Privacy Policy
This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online services and associated websites, features, and content, as well as external online presences (e.g., our social media profiles), collectively referred to as the “online offering.”
The terms used, such as “processing” or “controller,” are based on the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
JKLN
Magmatic Records / Label 828
c/o IP-Management #7643
Ludwig-Erhard-Str. 18
20459 Hamburg, Germany
Contact email: info@magmaticrecords.com / jkln.promo@gmail.com
https://jklnmusic.com
https://label828.com
https://magmaticrecords.com
https://komi.io/jkln
Categories of Data Subjects
Visitors and users of the online offering (hereinafter collectively referred to as "users").
Purpose of Processing
• Provision of the online offering, its functions, and content
• Responding to contact requests and communicating with users
• Security measures
• Reach measurement and marketing
Definitions of Terms• Personal data refers to any information relating to an identified or identifiable natural person ("data subject"). An identifiable person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
• Processing means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and includes virtually any handling of data.
• Pseudonymization means the processing of personal data in such a way that the data can no longer be
attributed to a specific individual without additional information, provided that such information is kept separately and subject to technical and organizational safeguards.
• Profiling means any form of automated processing of personal data to evaluate certain personal aspects, in particular to analyze or predict aspects concerning performance at work, economic situation, health, preferences, interests, reliability, behavior, location, or movements of a person.
• Controller refers to the natural or legal person who determines the purposes and means of processing personal data.
• Processor refers to a natural or legal person who processes personal data on behalf of the controller.
Relevant Legal Bases
In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing activities. If the legal
basis is not specified individually in this privacy policy, the following applies:
• The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR
• The legal basis for processing to fulfill our services and carry out contractual measures is Art. 6(1)(b)
GDPR
• The legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR
• The legal basis for processing based on our legitimate interests is Art. 6(1)(f) GDPR
• In cases where processing is necessary to protect vital interests of the data subject or another natural
person, Art. 6(1)(d) GDPR applies.
Security Measures
In accordance with Art. 32 GDPR, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, considering the state of the art, implementation costs, nature, scope, and context of the processing.
These measures include safeguarding the confidentiality, integrity, and availability of data through physical access controls, access control to systems and data, input controls, data separation, and regular evaluation. We also have procedures in place to ensure data subject rights, data deletion, and incident response.We further consider data protection by design and by default in accordance with Art. 25 GDPR, meaning privacy is
integrated into our technology and service choices from the outset.
Collaboration with Processors and Third Parties
If, in the course of our processing activities, we disclose data to other individuals or companies (processors or third
parties), transmit such data to them, or otherwise grant them access to the data, this is done only on the basis of:
• a legal permission (e.g., if data transfer to third parties, such as payment service providers, is necessary for
the performance of a contract pursuant to Art. 6(1)(b) GDPR),
• your consent,
• a legal obligation, or
• our legitimate interests (e.g., when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called “data processing agreement,”
this is done in accordance with Art. 28 GDPR.
Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA))
or if this occurs in the context of using third-party services or disclosing/transmitting data to third parties, this is
done only if it is:
• necessary for the fulfillment of our (pre-)contractual obligations,
• based on your consent,
• due to a legal obligation, or
• based on our legitimate interests.
Subject to legal or contractual permissions, we only process or allow the processing of data in third countries if the
special requirements of Art. 44 et seq. GDPR are met. That means processing occurs, for example, based on:
• specific safeguards such as the EU Commission’s adequacy decisions, or
• the use of Standard Contractual Clauses (SCCs) approved by the European Commission.
Rights of the Data Subject
You have the following rights under GDPR:• Right of access (Art. 15 GDPR): You may request confirmation of whether your personal data is being
processed and receive information about this data.
• Right to rectification (Art. 16 GDPR): You can request that inaccurate data be corrected or incomplete data
be completed.
• Right to erasure (Art. 17 GDPR): You may request that your personal data be deleted without undue delay.
• Right to restriction of processing (Art. 18 GDPR): You can request restricted processing instead of deletion.
• Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly
used, and machine-readable format and request its transfer to another controller.
• Right to lodge a complaint (Art. 77 GDPR): You have the right to file a complaint with a data protection
authority.
Right of Withdrawal
You have the right to withdraw consent granted under Art. 7(3) GDPR at any time with effect for the future.
Right to Object
You can object to the future processing of your personal data at any time in accordance with Art. 21 GDPR. In
particular, you may object to processing for direct marketing purposes.
Cookies and Right to Object to Direct Marketing
"Cookies" are small files that are stored on users' devices. Different types of information can be stored in cookies.
Their main purpose is to store data about a user (or the device on which the cookie is stored) during and after their visit to a website.
• Temporary cookies or “session cookies” are deleted after the user leaves the website and closes their
browser. For example, these may store the contents of a shopping cart or login status.
• Permanent cookies remain stored even after closing the browser and can, for example, remember login
status across visits or store user preferences for analytics or marketing.
• Third-party cookies are cookies set by providers other than the website owner. If only the website’s own
cookies are used, they are called first-party cookies.
We may use both temporary and permanent cookies and inform you about this within this privacy policy.
If you do not want cookies to be stored on your device, please disable the appropriate option in your browser
settings. Stored cookies can also be deleted via the browser settings. Disabling cookies may lead to limited
functionality of this website.
A general objection to the use of cookies for online marketing purposes—particularly for tracking—can be declared
via:• U.S. site: http://www.aboutads.info/choices/
• EU site: http://www.youronlinechoices.com/
You can also disable the storage of cookies directly in your browser settings. However, please note that doing so
may prevent full use of all website functions.
Deletion of Data
Data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 GDPR. Unless
explicitly stated in this privacy policy, stored data will be deleted as soon as they are no longer needed for their
intended purpose and provided no legal retention obligations prevent deletion.
If data is not deleted because it is needed for other legally permissible purposes, processing will be restricted. This
means the data will be blocked and not used for other purposes—for example, for tax or commercial law
obligations.
"User data is stored only as long as necessary for contractual and legal obligations. Upon request, personal data will
be deleted from our systems and third-party platforms within 30 days, provided there are no overriding legal
retention requirements. We ensure all services used (e.g., Fourthwall, Stripe, Komi.io) support GDPR-compliant
data deletion.”
Legal retention periods in Germany:
• 10 years: § 147(1) AO, § 257(1) Nos. 1 and 4, § 257(4) HGB
(books, records, accounting documents, commercial books, tax-relevant records)
• 6 years: § 257(1) Nos. 2 and 3, § 257(4) HGB
(commercial correspondence)
Legal retention periods in Austria:
• 7 years: § 132(1) BAO (accounting documents, receipts, business papers, etc.)
• 22 years: for documents related to real estate
• 10 years: for electronically supplied services under MOSS to non-business EU customers
Business-Related Processing
Additionally, we process:
• Contract data (e.g., subject matter, term, customer category)
• Payment data (e.g., bank account, transaction history)from our customers, prospects, and business partners to fulfill contractual services, provide customer service,
conduct marketing and advertising, and perform market research.
Order Processing in the Online Shop and Customer Account
We process the data of our customers in the context of order transactions in our online shop to enable them to select
and order the chosen products and services, as well as to enable their payment, delivery, or execution.
The data processed includes inventory data, communication data, contract data, and payment data. The affected
persons include our customers, prospects, and business partners. Processing is carried out for the purpose of
providing contractual services within the operation of the online shop, billing, delivery, and customer service. We
use session cookies to store cart contents and persistent cookies to save login status.
Processing is based on Art. 6 (1) lit. b (contract performance) and c (legal archiving obligations) GDPR. The
information marked as mandatory is necessary for the conclusion and fulfillment of the contract. Data is only
disclosed to third parties as part of delivery, payment, or within the framework of legal permissions and obligations
(e.g., to legal advisors, tax authorities). Data is only processed in third countries if necessary for contractual
performance (e.g., upon customer request during shipping or payment).
Users can optionally create a customer account, allowing them to view their orders. During registration, users are
informed about the mandatory information required. Customer accounts are not public and cannot be indexed by
search engines. If users cancel their account, the relevant data will be deleted, unless retention is required for
commercial or tax law reasons (Art. 6 (1) lit. c GDPR). Information in the customer account remains until its
deletion with subsequent archiving if legally required. It is the responsibility of users to back up their data before the
end of the contract.
As part of the registration and repeated logins, as well as the use of our online services, we store the IP address and
the time of the respective user action. This storage is based on our legitimate interests and the user’s interest in
protection against misuse and other unauthorized use. These data are not passed on to third parties unless required
for the pursuit of claims or there is a legal obligation (Art. 6 (1) lit. c GDPR).
Deletion takes place after expiry of statutory warranty and similar obligations. The necessity of retention is reviewed
every three years; in the case of statutory archiving obligations, deletion occurs after their expiration (commercial
law: 6 years; tax law: 10 years).
Payment Processing via Third Parties (e.g., Stripe, PayPal)
Payment processing in our merch shop is carried out via external payment providers such as Stripe and PayPal, who
process personal data (e.g., name, address, payment information) in the context of the order transaction. This
processing is based on Art. 6 (1) lit. b GDPR (contract performance).
For more information:
• Stripe: https://stripe.com/en/privacy
• PayPal: https://www.paypal.com/webapps/mpp/ua/privacy-full
Agency ServicesWe process our customers’ data in the context of our contractual services, which include strategic and conceptual
consulting, campaign planning, software and design development/consulting, maintenance, campaign execution and
handling, server administration, data analysis/consulting, and training.
We process the following data: inventory data (e.g., customer master data such as name or address), contact data
(e.g., email, telephone number), content data (e.g., text inputs, photos, videos), contract data (e.g., contract subject,
duration), payment data (e.g., bank details, payment history), and usage/meta data (e.g., for marketing performance
analysis). We generally do not process special categories of personal data unless they are part of a commissioned
project. The data subjects include our clients, prospects, their clients/users, website visitors, employees, and third
parties.
The purpose of the processing is to fulfill contractual services, billing, and customer support. The legal basis is Art. 6
(1) lit. b GDPR (contractual services) and Art. 6 (1) lit. f GDPR (analytics, statistics, optimization, security). Data is
disclosed to third parties only if necessary for fulfilling an assignment. We act strictly according to the client's
instructions and the legal framework for data processing on behalf (Art. 28 GDPR).
Data is deleted after the expiration of statutory retention periods. The necessity for retention is reviewed every three
years. If statutory retention applies, deletion occurs after their expiration (6 years under §257 (1) HGB, 10 years
under §147 (1) AO). For data disclosed to us in the context of a contract, deletion is carried out per the contract,
generally after the end of the assignment.
External Payment Providers
We use external payment providers via whose platforms users and we can process transactions (e.g., links to privacy
policies):
• PayPal: https://www.paypal.com/webapps/mpp/ua/privacy-full
• Klarna: https://www.klarna.com/privacy/
• Skrill: https://www.skrill.com/en/footer/privacy-policy/
• Giropay: https://www.giropay.de/rechtliches/datenschutz-agb/
• Visa: https://www.visa.de/datenschutz
• Mastercard: https://www.mastercard.de/de-de/datenschutz.html
• American Express: https://www.americanexpress.com/en/legal/privacy-center.html
We use these providers based on Art. 6 (1) lit. b GDPR for contract performance and, additionally, on our legitimate
interest in offering secure and efficient payment options (Art. 6 (1) lit. f GDPR).
The data processed by these services includes:
• inventory data (e.g., name, address)
• financial data (e.g., bank account or credit card number, passwords, TANs, checksums)• contract, amount, and recipient-related information
Data is processed exclusively by the payment providers. We do not receive account or credit card details—only confirmation or rejection of payment. In some cases, providers may transfer data to credit agencies for identity and creditworthiness checks. For further information, please refer to the respective providers' terms and privacy policies.
Participation in Affiliate Programs
Within our online offering, we use industry-standard tracking measures based on our legitimate interests (i.e. interest
in the analysis, optimization, and economic operation of our online offering) in accordance with Art. 6 para. 1 lit. f
GDPR, insofar as these are necessary for the operation of the affiliate system. Below we inform users about the technical background.
The services offered by our contractual partners may also be advertised and linked on other websites (so-called affiliate links or after-buy systems, if, for example, links or third-party services are offered after a contract has been concluded). The respective website operators receive a commission if users follow the affiliate links and subsequently take advantage of the offers.
In summary, it is necessary for our online offering to track whether users who are interested in affiliate links and/or
the offers available on our website actually take advantage of those offers, following an affiliate link or interaction with our platform. For this purpose, the affiliate links and our offers are supplemented with certain values that may be part of the link or set in another way, e.g., in a cookie. These values include in particular the referring website (referrer), time of the click, an online identifier of the website operator, an online identifier of the offer, an online identifier of the user, and tracking-specific parameters such as ad ID, partner ID, and categorization.
The user identifiers we use are pseudonymous. This means that the identifiers themselves do not contain any personal data such as names or email addresses. They only help us determine whether the same user who clicked on an affiliate link or was interested in an offer has completed a transaction, such as signing a contract with the provider. However, the identifier may be considered personal if it is linked to other user data by the partner company and us. This is the only way the partner company can confirm whether a user has completed a transaction and whether, for example, we are entitled to a commission.
Amazon Affiliate Program
Based on our legitimate interests (i.e., interest in the economic operation of our online offering pursuant to Art. 6 para. 1 lit. f GDPR), we are a participant in the Amazon EU affiliate program. This program is designed to provide a medium for websites to earn advertising fees through the placement of advertisements and links to Amazon.de (so- called affiliate system). Amazon uses cookies to trace the origin of the orders. Among other things, Amazon can recognize that you have clicked the affiliate link on this website and subsequently purchased a product from Amazon.
Further information on Amazon's use of data and how to object can be found in the company's privacy policy:
http://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401
Contacting UsWhen users contact us (e.g. via contact form, email, phone, or social media), their details are processed for the
purpose of handling the contact request in accordance with Art. 6 para. 1 lit. b GDPR. The user information may be stored in a Customer Relationship Management system (CRM) or comparable request management tools.
We delete the inquiries if they are no longer required. We review necessity every two years; statutory archiving obligations also apply.
Newsletter
The following information explains the contents of our newsletter, the subscription, dispatch, and statistical evaluation process, as well as your right to object. By subscribing to our newsletter, you agree to receive it and to the procedures described.
Content: We only send newsletters, emails, and other electronic notifications with promotional information (hereinafter "newsletter") with the consent of the recipient or a legal basis. If contents of the newsletter are specifically described during registration, they are binding for the user's consent. Otherwise, newsletters contain information about our services and us.
Double opt-in and logging: Subscribing to our newsletter involves a double opt-in process. After registration, you receive an email asking you to confirm your subscription. This confirmation is necessary to ensure no one registers with someone else’s email. All newsletter subscriptions are logged to comply with legal requirements, including the time of registration and confirmation, as well as the IP address. Any changes to the stored data are also logged.
Data required: To register, all you need is your email address. Optionally, you can provide a name to personalize the newsletter.
Legal basis: Sending the newsletter and measuring its success is based on user consent under Art. 6 para. 1 lit. a, Art.
7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or, if consent is not required, on our legitimate interest in direct marketing under Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG.
Logging the registration process is based on our legitimate interests under Art. 6 para. 1 lit. f GDPR. This serves to use a user-friendly and secure newsletter system, fulfilling both our business interests and user expectations, and proving consent.
Unsubscribing/Withdrawing consent: You can unsubscribe from the newsletter at any time, i.e., revoke your consent.
A link to unsubscribe is included in every newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests to prove prior consent. Processing of this data is limited to this purpose. Individual deletion requests are possible if previous consent is confirmed.
Newsletter – Performance Tracking
Newsletters include a "web beacon," a tiny pixel that is retrieved from our or our provider’s server when the newsletter is opened. This collection logs technical information (browser, system, IP address, time of access).
This information helps improve our services, segment our audience, and understand reading behavior based on location (IP) or access time. Statistics include whether newsletters were opened, when, and which links were clicked. Technically, this can be assigned to individual recipients, but neither we nor our provider intends to monitorindividual users. The analysis helps us adapt content to reading habits or deliver different content depending on user interests.
Hosting
Our hosting services provide the infrastructure and technical base for this website, including server capacity, storage, databases, security, and maintenance.
In this context, we and/or our hosting provider process personal data like inventory data, contact details, content, contract data, usage data, meta and communication data of customers, prospects, and visitors based on our legitimate interests under Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (data processing agreement).
Google Analytics
Based on our legitimate interests (analysis, optimization, and economic operation of our online offering pursuant to Art. 6 para. 1 lit. f GDPR), we use Google Analytics, a web analysis service by Google LLC (“Google”). Google uses cookies. The information generated is usually transferred to and stored on a Google server in the USA.
Data transfer to the USA is carried out based on the Standard Contractual Clauses (SCCs) approved by the
European Commission and, where necessary, supplemented by additional safeguards provided by the service provider (e.g., Google’s EU Data Protection Addendum).
Google processes this information on our behalf to analyze the use of our online offering, compile reports on activity, and provide other related services. Pseudonymous usage profiles can be created.
We use Google Analytics only with IP anonymization enabled. This means that Google truncates the user’s IP address within the EU or EEA. Only in exceptional cases is the full IP address sent to and truncated in the USA.
The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent cookie storage via browser settings and can also prevent data collection and processing by Google by downloading the browser plugin here:
http://tools.google.com/dlpage/gaoptout?hl=de
Further information on Google's data use, settings, and opt-out options can be found here:
https://policies.google.com/technologies/ads
https://adssettings.google.com/authenticated
Retention: User-related data will be deleted or anonymized after 14 months.
Google AdWords and Conversion Tracking
We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering as defined by Art. 6 para. 1 lit. f GDPR).Google is certified under the Privacy Shield framework and thereby offers a guarantee of compliance with European data protection law: Privacy Shield Certificate
We utilize the Google "AdWords" online marketing platform to display ads within the Google advertising network (e.g., in search results, videos, or on websites) to users who are likely to have an interest in the displayed content.
This allows us to target ads within our online services to display only those ads which may be relevant to users' interests. If a user is shown ads for products they viewed on other websites, this is referred to as "remarketing".
When users visit our site or other websites where the Google ad network is active, a Google script is executed, and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are embedded. This results in a unique cookie (a small file) being stored on the user’s device. This file records which websites the user visited, what content they are interested in, and which offers they clicked on, as well as technical information such as browser and operating system details, referring websites, visit duration, and other usage data.
We also receive a unique “conversion cookie”. The information collected via this cookie enables Google to generate conversion statistics for us. We only receive anonymized reports indicating the total number of users who clicked our ads and were redirected to a page with a conversion tracking tag. We do not receive any data that would allow us to personally identify users.
User data is processed pseudonymously within the Google ad network. Google does not process personal names or email addresses, but rather links the relevant data to a cookie-based profile. From Google's perspective, the ads are managed for the cookie holder, not a specific identified person. This pseudonymous processing does not apply if a user has explicitly given Google permission to process data without pseudonymization.
Information collected may be transferred to and stored on servers in the USA.
Further details on data usage by Google and how to object to data collection can be found here:
• Google Privacy Policy
• Ad Settings
Facebook Pixel, Custom Audiences, and Facebook Conversion Tracking
We use the “Facebook Pixel” provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (or, if you are in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) based on our legitimate interests in analyzing, optimizing, and economically operating our online presence in accordance with Art. 6 para. 1 lit. f GDPR.
Facebook is certified under the Privacy Shield framework and offers a guarantee of compliance with European data protection law: Privacy Shield Certificate
Using the Facebook Pixel allows Facebook to identify visitors to our website as a target group for displaying ads ("Facebook Ads"). Accordingly, we use the Pixel to display our Facebook Ads only to those Facebook users who have shown an interest in our online services or who exhibit specific characteristics (e.g., interests in particulartopics or products) that we transmit to Facebook (“Custom Audiences”).This helps us ensure that our Facebook Ads are aligned with users’ potential interests and are not perceived as spam.
We can also use the Pixel to measure the effectiveness of our Facebook Ads by tracking whether users were redirected to our website after clicking a Facebook ad (“Conversion”).
Data processing by Facebook occurs within the scope of Facebook’s Data Usage Policy:
Facebook Data Policy
Details on Facebook Pixel functionality:
Facebook Help Center
Opt-out Options:
You may object to data collection by the Facebook Pixel and the use of your data for Facebook Ads. You can adjust
your ad settings within Facebook here:
Facebook Ad Settings
These settings apply across all platforms and devices.
You can also object to the use of cookies for advertising and reach measurement purposes via:
• Network Advertising Initiative
• US site
• European site
Social Media Presence
We maintain online presences within social networks and platforms in order to communicate with customers, prospects, and users active there and to inform them about our services.
When accessing these networks and platforms, the terms and data processing policies of the respective providers apply.
Unless otherwise stated in this Privacy Policy, we process users’ data when they communicate with us within social
networks or platforms (e.g., by posting on our profiles or sending us messages).
Integration of Third-Party Services and Content
Within our online offering, we use third-party content or service offerings (e.g., videos, fonts) based on our
legitimate interests (i.e., interest in analysis, optimization, and efficient operation under Art. 6(1)(f) GDPR),
hereafter referred to as “content”.
This always assumes that the third-party providers of this content can perceive users’ IP addresses, as they cannot
deliver content to the users’ browsers without this. We strive to use only content from providers who use IP
addresses solely for delivering content.
Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for
statistical or marketing purposes. These pixel tags can be used to analyze visitor traffic on this website. Thepseudonymized information may also be stored in cookies on users’ devices, contain technical browser/system data,
referrer URLs, visit times, and other usage details — and be linked with data from other sources.
Where third-party providers are based in non-EU countries (e.g., the USA), processing takes place based on
Standard Contractual Clauses (SCCs) of the EU Commission, or where available, with additional safeguards (e.g.,
the Google EU Data Protection Addendum), since the EU-US Privacy Shield was invalidated in 2020.
If services such as YouTube, Instagram, Vimeo, Spotify, or TikTok are embedded in our website, please be aware
that they may process personal data. Refer to their respective privacy policies for more information.
For EU users, data processing related to Facebook is handled by Meta Platforms Ireland Ltd., 4 Grand Canal Square,
Dublin 2, Ireland — considered the main data controller within the EU.
Google Fonts
We incorporate Google Fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043,
USA.
• Privacy Policy: https://www.google.com/policies/privacy/
• Opt-out: https://adssettings.google.com/authenticated
Google Maps
We embed maps from Google Maps, provided by Google LLC. The data processed may include IP addresses and
location data, which will only be collected with user consent (typically via mobile device settings). Data may be
processed in the USA.
• Privacy Policy: https://www.google.com/policies/privacy/
• Opt-out: https://adssettings.google.com/authenticated
Use of Facebook Social Plugins
We use social plugins ("plugins") of the Facebook network based on our legitimate interests (Art. 6(1)(f) GDPR),
operated by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. Plugins may include interaction
elements (e.g., like buttons, comments) and content (e.g., images, videos, text), and are identifiable by the Facebook
logo (white "f" on blue tile, “Like” button, or thumbs-up icon) or are marked "Facebook Social Plugin."
Plugin overview: https://developers.facebook.com/docs/plugins/
Facebook is Privacy Shield-certified: https://www.privacyshield.gov/participant?
id=a2zt0000000GnywAAC&status=Active
When a user accesses a feature containing a plugin, their device connects directly to Facebook’s servers. Facebook
receives information that the user accessed our page. If the user is logged in to Facebook, the visit can be linked to
their Facebook account.If users interact with the plugin (e.g., like or comment), this information is sent directly to Facebook and stored
there. Even if the user is not a Facebook member, there is still the possibility that Facebook processes their IP
address. According to Facebook, only anonymized IP addresses are stored for users in Germany.
For information on Facebook’s data collection and privacy controls, see:
https://www.facebook.com/about/privacy/
If you are a Facebook user and do not wish Facebook to collect data about you through our online offering and link
it to your profile, you must log out of Facebook before visiting our site and delete your cookies. Further ad-related
settings and objections:
• https://www.facebook.com/settings?tab=ads
• http://www.aboutads.info/choices
• http://www.youronlinechoices.com/
These settings apply across all devices.
Embedded Social Media Services & Third-Party Tools
Facebook Logout Instructions
If you are a Facebook member and do not want Facebook to collect data about you via our online presence and link
it to your Facebook profile, you must log out of Facebook and delete your cookies before using our site.
Further settings and objections regarding data use for advertising can be adjusted in your Facebook profile:
• https://www.facebook.com/settings?tab=ads
Or via the following opt-out pages:
• http://www.aboutads.info/choices/ (US)
• http://www.youronlinechoices.com/ (EU)
These settings apply across devices and platforms (e.g., mobile, desktop).
Functions and content from the Twitter service, operated by Twitter Inc., 1355 Market Street, Suite 900, San
Francisco, CA 94103, USA, may be integrated into our website.
This may include content like images, videos, or text, as well as buttons for liking, sharing, or following.
If users are logged into Twitter, interactions may be associated with their Twitter profiles.
• Privacy Policy: https://twitter.com/de/privacy
• Opt-Out: https://twitter.com/personalizationInstagram
We embed functions and content from Instagram, operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA
94025, USA.
This may include content such as posts, videos, images, and interaction buttons (e.g., like, follow).
If users are logged into Instagram, content views may be associated with their Instagram profiles.
• Privacy Policy: http://instagram.com/about/legal/privacy/
Komi (komi.io)
We use the service Komi, operated by Komi Technologies Inc. (USA), for our “Link in Bio” page.
Komi provides a landing page where users can access our content, services, and social channels.
Komi may collect technical data (e.g., IP address, device type) and interaction data (e.g., clicks) and may store data
on servers outside the EU.
• Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing user-friendly linking).
• Cross-border data transfers may be based on Standard Contractual Clauses (SCCs).
• Privacy Policy: https://komi.io/privacy-policy.pdf
Fourthwall (Merch Store)
Our merchandise store is operated via Fourthwall Inc., 1223 Wilshire Blvd #534, Santa Monica, CA 90403, USA.
Fourthwall enables us to sell products, process orders, and collect payments.
Data collected may include:
• Name, email, delivery address
• Payment and order details
• Legal basis:
◦ Art. 6(1)(b) GDPR (contract performance)
◦ Art. 6(1)(f) GDPR (legitimate interest in commercial operation)
• Data transfers to the USA rely on SCCs.
• Privacy Policy: https://fourthwall.com/privacy
YouTubeWe embed videos from YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,
Ireland.
When videos are played, a connection to YouTube/Google servers is established.
Data such as your IP address and playback behavior may be transmitted.
If logged in to YouTube, this may be linked to your account.
• Privacy Policy: https://policies.google.com/privacy
TikTok
We embed TikTok videos into our website and other online pages (e.g., Komi, merch store).
Provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
When accessed, personal data such as IP addresses and usage behavior may be processed.
• Privacy Policy: https://www.tiktok.com/legal/privacy-policy-eea
External Blog Platforms (e.g., Medium, Substack)
Our sites may embed content from third-party blog platforms like Medium or Substack.
Accessing these may result in the transfer of personal data such as IP address and browser details to the respective
platforms.
Refer to each provider’s privacy policy.
Repeated Instagram Embeds
Our online services (e.g., Komi, merch site) also include embedded Instagram content, served by Meta Platforms
Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
Upon loading, Instagram may process IP addresses, browser/device data, and cookies.
• Instagram Privacy Center: https://privacycenter.instagram.com/policy