We are pleased that you are interested in our website. The protection of your privacy is very important to us.
We have drawn up this privacy policy (version 02.06.2019-311108786) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679, what information we collect, how we use data and what choices you have as a visitor to this website. Unfortunately, it is in the nature of things that these explanations sound very technical, but we have tried to describe the most important things as simply and clearly as possible. Below we will inform you in detail about how we handle your data.
I. Name and address of the person responsible The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is: Bird as Prophet - Association for the Promotion of Artistic Piano Playing
Beethovenstr. 29, 54329 Konz
Represented by the Chairman: Winfried Manns
Email address: info@konzmusikfestival.de
II. General information on data processing 1. Scope of processing of personal data. We generally only process our users' personal data to the extent that this is necessary to provide a functional website and our content and services. Our users' personal data is generally only processed with the user's consent. An exception applies in cases where prior consent cannot be obtained for actual reasons and the processing of the data is permitted by law. 2. Legal basis for the processing of personal data If we obtain consent from the data subject for processing personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary to fulfill a contract (e.g. club membership) to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our association is subject, Art. 6 (1) lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our association or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing. 3. Data deletion and storage period The personal data of the data subject will be deleted or blocked as soon as the purpose for which they were stored no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract. III. Provision of the website and creation of log files 1. Description and scope of data processing Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer. The following data is collected: Information about the browser type and version used The user's operating system Date and time of access Websites from which the user’s system accesses our website Websites accessed by the user’s system via our website The data is also stored in the log files of our system. This does not affect the user's IP addresses or other data that allow the data to be assigned to a user. This data is not stored together with other personal data of the user. 2. Legal basis for data processing The legal basis for the temporary storage of data is Art. 6 (1) lit. f GDPR. 3. Purpose of data processing The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session. Our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR also lies in these purposes.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended.
5. Possibility of objection and removal The collection of data to provide the website and the storage of data in log files is essential for the operation of the website. Consequently, the user has no option to object. IV. E-mail contact 1. Description and scope of data processing On our website, you can contact us using the email address provided. In this case, the user's personal data transmitted with the email will be stored. The data will not be passed on to third parties in this context. The data will be used exclusively for processing the conversation. 2. Legal basis for data processing The legal basis for the processing of data transmitted when sending an email is Art. 6 (1) (f) GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. 3. Purpose of data processing The processing of personal data from contact via email serves us solely to process the contact, which is also the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse and to ensure the security of our information technology systems. 4. Duration of storage The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. 5. Possibility of objection and removal The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. You can revoke your consent and object to storage at any time and can do so via the relevant email contact. In this case, all personal data stored during the contact process will be deleted. V. Rights of the data subject If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller: 1. Right to information You can request confirmation from the controller as to whether personal data concerning you are being processed by us. If such processing takes place, you can request the following information from the controller: (1) the purposes for which the personal data are processed; (2) the categories of personal data being processed; (3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed; (4) the planned duration for which the personal data concerning you will be stored or, if specific information is not possible, the criteria for determining that period; (5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing; (6) the existence of a right to lodge a complaint with a supervisory authority; (7) all available information as to their origin, where the personal data are not collected from the data subject; (8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject. You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer. 2. Right to rectification You have the right to request rectification and/or completion from the controller if the personal data concerning you that are processed are incorrect or incomplete. The controller must carry out the rectification immediately. 3. Right to restriction of processing You can request the restriction of the processing of personal data concerning you under the following conditions: (1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data; (2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead; (3) the controller no longer needs the personal data for the purposes of the processing, but you require them to assert, exercise or defend legal claims, or (4) if you have objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons. If the processing of personal data concerning you has been restricted, these data may – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above-mentioned requirements, you will be informed by the controller before the restriction is lifted. 4. Right to erasure a) Obligation to delete You may request that the controller delete the personal data concerning you immediately and the controller is obliged to delete this data immediately if one of the following reasons applies: (1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed. (2) You withdraw your consent on which the processing is based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing. (3) You object to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 Para. 2 GDPR. (4) The personal data concerning you have been processed unlawfully. (5) The erasure of personal data concerning you is necessary to fulfil a legal obligation under Union or Member State law to which the controller is subject. (6) The personal data concerning you were collected in relation to information society services offered in accordance with Art. 8 (1) GDPR. b) Information to third parties If the controller has made the personal data concerning you public and is obliged to erase them pursuant to Art. 17 Para. 1 GDPR, the controller shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform data controllers which process the personal data that you, as the data subject, have requested the erasure by them of all links to these personal data or of copies or replications of these personal data. c) Exceptions The right to erasure does not exist if processing is necessary (1) to exercise the right to freedom of expression and information; (2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (3) for reasons of public interest in the area of public health pursuant to Art. 9 (2)(h) and (i) and Art. 9 (3) GDPR; (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously compromise the achievement of the objectives of that processing, or (5) to assert, exercise or defend legal claims. 5. Right to information If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the responsible party, this party is obliged to inform all recipients to whom the personal data concerning you were disclosed of said rectification, erasure or restriction of processing, unless doing so should prove impossible or involve disproportionate expenditure. You have the right to be informed by the controller about these recipients. 6. Right to data portability You have the right to receive the personal data concerning you that you have made available to the controller in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was made available, provided that (1) the processing is based on consent pursuant to Art. 6 (1)(a) GDPR or Art. 9 (2)(a) GDPR or on a contract pursuant to Art. 6 (1)(b) GDPR and (2) the processing is carried out by automated means. In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not affect the freedoms and rights of other persons. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. 7. Right of objection You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) or (f) GDPR, for reasons related to your particular situation; this also applies to profiling based on these provisions. The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims. In connection with the use of information society services, you have the option of exercising your right of objection by means of automated procedures that use technical specifications, notwithstanding Directive 2002/58/EC. 8. Right to revoke the declaration of consent under data protection law You have the right to revoke your consent to data protection at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. 9. Right to lodge a complaint with a supervisory authority Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority with which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR. VI. Updating the privacy policy
We reserve the right to change this privacy policy if this becomes necessary due to legal, technical or business developments. In these cases, we will also adapt our data protection information accordingly. Please therefore always refer to the latest version of our data protection declaration.
Automatic data storage When you visit websites these days, certain information is automatically created and stored, including on this website. When you visit our website like you are doing now, our web server (the computer on which this website is stored) automatically saves data such as the address (URL) of the website accessed, browser and browser version, the operating system used, the address (URL) of the previously visited page (referrer URL) the host name and IP address of the device from which access is made, date and time in files (web server log files). As a rule, web server log files are stored for two weeks and then automatically deleted. We do not pass this data on, but cannot rule out that this data will be viewed in the event of illegal behavior. The legal basis according to Article 6 paragraph 1 f GDPR (lawfulness of processing) is that there is a legitimate interest in enabling the error-free operation of this website by recording web server log files. Cookies Our website uses HTTP cookies to store user-specific data. Below we explain what cookies are and why they are used so that you can better understand the following privacy policy. What exactly are cookies? Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites save small text files in your browser. These files are called cookies. One thing cannot be denied: cookies are really useful little helpers. Almost all websites use cookies. To be more precise, they are HTTP cookies, as there are other cookies for other areas of application. HTTP cookies are small files that are saved on your computer by our website. These cookie files are automatically stored in the cookie folder, the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified. Cookies save certain user data from you, such as language or personal page settings. When you visit our site again, your browser sends the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you your usual default settings. In some browsers each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file. There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other "malware". Cookies cannot access information on your PC. For example, cookie data can look like this: Name: _ga Expiry time: 2 years Use: Distinguishing between website visitors Example value: GA1.2.1326744211.152311108786 in Browser should support the following minimum sizes: A cookie should be able to contain at least 4096 bytes At least 50 cookies should be able to be stored per domain. A total of at least 3000 cookies should be able to be stored. What types of cookies are there? The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point we would like to briefly explain the different types of HTTP cookies. There are 4 types of cookies: Strictly necessary cookies: These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues browsing on other pages and only later goes to the checkout. These cookies do not delete the shopping cart, even if the user closes their browser window. Functional cookies: These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and behavior of the website in different browsers. Targeted cookies: These cookies ensure better user-friendliness. For example, entered locations, font sizes or form data are saved. Advertising cookies: These cookies are also called targeting cookies. They are used to provide the user with individually tailored advertising. This can be very practical, but also very annoying. Usually, when you visit a website for the first time, you are asked which of these types of cookies you would like to accept. And of course this decision is also saved in a cookie. How can I delete cookies? You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option of deleting cookies, only partially allowing them or deactivating them. For example, you can block third-party cookies but allow all other cookies. If you want to find out which cookies have been stored in your browser, if you want to change cookie settings or delete them, you can find this in your browser settings: Chrome: Delete, enable and manage cookies in Chrome. Safari: Manage cookies and website data with Safari. Firefox: Clear cookies to remove data that websites have stored on your computer. Internet Explorer: Delete and manage cookies. Microsoft Edge: Delete and manage cookies If you do not want cookies at all, you can set your browser so that it always informs you when a cookie is to be placed. This way you can decide for each individual cookie whether you want to accept the cookie or not. The procedure varies depending on the browser. The best thing to do is to search for the instructions in Google using the search term “delete cookies Chrome” or “deactivate cookies Chrome” in the case of a Chrome browser, or replace the word “Chrome” with the name of your browser, e.g. Edge, Firefox, Safari. What about my data protection? The so-called "cookie guidelines" have been in place since 2009. They state that the storage of cookies requires the consent of the website visitor (i.e. you). However, there are still very different reactions to these guidelines within the EU countries. In Germany, the cookie guidelines were not implemented as national law. Instead, this guideline was largely implemented in Section 15 Paragraph 3 of the Telemedia Act (TMG). If you want to know more about cookies and are not afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”. Storage of personal data Personal data that you send to us electronically on this website, such as name, email address, address or other personal information when submitting a form or comments in the blog, will be used by us together with the time and IP address only for the specified purpose, stored securely and not passed on to third parties. We therefore only use your personal data to communicate with those visitors who expressly request contact and to process the services and products offered on this website. We do not pass on your personal data without your consent, but we cannot rule out that this data will be viewed in the event of illegal behavior. If you send us personal data by email - outside of this website - we cannot guarantee secure transmission and protection of your data. We recommend that you never send confidential data unencrypted by email. The legal basis according to Article 6 paragraph 1 a GDPR (lawfulness of processing) is that you give us your consent to process the data you have entered. You can revoke this consent at any time - an informal email is sufficient, you can find our contact details in the imprint. Rights under the General Data Protection Regulation According to the provisions of the GDPR, you are generally entitled to the following rights: Right to rectification (Article 16 GDPR) Right to erasure (“right to be forgotten”) (Article 17 GDPR) Right to restriction of processing (Article 18 GDPR) Right to notification – obligation to notify in connection with the rectification or erasure of personal data or the restriction of processing (Article 19 GDPR) Right to data portability (Article 20 GDPR) Right to object (Article 21 GDPR) Right not to be subjected to a decision based solely on automated processing, including profiling (Article 22 GDPR) If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in any way, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). TLS encryption with https We use https to transmit data securely over the Internet (data protection through technology design Article 25 Paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the Internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission security by the small lock symbol in the top left of the browser and the use of the https scheme (instead of http) as part of our Internet address. Google Fonts Privacy Policy We use Google Fonts from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website. You do not need to log in or enter a password to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry about your Google account data being sent to Google while you use Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will look at exactly how the data is stored in more detail. What are Google Fonts? Google Fonts (formerly Google Web Fonts) is an interactive directory with more than 800 fonts that Google LLC provides for free use. Many of these fonts are released under the SIL Open Font License, while others are released under the Apache License. Both are free software licenses, so we can use them freely without paying royalties. Why do we use Google Fonts on our website? With Google Fonts, we can use fonts on our own website and do not have to upload them to our own server. Google Fonts is an important building block for maintaining the high quality of our website. All Google fonts are automatically optimized for the web, which saves data volume and is a great advantage, especially for use on mobile devices. When you visit our site, the small file size ensures a quick loading time. Furthermore, Google Fonts are so-called secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can visually distort some texts or entire web pages. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all common browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2 and iOS 4.2 (iPhone, iPad, iPod). We use Google Fonts so that we can present our entire online service as beautifully and uniformly as possible. According to Art. 6 Paragraph 1 Letter F of GDPR, this already represents a "legitimate interest" in the processing of personal data. In this case, "legitimate interest" means both legal and economic or idealistic interests that are recognized by the legal system. What data is stored by Google? When you visit our website, the fonts are reloaded via a Google server. This external call transmits data to the Google servers. This is how Google recognizes that you or your IP address are visiting our website. The Google Fonts API was developed to reduce the collection, storage and use of end user data to what is necessary for the efficient provision of fonts. API stands for "Application Programming Interface" and is used, among other things, as a data transmitter in the software sector. Google Fonts stores CSS and font requests securely with Google and is therefore protected. The collected usage figures enable Google to determine the popularity of the fonts. Google publishes the results on internal analysis pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the Google Fonts BigQuery database. BigQuery is a web service from Google for companies that want to move and analyze large amounts of data. However, it should be noted that every Google Font request automatically transfers information such as IP address, language settings, browser screen resolution, browser version and browser name to Google servers. It is not clear whether this data is also stored, or Google does not clearly communicate this. How long and where is the data stored? Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This enables us to use the fonts with the help of a Google style sheet. A style sheet is a format template that can be used to quickly and easily change the design or font of a website, for example. The font files are stored by Google for one year. Google's goal is to fundamentally improve the loading time of websites. If millions of websites refer to the same fonts, they are cached after the first visit and immediately appear on all other websites visited later. Sometimes Google updates font files to reduce file size, increase language coverage and improve design. How can I delete my data or prevent data storage? The data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. To be able to delete this data prematurely, you must contact Google Support at https://support.google.com/?hl=de&tid=311108786. In this case, you can only prevent data storage if you do not visit our site. Unlike other web fonts, Google allows us unrestricted access to all fonts. This means we have unlimited access to a sea of fonts and can get the most out of our website. You can find out more about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=311108786. Google does address data protection issues there, but it does not contain really detailed information about data storage. It is relatively difficult (almost impossible) to get really precise information about stored data from Google. You can also read about which data is generally collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/. Google Maps Privacy Policy We use Google Maps from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website. By using the functions of this map, data is transferred to Google. You can find out which data is collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/. Facebook Privacy Policy On this website we use functions from Facebook, a social media network of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. You can find out which functions (social plug-ins) Facebook provides at https://developers.facebook.com/docs/plugins/. When you visit our website, information may be transmitted to Facebook. If you have a Facebook account, Facebook can assign this data to your personal account. If you do not want this, please log out of Facebook. The privacy policy, which information Facebook collects and how they use it, can be found at https://www.facebook.com/policy.php.
Source: Created with the data protection generator from www.adsimple.at in cooperation with ilovevienna.at