Sprungnavigation
Hauptmenu Schließen
Schließen
Search

Data Protection Statement

Data Protection Statement

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:

Gesellschaft zur Verwertung von Leistungsschutzrechten mbH

Podbielskiallee 64

14195 Berlin

Germany

Tel.: +49 30 48483-600

Email: infomail@gvl.de

Website: www.gvl.de/en

II. Contact details of the data protection officer

Dominik Fünkner
PROLIANCE GmbH 
www.datenschutzexperte.de
Leopoldstr. 21 
80802 Munich 
datenschutzbeauftragter@datenschutzexperte.de

When contacting the data protection officer, please state the company to which your enquiry relates. Please refrain from including sensitive information such as a copy of your ID card with your enquiry.

 

III. General information on data processing

1. Scope of personal data processing

We only process your personal data to the extent necessary to provide a functional website and our content and services. Your personal data is only processed on a regular basis with your consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain consent for the processing of your personal data, Art. 6 (1) lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing your personal data that is necessary for the fulfilment of a contract with you, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the completion of pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and if your fundamental rights and freedoms do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

3. Data deletion and storage period

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

  • Information about the browser type and version used
  • The operating system of the computer used
  • The Internet service provider used
  • Date and time of access
  • Websites from which the system of the computer used accesses our website
  • Websites accessed by the system of the computer used via our website

The data is also stored in our system's log files. This does not affect your IP addresses or other data that could be used to identify you. This data is not stored together with your other personal data.

2. Legal basis for data processing

The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to your computer. For this purpose, your IP address must remain stored for the duration of the session.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended.

5. Right to object and right to erasure

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for you to object.

V. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on your computer system. When you visit a website, a cookie may be stored on your operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is visited again.& nbsp;We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

b) Legal basis for data processing 

The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f GDPR and Art. 6 (1) lit. a GDPR.

c) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for you. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change. The user data collected by technically necessary cookies is not used to create user profiles. Art. 6 para. 1 lit. f GDPR provides the legal basis for this processing of personal data.

Analysis cookies are used for the purpose of improving the quality of our website and its content. Analysis cookies tell us how the website is used, enabling us to continuously optimise our offering. The legal basis for the processing of personal data using cookies for analysis purposes is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

d) Duration of storage, possibility of objection and removal

Cookies are stored on the computer used and transmitted to our site from there. Therefore, you also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies.

A list of the cookies we use, descriptions of the purposes of the cookies and further information on the respective cookies can be found here in our cookie consent solution.

When you first visit our website and then at any time in our cookie consent solution, you can accept or reject individual or all cookies separately by placing a green tick next to the respective cookie or removing it and then clicking on ‘Save settings’.

The settings you make in the cookie consent solution are stored on your computer or mobile device. You will therefore need to make these settings again if you delete your browser history or use a different device or internet browser.

If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

VI. Registration for the online rights administration agreement

1. Description and scope of data processing

On our website, we offer you the opportunity to register for a rights administration agreement by providing personal data. The data is entered into an input mask, transmitted to us and stored. The data is not passed on to third parties. The following data is collected during the registration process for the conclusion of a rights administration agreement:

Personal master data (surname, first name, maiden name, etc.) Address data Contact details Information on artistic activity Payment data Tax data

2. Legal basis for data processing 

The legal basis for the processing of your data when registering to conclude a rights administration agreement or to complete pre-contractual measures for this purpose is Art. 6 (1) lit. b GDPR.

3. Purpose of data processing

Registration is necessary for the conclusion and fulfilment of a rights administration agreement with you or for the completion of pre-contractual measures. The company requires your personal data for the fiduciary representation of the rights transferred by you through the rights administration agreement and for the payout of any distribution claims that may arise from the use of the transferred rights.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected.

This is the case for data collected during the registration process for the conclusion and fulfilment of the rights administration agreement or for the completion of pre-contractual measures if the data is no longer required for the implementation of the rights administration agreement. After conclusion of the rights administration agreement, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.

5. Right to object and right to erasure

If the data is necessary for the conclusion and fulfilment of a rights administration agreement or for the completion of pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations preventing deletion.

VII. Use of the artist portals my.gvl and artsys.gvl

1. Description and scope of data processing

At www.my.gvl.de and www.artsys.gvl.de you, as an artist entitled to representation, can report your contributions to productions. You can also edit some of your personal data stored there, which you can view. The data is entered into an input mask, transmitted to us and stored. The data is passed on to third parties in the case of international rights management. The following data is processed when using the artist portals my.gvl and artsys.gvl:

Personal master data (surname, first name, maiden name, etc.) Address data Contact details Customer number Information on artistic activity Payment data Tax data

2. Legal basis for data processing

The legal basis for the processing of your data in connection with the use of the artist portals my.gvl and artsys.gvl for the fulfilment of the rights administration agreement is Art. 6 (1) (b) GDPR.

3. Purpose of data processing

Only by reporting your contributions to the productions can we determine your remuneration claim, which may arise from the use of the rights transferred under the rights administration agreement.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.

This is the case when the data is no longer required to fulfil the rights administration agreement. However, it is possible that the storage of your personal data may be necessary even after the termination of the rights administration agreement in order to comply with contractual or legal obligations.

5. Right to object and right to erasure

If the data is required for the fulfilment of the rights administration agreement, premature deletion of the data is only possible if there are no contractual or legal obligations preventing deletion.

VIII. Use of the label.gvl manufacturer portal

1. Description and scope of data processing

At https://label.gvl.de, you can register your repertoire as a sound recording producer entitled to representation. You will receive an overview of your recordings and their broadcast minutes. You can also edit some of your personal data stored there. The data is entered into an input mask, transmitted to us and stored. The data is passed on to third parties in the case of international rights management and in the case of a conflict of rights ownership as specified in the terms of use. The following data is processed when using the label.gvl producer portal:

Personal master data (surname, first name, maiden name, etc.) Address data Contact details Customer number Information on rights ownership Payment data Tax data

2. Legal basis for data processing 

The legal basis for the processing of your data when using the label.gvl manufacturer portal for the fulfilment of the rights administration agreement is Art. 6 (1) (b) GDPR.

3. Purpose of data processing

Only by reporting your rights ownership to the recordings can we determine your remuneration claim, which may arise from the use of the rights transferred under the rights administration agreement.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected.

This is the case when the data is no longer required to fulfil the rights administration agreement. However, it is possible that the storage of your personal data may be necessary even after the termination of the rights administration agreement in order to comply with contractual or legal obligations.

5. Right to object and right to erasure

If the data is required for the performance of the rights administration agreement, premature deletion of the data is only possible if there are no contractual or legal obligations preventing deletion.

 

IX. Use of the licence portal lizenz.gvl

1. Description and scope of data processing

We collect and process users' personal data as part of the registration and use of the licence portal at [lizenz.gvl.de]. This includes in particular:

  • Company-related contact details (e.g. name, e-mail address, telephone number),
  • Information about the role in the company (e.g. administrator, technical contact person),
  • Access data (e.g. user name, encrypted password),
  • Information about the application (e.g. dates, contract type, confirmation actions),
  • IP address, technical log data to ensure the functionality and traceability of the application process.

This data is processed as part of the registration and application process and stored to enable the conclusion of the contract and the use of the portal.

2. Legal basis for data processing

The legal basis for the processing of the data is Art. 6(1)(b) GDPR, as the processing is carried out for the purpose of completing pre-contractual measures and fulfilling a contract to which the user is a party.

Insofar as compliance with legal obligations is concerned, Art. 6(1)(c) GDPR is also relevant. Processing may also be based on Art. 6(1)(f) GDPR insofar as there is a legitimate interest in the secure, efficient provision of the portal. p>

3. Purpose of data processing

The aforementioned data is processed for the following purposes:

  • To complete the registration process and check eligibility to use the portal,
  • Managing user accounts and authenticating users,
  • Processing and documenting the digital application process for licence agreements,
  • Contractual communication with registered licensees,
  • Fulfilling legal obligations regarding evidence and documentation.

4. Duration of storage

The personal data processed within the framework of the portal will only be stored for as long as is necessary to fulfil contractual or legal obligations.

User data will be deleted upon expiry of the statutory retention periods (in particular according to the German Commercial Code (HGB) and Fiscal Code (AO)), unless longer storage periods are required due to ongoing contractual relationships or legal requirements.

5. Right to object and right to erasure

Users may object to the processing of their personal data at any time, provided that the processing is based on Art. 6(1)(f) GDPR.

Such an objection must be addressed to infomail@gvl.de.

If the data is required for the conclusion and fulfilment of a rights administration agreement or for the completion of pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations preventing deletion.

6. Data processing by third parties

The technical provision and operation of the licence portal is carried out with the involvement of a specialised IT service provider (moresophy GmbH, Hofmannstr. 9, 81379 Munich, contact: telephone: +49 (0) 89 4444 3351 0, email: info[at]moresophy [dot]com) within the framework of order processing in accordance with Art. 28 GDPR.

A corresponding contract has been concluded with the commissioned service provider to ensure data protection-compliant processing. The service provider is not permitted to process the data for its own purposes.

The data will not be transferred to third countries or international organisations.

 

X. Contact form and email contact

1. Description and scope of data processing

Our website features a contact form that can be used to contact us electronically. If you use this option, the data entered in the input mask will be transmitted to us and stored. This data includes:

NameEmail addressTelephone numberGVL ID

Your consent will be obtained for the processing of the data during the sending process and reference will be made to this privacy policy. Alternatively, you can contact us via the email address provided. In this case, your personal data transmitted with the email will be stored. 

In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

2. Legal basis for data processing 

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR, provided you have given your consent.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

The processing of personal data from the input mask serves us solely for the purpose of processing the contact request. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified and there are no contractual or legal reasons for further necessary storage of the data.& nbsp;

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Right to object and right to erasure

The user has the option of revoking their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

To exercise your right to object, simply send an email to infomail@gvl.de or a message to the other contact details listed in I. or in our legal notice.

In this case, all personal data stored in the course of establishing contact will be deleted, provided that there are no contractual or legal reasons for further necessary storage of the data.

XI.1 Newsletter

1. Description and scope of processing: You have the option of subscribing to our email newsletter on the website, which we use to inform you regularly about current developments at GVL. A valid email address is required to receive the newsletter. We use the double opt-in procedure for registration for our newsletter. This means that after you register, we will send an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. Confirmation is done by clicking on a confirmation link in the email.

Furthermore, the following data is processed at the time of subscription: - IP address, - Date/time of registration for the newsletter, - Time of your confirmation of the confirmation link.

We use the CleverReach service provided by CleverReach GmbH & Co. KG (Germany) to manage subscribers and send the newsletter. With regard to the processing of personal data, we have contractually obliged this provider to comply with the requirements of European data protection law.

2. Legal basis: for data processing The legal basis for the processing of data is your consent, Art. 6 (1) lit. a GDPR. The legal basis for the processing of data that takes place during the registration process and the sending of the newsletter is Art. 6 (1) lit. f GDPR (legitimate interest).

3. Purpose of data processing We process the personal data entered in the input mask solely for the purpose of sending the newsletter. We process your IP address, the time of registration for the newsletter and the time of your confirmation in order to document your newsletter registration and prevent misuse of your personal data.

4. Duration of storage The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address will therefore be stored for as long as the subscription is active. The automatic deletion of data from unsubscribed and unconfirmed recipients takes place after seven days.

5. Right to object and right to erasure If you no longer agree to the storage of data for this purpose and therefore no longer wish to use our services, you can unsubscribe from our newsletter at any time. A link for this purpose can be found in every newsletter. The personal data you have provided will then be deleted.

XII. Plugins and tools

 

Friendly Captcha

We use ‘Friendly Captcha’, a service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.

The purpose of Friendly Captcha is to make it more difficult for automated programmes and scripts (so-called ‘bots’) to use our website. We have integrated the Friendly Captcha program code for this purpose (e.g. for contact forms). Friendly Captcha analyses user behaviour based on the underlying mechanisms of the blockchain. This analysis begins automatically as soon as users start filling out the form. No cookies are used and no other user data is stored.

The legal basis for processing is our legitimate interest in protecting our website from malicious access by bots, i.e. spam protection and protection against attacks (e.g. mass requests), Art. 6(1)(f) GDPR.

Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.

Web analysis by Google Analytics

We use Google Analytics, a web analysis service provided by Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland), parent company Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; ‘Google’). The use includes the ‘Universal Analytics’ operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyse your activities across devices. Google Analytics uses ‘cookies’, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. IP anonymisation is activated on this website. Your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. These purposes also represent our interest in data processing. The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a GDPR. The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs is automatically deleted after 14 months. Data that has reached its retention period is automatically deleted once a month. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html or at https://policies.google.com/?hl=de.

A list of the cookies we use, descriptions of the purposes of the cookies and further information on the respective cookies can be found here in our cookie consent solution.

VIMEO

We also use videos from Vimeo on our website. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. 

We use a so-called 2-click solution to embed the video material. When you visit a page on our website that has a Vimeo video embedded in it, your browser does not automatically connect to Vimeo's servers – only when you click on the graphic placeholder for the video does data transfer take place. This data is collected, stored and processed on Vimeo's servers. Regardless of whether you have a Vimeo account or not, Vimeo collects data about you. This includes your IP address, technical information about your browser type, your operating system or very basic device information. Vimeo also stores information about which website you use the Vimeo service on and what web activities you carry out on our website. These web activities include, for example, session duration, bounce rate, or which button you clicked on our website with built-in Vimeo functionality. Vimeo can track and store these actions using cookies and similar technologies.

If you are logged in as a registered member of Vimeo, more data is usually collected, as more cookies may already have been set in your browser. In addition, your actions on our website are directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while ‘surfing’ on our website.

If you have consented to your data being processed and stored by integrated Vimeo elements, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR). 
You can find out more about the use of cookies at Vimeo at https://vimeo.com/cookie_policy, and information on data protection at Vimeo can be found at https://vimeo.com/privacy.

MS Bookings and MS TEAMS for consultations

We offer prospective customers and existing customers the option of booking appointments for online consultations via the Microsoft application “Bookings” and completing them via the Microsoft video conferencing tool ‘MS TEAMS’. The purpose of providing these services is to offer interested parties and customers a modern digital communication platform with extensive options for personal, interactive information exchange. The provider of these services is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft's European branch, Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, is our data processor for the provision of the applications. Data traffic is primarily routed via European data centres for this purpose; only in the event of failures or capacity bottlenecks is transport via servers in third countries, in particular the USA, reserved.

The following personal data is subject to processing:

User details: first name, surname, telephone number (optional), email address, password (if single sign-on is not used), profile picture (optional), department (optional)
Meeting metadata: topic, description (optional), participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
When dialling in by telephone: Information about the incoming and outgoing phone number, country name, start and end time. Additional connection data, such as the IP address of the device, may also be stored. Text, audio and video data: You may have the option of using the chat, question or survey functions in an ‘online meeting’. In this respect, the text entries you make will be processed in order to display them in the ‘online meeting’ and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the ‘Microsoft Teams’ applications. In order to participate in an ‘online meeting’ or enter the ‘meeting room’, you must at least provide your name. The legal basis for the processing of your data in relation to the MS Bookings and MS Teams services is Art. 6 (1) (a) GDPR (consent).

Recipients of the data:

The department staff who have shared their calendar for appointment booking will receive your booking request and complete the video meeting.
For more information on how Microsoft handles personal data, please refer to the privacy policy at https://www.microsoft.com/en-us/privacy/privacystatement.
Appropriate safeguards: Microsoft has submitted to the European Commission's standard contractual clauses for the transfer of personal data to processors in third countries in accordance with Regulation (EU) 2016/679. Microsoft is also certified under the EU-U.S. Data Privacy Framework.

Storage period

The storage periods for the processed data are 90 days for appointments booked via Bookings.

YouTube

Videos may be embedded on this page via YouTube, which are stored on the servers of the provider YouTube and can be used from the GVL website. The videos are embedded with the ‘Enable advanced privacy mode’ option activated. When you play videos embedded in this way, cookies from YouTube and DoubleClick are stored on your computer and data may be passed on to Google Ireland Limited, Gordon House, 4 Barrow St., Dublin 4, as the owner of YouTube. As soon as the videos stored on YouTube are played, the following data is transmitted to Google as the operator of YouTube and the DoubleClick network: IP address, cookie, the URL of the page I visited, system date and time of the visit, identification of the website visitor's browser. The data is not only transmitted if you have an account with YouTube or Google or are logged in there. Once you are logged in, Google can directly assign user behaviour here. You can log out of Google before playing the video to restrict this type of tracking. You can assume that Google will use your user behaviour to display user-specific advertising. This evaluation will take place regardless of whether you are logged in to Google. You can object to the creation of such user profiles, but you must contact Google, the operator of YouTube, directly to do so. We use YouTube and incorporate videos hosted on YouTube to enable an appealing presentation of our online offerings. Videos help to convey content more effectively. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

Further information on the purpose and scope of data collection and its processing by Google can be found at: https://policies.google.com/privacy?hl=en

Adobe Fonts

To ensure the uniform display of certain fonts, we use Adobe Fonts on this website, which are provided by Adobe (Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland).

When a website is accessed, the website visitor's browser loads the corresponding web fonts into the website visitor's browser cache in order to display texts and fonts correctly. To do this, the website visitor's browser usually connects to Adobe's servers. This allows Adobe to obtain the IP address of the respective website visitor. Adobe Fonts are used in the interest of a uniform and appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If the browser of the respective page visitor does not support Adobe Fonts, a standard font from the respective computer of the page visitor is used.

Further information on Adobe Fonts can be found at: https://www.adobe.com/privacy/policies/adobe-fonts.html. Adobe's privacy policy can be found at: https://www.adobe.com/privacy/policy.html

XIII. Social media

Our pages feature ‘share’ buttons for social media such as Twitter, Instagram and LinkedIn. These allow content to be shared on social networks. They are implemented as external links. User data is only transferred after clicking on the link and takes place on the website of the respective social network. Further information on the processing of your user data on the social network can be found in the privacy policies of the respective social networks.

XII. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. Right to information

You have the right to obtain information and confirmation from us at any time, free of charge, about the personal data stored about you and a copy of this information.

2. Right to rectification 

You have the right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you is inaccurate or incomplete. The controller must rectify the data without delay.

3. Right to restriction of processing

You have the right to request the restriction of processing if one of the following conditions applies:

  1. You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data.
  2. The processing is unlawful, you refuse to have the personal data deleted and instead request the restriction of the use of the personal data. 
  3. We no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
  4. You have objected to the processing pursuant to Art. 21(1) GDPR and it is not yet clear whether our legitimate reasons outweigh yours.

4. Right to erasure

a) Obligation to erase

You may request that the controller delete your personal data without delay, and the controller is obliged to delete this data without delay if one of the following reasons applies:

  1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent on which the processing was based in accordance with Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding rights holders for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
  4. The personal data concerning you has been unlawfully processed.
  5. The erasure of personal data concerning you is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject.
  6. The personal data concerning you has been collected in relation to the offer of information society services pursuant to Art. 8(1) GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it in accordance with Art. 17(1) GDPR, it shall take reasonable steps, including technical measures, taking into account the available technology and implementation costs, to inform data controllers who process the personal data that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data. c) Exceptions The right to erasure does not apply if the processing is necessary

  1. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject;
  2. for the establishment, exercise or defence of legal claims.

5. Right to be informed

If you have exercised your right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the controller about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that

  1. the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and
  2. the processing is carried out using automated means.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

7. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; This also applies to profiling based on these provisions. The controller shall no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. You have the option, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.

8. Right to revoke the data protection consent declaration

You have the right to withdraw your data protection consent declaration at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.& nbsp;The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR. The competent authority for us is:

Berlin Commissioner for Data Protection and Freedom of Information Friedrichstr. 219 10969 Berlin Tel.: +49 30 13889-0 Fax: +49 30 2155050 E-mail: mailbox@datenschutz-berlin.de

Information obligations for authorised representatives pursuant to Articles 13–14 GDPR

The following information is intended to provide you with an overview of how we process your personal data and your rights under data protection law.

 

Who is responsible for data processing and who can I contact?

Gesellschaft zur Verwertung von Leistungsschutzrechten mbH (GVL)Podbielskiallee 6414195 Berlin

You can contact our data protection officer at the above address, quoting the reference ‘Data Protection Officer’, or by email at datenschutz@gvl.de

 

What sources and data do we use?

We process personal data that we receive from our customers in the course of our business relationship. We obtain individual data from specific industry-specific or publicly accessible sources such as databases, the Internet, etc.

Examples of data cooperation from business relationships:

  • Domestic and foreign collecting societies
  • Broadcast reports from radio and television stations
  • TV & radio metadata from specialised suppliers
  • International data exchange services in cooperation with record companies (e.g. RDx [Repertoire Data Exchange – https://www.rdx-portal.org/])

Examples of public sources we use: 

 

Type of data

We process the following categories of personal data:

Personal master data (title, first name, surname, name variations and pseudonyms, date of birth, country of birth, nationality, address)

Communication data (e-mail address and telephone number, fax)

Payment data (remuneration amounts, fees, subsidies, etc.)

Tax data (information on income tax liability, VAT identification number/tax number)

Identification data, authentication data, access data (ID data, login data, hashes)

Identification data (GVL ID, International Performer Number (IPN), artist number, company number)

Information on artistic activity (type of activity, membership of groups/bands/ensembles, etc.)

Repertoire data of beneficiaries

Bank details (account holder, IBAN, BIC / SWIFT) 

Mandate data  (transfer of rights to other collecting societies, scope of mandate) and any other information you may have provided.

 

Why do we process your data (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

Service providers who work on our behalf are authorised to do so in accordance with Art. 28 GDPR by means of an agreement on order processing.

Legal basis and purposes of processing:

(1) Pursuant to Art. 6(1)(b) GDPR for the performance of a contract or for the implementation of pre-contractual measures.

  • Completion and billing in connection with the conclusion and termination of rights administration agreements.
  • Completion and billing in connection with the conclusion and termination of licence agreements
  • Verification of participation reports from artists and event organisers
  • Review and support of complaints from rights holders
  • Assertion of claims by GVL rights holders abroad

(2) Pursuant to Art. 6(1)(c) GDPR on the basis of legal requirements.

  • Fulfilment of legal notification obligations under the VGG (Austrian Copyright Act)
  • Fulfilment of legal obligations for the cultural promotion and maintenance of welfare and support institutions
  • Identity verification, fraud prevention, fulfilment of tax control and reporting obligations

(3) Pursuant to Art. 6(1)(f) GDPR for the protection of legitimate interests.

  • Support, telephone and personal advice for performers, event organisers and record producers
  • Assertion of legal claims and defence in legal disputes
  • Ensuring IT security and IT operations
  • Public relations
  • Responding to legal enquiries
  • Collection of outstanding debts from users

 (4) Pursuant to Art. 6(1)(a) GDPR on the basis of your consent.

  • Newsletter subscription
  • Email contact

Further details on the purpose of data processing can be found in the respective contract documents and terms and conditions.

 

Who receives my data?

Within GVL, those departments that need your data to fulfil our contractual and legal obligations have access to it.

Processors employed by us (Article 28 GDPR) may also receive data for these purposes. These are companies in the categories of IT services, logistics, document scanning, printing services, telecommunications, debt collection, and consulting.

Data is transferred to recipients outside GVL in order to fulfil our contractual obligations, if required by law or if you have given your consent.

Recipients may include, for example:

  • Domestic and foreign interest groups and collecting societies
  • Auditors
  • Lawyers and notaries
  • Authorities
  • Banks
  • Industry representatives

 

How long will my data be stored?

Where necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and execution of a rights administration agreement. It should be noted that our business relationship is a continuing obligation that is designed to last for years.

In addition, we are subject to various storage and documentation obligations, which arise from the German Commercial Code (HGB) and the German Fiscal Code (AO), among other things. The periods specified there for storage and documentation are two to ten years.

Certain data must be deleted after the purpose has been fulfilled during the contractual relationship.

Finally, the storage period is also assessed in accordance with the statutory limitation periods, which, for example, can be up to thirty years in accordance with Sections 195 et seq. of the Civil Code (BGB), whereby the regular limitation period is three years.

 

Is data transferred to a third country or to an international organisation?

GVL transfers data to SCAPR, an international non-profit organisation of collecting societies, and to its integral components IPD and VRDB, based in Brussels, Belgium. While the IPD (International Performers Database) manages the mandates of the artists of all affiliated sister societies, the VRDB (Virtual Recording Database) contains information on music, film and television productions.

Data exchange with foreign collecting societies is based on reciprocal agreements (representation agreements). For third countries without an adequate level of protection, the EU Commission's standard contractual clauses serve as suitable data protection guarantees or the exceptions of Art. 49 GDPR.

Examples of sister societies with reciprocal agreements:

  • GRAMEX DK (Denmark)
  • PPL (Great Britain)
  • SoundExchange (USA)
  • ADAMI (France)
  • AISGE (Spain)
  • SAMI (Sweden)
  • ... and other collecting societies

Further information about GVL's international exchange can be found here:https://www.gvl.de/gvl/internationales

What data protection rights do I have?

Every data subject has the right to

  • request confirmation as to whether personal data concerning them is being processed by us. If this is the case, they have the right to obtain information about this data (Article 15 GDPR).
  • request the rectification of inaccurate personal data concerning them and the completion of incomplete personal data (Article 16 GDPR).
  • to request the erasure of their personal data under the conditions set out in Article 17 of the GDPR.
  • to request the restriction of the processing of their personal data under the conditions set out in Article 18 of the GDPR.
  • in the event of the rectification or erasure of your personal data and the restriction of processing pursuant to Articles 16, 17(1) and 18, to request the identification of all recipients to whom your personal data has been disclosed (Article 19 GDPR).
  • under the conditions set out in Article 20 GDPR, to receive the personal data concerning them in a structured, commonly used and machine-readable format or to request the transfer of this data to a third party – data portability.
  • to object to the processing of personal data concerning them that is carried out on the basis of Article 6(1)(e) or (f) GDPR, under the conditions set out in Article 21 GDPR.

The restrictions set out in Sections 34 and 35 of the new Federal Data Protection Act (BDSG-Neu) apply to the right to information and the right to erasure.

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were given to us before the EU General Data Protection Regulation came into force, i.e. before 25 May 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.

In addition, you have the right to lodge a complaint with the following data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG):

Berlin Commissioner for Data Protection and Freedom of Information Friedrichstr. 219 Visitor entrance: Puttkamerstr. 16 – 18 (5th floor) 10969 Berlin

 

Am I obliged to provide data?

Within the scope of our business relationship, you must provide the personal data that is necessary for establishing and completing a business relationship and fulfilling the associated contractual obligations, or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or complete the order, or we will no longer be able to complete an existing contract.

 

Are automatic decisions made in the fulfilment of the rights administration agreement?

As a matter of principle, we do not use fully automated decision-making in accordance with Article 22 of the GDPR to establish and complete the business relationship.

0