Person in charge:
name/company: Music Eggert – Inhaber Rolf Eggert
street, number: Paulstraße 2
post code, place, country: 19249 Lübtheen, Deutschland
phone number: +49 38855 / 51 353
Data protection officer:
name: Steffen Grabowski
phone number: +49 395 / 70 79 114
Types of data processed:
Inventory data (e.g. names, addresses).
Contact details (e.g. e-mail, phone numbers).
Content data (e.g. text input).
Usage data (e.g. visited websites, interest in content, access times).
Meta-/communication data (e.g. device information, IP addresses).
Processing of special categories of data (art. ninth paragraph 1 GDPR):
In principle, no special categories of data are processed unless they are supplied for processing by the user (e.g. entered in forms).
Categories of data subjects:
Visitors and users of the online offer.
In the following, we also refer to the persons concerned as “users.”
Purpose of processing:
Provision of the online offer, its contents and functions.
Responding to contact requests and communicating with users.
1 .Relevant legal bases
3. Safety measures
3.1. We shall meet in accordance with the provisions of art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying degrees of probability and seriousness of the risk to the rights and freedoms of natural persons, appropriate technical and organisational measures to ensure a level of protection appropriate to the risk. These measures shall include in particular the safeguarding of the confidentiality, integrity and availability of data by controlling physical access to data, as well as access, input, disclosure, safeguarding of availability and segregation thereof. Furthermore, we have established procedures to ensure that data subjects‘ rights are exercised, data is deleted, and we respond to any threat to the data. In addition, we take into account the protection of personal data already during the development, or selection of hardware, software and procedures, according to the principle of data protection by technical design and by data protection-friendly presettings (art. 25 GDPR).
4 . Cooperation with processors and third parties
4.1. If we disclose data to other persons and companies (processors or third parties) within the scope of our processing, they transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, according to art. 6 para. 1 lit. b GDPR is necessary for the performance of the contract), if you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosters, etc.).
4.2. If we use third parties with the processing of data on the basis of a so-called „Contract processing contract”, this is done on the basis of art. 28 GDPR.
5. Transfers to third countries
If we have data in a third country (i.e. processing outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third-party services or disclosure or the transfer of data to third parties occurs, it takes place for the fulfilment of our (pre-) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests only. Subject to legal or contractual permissions, we process or leave the data in a third country only if the special conditions of art. 44 ff. processing GDPR. I. e. processing takes place e.g. on the basis of special guarantees, such as the officially recognised determination of an EU level of data protection or compliance with officially recognised specific contractual obligations (so-called “standard contractual clauses”).
6. Rights of data subjects
6.1. You have the right to obtain confirmation as to whether or not data in question are being processed and to obtain information on such data and to receive further information and a copy of the data in accordance with art. 15 GDPR.
6.2. Accordingly art. 16 GDPR you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
6.3. You have, in accordance with the provisions of art. 17 GDPR the right to demand that the data in question be deleted immediately, or alternatively, in accordance with art. 18 GDPR to require a restriction of the processing of the data.
6.4. You have the right to demand that the data concerning you that you have provided to us in accordance with art. 20 GDPR and to request their transmission to other controllers.
6.5. Referred to art. 77 GDPR you have also the right to lodge a complaint to the competent supervisory authority.
7. Right of withdrawal
You have the right to give your consent according to the law art. 7 para. 3 GDPR with effect for the future.
8. Right of objection
You may decide on the future processing of the data concerning you in accordance with art. 21 DSGVO at any time contradict. The objection may be made in particular against processing for direct marketing purposes.
9. Deletion of data
9.1 necessary for their purpose and the deletion does not preclude any statutory retention obligations. If the data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. I. e. the data is blocked and not processed for other purposes. This applies e.g. for data which must be kept for commercial or tax law reasons.
9.2. According to legal requirements, the storage is carried out in particular for 6 years according to § 257 para. 1 HGB (trade books, inventories, opening balances, annual accounts, trade letters, accounting documents, etc.) as well as for 10 years according to § 147 para. 1 AO (books, records, management reports, accounting documents, trade and business letters, documents relevant to taxation, etc.).
10.1. When contacting us (e.g. by e-mail) the information of the user for the processing of the contact request and its processing according to. Art. 6 para. 1 lit. b) GDPR processed. We would like to point out that unencrypted communication via e-mail is not considered to be safe. If possible, please use a secure means of communication such as a letter.
10.2. User information can be stored in our Customer Relationship Management System (CRM System) or similar query organization.
10.3. We use the “Zendesk” CRM system from Zendesk Inc. (1019 Market Street, San Francisco, CA 94 103 in the USA) based on our legitimate interests (efficient and fast processing of user requests). To this end, we have a contract with Zendesk Inc. standard contractual clauses in which Zendesk Inc. undertakes to process user data only in accordance with our instructions and to comply with the EU level of data protection.
10.4. We delete the requests if they are no longer required. We verify the necessity at least annually. In the case of statutory archiving obligations, the deletion takes place after their expiration (end of commercial law (6 years) and tax law (10 years) retention obligation).
11. Collection of access data and log files
11.1. We raise on the basis of our legitimate interests within the meaning of art. 6 para. 1 lit. f. GDPR data on every access to the server on which this service is located (so-called server log files). Access data include the name of the retrieved website, file, date and time of retrieval, amount of data transmitted, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
11.2. Logfile information is used for security reasons (e.g. to investigate abuses or fraud) for a maximum period of seven days and then deleted. Data whose further storage is required for evidentiary purposes are exempt from deletion until the final clarification of the respective incident.