Music by Cara Logo

Privacy Policy

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within the scope of our services and within our online presence and its associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering"). With regard to the terminology used, such as "processing" or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller

Dr. Charla Schutte
Music by Cara Musikvermittlung
Antoniusgasse 10
65345 Eltville
Germany

Tel: 06123 9995527
Link to Imprint: https://www.musicbycara.com/impressum
Email: info@musicbycara.com

Types of Data Processed

  • Master data (e.g., personal master data, names or addresses)
  • Contact data (e.g., email, phone numbers)
  • Content data (e.g., text input, photographs, videos)
  • Usage data (e.g., websites visited, interest in content, access times)
  • Meta/communication data (e.g., device information, IP addresses)

Categories of Data Subjects

Visitors and users of the online offering (hereinafter collectively referred to as "users").

Purpose of Processing

  • Providing the online offering, its functions and contents
  • Responding to contact requests and communicating with users
  • Security measures
  • Reach measurement/Marketing

Terminology Used

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

"Processing" means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and includes practically any handling of data.

"Pseudonymization" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures.

In accordance with Article 13 GDPR, we inform you about the legal basis of our data processing. For users within the scope of the GDPR (i.e., the EU and EEA), unless the legal basis is mentioned in the privacy policy, the following applies:

  • The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR
  • The legal basis for processing to fulfill our services and implement contractual measures is Article 6(1)(b) GDPR
  • The legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR
  • The legal basis for processing to protect our legitimate interests is Article 6(1)(f) GDPR

Security Measures

We take appropriate technical and organizational measures in accordance with Article 32 GDPR, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input, disclosure, security of availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, deletion of data, and response to data compromise.

Cooperation with Processors and Third Parties

If we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transmit data to them, or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g., if transmission of the data to third parties, such as payment service providers, is necessary for contract fulfillment), if users have consented, if a legal obligation provides for this, or on the basis of our legitimate interests.

Transfers to Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or Switzerland) or if this occurs in the context of using third-party services or disclosure or transfer of data to other persons or companies, this will only take place if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests.

Rights of Data Subjects

You have the right to:

  • Request confirmation of whether data concerning you is being processed
  • Receive information about this data and obtain a copy
  • Request correction or completion of incorrect or incomplete data
  • Request deletion of data concerning you
  • Request restriction of processing
  • Receive your data in a structured, common, and machine-readable format
  • File a complaint with the supervisory authority
  • Withdraw consent at any time with effect for the future

Right to Object

You may object to the future processing of your data at any time in accordance with statutory provisions. The objection may be filed in particular against processing for direct marketing purposes.

Cookies and Right to Object to Direct Marketing

"Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering.

Temporary cookies, or "session cookies" or "transient cookies," are cookies that are deleted after a user leaves an online offering and closes their browser. In such a cookie, the contents of a shopping cart in an online shop or a login status can be stored.

"Permanent" or "persistent" cookies are cookies that remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. The exclusion of cookies can lead to functional limitations of this online offering.

A general objection to the use of cookies used for online marketing purposes can be declared for many of the services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/.

Deletion of Data

The data processed by us will be deleted or their processing restricted in accordance with statutory provisions. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage obligations.

If the data are not deleted because they are necessary for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

Agency Services

We process our clients' data as part of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, campaign implementation and processes/handling, server administration, data analysis/consulting services, and training services.

In doing so, we process inventory data (e.g., customer master data such as names or addresses), contact data (e.g., email, phone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of contract, duration), payment data (e.g., bank details, payment history), usage and metadata (e.g., in the context of evaluating and measuring marketing activities).

Contractual Services

We process the data of our contractual partners and interested parties as well as other clients, customers, clients, or contractual partners (uniformly referred to as "contractual partners") in accordance with Art. 6(1)(b) GDPR to provide them with our contractual or pre-contractual services.

The data processed, the nature, scope, purpose, and necessity of their processing are determined by the underlying contractual relationship.

Administration, Financial Accounting, Office Organization, Contact Management

We process data in the context of administrative tasks as well as organization of our business, financial accounting, and compliance with legal obligations, such as archiving. Here we process the same data that we process in the course of rendering our contractual services.

Contact

When contacting us (e.g., via contact form, email, telephone, or social media), the user's information is processed for handling the contact request and its processing pursuant to Art. 6(1)(b) GDPR (in the context of contractual/pre-contractual relationships), Art. 6(1)(f) GDPR (other inquiries).

Hosting and Email Sending

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email sending, security services, and technical maintenance services that we use for the purpose of operating this online offering.

Collection of Access Data and Log Files

We, or our hosting provider, collect data on the basis of our legitimate interests within the meaning of Art. 6(1)(f) GDPR about every access to the server on which this service is located (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

Log file information is stored for security reasons (e.g., to investigate abuse or fraud) for a maximum of 7 days and then deleted.

Integration of Third-Party Services and Content

We integrate content or service offerings of third-party providers within our online offering based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), to integrate their content and services, such as videos or fonts.

Vimeo

We may integrate videos from the "Vimeo" platform provided by Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy Policy: https://vimeo.com/privacy.

Please note that Vimeo may use Google Analytics. We refer to the privacy policy (https://policies.google.com/privacy) and opt-out options for Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=en) or Google's settings for data use for marketing purposes (https://adssettings.google.com/).

YouTube

YouTube is a platform by Google Inc. for hosting and sharing videos. Through the embedded YouTube videos on our websites, YouTube sets cookies to present targeted advertising on Google websites. For this purpose, your cookie ID, IP address, device information, geolocation data, and your usage behavior are collected and processed by Google Inc. Cookies remain valid for up to six years.

For more information and how you can object to the processing of your personal data, please visit: https://www.google.com/intl/en/policies/privacy/.

Google Fonts

We integrate the fonts ("Google Fonts") provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Instagram

Within our online offering, functions and content of the Instagram service, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated. This may include content such as images, videos, or texts and buttons that allow users to share content from this online offering within Instagram.

If users are members of the Instagram platform, Instagram can associate the access to the above content and functions with the users' profiles there. Instagram Privacy Policy: http://instagram.com/about/legal/privacy/.