Privacy statement of UNITED POP B.V.

(Status as of May 2018)

1. This is what we vouch for

Your privacy and the protection of your personal data is very important to United POP B.V.. For your information, we provide the following overview about the collection and processing of personal data on basis of data protection law in force from 25 May 2018 and the implementation of the applicable provisions of the EU General Data Protection Regulation (GDPR) and explain the general conditions under which we collect and process personal data and in particular what rights you have as a customer and interested party. What kind of data are processed in particular and how they are used depends largely on the requested or agreed services.

2. Who is responsible for the processing of your data and who can you contact?

Controller and responsible within the meaning of the GDPR and other national data protection laws of the Member States as well as other data protection regulations:

United POP.B.V.
Registered Office:
Atlantisplein 1
NL-1093 NE Amsterdam
The Netherlands

Phone: +31 (0) 20 3081991
E-Mail: amsterdam@united-pop.nl
Web: www.united-pop.nl

Represented by the Managing Director Fabian Willems
Commercial Register/KvK-Number: 66060117
BTW-ID/Tax-ID-Number: NL856378999B01

United POP B.V. is a subsidiary of:
msg Beteiligungs- und Verwaltungs-GmbH
Registered Office: Brucker Strasse 10, DE-82223 Eichenau, Germany
Managing Director: Rüdiger J. Veith 
District Court of Munich: HRB 196680
Tax-ID-Number: DE815614524

You can contact our corporate data controller under:

music support group
msg Beteiligungs- und Verwaltungs-GmbH
Data Protection (Datenschutz)
Brucker Straße 10 
82223 Eichenau 
Germany
E-Mail: datenschutz@musicsupportgroup.com 

3. What kind of data do we use?

We process personal data that we receive from you as a customer or interested party within the framework of our business relationship.  In addition, we process personal data that are transmitted to us by other entities of our group of companies or by other third parties in a permissible manner, to the extent as this is necessary for the provision of our services. Personal data which are necessary for the purpose of processing are personal data (e.g. name, address, other contact data such as telephone number, E-Mail address, birthday, nationality). It may also be order data, data deriving from the fulfilment of our contractual obligations, advertising and sales data, documentation data or data similar to the before mentioned categories.  Data collection and processing must be appropriate and relevant to the purpose and limited to what is necessary for the purpose of the processing. 

4. For what purposes and on what legal basis is the data processed and how long is it stored?

In the following we inform you about the various purposes for which we process personal data that we receive from our customers and interested parties in the course of our business relationships, on which legal basis the data is processed and for how long we store the data:

We only process personal data if this is necessary to provide a functioning website including our contents and services. As a rule, processing only takes place with the consent of the data subject.  An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law. 

If we obtain your consent as data subject for the processing of personal data, Art. 6 (1 a) of the EU General Data Protection Regulation (GDPR) is the legal basis for such processing.  Insofar as we have been obtained such consent for certain purposes, which are explained to you in detail and to which you have agreed to, the lawfulness of such processing is given on the basis of this consent. A given consent can be revoked at any time.  This also applies to the revocation of declarations of consent issued to us prior to the validity of the GDPR, i.e. before the 25th of May 2018.  The revocation of the consent does not affect the lawfulness of the data processed until the revocation.  

In case of processing personal data which is necessary for the performance of a contract to which you are a party as a data subject, Art. 6 (1 b) GDPR applies as legal basis. This also applies to such processing that is necessary for the steps, which need to be taken prior to entering into a contract. If the processing of personal data is necessary to comply with a legal obligation to which our company is subject, Art. 6 (1 c) GDPR is the legal basis.  If vital interests of you as a data subject or another natural person require the processing of personal data, Art. 6 (1 d) GDPR applies. And if processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of you as the person concerned do not outweigh the former interest, Art. 6 (1 f) GDPR shall apply as the legal basis for processing.

In detail, we collect personal data for the following purposes (including the provision of services against payment):
- Registrations (user accounts);
- Contact forms;
- Conclusion of course and bachelor agreements;
- Registration for workshops and events;
- Sending invitations for appointments;
- Transmission of information and offers on courses and study programmes;
- Competition participations;
- Voluntary surveys (to provide and improve offers and services).

Your data will only be used for marketing, market research and advertising purposes if you have expressly consented to this use or the use is legally permissible.  A given consent can be revoked at any time. This also applies to the revocation of declarations of consent issued to us prior to the validity of the GDPR, i.e. before the 25th of May 2018. The revocation is only effective for the future. The revocation of the consent does not affect the lawfulness of the data processed until the revocation.

5. Provision of the website and creation of log files

a) Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer.  
The following data is collected:
(1) Information about the browser type and version used
(2) The user's operating system
(3) The Internet service provider of the user
(4) The IP address of the user
(5) Date and time of the access
(6) Websites from which the user’s system obtains access to our website 
(7) Websites accessed by the user's system via our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
b) Legal basis for data processing 
The legal basis for the temporary storage of data and log files is Art. 6 (1f) GDPR.
c) Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose the IP address of the user must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, the data help us to optimize the website and to ensure the security of our information technology systems.  An evaluation of the data for marketing purposes does not take place in this context.  These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 (1 f) GDPR.
d) Duration of storage
Personal data will be erased where the personal data are no longer necessary in relation to the purposes for which they are collected. If data are collected for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after 30 days at the latest. An extended storage is possible.  In this case, the IP addresses of the users are erased or alienated, so that an assignment of the calling client is no longer possible.
e) Right of objection and erasure
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user cannot object here.  

6. Registration

a) Description and scope of data processing
On our website, we offer users the opportunity to register by providing personal data. Data are entered into an input mask and transmitted to us and then stored. The data will not be passed on to third parties. The following data are collected within the scope of the registration process:  First name, last name, country, mobile number, E-Mail address, area(s) of interest. In the case of entries in a competition, a postal address may also be provided to enable the prize to be handed over.  For the protection of minors, the date of birth is also requested.
At the time of registration, the following data is also stored: The user’s IP address and the date and time of registration. In the course of the registration process, the user’s consent to the processing of this data is obtained.
b) Legal basis for data processing 
The legal basis for the processing of data is Art. 6 (1 a) GDPR if the user has given his or her consent. If the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, the additional legal basis for the processing of the data is Art. 6 (1 b) GDPR.
c) Purpose of data processing
A registration of the user is on the one hand necessary for the provision of certain contents and services on our website. Furthermore, the registration can also take place for the conclusion of a contract with the user, if it is necessary for the fulfilment of the contract or in order to take steps prior to entering into a contract Such services/contracts essentially refer to the following:  Registration for workshops and events, participation in competitions, voluntary surveys (to create and improve offers and services). 
d) Duration of storage
Personal data will be erased where the personal data are no longer necessary in relation to the purposes for which they are collected. In case that the registration on our website is not necessary for the conclusion of a contract with the user, this applies to all data collected during the registration if the registration on our website is canceled or modified. If the registration serves to conclude a contract with the user, this applies for the implementation of all measures to conclude a contract or pre-contractual measures during the registration process, if the data are no longer required for the implementation of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations. Perpetual obligations require the storage of personal data during the term of the contract.  In addition, warranty periods must be observed as well as storage of data for tax purposes.  Which storage periods are to be observed cannot be determined across-the-board, but must be determined for the contracts and contractual parties concluded in each individual case.
e) Right of objection and erasure
As a user, you have the option of canceling the registration for the provision of certain content and services at any time.  You can always change the data stored about you in the system via the corresponding Internet page or you can contact us for this without any formality:  
music support group
msg Beteiligungs- und Verwaltungs-GmbH
Data Protection (Datenschutz)
Brucker Straße 10 
82223 Eichenau 
Germany
E-Mail: datenschutz@musicsupportgroup.com 

If the registration serves to conclude a contract with the user: If the data is necessary for the performance of a contract or to take steps prior to entering into a contract, premature erasure of the data is only possible insofar as contractual or legal obligations do not prevent deletion.  

7. Contact form and E-mail contact

a) Description and scope of data processing
A contact form is available on our website, which can be used to contact us electronically and to request information about our product range. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored.  Such data are:
First name, surname, country, mobile number, E-mail address, postal address (if a brochure is requested by post), desired training location, start date of a possible education, areas of interest, date of birth (to protect minors) and we ask you how you did find us.
At the time of registration, the following data are also stored: The IP address of the user as well as date and time of registration, information about the browser type and the version used, the operating system, as well as websites from which the user’s system reaches our website.
Your consent is obtained for the processing of the data within the scope of the sending process and reference is made to this data protection declaration. Alternatively, you can contact us via the E-mail address provided. In this case, the user’s personal data transmitted by E-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation. 
b) Legal basis for data processing 
The legal basis for the processing of data is Art. 6 (1 a) GDPR if the user has given his or her consent. The legal basis for the processing of data transmitted in the course of sending an E-mail is Art. 6 (1 f) GDPR.  If the E-mail contact is aimed at the conclusion of a contract, then the additional legal basis for the processing is Art. 6 (1 b) GDPR.
c) Purpose of data processing
The processing of personal data from the input mask serves us only for the processing of the contact.  In the event of contact by E-mail, this also constitutes the necessary legitimate interest in the processing of the data.  All other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
d) Duration of storage
Personal data will be erased where the personal data are no longer necessary in relation to the purposes for which they are collected. This is the case for the personal data from the input mask of the contact form and those that were sent by E-mail, when the respective conversation with the user is finished.  The conversation is terminated when it can be assumed from the circumstances that the facts in question have been finally clarified.  Personal data, which was additionally collected during the sending process will be deleted after a period of seven days at the latest. 

e) Right of objection and erasure
The user has the right to revoke his consent to the processing of personal data at any time. If the user contacts us by E-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.  Please address your revocation of the consent and your objection to the storage to us without a form requirement: 
music support group
msg Beteiligungs- und Verwaltungs-GmbH
Data Protection (Datenschutz)
Brucker Straße 10 
82223 Eichenau 
Germany
E-mail: datenschutz@musicsupportgroup.com 
All personal data stored in the course of contacting us will be deleted in this case.

8. Performance of contractual obligations 

a) Description and scope of data processing
In this case, the processing of data takes place in order to provide services in course of the performance of our contracts with our customers or for taking steps prior to entering into a contract, which take place on request.  The purposes of data processing are primarily based on the specific product (individual course agreement, training course agreement, diploma course agreement, bachelor course agreement, workshops, etc.) and, in addition to carrying out the corresponding teaching and examination services, include advising and supporting the participants in the respective specialist area and location. Further details on the corresponding data processing purposes can be found in the relevant contractual documents and general terms and conditions.  The following data are collected within the scope of the contract process:  First name, last name, street, house number, country, postcode, mobile number, E-mail address, area(s) of interest, information on possible promotions, date of birth, bank details.
b) Legal basis for data processing 
If the personal data is necessary for the performance of a contract to which you are a data subject, Art. 6 (1 v) GDPR is the legal basis. This also applies to such processing that is necessary for the implementation of pre-contractual measures. 
c) Purpose of data processing
The data is used for the execution or performance of the contract, i.e. as a rule for the provision of the contractually owed teaching and examination management including the consultation and support of the customers and, if necessary, for the performance of seminars and workshops, to the extent as these have also been agreed or are part of the contract.
d) Duration of storage
Personal data will be erased where the personal data are no longer necessary in relation to the purposes for which they are collected. With regard to the conclusion of a contract with you, this applies to the performance of a contract or to the implementation of pre-contractual measures, provided that the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations. Perpetual obligations require the storage of personal data during the term of the contract. In addition, course/examination-related additional periods must be observed as well as the storage of data for tax purposes. Which storage periods are to be observed cannot be determined across-the-board, but must be determined for the contracts and contractual parties concluded in each individual case.
e) Right of objection and erasure
If the data is necessary for the performance of a contract or to take steps prior to entering into a contract, premature erasure of the data is only possible insofar as contractual or legal obligations do not prevent deletion. A right of objection exists for the conclusion of course agreements as follows:
The customer is entitled to a cooling-off period of 14 days, which starts on the day that s/he signs and sends in/hands over the course agreement to United POP B.V.. If the customer did not sign the document, the cooling-off period starts at the moment that United POP B.V. has confirmed the reception of the course agreement. In case customer sends in the course agreement less than 14 days before the commencement of the course, the cooling-off period expires at the moment s/he attends one of the classes of the course. During the cooling-off period customer is entitled to cancel the course agreement. The instructions on objection and the consequences of objection are set out in the respective contract. To exercise the right of objection consumer must address the objection to:
music support group
msg Beteiligungs- und Verwaltungs-GmbH
Datenschutz
Brucker Straße 10 
82223 Eichenau 
Deutschland
E-Mail: datenschutz@musicsupportgroup.com,
or directly to United POP B.V.

9.  Usage of cookies 

a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is used again. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a website change. The following data are stored and transmitted in the cookies: Acknowledgment of the cookie banner, user session of the contact form (required for data security).
We also use cookies on our website to analyse the user’s surfing behaviour. In this way, the following data can be transmitted: Frequency of website visits, user origin, browser system settings. The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the users.
When you visit our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this privacy statement. In this context, there is also information given as on how the storage of cookies can be prevented in the browser settings.
b) Legal basis for data processing 
The legal basis for the processing of personal data using cookies is Art. 6 (1 f) GDPR. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1 f) GDPR. The legal basis for the processing of personal data using cookies for analytical purposes is Art. 6 (1 a) GDPR.
c) Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. It is necessary for them that the browser is recognized even after a page change of a website. We use cookies in our contact form (technical security measure). The user data collected by technically necessary cookies are not used to create user profiles. The analysis cookies are used to improve the quality of our website and its content. By placing analysis cookies we learn how the website is used, with which browsers and user settings the pages are accessed and can thus continuously optimise our offer. These purposes also constitute our legitimate interest in processing personal data pursuant to Art. 6 (1 f) GDPR. 
d) Duration of storage, right to object and erasure
Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

10. Is automated individual decision making and/or profiling implemented? 

To establish and conduct our business relations with you, we do not use fully automated decision making as referred to in Art. 22 GDPR. Should we use such procedures in individual cases, we will inform you separately, if required by law. 

11. SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

12. What are the consequences of not providing personal data?

As part of our business relationship, you as customer/prospective customer must provide personal data required for the establishment and execution of a business relationship of your choice and the performance of the associated contractual obligations or such personal data, which we are required to collect by law. Without this information, we will generally not be able to conclude the contract or to perform the contract or service. 

13. How long are personal data stored and will the data be erased?

We commit ourselves to the principles of data avoidance and data minimization. Insofar as the storage and erasure of personal data of a data subject has not already been explained above, we like to point out that personal data will be erased or blocked as soon as the purpose of the storage, which originates from a contractual or statutory obligation, ceases to apply, i.e. your personal data will only be stored as long as the respective purpose lasts, in the case of a contractual relationship only during the contract period. If the data are no longer required for the performance of contractual or statutory obligations, they are regularly deleted in accordance with the statutory provisions. In exceptional cases, data may also be stored if this has been provided for by European or national legislators in EU regulations, laws or other provisions. The data will also be blocked or erased if a storage period determined by the aforementioned standards expires, unless a further storage of the data for the conclusion or performance of a contract is necessary.

14. Who receives personal customer data? 

Insofar as you have made personal data available to us, such data will only be passed on or otherwise transmitted by us if this is necessary for the purpose of contract processing, in particular for the disclosure of order/contract data or for billing purposes, or if you have previously consented to the onward transfer or the disclosure is required by law (in particular, onward transfers to state authorities). A given consent can be revoked at any time. This also applies to the revocation of declarations of consent issued to us prior to the validity of the GDPR, i.e. before the 25th of May 2018. The revocation is only effective for the future. The revocation of the consent does not affect the lawfulness of the data processed until the revocation.
Within our company, only those departments obtain access to customer data as necessary to fulfil our contractual and legal obligations. In addition, service providers and vicarious agents employed by us may also receive data for such purposes if they process the personal data transmitted to them exclusively in accordance with the given data protection regulations and within the factual and temporal framework of the respective order and in accordance with instructions from us as customer. They may not use the provided data for any other purposes and are obliged to take technical and organisational measures required by law to adequately protect the data transmitted by us.

To execute of a business relationship with you and depending on the service/contract we may transfer personal data to other companies of the music support group (in particular msg Beteiligungs- und Verwaltungs-GmbH, msg GmbH & Co. KG, music support group GmbH, United POP online GmbH, United POP Australia Pty Ltd and possibly other affiliated companies); to companies in the categories of credit and financial services institutions or comparable institutions/payment providers, IT services, logistics, printing services, telecommunications, debt collection, consulting and sales and marketing; to public bodies and institutions (e.g. tax authorities, law enforcement authorities) in case of an existing legal or official obligation. Other possible recipients of the data can be such entities for which you have given us your consent to the transfer of data.

The following processor is engaged with the processing of personal data as referred in Art. 28 GDPR:

Bonifatius GmbH (Shipping Provider), Karl-Schurz-Straße 26, 33100 Paderborn, Germany

Ditmeijers’ Telemarketing & Datamanagement BV, Van Diemenstraat 86 – 70 – 142, 1013 CN  Amsterdam, The Netherlands

Agnitas AG (E-mail-transfer), Werner-Eckert-Straße 6, 81829 Munich, Germany

Business Talk AG (Telemarketing), Schillerstraße 7, 80336 Munich, Germany

Eventbrite Inc. (Eventportal), 155 5th Street, Floor 7, San Francisco, CA 94103, USA

University of West London (Validation and Certification of the Bachelor course offers ), St Mary´s Road, Ealing, London W5 5RF, UK

SurveyMonkey Europe UC (Surveys), 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland

Unbounce (Contact forms), West Georgia Street 400-401, BC V6B5A1 Vancouver, Canada

Happy Contest (Competitions), Maximilanstraße 14, 86150 Augburg, Germany

15. Will personal data be transferred to third countries or international organisations? 

Pursuant to Art. 44 DSGVO, data will only be transferred to offices in countries outside the European Union (so-called third countries) if this is necessary for the execution of customer orders or if this is required by law or if we have received your consent as data subject. Data may be transferred to third countries if the Commission has established an adequate level of data protection in accordance with Art. 45 GDPR, if there are appropriate safeguards to ensure an adequate level of data protection, such as binding company regulations or standard contractual clauses, or if the data subject expressly consents.

16. What data protection rights exist? 

If your personal data are processed, you are data subject as defined in the GDPR  and you have the following rights against the Controller:
Each data subject has the right of access as referred in Art. 15 GDPR, the right to rectification as referred in Art. 16 GDPR, the right to erasure as referred in Art. 17 GDPR, the right to restriction of processing as referred in Art. 18 GDPR, the right to object as referred in Art. 21 GDPR and the right to data portability as referred in Art. 20 GDPR. Furthermore, there is a right to lodge a complaint with a supervisory authority (Art. 77 GDPR). A given consent you have given us to process your personal data may at any time be revoked. This also applies to the revocation of declarations of consent issued to us prior to the validity of the GDPR, i.e. before the 25th of May 2018. The revocation is only effective for the future. Processings made before the revocation are not affected. 
Right to information
You may ask the Controller to inform you whether personal data relating to you as a data subject will be processed by us. 
In case of such a processing, the controller shall provide you with all of the following information:
(1) the purposes of the processing for which the personal data are intended;
(2) the categories of personal data, which are being processed;
(3) the recipients or categories of recipients of the personal data to whom the personal data relating to you as a data subject have been or are still being disclosed;
(4) the period for which the personal data relating to you as a data subject will be stored, or if the relevant details cannot be provided, the criteria used to determine that period;
(5) the existence of a right to rectification or erasure of personal data relating to you as a data subject, a right to restriction of processing by the controller or a right to object to such processing; 
(6) the existence of a right to lodge a complaint to a supervisory authority;
(7) to obtain all available information on the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data relating to you as a data subject is transferred to a third country or to an international organisation. In this context, you may request to obtain information in regard to appropriate safeguards pursuant to Art. 46 GDPR in connection with the data transfer.
Right to Rectification 
You have a right to rectification and/or completion against the Controller if the personal data processed relating to you are incorrect or incomplete. The Controller shall make the rectification without undue delay.
Right to Restriction of Processing
Under the following conditions, you may request that the processing of personal data relating to you will be restricted:
(1) if you dispute the accuracy of the personal data relating to you for a period that enables the data controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you object to the erasure of the personal data and instead request the restriction of use of the personal data;
(3) the Controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
(4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the Controller are more important than your reasons.
If the processing of personal data relating to you as a data subject has been restricted, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is repealed.
Right to Erasure
a) Obligation to erasure
You may request the Controller to delete the personal data relating to you without delay and the Controller is obliged to erase such data immediately if one of the following reasons applies:
(1) The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent, on which the processing was based pursuant to Art. 6 (1 a) or Art. 9 (2 a) GDPR, and there is no other legal basis for the processing. 
(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR. 
(4) The personal data concerning you have been processed unlawfully. 
(5) The erasure of personal data relating to you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the Controller is subject. 
(6) The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR. 

b) Information to third parties
If the Controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 (1) GDPR, he shall take reasonable steps, including technical measures and taking into account the available technology and the implementation to inform controllers which are processing the personal data that you as the data subject have requested the erasure of any links to, or copy or replication of, those personal data. 
c) Exceptions
The right to erasure does not exist insofar as the processing is necessary 
(1) to exercise freedom of expression and information;
(2) for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the Controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the Controller;
(3) for reasons of public interest in the field of public health in accordance with Art. 9 (2 h) and (i) and Art. 9 (3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, in so far as such rights as mentioned under section a) are likely to render impossible or seriously impair the achievement of the specific purposes, or
(5) to assert, exercise or defend legal claims. 

Right to information
If you have asserted your right to rectification, erasure or restriction of the processing against the Controller , he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed about this rectification or erasure of the data or restriction of the processing, unless this is not possible or involves a disproportionate effort.
You have the right to be informed of such recipients by the Controller.
Right to Data Portability
You have the right to receive the personal data concerning you that you have provided to the Controller in a in a structured, commonly used and machine-readable format. In addition, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: 
(1) the processing is based on consent pursuant to point (a) of Art. 6(1) GDPR or point (a) of Art. 9(2) GDPR or on a contract pursuant to point (b) of Art. 6(1); and
(2) the processing is carried out by automated means.
In exercising this right, you shall also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the Controller.
Right to object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to pursuant to Art. 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. 
The Controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data relating to you as a data subject for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In connection with the use of Information Society service, you have the right to object by means of automated procedures using technical specifications, notwithstanding the Directive 2002/58/EC.
Right to revoke the data protection declaration of consent
You have the right to revoke your consent to this Privacy Policy at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until the revocation was issued.
Automated decision in individual cases including profiling
If we perform such automated processing, you have the right not to be subject to a decision based exclusively on automated processing - including profiling - that will have an adverse legal effect on you or significantly affect you in a similar manner. This does not apply if the decision 
(1) is necessary for entering into, or performance of, a contract between the data subject and the Data Controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
Decisions shall not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9(2)(a) or (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (2), the Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. 
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art 78 GDPR.

Information about the right to object according to Art. 21 GDPR 
1. Right of objection on a case-by-case basis 
As a customer, you have the right to object at any time for reasons arising from a particular situation to the processing of personal data concerning you, which is carried out on the basis of Art. 6 (1 e) GDPR (data processing in the public interest) and Art. 6 (1 f) GDPR (data processing on basis of a balance of interests). If an objection is lodged, we will no longer process the personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms as a data subject, or if the processing should serve to assert, exercise or defend legal claims. 
2. Right to object to the processing of data for marketing/advertising purposes:  
In individual cases we process personal data in order to implement marketing/advertising measures. As a customer, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing/advertising measures. If you object to the processing for such purposes, the personal data will no longer be processed for these purposes. 

Your objection can be submitted form-free to:
music support group
msg Beteiligungs- und Verwaltungs-GmbH
Data Protection (Datenschutz)
Brucker Straße 10 
82223 Eichenau 
Germany
E-mail: datenschutz@musicsupportgroup.com 

17. Information about Google Analytics

(1) This website uses Google Analytics, a web analytics service provided by Google Inc. (”Google”). The use is based on Art. 6 (1), Sentence 1 (f) GDPR. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie such as
- Browser type/version,
- Operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request,

is usually transmitted to a Google server in the USA and will be stored there. The IP address transmitted by Google Analytics from your browser will not be merged with other data of Google. We have also added the code "anonymizeIP" to Google Analytics on this website. This guarantees that your IP address is masked so that all data is collected anonymously. Only in exceptional cases the complete IP address will be transmitted to a Google server in the USA and truncated there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide the website operator with further services associated with website and Internet use. You may prevent the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
You can also prevent the collection of the data generated by the cookie from Google and related to your use of the website (including your IP address) to Google and the processing of these data by Google if you download and install the subsequent browser plug-in: http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie only works in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. 
Furthermore, we use Google Analytics to evaluate data from double-click cookies and AdWords for statistical purposes. If you do not wish this, you can deactivate it using the Ads Preferences Manager  (http://www.google.com/settings/ads/onweb/?hl=de).
Further information on data protection in connection with Google Analytics can be found in the Google Analytics (https://support.google.com/analytics/answer/6004245?hl=de).

18. Information about Google Analytics

Our website uses the remarketing function of Google Inc. to present interest-based advertisements to website visitors within the Google advertising network. A “cookie” is stored in the visitor’s browser, which makes it possible to recognize the visitor when he or she visits websites that belong to Google’s advertising network. These pages may contain advertisements that refer to content that the visitor has previously viewed on websites that use Google's remarketing feature.
According to its own statements, Google does not collect any personal data in this process. However, if you do not wish to use Google’s remarketing function, you can always deactivate it by making the appropriate settings at  http://www.google.com/settings/ads. Alternatively, you can disable the use of cookies for interest-based advertising through the Advertising Network Initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp.

19. Information about Google AdWords

Our website uses Google Conversion Tracking. If you have reached our website via an ad placed by Google, Google Adwords sets a cookie on your computer. The conversion tracking cookie is set when a user clicks on an advertisement served by Google. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can see that the user has clicked on the ad and has been redirected to this page. Each Google AdWords customer receives a different cookie. Cookies cannot therefore be traced through the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that personally identifies users.
If you do not wish to participate in tracking, you can refuse the setting of a cookie required for this - for example via browser settings that generally deactivate the automatic setting of cookies or set your browser so that cookies are blocked by the "googleleadservices.com" domain.
Please note that you may not delete the opt-out cookies as long as you do not wish measurement data to be recorded. If you have deleted all your cookies in your browser, you must set the respective opt-out cookie again.

20. Information on using script libraries (Google Web Fonts)

To present our contents correctly and graphically appealing across all browsers, we use script libraries and font libraries such as Google Web Fonts (https://www.google.com/webfonts/). Google Web Fonts are transferred to your browser's cache to avoid multiple loading. If your browser does not support Google Web Fonts or does not allow access, content will be displayed in a default font.
Calling script libraries or font libraries automatically triggers a connection to the library operator. In theory, it is possible - but currently also unclear whether and, if so, for what purposes - that operators of corresponding libraries collect data.
The privacy policy of the library operator Google can be accessed here:
https://www.google.com/policies/privacy/

21. Information on embedded YouTube videos

We embed YouTube videos on some of our websites. YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA is the operator of the corresponding plug-ins. When you visit a page with the YouTube plugin, a connection to Youtube servers is established. Youtube will be informed which pages you visit. If you are logged into your Youtube account, Youtube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account beforehand.
If a YouTube video is started, the provider uses cookies that collect information about user behaviour.
If you have deactivated the storage of cookies for the Google Ad programme, you will not have to reckon with such cookies when viewing YouTube videos. Youtube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in your browser.
More information on data protection at “Youtube” can be found in the provider’s privacy policy under: https://www.google.de/intl/de/policies/privacy/ 

22. Information on the use of Bings Ads

Bing Universal Event Tracking (UET) 
Data is collected and stored on our website using Bing Ads technologies, from which user profiles are created using pseudonyms. This is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service enables us to track the activities of users on our website when they come to our website via ads from Bing Ads. If you access our website via such an advertisement, a cookie is placed on your computer. A Bing UET tag is integrated on our website. This is a code used in connection with the cookie to store some non-personal data about the use of the website. This includes the time spent on the website, which areas of the website were called up and via which display the users accessed the website. Information about your identity is not collected.
The information collected is transmitted to Microsoft servers in the United States and stored there for a maximum of 180 days. You can prevent the collection of data generated by the cookie and related to your use of the website and the processing of this data by deactivating the setting of cookies. This may restrict the functionality of the website.
In addition, Microsoft may be able to track your usage across multiple electronic devices through cross-device tracking, making the display of personalised advertising on or in Microsoft Web pages and apps possible. You can deactivate this procedure at http://choice.microsoft.com/de-de/opt-out.
For more information on Bing Ads’ analysis services, please visit the Bing Ads website (https://help.bingads.microsoft.com/#apex/3/de/53056/2). For more information about Microsoft and Bing’s privacy practices, please read Microsoft’s Privacy Policy. 
(https://privacy.microsoft.com/de-de/privacystatement).

23. Facebook Pixel

Within the framework of our Internet presentation, we use the “Facebook Pixel” of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. So-called tracking pixels are integrated on our pages. When you visit our pages, the pixel-code establishes a direct connection between your browser and the Facebook server. 
Among other things, Facebook receives information from your browser,e.g. that our page has been called up by your terminal device. If you are a Facebook user, Facebook can assign your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted by Facebook or of their use. We can only choose which segments of Facebook users (such as age, interests) our advertising should be displayed.
By calling up the pixel from your browser, Facebook can also recognize whether a Facebook ad was successful, e.g. whether it led to an online purchase. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes.

Please click here if you do not wish to have data collected via Facebook pixels: https://www.facebook.com/settings?tab=ads#_=._
Alternatively, you can deactivate the Facebook Pixel on the Digital Advertising Alliance page using the following link: http://www.aboutads.info/choices/.

The transfer of data to the USA is permitted according to Art. 45 GDPR, as Facebook Privacy Shield is certified and therefore has an adequate level of data protection according to the Commission Implementing Decision  (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). 

The certification can be seen under https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Legal basis is a legitimate interest as referred to in Art. 6 (sentence 1 (1f)) GDPR, here the processing is necessary for the pursuit of our business purposes and the targeted advertising of our services.

24. Information on liability for third party websites and external links

Despite careful control of the contents, we assume no liability for the contents of the Internet pages of third parties and external links. The operators of the linked pages are exclusively responsible for their content. We expressly declare that we have no influence whatsoever on the design and content of the linked and imported pages. For this reason, we expressly distance ourselves from all contents of all linked pages on the website and do not adopt these contents as our own. This declaration applies to all pages to which links lead. 

25. Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time in compliance with the applicable data protection regulations. You will find the current version here or at another easily accessible place on our website.
 
If we plan to process your data for other purposes than they were originally collected, we will inform you in advance in compliance with the statutory provisions.