Information on the collection of personal data
(1) In the following, we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g., name, address, e-mail addresses, user behaviour.
(2) The responsible party pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is SOMM _ Society Of Music Merchants e. V., Hardenbergstraße 9a, 10623 Berlin, somm(at)somm.eu (See our imprint).
(3) When you contact us by e-mail, the data you provide (your e-mail address, your name, and your address, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are statutory retention obligations.
(1) You have the following rights in relation to personal data relating to you:
Right to information,
Right to rectification or erasure,
Right to restriction of processing,
Right to object to processing,
Right to data portability.
(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
Collection of personal data when visiting our website
(1) In the case of mere informational use of the website, i.e., if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to the server of our website. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security. The legal basis is Art. 6 para. 1 p.1 lit. f GDPR. Data collected:
Date and time of the request
Time zone difference from Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request came
Operating system and its interface
Language and version of the browser software
(1) Our website uses SSL encryption (Secure Socket Layer) in conjunction with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead.
You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
(2) We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, against partial or complete loss, against destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Further functions and offers of our website; passing on of data
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually must provide further personal data which we use to provide the respective service and for which the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored. If we commission third parties with the processing of data based on a so-called "order processing agreement", this is done based on Art. 28 GDPR.
(3) Your personal data will only be otherwise transmitted to third parties,
if you have given your express consent to this (Art. 6 para. 1 p. 1 lit. a GDPR)
if the transfer is legally permissible and necessary for the processing of contractual relationships with you (Art. 6 para. 1 p. 1 lit. b GDPR)
if there is a legal obligation to disclose the data (Art. 6 para. 1 p. 1 lit. c GDPR)
if the disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data (Art. 6 para. 1 p. 1 lit. f GDPR)
(4) If we process data in a third country (i.e., outside the European Union or the European Economic Area) or do so in the context of using third-party services, this will only be done based on your consent, based on a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we will only process data or have data processed in a third country if the special requirements of Art. 44 et seq. GDPR. This is the case, for example, based on the officially recognised determination of a level of data protection corresponding to that of the EU (e.g., for the USA through the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").
Deletion of data
Data processed by us will be deleted in accordance with Art. 17 GDPR, for example if storage is no longer necessary in view of the purpose for which the data was collected. Otherwise, we restrict the processing in accordance with Art. 18 GDPR if there are statutory retention obligations, e.g., for data that must be retained for reasons of commercial or tax law.
Objection or revocation against the processing of your data
(1) If you have given your consent to the processing of your data, you may revoke this consent at any time pursuant to Art. 7 (3) GDPR. The revocation does not affect the lawfulness of the processing carried out based on your previous consent. The only consequence of the revocation is that we may no longer continue the data processing based on this consent in the future.
(2) If your personal data is processed based on legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR), for example in the context of the use of content or service offers from third-party providers (e.g., social media plug-ins, Google services) described below, you have the right to object to the processing in accordance with Art. 21 GDPR, insofar as there are reasons for this which arise from your particular situation.
In the event of a justified objection, we will examine the merits of the case and either discontinue or adapt the data processing or show you our compelling legitimate reasons based on which we will continue the processing.
(3) In the event of an objection based on direct marketing, you have a general right of objection pursuant to Art. 21 of the GDPR, which will be implemented by us without specifying a particular situation. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
Regular updating of this data protection notice
The data protection legal framework for service providers is subject to constant changes and adaptations.
These changes and adjustments make it necessary to update our data protection notice from time to time.
You can see the current status by the line "Status: ..." at the end of this data protection information.
Status: 26 March 2022