privacy

Privacy Policy Statement

We are pleased that you are visiting our website and thank you for your interest. The protection of the personal data of our users is a central concern for us. Therefore, please take note of the following information

The following provisions inform you about the collection, processing and use of your personal data in connection with the visit and use of the services offered on our website.

This data protection declaration can be printed out and saved

I. Responsible person

The operator of the website https://www.andreasscholl.org is responsible for data collection, data processing and data usage in accordance with Art. 4 No. 7 GDPR:

Andreas Scholl
Friendship 7 Productions
Bingerpfortenstrasse 2
65399 Kiedrich

II. Basic Principles

We collect and process your personal data in compliance with the relevant statutory provisions, in particular the General Data Protection Regulation (hereinafter referred to as "GDPR") and the Federal Data Protection Act and in accordance with the following provisions.

III. Definition of Terms

1. Personal Data

Personal data is any information about an identifiable or identified natural person. This includes, for example, name, address, telephone number, e-mail address, IP address, user name, password, or the information viewed on websites by a visitor.

2. Concerned Person

Concerned person means any identified or identifiable natural person whose personal data is processed by the controller or his processor.

3. Processing

Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means. This includes the collection, recording, arrangement, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

4. Controller

The controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

5. Third Party

Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the people who, under the direct authority of the controller or the processor, are authorized to process the personal data.

6. Consent

Consent shall mean any freely given specific and informed expression of the data subject's will in an informed and unequivocal manner, in the form of a declaration or other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.

IV. Collection, processing and use of your personal data

1. Server Log Files

Each time our website is accessed, certain usage data is transmitted by the respective internet browser and stored in log files, the so-called server log files. These are the following data:

date and time of your access to our website
IP address of the requesting computer
name and URL of the retrieved file
data volume transferred
message whether the retrieval was successful
identification data of the browser and operating system used
website from which the access is made
name of your internet access provider

The collection and processing of this data is done for the purpose of enabling you to use our website (connection establishment), to ensure system security, to technically manage the network infrastructure, to provide information to law enforcement agencies in the event of a cyber attack or misuse and to optimise our offer. When you leave our website, this data is deleted, subject to any legal or official storage obligations. The legal basis for the collection, storage and use of this data is our legitimate interest in being able to provide you with the information on our website without interference and to guarantee the necessary security (Art. 6 para. 1 sentence 1 lit. (f) GDPR).

2. Contacting us

If you contact us by e-mail, we collect, store and process your e-mail address, your name and the content of your message. If you give us your address and other contact details, we also store and process this data.

Please note that this additional data, which you have voluntarily provided, is not necessary for us to answer your messages and please check carefully whether you wish to provide us with this data.

We store and use your personal data for the purpose of answering your questions or processing your messages or for further subsequent questions or communication. After communication with you has ended, this data will be deleted – subject to any legal or official obligations to retain data or the legitimacy of processing the data on another legal basis. This happens at the latest after one year since we have communicated with you for the last time.

3. Cookies

To make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. Cookies are small text files that are stored on your end device and store certain settings and data for exchange with our system via your browser.

We solely use required cookies. Required cookies help us to make our website technically ac-cessible and usable for you. Essential basic functionalities such as navigation on the website, the correct display in your internet browser or this consent management are only possible because of the cookies we use. Our website cannot function without these cookies. The legal basis for the storage of necessary cookies is our legitimate interest in a technically error-free and optimised provision of this website (Art. 6 para. 1 p. 1 lit. (f) GDPR).

You have the option of either agreeing to the use of all cookies or making an individual selec-tion. Of course, you can also generally set your Internet browser so that it does not accept cookies. Corresponding information on the procedure can usually be taken via the help function of your Internet browser. However, we would like to point out that in this case the functions of this website may only be available to a limited extent.

4. Plugins and Tools

a. Youtube

This website incorporates content from YouTube. YouTube is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The integration of YouTube content is based on Art. 6 para.1 sentence 1 lit. (f) GDPR. We have a legitimate interest in the integration, as this way we can let you participate in our creative work.

With regards to YouTube videos, which are integrated on our website, the extended data protection setting is activated. This means that information from website visitors is only collected and stored in the event that YouTube is playing the video. Otherwise, no data is collected by YouTube.

If you would like to prevent the tracking cookies from being set when videos are playing, you can prevent cookies from being saved by making the appropriate setting in your browser software. However, we would like to point out that in this case the functions of this website cannot be used to their full extent.

For the purpose and scope of data collection and the further processing and use of data by the providers as well as your rights and setting options for the protection of your privacy, please refer to Youtube’s privacy policy.

Since YouTube is a US company, reference is made to the recent judgment of the European Court of Justice (ECJ) of 16 July 2020 – C-311/18 ("Schrems 2"), in which the court declared the main basis for data transfers between the EU and the USA to be invalid (see below, VII).

b. Vimeo

This website integrates content from the video portal Vimeo. Vimeo is operated by Vimeo Inc. 555 West 18th Street, New York, New York 10011, USA. The integration of Vimeo content is based on Art. 6 para.1 sentence 1 lit. (f) GDPR. We have a legitimate interest in the integration, as it allows us to let you participate in our creative work.

The use of the Vimeo Internet services integrated on our website is only possible if you have given your express consent to the collection of data by Vimeo. Therefore, when you visit one of our pages that is equipped with a Vimeo plug-in, we ask you whether you consent to data collection by Vimeo.

If you refuse, you will not be able to use the Vimeo Internet services. This is because data transfer from the EU to the Vimeo servers located in the USA is only legally permissible if the person concerned has given his or her express consent.

Since Vimeo is a US company, reference is made to the recent judgment of the European Court of Justice (ECJ) of 16 July 2020 – C-311/18 ("Schrems 2"), in which the court declared the main basis for data transfers between the EU and the USA to be invalid (see below, VII).

If you are logged in to your Vimeo account when you visit our website, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.

For more information about Vimeo's use of data, please see Vimeo’s privacy policy.

c. Dacast

This website integrates contents and services of the streaming portal Dacast. Dacast is operated by Dacast Inc, 1175 Folsom Street, San Francisco, CA 94103, USA. The integration of the services of Dacast is based on Art. 6 para.1 sentence 1 lit. (f) GDPR. We have a legitimate interest in the integration, as this way we can allow you to participate in our artistic work. The use of the Dacast internet services integrated on our website is only possible if you have given your express consent to the collection of data by Dacast. If you visit one of our pages which is equipped with a Dacast plug-in, we will ask you whether you agree to the collection of data by Dacast. If you refuse this, you will not be able to use the internet services of Dacast.

If you are logged into your Dacast account when visiting our website, you enable Dacast to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Dacast account. Further information on data use by Dacast can be found in Dacast’s privacy policy.

Dacast does not only provide a comprehensive privacy policy, but also declares to make all necessary efforts in order to comply fully with the requirements and standards of the GDPR.

Since Dacast is a US company, reference is made to the recent judgment of the European Court of Justice (ECJ) of 16 July 2020 – C-311/18 ("Schrems 2"), in which the court declared the main basis for data transfers between the EU and the USA to be invalid (see below, VII).

Online marketing

Links from Amazon.com are included on the website. If you follow the link, some of your personal data will be transferred to Amazon. The integration of links to Amazon is based on Art. 6 para.1 sentence 1 lit. (f) GDPR. We have a legitimate interest in the integration, as this enables us to provide you with more detailed information on the products we offer.

Further information on data use by Amazon can be found in Amazon’s privacy policy.

Since Amazon is a US company, reference is made to the recent judgment of the European Court of Justice (ECJ) of 16 July 2020 – C-311/18 ("Schrems 2"), in which the court declared the main basis for data transfers between the EU and the USA to be invalid (see below, VII).

Social Media

On our website there are links to Twitter and Facebook.

Facebook is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
Twitter is operated by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

The legal basis for the use of these links to third-party websites is Art. 6 para.1 sentence 1 lit. (f) GDPR. We have a legitimate interest in the linking, as this way we can inform you about new projects and concert plans and let you participate in our artistic development. We can also use these Internet services to enter into an exchange with you.

If you are logged in to one of the above services, the operator of the service in question can assign your visit to our website to your personal user account. If you do not wish this, you can prevent such an assignment if you log out of the relevant service before visiting our website. Further information on the use of data by the aforementioned Internet services can be found in the privacy policy of the respective operator concerned: Facebook; Twitter

Since Facebook and Twitter are US companies, reference is made to the recent judgment of the European Court of Justice (ECJ) of 16 July 2020 – C-311/18 ("Schrems 2"), in which the court declared the main basis for data transfers between the EU and the USA to be invalid (see below, VII).between the EU and the USA to be invalid, see below, VII.

V. rights of the Data Subjects

As a person affected by the data processing, you are entitled to the following rights:

1. The right to revoke consents granted pursuant to Art. 7 para. 3 GDPR

If you have given us permission to collect and process your data, you can revoke this permission at any time with effect for the future. The legality of the processing of your data in the past until the revocation remains unaffected. Please note that we may continue to collect and process your data despite revocation if this is necessary and permissible on another legal basis (e.g. to fulfil a contractual relationship with you, because of a legitimate interest, because of a legal obligation).

2. Right of information pursuant to Art. 15 GDPR

You have the right to request information about the personal data we have stored about you. This includes, in particular, information on the purposes of the processing, the categories of personal data processed, the categories of recipients to whom your data has been or will be disclosed, the duration of the storage, the existence of a right of correction, deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on the details thereof. You also have the right to obtain a copy of the personal data processed by us.

3. Right of rectification pursuant to Art. 16 GDPR

You have the right to demand from us the immediate correction of incorrect personal data and the completion of incomplete personal data.

4. Right to cancellation ("right to be forgotten") pursuant to Art. 17 GDPR

You have the right to request us to delete your personal data in accordance with legal requirements. Insofar as the deletion conflicts with legal and official storage obligations or the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims, the processing of the data will be restricted.

5. Right to restrict processing pursuant to Art. 18 GDPR

You have the right to demand that we restrict the processing of your personal data, i.e. mark the data and restrict its future processing (blocking), subject to the legal requirements.

6. Right to data transmission pursuant to Art. 20 GDPR

You have the right to demand that we transfer the personal data provided by you to you or to a person responsible designated by you in a common, structured and machine-readable format.

7. Right of objection pursuant to Art. 21 GDPR

You have the right to object at any time to the processing of your personal data for advertising purposes ("advertising objection"). You also have the right to object at any time to the processing of your data by us, provided that is based on the legal basis of "legitimate interest". We will then stop processing the data, unless we can – in accordance with the legal requirements – prove compelling reasons for further processing worthy of protection, which outweigh your rights.

8. Right of appeal to the competent supervisory authority pursuant to Art. 77 GDPR

You can lodge a complaint with the competent supervisory authority if you believe that the processing of your data violates applicable law. You have the option of contacting the data protection authority responsible for your place of residence or your country or the data protection authority responsible for us.

VI. Miscellaneous

This privacy policy is current and valid as of August 2020 and may need to be amended as a result of the further development of our website and offers on it or due to changes in legal or official requirements. You can call up and print out the current data protection declaration at any time on the website at www.andreasscholl.org.

VII. Reference to the judgment of theEuropean Court of Justice (ECJ) of 16.07.2020 - C-311/18 ('Privacy Shield')

The transfer of personal data from the European Union (EU) to the US was subject of the ECJ judgment of 16 July 2020 – C-311/18 ("Schrems 2"). In its judgment, the ECJ declared a central instrument of the data protection concept, the Privacy Shield, to be inadmissible with regard to the issue of transatlantic data transfers. By contrast, so-called Standard Contractual Clauses (SCC) used by US companies could remain valid if an adequate level of protection is guaranteed by them.

However, this is to be determined by the person responsible or the person working on behalf of the company by means of a case-by-case examination. The ECJ ruled that U.S. companies storing data on US servers may not guarantee an adequate level of data protection. This is due to the comprehensive examination rights of U.S. authorities, against which EU citizens also do not have adequate legal protection. In the aforementioned decision, the specific issue was Section 702 of the Foreign Intelligence Surveillance Act (FISA 702), which entitles authorities to have data access to electronic communications services of non-US citizens even without a court order and legal protection and remedy.

The decision is available at: http://curia.europa.eu/juris/liste.jsf?language=de&num=C-311/18

At present, a data protection declaration can do no more than provide information about these processes. As soon as the European supervisory authorities have clarified under which circumstances data transfer from the EU to the USA is permitted, we will adapt our website accordingly and align it with the new EU requirements.