Protecting our users’ personal data is an important concern for us.
We explain below how and why we and our third-party service providers process personal data in connection with your use of the Site.
A. COLLECTION AND PROCESSING OF PERSONAL DATA
1. We and our third-party service providers may collect and process personal data, i.e. information that identifies, or makes it possible to identify, you as a natural person (e.g. your name, address, email address or IP-address) when you participate in various opportunities and services provided through the Site (the “Service Data”). Processing means any operation which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation, retrieval, any kind of disclosure, erasure or destruction or other use. We process personal data, such as when you:
(a) actively communicate with us;
(b) subscribe to services (e.g. newsletters/artist information bulletins or other communications) that we may provide through the Site;
(c) take part in a contest, promotion, survey or other type of promotion through the Site or through any linked social media; and/or
(d) contribute to a blog or forum.
This may include your name, postal address, email address, telephone number, age, date of birth.
2. Furthermore, on each of your visits to the Site we collect the following Technical Data transmitted by your browser to our website:
(a) your type of browser and type of operating system;
(b) the internet protocol (IP) address allocated to your internet access when you were visiting the Site;
(d) the URL of the internet page from which you arrived at the Site;
(e) the date and time when you accessed, clicked through and left the Site;
(f) the amount of data transmitted; and/or
(g) the searches you made and the pages you accessed on the Site;
3. All such personal information is collected, stored and processed by us, and our third-party service providers for the purposes set out in section B below.
B. USE OF PERSONAL INFORMATION
1. We and our third-party service providers may use your personal information as described in Section A for the following purposes:
(a) to provide access to our Site and services.
(b) to provide assessment and analysis (e.g. customer, promotional and market analysis) to enable us to review, develop and improve the services and products that we offer;
(d) to respond to your enquiries and to fulfil your requests (e.g. to send you newsletters or to provide you with information about our products, content and services);
(e) if you have consented to our doing so, to provide you, or to permit selected third parties to provide you, with information about products that we believe may interest you;
(f) to notify you about changes to Site terms, conditions and policies;
(g) to allow you to take part in contests and similar promotions and to administer those activities (which may contain additional requirements and information about how we or our third-party service providers may use your personal information).
2. The above processing activities are based on Article 6 sec. 1 lit. f GDPR. It represents our legitimate interests to improve your website experience and to optimize our services and products and to use our Site for marketing purposes. It is in our mutual legitimate interest to respond to your enquiries and requests. If you subscribed to our newsletter, any processing related to sending you newsletters or provide you with information about our products is based on the consent (Art. 6 sec. 1 lit. a GDPR) you gave separately when subscribing to the newsletter. You can withdraw your consent at any time by clicking on the link provided in each of our newsletters. Such withdrawal will only be effective for future processing of data.
3. We process your personal data where necessary: (i) under any applicable laws or regulations of any jurisdiction of the EU or any member state for any purposes required under those laws or regulations, Art. 6 sec. 1 lit. c GDPR; (ii) to enforce or apply our Site’s terms and conditions or other contracts, Art. 6 sec. 1 lit. f GDPR; and/or (iii) to protect our, our users’ or any other third parties’ rights, property or safety, Art. 6 sec. 1 lit d and f GDPR
When you subscribe to our newsletter, we use the so-called double opt-in procedure, i.e. we will only send you newsletters by e-mail if you confirm in our notification e-mail by clicking on a link that you are the owner of the e-mail address provided. If you confirm your e-mail address, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of the storage is to send you the newsletters and to be able to prove your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. A message to the contact data given below or in the newsletter (e.g. by e-mail or letter) is of course also sufficient. The legal basis of the processing is your consent pursuant to Art. 6 sec. 1 lit. f GDPR.
In our newsletters we use commercially established technologies, enabling us to measure interactions with the newsletters (e.g. opening of the e-mail, clicked links). We use this data in pseudonymous form for general statistical evaluations as well as for the optimisation and further development of our content and customer communication. This data is collected using small graphics embedded in the newsletter (so-called pixels), which can also collect Technical Data regarding the device you use. The data is collected exclusively pseudonymised and is not linked to your other personal data. The legal basis for this is our aforementioned legitimate interest, Art. 6 sec. 1 lit. f GDPR. Through our newsletter we want to share content that is as relevant as possible for our customers and better understand what readers are actually interested in. If you do not wish the analysis of usage behaviour, you can unsubscribe from our newsletter or deactivate graphics in your e-mail program by default. The data on the interaction with our newsletters is stored pseudonymously for 30 days and subsequently made completely anonymous.
D. DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES
We may share your personal information as far as it is required for the above mentioned purposes from time to time with:
(a) any of the following third parties:
- our third-party service providers who provide us with Site-related services (such as hosting, data analysis (including webtracking services), search engines, payment processing, order fulfilment, IT services, email delivery, auditing and other similar services) to enable them to provide such services and/or to assist us in improving and optimising the Site. Any of these third-party service providers is bound by a Data Processing Agreement to ensure compliance with applicable privacy legislation;
- any Artist connected at any time with the Site (including individual band members, if applicable) and such artist’s representatives and third-party service providers so that, provided you have consented to their doing so separately, such artist and those representatives and third-party service providers may use such information to send you communications (including marketing communications) that they believe may be of interest to you;
- any third party that sponsors or provides (in whole or in part) a contest or similar promotion through the Site for all purposes in connection with such contest or promotion, provided you have consented separately when taking part in the promotion;
- any third party with whom you communicate on or through the Site (e.g. via message boards, chats, profile pages, blogs and other services to which you are able to post information and materials), but only to the extent that your personal information is included by you in such communication.
(b) As far as transfer to above mentioned recipients is required for any of the purposes mentioned in Section B, the transfer of data is based on our legitimate interests as specified in Section B or on your consent. This includes our interest to host the Website for informational and marketing purposes and to improve our services and products.
(c) We disclose your personal data to any person where necessary: (i) under any applicable laws or regulations of any jurisdiction of the EU or any member state for any purposes required by such person under those laws or regulations, Art. 6 sec. 1 lit. c GDPR; (ii) to enforce or apply our Site’s terms and conditions or other contracts, Art. 6 sec. 1 lit. f GDPR; and/or (iii) to protect our, our users’ or any other third parties’ rights, property or safety, Art. 6 sec. 1 lit d and f GDPR.
(e) We anonymize your personal data, as it is in our legitimate interest to use aggregated, non-personal information to analyse our target audience and web traffic. We may publish, or share with affiliates and/or business partners, aggregated non-personal data, which will not identify you individually.
TRANSFER OF DATA TO OUTSIDE EEA
The information we collect from you may be transferred to, processed and stored at a destination outside the European Economic Area (“EEC”), e.g. when we transfer data to third parties. The Recipients outside the EEA are either Privacy Shield certified or bound by Standard Contractual Clauses of the EU Commission for the protection of personal data, or they are located in countries in regard to which the EU Commission issued an adequacy decision according to Art. 45. GDPR.
E. INFORMATION SECURITY
Unfortunately, the transmission of information via online or mobile networks is not completely secure. You acknowledge and accept that others may intercept personal information you provide to us, and that any such transmission is at your own risk. Once we have received your information, we use set procedures and security features to try to prevent unauthorised access.
F. DATA RETENTION
We strive to keep our processing activities with respect to your personal data as limited as possible. Personal data provided by you upon using our services (Service Data as described in Section A.1.) will be retained only for as long as we need it to fulfil the purpose for which we have collected it or as long as required by statutory retention requirements. Technical Data (as described in Section A.2.) will be retained only as long as it is necessary to provide access to our site. The IP-Address will be retained for 7 days to enable us to engage in effective defence against attacks on our site, i.e. DDOS attacks. However, we may retain Technical Data as long as certain marketing purposes require. In no event will we retain your Technical Data longer than 35 days, unless storage of data is required by statutory retention obligations, as may be the case regarding data that is relevant for obligations under tax and commercial law.
G. YOUR RIGHTS
Right of access (Art. 15 GDPR);
You have the right to information regarding the data we process concerning you. Upon request we will provide you a copy of the data together with additional information to the extent defined in Art. 15 GDPR.
Right to rectification (Art. 16 GDPR);
You have the right to rectification of your data, wherever such data is incorrect or incomplete.
Right to erasure (Art. 17 GDPR);
You have a right to erasure regarding data that is no longer required for the original purposes or that is processed unlawfully, as described in Art. 17 GDPR. Wherever certain data is subject to retention periods, instead of deleting the data we will restrict processing to the duration and intended purposes of such period.
Right to restriction of processing (Art. 18 GDPR);
Upon your request, we will restrict processing of personal data according to Art. 18, wherever there are uncertainties regarding our right to process such data or while a decision regarding your objection to such processing is pending. In such cases we will only retain data, restrict any processing to the minimal extent necessary and withdraw access to your data from our employees.
Right to data portability (Art. 20 GDPR);
Upon your request we will transfer any personal data you have provided to us during the use of our services on the basis of consent or any contractual or pre-contractual relationship to you or any third party, provided secure communication with third party is technically feasible. We will provide the data in a structured and machine-readable format.
Right to object to processing based on Art. 6 Abs. 1 lit. f GDPR (Art. 21 GDPR);
Upon your objection we will cease any processing of your personal data based on Art. 6 sec. 1 lit. f. GDPR. Wherever we have compelling legitimate grounds to process your data, we are allowed to further process such data, provided our interest in doing so prevails in a weighting against your interest against the processing activity. Therefore, to allow us to evaluate your request, please let us know the reason for your objection.
Wherever you gave consent to a data processing, in accordance with Article 7 (2) GDPR, you have the right to withdraw your consent to us at any time. As a result, we will not continue processing data based on this consent in the future. The withdrawal of consent does not affect the legality of the processing carried out based on the consent until the withdrawal.
Furthermore you have the right to lodge a complaint with a data privacy supervisory authorities.
c/o The Hat Factory
166-168 Camden Street