheets, annual financial statements, the work instructions required to understand these documents and other organizational documents and accounting documents, and six years for commercial and business letters received and copies of the commercial and business letters sent. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report were prepared, the commercial or business letter was received or sent or the accounting document was created and the recording was also made or the other documents have been created.

    If we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

    • Types of data processed: Inventory data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history); Contact details (e.g. email, telephone numbers); Contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
    • Affected persons: Customers; Interested persons. Business and contractual partners.
    • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Safety measures; Contact inquiries and communication; Office and organizational procedures. Managing and responding to inquiries.
    • Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

    Further information on processing processes, procedures and services:

    • Shop and e-commerce: We process our customers' data to enable them to select, purchase or order the selected products and goods as well as associated services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or execution to our customers. We use the services of banks and payment service providers to process payment transactions. The required information is marked as such as part of the ordering or comparable purchase process and includes the information required for delivery, provision and billing as well as contact information in order to be able to hold any consultations; Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).
    • Events and Events: We process the data of participants in events, events and similar activities offered or organized by us (hereinafter referred to as “participants” and “events”) in order to enable them to participate in the events and take advantage of the services provided To enable participation in related services or promotions.

      If we process health-related data, religious, political or other special categories of data in this context, then this is done within the scope of obviousness (e.g. at thematically oriented events or serves health prevention, security or takes place with the consent of those affected ).

      The required information is marked as such within the framework of the conclusion of the order, order or comparable contract and includes the information required for the provision of services and billing as well as contact information in order to be able to hold any consultations. As far as we receive access to information from end customers, employees or other persons, we process it in accordance with the legal and contractual requirements; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Paragraph 1 S. 1 lit. b) GDPR).

    Use of online platforms for offering and sales purposes

    We offer our services on online platforms that are operated by other service providers. In this context, in addition to our data protection information, the data protection information of the respective platforms applies. This applies in particular with regard to the implementation of the payment process and the procedures used on the platforms for reach measurement and interest-based marketing.

    • Types of data processed: Inventory data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history); Contact details (e.g. email, telephone numbers); Contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status).
    • Affected persons: Customers.
    • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Marketing.
    • Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR). Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

    Further information on processing processes, procedures and services:

    • We offer self-designed designs for printing on products via spreadshirt.com. When you click on “Merch” you will be taken to our Spreadshop embedded on lunattack-store.myspreadshop.de (Europe) and lunattack.myspreadshop.com (America). Spreadshirt provides this shop technically and processes your IP address and all data required for order processing, delivery and invoicing. We do not gain any knowledge of your data, but are only informed about the products you have ordered and receive a corresponding margin as compensation. Spreadshirt: Online marketplace for e-commerce; Service provider: sprd.net AG,, Gießerstraße 27, 04229 Leipzig, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.spreadshirt.de/. Data protection declaration: https://www.spreadshirt.de/datenschutz-C3928.

    Provision of online offerings, web hosting and website modular systems

    We process user data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

    • Types of data processed: Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status).
    • Affected persons: Users (e.g. website visitors, users of online services).
    • Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.); Safety measures. Provision of contractual services and fulfillment of contractual obligations.
    • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
    • Further information on processing processes, procedures and services:

      • Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files”. The server log files include the address and name of the websites and files accessed, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP address. Addresses and the requesting provider belong. The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the servers (particularly in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.


      Web hosting introduction

      When you visit websites these days, certain information - including personal data - is created and stored automatically, including on this website. This data should be processed as sparingly as possible and only with justification. By the way, by website we mean the entirety of all websites on a domain, i.e. everything from the start page (homepage) to the very last subpage (like this one). By domain we mean, for example, example.de or musterexample.com.

      If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know a few web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We call it browser or web browser for short.

      To display the website, the browser must connect to another computer where the website's code is stored: the web server. Operating a web server is a complicated and time-consuming task, which is why it is usually carried out by professional providers. These offer web hosting and thus ensure reliable and error-free storage of website data. A lot of technical terms, but please stay tuned, it gets better!

      When the browser connects to your computer (desktop, laptop, tablet or smartphone) and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, but on the other hand, the web server also needs to store data for a while to ensure proper operation.

      A picture is worth a thousand words, so the following graphic shows the interaction between the browser, the Internet and the hosting provider.

      GoDaddy

      To host our website, we use the web hosting services of the company GoDaddy / Websites; Service provider: Corporate Headquarters, 2155 E. GoDaddy Way, Tempe, AZ 85284 USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.godaddy.com< /a>. Data protection declaration: https://www.godaddy.com/de-de/legal/agreements/privacy-policy.


      Website modular system Introduction

      We use a website modular system for our website. Modular systems are special forms of a content management system (CMS). With a modular system, website operators can create a website very easily and without any programming knowledge. In many cases, web hosts also offer modular systems. By using a modular system, your personal data can also be collected, stored and processed. In this data protection text we provide you with general information about data processing through modular systems. Further information can be found in the provider's privacy policy.

      Mobirise

      We use this for our website the Mobirise website construction system. The service provider is the Dutch company Mobirise, Flight Forum 40, 5657 DB Eindhoven, Netherlands. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://mobirise.com. Privacy policy: https://mobirise.com/ privacy.html.


      Contact and inquiry management

      When you contact us (e.g. by post, contact form, email, telephone or via social media) as well as within the framework of existing user and business relationships The details of the requesting persons are processed to the extent that this is necessary to answer the contact requests and any requested measures.

      • Types of data processed: Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status).
      • Affected persons: Communication partners.
      • Purposes of processing: Contact requests and communication; managing and responding to inquiries; Feedback (e.g. collecting feedback via online form). Provision of our online offering and user-friendliness.
      • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).


      Further information on processing processes, procedures and services:

      • Contact form: If users contact us via our contact form, email or other communication channels, we process what is communicated to us in this context Data for processing the communicated request; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).


      Audio content

      We use hosting and analysis offers from service providers to offer our audio content for listening or downloading and to obtain statistical information about the retrieval of the audio content .

      • Types of data processed: Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status).
      • Affected persons: Users (e.g. website visitors, users of online services).
      • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); Conversion measurement (measuring the effectiveness of marketing measures); Profiles with user-related information (creating user profiles). Provision of our online offering and user-friendliness.
      • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).


      Further information on processing processes, procedures and services:


      Newsletters and electronic notifications

      We send newsletters, e-mails and other electronic notifications (hereinafter "newsletter") only with the consent of the recipient or legal permission. If within the framework When you register for the newsletter, the contents of which are specifically described, they are decisive for the user's consent. Furthermore, our newsletters contain information about our services and us.

      In order to register for our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name so that you can be addressed personally in the newsletter, or other information if this is necessary for the purposes of the newsletter.

      Double opt-in procedure: Registration for our newsletter is generally carried out using a so-called double opt-in procedure. This means that after registering you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can log in with someone else's email address. Registrations for the newsletter are logged in order to be able to provide evidence of the registration process in accordance with legal requirements. This includes storing the registration and confirmation times as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

      Deletion and restriction of processing: We can store the unsubscribed email addresses for up to three years based on our legitimate interests before we delete them in order to be able to prove that we have previously given consent. The processing of this data is limited to the purpose of possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the event of obligations to permanently observe contradictions, we reserve the right to store the e-mail address in a blacklist (so-called "blocklist") solely for this purpose.

      The recording of the registration process is based on our legitimate interests for the purpose of providing evidence of its proper execution. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure shipping system.

      Contents: Information about us, our services, promotions and offers.
      • Types of data processed: Inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status). Usage data (e.g. websites visited, interest in content, access times).
      • Affected persons: Communication partners.
      • Purposes of processing: Direct marketing (e.g. by email or post).
      • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
      • Opt-out option: You can cancel the receipt of our newsletter at any time, i.e. Revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably e-mail.


      Further information on processing processes, Procedures and services:

      • Measurement of opening and click rates: The newsletters contain a so-called "web beacon", i.e., a pixel-sized file that is retrieved from our server or, if we use a shipping service provider, from its server when the newsletter is opened. As part of this retrieval, technical information is initially collected, such as information about the browser and your system, as well as yours IP address and the time of retrieval. This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until it is deleted. The evaluations help us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
      • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).
      • Mailchimp: E-mail delivery and e-mail delivery and automation services; Service Provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://mailchimp.com; Privacy policy: https://mailchimp.com/legal/; Order processing agreement: https://mailchimp.com/legal/; Base on third country transfer: EU-US Data Privacy Framework (DPF), Standard contractual clauses (Are provided by the service provider). More information: Special security measures: https://mailchimp.com /help/Mailchimp-european-data-transfers/.
      • Mailjet: Email delivery and email delivery and automation services; Service provider: Mailjet SAS,13-13 bis, rue de l’Aubrac, 75012 Paris, France; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.mailjet.de. Data protection declaration: https://www.mailjet.de/privacy-policy.


      Online marketing

      We process personal data for online marketing purposes, including in particular the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on the potential interests of the Users and the measurement of their effectiveness can fall.

      For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used to store the user information relevant to the display of the aforementioned content. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information about times of use and functions used. If users have consented to the collection of their location data, this can also be processed.

      The users' IP addresses are also stored. However, we use available IP masking procedures (i.e. pseudonymization by shortening the IP address) to protect users. In general, as part of the online marketing process, no clear user data (such as e-mail addresses or names) is stored, but rather pseudonyms. This means that we as well as the providers of the online marketing processes do not know the actual identity of the users, but only the information stored in their profiles.

      The information in the profiles is usually stored in cookies or using similar methods. These cookies can later generally also be read on other websites that use the same online marketing process, analyzed for the purposes of displaying content, and supplemented with further data and stored on the server of the online marketing process provider.

      Exceptionally, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing processes we use and the network connects the users' profiles with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g. by giving consent during registration.

      We generally only receive access to summarized information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e., for example, to the conclusion of a contract with us. Conversion measurement is used solely to analyze the success of our marketing measures.

      Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.

      • Types of data processed: Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status).
      • Affected persons: Users (e.g. website visitors, users of online services).
      • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); Tracking (e.g. interest/behavioral profiling, use of cookies); Marketing. Profiles with user-related information (creation of user profiles).
      • Security measures: IP masking (pseudonymization of the IP address).
      • Opt -Out): We refer to the data protection information of the respective providers and the objection options specified for the providers (so-called “opt-out”). If no explicit opt-out option has been provided, you have the option of turning off cookies in your browser settings. However, this may restrict the functions of our online offering. We therefore also recommend the following opt-out options, which are offered in summary for the respective areas:

        a) Europe: https://www.youronlinechoices.eu.
        b) Canada: https://www.youradchoices.ca/choices.
        c) USA: https://www.aboutads.info/choices.
        d) Cross-territorial: https://optout.aboutads.info.


      Presences in social networks (Social Media) and external links

      We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to obtain information about to offer us.

      We would like to point out that user data may be processed outside the European Union. This can result in risks for users because, for example, it could make it more difficult to enforce users' rights.

      Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on usage behavior and the resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and interests of the users are stored. Furthermore, data can also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

      For a detailed description of the respective forms of processing and the objection options (opt-out), we refer to the data protection declarations and information of the operators of the respective networks.

      In the case of requests for information and the assertion of the rights of those affected, we would also like to point out that these can most effectively be asserted with the providers. Only the providers have access to user data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

      • Types of data processed: Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status).
      • Affected persons: Users (e.g. website visitors, users of online services).
      • Purposes of processing: Contact requests and communication; Feedback (e.g. collecting feedback via online form). Marketing.
      • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).


      Use of social media buttons:

      On our website we want to avoid comprehensive recording and evaluation of your visit by providers of social networks/sharing functions in social networks. To do this, we replace the usual buttons on social networks and thereby protect your usage behavior. The social network buttons listed below are only integrated into our website as graphics. The graphic contains a link to the corresponding social network.

      We include the following social networks via link on our website:

      • Instagram: Social network; Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.instagram.com. Privacy policy: https://instagram.com/about/legal/privacy.
      • Facebook pages: Profiles within the social network Facebook - We are in partnership with Meta Platforms Ireland Limited is responsible for collecting (but not further processing) data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content users view or interact with, or the actions they take (see “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see “Device information” in the Facebook data policy: https: //www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services called “Page Insights” to site operators to provide them with insights into how people engage with their Pages and interact with the content associated with them. We have concluded a special agreement with Facebook ("Information on Page Insights", https://www. facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of those affected (i.e. users can, for example, provide information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the responsible supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information about Page Insights" (https://www.facebook.com /legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Base on third country transfer: EU-US Data Privacy Framework (DPF), Standard contractual clauses (https://www.facebook.com/legal/EU_data_transfer_addendum). More information: Shared responsibility agreement:"https: www.facebook.com="" legal="" eu_data_transfer_addendum"="" target="_blank"> https://www.facebook.com /legal/terms/information_about_page_insights_data. The joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transmission of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the agreement between Meta Platforms Ireland Limited and Meta Platforms, Inc. concluded standard contractual clauses).TikTok: Social network / video platform; Service Providers: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; ">Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.tiktok.com. Privacy policy: https://www.tiktok.com/de/privacy- policy.
      • X: Social network; Service Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Privacy policy: https://twitter.com/privacy, (Settings : https://twitter.com/personalization).
      • YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Privacy policy: https://policies.google.com/privacy; Base on third country transfer: EU-US Data Privacy Framework (DPF). Opt-out option: https://adssettings.google.com/authenticated.
      • Medium: Social network; Service Provider: Medium Corporation, P.O. Box 602, San Francisco, CA 94104-0602, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://medium.com. Privacy policy: https://policy.medium.com/medium- privacy-policy-f03bf92035c9.
      • Spotify: Streaming music service and Social network; Service provider: Spotify AB, Regeringsgatan 19, SE- 111 53 Stockholm, Sweden; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.spotify.com/de. Privacy policy: https://www.spotify.com/de /legal/privacy-policy/.

    Use of other external links buttons:

    Paypal: Our website allows donations via PayPal. The provider of the donation service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. The provider’s data protection regulations apply.

    If you donate using PayPal, the payment details you entered will be transmitted to PayPal. Your data will be transmitted to PayPal on the basis of Art. 6 Para. 1 lit. a GDPR (consent) and Art. 6 Para. 1 lit. b GDPR (processing to fulfill a contract). You can revoke the consent you have already given at any time. Past data processing operations remain effective if revoked. 

    GoFundMe: Our website also allows donations via GoFundMe. The provider of the donation service is GoFundMe Ireland, Ltd., 70 Sir John Rogerson Quay, Dublin 2, Ireland. The provider’s data protection regulations apply.

    Apple Music: Streaming music service; Service provider: Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://music.apple.com/. Privacy policy: https://www.apple.com/de/legal/privacy/data/de/apple-music/.


      Plugins, Widgets and embedded functions as well as content

      We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). This can be, for example, graphics, videos or city maps (hereinafter referred to as “content”).

      The integration always requires that the third party providers of this content process the users' IP address, as without the IP address they would not be able to send the content to their browser. The IP address is therefore required to display this content or functions. We strive to only use content whose respective providers only use the IP address to deliver the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, as well as being linked to such information from other sources.

      • Types of data processed: Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status).
      • Affected persons: Users (e.g. website visitors, users of online services).
      • Purposes of processing: Provision of our online offering and user-friendliness.
      • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).


      Further information on processing processes, procedures and services:

      • Google Fonts (obtained from Google server): Obtaining fonts (and symbols) for the purpose of technically secure, maintenance-free and efficient use of fonts and symbols with regard to topicality and loading times, their uniformity Presentation and consideration of possible licensing restrictions. The font provider is informed of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted that is necessary for the provision of the fonts depending on the devices used and the technical environment. This data can be processed on a server of the font provider in the USA - When you visit our online offering, the users' browsers send their browser HTTP requests to the Google Fonts Web API (i.e. a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Google Fonts Cascading Style Sheets (CSS) and then the fonts specified in the CCS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server and (3) the HTTP headers, including the user agent, which describes the browser and operating system versions of website visitors, as well as the referral URL (i.e. the web page on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers and are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent and referral URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. With the Google Fonts Web API, the user agent needs to customize the font that is generated for each browser type. The user agent is primarily logged for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregate usage statistics are published on the Google Fonts Analytics page. Finally, the referral URL is logged so that the data can be used for production maintenance and an aggregated report on the top integrations based on the number of font requests can be generated. Google says it does not use any of the information collected by Google Fonts to create end-user profiles or serve targeted ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://fonts.google.com/; Privacy policy: https://policies.google.com/privacy; Base on third country transfer: EU-US Data Privacy Framework (DPF). Further information: https://developers.google.com/fonts/faq/privacy?hl=de.
      • Bandcamp: Plugins from the music service Bandcamp (Bandcamp Inc., 178 Castro St., San Francisco, California 94114, USA) are integrated into our pages. You can recognize the Bandcamp plugins by the Bandcamp logo. When you visit our pages, the plugin establishes a direct connection between your browser and the Bandcamp server. Bandcamp thereby receives the information that you have visited our site with your IP address. If you use the Bandcamp player while logged into your Bandcamp account, Bandcamp can associate your visit to our pages with your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Bandcamp. Further information can be found in Bandcamp's privacy policy at: https://bandcamp.com/privacy. If you do not want Bandcamp to be able to assign your visit to our pages to your Bandcamp user account, please log out of your Bandcamp user account.
      • iubenda: We use one on our website Consent Management Platform (CMP) software that makes it easier for us and you to correctly and safely handle the scripts and cookies used. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides you with the cookie consent required by data protection law and helps us and you to keep track of all cookies. Most cookie consent management tools identify and categorize all existing cookies. As a website visitor, you then decide for yourself whether and which scripts and cookies you allow or disallow. The following graphic shows the relationship between browser, web server and CMP. Our goal is to offer you the best possible transparency in the area of data protection. We are also legally obliged to do so. We want to inform you as much as possible about all the tools and all the cookies that can store and process your data. It is also your right to decide for yourself which cookies you accept and which you do not. In order to grant you this right, we must first know exactly which cookies ended up on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with GDPR-compliant information about them. You can then accept or reject cookies via the consent system. As part of our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. The declaration of your consent will be saved so that we do not have to ask you every time you visit our website and we can also prove your consent if legally required. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage period for your cookie consent varies. This data (such as pseudonymous user ID, time of consent, detailed information on cookie categories or tools, browser, device information) is usually stored for up to two years. Right to object: You also have the right and the opportunity to revoke your consent to the use of cookies at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser.  You can find information about special cookie management tools - if available - in the following sections. lubenda privacy policy: We use lubenda, a tool for managing cookie consent, on our website. The service provider is the Italian company iubenda s.r.l., Via San Raffaele, 1 – 20121 Milan, Italy. You can find out more about the data processed through the use of lubenda in the Privacy Policy on https://www.iubenda.com/privacy-policy/30370247.
      • Bandsintown: We use the band sintown widget to display our concert dates and lists. These concert dates and lists are provided with an introductory text for easy recognition. Widget provider is bandsintown, LLC | 8 W 36th Street | New York, NY 10018 | USA https://www.bandsintown.com/ - The Privacy Policy and Cookie Policy of the provider apply https://corp.bandsintown.com/cookie-policy. If you have an active user account for bands in Town (or are logged in with your Facebook account ...) data (origin sites, clicked artists etc.) can be linked to your user account. If you do not want this, we recommend that you log out of your user account before clicking on concert details at Bandsintown.


      Changes and updates to the data protection declaration

      We ask you to regularly inform yourself about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

      If we provide addresses and contact information for companies and organizations in this data protection declaration, please note that the addresses may change over time and ask you to check the information before contacting us.

      Definitions of terms

      In this section you will find an overview of the terms used in this data protection declaration. To the extent that the terms are defined by law, their legal definitions apply. The following explanations, however, are intended primarily to provide understanding.

      • Conversion measurement: Conversion measurement (also known as "visit action evaluation") is a procedure that can be used to determine the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the users' devices within the websites on which the marketing measures take place and then accessed again on the target website. For example, we can understand whether the advertisements we placed on other websites were successful.
      • Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); A natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special features, which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
      • Profiles with user-related information: The processing of “profiles with user-related information”, or “profiles” for short, includes any type of automated processing of personal data that consists of this Personal data is used to analyze certain personal aspects that relate to a natural person (depending on the type of profile creation, this may include different information regarding demographics, behavior and interests, such as interaction with websites and their content, etc.). , to evaluate or to predict them (e.g. interests in certain content or products, click behavior on a website or whereabouts). Cookies and web beacons are often used for profiling purposes.
      • Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offering and can determine the behavior or interests of visitors in certain information, such as the content of websites. include. With the help of reach analysis, website owners can, for example, identify at what time visitors visit their website and what content they are interested in. This allows you, for example, to better adapt the content of the website to the needs of your visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyzes of the use of an online offering.
      • Tracking: “Tracking” is when the behavior of users can be tracked across multiple online offerings. As a rule, behavioral and interest information is stored in relation to the online offerings used Cookies or stored on the servers of the tracking technology providers (so-called profiling). This information can then be used, for example, to show users advertisements that are likely to match their interests.
      • Responsible person: The “responsible person” is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
      • Processing: “Processing” means any process or series of processes carried out with or without the aid of automated processes in connection with personal data. The term is wide-ranging and includes practically every handling of data, be it collecting, evaluating, storing, transmitting or deleting.


      Created with free data protection generator.de by Dr. Thomas Schwenke

    Copyright © Lunattack 2024
    Impressum / Datenschutz / Cookies Policy / Privacy Policy.