Privacy Policy
The following data privacy statement applies to the use of our online offer dhd.audio (hereinafter referred to as “website”). We attach great importance to data protection. Your personal data is collected and processed in compliance with the applicable data protection regulations, in particular with the General Data Protection Regulation (GDPR).
1 Data privacy controller
Responsible for the collection, processing and use of your personal data within the meaning of art 4 para GDPR is DHD audio GmbH, Haferkornstr. 5, 04129 Leipzig, Germany. If you wish to object to our collection, processing or use of your data in accordance with this privacy policy as a whole or for individual measures, you can direct your objection to the body in charge. You can save and print out this privacy statement at any time.
2 General purposes of processing
We use personal data for the purpose of operating the website and, if commissioned by you, to generate and process offers and orders.
3 What data do we use and why?
3.1 Hosting
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage and database services, security services and technical maintenance services, which we use for the purpose of operating the website. Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, prospective customers and visitors to our website on the basis of our legitimate interests in an efficient and secure provision of our website in accordance to art 6 para 1 s 1 lit f GDPR in connection with art 28 GDPR. Our RM1 landing page is hosted by the company Netlify, which provides its services in compliance with GDPR.
3.2 Access data
We collect information about you when you use this website. We automatically collect information about your usage behaviour and interaction with us and record data about your computer or mobile device. We collect, store and use data about every access to our website (so-called server log files). Access data includes:
- name and URL of the accessed file
- date and time of access
- transferred data volume
- Message about successful access (HTTP response code)
- operating system
- referrer URL (i.e. the previously visited page)
- Websites accessed by the user’s system through our website
- Internet service provider of the user
- IP address and requesting provider
Without allocating it to your person or and without any other profiling, we use this log data for statistical evaluations for the purpose of operation, security and optimisation of our website. It is furthermore used for anonymous recording of the visitor number to our website (traffic) and of the extent and type of use of our website and services. We use log data also for billing purposes in order to quantify the number of clicks received from cooperation partners. Based on this information, we are able to provide personalized and location-based content, to analyse traffic, to do troubleshooting and to correct errors, and to improve our services. This is actually our legitimate interest according to art 6 para 1 s 1 lit f GDPR. We reserve the right to check the log data subsequently if there is a justified suspicion of illegal use based on concrete evidence. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision or billing of a service, e.g. if you use one of our offers. After the order process has been cancelled or payment has been received, we will delete the IP address if this is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website. We also use Netlify Analytics for this purpose. Server logs are automatically and anonymously analyzed. Cookies are not evaluated.
3.3 Data for the fulfilment of our contractual obligations
We process personal data that we need to fulfil our contractual obligations, such as name, address, e-mail address, ordered products, invoice data and payment data. The collection of this data is necessary for the conclusion of the contract. The data will be deleted after expiry of warranty periods and legal storage periods. Data linked with a user account (see below) will always be retained for the duration of the account. The legal basis for this data processing is art 6 para 1 s 1 lit b GDPR, as this data is required so that we can fulfil our contractual obligations towards you.
3.4 Email Contact
If you contact us (e.g. by email), we will process your details for the handling of your request and in the case of follow-up questions. If the data processing takes place in order to execute pre-contractual measures which arise upon your request or, if you are already our customer, in the course of the execution of the contract, the legal basis for this data processing is art 6 para 1 s 1 lit b GDPR. We will only process further personal data if you give your consent (art 6 para 1 s 1 lit a GDPR) or if we have a legitimate interest in processing your data (art 6 para 1 s 1 lit f GDPR). An example for a legitimate interest is to reply to your e-mail.
3.5 Newsletter Subscription
You can subscribe to our newsletter in the footer of our site to stay informed about the latest developments of the RM1 from DHD audio. We are using the newsletter provider MailChimp. To ensure that no one else subscribes using your email address, you will receive a confirmation email containing an activation link. You must click on this link to confirm that you are the owner of the email address and agree to receive our newsletters.
4 Storage Time
Unless specifically stated, we only store personal data for as long as it is necessary to fulfil the purposes pursued. In some cases, for example with regard to tax or commercial law, legislature requires storage of personal data. In these cases, we will only store the data for those legal purposes, but will not process in any other way. The data will be deleted after expiry of the legal storage period.
5 Your rights as a data subject
According to the applicable laws, you have various rights regarding your personal data. If you wish to assert these rights, please send your request, clearly identifying yourself, by email or by post to the address specified in section 1. Please find below an overview of your rights.
5.1 Right of confirmation and access
You have the right to clear information about the processing of your personal data. Specifically: You have the right at any time to obtain from us confirmation as to whether personal data relating to you will be processed. If this is the case, you have the right to request from us free-of-charge information about the personal data stored about you, including a copy of this data. Furthermore, you have a right to the following information:
- the purposes of the processing;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- if applicable, the planned time period for which the personal data will be stored or, if not applicable, the criteria for determination of this time period;
- the existence of a right to rectification or erasure of your personal data or to restriction of the processing by the data controller, or of a right of objection against such processing;
- the existence of a right to lodge a complaint with a supervisory authority;
- in the case that the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in art 22 paras 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards according to article 46 relating to the transfer.
5.2 Right to rectification
You have the right to obtain from us the rectification and, if applicable, the completion of personal data concerning you. Specifically: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
5.3 Right to erasure (‘right to be forgotten’)
In several cases, we are obligated to delete personal data concerning you. Specifically: According to art 17 para 1 GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- you withdraw consent on which the processing is based according to art 6 para 1 s 1 lit a GDPR or to art 9 para 2 lit a, and where there is no other legal ground for the processing.
- you object to the processing according to art 21 para 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing according to art 21 para 2 GDPR.
- the personal data have been unlawfully processed.
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
- the personal data have been collected in relation to the offer of information society services referred to in art 8 para 1 GDPR.
Where we have made the personal data public and we are obliged according to art 17 para 1 GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform the data controllers which are processing the personal data that you have requested them the erase any links to, or copy or replication of, those personal data.
5.4 Right to restriction of processing
In several cases you have the right to request from us restriction of processing of your personal data. Specifically: You have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data,
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- we no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims,
- you have objected to processing according to art 21 para 1 pending the verification whether the legitimate grounds of our company override yours.
5.5 Right to data portability
You have the right to receive, transmit or let us transmit the personal data concerning you in machine-readable format. Specifically: You have the right to receive the personal data concerning him or her, which he or she has provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another data controller without hindrance from us, where:
- the processing is based on consent according to art 6 para 1 s1 lit a GDPR or art 9 para 2 lit a GDPR or on a contract pursuant to art 6 para 1 s 1 lit b GDPR and
- the processing is carried out by automated means.
In exercising your right to data portability according to paragraph 1, you have the right to have the personal data transmitted directly from us to another data controller, where technically feasible.
5.6 Right to object
You have the right to object to a legitimate processing of your personal data by us on grounds relating to your particular situation and unless our interests in the processing prevail. Specifically: At any time you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on art 6 para 1 s 1 lit e or lit f GDPR. This includes profiling based on those provisions. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves for the establishment, exercise or defence of legal claims. Where personal data are processed for direct-marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling that it is related to such direct marketing. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to art 89 para 1 GDPR, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
5.7 Automated decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way.
5.8 Right to withdraw data-privacy consent
You have the right to withdraw consent at any time to processing of personal data.
5.9 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this Regulation.
6 Data security
We make every effort to ensure the security of your data in accordance with the applicable data protection laws and technical possibilities.Your personal data will be transmitted encrypted. This applies to your orders and also to the customer login. We use the SSL (Secure Socket Layer) coding system, but point out that data transmission over the Internet (e.g. communication by email) can have security gaps. A complete protection of data against access by third parties is not possible. To secure your data, we maintain technical and organisational security measures in accordance with art 32 GDPR which we will constantly update to the state of the art. Furthermore, we do not guarantee that our offer will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are regularly and carefully secured.
7 Disclosure of data to third parties, no data transfer to non-EU countries
In general, we only use your personal data within our company. If and as far as we involve third parties in the fulfilment of contracts (such as logistics service providers), these parties will only receive personal data to the extent to which the transfer is required for the corresponding service. In the event that we outsource certain parts of data processing (“order processing”), we contractually oblige our contractors who process the data to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the affected person. We are using Mailchimp to integrate a sign-up form into our website. By using the sign-up form you acknowledge that data is being sent to MailChimp which is located in the USA. A data transmission to places or persons outside the EU apart from the services described in this paragraph will not take place and is not planned for the future.