Privacy Policy

Personal data (usually referred to just as “data” below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.

Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the “GDPR”), “processing” refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience, which may result in said third parties also processing data they collect and control.

Our privacy policy is structured as follows:

• I. Information about us as controllers of your data
• II. The rights of users and data subjects
• III. Information about the data processing

I. Information about us as controllers of your data

The party responsible for this website (the “controller”) for purposes of data protection law is:

Munich Music Labs e. V. c/o Kai Chan Pfarrer-Seeanner Straße 40a 85748 Garching bei München E-Mail: munichmusiclabs@gmail.com

II. The rights of users and data subjects

With regard to the data processing to be described in more detail below, users and data subjects have the right to:

• confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. Art. 15 GDPR);
• correct or complete incorrect or incomplete data (cf. Art. 16 GDPR);
• the immediate deletion of data concerning them (cf. Art. 17 GDPR), or, alternatively, if further processing is necessary as stipulated in Art. 17 para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
• receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. Art. 20 GDPR);
• file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (cf. Art. 77 GDPR).

In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Art. 6 para. 1 lit. f GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

III. Information about the data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.

Contact

If you contact us via email or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise, we will not be able to answer it in full or at all.

The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.

Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.

Contact form provided via Notion (embedded)

Our website includes an embedded contact or interest form that is provided via Notion. The service provider is Notion Labs, Inc., 685 Market St., San Francisco, CA 94105, USA (“Notion”).

When you access the page section that contains the embedded Notion form, your browser establishes a connection to Notion’s servers. In this context, Notion may process technical usage data (e.g., IP address, device and browser information, referrer URL, and access time) in order to deliver and display the embedded content.

If you submit the Notion form, the information you enter will be transmitted to us and processed for the purpose of handling your request.

We use Notion as a processor and have concluded a data processing addendum with Notion (Art. 28 GDPR). Notion’s Data Processing Addendum is available here: https://www.notion.so/Data-Processing-Addendum

Notion may use sub-processors. A current list is provided by Notion: https://www.notion.so/notion/Notion-s-List-of-Subprocessors

Member administration and internal communication via Notion

We use Notion as an internal platform for communication, collaboration, and the administration of our association.

In this context, we process in particular data required for membership administration and internal organisation, such as name, contact details, membership status, role or function within the association, participation in events, and communication content shared within the association. If applicable, this may also include data required for contribution management and accounting.

The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, insofar as the processing is necessary for the initiation, implementation or termination of the membership relationship. If processing is necessary to comply with legal obligations, the legal basis is Art. 6 para. 1 lit. c GDPR. In addition, processing may be based on Art. 6 para. 1 lit. f GDPR, insofar as it is necessary for the internal administration and organisation of the association.

We use Notion as a processor and have concluded a data processing addendum with Notion (Art. 28 GDPR). Notion’s Data Processing Addendum is available here: https://www.notion.so/Data-Processing-Addendum

Notion may use sub-processors. A current list is provided by Notion: https://www.notion.so/notion/Notion-s-List-of-Subprocessors

Data transfers to third countries

It cannot be excluded that processing by Notion also takes place in the United States. Notion states that it has certified under the EU U.S. Data Privacy Framework (including the UK Extension and the Swiss U.S. Data Privacy Framework). In addition, the Data Processing Addendum incorporates the EU and UK Standard Contractual Clauses (SCCs) as appropriate safeguards for transfers of personal data to third countries.

Storage period

We store member and organisational data only for as long as it is necessary for the purposes stated above. In general, member data is deleted after termination of the membership relationship, unless further storage is required due to statutory retention obligations or for the establishment, exercise or defence of legal claims.

Further information on Notion’s processing can be found in Notion’s privacy policy: https://www.notion.com/trust/privacy-policy

Server data

Our website is hosted on Netlify. The service provider is Netlify, Inc., 101 2nd Street, San Francisco, CA 94105, USA.

For technical reasons, the following data sent by your internet browser will be collected, especially to ensure a secure and stable website. These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages visited on our site, the date and time of your visit, as well as the IP address from which you visited our site.

The data thus collected will be temporarily stored, but not in association with any other of your data.

The legal basis for storing the data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.

We have concluded a data processing agreement with Netlify pursuant to Art. 28 GDPR. The Netlify Data Processing Agreement is available here: https://www.netlify.com/pdf/netlify-dpa.pdf

Netlify may use sub-processors. A current list is provided by Netlify: https://www.netlify.com/legal/subprocessors/

The data will be deleted once it is no longer required for the purposes stated above. Server log data is generally processed and stored only for as long as necessary for security and troubleshooting. Where storage and processing takes place at Netlify, deletion takes place in accordance with the capabilities of the service and Netlify’s deletion policies and procedures. In the event of a security incident, data may be retained longer until the incident has been fully clarified and resolved.

Data transfers to third countries

Netlify and its sub-processors may process data outside the European Economic Area. Netlify states that restricted transfers take place on the basis of the EU US Data Privacy Framework and, if that mechanism is not available, on the basis of the EU Standard Contract Clauses as described in its data processing agreement.

Web fonts (locally hosted)

Our website uses the “Plus Jakarta Sans” and “Oswald” web fonts to display text in a uniform manner. These fonts are hosted locally: the font files are delivered directly from our own web server together with the rest of the website.

No connection to servers of Google or any other third-party font provider is established when you visit our website, and no personal data is transmitted to third parties for the purpose of displaying fonts.

Instagram

To advertise our products and services and communicate with interested parties and customers, we have a presence on Instagram.

On this social media platform, we are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

The data protection officer of Instagram can be reached via this contact form: https://www.facebook.com/help/contact/540977946302970

We have defined the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the reciprocal obligations, is available at the following link: https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of the resulting and subsequently disclosed personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales, and promotion of our products and services.

The legal basis may also be your consent per Art. 6 para. 1 lit. a GDPR granted to the platform operator. Per Art. 7 para. 3 GDPR, you may revoke this consent with the platform operator at any time with future effect.

When accessing our online presence on Instagram, Meta Platforms Ireland Limited, as the operator of the platform in the EU, will process your data (e.g., personal information, IP address, etc.).

This user data is used for statistical analysis of our company’s presence on Instagram. Meta Platforms Ireland Limited uses this data for market research, advertising, and user profiling. Based on these profiles, Meta Platforms Ireland Limited can provide advertising both within and outside of Instagram based on your interests. If you are logged into Instagram at the time you access our site, Meta Platforms Ireland Limited will also link this data to your user account.

If you contact us via Instagram, the personal data you provide will be used to process your request. We will delete this data once we have fully responded to your query, unless there are legal obligations to retain the data, such as for subsequent contract fulfillment.

Meta Platforms Ireland Limited might also set cookies when processing your data.

If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. The instructions to do this depend on the browser and system being used. For Flash cookies, the processing cannot be prevented by your browser settings; instead, it can be prevented by making the appropriate settings in your Flash player. If you prevent or restrict the installation of cookies, not all Instagram functions may be fully usable.

Details on the processing activities, their suppression, and the deletion of the data processed by Instagram can be found in its privacy policy: https://help.instagram.com/519522125107875

It cannot be excluded that the processing by Meta Platforms Ireland Limited will also take place in the United States by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025.

LinkedIn

We maintain an online presence on LinkedIn to present our company and our services and to communicate with customers/prospects. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

We would like to point out that this may result in user data being processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to LinkedIn.

The LinkedIn privacy policy can be found here: https://www.linkedin.com/legal/privacy-policy

General linking to third-party profiles

The legal basis for this is Article 6 para. 1 lit. f GDPR. The legitimate interest of the provider is to improve the quality of use of the website.

The plugins are integrated via a linked graphic. The user is only forwarded to the service of the respective social media by clicking on the corresponding graphic.

After the customer has been forwarded, information about the user is recorded by the respective social media. This is initially data such as IP address, date, time and page visited. If the user is logged into his/her user account of the respective social media at the same time, the social media operator can, if required, assign the information collected from the user’s specific visit to the user’s personal account. If the user interacts via a “Share” button of the respective social media, this information can be stored in the user’s personal user account and, if required, be published.

If the user wants to prevent the collected information from being directly assigned to their user account, they must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

The following social media are linked by the provider:

• Instagram: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Privacy Policy: https://help.instagram.com/519522125107875
• LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA. Privacy Policy: https://www.linkedin.com/legal/privacy-policy

Changes to this privacy policy

We reserve the right to adapt this privacy policy to ensure that it always complies with current legal requirements or to implement changes to our services. The new privacy policy will then apply to your next visit.