Privacy policy - Rheingold-Music

**Privacy Policy**

Rheingold-Music UG (the “Company,” “we,” “us,” or “our”) operates this website. The following privacy policy (“Policy”) informs you about the types, scope, and purpose of personal data we collect, use, and process when you use our website — and about your rights in that context.

## 1. General Provisions

This website was created using Strato Shop Software. Strato’s privacy policy can be viewed here: [https://www.strato.de/datenschutz/](https://www.strato.de/datenschutz/)

We appreciate your interest in our company. Protecting personal data is of particularly high importance to the management of Rheingold-Music UG. In principle, you can use our website without providing any personal data. However, if you wish to use certain services of our company via our website, processing of personal data may become necessary. If the processing is required and there is no statutory basis for it, we will, in general, obtain your consent before processing. Any processing of personal data (for example, name, address, e-mail address, or telephone number) is always carried out in compliance with the General Data Protection Regulation (GDPR) and in accordance with the data-protection laws applicable to Rheingold-Music UG.

With this policy, we intend to inform the public — including our customers and business partners — about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, this policy informs affected persons about their rights under data-protection law.

Rheingold-Music UG, as the controller responsible for data processing, has implemented numerous technical and organizational measures designed to provide as complete a protection as possible for the personal data processed via this website. Nevertheless, transmissions over the Internet may in general have security vulnerabilities so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means (e.g., by telephone).

## 2. Definitions of Terms

In this policy, we use the terms defined by the European legislator under the GDPR. To ensure this policy is easy to read and understand, we explain below the key terms used:

* **Personal data** – means any information relating to an identified or identifiable natural person (the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly — particularly by reference to an identifier such as a name, identification number, location data, an online identifier, or one or more factors specific to that person's physical, physiological, genetic, mental, economic, cultural or social identity.

* **Data subject** – any identified or identifiable natural person whose personal data are processed by the controller.

* **Processing** – any operation or set of operations performed on personal data, whether or not by automated means; includes collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, using, disclosing, erasing or destroying data.

* **Restriction of processing** – means marking stored personal data with the aim of limiting their future processing.

* **Profiling** – means any form of automated processing of personal data to evaluate certain personal aspects relating to a natural person — in particular to analyse or predict aspects concerning that person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

* **Pseudonymization** – means processing personal data so that they can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately under appropriate technical and organizational measures.

* **Controller (responsible for processing)** – means the natural or legal person or other body that determines the purposes and means of processing personal data.

* **Processor** – means a natural or legal person or other body that processes personal data on behalf of the controller.

* **Recipient** – means a natural or legal person or other body to whom personal data are disclosed, whether a third party or not. Authorities, to whom personal data may be disclosed under a specific mandate under Union or Member State law, are not considered recipients in this context.

* **Third party** – means any natural or legal person, authority, institution or other body other than the data subject, controller, processor and persons authorised to process personal data under the controller’s or processor’s direct responsibility.

* **Consent** – means any freely given, specific, informed and unambiguous indication of the data subject’s wishes, by which they signify agreement to the processing of personal data relating to them.

---

## 3. Controller

The controller in the sense of the GDPR and other data protection laws is:

Rheingold-Music UG

Lauerstr. 12–16, 47198 Duisburg, Germany

Tel: +49 (0) 2066 501555

E-Mail: [info@rheingold-music.de](mailto:info@rheingold-music.de)

Website: [www.rheingold-music.de](http://www.rheingold-music.de)

---

## 4. Cookies

Our website uses cookies. Cookies are text files stored by your browser on your computer system. Many websites and servers use cookies. A cookie may contain a so-called “cookie ID” — a unique identifier that allows websites and servers to recognize the specific browser in which the cookie is stored. This enables the website or server to distinguish your browser from others with different cookies.

By using cookies, Rheingold-Music UG can provide you services that would not be possible without cookie-setting. Cookies enable us to optimize the information and offers on our website for the user. They allow us to recognise returning users — for example, so that users do not have to re-enter access data each time they visit the site, or so that an online shop remembers which items were added to the shopping cart.

You can prevent the setting of cookies at any time by adjusting your browser settings — and thus permanently reject cookies. Already set cookies can also be deleted at any time via your browser or other software. This is possible in all common browsers. Please note, however, that if you disable cookies, some functions of our website may no longer be available in full.

---

## 5. Collection of General Data and Information

Whenever our website is accessed by a data subject or an automated system, a number of general data and information are collected and stored in the server log files. These may include:

1. Browser types and versions used;

2. Operating system of the accessing system;

3. Website from which the user accessed our site (referrer);

4. Sub-webpages of our site accessed;

5. Date and time of access;

6. Internet Protocol (IP) address;

7. Internet Service Provider (ISP) of the accessing system;

8. Other data and information similar to the above, potentially useful for security purposes (e.g., defense against attacks on our IT systems).

We do not draw conclusions about your identity from these general data and information. Instead, they help us to:

* deliver the content of our website correctly;

* optimize the content and advertising of our website;

* ensure the long-term functionality of our IT systems and website technology;

* provide information to law enforcement authorities in case of a cyberattack, if necessary.

These anonymized data and information are statistically evaluated to improve data protection and data security at our company and to ensure an optimal level of protection for the personal data we process. The anonymized server-log data are stored separately from any personal data you may have provided.

---

## 6. Newsletter

Our website offers users the opportunity to subscribe to our newsletter. The personal data transmitted to us during subscription depend on the input form used. We use a third-party service (e.g., “Mailerlite”) for sending our newsletter.

If you subscribe to the newsletter, the data you provide — such as your e-mail address and optionally your name and address — will be processed by the service provider. In addition, we store your IP address as well as the date and time of registration. As part of the registration process, we obtain your explicit consent to receive the newsletter; the content of the newsletter is clearly described, and reference is made to this privacy policy.

The newsletter itself also contains a so-called tracking pixel (web beacon). This allows us to evaluate whether and when you opened the newsletter and whether you clicked on any links contained in it. Apart from other technical data (e.g., your system data and IP address), the data processed — among others — are used to optimise our newsletter offer according to the interests of subscribers. The legal basis for sending the newsletter and for analysis is your consent (Article 6(1)(a) GDPR). You may withdraw this consent at any time (Article 7(3) GDPR) — simply by notifying us or by clicking the unsubscribe link included in every newsletter.

Rheingold-Music UG informs its customers and business partners at regular intervals by newsletter about company offers. The newsletter can only be received if (1) you have a valid e-mail address and (2) you have registered for the newsletter. Upon first registration, we send a confirmation e-mail via the “double opt-in” procedure, to verify that the owner of the e-mail address agrees to receive the newsletter.

When registering for the newsletter, we also store the IP address assigned by the ISP at the time of registration, and the date and time of registration. This data is collected to enable us to trace possible misuse of the e-mail address later — for example, to prevent fraudulent registrations — and serves to protect the controller legally.

The personal data collected during subscription will only be used to send our newsletter. Subscribers may also be contacted by e-mail when necessary for the operation of the newsletter service — for example, if there are changes to the newsletter offering or technical adjustments. Personal data collected in connection with the newsletter will not be passed on to third parties. The subscription can be terminated at any time. Consent for storing personal data for newsletter delivery can be revoked at any time. Each newsletter contains a link for withdrawal. You can also unsubscribe via our website or contact us directly.

---

## 7. Routine Deletion and Blocking of Personal Data

We only process and store personal data for as long as necessary to achieve the storage purpose, or as long as required by the European legislator or another applicable law to which we are subject. Once the storage purpose ceases to apply or a legal storage period expires, we routinely block or delete the personal data in accordance with statutory provisions.

---

## 8. Rights of the Data Subject

As a data subject, you have the following rights under the GDPR:

a) **Right to confirmation** — You may request confirmation at any time whether personal data concerning you is being processed.

b) **Right to access** — You have the right to receive a free copy of all personal data stored about you and information on: the purposes of processing; the categories of personal data processed; the recipients (or categories thereof) to whom data have been or will be disclosed (especially recipients in third countries or international organisations); the planned storage period (or the criteria used to determine that period); the existence of rights to rectification, erasure, restriction of processing or objection; the right to lodge a complaint with a supervisory authority; if data were not collected from you directly — all available information on their origin; and the existence of automated decision-making including profiling (if applicable), along with meaningful information about the logic, scope and intended effects of such processing on you. You also have the right to know whether your data have been transferred to a third country or international organisation, and if so — the safeguards in place.

c) **Right to rectification** — You may request immediate correction of inaccurate personal data concerning you, or completion of incomplete data (including by supplementary statement).

d) **Right to erasure (“right to be forgotten”)** — Under certain circumstances, you may request deletion of your personal data — for example if the data are no longer necessary for the purposes collected, or you withdraw consent and there is no other legal basis, or you object to processing and there are no overriding legitimate grounds, or the data were unlawfully processed, or deletion is required by law. If the data have been made public, we will take appropriate measures, including informing other controllers to delete links, copies or replications of the data, unless processing is required.

e) **Right to restriction of processing** — You may request restriction of processing under certain conditions — for example if you contest the accuracy of the data, or processing is unlawful and you oppose erasure but request restriction instead, or if the data are no longer needed by us but needed by you for legal claims, or you object under Article 21(1) GDPR and it is uncertain if our legitimate grounds override yours.

---

## 9. Additional Rights (Portability, Objection, Automated Decisions, Consent Withdrawal)

**f) Right to data portability**

You have the right to receive personal data about you that you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance, provided that the processing is based on your consent (Article 6(1)(a) or Article 9(2)(a) GDPR) or on a contract (Article 6(1)(b) GDPR) and the processing is carried out by automated means. Where technically feasible, you may request that we transfer the data directly to another controller if this does not impair the rights and freedoms of others. To exercise this right, you may contact any employee of Rheingold-Music UG at any time.

**g) Right to object**

You have the right, for reasons arising from your particular situation, at any time to object to the processing of your personal data that is based on Article 6(1)(e) or (f) GDPR — this includes profiling carried out on those grounds. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms — or the processing serves to establish, exercise or defend legal claims.

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to that processing — including profiling related to such marketing. After your objection, we will no longer process your data for those purposes.

You also have the right, for reasons arising from your particular situation, to object to processing for scientific or historical research purposes or for statistical purposes under Article 89(1) GDPR — unless the processing is necessary to carry out a task in the public interest. To exercise your objection right, you may contact any employee of Rheingold-Music UG at any time.

Furthermore, regarding use of online services (information society services), you may exercise your objection right via automated procedures using technical specifications, regardless of the directive 2002/58/EC.

**h) Automated decisions including profiling**

You have the right not to be subject to a decision based solely on automated processing — including profiling — that produces legal effects concerning you or similarly significantly affects you, unless: (1) the decision is necessary for entering into, or performance of, a contract between you and us; or (2) the decision is permitted by Union or Member State law, with appropriate safeguards for your rights and freedoms; or (3) the decision is based on your explicit consent.

If a decision falls under (1) or (3), we will implement suitable measures to safeguard your rights and freedoms, including at least the right to require human intervention, to present your point of view, and to contest the decision. If you wish to exercise these rights in relation to automated decisions, you may contact any employee of Rheingold-Music UG at any time.

**i) Right to withdraw consent**

If processing is based on consent, you have the right to withdraw that consent at any time. To do so, simply contact any employee of the controller. Withdrawal of consent affects future processing; processing carried out before the withdrawal remains lawful.

---

## 10. Web-Analysis, Third-Party Services, Cookies, and External Processors

We may use third-party services and tools (such as web-analytics providers, advertising or social-media plug-ins) on our website. These services may process personal data (or pseudonymised data) — for example via cookies or similar technologies.

If such services are used, the following principles apply:

* Where statutory basis is required, we obtain your consent before enabling third-party cookies or tracking.

* Pseudonymised data (e.g., via cookies) used for analysis or marketing purposes are not automatically linked to your personally identifiable data unless you explicitly provide those.

* You may at any time opt out of cookies via your browser settings; in some cases this may impair full functionality of the website.

* You may also withdraw your consent to data processing by third-party services at any time, or object to such processing.

Please note that when third-party services are involved, the applicable external privacy policies of those services also apply. We encourage you to review the privacy policies of those third-party services before consenting.

---

## 11. Legal Basis for Data Processing

Depending on the specific processing operations, we rely on one or more of the following legal bases under the GDPR:

* **Consent** (Article 6(1)(a) GDPR) — when you have explicitly consented to a specific processing purpose (e.g., newsletter).

* **Contract performance or pre-contractual measures** (Article 6(1)(b) GDPR) — when processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract (e.g., in an online shop for order processing).

* **Legal obligation** (Article 6(1)(c) GDPR) — when processing is required to comply with a legal obligation (e.g., tax, bookkeeping, or regulatory requirements).

* **Vital interests** (Article 6(1)(d) GDPR) — in exceptional cases, when processing is necessary to protect the vital interests of you or another natural person (e.g., in medical emergencies).

* **Legitimate interests** (Article 6(1)(f) GDPR) — when the processing is necessary for our legitimate business interests or those of a third party, provided such interests are not overridden by your rights, freedoms, or legitimate interests. This may include e.g. fraud prevention, ensuring website security, or other internal business needs (as long as they are proportionate).

---

## 12. Use of External Services (e.g., Web Analytics, Social Media, Payment Providers)

If we use external services (e.g., web analytics, marketing, social media plug-ins, payment providers), these services may require the transfer, storage or processing of personal data (or pseudonymised data). Examples:

* Web analytics tools may record anonymized usage data, referrer sites, visited subpages, session duration, etc., for optimizing website and advertising.

* Advertising services may store cookies to serve interest-based ads.

* Payment providers (e.g., for PayPal payments) may process data necessary for payment processing, anti-fraud and identity/credit checks (e.g., name, address, IP address, transaction data).

Where required, consent will be obtained prior to use of such services. Data processed by external providers will only be used for the purposes described (e.g., transaction processing, website optimization, marketing) and — unless legally required — will not be shared beyond what is necessary. Any data processed by external providers will be subject to their privacy policies, in addition to this policy.---

## 13. Updates to This Policy

We may update this privacy policy from time to time — e.g., to reflect changes in legal requirements or changes in our services or website technologies. The latest version will always be published on our website.