PRIVACY INFORMATION

Datum: 16.01.2020                                                                              Version: 1.20.01

I. NAME AND ADDRESS OF THE DATA CONTROLLER
II. CONTACT DETAILS OF THE DATA PROTECTION OFFICER
III. GENERAL INFORMATION ON DATA PROCESSING
IV. USE OF COOKIES
V. CONTACT FORM AND E-MAIL CONTACT
VI. ONLINE APPLICATION
VII. RIGHTS OF THE DATA SUBJECT

 

I. NAME AND ADDRESS OF THE DATA CONTROLLER

 

Joint controllers in the sense of article 26 of the General Data Protection Regulation (GDPR) concerning the following data processing are:

 

Music & Sales Professional Equipment GmbH

Tritschlerstraße 3

66606 St. Wendel, Germany

Phone: +49 6851 905 0

Email: info@musicandsales.com

Managing directors: Hans Stamer / Lothar Stamer

 

and

 

Stamer Musikanlagen GmbH

Magdeburger Straße 8

66606 St. Wendel, Germany

Phone: +49 6851 905 0

Email:  info@stamer-musikanlagen.com

Managing directors: Hans Stamer / Lothar Stamer

 

 

II. CONTACT DETAILS OF THE DATA PROTECTION OFFICER

 

You may contact the data protection officer of both data controllers via the following e-mail address:

Email: datenschutz@musicandsales.com

 

 

III. GENERAL INFORMATION ON DATA PROCESSING

 

1. DATA ERASURE AND STORAGE PERIOD

The user’s personal data will be erased or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this is provided by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject to. The data will also be blocked or deleted if a storage period prescribed by the mentioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

 

2. JOINT CONTROLLERSHIP

 

2.1 RESPONSIBILITIES RELATED TO DATA PROCESSING

The companies mentioned under I. jointly controll the processing of the data. The responsibilities are structured as follows:

DATA PROCESSING
STAMER MUSIKANLAGEN GMBH CONTROLLS THE PROCESSING
Music & Sales P.E. GmbH CONTROLLS THE PROCESSING
OVERARCHING COOPERATION IN DATA PROCESSING
a) Use of technically necessary cookies

 

X
b) Contact form and e-mail contact

 

X (1) X (2)
c) Online application

 

 

X

X (1) applicable, if the matter exclusively concerns data controller 2
X (2) applicable, if the matter exclusively concerns data controller 2 or both data

 

2.2 DEMARCATION OF RESPONSIBILITIES

The duties resulting from the requirements of the GDPR are structured as follows:

DUTIES
Stamer Musikanlagen GmbH
Music & Sales P.E. GmbH
Definition of purposes and means of processing X X
Definition of data (categories) to be processed X X
Determination of who performs which duties arising from the GDPR X X
Who acts as a contact point for the data subjects? X  
Who provides data subjects with the essentials of the agreement?   X
Who is responsible for the information obligation under article 13 of the GDPR?   X
Who is responsible for the information obligation under article 14 of the GDPR?   X
Who answers requests for information according to article 15 of the GDPR?/td> X X
Who processes correction requests based on article 16 of the GDPR? X X
Who processes erasure requests based on article 17 of the GDPR? X X
Who processes requests to restrict processing based on article 18 of the GDPR? X X
Who ensures the fulfillment of the notification obligation in connection with the correction, erasure or blocking according to article 19 of the GDPR? X X
Who ensures the right to data portability in accordance with article 20 of the GDPR? X X
Who processes objections to the processing based on article 21 of the GDPR? X X
Who implements the “data protection by technology design and by data protection-friendly default settings requirements resulting from article 25 of the GDPR? X X
Where required, who conducts the data protection impact assessment according to article 35 of the GDPR? X X
Who ensures the security of processing corresponding to article 32 of the GDPR X X
Who maintains the directory of processing activities? X X
Who ensures the reporting obligation resulting from article 33 of the GDPR in the case of data breach? X X
Who ensures the reporting obligation resulting from article 34 of the GDPR in the case of data breach? X X
Is a data protection officer appointed? X X

 

IV. USE OF COOKIES

 

1. Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system.

We use technically necessary cookies to make the website more user-friendly and to conform to the expectations of the user. The following data is stored and transmitted in these cookies:

  • Language settings

 

2. Purpose and Legal Basis of Data Processing

The purpose of using technically necessary cookies is to simplify the use of websites for the users. Some functions of our websites cannot be offered without the use of cookies. In these cases it is necessary that the language settings are retained even after a page has  been changed. The legal basis for the processing of personal data using technically necessary cookies is article 6 para. 1 lit. f GDPR.

3. Storage Period, Objection and Removal Options

Technically necessary cookies are set when the website is accessed. In this context, the user has no option to object. The cookies are stored on your device until you delete them.

 

 

 

V. CONTACT FORM AND EMAIL CONTACT

1. Description and Scope of Data Processing

We provide contact forms on our website, which can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are:

  • Surname, First name
  • Email address
  • Telephone number (optional)
  • The contents of the message itself

The following data are also stored at the time the message is sent:

  • IP address of the user
  • Date and time of contact

Alternatively, you can contact us via the provided email address. In this case, the email address and the user’s personal data transmitted with the email will be stored.

 

  1. Recipients of Data

The contact request is initially processed by Music & Sales P.E. GmbH. If it is foreseeable that it would serve the processing of the user’s request more, the processing of the request can be taken over by our brand’s relevant international distributor that is responsible for the user’s country/region of residence. For this purpose, we forward the request, provided the user agrees, to the respective international distributor. The international distributors are legally independent and independent of us.

If the contact request is relevant for the company Stamer Musikanlagen GmbH, your message will be forwarded to the respective department in the company.

Your data will only be passed on to other external bodies

  • for purposes for which we are obliged to comply with legal requirements for information, reporting or disclosure of data, or
  • insofar as external service companies process data on our behalf as processors according to article 28 GDPR (e.g. host provider, data disposal company, mail services).

 

  1. Legal Basis of Data Processing/Legitimate Interests

The legal basis for the processing of the data transmitted in the course of sending an email results from the concern of the data subject and, if applicable, from the relationship between the data subject and the data controller:

  • If there is a concern regarding a contract or pre-contractual measures between the data subject and the data controller, article 6 para. 1 lit. b GDPR is the legal basis.
  • Otherwise, the data controller has a legitimate interest in processing the request submitted by the data subject to their satisfaction. In this case, article 6 para. 1 lit. f GDPR is the legal basis.
  • The forwarding of an inquiry to one of our international distributors is based on the consent of the user. In this case, article 6 para. 1 lit. a GDPR is the legal basis.

 

  1. Purpose of Data Processing

The processing of personal data from the input mask or from the email sent to us is conducted to process the user’s request.

The personal data collected during the sending process of the contact form serve to prevent any misuse of the contact form and to ensure the security of our information technology systems.

  1. Storage Period

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been satisfactorily clarified.

The personal data collected during the sending process will be deleted after a period of seven days at the latest. For exceptions and further information, see Chapter VIII.

  1. Objection and removal options

If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. In both cases, an informal declaration of revocation via the respective communication channel is sufficient. In this case, all personal data saved in the course of contacting us will be deleted. For exceptions and further information, see Chapter VIII.

VI. ONLINE application

1. Description and Scope of Data Processing

In our career portal you have the opportunity to apply online for the job vacancies published there or to send us your speculative application. If you take advantage of this option, the following data will be transmitted to us and stored. These data are:

  • Surname, First name
  • Email address
  • Telephone number (optional)
  • Name of the position for which you are applying
  • How you found out about the job (optional)

We also receive data from you that you send to us on your CV, e.g. further contact details, date of birth, address, qualifications and data on your specialist knowledge and skills. The data is processed by the HR department (Music & Sales Professional Equipment GmbH). If necessary – e.g. if the application relates to a position at Stamer Musikanlagen GmbH – your documents will be passed on to those involved in this company.

The following data is also stored at the time the message is sent:

  • IP address of the user
  • Date and time of contact

 

2. Legal Basis of Data Processing

The processing of your personal data in the context of the application process is conducted for the implementation of pre-contractual measures in accordance with art. 6 para. 1 lit. b GDPR and the establishment of an employment relationship in accordance with Section 26 (1) BDSG. The data is stored for 6 months after the application process has been completed on the basis of Art. 6 Para. 1 lit. f) GDPR. An extended storage of the data in the applicant pool takes place in the case of your consent for 36 months from the day of your consent on the basis of art. 6 para. 1 lit. a) GDPR.

 

3. Purpose of Data Processing

The processing of your personal data is conducted to process your application and in this context to check your suitability for the position to be filled and, if necessary, to draw up an employment contract. Your contact details are also used to contact you.

The storage of personal data for 6 months after completion of the application process is for possible legal action.

The personal data collected during the submission process of the application form serves to prevent misuse of the application form and to ensure the security of our information technology systems.

 

4. Recipient of Data

Within our company (Music & Sales Professional Equipment GmbH and Stamer Musikanlagen GmbH), your data will be sent to those who are involved in the decision regarding the filling of the position (e.g. managers, possibly company doctor, occupational safety specialist, works council). Your data will only be passed on to other external bodies

  • for purposes for which we are obliged to comply with legal requirements for information, reporting or disclosure of data, or
  • insofar as external service companies process data on our behalf as processors in accordance with art. 28 GDPR (e.g. host providers, companies for data disposal, mail services).

 

5. Storage Period

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. We generally store applicant data for the duration of the application process, including the initiation of a contract. If no contractual relationship is established, we will delete your data 6 months after the completion of the application process, provided that statutory retention periods or a legitimate interest on our part do not conflict with this. If you give your consent, we will add your applicant data to the applicant pool and keep it for 36 months from the date of your consent.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

 

6. Objection and Removal Options

If the legal basis is based on your consent (inclusion in the applicant pool), you have the option to withdraw your consent to the processing of personal data at any time. If you contact us by email, you can object to the storage of your personal data at any time. In such a case, however, your application cannot be considered further. In both cases, an informal declaration of cancellation via the respective communication channel is sufficient. In this case, all personal data saved in the course of contacting us will be deleted. For exceptions and further information, see Chapter VIII.

 

 

VII. Your rights

 

1. Right of access

The user has the right to obtain confirmation from the controller as to whether or not personal data concerning the user are being processed, and, where that is the case, access to the personal data and the following information:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data or the restriction of processing of personal data concerning the data subject or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where personal data are transferred to a third country or to an international organization, the data subject has the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.

2. Right to rectification

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning the user. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 

3. Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
  4. the data subject has objected to processing pursuant to Article 21(1) pending the verification of whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

4. Right to erasure
a) Erasure

The data subject shall have the right to obtain from the controller the erasure of personal data concerning the data subject without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
  3. the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
  4. the personal data have been unlawfully processed;
  5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
b) Informing third parties

Where the controller has transferred the user’s personal data to third parties and is obliged pursuant to Article 17 (1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, takes reasonable steps, including technical measures, to inform controllers which are processing the personal data that the user as data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not apply to the extent that processing is necessary:

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) of the GDPR as well as Article 9(3) of the GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defense of legal claims.
5. Right to notification

If the user did exercise a right to rectification, erasure or restriction of processing to the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the user’s personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

The user is entitled to request the informed about those recipients from the controller.

6. Right to data portability

The user has the right to receive the personal data concerning them, which the user has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

  1. the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and
  2. the processing is carried out by automated means.

In exercising this right, the user had the right to have the personal data transmitted directly from one controller to another, where technically feasible. Rights and freedoms of others shall not be adversely affected by exercising this right. The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

The user has the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.

The controller shall no longer process the user’s personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Where the user’s personal data are processed for direct marketing purposes, the user has the right to object at any time to the processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where the user objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the user may exercise their right to object by automated means using technical specifications.

8. Right to withdraw privacy consent

The user has the right to withdraw their privacy consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

The user has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the user or similarly significantly affects the user.

This does not apply if the decision:

  1. is necessary for entering into, or performance of, a contract between the data subject and a data controller;
  2. is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
  3. is based on the data subject’s explicit consent.

However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless Art. 9(2) (a) or (g) of the GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

 

In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, every user has the right to lodge a complaint with a supervisory authority, in particular in the Member State of the user´s habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to the user infringes the GDPR.

This post is also available in: German