Data protection

DATA PROTECTION/PRIVACY POLICY

Data protection statement and information for parties concerned pursuant to Article 13 and Article 14 of the EU General Data Protection Regulation

General information

Information on the responsible authority


Company:	GEMA - Gesellschaft für musikalische Aufführungs- und mechanische Vervielfältigungsrechte
Legal representative:	Managing Committee: Dr. Harald Heker (CEO and Chairman of the Managing Committee), Lorenzo Colombini (Member of the Managing Committee), Georg Oeller (Member of the Managing Committee)
Address:	Rosenheimer Str. 11, 81667 München
Contact details of the external data protection officer:	Dr. Sebastian Kraska datenschutzbeauftragter@gema.de

GENERAL DATA PROCESSING INFORMATION

Data affected

Personal data will only be collected if you provide it to us voluntarily or if the collection of such data is justified by way of statutory authorisation. Any processing of your personal data beyond the scope of the statutory authorisation shall only be made on the basis of your express permission.


Processing purpose:	Contract performance.
Recipient categories:	External service providers or other contractors. Further external offices provided that the party concerned has given their permission or that a transfer is permissible on the grounds of overriding interest.
Third country transfers:	In the course of contract performance, data processors outside the European Union may also be used.
Data storage duration:	Data storage duration depends on statutory storage obligations and generally lasts 10 years.

SPECIFIC INFORMATION ON THE WEBSITE

Newsletters

In the course of registering for our newsletter you provide us with your e-mail address and, where applicable, additional details. We use such details exclusively for the purpose of sending you the newsletter. The details you entered during your newsletter registration remain stored at our end until you cancel your subscription of our newsletter. It is possible to cancel your newsletter subscription by following the link provided in the newsletter or by sending us a message. By way of your cancellation, you object the use of your e-mail address.

Analysis services

We use Piwik on our website, i.e. a so-called web analysis service. Piwik uses so-called “Cookies” which are text files which are stored on your computer and enables us to analyse the usage of the website. For this purpose, the usage information generated by the cookie (including your shortened IP address) is transferred to our servers and stored for the usage analysis purposes which serves website optimising purposes. Your IP address will be immediately anonymised during this process so that you remain anonymous to us as a user. The information generated by the Cookie regarding your use of this website is not passed on to third parties. You can avoid that cookies are used by setting your browser software accordingly, but it is possible that, in such a case, you may not be able to use all functions of this website to their full extent.

Analysis service (Members’ section)

In the members’ section of our website (https://mitgliedschaft.gema.de/) we use the analysis service Hotjar for the analysis of the use of the website. Hotjar also utilises cookies in order to collect information on the behaviour of the users of our website and their terminal equipment (screen size, device type, operating system, browser used, location (only the country), preferred languages for displaying our website). Hotjar saves such information in a pseudonymised user profile. Neither Hotjar nor we will use the information to identify individual users or consolidate it with other data on individual users. You can avoid that cookies are used by setting your browser software accordingly, but it is possible that, in such a case, you may not be able to use all functions of the website to their full extent.

Feedback function

In order to understand the requirements of our user better and to optimise our services on this website, we offer you to provide us with feedback on the website. You do have the possibility to rate our pages anonymously. You also have the option to provide your e-mail address. It will only be processed by us for the purpose of contacting you in the case of enquiries regarding your feedback. As soon as we have no interest in enquiring your feedback, your e-mail address will be deleted immediately. You can also object to your e-mail address being used at any time.

The analysis of the feedback provided is carried out via Hotjar. Hotjar works with cookies. In order to analyse the use of the website, the usage information generated by the cookie (screen size, device type, operating system, browser used, location (only the country), preferred languages for displaying our website) is captured. Hotjar saves such information in a pseudonymised user profile. Neither Hotjar nor we will use the information to identify individual users or consolidate it with other data on individual users. You can avoid that cookies are used by setting your browser software accordingly, but it is possible that, in such a case, you may not be able to use the feedback function to its full extent.

Use of own “cookies”

This website uses its own “cookies” in order to increase the usability (“cookies” are data records which are transmitted by the web server to the browser and are stored there for later retrieval). In our own “cookies”, no personal data is stored. You can generally prevent the use of “cookies” if you prohibit the storage of “cookies” in your browser.

DETAILS ON FURTHER DATA PROCESSING METHODS

Specific details on the processing of member data including online member services

(such as member finances, registration of sub-publishing agreements, work declaration, sub-publisher registration, GEMA download, musical works [enhanced access], research of contributing parties, inquiry lists, tariff calculator and licensing tool, licensing of sound recordings and research [enhanced access], GEMA forum, online registration system for the General Assembly, free-of-charge licences, electronic confirmation process)


Data affected:	Data provided for the contract performance; where applicable, data beyond this scope for processing on the basis of your express permission.
Processing purpose:	Contract performance, in particular rights management and accounting.
Recipient categories:	Public authorities in the case of overriding legal provisions. External service providers or other contractors, for purposes such as data processing and hosting, service providers for printing and dispatching of information and call centres. Further external offices provided that the party concerned has given their permission or that a transfer is permissible on the grounds of overriding interest, such as for the electronic dispatch of information, for quality assurance purposes. Sister societies for the rights management abroad and subsidiaries for the administration of special repertoires.
Third country transfers:	In the course of contract performance, data processors outside the European Union may also be used. During contract performance, a data transfer to third countries may occur.
Data storage duration:	Data storage duration depends on statutory storage obligations and generally lasts 10 years.

Specific details on the processing of licensee data including online services sound recording licensing on the internet / licence shop for music on the internet / customer centre and playlists online.


Data affected:	Data provided for contract performance or fulfilment of statutory duties; data captured for enforcing licence claims; where applicable, data beyond this scope for processing on the basis of your express permission.
Processing purpose:	Contract performance; in particular allocation and distribution; enforcing licence claims on the basis of musical work usage.
Recipient categories:	Public authorities in the case of overriding legal provisions. External service providers or other contractors, for purposes such as data processing and hosting, accounting, service providers for printing and dispatching of information and call centres. Further external offices provided that the party concerned has given their permission or that a transfer is permissible on the grounds of overriding interest.
Third country transfers:	In the course of contract performance, data processors outside the European Union may also be used.
Data storage duration:	Data storage duration depends on statutory storage obligations and generally lasts 10 years.

Specific details on the processing of contractors’ data


Data affected:	Data provided for the contract performance; where applicable, data beyond this scope for processing on the basis of your express permission.
Processing purpose:	Contract performance; such as queries, procurement, quality assurance.
Recipient categories:	Public authorities in the case of overriding legal provisions, such as tax office. External service providers or other contractors, such as for data processing and hosting, accounting, payment processing. Further external offices provided that the party concerned has given their permission or that a transfer is permissible on the grounds of overriding interest.
Third country transfers:	In the course of contract performance, data processors outside the European Union may also be used.
Data storage duration:	Data storage duration depends on statutory storage obligations and generally lasts 10 years.

Specific details on the application process


Data affected:	Application details.
Processing purpose:	Execution of the application process.
Recipient categories:	Public authorities in the case of overriding legal provisions. External service providers or other contractors, such as for data processing and hosting.
Third country transfers:	None.
Data storage duration:	Application data are generally deleted within four months after the application process has been completed, unless permission has been given to store the data for longer within the scope of admission to the applicants’ pool.

Specific details on the processing of employee data


Data affected:	Data provided for the contract performance; where applicable, data beyond this scope for processing on the basis of your express permission.
Processing purpose:	Contract performance within the scope of employment
Recipient categories:	Public authorities in the case of overriding legal provisions, such as tax office, social insurance agencies, trade association. External service providers or other contractors, for purposes such as data processing and hosting, payroll accounting, travel expense accounting, insurance services, vehicle use. Further external offices provided that the party concerned has given their permission or that a transfer is permissible on the grounds of overriding interest.
Third country transfers:	None.
Data storage duration:	Data storage duration depends on statutory storage obligations and generally lasts 10 years.

FURTHER INFORMATION AND CONTACT

You may exercise your right to information, to correction or deletion or limitation of the processing or to the assertion of your right to object against the processing as well as the right to data portability at any time. You can contact us via e-mail or letter here. You also have the right to contact the data protection supervisory authorities.