Data protection

DATA PROTECTION/PRIVACY POLICY

Data protection statement and information for parties concerned pursuant to Article 13 and Article 14 of the EU General Data Protection Regulation

General information

Information on the responsible authority


Company:	GEMA - Gesellschaft für musikalische Aufführungs- und mechanische Vervielfältigungsrechte
Legal representative:	Managing Committee: Dr. Harald Heker (CEO and Chairman of the Managing Committee), Lorenzo Colombini (Member of the Managing Committee), Georg Oeller (Member of the Managing Committee)
Address:	Rosenheimer Str. 11, 81667 München
Contact details of the external data protection officer:	Dr. Sebastian Kraska datenschutzbeauftragter@gema.de

GENERAL DATA PROCESSING INFORMATION

Data affected

Personal data will only be collected if you provide it to us voluntarily or if the collection of such data is justified by way of statutory authorisation. Any processing of your personal data beyond the scope of the statutory authorisation shall only be made on the basis of your express permission.


Processing purpose:	Contract performance.
Recipient categories:	External service providers or other contractors. Further external offices provided that the party concerned has given their permission or that a transfer is permissible on the grounds of overriding interest.
Third country transfers:	In the course of contract performance, data processors outside the European Union may also be used.
Data storage duration:	Data storage duration depends on statutory storage obligations and generally lasts 10 years.

SPECIFIC INFORMATION ON THE WEBSITE

Newsletters

In the course of registering for our newsletter you provide us with your e-mail address and, where applicable, additional details. We use such details exclusively for the purpose of sending you the newsletter. The details you entered during your newsletter registration remain stored at our end until you cancel your subscription of our newsletter. It is possible to cancel your newsletter subscription by following the link provided in the newsletter or by sending us a message. By way of your cancellation, you object the use of your e-mail address.

Analysis services

We use Piwik on our website, i.e. a so-called web analysis service. Piwik uses so-called “Cookies” which are text files which are stored on your computer and enables us to analyse the usage of the website. For this purpose, the usage information generated by the cookie (including your shortened IP address) is transferred to our servers and stored for the usage analysis purposes which serves website optimising purposes. Your IP address will be immediately anonymised during this process so that you remain anonymous to us as a user. The information generated by the Cookie regarding your use of this website is not passed on to third parties. You can avoid that cookies are used by setting your browser software accordingly, but it is possible that, in such a case, you may not be able to use all functions of this website to their full extent.

Analysis service (Members’ section)

In the members’ section of our website (https://mitgliedschaft.gema.de/) we use the analysis service Hotjar for the analysis of the use of the website. Hotjar also utilises cookies in order to collect information on the behaviour of the users of our website and their terminal equipment (screen size, device type, operating system, browser used, location (only the country), preferred languages for displaying our website). Hotjar saves such information in a pseudonymised user profile. Neither Hotjar nor we will use the information to identify individual users or consolidate it with other data on individual users. You can avoid that cookies are used by setting your browser software accordingly, but it is possible that, in such a case, you may not be able to use all functions of the website to their full extent.

Tool for the geographical location of uses (member area)

In the members' area of the online portal, within the framework of the royalty service, we offer a display showing the geographical location of the use of works by the respective GEMA member. For this service we use the JavaScript library MapBox GL JS. The JavaScript library MapBox GL JS uses cookies to collect the following technical information for display, optimisation and analysis purposes: IP address, information on the device and browser, operating system, content of the retrieval, date and time of the retrieval, location (restricted) and usage data. The IP address is deleted from the service after 30 days. This data is not used by the service to identify individual users or merged with other data about individual users. The data collected by the service is not passed on to us. You can prevent the use of cookies by adjusting your browser software settings accordingly, but it may be that in this case you will not be able to use the feedback function.

Feedback function

In order to understand the requirements of our user better and to optimise our services on this website, we offer you to provide us with feedback on the website. You do have the possibility to rate our pages anonymously. You also have the option to provide your e-mail address. It will only be processed by us for the purpose of contacting you in the case of enquiries regarding your feedback. As soon as we have no interest in enquiring your feedback, your e-mail address will be deleted immediately. You can also object to your e-mail address being used at any time.

The analysis of the feedback provided is carried out via Hotjar. Hotjar works with cookies. In order to analyse the use of the website, the usage information generated by the cookie (screen size, device type, operating system, browser used, location (only the country), preferred languages for displaying our website) is captured. Hotjar saves such information in a pseudonymised user profile. Neither Hotjar nor we will use the information to identify individual users or consolidate it with other data on individual users. You can avoid that cookies are used by setting your browser software accordingly, but it is possible that, in such a case, you may not be able to use the feedback function to its full extent.

Use of own “cookies”

This website uses its own “cookies” in order to increase the usability (“cookies” are data records which are transmitted by the web server to the browser and are stored there for later retrieval). In our own “cookies”, no personal data is stored. You can generally prevent the use of “cookies” if you prohibit the storage of “cookies” in your browser.

DETAILS ON FURTHER DATA PROCESSING METHODS

Specific information on the processing of member data as part of the 2020 General Assembly

Online registration

In order to participate in the General Assembly 2020, you must register online in advance. If you register as a member to participate in the General Assembly, we will collect and process your data as well as the data of the representatives (proxies) registered by you.

Data in question:	Pertaining to the member and/or representatives: Name, address, e-mail address, corresponding membership number, identity card number Only pertaining to the member: Professional group/ category, membership status, delegate function (if applicable), voting rights, password, legal succession, co-opted
Processing purpose:	Processing serves to ensure the proper conduct of the General Assembly. Data processing within the scope of the online registration for the General Assembly ensures that the registered members and/or the representatives (proxies) registered by them can participate in the General Assembly. At the same time, data processing serves to prevent unauthorised persons from attending the General Assembly.
Legal basis:	Data processing is carried out in accordance with Art. 6 Para. 1 letter f DSGVO [German GDPR]. GEMA's legitimate interest lies in the proper conduct of the General Assembly.
Categories of recipients:	For data processing, we use external service providers for the technical implementation of the online registration, who also have access to the data.
Transfers from/to third countries:	The data will not be transferred to third countries or international organisations.
Data storage duration:	The data will be deleted 1 year after the General Assembly.

Transmission of the General Assembly

The General Assembly 2020 will take place exclusively virtually. Participation is either via e-voting in advance or via a live stream provided by us with live discussion (video conference and written live chat) and live voting on the days of the meeting. For participation in e-voting and the transmission of the General Assembly by live stream (including live discussion and live voting), we process the data of the persons participating in the General Assembly (members, representatives (proxies), GEMA staff (including external service providers and legal advisors), representatives of the DPMA [German Patent and Trademarks Office]).

Data in question:	Pertaining to the member and/or representatives: Name, address, e-mail address, corresponding membership number, identity card number Only pertaining to the member: Professional group/category, membership status, delegate function (if applicable), voting rights, password, legal succession, co-opted Pertaining to GEMA staff and representatives of the DPMA: Name and e-mail address Note on the live discussion: When participating in the live discussion (video conference or written live chat), only the first and last name and, if applicable, the name of the publisher will be displayed.
Processing purpose:	Processing serves to ensure the proper conduct of the General Assembly. Data processing within the scope of the transmission of the General Assembly ensures that only those persons entitled to participate are taking part in the General Assembly. At the same time, the orderly conduct of the voting conducted within the scope of the General Assembly is ensured, so that GEMA members are guaranteed their right of participation.
Legal basis:	Data processing is carried out in accordance with Art. 6 Para. 1 letter f DSGVO [German GDPR]. GEMA's legitimate interest lies in the proper conduct of the General Assembly.
Categories of recipients:	For the technical implementation of holding the General Assembly (e-voting, live stream with live discussion) we have used external service providers who also have access to the data.
Transfers from/to third countries:	The data will not be transferred to third countries or international organisations.
Data storage duration:	The data will be deleted 1 year after the General Assembly.

Audio recording

The General Assembly will be recorded via audio recording. The audio recording shall be done in accordance with Art. 6 (1) f) DSGVO [German GDPR]. The recording serves to ensure that the stenographers take proper minutes of the General Assembly. With the help of the audio recording, the stenographers can also ensure that the minutes of the General Assembly are fully recorded in the event of a technical fault. The audio recordings are made available exclusively to the stenographers for the preparation of the minutes. As soon as the final minutes of the virtual General Assembly have been produced, the audio recordings will be irrevocably deleted. Live pictures transmitted during the General Assembly will not be stored.

Specific details on the processing of member data including online member services

(such as member finances, registration of sub-publishing agreements, work declaration, sub-publisher registration, GEMA download, musical works [enhanced access], research of contributing parties, inquiry lists, tariff calculator and licensing tool, licensing of sound recordings and research [enhanced access], GEMA forum, online registration system for the General Assembly, free-of-charge licences, electronic confirmation process)


Data affected:	Data provided for the contract performance; where applicable, data beyond this scope for processing on the basis of your express permission.
Processing purpose:	Contract performance, in particular rights management and accounting.
Recipient categories:	Public authorities in the case of overriding legal provisions. External service providers or other contractors, for purposes such as data processing and hosting, service providers for printing and dispatching of information and call centres. Further external offices provided that the party concerned has given their permission or that a transfer is permissible on the grounds of overriding interest, such as for the electronic dispatch of information, for quality assurance purposes. Sister societies for the rights management abroad and subsidiaries for the administration of special repertoires.
Third country transfers:	In the course of contract performance, data processors outside the European Union may also be used. During contract performance, a data transfer to third countries may occur.
Data storage duration:	Data storage duration depends on statutory storage obligations and generally lasts 10 years.

Specific details on the processing of licensee data including online services sound recording licensing on the internet / licence shop for music on the internet / customer centre and playlists online.


Data affected:	Data provided for contract performance or fulfilment of statutory duties; data captured for enforcing licence claims; where applicable, data beyond this scope for processing on the basis of your express permission.
Processing purpose:	Contract performance; in particular allocation and distribution; enforcing licence claims on the basis of musical work usage.
Recipient categories:	Public authorities in the case of overriding legal provisions. External service providers or other contractors, for purposes such as data processing and hosting, accounting, service providers for printing and dispatching of information and call centres. Further external offices provided that the party concerned has given their permission or that a transfer is permissible on the grounds of overriding interest.
Third country transfers:	In the course of contract performance, data processors outside the European Union may also be used.
Data storage duration:	Data storage duration depends on statutory storage obligations and generally lasts 10 years.

Specific details on the processing of contractors’ data


Data affected:	Data provided for the contract performance; where applicable, data beyond this scope for processing on the basis of your express permission.
Processing purpose:	Contract performance; such as queries, procurement, quality assurance.
Recipient categories:	Public authorities in the case of overriding legal provisions, such as tax office. External service providers or other contractors, such as for data processing and hosting, accounting, payment processing. Further external offices provided that the party concerned has given their permission or that a transfer is permissible on the grounds of overriding interest.
Third country transfers:	In the course of contract performance, data processors outside the European Union may also be used.
Data storage duration:	Data storage duration depends on statutory storage obligations and generally lasts 10 years.

Specific details on the application process


Data in question:	Application details.
Processing purpose:	Implementation of the application procedure.
Origin of the data:	For direct application: Applicant. For applications via recruitment agencies: from the respective recruitment agency.
Categories of recipients:	Public authorities where priority legislation applies. External service providers or other contractors, including for data processing and hosting.
Transfers from/to third countries:	None.
Duration of data storage:	Application data is usually deleted within four months after completion of the application procedure, unless consent has been given for longer data storage in the context of inclusion in the applicant pool.

Specific details on the processing of employee data


Data affected:	Data provided for the contract performance; where applicable, data beyond this scope for processing on the basis of your express permission.
Processing purpose:	Contract performance within the scope of employment
Recipient categories:	Public authorities in the case of overriding legal provisions, such as tax office, social insurance agencies, trade association. External service providers or other contractors, for purposes such as data processing and hosting, payroll accounting, travel expense accounting, insurance services, vehicle use. Further external offices provided that the party concerned has given their permission or that a transfer is permissible on the grounds of overriding interest.
Third country transfers:	None.
Data storage duration:	Data storage duration depends on statutory storage obligations and generally lasts 10 years.

FURTHER INFORMATION AND CONTACT

You may exercise your right to information, to correction or deletion or limitation of the processing or to the assertion of your right to object against the processing as well as the right to data portability at any time. You can contact us via e-mail or letter here. You also have the right to contact the data protection supervisory authorities.