Data Protection Statement
Privacy policy pursuant to DSGVO [GDPR]
I. Data controller name and contact details
The data controller as defined by the GDPR, other national data privacy laws of member states as well as other data privacy regulations is:
Gesellschaft zur Verwertung von Leistungsschutzrechten mbHPodbielskiallee 6414195 BerlinGermanyPhone: +49 30 48483-600E-mail: infomail@gvl.deWebsite: www.gvl.de
II. Data protection officer contact details
Our in-house data protection officer can be reached under:
Datenschutzbeauftragter [Data Protection Officer]Gesellschaft zur Verwertung von Leistungsschutzrechten mbH Podbielskiallee 6414195 BerlinGermanyPhone: +49 30 48483600E-mail: datenschutz@gvl.deWebsite: www.gvl.de
III.General information in relation to data processing
1. Scope of personal data processing
We generally only process your personal data for the purpose of delivering a functional website, as well as presenting our content and delivering our services. We will process your personal data periodically where we have your consent for us to do so. An exemption applies in such cases where obtaining previous consent is genuinely not possible for reasons of fact and where the processing of the data is permitted by legal provisions.
2. Legal basis for the processing of personal data
Art. 6 para 1 (a) of the EC Datenschutzgrundverordnung (DSGVO) [General Data Protection Regulation (GDPR)] shall serve as the relevant legal basis where we obtain your consent for processing your personal data.
Art. 6 para 1 (b) of the GDPR shall serve as the relevant legal basis for processing your personal data required for the purpose of performing a contract with you. This also applies to data processing required for the purpose of performing pre-contractual obligations.
Art. 6 para 1 (c) of the GDPR shall serve as the relevant legal basis where processing personal data is required in order for us to comply with a legal obligation.
Art. 6 para 1 (f) of the GDPR shall serve as the legal basis for processing where the processing of your data is required for to protect our legitimate interest or that of a third party, and provided your constitutional rights and freedoms do not override this legitimate interest.
3. Data deletion and storage duration
Your personal data will be deleted or anonymised as soon as the purpose for which we store it ceases to apply. Personal data may be stored for longer insofar as the data is required to comply with European or member state legislations, European regulations, statutory provisions and other provisions that apply to the data controller. The deletion or anonymisation of data is also carried out upon expiry of the legally prescribed term, unless there is a requirement to retain the data in order to complete an outstanding contract or contractual performance.
IV. Website provision and log file creation
1. Data processing description and scope
There is an automated process by way of which our systems process data and information about the computer system each time it accesses our website.
The following data is collected:
browser type and browser version
Operating system of the computer used
ISP used
Date and time the site is accessed
Websites accessed by the used computer system prior to the visit of our website
Websites accessed by the used computer system via our website
The collected data is also stored in our own system log files. We do not store your IP addresses or other data allowing you to be identified personally. The storage and combination of this data and other personal data does not take place.
2. Legal basis for data processing
The legal basis for the temporary storage of data is Art. 6 para 1 (f) of the GDPR.
3. Data processing purpose
The temporary storage of the IP address by the system is necessary in order to deliver our web pages to your computer. It requires storing your IP address for the duration of your session.
For these purposes we have a legitimate interest to process your data as set out in Art. 6 para 1 (f) of the GDPR.
4. Storage limitation
The data will be deleted when it is no longer needed for the purpose it was originally captured. In the case of data collection in relation to the delivery of a webpage, this deletion occurs after the session has ended.
5. Withdrawing consent and data deletion
Collection of the data to deliver the website and data storage on log files is absolutely essential for operating the web pages. Consequently you do not have the option to withdraw your consent.
V. Use of cookies
a) Data processing description and scope
Our website uses cookies. Cookies are small text files which are stored, respectively, in or by the browser on your computer system. Whenever you access a webpage, a cookie can be stored on your operating system. This cookie contains a unique string of characters which enables a clear identification of the browser when you access the website again.
We use cookies in order to make our website user-friendly. Some elements of our pages require the identification of the browser whenever a new page is accessed on our website.
b) Legal basis for data processing
The legal basis for processing personal data using cookies is set out in Art. 6 para 1 (f) of the GDPR.
c) Data processing purpose
Technically necessary cookies have the purpose to simplify the use of websites for you. Some of the functionality on our website cannot be offered without the use of cookies. These require for your browser to be identified even when you move from one page to the next.
User data gathered via technically necessary cookies is not used in order to create user profiles.
Analysis cookies are needed in order to improve the quality of our websites and of our content. With analysis cookies we can establish how our site is being used allowing us to improve our offering on an ongoing basis.
For these purposes it is in our legitimate interest to process personal information as set out in Art. 6 para 1 (f) of the GDPR.
d) Storage limitation, withdrawal of consent and data deletion
Cookies are stored on your computer and delivered by it to our pages. As a result you have full control over the use of cookies. By changing the settings on your internet browser you can deactivate or limit the transfer of cookies. Cookies that are already stored can be deleted at any time. This can also take place automatically. Disabling some of the cookies for our website may reduce the full use of some functionality on the website.
VI. Registration for the online rights administration agreement
1. Data processing description and scope
We offer you the option to register for entering into a rights administration agreement by providing personal data on our website. Through this process data is collected via an input screen and transmitted to us for storage. No data is passed on to third parties. The following data is captured as part of the registration process to execute a rights administration agreement:
Personal master data (name, first name, maiden name,...)Address dataContact detailsInformation on your artistic activityPayment detailsTax details
6. Legal basis for data processing
The legal basis for processing data relating to the completion of a rights administration agreement resp. the performance of pre-contractual measures is set out in Art. 6 para 1 (b) of the GDPR.
7. Data processing purpose
Registration is required so we can execute and perform a rights administration agreement with you or perform pre-contractual obligations.
The company [i.e. us] requires your personal data to administer the rights which you assign to us in our fiduciary capacity under the agreement and for the payment of any entitlements which may result from the assignment of these rights.
8. Storage limitation
The data will be deleted when it is no longer needed for the purpose it was originally captured.
This is the case – during the application process, at completion, during the fulfilment of the rights administration agreement or pre-contractual obligations – in such cases where the data is no longer required to execute the rights administration agreement. A requirement to store personal data of the contracting party can exist after execution of the rights administration agreement in order to comply with non-contractual obligations or legal requirements.
9. Withdrawing consent and data deletion
Early deletion of data needed for the execution and performance of the rights administration agreement or the fulfilment of contractual obligations is only possible provided the deletion does not contravene contractual or legal obligations.
VII.Usage of the artist portal artsys.gvl
1. Data processing description and scope
By accessing https://www.artsys.gvl.de, you can, if you are an artist eligible for rights administration, register your contributions to productions. You can also amend a part of your personal data which is stored there and accessible to you. Through this process data is collected via an input screen and transmitted to us for storage. Data is passed on to third parties in the case of international rights management. The following data will be processed as part of using the artist portal artsys.gvl:
Personal master data (name, first name, maiden name,...)Address dataContact detailsCustomer numberInformation on your artistic activityPayment detailsTax details
2. Legal basis for data processing
The legal basis for processing data in the context of using the artist portal artsys.gvl relating to the performance of the rights administration agreement is set out in Art. 6 para 1 (b) of the GDPR.
3. Data processing purpose
We will not be in a position to determine whether you are entitled to receive remuneration which can arise from the use of the rights assigned as part of the rights administration agreement before you have registered your contributions to productions.
4. Storage limitation
The data will be deleted when it is no longer needed for the purpose it was originally captured.
This is the case whenever the data for the performance of the rights administration agreement is no longer required. There is, however, the possibility that the storage of your personal data is also necessary after the rights administration agreement has expired in order to meet contractual or legal obligations.
5. Withdrawing consent and data deletion
Early deletion of data needed for the performance of the rights administration agreement is only possible provided the deletion does not contravene contractual or legal obligations.
VIII. Usage of the producer portal label.gvl
1. Data processing description and scope
By accessing https://label.gvl.de, you can, if you are a producer of sound recordings eligible for rights administration, register your repertoire. You will obtain an overview of your recordings and their broadcast minutes. You can also amend a part of your personal data which is stored there and accessible to you. Through this process data is collected via an input screen and transmitted to us for storage. Data is passed on to third parties in the case of international rights management and in the case of rights ownership conflicts described in the terms and conditions of use. The following data will be processed as part of using the producer portal label.gvl:
Personal master data (name, first name, maiden name,...)Address dataContact detailsCustomer numberDetails on rights ownership Payment detailsTax details
2. Legal basis for data processing
The legal basis for processing data in the context of using the producer portal label.gvl relating to the performance of the rights administration agreement is set out in Art. 6 para 1 (b) of the GDPR.
3. Data processing purpose
We will not be in a position to determine whether you are entitled to receive remuneration which can arise from the use of the rights assigned as part of the rights administration agreement before you have registered your rights ownerships in the recordings.
4. Storage limitation
The data will be deleted when it is no longer needed for the purpose it was originally captured.
This is the case whenever the data for the performance of the rights administration agreement is no longer required. There is, however, the possibility that the storage of your personal data is also necessary after the rights administration agreement has expired in order to meet contractual or legal obligations.
5. Withdrawing consent and data deletion
Early deletion of data needed for the performance of the rights administration agreement is only possible provided the deletion does not contravene contractual or legal obligations.
IX. Contact form and e-mail contact
1. Data processing description and scope
On our homepage there is a form that can be used to contact us electronically. When you use this functionality, data you provide via the input screen will be passed on to us and subsequently stored. This data includes:
NameE-mail addressPhone numberGVL ID
During the transmission process your consent is obtained and you are referred to this Privacy Policy in relation to the processing of the data.
Alternatively, you can contact us via the provided e-mail address. In this instance, personal data transferred [by you] with your e-mail will be stored.
We do not pass your data on to third parties in this context. The data is exclusively used to process the communication with you.
2. Legal basis for data processing
The legal basis for processing personal data based on consent provided by you is set out in Art. 6 para 1 (f) of the GDPR.
The legal basis for processing data in relation to the transmission of an e-mail, is set out in Art. 6 para 1 (f) of the GDPR. In the event that the e-mail transmission relates to the execution of a contract, the additional legal basis is set out under Art. 6 para 1 (b) of the GDPR.
3. Data processing purpose
Processing of personal data submitted via the input screens is limited to our processing of the communication. In the event of e-mail communications, there is a necessary and legitimate interest to process the data.
Other data processed during the transmission process is utilised to prevent an abuse of the contact form and to safeguard the security of our IT systems.
4. Storage limitation
The data will be deleted when it is no longer needed for the purpose it was originally captured. In the case of personal data collected via the contact form and data transmitted by e-mail, this occurs once the conversation with you has ended. The conversation is considered to have ended when it can be reasonably assumed from the circumstances that the issue at hand has been definitively resolved and there are no contractual or legal reasons to continue storing the data beyond this point.
Additional information captured during the transmission process is deleted after no more than seven days.
5. Withdrawing consent and data deletion
The user has the opportunity to withdraw consent for the processing of their personal data at any time. If a user contacts us via e-mail, they can object to the processing of their personal data at any time. In this event the conversation cannot be continued.
To exercise your withdrawal right, simply send an e-mail to infomail@gvl.de or a notification to our other contact details provided in section I. or in the legal notice section of our homepage.
All the personal data captured and stored during the communication will in this case be deleted, provided there are no contractual or legal obligations to continue storing this data.
IX.1 Newsletter
1. Description and scope of processing:You have the possibility to subscribe to our e-mail newsletter on the website, by means of which we will keep you regularly informed about current developments at GVL.To receive the newsletter, a valid e-mail address is required. In order to register for our newsletter, we use the so-called double-opt-in procedure. This means that, after you have registered, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. The confirmation is executed by clicking on a ‘confirm’ link in the e-mail.
Furthermore, the following data is processed at the time of subscription:- IP address, - date/time of subscription to the newsletter, - time of your confirmation via the ‘confirm’ link.
For subscriber administration and newsletter dispatch, we use service CleverReach of CleverReach GmbH & Co. KG (Germany). With regard to processing personal data, we have contractually obliged this provider to comply with the requirements of European data protection law.
2. Legal basis: for data processingThe legal basis for data processing is, if you have given your consent, Art. 6 para. 1 letter a DSGVO [German General Data Protection Regulation].The legal basis for processing the data, which is carried out in the course of the registration process and the newsletter dispatch, is Art. 6 para. 1 letter f DSGVO (legitimate interest)
3. Purpose of the data processingThe processing of personal data via the input mask serves us only for the dispatch of the newsletter. We process your IP address, the time of registration for the newsletter and the time of your confirmation in order to document your newsletter registration and to prevent the misuse of your personal data.
4. Duration of storageThe data will be deleted as soon as it is no longer required for the purpose for which it was collected. The user's e-mail address is therefore stored as long as the subscription is active. The automatic deletion of the data of deregistered and unconfirmed recipients takes place after seven days.
5. Possibility of objection and removalIf you no longer agree to the storage of your data for this purpose and thus no longer wish to use our offer, you can unsubscribe from our newsletter at any time. There is a corresponding link in every newsletter for this purpose. The personal data provided by you will then be deleted.
X. Plugins and Tools
Friendly Captcha
We use "Friendly Captcha", a service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.
The purpose of Friendly Captcha is to make it more difficult for automated programs and scripts (so-called "bots") to use our website. For this purpose (e.g. for contact forms) we have integrated the program code of Friendly Captcha. For this purpose, Friendly Captcha analyses the behaviour of users based on the underlying mechanisms of the blockchain. This analysis begins automatically as soon as users start filling out the form; no cookies are used and no other user data is stored.
The legal basis for the processing is our legitimate interest in protecting our website against abusive access by bots, i.e. spam protection and protection against attacks (e.g. mass requests), Art. 6 para. 1 lit. f DSGVO.
Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.
Google Analytics
We use Google Analytics, a web analytics service of Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”). The usage includes the ‘Universal Analytics’ service. It enables us to assign a pseudonym user ID to data, sessions and interactions across multiple devices in order to analyse your activity across multiple devices.
Google Analytics uses so-called “cookies”, text files which are stored on your computer and enable us to analyse your use of our website. The information generated by the cookie relating to your usage of this website is usually transferred to and stored on a Google server in the US. IP anonymization has been activated on this website. Your IP address will be truncated by Google within EU Member States or in other countries that are signatories of the European Economic Area Treaty beforehand. Only in exceptional cases, will the full IP address be transferred to a Google server in the US and shortened there. The IP address transferred by your browser during Google Analytics' activities is not combined with other data at Google. Google shall use said information on behalf of the operator of this website in order to analyse your usage of the website, compile reports on website activities and provide further services related to website and internet usage related to the website operator. These instances are also the basis for our legitimate interest in processing the data. The legal basis for the use of Google Analytics is set out in Art. 15 para. 3 TMG [German Telemedia Act] resp. Art. 6 para 1 (f) of the GDPR. Information sent by us relating to cookies, user IDs or ad IDs is automatically deleted after 14 months. The deletion of data that has reached its storage deadline, takes automatically place once a month. More information in relation to terms and conditions and data protection can be accessed at https://www.google.com/analytics/terms/de.html resp. at https://policies.google.com/?hl=de.
You may prevent the installation of cookies by choosing the respective settings in your browser software. We do, however, need to point out that it is likely in this case that you will not be able to benefit from all available functions of this website. In addition, you can prevent Google from collecting and processing data generated by the cookie relating to your website usage (including your IP address) by downloading and installing the browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de). Opt-out cookies prevent the future collection of your data when you visit the website. In order to prevent the data capture by Universal Analytics across multiple devices, you will need to implement the opt-out on all the systems used. Click here to set the opt-out cookie: Deactivate Google Analytics
YouTube
Videos by YouTube are embedded on this site which are saved on the servers by the provider, YouTube, and can be used via the GVL website. The embedding of the videos is done via activation of the option for “activate enhanced data protection mode”. If you play videos that are embedded in such a way, cookies are stored on your computer by YouTube and DoubleClick, and data may be passed on to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin 4, Ireland as the owners of YouTube. As soon as the videos stored at YouTube are played, the following data will be transmitted to Google as the operator of YouTube and operator of the DoubleClick network: IP address, cookie, the URL of the page you have requested, systems date and time of access, identification of the website visitor browser. Data is not just transmitted if you have a YouTube resp. Google account or if you are logged in there. As soon as you are logged in, Google can directly allocate your user behaviour. You can log out of Google before you play the video in order to restrict this type of tracking. You can assume that Google is going to use your user behaviour in order to show you user-specific advertising. This analysis is going to take place irrespective of whether you are logged in at Google. You can lodge an appeal against the creation of such user profiles; for this, you must directly address Google as the operator of YouTube. We use YouTube and videos which are hosted by YouTube in order to enable an attractive presentation of our online offers. Contents can be better conveyed via videos. This constitutes a legitimate interest for the purpose of Art. 6 para. 1 lit. f DSGVO (German equivalent of the GDPR).
Further information for the purpose & scope of the data collection and its processing by Google can be obtained via: https://policies.google.com/privacy?hl=de
Adobe Fonts
For the unified depiction of certain fonts, we use so-called Adobe Fonts on our website, which are made available by Adobe (Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland).
When accessing a website, the browser of the website visitors loads the respective web fonts into the browser cache of the website visitors, in order to correctly show texts and fonts. In order to do this, the browsers of the website visitors usually connect with the Adobe servers. As a consequence, Adobe finds out about the IP address of the respective page visitor. The use of Adobe Fonts is in the interest of a harmonised and attractive presentation of our online offers. This constitutes a legitimate interest for the purpose of Art. 6 para. 1 lit. f DSGVO (German equivalent of the GDPR). If the browser of the relevant page visitor does not support Adobe Fonts, a standard font of the respective computer of the page visitor will be used.
Further information on Adobe Fonts can be accessed at: https://www.adobe.com/de/privacy/policies/adobe-fonts.html. Adobe’s privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html
XI. Social Media
There are “share” buttons on our web pages for social media such as Facebook, Google+, Twitter and Xing. They enable you to share contents on social media. They are implemented in the form of external links. A transfer of the user data will not take place until you have clicked on the link and shall take place on the website of the respective social network. Further information on processing your user data on social networks can be accessed via the privacy policies of the respective social networks.
XII.Legal rights for individuals
If your personal data is being processed, you are an affected person within the meaning of the GDPR and you have the following rights as against the data controller:
1. Right to be informed
You have the right at any time to request information and confirmation of the personal information we hold about you and to receive, free of charge, a copy of the data of this information.
2. Right to rectification
You have the right to request the rectification and/or the updating of data by the data controller where the data processed relating to you is incorrect or incomplete. The data controller has to implement the rectification immediately.
3. Right to restrict the processing
You have the right to request the restriction of processing under one of the following conditions:
(1) You have contested the accuracy of personal data, and for a duration that allows us to verify the accuracy of the personal data.
(2) The processing is unlawful. You have opposed the erasure of the personal data and have instead requested the restriction of the use of personal data.
(3) We no longer require the personal data for the purpose of processing but you need it in order to establish, exercise or defend a legal claim.
(4) You object to the processing under Art. 21 para 1 of the GDPR and it is not clear yet, whether our legitimate interests override yours.
4. Right to deletion
a) Deletion obligation
You can request the deletion with immediate effect of personal data relating to you by the data controller and the data controller is obliged to do so immediately, if one of following conditions applies:
(1) The personal data collected about you is no longer required for the purpose for which it was originally collected or processed.
(2) You withdraw your consent on which the processing was legally based, as set out in Art. 6 para 1 (a) or Art. 9 para 2 (a) of the GDPR, and there is no other legal basis for the processing.
(3) You object as set out in Art. 21 para 1 of the GDPR to the processing and there are no overriding legitimate interests for the processing, or you object to the processing as set out in Art. 21 para 2 of the GDPR.
(4) Your personal data has been unlawfully processed.
(5) The erasure of your personal data is required in order to comply with a legal obligation that we are subject to under European Union law or national law of a member states.
(6) Your personal data was collected in relation to information society services as set out in Art. 8 para 1 of the GDPR.
b) Information to third parties
If the data controller has published your personal data to third parties and is under obligation pursuant to Art. 17 para 1 of the GDPR to erase this data, the data controller has to undertake reasonable steps, taking into account technology and implementation costs, including steps of a technical nature, to inform other controllers who are processing the personal data that you as an affected person have requested the erasure of all links disseminating the data or copies or replications of this personal data.
c) Exceptions
The right to deletion does not apply where the processing is required in order to:
(1) comply with legal obligations, which requires the processing according to EU or member states law that the data controller is subject to;
(2) assert, exercise or defend legal claims.
5. Right to be notified
Once you have exercised your right regarding rectification, deletion or restriction of the processing with the data controller, they are under the obligation to inform all recipients of the data of the changes, deletions and restrictions, unless this is impossible or would require a disproportionate effort.
You are entitled to be notified of these recipients by the data controller.
6. Right to data portability
You have the right to obtain the personal data relating to you which you have made available to the data controller in a structured, accessible and machine readable format. In addition you have the right to transmit this information to another controller without hindrance from the controller to whom the personal data was made available, provided that:
(1) The processing is based on consent pursuant to Art. 6 para 1 (a) of the GDPR or Art. 9 para 2 (a) of the GDPR or for the performance of a contractual agreement pursuant to Art. 6 para 1 (b) and
(2) the processing is done via automated means.
As part of this right you have further the right to request that the data controller transmits your personal data directly to another controller, if this is technically feasible. Freedoms and rights of other persons cannot be infringed.
7. Right to object
You have the right to object anytime to the processing of your personal data in specific situations pursuant to Art. 6 para 1 (e) or (f) of the GDPR; this shall also apply for a profiling made under these provisions.
The data controller will no longer process your personal data unless, they can present compelling, legitimate reasons that override your personal rights and freedoms, or in the event that the processing is required in order to establish, exercise or defend legal claims.
You have the option, in relation to the use of Information Society services - notwithstanding Directive 2002/58/EC- to withdraw consent through automated means utilising technical specifications.
8. Right to withdraw your consent declaration regarding data protection
You have the right to withdraw your consent declaration regarding data protection at any time. Withdrawal of consent does not affect the legality of the processing which pre-dated such withdrawal and was based on your consent.
9. Right to lodge a complaint with a supervisory authority
Without prejudice to any judicial or administrative legal remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your country of residence, place of work or country of the alleged infringement, if you consider the processing of data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint including the option of a judicial remedy pursuant to Art. 78 of the GDPR.
Our supervisory authority is:
Berliner Beauftragter für Datenschutz und Informationsfreiheit [Data Protection and Freedom of Information Commissioner of the State of Berlin]Friedrichstr. 21910969 BerlinPhone: +49 30 13889-0Fax: +49 30 2155050E-mail: mailbox@datenschutz-berlin.de