Berlin Phil Media strictly adheres to the legal provisions of the applicable data protection law when collecting, processing, and using your data
- Who is responsible for the data processing and whom can I contact?
- What sources and data do we use?
- For what purpose and on what legal basis do we process your data?
- Cookies, Data Tracking Processes
- Friendly Captcha
- Email marketing
- Data Processing via Social Media
- Who gets my data?
- How long will my data be stored?
- Is any data transferred to a third country or to an international organisation?
- What data protection rights do I have?
- Is there an obligation to provide data?
- To what extent is there automated decision making in individual cases?
- Data security
- Availability of the data protection provisions
1. Who is responsible for the data processing and whom can I contact?
Controller of your personal data within the meaning of Art. 4 (7) of the European General Data Protection Regulation (“GDPR”) is:
Berlin Phil Media GmbH
Leipziger Platz 1
Managing Directors: Olaf Maninger, Maximilian Merkle
Phone.: +49 (0)30 206 246 936
Fax: +49 (0)30 206 246 920
You may contact our data protection officer at:
Berlin Phil Media GmbH
– Data Protection Officer –
Leipziger Platz 1
Phone: +49 (0)30 206 246 936
2. What sources and data do we use?
2.1 Visiting our Services
When you visit our Services, your device automatically sends information to our server. This information is temporarily stored in a so-called log file. The following information is collected and stored until it is automatically deleted: IP address of the requesting device; date and time of access; Information about your device (the operating system of your device, the app version as well as the name of your access provider), and in addition, when you call up the services via a browser: name and URL of the accessed file; website from which access is made (“referrer URL”); if applicable, the search engine you used; the browser used.
The mentioned data will be processed by us for the following purposes:
- ensuring a functioning connection to the Services,
- ensuring comfortable use of the Services,
- statistical evaluation using a pseudonym in order to optimize our website as well as the quality and range of our offers,
- use of Friendly Captcha according to Section 5,
- evaluation of system security and stability, and
- for other administrative purposes.
The legal basis for data processing is Art. 6 (1) (b) GDPR, insofar as data processing is required for the provision of the Services or billing purposes. Apart from this, the processing is based on Art. 6 (1) (f) GDPR. Our legitimate interests follow from the purposes listed above for data collection. The log files are deleted after the end of the respective browser session, unless their further storage is required for the above- mentioned purposes.
For each institutional access, Berlin Phil Media compiles the following – completely anonymous – statistics on the basis of this data: Number of institutional individual users (total/active); minutes viewed (total/average per institutional individual user); usage time (total/average per institutional individual user); number of rejected/blocked institutional individual users, total usage by device type (mobile, TV, desktop). These statistics (not: the underlying data) can be accessed by the educational institution in a password- protected area of the website https://institutions.digitalconcerthall.com/.
2.2 Using our Services
In addition, we process personal data that we receive from you in the course of our business relationship. The legal basis for this is Art. 6 (1) (b) GDPR.
For example, we process personal data if you provide it to us when registering as a customer of the Digital Concert Hall or as a guest of the Online Shop. Customers of the Digital Concert Hall within the meaning of these data protection regulations are also members of an educational institution (“institutional individual users”) who register as customers of the Digital Concert Hall and use it free of charge as part of the DIGITAL CONCERT HALL FOR INSTITUTIONS initiative via multiple access capability of their educational institution (“institutional access”).
Berlin Phil Media requires the following data for the execution and processing of the streaming services offered in the Digital Concert Hall and the orders in the Online Shop: Title, full name, email address, address (billing address and, if applicable, different shipping address), phone number, bank details or credit card data, and – for institutional individual users – name of the educational institution. When registering as a customer of the Digital Concert Hall, you must also choose a password to allow future access to the customer area without having to re-enter your personal data. With the registration, a customer account is set up in which the customer's data is stored for further concert visits in the Digital Concert Hall or for further orders. You can access, correct and delete the data stored there at any time.
If an educational institution wishes to apply for institutional access as part of the DIGITAL CONCERT HALL FOR INSTITUTIONS initiative, Berlin Phil Media requires the following personal data in order to submit an individual contract offer to the educational institution and to set up institutional access: Type, name, address, and IP range of the educational institution; full name of the authorized representative; full name, job title, e-mail address and telephone number of a contact person.
3. For what purpose and on what legal basis do we process your data?
We process personal data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (Bundesdatenschutzgesetz – “BDSG”):
3.1 For the performance of contracts and pre-contractual measures (Art. 6 (1) (b) GDPR)
The processing of personal data (Art. 4 (2) GDPR) takes place for the provision of the (streaming) services offered via our Services, for the processing of the purchase contracts concluded in our Online Shop, for billing, implementation of pre-contractual measures and for answering your inquiries in connection with our business relationship.
As part of the DIGITAL CONCERT HALL FOR INSTITUTIONS initiative, data processing is used, among other things, to provide services, to prepare for the conclusion of the contract and to set up institutional access (the IP area is specified for the purpose of verifying the individual institutional users who have to register via the educational institution's network and log in every four weeks).
Further details for the purpose of data processing can be found in the respective contractual documents and terms and conditions.
3.2 For legitimate interests (Art. 6 (1) (f) GDPR)
If necessary, we process your data beyond the actual fulfilment of the contract to protect the legitimate interests of us or third parties, for example in the following cases:
- answering your questions outside of a contract or pre-contractual measures;
- advertising or market and opinion research, unless you have objected to the use of your data;
- operation and optimization of the Services;
- enforcement of legal claims and defence in legal disputes;
- ensuring our IT security and IT operations;
- prevention and investigation of criminal offences.
- anonymized evaluation of streaming behavior as proof to music publishers, GEMA, and Stiftung Berliner Philharmoniker
3.3 On the basis of your consent (Art. 6 (1) (a) GDPR)
If you have given us your consent to process personal data for specific purposes, this processing is lawful on the basis of your consent. You can withdraw your consent at any time. Please note that the withdrawal will only take effect for the future. The lawfulness of our processing based on your consent which took place before the withdrawal is not affected.
3.4 Due to legal obligations (Art. 6 (1) (c) GDPR)
In addition, we are subject to various legal obligations. The purposes of the processing include, inter alia, the fulfilment of retention periods under commercial and tax law.
4. Cookies, Data Tracking Processes
4.1 Websites, technically necessary cookies
The few cookies we use are technically necessary to enable you to use our websites and the services offered on it (e.g. secure login, adding products to the shopping cart in the order process) (“session cookies”). Our legitimate interest in data processing lies in these purposes; the legal basis is Art. 6 (1) (f) GDPR. The data will not be combined with other personal data and will not be used for advertising purposes. Session cookies are deleted after the end of the respective browser session.
4.2 Mobile Applications Digital Concert Hall
The mobile apps you download to your device contain services that enable us to better target your interests and provide you with the best possible service. These software development kits (SDK) provided by our subcontractors are used solely to identify content that our users like, to measure the quality of the streams and downloads and to optimise our offers on the basis of this information as well as to solve technical problems.
In our mobile app for the operating systems iOS and Android, for this purpose we use the usage evaluation and analysis technology Adjust ("Adjust"). The provider is adjust GmbH, Saarbrücker Str. 36, 10405 Berlin. Adjust collects data on the interaction with our advertising materials, installation and event data of the app and makes these available as anonymised evaluations. We use this information to measure the success of our app marketing campaigns, for our own market research and to optimise the app.
When you install our app, Adjust stores install and event data from your iOS or Android app. This allows us to understand how you interact with our app. It also allows us to analyse and improve our mobile advertising campaigns. For this analysis, Adjust uses the anonymised IDFA or Android ID as well as the anonymised IP and MAC address. The data is anonymised on one side, i.e. it is not possible to identify you or your mobile device through this.
The legal basis for the data processing is Art. 6 (1) (f) GDPR. Our legitimate interests lie in the aforementioned purposes. Page 5 of 15
You can object to the use of Adjust at any time by deactivating the tracking for Adjust in the user settings of the app, at www.adjust.com/opt-out/.
5. Friendly Captcha
On our website berliner-philharmoniker-recordings.com, we use the Friendly Captcha service of Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany, to prevent the misuse of our website by bots.
Friendly Captcha does not analyse your usage behaviour, but collects your anonymised IP address in order to send a cryptographic task (also called a „puzzle request“) to your terminal. As soon as you start filling out a form (e.g. contact form), this task is automatically solved by your computer in the background within a few seconds. Once the task is solved, Friendly Captcha transmits a confirmation to the server that you are a natural person.
Friendly Captcha processes and stores the following data during the puzzle request from your end device:
- anonymised IP address of the requesting computer
- Website from which the access took place (so-called referer URL)
- information about the browser and operating system used
- a time stamp
- version of the widget
- anonymised counter per IP address to control cryptographic tasks
This data is used exclusively to protect us against bots.
Friendly Captcha GmbH is based in Germany and primarily uses servers that are located near the place from which you access our website. This means that servers outside of Germany may also be used. Your data may also be forwarded to a server of Friendly Captcha GmbH in the USA or another country outside the European Union (third country). The USA and other third countries are assessed by the European Court of Justice as countries with an insufficient level of data protection according to EU standards. We have therefore provided guarantees for the protection of your personal data by concluding so-called standard data protection clauses within the meaning of Art. 46 (2) (c) GDPR or binding corporate rules within the meaning of Art. 46 (2) (b) GDPR. In the case of a transfer of data to the USA, there is nevertheless, in the opinion of the data protection authorities, the risk that your data may be processed by the foreign authorities, for control and for monitoring purposes, possibly also without the possibility of legal redress.
The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest is to detect and prevent the misuse of our website by automated programs.
6. Email marketing
If you have expressly consented according to Art. 6 (1) (a) GDPR, we use your email address to inform you in our email newsletter about us, in particular about our concerts. Your consent is recorded and can be called up at any time under “Account” in the Digital Concert Hall.
To receive the newsletter, it is sufficient to provide an email address.
You can unsubscribe at any time, for example via the link at the end of each email. Alternatively, you may send your request to unsubscribe by email to firstname.lastname@example.org at any time. In this case your email address will be deleted from our email distribution list and added to our blacklist. The withdrawal of your consent will only take effect for the future. The lawfulness of any processing based on your consent carried out before the withdrawal is not affected by this.
6.1.1 Newsletter tracking
Please note that we evaluate the behavior of the recipients of our emails using usage statistics. For this purpose, the emails contain so-called web beacons or tracking pixels and links, which are each linked with an individual ID. Thus we record the time of opening and forwarding the email as well as the clicking of the links contained therein, the IP address (to determine the country of retrieval) and the email program used. The evaluation is based on usage statistics (delivery rate, opening rate, click rate, number of redirects, number of clicks on the links contained in the email, email programs used, openings and clicks by time of day and date, country of retrieval), that we can associate with your email address. The evaluation of usage behavior serves to check the success of our email marketing and to constantly improve it. The legal basis is Art. 6 (1) (a) GDPR. You can withdraw your consent to the evaluation at any time by unsubscribing from the newsletter (e.g. via the link at the end of each email); an isolated withdrawal of your consent only against the evaluation is (currently) not possible for technical reasons. We store your usage data until you withdraw your consent.
6.1.2 Dispatch and evaluation by Campaign Monitor
We use the external service provider Campaign Monitor Pty Ltd, 201 Elizabeth St, Sydney, NSW, Australia 2000 (“Campaign Monitor”) as a processor within the meaning of Art. 28 GDPR for the dispatch and the evaluation of emails. The transmission of your information to Australia, a third country outside the EU, is covered by appropriate guarantees within the meaning of Art. 46 GDPR, because we have concluded a data processing agreement with Campaign Monitor including the EU standard contractual clauses.
6.2 Existing customers
If you have already purchased goods or services from Berlin Phil Media, we inform you from time to time by email or letter about similar goods and services from Berlin Phil Media if you have not objected to this. The legal basis for such data processing is Art. 6 (1) (f) GDPR. Our legitimate interest lies in direct advertising (Recital 47 GDPR). You can object to the use of your email address and postal address for advertising purposes at any time without additional costs, for example via the link at the end of each email or by email to email@example.com.
7. Data Processing via Social Media
We are represented on several social media platforms with a profile. This is a way for us to provider further opportunities for information and communication. We have profiles on the following social media platforms:
When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a social media profile in use also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected about it, which may also constitute personal data.
7.1 Visit of a Social Media Site
For the Facebook information service offered here, we use the technical platform and services of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.
Please be aware that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is stored on your device in the form of cookies. This information is used to provide us, as operators of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more detailed information on this at the following link: https://facebook.com/help/pages/insights.
The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. Facebook describes in general terms what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact Facebook and on the settings for advertisements. The data usage guidelines are available at the following link: https://facebook.com/about/privacy.
Facebook's full data policies can be found here: https://facebook.com/full_data_use_policy.
In what way Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties is not conclusively and clearly stated by Facebook and is not known to us.
When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymised (for "German" IP addresses). Facebook also stores information about the devices of its users (e.g. as part of the "login notification" function); this may enable Facebook to assign IP addresses to individual users.
If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your device. This enables Facebook to track that you have visited this page and how you have used it. This also applies to all other Facebook pages. Facebook buttons embedded in websites enable Facebook to record your visits to these websites and assign them to your Facebook profile. This data can be used to offer content or advertising tailored to you.
If you wish to avoid this, you should log out of Facebook or deactivate the "stay logged in" function, delete the cookies present on your device and close and restart your browser. This will delete Facebook information that can be used to directly identify you. This allows you to use our Facebook page without revealing your Facebook identifier. When you access interactive features of the page (Like, Comment, Share, Message, etc.), a Facebook login screen will appear. Once you have logged in, you will again be recognisable to Facebook as a specific user.
Information on how to manage or delete information about you can be found on the following Facebook support pages: https://facebook.com/about/privacy. As the provider of the information service, we also collect and process the data mentioned in section 7.2 from your use of our service.
You can find the current version of this data protection declaration under the item "Data protection" on our Facebook page.
If you have any questions about our information service, you can contact us using the contact details listed in section 1.
For the Instagram information service offered here, we use the technical platform and services of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.
We would like to point out that you use this Instagram page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
When you visit our Instagram page, Instagram collects, among other things, your IP address and other information that is present on your device in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Instagram provides more detailed information on this at the following link: https://help.instagram.com/788388387972460.
The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. Instagram describes in general terms what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact Instagram and on the setting options for advertisements. You can find Instagram's complete data guidelines here: https://help.instagram.com/519522125107875.
In what way Instagram uses the data from the visit of Instagram pages for its own purposes, to what extent activities on the Instagram page are assigned to individual users, how long Instagram stores this data and whether data from a visit to the Instagram page is passed on to third parties, is not conclusively and clearly stated by Instagram and is not known to us.
When you access an Instagram page, the IP address assigned to your device is transmitted to Instagram. According to Instagram, this IP address is anonymised (for "German" IP addresses). Instagram also stores information about the end devices of its users (e.g. as part of the "login notification" function); this may enable Instagram to assign IP addresses to individual users.
If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is located on your device. This enables Instagram to track that you have visited this page and how you have used it. This also applies to all other Instagram pages. Via Instagram buttons embedded in websites, it is possible for Instagram to record your visits to these websites and assign them to your Instagram profile. Based on this data, content or advertising can be offered tailored to you.
If you want to avoid this, you should log out of Instagram or deactivate the "stay logged in" function, delete the cookies present on your device and close and restart your browser. This will delete Instagram information that can directly identify you. This allows you to use our Instagram page without revealing your Instagram identifier. When you access interactive features of the page (like, comment, share, message, etc.), an Instagram login screen will appear. After any login, you will again be recognisable to Instagram as a specific user.
Information on how to manage or delete information about you can be found on the following Instagram support pages: https://help.instagram.com/519522125107875.
As the provider of the information service, we also collect and process the data mentioned in section 7.2 from your use of our service.
If you have any questions about our information service, you can contact us using the contact details listed in section 1.
Twitter Inc. (USA) or Twitter International Company (Ireland) is the sole responsible party for the processing of personal data when you visit our Twitter profile. Further information about the processing of personal data by Twitter can be found at https://twitter.com/privacy.
Google LLC (USA) and Google Ireland Limited (Ireland) are the sole responsible parties for processing personal data when you visit our Youtube channel. Further information about the processing of personal data by Google can be found at https://policies.google.com/privacy.
7.2 Processing of data you provide to us via our social media pages
We also process information that you have provided to us via our profile on the respective social media platform. Such information may be the username used, contact details or a message to us. We regularly process this personal data only if you have expressly provided us with this information. These processing operations are carried out by us as the sole data controller. We process this data on the basis of our legitimate interest in contacting enquirers. The legal basis for the data processing is Art. 6 (1) (f) GDPR or Art. 6 (1) (b) GDPR if it concerns pre-contractual measures or enquiries in connection with our business relationship.
8. Who gets my data?
Within our organization, those departments or individuals get access to your data that need it in order to fulfil our contractual and legal obligations.
We share your personal data with third parties if this is necessary to fulfil an existing contractual relationship between you and Berlin Phil Media or to implement pre-contractual measures (Art. 6 (1) (b) GDPR) or for the purposes of legitimate interests (Art. 6 (1) (f) GDPR).
We only share such information as is required by the respective service provider to perform the task assigned to him. The service provider undertakes to treat the data confidentially in accordance with this data protection declaration and the relevant data protection laws and not to pass it on to third parties.
In addition, your personal data will be disclosed or transmitted if required to do so by law (Art. 8 (1) (c) GDPR) or if you have given your consent (Art. 6 (1) (a) GDPR).
Under these conditions, recipients of personal data may be, for example:
- Subcontractors (e.g. mail order companies) used by Berlin Phil Media to provide the services offered via the website.
- Banks for the collection of fees.
- Public authorities and institutions in the event of a legal obligation or official order.
9. How long will my data be stored?
If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract. It should be noted that our business relationship is a continuing obligation which – until termination of your registration on our website – is intended for years.
In addition, we are subject to various storage and documentation obligations arising, inter alia, from the German Commercial Code (Handelsgesetzbuch – “HGB”) and the German Fiscal Code (Abgabenordnung – “AO”). The retention and documentation periods specified there are, e.g., 6 years for correspondence in connection with the conclusion of a contract and 10 years for accounting documents (Sec. 238, 257 (1) and (4) HGB, Sec. 147 (1) and (3) AO). Such storage and documentation obligations apply in particular if you conclude a contract with us (e.g. registration in the Digital Concert Hall or in the Online Shop, conclusion of a purchase contract on these portals, contract on the use of the Digital Concert Hall as part of the DIGITAL CONCERT HALL FOR INSTITUTIONS INITIATIVE).
Finally, the storage period also depends on the statutory limitation periods, which, for example, according to Sec. 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch – “BGB”), are generally three years long, but can, in certain cases, also be up to thirty years.
After expiry of the storage and documentation obligations and the relevant limitation periods, we delete the data.
Log files and cookies are deleted after expiry of the above-mentioned storage periods.
10. Is any data transferred to a third country or to an international organisation?
11. What data protection rights do I have?
You have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to limitation of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). The restrictions according to Sec. 34 and 35 BDSG apply to the right of access and the right of cancellation. You also have the right to object to data processing by us (Art. 21 GDPR). If our processing of your personal data is based on consent (Art. 6 (1) (a) GDPR), you can withdraw this at any time; the legality of data processing based on the consent until withdrawal remains unaffected by this.
To assert all these rights and for further questions on the subject of personal data, please contact our data protection officer firstname.lastname@example.org or our postal address (see point 1 above) at any time.
Regardless of this, you have the right to file a complaint with a supervisory authority – in particular in the EU Member State where you are staying, working or allegedly infringed – if you believe that the processing of personal data concerning you violates the GDPR or other applicable data protection laws (Art. 77 GDPR, Sec. 19 BDSG).
12. Is there an obligation to provide data?
In the context of our business relationship you only have to provide the personal data which is necessary for the establishment, execution and termination of a business relationship or which we are legally obliged to collect. Without this data we will usually have to refuse the conclusion of the contract or the execution of the order or we will no longer be able to execute an existing contract and may have to terminate it. Mandatory information is marked as such in our Services.
13. To what extent is there automated decision making in individual cases?
We do not use fully automated decision making according to Art. 22 GDPR for the establishment and implementation of a business relationship. Should we use these procedures in individual cases, we will inform you separately, where required by law.
14. Data security
We take a variety of security measures to adequately protect personal data to an appropriate extent.
All customer information is stored on secure servers that are protected from access from other networks by a software firewall. Only those employees who need information to process a specific request or order have access to the data. The employees are trained in the safe handling of data.
Insofar as we collect personal data on our pages, the transmission is encrypted using the industry standard Secure Socket Layer (“SSL”) technology. This applies to all particularly sensitive data such as credit card numbers and account information.
15. Availability of the data protection provisions
Last updated: 22 December 2022