This data privacy notice applies to the websites operated by RBX GmbH: 

https://www.rbx.music/

https://www.reeperbahnfestival.com/

https://www.keychange.eu/

The general information applies to all our websites. Special features/tools on the respective websites are explained separately.

When you use our websites, various personal data is collected. Personal data concerning you is data that can be used to identify you as an individual. This privacy notice explains what data we collect and what we use it for. The notice also explains how, and for what purpose, this is carried out.

The entity responsible for processing data on the websites stated above is:

RBX GmbH

Neuer Pferdemarkt 1
20359 Hamburg

Tel: + 49 (0) 40 43 17 959 17
Email: contact(at)rbx.music

2.1 Data protection officer

If you have any questions about data protection, please contact our data protection officer at uwe.nolte@datenschutz-qm.de.

3.1 Visiting the websites

When you visit our websites, the browser used on your device automatically sends information to our website server. This information is temporarily stored in what is known as a log file. The following information is collected without any intervention on your part and it is stored until it is automatically deleted:

• IP address of the requesting device
• date and time of access
• name and URL of the retrieved file
• website from which access is made (referrer URL)
• browser used and, if applicable, the operating system of your device and the name of your access provider.

We process the data stated above for the following purposes:

• Ensuring the smooth connection of our website
• Ensuring that our website functions smoothly
• Evaluation of system security and stability
• Other administrative purposes

The legal basis for data processing is 6 (1)(f) of the General Data Protection Regulation (GDPR). The website operator has a legitimate interest in ensuring that its website is free of technical errors and optimised. For this purpose, server log files must be collected.

3.2 Contact 

If you contact us (e.g. via a contact form, email, by post, by phone, in person, etc.) the personal data provided by you is stored by us. We process this data in order to handle your enquiry. We will not disclose this data without your consent. The personal data stated above is processed subject to your consent (Art. 6 (1)(a) GDPR). You can revoke your consent to this at any time. To revoke your consent, just send an informal email to the email addresses of the individual companies/projects listed below. Revocation of consent will not affect the legality of data processing undertaken on the basis of this consent prior to its revocation. The data provided by you when contacting us will remain with us until you request its deletion, revoke your consent to it being stored, or the purpose for storing the data no longer applies (e.g. after your enquiry has been fully processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

3.3 Accreditation of media representatives

Interested media representatives can apply using the accreditation form on our website; all mandatory fields are marked. The information you provide will be used by us for the accreditation process. Approvals and rejections will be sent by email to the email address you provide. We cannot process your application without the mandatory information. Shortly before the event, we will send you a press release containing information for accredited press representatives. At the event, you can collect your wristbands and badges from our staff at the press desk.

You can also state that you would like to be included in our ‘Delegates Database’.

Our Delegates Database is exclusively available to participants of the Reeperbahn Festival Conference. The Delegates Database provides many benefits, such as a list of delegates, a favourites list, a personal messaging system and a personal profile.

Within the Delegates Database, we process the personal data about you as detailed below. We only process data that you voluntarily and actively provide when purchasing a ticket to the Reeperbahn Festival Conference or directly in the Delegates Database (e.g. when completing forms, maintaining your profile) or that you automatically provide when using our services.

Your data will only be processed by us. It will not be sold to, lent to or passed on to third parties. If we use the services of external service providers to process your personal data, this is carried out as part of processing an issued order, where we are authorised to issue instructions to our contractors as the client. We use external service providers in the operation of our Delegates Database for hosting, maintaining, servicing and further development. If other external service providers are used for individual processing operations, they will be identified in the relevant process. We do not transfer data to third countries as a fundamental principle and have no future plans to do so. We will provide information about any exceptions to this fundamental principle in the processing operations described below.

You can also indicate whether you would like to attend any of the events that require registration (e.g. opening or award ceremonies). As a rule, you will receive a confirmation email or invitation to the respective event from the organisers.

The processing of personal data during the application process or when registering in the Delegates Database is based on your consent in accordance with Art. 6 (1)(a) GDPR, while accreditation, admission control, etc. are carried out on the basis of Art. 6 (1)(b) GDPR, a contractual relationship.(???)[IA1]  We have a legitimate interest in using our newsletter provider JUNE to send confirmation emails (Art. 6 (1)(f) GDPR). Our legitimate interest lies in making the process reliable and efficient. Your consent is voluntary. If you wish to revoke your consent/accreditation, simply send a brief email to media@reeperbahnfestival.com. We will then remove your data from the mailing list. 

On our website, you can register to use additional features on the site. We only use the data you enter for the purpose of using the relevant offering or service for which you have registered. The mandatory information requested during registration must be provided in full. If you do not provide this information, we will reject your registration. For important changes, such as changes to the scope of the offering or technically necessary changes, we will use the email address provided during registration to inform you.

The data provided when you register is processed subject to your consent (Art. 6 (1)(a) GDPR). You can revoke your consent at any time. To do so, simply send us an informal email. Revocation of consent shall not affect the legality of data processing undertaken on the basis of this consent prior to its revocation. The data collected during registration will be stored by us for as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.

3.4 Job applications

We offer you the opportunity to apply to work for us (e.g. by email, post or via our online application form). Below, we provide information about how much of your personal data we collect during the application process, why we do this and how we use this data. We assure you that your data will be collected, processed and used in line with current data protection laws and all other legal requirements, and that your data will be handled with strict confidentiality.

When you send us an application, we process your associated personal data (e.g. contact and communication information, application documents, notes taken during job interviews, etc.) as far as this is necessary to decide whether to offer you a position. The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) and – if you have given your consent – Article 6(1)(a) of the GDPR. Your consent can be revoked at any time. Your personal data will only be disclosed within our company to persons involved in processing your application.

If your application is successful, the data you have provided will be stored in our data processing systems in accordance with Section 26 BDSG for the purpose of administering the employment relationship. If we are unable to offer you a position, you decline a job offer, withdraw your application, revoke your consent to data processing or request that we erase your data, the data you have submitted, including any remaining physical application documents, will be stored or retained for a maximum of 6 months after completing the application process (retention period) in order to be able to verify the details of the application process in the event of any discrepancies (Art. 6 (1)(f) GDPR).

After the retention period has expired, the data will be deleted unless a legal obligation to retain it or another legal reason for further storage exists. Should it become apparent that it is necessary to retain your data after the retention period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted once it is no longer relevant. Other statutory retention obligations remain unaffected.

3.5 Routine erasure and blocking of personal data

We only process and store personal data for the period necessary to achieve the purpose for which it was collected or as required by law or regulations that apply to the controller. If the purpose of processing no longer applies or if a stipulated storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Our websites are hosted by external service providers (hosts). Personal data collected on the websites is stored on the web hosts’ servers. This may include IP addresses, contact enquiries, meta data and communication data, contract data, contact details, names, website traffic and other data generated via a website. The web hosts are used for the purpose of enabling our online services to be provided securely, quickly and efficiently by a professional provider (Art. 6 (1)(f) GDPR). Our web hosts will only process your data to the extent required to fulfil their service obligations and will follow our instructions regarding this data. In order to ensure data protection-compliant processing, we have concluded data processing agreements with our web hosts. 

For security reasons, in particular to protect the transmission of confidential content such as your personal data, our websites use SSL or TLS encryption. You can recognise an encrypted connection active from the fact that that the address line of the browser changes from SSL or TLS encryption from “http://” to “https://” and by the padlock symbol in your browser’s address bar. If SSL or TLS encryption is activated, the data you submit to us cannot be read by third parties.

Our websites use cookies. Cookies are text files that a website provider stores on the computer of the website user and can retrieve when the user revisits the site, for the purpose of facilitating navigation on the Internet or transactions, or to obtain information about user behaviour. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offerings more user-friendly, effective and secure. Most of the cookies we use are what are known as ‘session cookies’. These are automatically deleted once you leave our website. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser the next time you visit our website.

Cookies required to carry out the electronic communication process or to provide certain functions requested by you (e.g. shopping basket function) are stored in accordance with Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in storing cookies in order to ensure that its website is free of technical errors and optimised. If other cookies (e.g. cookies used to analyse your surfing behaviour) are stored, these are covered separately in this privacy notice. You can set your browser to notify you when cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies in certain cases or in general, and enable the automatic deletion of cookies when you close your browser. The legal basis for this is your consent in line with Article 6(1)(a) of the GDPR. If you deactivate cookies, this website’s functionality may be limited.

Storage period: Cookies are split into the following categories according to how long they are stored: 

• Temporary cookies (also called session cookies): Temporary cookies are automatically deleted once a user has left an online offering or service and closed their device (e.g. browser or mobile application).
• Permanent cookies: Permanent cookies remain stored even after a device is closed. This enables, for example, login status to be stored or preferred content to be displayed straight away when a user revisits a website. Similarly, user data collected by means of cookies can be used for audience measurement. Unless we provide users with explicit information about the type of cookies and their storage period (e.g. when obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years.

General information on revoking and objecting (‘opt out’): Users may withdraw their consent at any time and object to the processing of their data in accordance with the legal requirements. To do so, users may, for example, restrict the use of cookies in their browser settings (which may also restrict the functionality of our online offering). Users can also object to the use of cookies for online marketing purposes via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

We maintain an online presence on social networks in order to inform users who are active on these networks about our services and, if they are interested, to communicate with them via these platforms. Our social media channels are only accessible via an external link. You can identify the links by the typical buttons. These buttons do not feature a ‘share’ or ‘like’ function; they are simply graphics that link to our corresponding social media channel. If you click on one of these buttons, the relevant social media channel will be opened. The relevant social network will be informed that you have visited our website with your IP address. As soon as you access our social media profile on the relevant network, the terms and conditions as well as the data processing guidelines of the operator of that network apply. 

We have no influence on the collection of data and how it is subsequently used by social networks. We have no knowledge of the extent to which, where and for how long the data is stored, how far the networks comply with existing deletion obligations, what types of analysis and links are undertaken with the data, or to whom the data is disclosed. We therefore expressly point out that your data (e.g. personal information, IP address) is stored by the network operators in accordance with their data usage guidelines and used for business purposes. For details on this, please refer to the terms of use and data protection regulations of the respective social media portals.

Users can subscribe to a newsletter on our website. The personal data provided to us when ordering the newsletter is determined by the input mask used; the mandatory fields are marked. 

If you register for the newsletter offered on the website, we require your email address as well as information that enables us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected unless you provide it voluntarily. We use this data exclusively for sending the requested information and we do not disclose it to third parties.

The data you provided in the newsletter registration form is processed solely on the basis of your consent (Art. 6 (1)(a) GDPR). You may at any time withdraw your consent to the storage of your data, email address and its use for sending the newsletter, for example via an unsubscribe link in the newsletter. Withdrawal of consent shall not affect the legality of data processing already undertaken on the basis of this consent prior to its withdrawal.

The data you provide in order to receive the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe. Data stored by us for other purposes (e.g. email addresses for customer communication) remains unaffected by this.

Consent to receive the newsletter can be withdrawn at any time. There is a special link in every newsletter for the purpose of withdrawing consent. It is also possible to unsubscribe from the newsletter directly on the website at any time or to notify us in a different way.

8.1 Newsletter to existing customers

If your email address was obtained in connection with a purchase, a special provision applies in accordance with Section 7(3) of the German Unfair Competition Act (UWG). According to this provision, the consent of the customer or recipient is not required in certain cases. As part of existing customer relationships (= existing customers), we are able to advertise the sale of our own similar products or services by email without having to again obtain the customer’s consent.

Consent to receive the newsletter can of course be withdrawn at any time. There is a special link in every newsletter for the purpose of withdrawing consent. It is also possible to unsubscribe from the newsletter directly on the website at any time or to notify us in a different way.

8.2 Newsletter tracking

Our newsletters contain what are known as tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format to enable a log file to be recorded and analysed.
 This allows a statistical evaluation to be performed on the success or failure of online marketing campaigns. The embedded tracking pixel enables the company to see whether and when an email has been opened by a data subject and which links in the email have been accessed by the data subject. 

Data subjects are entitled to withdraw their declaration of consent at any time. Following the withdrawal of consent, this personal data will be deleted. We automatically interpret unsubscribing from the newsletter as a withdrawal of consent.
 

8.3 Reeperbahn Festival newsletter 

Processing is carried out for our subscriber newsletter on the basis of consent in accordance with Art. 6 (1)(a) GDPR. Your consent is voluntary. The provider is JUNE - Online Marketing GmbH, Große Johannisstrasse 3, 20457 Hamburg. We have a legitimate interest in using the newsletter provider JUNE (Art. 6 (1)(f) GDPR). Our legitimate interest lies in offering you an engaging newsletter that operates reliably and enables us to comply with legal requirements. After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist (to prevent future mailings). The data from the blacklist is used solely for this purpose and is not merged with any other data. This serves both your interests and our interests in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1)(f) GDPR). There is no time limit for data storage on the blacklist. You can object to the storage of your data if your interests outweigh our legitimate interests.
 

8.3.1 Press releases

The processing of our press releases is based on consent in accordance with Art. 6 (1)(a) GDPR. Your consent is voluntary. We have a legitimate interest in using the newsletter provider JUNE (Art. 6 (1)(f) GDPR). Our legitimate interest lies in offering you engaging press releases that operate reliably and enable us to comply with legal requirements. After you unsubscribe from the distribution list, your email address may be stored in a blacklist (to prevent future mailings). The data from the blacklist is used solely for this purpose and is not merged with any other data. This serves both your interests and our interests in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). There is no time limit for data storage on the blacklist. You can object to the storage of your data if your interests outweigh our legitimate interests.
 

8.4. Keychange newsletter

On our website, we use the MailerLite tool from the provider ‘MailerLite UAB’, J. Basanavičiaus 15, LT-03108 Vilnius, Lithuania, to send newsletters. MailerLite is a service that can be used to organise and analyse newsletter distribution. The data that you enter in order to receive the newsletter (e.g. your email address) is stored on MailerLite’s servers. The processing of data is subject to your consent (Art. 6 (1)(a) GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. Withdrawal of consent shall not affect the legality of data processing already undertaken on the basis of this consent prior to its withdrawal.

Our newsletters sent with MailerLite enable us to analyse the actions of newsletter recipients. This includes analysing how many recipients opened the newsletter message and how often links in the newsletter were clicked. For more information on data analysis by MailerLite newsletters, please visit https://www.mailerlite.com/features/performance-reports.

If you do not want MailerLite to analyse your data, you must unsubscribe from the newsletter. We provide a link to do this in every newsletter message. You can also unsubscribe from the newsletter directly on our website.

The data you provide in order to receive the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe and it will be deleted from both our servers and MailerLite’s servers after you unsubscribe. Data stored by us for other purposes remains unaffected by this. We have concluded a data processing contract with MailerLite. Further information can be found in the Terms of Use and the Privacy Policy at https://www.mailerlite.com/legal.

Our websites use plugins and tools. 

9.1 RBX

9.1.1 Spotify

Our websites have integrated features from the Spotify music service. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. You can identify the Spotify plugins from the green logo on our website. An overview of the Spotify plugins can be found at: https://developer.spotify.com.

This allows a direct connection to be established between your browser and the Spotify server when you visit our website via the plugin. This gives Spotify the information that you have visited our website using your IP address. If you click on the Spotify button while you are logged into your Spotify account, you can link the content of our website to your Spotify profile. This allows Spotify to associate your visit to our website with your user account.

For more information on this, please see Spotify’s privacy notice: https://www.spotify.com/de-en/legal/privacy-policy/.

If you do not want Spotify to be able to connect your visit to our sites with your Spotify user account, please log out of your Spotify user account.
 

9.2 Reeperbahn Festival

9.2.2 Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that enables us to incorporate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies or perform independent analyses. It is used solely for managing and displaying the tools that are incorporated through it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

The use of Google Tag Manager is based on Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in the rapid and straightforward integration and management of various tools on its website. If the relevant consent has been requested, processing is performed on the basis of Art. 6(1)(a) GDPR and the German Telecommunications Digital Services Data Protection Act (TDDDG), insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Your consent can be withdrawn at any time.

For more information, please see Google’s privacy policy: https://policies.google.com/privacy?hl=de.
 

9.2.3 Spotify

Our websites have integrated features from the Spotify music service. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. You can identify the Spotify plugins from the green logo on our website. An overview of the Spotify plugins can be found at: https://developer.spotify.com.

This allows a direct connection to be established between your browser and the Spotify server when you visit our website via the plugin. This gives Spotify the information that you have visited our website using your IP address. If you click on the Spotify button while you are logged into your Spotify account, you can link the content of our website to your Spotify profile. This allows Spotify to associate your visit to our website with your user account.

For more information on this, please see Spotify’s privacy notice: https://www.spotify.com/de-en/legal/privacy-policy/.

If you do not want Spotify to be able to connect your visit to our sites with your Spotify user account, please log out of your Spotify user account.

9.2.3 Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that enables us to incorporate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies or perform independent analyses. It is used solely for managing and displaying the tools that are incorporated through it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

The use of Google Tag Manager is based on Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in the rapid and straightforward integration and management of various tools on its website. If the relevant consent has been requested, processing is performed on the basis of Art. 6(1)(a) GDPR and the German Telecommunications Digital Services Data Protection Act (TDDDG), insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Your consent can be withdrawn at any time.

For more information, please see Google’s privacy policy: https://policies.google.com/privacy?hl=de.
 

9.2.4 Google Web Fonts

This site uses web fonts provided by Google to ensure uniform font display. When you visit a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. To do this, the browser you are using must connect to Google's servers. This allows Google to know that our website has been accessed via your IP address. The use of Google web fonts serves the purpose of presenting our online content in a uniform and appealing manner based on your consent in accordance with Art. 6 (1)(a) GDPR.

If you do not consent or your browser does not support web fonts, a standard font from your device will be used. Further information about Google web fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/.

9.3 ADOBE Typekit

Our website uses web fonts provided by Adobe to ensure consistent display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you visit our website, your browser loads the required fonts directly from Adobe so that they can be displayed correctly on your device. Your browser connects to Adobe's servers in the USA. This allows Adobe to know that our website has been accessed via your IP address. According to Adobe, no cookies are stored when the fonts are provided.

Adobe is certified under the EU-US Data Privacy Framework. The Data Privacy Framework is an agreement between the United States of America and the European Union that is intended to ensure compliance with European data protection standards. Further information can be found at https://www.adobe.com/de/privacy/eudatatransfers.html.

Use of Adobe Fonts is necessary to ensure a consistent typeface on our website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. You can find more information about Adobe Fonts at https://www.adobe.com/de/privacy/policies/adobe-fonts.html. Adobe's privacy policy can be found at https://www.adobe.com/de/privacy/policy.html

Content delivery networks (CDNs) are networks of geographically distributed servers connected via the internet that are used to deliver content, particularly large media files. CDNs work together to serve requests from end users for content as economically as possible. In the background, the data is stored in the network in such a way that the delivery is either as fast as possible (performance optimisation) or uses as little bandwidth as possible (cost optimisation), or both at the same time.

10.1 RBX

10.1.1 Cloudflare

Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, is a US company that provides a content delivery network, internet security services and distributed DNS (domain name server) services, which are located between the visitor and the Cloudflare user’s hosting provider and act as a reverse proxy for websites. The site uses Cloudflare as a global content delivery network (CDN), which speeds up the delivery of the website to visitors. Cloudflare operates 43 data centres in 32 countries, thus shortening the distance data has to travel to reach website visitors. Cloudflare is used in the interest of ensuring the technically error-free and optimised provision of our online services. This constitutes a legitimate interest within the meaning of Art. 6 (1)(f) GDPR. For more information, please see Cloudflare’s privacy policy: https://www.cloudflare.com/privacypolicy/.

10.2 Reeperbahn Festival

10.2.1 Cloudflare

Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, is a US company that provides a content delivery network, internet security services and distributed DNS (domain name server) services, which are located between the visitor and the Cloudflare user’s hosting provider and act as a reverse proxy for websites. The site uses Cloudflare as a global content delivery network (CDN), which speeds up the delivery of the website to visitors. Cloudflare operates 43 data centres in 32 countries, thus shortening the distance data has to travel to reach website visitors. Cloudflare is used in the interest of ensuring the technically error-free and optimised provision of our online services. This constitutes a legitimate interest within the meaning of Art. 6 (1)(f) GDPR. For more information, please see Cloudflare’s privacy policy: https://www.cloudflare.com/privacypolicy/.

10.3 Keychange

10.3.1 Squarespace

We host our website with Squarespace Ireland Ltd., Le Pole House, Shipstreet Great, Dublin 8, Ireland (hereinafter: Squarespace). Squarespace is a tool for creating and hosting websites. We use Squarespace based on Article 6 (1)(f) of the GDPR. We have a legitimate interest in ensuring that our website functions and is presented as reliably as possible.

When you visit our website, your data is processed on Squarespace’s servers. Squarespace collects personal data when you visit this website. This includes information about your browser, network and device, websites you visited before visiting this website, websites you visit while on this website, and your IP address. Squarespace requires this data to operate this website and to protect and improve its platform and services. Personal data may also be transferred to Squarespace’s parent company, Squarespace Inc., 8 Clarkson St, New York, NY 10014, USA. Squarespace also stores cookies that are required to display the site and safeguard security (necessary cookies).

Data transfer to the United States is based on the standard contractual clauses of the European Commission. Details can be found here: https://support.squarespace.com/hc/de/articles/360000851908-DSGVO-und-Squarespace. The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/4774. We have concluded a data processing agreement with MailerLite to use the service stated above. This is an agreement required by data protection law, which ensures that this service processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. 

We use marketing and tracking mechanisms for analysis purposes. The use of marketing cookies and tracking mechanisms enables us and our partners to show you personalised offers based on an analysis of your interests and usage behaviour. Below, we explain which mechanisms and tools we use on this online presence:

• Statistics:
  We use statistical tools to measure the number of your page views, for example.
• Conversion tracking:
  Our conversion tracking partners place a cookie on your computer (‘conversion cookie’) if you have accessed our website via an advertisement from the relevant partner. These cookies usually expire after 30 days. If you visit certain pages on our website and the cookie has not yet expired, we and the respective conversion tracking partner can recognise that a specific user has clicked on the advertisement and been redirected to our website. This can also be done across multiple devices. The information collected using the conversion cookie is used to generate conversion statistics and to record the total number of users who clicked on the relevant advertisement and were redirected to a page featuring a conversion tracking tag.
• Retargeting:
  These tools create usage profiles using advertising cookies or third-party advertising cookies, web beacons (invisible graphics also known as pixels or tracking pixels) or similar technologies. These are used for advertising based on interests and to control the frequency that users see certain advertisements. The providers of the tools may also share information with third parties for the purposes mentioned above. Please refer to the data protection information provided by the respective provider in this regard.

Please note that when using the tools, your data may be transferred to recipients outside the European Economic Area (e.g. the USA). Details can be found in the following description of the individual marketing tools:
 

11.1 RBX

11.1.1 Matomo

This website uses the open source web analytics service Matomo provided by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. We use Matomo based on Article 6(1)(a) of the GDPR. Matomo is an open source software that we have installed on our server. Matomo uses cookies. These are pieces of information that are stored on your device and enable your use of the website to be analysed. For that purpose, the information generated by the cookie about your use of this website is stored on our server. This data is not passed on to third parties – in particular not to Innocraft Ltd. Your IP address is only collected in truncated form so that it cannot be traced to you (IP masking). Matomo cookies remain on your device until you delete them.

The statistics produced by Matomo record in particular how many users visit our website, the country or location from which they access it, which pages and subpages they visit and which links or search terms visitors use to access our website. The information collected is transferred to our server, where it is stored. We have explained the storage period and your control and setting options for cookies in the “Cookies” section above. You can, at any time, use the consent tool settings to revoke the consent you have given relating to Matomo with future effect.

You can also prevent cookies from being stored by adjusting your browser software settings accordingly. However, we would like to point out to you that by doing so you may not be able to use all the functions of this website to their full extent. You can find out more about the processing of data by Matomo at https://matomo.org/privacy-policy/.

11.2 Reeperbahn Festival

11.2.1 Matomo

This website uses the open source web analytics service Matomo provided by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. We use Matomo based on Article 6(1)(a) of the GDPR. Matomo is an open source software that we have installed on our server. Matomo uses cookies. These are pieces of information that are stored on your device and enable your use of the website to be analysed. For that purpose, the information generated by the cookie about your use of this website is stored on our server. This data is not passed on to third parties – in particular not to Innocraft Ltd. Your IP address is only collected in truncated form so that it cannot be traced to you (IP masking). Matomo cookies remain on your device until you delete them.

The statistics produced by Matomo record in particular how many users visit our website, the country or location from which they access it, which pages and subpages they visit and which links or search terms visitors use to access our website. The information collected is transferred to our server, where it is stored. We have explained the storage period and your control and setting options for cookies in the “Cookies” section above.  You can, at any time, use the consent tool settings to revoke the consent you have given relating to Matomo with future effect.

You can also prevent cookies from being stored by adjusting your browser software settings accordingly. However, we would like to point out to you that by doing so you may not be able to use all the functions of this website to their full extent. You can find out more about the processing of data by Matomo at https://matomo.org/privacy-policy/.

11.3 Keychange

11.3.1 Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies. These are pieces of information that are stored on your device and enable your use of the website to be analysed. As a rule, the information generated by the cookie about your use of this website is transmitted to a Google server in the USA and stored there.You can prevent Google Analytics from collecting your data by adjusting the settings in the Cookie Consent Manager. Google Analytics cookies are stored on the basis of Art. 6(1)(a) GDPR and the German Telecommunications Digital Services Data Protection Act (TDDDG), insofar as consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. The maximum lifespan of Google Analytics cookies is two years. You can withdraw your consent at any time with future effect by accessing the cookie settings and changing your preference there. Doing so will not affect the legitimacy of the data processing already performed based on your consent up until its withdrawal.

You can also prevent cookies from being stored in the first place by adjusting your browser software settings accordingly. However, if you configure your browser to reject all cookies, this may result in restrictions on the functionality of this and other websites. You can also prevent Google from collecting the data that is generated by the cookie and related to your use of the website (including your IP address) and from processing this data by declining to give your consent to the setting of cookies or by downloading and installing the browser add-on to deactivate Google Analytics here: https://tools.google.com/dlpage/gaoptout?hl=de.

We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics. The European Commission adopted its adequacy decision for the United States on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. As Google servers are distributed worldwide and transfer of data to third countries (e.g. Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with Google (https://business.safety.google/adsprocessorterms/sccs/c2p/).

You can find more detailed information on the Google Analytics terms of use and on data privacy with Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.

Users of our website have the right to receive specific information on the processing of their data by our website. Please direct any enquiries to our contact address given above. As a “data subject”, you have the following rights if your personal data is processed while you are visiting our website:

12.1 Access 

You have the right to obtain confirmation from us as to whether or not your personal data is being processed by us (“right to access”). The right to access is excluded if the data is only stored because it may not be deleted on account of legal or statutory retention periods or if it is used exclusively for the purposes of data backup or data protection control, provided that granting access would require disproportionate effort and processing for other purposes is excluded by means of appropriate technical and organisational measures. If the right to access is not excluded in your case and your personal data is processed by us, you can request the following information from us:

• purposes of the processing
• categories of your personal data being processed
• recipients or categories of recipients to whom your personal data is disclosed, in particular recipients in third countries
• if possible, the planned period of storage of the personal data concerning you or, if providing this information is not possible, the criteria used to determine the storage period
• the existence of a right of rectification or erasure of personal data that concern you, of a right to restrict processing of such personal data, or of a right to object to such processing
• the existence of a right of appeal to a supervisory authority for data protection
• the information available regarding the source of the data in the event that the personal data has not been collected from you as the data subject
• if applicable, the existence of automated decision-making, including profiling, and reliable information about the logic involved and the scope and the desired effects of automated decision-making
• if applicable, in the case of the transfer of data to recipients in third countries, information on the appropriate safeguards pursuant to Art. 46 (2) GDPR for the protection of personal data, unless the EU Commission has issued a decision on the adequate level of protection pursuant to Art. 45 (3) GDPR.
   

12.2 Rectification and completion of personal data 

• You have the right to obtain from us without undue delay the rectification of inaccurate personal data that we are holding about you. You have the right to request the completion of personal data concerning you if this is incomplete.
   

12.3 Erasure 

You have the right to erasure (“right to be forgotten”) unless the processing is necessary to exercise the right to freedom of expression, the right to information or to comply with a legal obligation, or for the performance of a task carried out in the public interest and where one of the following reasons applies:

• The personal data is no longer necessary for the purposes for which it was processed.
• The only justification for the processing was your consent, which you have withdrawn.
• You have objected to the processing of your personal data that we have made public.
• You have objected to the processing of personal data that we have not made public and there are no overriding legitimate grounds for the processing.
• Your personal data has been unlawfully processed.

The personal data has to be erased for compliance with a legal obligation to which we are subject.

No right to erasure exists if, in the case of lawful non-automated data processing, erasure is not possible or only possible with disproportionate effort due to the particular type of storage and your interest in erasure is minimal. In such cases, the restriction of processing shall apply instead of erasure. 
 

12.4 Restriction of processing 

You have the right to obtain from us the restriction of processing where one of the following applies:

• You contest the accuracy of the personal data. In this case, you can request the restriction for a period of time that enables us to verify the accuracy of the data.
• The processing is unlawful and you request the restriction of the use of your personal data instead of its erasure.
• We no longer require your personal data for purposes of processing, but you require the data for the establishment, exercise or defence of legal claims.

You objected to processing pursuant to Article 21 (1) GDPR. Restriction of processing can be obtained pending verification as to whether our legitimate grounds override your reasons for objecting.

Restriction of processing means that the personal data may only be processed with your consent or for the establishment, exercise or defence of legal claims, or to protect the rights of another natural or legal person, or on grounds of important public interest. Before we remove the restriction, we have a duty to notify you of this.
 

12.5 Data portability 

• You have a right to data portability if the processing is based on your consent (Art. 6 (1)(a) or Art. 9 (2)(a) GDPR) or based on a contract to which you are a party and the processing is carried out by automated means. The right to data portability in this case includes the following rights, provided that this does not affect the rights and freedoms of other persons: You can make a request to us to receive the personal data that you have provided us with in a structured, commonly used and machine-readable format. You have the right to transmit that data to another controller without hindrance from us. You also have the right to request that we transmit your personal data directly to another controller, where this is technically feasible. 
   

12.6 Withdrawal of consent 

• You have the right to withdraw your consent at any time with future effect. Simply send an email to contact@rbx.music. Withdrawal of consent shall not affect the lawfulness of data processing undertaken based on consent prior to its withdrawal. Upon receiving your withdrawal of consent, the data processing that was based exclusively on your consent will be discontinued.
   

12.7 Objection

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you where the processing is based on Art. 6 (1)(e) GDPR (performance of a task carried out in the public interest or in the exercise of official authority) or Art. 6 (1)(f) GDPR (legitimate interests pursued by the controller or by a third party). This also applies to profiling based on Art. 6 (1)(e) or (f) GDPR. After exercising your right to object, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is necessary for the establishment, exercise or defence of legal claims.

You can object at any time to the processing of your personal data for the purposes of direct marketing. This also applies to profiling in connection with such direct marketing. After you exercise this right to object, we will no longer use the personal data concerned for direct marketing purposes.

Simply send an email to contact@rbx.music.
 

12.8 Existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling.
 

12.9 Lodging a complaint 

If you are of the opinion that the processing of personal data concerning you is unlawful, you may lodge a complaint with a supervisory authority for data protection that is responsible for your place of residence or work or for the place of the alleged infringement. We would however appreciate it if you would first contact us and tell us your concerns or complaints. Simply send an email to contact@rbx.music.