The data controller within the meaning of the General Data Protection Regulation and other
national data protection laws of the Member States as well as other data protection regulations
is:
Pazz GmbH
Neumarkter Str. 21
81673 Munich, Germany
We only collect and use our users' personal data where this is necessary to provide a functional website as well as our contents and services, and to implement our corporate purpose. The collection and use of our users' personal data takes place regularly only with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons, and the processing of the data is permitted by law.
We only process personal data to fulfil our contractual obligations or to protect our overriding legitimate interests. Our legitimate interests are based on the implementation of our corporate purpose. Insofar as we obtain the consent of the data subject for the processing of personal data, art. 6(1)a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. During the processing of personal data required for the performance of a contract to which the data subject is a party, art. 6(1)b of the GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, art. 6(1)c of the GDPR serves as the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data, art. 6(1)d of the GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the interests first mentioned, art. 6(1)f of the GDPR serves as the legal basis for processing.
We share personal data with our business partners and service providers for the implementation of our corporate purpose. We typically use the contact and address data of our customers and business partners to implement our corporate purpose. We typically receive personal data directly from the data subject or, with the consent of the data subject and in exceptional cases, from third parties.
In principle, we do not pass on personal data to recipients in third countries (i.e. countries outside the EU). If a transfer to recipients in third countries takes place in the future, we ensure that, in addition to the authorisation required for the transfer, the third country recipient ensures an appropriate level of data protection (or an exception pursuant to art. 49(1) of the GDPR exists).
The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. Data will also be blocked or erased if a retention period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
Every time you visit our website, our system automatically collects data and information from the computer system of the visiting computer. The following data is collected:
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
The legal basis for the temporary storage of data and log files is art. 6(1)f of the GDPR.
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. The user's IP address must remain stored for the duration of the session for this. The data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. Data is not evaluated for marketing purposes in this context. Our legitimate interest in data processing pursuant to art. 6(1)f of the GDPR also lies in these purposes.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If data is collected for the provision of the website, this is the case when the respective session has ended. If data is stored in log files, this is the case after seven days at the latest. Data may be stored beyond this period. If it is, the IP addresses of the users are deleted or modified so that they can no longer be assigned to the visiting client.
Recording data to provide the website and storing data in log files is essential for operating the website. The user may therefore not object to this.
Our website uses web storage. Web storage concerns storage areas that are stored in the internet browser or by the internet browser on the user's computer system. If a user visits a website, the user's operating system/hard disk can be stored on the web storage. This web storage contains a characteristic string that uniquely identifies the browser when the website is called up again. We use web storage to make our website more user-friendly. Certain elements of our website require the visiting browser to be identified even after the user has moved to another page. Encryption and decryption strings are stored in web storage.
The legal basis for the processing of personal data using Web storage is art. 6(1)f of the GDPR.
The purpose of using technically required web storage is to simplify the use of websites for users. Certain functions of our website cannot be offered without the use of web storage. To do so, it is necessary for the browser to be recognised even after the user has moved to another page. We require Web storage for the following applications:
User data collected by technically required Web storage is not used to create user profiles. For these purposes, our legitimate interest also lies in the processing of personal data in accordance with art. 6(1)f of the GDPR.
Web storage is stored on the user's computer and is transmitted to our site by the user. Therefore, as a user, you also have full control over the use of your own web storage. Already saved web storage content can be deleted at any time. This can also be done automatically.
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system/hard disk. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again. We use cookies to make our website more user-friendly. Certain elements of our website require that the calling browser can be identified even after the user has moved to another page. The following data is stored and transmitted in the cookies:
We also use cookies on our website to enable an analysis of the user's surfing behaviour. In this way, the following data can be transmitted:
When accessing our website, the user is informed about the use of cookies for analytical purposes and their consent to the processing of personal data used in this context is obtained. In this context, reference is also made to this data protection declaration.
The legal basis for the processing of personal data using technically necessary cookies is art. 6(1)f of the GDPR. The legal basis for the processing of personal data using cookies for analytical purposes if the user has given their consent to this is art. 6(1)a of the GDPR.
If technically necessary cookies are used:
The purpose of using technically necessary cookies is to simplify the use of websites for users. Certain functions of our website cannot be offered without the use of cookies. To do so, it is necessary for the browser to be recognised even after the user has moved to another page.
We require cookies for the following applications:
Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you also have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to fully use all functions of the website. For "persistent cookies":
Our website also uses persistent cookies. These are automatically deleted after a specified period, which may vary depending on the cookie. You can also delete these cookies at any time.
If you have given your consent, this website uses Google Analytics, a web analysis service of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Scope of processing
Google Analytics uses cookies that enable an analysis of your use of our website. The
information collected by the cookies about your use of this website is usually transferred to
a Google server in the USA and stored.
We use the function User-ID. The User ID allows us to assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and to analyze user behavior across devices.
We use the function 'anonymizeIP' (so-called IP-Masking): Due to the activation of IP-anonymization on this website, your IP-address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.
During your website visit the following data will be collected:
Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your
use of the website and to compile reports on website activity. The reports provided by Google
Analytics serve to analyse the performance of our website and the success of our marketing
campaigns.
Recipient
The data recipient is
as data processor. For this purpose we have concluded a contract with Google. Google LLC, headquartered in California, USA, and, if applicable, US authorities can access the data stored at Google.
Transfer to third countries
A transfer of data to the USA cannot be excluded.
Duration of storage
The data sent by us and linked to cookies is automatically deleted after 14 months. Data is
automatically deleted once a month as soon as the storage period is reached.
You can also prevent the collection of data generated by the cookie and related to your use of
the website (including your IP address) to Google and the processing of this data by Google
by
a. not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to disable Google Analytics
here.
By setting your browser software accordingsly you can also prevent the storage of cookies. If your browser is set to refuse all cookies, the functionality of this and other websites may be limited.
Legal basis and right of withdrawal
Your consent is the legal basis for this data processing,
art. 6(1)a GDPR. You can
revoke your consent at any time with effect for the future by clicking
here.
For more information about Google Analytics terms of use and Google's privacy policy, please visit analytics terms and https://policies.google.com/?hl=en.
The Extensible Messaging and Presence Protocol (XMPP) is an open standard of a communication protocol published by the Internet Engineering Task Force (IETF) as RFC 6120, 6121 and 6122. XMPP is based on the XML standard and enables the exchange of data. This website uses this standard to exchange messages between users via a Jabber server operated by this website as a base node in the XMPP network. When registering and using the XMPP service, the following data is collected:
The IP address is stored in a log file in case of incorrect login attempts. The longer-term logging of messages is enabled by default to provide the best possible user experience. A client function can be used to permanently disable message logging (MAM) so that no messages remain permanently on the server and are only temporarily stored for transmission purposes. User name, PEP account information, status, file uploads and messages are shared with other XMPP servers if the local user of our server communicates with a user of another server.
The legal basis for the storage of data is art. 6(1)b of the GDPR.
The above information is used to provide the service and must be stored in order to be able to offer the service to the user.
Log files including stored IP addresses are deleted after 14 days at the latest. File uploads will also be deleted after 14 days at the latest.
On our website, we offer users the opportunity to register through the OAuth login and authentication service. During this process, a user will be separately informed of the data sent to our website by the service and will be asked to confirm this transfer beforehand. The following data will be collected during the registration process, if available: URL of the user profile of the respective service
The following data is also stored at the time of registration:
The user's consent to the processing of this data is obtained during the course of the registration process.
The legal basis for the processing of data is art. 6(1)a of the GDPR if the user has given their consent.
Registration is necessary if you wish to use our services. This results in a specific service contract between you and us. User registration is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures. A more detailed description of the contract offered on the website can be found below. Why is the data collected necessary for these contracts? If the processing of the contractual partner's personal data upon conclusion of the contract is prescribed by law for the contracts offered by you, the respective standards from which the obligation arises must be specified.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
As a user, you have the option to cancel your registration at any time. You can change the data stored about you at any time. By clicking the "Edit profile" button on the home page, the data shown in the "Profile", "External characteristics" and "Activity" tabs can be changed.
If your personal data, you are a data subject within the meaning of the GDPR and you have the following rights with respect to the data controller:
You can ask the data controller to confirm whether personal data concerning you will be processed by us. If such processing has taken place, you can request the following information from the data controller:
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate guarantees pursuant to art. 46 of the GDPR in connection with the transmission.
You have a right to rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you is incorrect or incomplete. The data controller shall make the correction without delay.
Under the following conditions, you may request that the processing of personal data concerning you be restricted:
If the processing of personal data concerning you has been restricted, this data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State. If the processing restriction has been restricted according to the above conditions, you will be informed by the data controller before the restriction is lifted.
a) Duty to delete You may request the data controller to delete the personal data relating to you without delay and the data controller is obliged to delete this data without delay if one of the following reasons applies:
b) Information to third parties If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to art. 17(1) of the GDPR, they shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform data processors who process the personal data that you as the data subject have requested the erasure of all links to this personal data or of copies or replications of this personal data.
c) Exceptions The right to erasure does not exist insofar as processing is necessary
If you have exercised your right to have the data controller rectify, erase or restrict processing, they are obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of such recipients by the data controller.
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another data controller without obstruction by the data controller to whom the personal data was provided, provided that
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another, insofar as this is technically feasible. The freedom and rights of other persons must not be affected by this. The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller.
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under art. 6(1)e or f of the GDPR; this also applies to profiling based on these provisions. The data controller no longer processes the personal data concerning you, unless they can prove compelling reasons worthy of protection for processing which outweigh your interests, rights and freedom, or if the processing serves to assert, exercise or defend legal claims. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as this is associated with such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility to exercise your right of objection in connection with the use of the Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision
However, these decisions may not be based on special categories of personal data pursuant to art. 9(1) of the GDPR unless art. 9(2)a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests. In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedom and legitimate interests, including at least the right to obtain the intervention of a person by the data controller, to state their own position and to challenge the decision.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you reside, work or are suspected of infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under art. 78 of the GDPR.
By using the Facebook pixel, a direct connection between your browser and a Facebook server is established when you visit our site. Facebook is thus given the opportunity to assign the website visit to your Facebook user account, provided you are logged into Facebook. Even if you do not have a Facebook user account, Facebook can draw any conclusions about your surfing behavior and interests on the basis of an anonymized IP address. At the web address https://www.facebook.com/about/privacy/ you will find further information on how Facebook handles your data. The use of the Facebook pixel as part of the Facebook Ads application or placement of remarketing advertising in the form of so-called custom audiences enables us to measure the success of the advertising campaigns, deliver more targeted advertising and optimize these advertising campaigns. By installing the Facebook pixel, we do not receive any private user data from the social network from Facebook and can only advertise anonymously on the basis of target group segments to a group of former website visitors and not to a directly numbered individual. You can edit your advertising preferences for Facebook advertisements under the following link: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
When you visit this website, personal data is processed. Categories of data processed: data about the use of the website as well as the logging of clicks on individual elements. Purpose of processing: Investigation of usage behavior, analysis of the effect of online marketing measures and selection of online advertising on other platforms, which are automatically selected based on usage behavior using real-time bidding. The legal basis for processing: Your consent in accordance with Art. 6 (1) a GDPR. Data is transferred: to the independent controller TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (https:www.tiktok.com). The legal basis for the data transfer to TikTok Technology Limited is your consent in accordance with Art. 6 (1) a GDPR. This may also mean a transfer of personal data to a country outside the European Union. The data is transmitted based on your consent in accordance with Art. 6 Para. 1 lit a in conjunction with Art. 49 Para. 1 lit a GDPR. For an email contact with the data protection officer of TikTok Technology Limited: https://www.tiktok.com/legal/report/DPO. To contact the data protection officer of TikTok Technology Limited by email: https://www.tiktok.com/legal/privacy-policy-eea?lang=en. Duration of processing: is variable and ends when the purpose of processing no longer applies.
To manage our recurring billing and subscription services efficiently, we utilize Chargebee, a billing management system. For the actual processing of payments, we have partnered with Stripe, PayPal and Apple Pay. Chargebee aids in organizing and handling the billing aspects of your subscriptions, while Stripe, PayPal, Apple Pay securely process your payment transactions, including the collection of payment details and execution of charges. By subscribing to our services with a recurring payment plan, you are consenting to the processing of your billing and payment information by Chargebee, Stripe, PayPal and Apple Pay. This includes the use of your personal data as necessary for managing your subscription billing via Chargebee and for processing payments through Stripe and PayPal. Your explicit consent encompasses the collection, use, and sharing of this data as required for these purposes. You can find detailed information about the data processing in the privacy policies of Chargebee, Stripe, PayPal, and Apple Pay. In line with the General Data Protection Regulation (GDPR), you maintain the right to access, rectify, erase, or transfer your personal data that we, along with Chargebee, Stripe, PayPal and Apple Pay, hold . Additionally, you have the right to withdraw your consent at any moment. Should you wish to exercise any of these rights, please contact us. For more information please refer to section IX.