Arthur Audio Back to Site

Data Protection

Privacy Policy

Last updated: 29 December 2024

Preamble

With the following Privacy Policy, we would like to inform you about the types of your personal data, hereinafter also referred to simply as “data”, that we process, for which purposes and to what extent. This Privacy Policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles, hereinafter collectively referred to as the “online offer”.

The terms used are not gender-specific.

Table of Contents

  • Preamble
  • Controller
  • Overview of Processing
  • Relevant Legal Bases
  • Security Measures
  • General Information on Data Storage and Deletion
  • Rights of Data Subjects
  • Business Services
  • Provision of the Online Offer and Web Hosting
  • Use of Cookies
  • Contact and Inquiry Management
  • Communication via Messenger
  • Audio Content
  • Presences in Social Networks
  • Plugins, Embedded Functions and Content
  • Management, Organisation and Support Tools

Controller

Arthur Audio GbR
Authorized representatives: Julius Lotter, Konstantin Hagelüken
Email address: contactcinemaarthur@gmail.com
Imprint: imprint.html

Overview of Processing

The following overview summarizes the types of data processed, the purposes of their processing and the categories of data subjects concerned.

Types of Data Processed

  • Master data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication and procedural data.
  • Log data.

Categories of Data Subjects

  • Service recipients and clients.
  • Prospective customers.
  • Communication partners.
  • Users.
  • Business and contractual partners.

Purposes of Processing

  • Provision of contractual services and fulfilment of contractual obligations.
  • Communication.
  • Security measures.
  • Reach measurement.
  • Tracking.
  • Office and organisational procedures.
  • Conversion measurement.
  • Audience building.
  • Organisational and administrative procedures.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online offer and user friendliness.
  • Information technology infrastructure.
  • Public relations.
  • Business processes and business management procedures.

Relevant Legal Bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence or registered office may apply. If more specific legal bases are relevant in individual cases, we will inform you of this in this Privacy Policy.

  • Consent, Art. 6(1)(a) GDPR: The data subject has given consent to the processing of personal data concerning them for one or more specific purposes.
  • Performance of a contract and pre-contractual requests, Art. 6(1)(b) GDPR: Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation, Art. 6(1)(c) GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests, Art. 6(1)(f) GDPR: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that the interests, fundamental rights and freedoms of the data subject which require the protection of personal data do not override those interests.

National data protection regulations in Germany: In addition to the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). The BDSG contains special rules, among other things, on the right of access, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, transfers and automated decision-making in individual cases, including profiling. State data protection laws of the individual German federal states may also apply.

Reference to the applicability of the GDPR and the Swiss FADP: These privacy notices serve to provide information both under the Swiss Federal Act on Data Protection and under the GDPR. For this reason, please note that, due to broader territorial applicability and better understandability, the terms of the GDPR are used. In particular, instead of the terms “processing” of “personal data” as used in the Swiss FADP, and terms such as “overriding interest” and “particularly sensitive personal data”, the GDPR terms “processing” of “personal data”, “legitimate interest” and “special categories of data” are used. Within the scope of the Swiss FADP, however, the legal meaning of the terms continues to be determined by the Swiss FADP.

Security Measures

In accordance with legal requirements and taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, securing availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to threats to the data. We also take the protection of personal data into account during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default.

Securing online connections using TLS/SSL encryption technology, HTTPS: In order to protect users’ data transmitted via our online services from unauthorised access, we use TLS/SSL encryption technology. Secure Sockets Layer and Transport Layer Security are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user’s browser, or between two servers, thereby protecting the data from unauthorised access. TLS, as the further developed and more secure version of SSL, ensures that all data transmissions meet high security standards. If a website is secured by an SSL/TLS certificate, this is indicated by HTTPS in the URL. This indicates to users that their data is transmitted securely and encrypted.

General Information on Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consent is withdrawn or there are no further legal bases for processing. This applies to cases in which the original processing purpose no longer applies or the data is no longer required. Exceptions exist if legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons, must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that applies specifically to certain processing operations. If several retention periods or deletion deadlines apply to a data item, the longest period is always decisive.

If a period does not expressly begin on a specific date and is at least one year, it automatically begins at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships in which data is stored, the triggering event is the effective date of termination or other end of the legal relationship.

Data that is no longer required for the originally intended purpose, but is retained due to legal requirements or other reasons, is processed exclusively for the reasons that justify its retention.

Further Notes on Retention and Deletion

  • 10 years: Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets and the working instructions and other organisational documents required to understand them, accounting vouchers and invoices, according to German tax and commercial law.
  • 6 years: Other business documents, such as received commercial or business letters, copies of sent commercial or business letters and other documents relevant for taxation, including calculation documents, payroll-related documents where applicable and similar documents.
  • 3 years: Data required to take into account potential warranty and damages claims or similar contractual claims and rights, and to process related inquiries, based on prior business experience and common industry practices, is stored for the regular statutory limitation period of three years.

Rights of Data Subjects

As a data subject under the GDPR, you have various rights, in particular those arising from Articles 15 to 21 GDPR:

  • Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is based on Art. 6(1)(e) or Art. 6(1)(f) GDPR, including profiling based on those provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling insofar as it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw consent you have given at any time.
  • Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: You have the right to request completion of data concerning you or correction of inaccurate data concerning you in accordance with legal requirements.
  • Right to deletion and restriction of processing: You have the right, in accordance with legal requirements, to request that data concerning you be deleted immediately or, alternatively, to request restriction of processing.
  • Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format, or to request its transfer to another controller.
  • Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, workplace or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.

Business Services

We process data of our contractual and business partners, for example customers and prospective customers, collectively referred to as “contractual partners”, within the framework of contractual and comparable legal relationships as well as related measures and with regard to communication with the contractual partners, including pre-contractual communication, for example to answer inquiries.

We use this data to fulfil our contractual obligations. This includes, in particular, obligations to provide the agreed services, any update obligations and remedies in the event of warranty or other service disruptions. In addition, we use the data to protect our rights and for administrative tasks connected with these obligations and with company organisation. We also process data on the basis of our legitimate interests in proper and economically efficient business management, as well as security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information and rights. This may include the involvement of telecommunications, transport and other auxiliary services, subcontractors, banks, tax and legal advisers, payment service providers or tax authorities.

Within the scope of applicable law, we only pass on data of contractual partners to third parties insofar as this is necessary for the above-mentioned purposes or to fulfil legal obligations. Contractual partners are informed of further forms of processing, such as for marketing purposes, within this Privacy Policy.

We inform contractual partners which data is required for the above-mentioned purposes before or during data collection, for example in online forms by special markings, symbols or personal communication.

We delete the data after expiry of statutory warranty and comparable obligations, generally after four years, unless the data is stored in a customer account or must be retained for legal archiving reasons, such as for tax purposes, usually for ten years. Data disclosed to us by a contractual partner in the context of an order is deleted in accordance with the requirements and generally after completion of the order.

Processed data types: Master data, such as full name, address, contact information, customer number; payment data, such as bank details, invoices and payment history; contact data, such as postal and email addresses or telephone numbers; contract data, such as subject matter, duration and customer category.

Data subjects: Service recipients and clients, prospective customers, business and contractual partners.

Purposes: Provision of contractual services and fulfilment of contractual obligations, communication, office and organisational procedures, organisational and administrative procedures, business processes and business management procedures.

Legal bases: Performance of a contract and pre-contractual requests, legal obligations and legitimate interests.

Technical Services

We process the data of our customers and clients in order to enable them to select, acquire or commission the chosen services or works, as well as related activities, payment, provision, execution or performance. The required information is identified as such within the order, purchase or comparable contract process and includes the information needed for service provision and billing, as well as contact information for possible consultations. To the extent that we receive access to information of end customers, employees or other persons, we process it in accordance with legal and contractual requirements.

Provision of the Online Offer and Web Hosting

We process users’ data in order to provide our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

Processed data types: Usage data, such as page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions; meta, communication and procedural data, such as IP addresses, time information, identification numbers and involved persons; log data, such as log files relating to logins, retrieval of data or access times; and content data, such as textual or visual messages and posts and information relating to them.

Data subjects: Users, such as website visitors and users of online services.

Purposes: Provision of our online offer and user friendliness, information technology infrastructure, security measures, provision of contractual services and fulfilment of contractual obligations.

Legal bases: Legitimate interests.

Provision of the Online Offer on Rented Storage Space

For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider, also referred to as a web host.

Collection of Access Data and Log Files

Access to our online offer is logged in the form of server log files. Server log files may include the address and name of the accessed websites and files, date and time of access, transferred data volumes, notification of successful access, browser type and version, the user’s operating system, referrer URL, and generally IP addresses and the requesting provider. Server log files may be used for security purposes, for example to avoid server overload, especially in the event of abusive attacks, and to ensure server capacity and stability. Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further retention is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

Email Sending and Hosting

The web hosting services we use also include sending, receiving and storing emails. For these purposes, the addresses of recipients and senders as well as further information relating to email transmission and the contents of the respective emails are processed. This data may also be processed for spam detection. Please note that emails on the internet are generally not sent in encrypted form. As a rule, emails are encrypted during transport, but unless end-to-end encryption is used, they are not encrypted on the servers from which they are sent and received. We therefore cannot assume responsibility for the transmission path of emails between sender and receipt on our server.

1&1 IONOS

Services in the field of information technology infrastructure and related services, such as storage space or computing capacity. Provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. Website: https://www.ionos.de. Privacy policy: https://www.ionos.de/terms-gtc/terms-privacy.

Use of Cookies

The term “cookies” refers to functions that store information on users’ devices and read information from them. Cookies can be used for different purposes, such as the functionality, security and comfort of online offers and the creation of analyses of visitor flows. We use cookies in accordance with legal regulations. Where necessary, we obtain users’ consent in advance. If consent is not necessary, we rely on our legitimate interests. This applies where storing and reading information is essential in order to provide expressly requested content and functions. This includes, for example, storing settings and ensuring the functionality and security of our online offer. Consent can be withdrawn at any time. We provide clear information about the scope of cookies and which cookies are used.

With regard to storage duration, a distinction is made between temporary cookies, also called session cookies, which are deleted at the latest after a user leaves an online offer and closes the device or browser, and permanent cookies, which remain stored after the device or browser is closed. Permanent cookies can, for example, store login status or preferred content. Unless we provide users with specific information on the type and storage duration of cookies, users should assume that cookies may be permanent and may be stored for up to two years.

Users can withdraw consent they have given at any time and may also object to processing in accordance with legal requirements, including via their browser’s privacy settings.

Processing of Cookie Data on the Basis of Consent

We may use a consent management solution through which users’ consent to the use of cookies or to procedures and providers named within the consent management solution is obtained. This procedure serves to obtain, record, manage and revoke consent, particularly with regard to the use of cookies and comparable technologies that store, read and process information on users’ devices. Consent declarations are stored in order to avoid repeated requests and to be able to provide proof of consent in accordance with legal requirements. Unless specific provider information is available, the general retention period for consent is up to two years. A pseudonymous user identifier may be created and stored together with the time of consent, information on the scope of consent and information about the browser, system and device used.

External Media Consent

Instagram clips embedded on this website are not loaded automatically. They are blocked until users consent to external media. If consent is given, content from Instagram may be loaded and Instagram or Meta Platforms Ireland Limited may process personal data, including IP addresses, browser and device information, usage data and cookies or comparable technologies. Users can reject external media and access the clips directly via links instead.

The website stores the selected consent status locally in the user's browser using local storage under the key arthurAudioExternalMediaConsent. This storage is used only to remember whether external media has been accepted or rejected and can be changed via the “Cookie settings” link in the footer.

Contact and Inquiry Management

When contacting us, for example by post, contact form, email, telephone or social media, as well as within existing user and business relationships, the information provided by the persons making the inquiry is processed insofar as this is necessary to answer the contact requests and any requested measures.

Processed data types: Master data, contact data, content data, usage data and meta, communication and procedural data.

Data subjects: Communication partners.

Purposes: Communication, organisational and administrative procedures, feedback, provision of our online offer and user friendliness.

Legal bases: Legitimate interests, performance of a contract and pre-contractual requests.

Contact Form

When contacting us via our contact form, by email or by other communication channels, we process the personal data transmitted to us in order to answer and process the respective request. This generally includes information such as name, contact information and, where applicable, further information that is provided to us and is necessary for appropriate processing. We use this data exclusively for the stated purpose of contact and communication.

Communication via Messenger

We use messengers for communication purposes and therefore ask you to observe the following information on the functionality of messengers, encryption, the use of communication metadata and your options to object.

You can also contact us by alternative means, such as telephone or email. Please use the contact options provided to you or the contact options specified within our online offer.

In the case of end-to-end encryption of content, the message content and attachments are encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current messenger version with encryption enabled to ensure encryption of message content.

However, we also point out to our communication partners that messenger providers may not be able to view the content, but may learn that and when communication partners communicate with us, and may process technical information about the device used by communication partners and, depending on the settings of their device, location information, known as metadata.

If we ask communication partners for permission before communicating with them via messenger, the legal basis for our processing of their data is consent. Otherwise, if we do not ask for consent and communication partners contact us on their own initiative, we use messengers in relation to contractual partners and in the context of initiating contracts as a contractual measure, and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partners for communication via messenger. We also point out that we do not transfer contact details provided to us to the messenger for the first time without consent.

You may withdraw consent at any time and may request deletion in accordance with legal requirements.

Processed data types: Contact data and content data.

Data subjects: Communication partners.

Purposes: Communication.

Legal bases: Consent, performance of a contract and pre-contractual requests, and legitimate interests.

Audio Content

We use hosting offers from service providers to make our audio content available for listening and download. We use platforms that enable uploading, storing and distributing audio material.

Processed data types: Usage data, meta, communication and procedural data, and log data.

Data subjects: Users, such as website visitors and users of online services.

Purposes: Reach measurement, such as access statistics and recognition of returning visitors; conversion measurement; profiles with user-related information; provision of our online offer and user friendliness.

Legal bases: Legitimate interests.

SoundCloud

SoundCloud is a music hosting provider. Provider: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany. Website: https://soundcloud.com. Privacy policy: https://soundcloud.com/pages/privacy.

Spotify

Spotify may be used for podcast hosting, publication and management of podcast content, analysis of listening behaviour and statistics, and monetisation options for podcasters. Provider: Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden. Website: https://podcasters.spotify.com/. Privacy policy: https://www.spotify.com/de/legal/privacy-policy/.

Social Media Presences

We maintain online presences within social networks and process user data in this context in order to communicate with active users there or to provide information about us.

We point out that user data may be processed outside the European Union. This may create risks for users because, for example, enforcement of users’ rights may be made more difficult.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created on the basis of user behaviour and resulting interests. These profiles may then be used, for example, to display advertisements inside and outside the networks that presumably correspond to users’ interests. Cookies may therefore be stored on users’ computers, in which users’ usage behaviour and interests are stored. In addition, data may be stored in the usage profiles independently of the devices used by users, particularly if users are members of the respective platforms and are logged in.

For a detailed description of the respective processing operations and opt-out options, please refer to the privacy policies and information provided by the operators of the respective networks. We also point out that requests for information and the exercise of data subject rights can be most effectively asserted with the providers. Only the providers have access to users’ data and can take appropriate measures and provide information directly. If you nevertheless need assistance, you can contact us.

Processed data types: Contact data, content data and usage data.

Data subjects: Users, such as website visitors and users of online services.

Purposes: Communication, feedback and public relations.

Legal bases: Legitimate interests.

Instagram

Social network enabling the sharing of photos and videos, commenting on and favouring posts, messaging, and subscribing to profiles and pages. Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Website: https://www.instagram.com. Privacy policy: https://privacycenter.instagram.com/policy/. Basis for third-country transfers: Data Privacy Framework. Arthur Audio profile: https://instagram.com/arthur.audio.

Facebook Pages

Profiles within the social network Facebook. Together with Meta Platforms Ireland Limited, we are jointly responsible for the collection, but not the further processing, of data of visitors to our Facebook page, known as a fan page. This data includes information about the types of content users view or interact with, actions they take and information about the devices used by users, such as IP addresses, operating system, browser type, language settings and cookie data. Facebook also collects and uses information to provide page operators with analytics services, known as Page Insights, so that they can gain insights into how people interact with their pages and related content. Further information can be found in Facebook’s privacy policy and the information on Page Insights. Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Website: https://www.facebook.com. Privacy policy: https://www.facebook.com/privacy/policy/.

LinkedIn

Social network. Together with LinkedIn Ireland Unlimited Company, we may be jointly responsible for the collection, but not the further processing, of data from visitors that is used to create page insights for LinkedIn profiles. This may include information about the types of content users view or interact with, the actions they take, device details such as IP addresses, operating system, browser type, language settings and cookie data, as well as information from user profiles such as professional function, country, industry, seniority, company size and employment status. Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Privacy policy: https://www.linkedin.com/legal/privacy-policy. Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

YouTube

Social network and video platform. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: https://policies.google.com/privacy. Opt-out: https://myadcenter.google.com/personalizationoff.

Plugins, Embedded Functions and Content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers, hereinafter referred to as third-party providers. These may include, for example, graphics, videos or maps, hereinafter uniformly referred to as “content”.

The integration always requires that the third-party providers of this content process the IP address of users, since without the IP address the content could not be sent to their browser. The IP address is therefore required for the display of this content or functionality. We endeavour to use only content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use pixel tags, invisible graphics also referred to as web beacons, for statistical or marketing purposes. These pixel tags can be used to evaluate information such as visitor traffic on the pages of this website.

Management, Organisation and Tools

We may process data using management, organisation and support tools where this is necessary for business processes, administration, communication, project handling and the provision of our services.