The protection of your privacy is very important to us. In what follows we inform you in detail about the handling of your data.
1. Name and contact details of the Controller and the competent supervisory authority
This data protection information applies to the data processing by:
Responsible for the website “rammstein.de” (“rammstein.com”)
consisting of Richard Kruspe, Paul Landers, Till Lindemann, Christian Lorenz, Oliver Riedel, Christoph Schneider (hereinafter: Rammstein)
Hertzstr. 63 b
Person responsible for the for the “rammsteinshop.de” website
Rammstein Merchandising oHG
Hertzstr. 63 b
Corporate Privacy Officer
You can contact our Data Protection Officer at: firstname.lastname@example.org
Competent data protection supervisory authority
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Telephone: +49 (0) 30 138 89 0 Email: email@example.com
2. Collection and Storage of Personal Data and the Nature and Purpose of its Use
a) During a Visit to the websites
When you visit our websites rammstein.de and shop.rammstein.de, information is automatically sent to the server of our website by the browser used on your terminal device. This information is temporarily stored in a so-called log file. The following information is thereby collected without your involvement and stored until its automatic deletion:
- the IP address of the accessing computer
- the date and time of access
- the name and URL of the file called up
- the website from which the access took place (referrer URL),
- the browser used, and, if applicable, the operating system of your computer and the name of your access provider.
We process the above data for the following purposes:
- to ensure a smooth connection to the website,
- to ensure comfortable use of our website,
- for evaluation of the system's security and stability, and
- for further administrative purposes.
b) Note on data transfer to the USA
Among other things, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country as defined by EU data protection law. US companies are obliged to hand over personal data to security authorities without you being able to take legal action against them. It can therefore not be ruled out that US authorities (e.g., intelligence services) process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.
c) Online Shop
We process inventory data (e.g., names and addresses and contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Article 6 (1) lit b. GDPR.
You can optionally create a user account, in which you can, in particular, view your orders. During the registration process, you will be informed of which type of information is required. The user accounts are not public and cannot be indexed by search engines. If you have cancelled your user account, its data relating to the user account will be deleted, unless this data must be retained for commercial-law or tax-law reasons in accordance with Article 6 (1) (c) GDPR. It is your responsibility to save your data in the event of termination before the end of the contract. We are entitled to irretrievably delete all data stored during the period of the contract.
Within the scope of registration and renewed logins, as well as during use of our online services, we store the IP address and the time of the respective user activity. The storage is undertaken based on our legitimate interests, as well as on those of the users in protection against misuse and other unauthorised use. In principle, this data is not passed on to third parties unless this is necessary for the pursuit of our claims, or if there is a statutory obligation to do so in accordance with Article 6(1)(c) GDPR.
We process usage data (e.g., the web pages visited on our website, interest in our products) and content data (e.g., entries made in the contact form or user profile) for advertising purposes in a user profile, e.g., to show you product information based on the services you have used so far.
d) When registering for our newsletter
If you have expressly consented in accordance with Article 6(1)(a) GDPR, we will use your email address to send you our newsletter on a regular basis. We are interested in using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of our users. To receive the newsletter, it is sufficient to provide an email address. Optionally, we ask you to include your name and country in the newsletter for the purpose of addressing you personally and providing you with country-specific information.
Double opt-in and keeping records: Registration for our newsletter takes place in a so-called double opt-in process. This means that you will receive an email after registration in which you are asked to confirm your registration. This confirmation is necessary so that no one can register using someone else's email address. The registrations for the newsletter are recorded in order to be able to verify the registration process in keeping with the legal requirements. This includes storage of the times of registration and confirmation, as well as of the IP address. Changes to your data stored with the dispatch service provider are also recorded.
Dispatch service provider:
Mailchimp with deactivated performance measurement
This website uses the services of Mailchimp for dispatching newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
Mailchimp is a service that can be used to organise the dispatch of newsletters, among other things. If you enter data for the purpose of receiving newsletters (e.g., email address), this data is stored on Mailchimp servers in the USA. We have deactivated the performance measurement with Mailchimp, so that Mailchimp will not evaluate your behaviour when opening our newsletter.
If you do not want your data to be transferred to Mailchimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Alternatively, you can also send your unsubscribe request at any time to firstname.lastname@example.org via email. The data processing is based on your consent (Article 6 (1) (a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing already carried out remains unaffected by the revocation.
The data you provide to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://mailchimp.com/legal/data-processing-addendum/#9._Jurisdiction-Specific_Terms.
After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for dispatching newsletters (legitimate interest as defined by Article 6 (1) (f) GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
You can find more details in MailChimp's data protection provisions at: https://mailchimp.com/legal/terms/.
Conclusion of a data processing agreement
We have concluded a so-called "Data Processing Agreement" with MailChimp, in which we oblige MailChimp to protect our customers' data and not to disclose it to third parties.
e) When you use our contact form
For enquiries of any kind, we offer you the possibility to contact us using a form provided on the website. It is necessary to provide a valid email address, so that we know who the enquiry is from and can send a reply. Further disclosures can be made voluntarily.
Data processing for the purpose of contacting us is undertaken in accordance with Article 6(1)(a) GDPR on the basis of your voluntarily given consent.
The personal data collected by us for the use of the contact form will be automatically deleted after conclusion of your enquiry.
f) When you use the Rammstein app
When you use our Rammstein app, the browser used in the app automatically sends information to our website server. The following information is collected without your involvement and stored until its automatic deletion:
- the user's name
- the user's email address
- the IP address
- device identifiers
The legal basis for the data processing is Article 6(1)(f) GDPR.
If and insofar as the functions of the Rammstein Shop (with or without a user account created by you) (see above) are used within the Rammstein App, we process inventory data (e.g., names and addresses and contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Article 6(1)(b) GDPR.
Within the scope of registration and renewed logins and the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests and those of the users in protection against misuse and other unauthorised use. In principle, this data is not passed on to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Article 6(1)(c) GDPR.
g) When you register in the press portal
As a press representative you can register on our portal presse.rammstein.de to get access to exclusive picture material after the live shows. Registration is done by entering the following data, which will be stored in the system:
- surname, first name
- street / building number
- postal code, place, country
- telephone / mobile phone
- email address
- company / publisher
You are required to provide the details listed in order to use the portal. You can change your user data at any time after successful login. Further personal data is only collected if you provide this information voluntarily, e.g., in the context of an enquiry. The processing of this data is carried out for the implementation of a user relationship in accordance with Article 6(1)(b) GDPR.
Registration takes place by means of the so-called double-opt-in process. This means that your registration is only completed once you have confirmed your registration via a confirmation email sent to you for this purpose by activating the link contained therein. If your confirmation is not received within 24 hours, we will automatically delete your registration from our database.
With your registration, you expressly declare (by clicking) that you will use the artist-related data exclusively for editorial and non-commercial purposes in accordance with our General Terms and Conditions. If you do not make this declaration, registration in our portal is not possible.
Access to artist-related data via your registered profile is limited to the period of the current tour. If another tour takes place, we will inform you in advance by email so that you can reactivate your master data and access authorisation and receive the corresponding access. To do this, you must expressly give your consent for your personal data to be stored in our database for the purpose of contacting you for any future tours. The data is stored to protect our legitimate interest on the basis of Article 6(1)(b) GDPR. If you do not give this consent, your data will be deleted promptly after the end of the current tour.
If you cancel your user account, we will delete your personal data seven days after confirmation.
Recipients of personal data
In the context of press activities (e.g., interview requests/events), personal data may be forwarded to third parties (e.g., agencies, organisers, localities). However, in these cases the scope of the transmitted data is limited to the necessary extent for the purpose of data economy and data minimisation. Therefore, only the necessary contact data will be passed on. Further processing is carried out on the basis of Article 6(1)(b) GDPR for contractual fulfilment and our legitimate interest on the basis of Article 6(1)(f) GDPR for the scheduled and safe implementation of an event. If data is transferred to a third country outside the EU (e.g., USA), we will inform you of this and ask for your consent in accordance with Article 6(1)(a) of the GDPR.
Our portal uses the database service supabase.io to process your data. For this purpose, the aforementioned data is transmitted to the servers of supabase.io.
You can find more information about supabase.io here.
3. Disclosure of personal data
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only disclose your personal data to third parties if:
- you have given your express consent to this in accordance with Article 6(1)(a) GDPR
- the disclosure is necessary in accordance with Article 6(1)(f) GDPR for the purposes of assertion, exercising or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data
- a statutory obligation exists for disclosure, in keeping with Article 6(1)(c) GDPR, and
- this is legally permissible and necessary according to Article 6(1)(b) GDPR for the processing of contractual relationships with you.
Information is stored in the cookie that arises in connection with the specific terminal device used. However, this does not mean that we thereby have direct knowledge of your identity.
In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your terminal device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognised that you have already been with us and which entries and settings you have made, so that you do not have to enter them again.
The data processed by cookies is necessary for the above-mentioned purposes and for safeguarding our legitimate interests and those of third parties, in keeping with Article 6(1)(f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or a message always appears before a new cookie is created. However, the full deactivation of cookies may mean that you cannot use all the functions of our website.
5. Cookie consent management tool
When visiting our websites, we inform you about the types of cookies we use and give you the option to consent or not to individual types of cookies. We do not load non-essential cookies until you have consented to their use by type.
Klaro Consent Manager
In order to obtain your consent to the storage of certain cookies on your terminal device and to document this in a data protection-compliant manner, we use the Klaro Consent Management tool on our websites. The provider of this service is KIProtect GmbH, Bismarckstr. 10-12, 10625 Berlin, Germany (https://klaro.org/company/imprint).
You can find more information about the handling of your personal data by Klaro at https://klaro.org/resources/privacy.
6. Creation of Pseudonymised User Profiles for Web Analysis
a) Tracking tools
We use and implement the tracking measures listed below on the basis of Article 6(1)(f) GDPR. With the tracking measures used, we want to ensure a needs-oriented design and the ongoing optimisation of our website. On the other hand, we also employ tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our website for you. These interests are to be seen as legitimate as defined by the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
b) Google Analytics
For the purpose of needs-oriented design and continuous optimisation of our site, we use Google Analytics, a web analysis service of Google Inc. (https://about.google/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymised user profiles are created and cookies (see under point 4) are used. The information generated by the cookie about your use of this website such as
- browser type/ version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server enquiry,
is transferred to a Google server in the USA and is stored there.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/
The use of this analysis tool is based on Article 6(1)(f) GDPR. We have a legitimate interest in analysing user behaviour in order to optimise both our website and our advertising. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; the consent may be revoked at any time.
The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services associated with website and internet use for the purposes of market research and needs-oriented design of these Internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting your data by clicking on this link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
On this website, Google Analytics has been extended by the code "gat._anonymizeIp();" to ensure that IP addresses are only recorded anonymously in order to exclude direct personal reference (so-called IP masking).
Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g., user ID) or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) is anonymised or deleted after 14 months. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de
Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).
We and Google are jointly responsible for data processing in accordance with Article 26 GDPR. We have therefore concluded a Joint Control Contract (JCC) with Google and thus fully implement the strict requirements of the German data protection authorities when using Google Analytics.
c) Google-Re/Marketing services
We use the marketing and remarketing services (Google Marketing Services for short) of Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google") based on our legitimate interests (i.e. interest in the analysis, optimisation and efficient operation of our online services as defined by Article 6(1)(f) GDPR.
Google's marketing services allow us to display advertisements for and on our website in a more targeted manner in order to present users only with ads that potentially match their interests. For example, if a user is shown ads for products they were interested in on other websites, this is called "remarketing". For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e., a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which web pages the user has visited, which content they are interested in and which offers they have clicked on, and technical information on the browser and operating system, referring web pages, time of visit and other information on the use of the website.
The user's IP address is also recorded, whereby we inform you, in the context of Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and is transmitted in full to a Google server in the USA and shortened there only in exceptional cases. The IP address will not be merged with user data within other offers from Google. The aforementioned information may also be combined by Google with such information from other sources. If the user subsequently visits other websites, they can be shown ads tailored to their interests.
User data is processed pseudonymously within the scope of Google marketing services. This means that Google does not store and process the user's name or email address, for example, but processes the relevant data in a cookie-related manner within pseudonymous user profiles. In other words, from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie holder is. This does not apply if a user has explicitly permitted Google to process the data without this pseudonymisation. The information collected about users by Google marketing services is transmitted to Google and stored on Google's servers in the USA.
If you have a Google account, you can object to personalised advertising using the following link: https://www.google.com/settings/ads/onweb/
The use of Google Remarketing is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in marketing its products as effectively as possible. If consent has been requested, the processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; consent may be revoked at any time.
The Google Marketing services we use include the online advertising programme "Google Ad". In the case of Google Ad, each Ad customer receives a different "conversion cookie". Cookies can therefore not be tracked via the websites of Ad customers. The information obtained with the help of the cookie is used to create conversion statistics for ad customers who have opted for conversion tracking. The ad customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
We can also make use of the "Google Optimizer" service. Google Optimizer allows us to track the effects of various changes to a website (e.g., changes to the input fields, design, etc.) as part of so-called "A/B testing". For these testing purposes, cookies are placed on the users' devices. Only pseudonymised user data is thereby processed.
Furthermore, we may use the "Google Tag Manager" in order to integrate and manage Google analysis and marketing services on our website.
If you wish to object to interest-specific advertising by Google marketing services, you can use the settings and opt-out options made available by Google: http://www.google.com/ads/preferences.
7. Facebook Custom Audiences and Facebook Marketing Services
Within our website, so-called "Facebook Pixels" of the Facebook social network, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), are used on the basis of our legitimate interests in analysis, optimisation and economic operation of our website and for this purpose.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
With the help of Facebook Pixels, Facebook is able to target the visitors to our website for the display of advertisements (so-called "Facebook ads"). Accordingly, we use Facebook Pixels to limit the use of Facebook ads placed by us to Facebook users who have also shown an interest in our website or who have certain characteristics (e.g., interest in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of Facebook pixels, we also want to ensure that our Facebook ads appeal to potentially interested users and do not annoy them. With the help of Facebook pixels, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
Facebook pixels are directly integrated by Facebook when you visit our website and can save a so-called cookie, i.e., a small file, on your device. When you subsequently log in to Facebook or visit Facebook while logged in, your visit to our website will be noted in your profile. The data collected about you is anonymous for us, so we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook and for its own market research and advertising purposes. If we transmit data to Facebook for purposes of comparison, this data is encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is undertaken solely for the purpose of creating a comparison with the data that is also encrypted by Facebook.
Furthermore, when using Facebook Pixels, we use the additional "extended comparison" function, where data such as users' telephone numbers, email addresses or Facebook IDs are transmitted to Facebook (encrypted) for the creation of target groups ("Custom Audiences" or "Look Alike Audiences"). For further information on "extended comparison" see: https://www.facebook.com/business/help/611774685654668).
The processing of data by Facebook is undertaken within the framework of Facebook's data-usage policy. Accordingly, you can find general information on the display of Facebook ads in Facebook's data usage policy: https://www.facebook.com/policy.php.
You can find specific information and details about Facebook Pixels and how they work in the Facebook help section: https://www.facebook.com/business/help/651294705016616.
You can object to the recording and use of your data by Facebook Pixels for presentation of Facebook ads. To set which types of ads will be displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads.
The settings are platform-independent, i.e., they are used on all devices, such as desktop computers or mobile devices.
To prevent the recording of your data by means of Facebook Pixels on our website, please click on the following link: Opt-Out. Note: When you click on the link, an "opt-out" cookie will be stored on your device. If you delete the cookies in this browser, you must click the link again. Furthermore, the opt-out only applies within the browser you are using and only within our web domain on which the link was clicked.
We and Facebook Ireland Ltd. are jointly responsible for data processing in accordance with Article 26 GDPR. We have therefore concluded a Joint Control Contract (JCC) with Facebook and thus fully implement the strict requirements of the German data protection authorities when using Facebook.
8. Integration of third-party services and content
Within our website, we use content or service offers from third-party providers on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our website as defined by Article 6(1)(f) GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content are aware of the user's IP address, since without the IP address they would not be able to send the content to their browser. The IP address is thus required for the presentation of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymised information may also be stored in cookies on the user's device and may contain, among other things, technical information on the browser and operating system, referring web pages, time of visit and further details on the use of our website, and can also be linked to such information from other sources.
The following presentation provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and, in some cases already mentioned here, opt-out options:
- If our customers make use of the payment services of third parties (e.g., PayPal, VISA, Amex, Klarna), the terms and conditions and the data protection information of the respective third- party providers apply. These can be accessed within the respective web pages or transaction applications.
a) YouTube with extended data protection
This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in the extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube establishes a connection to the Google DoubleClick network - regardless of whether you watch a video.
As soon as you start a YouTube video on this website, a connection to the servers of YouTube. The YouTube server is told which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts. If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
b) Vimeo without tracking (Do-Not-Track)
This website uses plugins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When visiting one of our pages equipped with Vimeo videos, a connection to the Vimeo servers is established. In the process, the Vimeo server is informed which of our pages you have visited. In addition, Vimeo obtains your IP address. However, we have set Vimeo so that Vimeo will not track your user activity and will not set any cookies. The use of Vimeo is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. Insofar as a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
In order to be able to offer you Klarna's payment methods, we will pass on your personal data in the form of contact and order details to Klarna during the payment process, so that Klarna can assess whether you are eligible for Klarna's payment methods and to tailor these payment methods to you. Your submitted personal data will be processed in accordance with Klarna’s own privacy notice.
8.2. Rammstein App
a) Google Firebase
This app uses Google Firebase technology (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, "Google"), an analytics service provided by Google Inc. to analyze user behavior.
The information generated about the use (app version, type and version of the device used, version of the operating system, the page requested, date and time of use, as well as the IP address used during use) is transmitted to a Google server in the USA and stored there.
For the relevant data transfers to the USA, Google Firebase refers to the standard contractual clauses of the EU Commission. Details can be found here: https://firebase.google.com/support/privacy
In addition, we have concluded a Joint Controller Contract (JCC) with Google with so-called standard contractual clauses, in which Google undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level.
Furthermore, through certain actions, information about them is collected by the Firebase SDK during the use of the app. Actions such as installing and launching the App, App updates, uninstalling, updating the operating system, deleting App data, App crashes and in-app purchases, as well as receiving, swiping away and opening push notifications and opening and updating the App via a dynamic link, trigger the event-driven data collection of the Firebase SDK. To identify devices, the Firebase SDK uses an instantiated app identifier e.g. via the advertising ID.
On our behalf, Google will use this information to evaluate the use of the app, compile reports on the activities and provide other services related to the use. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.
The legal basis for the use and evaluation of the data and use of Firebase is a legitimate interest (i.e. interest in the analysis, optimization and economic operation of our apps) within the meaning of Art. 6 (1) lit. f DSGVO). You can object to the use of Firebase at any time by setting the slider for anonymous statistics accordingly in the app under "Settings".
You can restrict the use of the advertising ID in the device settings (iOS: Privacy/ Advertising/ No Ad Tracking; Android: Account/ Google/ Ads). Google Analytics for Firebase (Google Inc.). Furthermore, we use Firebase Remote Config, which allows us to run A/B tests and customize the behavior and appearance of the app without downloading a new version. Personal data is not stored.
You can see which subcontractors Google uses at the following link: https://firebase.google.com/terms/subprocessors.
More information about Google Firebase and privacy can be found here: https://firebase.google.com/terms/data-processing-terms; https://firebase.google.com/terms/; https://firebase.google.com/support/privacy/
b) Collection of location data
For selected functions, users can share their location using the location function of their smartphone. For example, when you use it, we can automatically give you current information about Rammstein in your area. The Rammstein App can determine your location if you turn on Location Services under Settings in your operating system. After installing the app, you can turn Location Services on and off at any time.
When you visit our app, we will ask you with an on-screen message whether we can inform you about location-based news in the future with messages (so-called push notifications). If you agree, you will receive push notifications from our app at regular intervals. Clicking on it will take you directly to the app and/or offer. You have the option to unsubscribe from push notifications at any time if you no longer want them. You can do this directly from every push notification that is delivered or within the app itself.
We implement this using technology by the provider OneSignal, 201 San Antonio Circle Suite #140, Mountain View, CA, USA. You will find the provider’s data privacy information here: https://onesignal.com/privacy_policy. In general, in order to be able to send you push notifications, it is necessary that a non-personal device ID be assigned to clearly identify the device without allowing OneSignal to draw any conclusions about the person. However, when location information is retrieved, personal data is also transmitted.
OneSignal has certified to the US Department of Commerce that it complies with the EU-US Privacy Shield Framework between the EU and the US on the collection, use and retention of personal information from EU member states. More information about OneSignal and data privacy at OneSignal is available at https://onesignal.com/privacy_policy.
d) Permissions requested by the app and their use
The Android app requires the following permissions:
- To retrieve data from the internet/access to all networks: Required to load the app’s content.
- Camera: Required to take a photo for the forum profile picture.
- Storage: Required to select a photo for the forum profile picture.
- Location data: Required to receive location-based notifications.
- Notifications: Required to receive news.
The iOS app requires the following permissions:
- Camera: Required to take a photo for the forum profile picture.
- Photos: Required to select a photo for the forum profile picture.
- Notifications: Required to receive news.
- Mobile data: Required to load the app’s content.
- Location data: Required to receive location-based notifications.
9. Rights of Data Subjects
You have the right
- request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, erasure, restriction of processing or to objection, the existence of a right to lodge a complaint, the origins of your data if it has not been collected by us, and on the existence of automated decision-making process including profiling and, where applicable, sound information about its details;
- request the correction of inaccurate or incomplete personal data stored by us without undue delay in accordance with Article 16 of the GDPR;
- request the erasure of your personal data stored by us in accordance with Article 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- request the restriction of the processing of your personal data in accordance with Article 18 GDPR, insofar as the accuracy of the data is contested by you, if the processing is unlawful, but you object to its erasure and we no longer require the data, though you need it for the assertion, exercise or defence of legal claims, or you have objected to the processing in accordance with Article 21 GDPR;
- receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller in accordance with Article 20 GDPR;
- revoke your consent at any time in accordance with Article 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future; and
- complain to a supervisory authority in accordance with Article 77 of the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or our company headquarters.
10. Right of Objection
If your personal data is processed on the basis of legitimate interests in accordance with Article 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided that there are grounds for doing so which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection that will be implemented by us without the need for details referring to a special situation.
If you wish to exercise your right of objection, simply send an email to email@example.com.
11. Data Security
We use the much-used SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser when visiting the website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the closed depiction of the key or lock symbol in the lower status bar of your browser.
We otherwise make use of appropriate technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.