Menu
Privacy policy
This privacy policy provides information on the processing of personal data on the website of SPV GmbH.
1. Name and contact details of the responsible person
Responsible:
SPV Schallplatten, Produktion und Vertrieb GmbH
Boulevard der EU 8
30539 Hannover
Germany
Managing Directors: Frank Uhle, Manuel Schönfeld
Contact:
phone: +49 511 8709 0
Mail: contact@spv.de
Contact details of the Data Protection Officer:
The data protection officer of the law office can be reached under the above-mentioned law office and under dsb_dpo@spv.de.
2. Scope and purpose of the processing of personal data
2.1 Calling this website
When calling this website www.spv.de, the Internet browser used by the visitor automatically sends data to the server of this website and stores it in a log file for a limited time. Until the automatic deletion, the following data is stored without further input of the visitor:
– IP address of the visitor’s terminal,
– date and time of access by the visitor,
– Name and URL of the page accessed by the visitor,
– Website from which the visitor arrives at the company’s website (so-called referrer URL),
– Browser and operating system of the visitor’s terminal and the name of the access provider used by the visitor.
The processing of these personal data is acc. Article 6 (1) (1) (f) of the General Data Protection Regulation (GDPR). The company has a legitimate interest in the processing of data for the purpose of
– build up the connection to the website of the company quickly,
– to enable a user-friendly application of the website,
– to identify and ensure the safety and stability of the systems and
– to facilitate and improve the administration of the website.
The processing is not for the purpose of gaining knowledge about the person or any personal data of the visitor of the website.
2.2 External hosting
This website is hosted by an external service provider. The personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website. In particular, data on payment transactions and creditworthiness are collected and stored.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).
Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.
We use the following hoster:
Strato AG
Otto-Ostrowski-Straße 7
10247 Berlin
In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster. Information on data protection and the legal framework of Strato AG can be found under the following link: https://www.strato.de/privacy-policy
2.2 External Webshop
Our webshop is hosted and operated by an external service provider. The personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).
Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.
We use the following hoster:
Music-Shop Online GmbH
In de Tarpen 47
22848 Norderstedt
In order to ensure data protection-compliant processing, we have concluded an order processing contract with our service provider. Information on data protection and the legal framework of Music-Shop Online GmbH can be found under the following link: https://www.music-shop24.eu
3. Disclosure of data
Personal data will be transmitted to third parties, if
In all other cases, personal data will not be disclosed to third parties.
Among other things, we use tools from companies based in third countries that are not secure under data protection law, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to these states and processed there. We would like to point out that in third countries that are insecure in terms of data protection law, no level of data protection comparable to that in the EU can be guaranteed.
We would like to point out that the USA, as a secure third country, generally has a level of data protection comparable to that of the EU. Data transfer to the USA is therefore permitted if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has suitable additional guarantees. Information on transfers to third countries, including the data recipients, can be found in this Privacy Policy.
4. Enquiry by e-mail or telephone
If you contact us by e-mail or telephone, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested; the consent can be revoked at any time.
The data you send us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
5. Cookies
Cookies are used on the website. These are data packets that are exchanged between the server of the company’s website and the visitor’s browser. These are stored when visiting the website of the devices used in each case (PC, notebook, tablet, smartphone, etc.). Cookies can not cause any damage on the used devices. In particular, they contain no viruses or other harmful software. In the cookies, information is stored, each resulting in connection with the specific terminal used. The company can never obtain knowledge of the identity of the visitor to the website.
Cookies are largely accepted according to the basic settings of the browser. The browser settings can be set up so that cookies are either not accepted on the devices used, or that a special notice is given before a new cookie is created. It should be noted, however, that the deactivation of cookies may result in not all the features of the website being used in the best possible way.
The use of cookies serves to make the use of the website of the company more comfortable. For example, session cookies can be used to track whether the visitor has already visited individual pages on the website. After leaving the website, these session cookies are automatically deleted.
To improve usability, temporary cookies are used. They are stored on the visitor’s device for a temporary period. When the website is visited again, it automatically recognizes that the visitor has already visited the site at an earlier point in time and what inputs and settings have been made so that they do not have to be repeated. The data processed by cookies are for the purpose of ensuring the legitimate interests of the company acc. Article 6 (1) (1) (f) GDPR.
In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies are also used to analyze website views for statistical purposes and for the purpose of improving the offer. These cookies allows us to recognize on a new visit automatically that the website has already been accessed by the visitor. An automatic deletion of cookies takes place here after a specified time. Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately in this data privacy declaration and request your consent.
Consent Management: Borlabs Cookie
This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consents.
Borlabs Cookie is a product of
Borlabs GmbH
Hamburger Str. 11
22083 Hamburg
You can find more information about the data protection of Borlabs GmbH at https://de.borlabs.io/datenschutz/ .
Borlabs Cookie does not process or store any personal data.
The cookie borlabs-cookie stores your consents that you gave when entering the website. If you wish to revoke these consents, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.
6. Use of Meta Group Links (Facebook/Instagram)
Elements of the social networks Facebook and Instagram are integrated on this website. The provider of these services is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Meta, the data collected is also transferred to the USA and other third countries.
An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=en_EN .
When the social media element is active, a direct connection is established between your end device and the Facebook or Instagram server. Facebook/Instagram thereby receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook or Instagram account, you can link the content of this website on your Facebook or Instagram profile.
This allows Facebook/Instagram to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. You can find more information on this in Facebook’s privacy policy at: https://facebook.com/privacy/explanation or Instagram’s privacy policy at: https://instagram.com/about/legal/privacy/ .
Insofar as consent has been obtained, the above-mentioned service is used on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. Insofar as no consent has been obtained, the use of the service is based on our legitimate interest in achieving the greatest possible visibility in social media.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook/Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Meta. The processing by Meta that takes place after the forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum.
According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for the data protection-secure implementation of the tool on our website. Meta is responsible for the data security of the Facebook and Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook or Instagram. If you assert the data subject rights with us, we are obliged to forward them to Meta
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum ,
https://facebook.com/help/566994660333381, https://help.instagram.com/519522125107875, and https://www.facebook.com/policy.php .
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further
For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000GnywAAC&status=Active .
7. LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you would like to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs .
For details on their handling of your personal data, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy .
8. Embedded YouTube videos and our YouTube Profile
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.
We use YouTube in conjunction with the Enhanced Privacy Mode feature to show you videos. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the quality improvement of our website. The Enhanced Privacy Mode feature, according to YouTube, means that the data specified below will only be transmitted to the YouTube server when you actually start a video. Without this “Enhanced Privacy,” you will be connected to the YouTube server in the United States as soon as you visit one of our websites that embed a YouTube video.
This connection is required in order to be able to display the respective video on our website via your Internet browser. In the course of this, YouTube will at least collect and process your IP address, the date and time as well as the website you are visiting. It also connects to Google’s DoubleClick ad network.
If you’re logged in to YouTube at the same time, YouTube will provide the connection information to your YouTube account. If you want to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.
For the purpose of functionality as well as for the analysis of user behavior, YouTube permanently stores cookies via your Internet browser on your device. If you do not agree with this processing, you have the option to prevent the storage of cookies by a setting in your Internet browser. For more information, see “Cookies” above.
Further information about the collection and use of data as well as your related rights and protections when using Youtube are available on Google at https://policies.google.com/privacy .
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/ .
More information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en .
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards for data processing in the USA. Each company DPF is obligated to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active .
9. Google Analytics
This website uses for the optimization and analysis of our online offer the “Google Analytics” service offered by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, in Europe represented by Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, Irland.
Due to our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR. The service (Google Analytics) uses “cookies” – text files (see above) that are stored on your device. The information collected by the cookies is usually sent to a Google server in the US and stored there.
Google uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 DSGVO) as the basis for data processing for recipients based in third countries (outside the European Union, i.e. in particular in the USA) or data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.
On this website accesses the IP anonymization. The IP address of the users is shortened within the member states of the EU and the European Economic Area and in the other contracting states of the agreement. Only in individual cases, the IP address is initially transferred unabridged to the United States to a Google server and shortened there. This reduction eliminates the personal reference of your IP address. The user’s IP address provided by the browser will not be combined with other data stored by Google.
Under the terms of the Data Processing Agreement, which we have created as a website operator with Google Inc., the information we collect will be used to compile an evaluation of website activity and website activity, and to provide services related to internet usage.
The data collected by Google on our behalf will be used to evaluate the use of our online offering by individual users, such as: For example, to generate activity reports on the website to improve our online offering.
You have the option to prevent the storage of cookies on your device by making the appropriate settings in your browser. There is no guarantee that you will be able to access all features of this website without restriction if your browser does not allow cookies.
Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. The following link leads you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=de
Alternatively, by clicking on this link you prevent Google Analytics from collecting data about you within this website. By clicking on the link above you download an “opt-out cookie”. Your browser must allow cookies to be stored. If you delete your cookies regularly, you will need to click on the link each time you visit this website.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/ .
More information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en .
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards for data processing in the USA. Each company DPF is obligated to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active .
Please find here more information on data usage by Google Inc .:
10. Google Maps
We use Google Maps (API) from Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, in Europe represented by Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, Irland.
Google Maps is a web service for displaying interactive (land) maps in order to visually present geographical information. By using this service, you will be shown our location and it will be easier for you to find us.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. At Google Maps, your browser loads the necessary web fonts into your browser cache in order to display texts and display fonts correctly.
The use of Google Maps is in the interest of an attractive presentation of our online offers and an easy offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent allows the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/ .
More information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en .
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards for data processing in the USA. Each company DPF is obligated to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active .
If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used.
Please find here more information on data usage by Google Inc .:
11. Newsletter
Newsletter data
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legitimacy of the data processing data processing operations already carried out remains unaffected by the revocation.
The data you provide us with for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to exist. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.
Data that has been stored by us for other purposes remains unaffected by this.
After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist if necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
12. Your rights as a data subject
As far as your personal data is processed during the visit of our website, you have the following rights as a “data subject” within the meaning of the GDPR.
12.1 Information
You can ask us for information about whether personal data is processed by us. No right of access exists if the granting of the coveted information against the duty of confidentiality acc. § 83 StBerG would violate or the information for other reasons, in particular because of a predominant legitimate interest of a third party, must be kept secret. Deviating from this, there may be an obligation to provide the information if your interests outweigh the interests of secrecy, in particular taking into account any imminent damage. The right of access is also excluded if the data are stored only because they may not be deleted due to statutory or statutory retention periods or serve exclusively for purposes of data protection or data protection control, if the disclosure of information would require a disproportionate effort and processing other purposes is excluded by appropriate technical and organizational measures. If in your case the right to information is not excluded and your personal data are processed by us, you can ask us for information about the following information:
Correction and completion
If you detect that we have inaccurate personal information, you may require us to promptly correct this incorrect information. In case of incomplete personal data concerning you, you can request the completion.
12.2 Deletion
They are entitled to be deleted (“right to be forgotten”), unless the processing is necessary for the exercise of the right to freedom of expression, the right to information or to fulfill a legal obligation or to perform a task of public interest and one of the following is true:
There is no entitlement to cancellation if, in the case of legitimate non-automated data processing, deletion is not possible or only possible with disproportionately high outlay due to the special nature of the storage and your interest in deletion is low. In this case, the deletion is replaced by the restriction of processing.
12.3 Restriction of processing
You may require us to restrict processing if any of the following applies:
Restriction of processing means that the personal data will be processed only with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest. Before we lift the restriction, we have a duty to inform you.
12.4 Data portability
You have the right of data transferability if the processing is based on your consent (Article 6 (1) sentence 1 (a) or Article 9 (2) (a) GDPR) or on a contract to which you are a party and the processing is done using automated procedures. The right to data portability in this case includes the following rights, provided that this does not affect the rights and freedoms of others: You may require us to receive the personal information you provide us in a structured, common and machine-readable format , You have the right to transfer this data to another person without hindrance on our part. If technically feasible, you may require us to transfer your personal information directly to another person in charge.
12.5 Opposition
Insofar as the processing is based on Article 6 (1) sentence 1 (e) of the GDPR (exercise of a task in the public interest or in the exercise of official authority) or on Article 6 (1) (1) (f) GDPR (legitimate interest of the controller or a third party), you have the right, at any time, to object to the processing of the personal data concerning you for reasons of your particular situation. This also applies to a profiling based on Art. 6 (1) sentence 1 letter e) or letter f) of the GDPR. After exercising your right to object, we will no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.
You may at any time object to the processing of the personal data relating to you for direct marketing purposes. This also applies to a profiling associated with such direct mail. After exercising this right of objection, we will no longer use the personal data concerned for direct marketing purposes.
You have the option of informing us informally, by telephone, by e-mail, if necessary by fax or to our postal address listed at the beginning of this data protection policy.
12.6 Revocation of Consent
You have the right to revoke your consent at any time with effect for the future. The revocation of the consent can be communicated by phone, by e-mail, possibly by fax or to our postal address informal. The revocation does not affect the lawfulness of the data processing which has taken place on the basis of the consent until receipt of the revocation. Upon receipt of the revocation, the data processing, which was based solely on your consent, is set.
12.7 Complaint
If you believe that the processing of your personal information is unlawful, you may lodge a complaint with a data protection supervisory authority that has jurisdiction over your place of residence or employment or the location of the alleged breach.
13. Status and Update of this Data privacy policy
This data protection policy is as of August, 7th 2023. We reserve the right to update the privacy statement in due course to improve data protection and / or adapt it to changes in regulatory practice or jurisdiction.
