1. Website Visitors
1.1 Server-log data
When using our websites, certain information is sent to the server of our websites by the browser used on your device for technical reasons. This data is stored and processed on our servers.
(i) We process the following data for the purpose of providing the contents of the website that you have visited, to ensure the security of the IT infrastructure used, to correct errors, to enable and simplify searches on the website and to manage cookies.
(ii) The data processed is HTTP data: HTTP data is protocol data that is generated when the Websites is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons: This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit. HTTP(S) data also accumulates on the servers of service providers (for example: when requesting third-party content).
(iii) The legal basis for the processing of the abovementioned data is our legitimate interest in the operation of an online presence, communication with communication partners and internal compliance reporting (Article 6 para. (1) (f) GDPR).
(iv) The data is automatically transmitted by the browser of the user.
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vi) IP addresses are anonymized after 24 hours at the latest. Pseudonymous usage data will be deleted after six months.
(vii) Without disclosure of personal data such as the IP address, the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.
1.2 Technically required cookies
We use cookies on our websites. Cookies are small text files containing information that can be stored on the user's device via the browser when visiting a website. The information stored in cookies can be read out and processed when the website is visited again using the same device. In doing so, we use processing and storage functions of the browser of your device and collect information from the storage of the browser of your device.
In the structure of our privacy policy, we differentiate between technically required cookies and tracking cookies. Cookies that are technically required for the functioning of the websites cannot be deactivated via the cookie management function of the websites. However, you can generally deactivate cookies at any time in your browser. Different browsers offer different ways to configure the cookie settings in the browser. However, we would like to point out that some functions of the websites may not or no longer function properly if you generally deactivate cookies in your browser settings.
a) Consent Cookies
We use so-called Consent Cookies to store your consent, possible right to withdraw your consent and opt-out of the use of cookies on our websites.
(i) The purpose of data processing is the storage of the user decisions on cookies (consent, withdrawal, opt-out).
(ii) The processed data are:
HTTP data:
HTTP data is protocol data that is technically generated when the website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL) and date and time of the visit.
User decision on cookies:
User's decision on individual cookies or groups of cookies. Time of the decision and of the last visit.
(iii) The legal basis for the processing is our legitimate interest of easy and reliable control of cookies settings in accordance with the respective user decisions and improving of user experience (legal basis: Article 6 para. (1) (f) GDPR).
(iv) The data is actively provided by the user (decision on cookies) or automatically transmitted by the user's browser (protocol data, time stamp).
(v) Recipients of the personal data are IT service providers which we use as processors, respectively, within the framework of a data processing agreement.
(vi) Information about your decision rejecting cookies is deleted at the end of the session. The remaining other data will be deleted after one year.
(vii) Without disclosure of personal data, the use of the website is not possible. Communication via the website without the disclosure of data is technically not possible.
b) Session Cookies
We use Session Cookies on our websites. This enables us to save information about your customer account, individual settings and certain user actions for the duration of your visit (for example: login, language settings, shopping basket function).
(i) The purpose of data processing is to enable the login, user-specific settings (for example: language) and the technical provision of the website, in particular a shopping cart function. Please also see the information on anonymous data analysis in section 1.3(b)(viii) below.
(ii) The processed data are data concerning the customer account, language selection, country, cookie settings and shopping cart.
(iii) The legal basis for the processing is the usage contract for visiting the website and our legitimate interest in the provision of the individual sessions for the users, including the cookies accepting/rejecting function, shopping basket function or the respective language setting function, each in accordance with Article 6 para. (1) (f) GDPR.
(iv) The data is automatically transmitted by the browser of the user.
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vi) The data is deleted after one year.
(vii) Without disclosure of personal data the use of the website is not possible. Communication via the website without disclosure of data is technically not possible
c) IT Security Cookies
We use IT Security Cookies on our websites to protect our websites and also our website visitors against IT Security attacks, like for example so-called cross-site request forgery attacks or other attacks by malicious visitors. Some attackers attempt to display fake requests to website visitors.
(i) The purpose of the data processing is to increase the IT Security of the website and of our website visitors and to prevent IT Security attacks.
(ii) The data processed are the IT Security test results and the HTTP log data. Wherever it is possible we use one-way hashes of certain test result values.
(iii) The legal basis for the processing is our legitimate interest in protecting our website and our website visitors from IT Security attacks (Article 6 para. (1) (f) GDPR).
(iv) The data is automatically transmitted by the browser of the user.
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vi) The data is usually deleted at the end of the session.
(vii) Without disclosure of personal data the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.
1.3 Tracking Cookies
We use cookies on our websites. Cookies are small text files containing information that can be stored on the user's device via the browser when visiting a website. The information stored in cookies can be read out and processed when the website is visited again using the same device. In doing so, we use processing and storage functions of the browser of your device and collect information from the storage of the browser of your device.
In the structure of our privacy policy, we differentiate between technically required cookies and tracking cookies. Depending on their function and purpose, the use of certain cookies may require the user's consent. Your consent is given through a so-called "cookie banner": When you visit our websites, we display our cookie banner. In our cookie banner you can declare your consent to the use of all cookies requiring consent on this website by clicking on the "Accept" button. Without such consent, the cookies requiring consent are not activated. By clicking the "Close" button, you can also completely reject the use of cookies requiring consent. Your decision will be saved in a cookie. Alternatively, you have the possibility to access our "cookie settings section" by clicking on the "More information" button. In the cookie settings section, you can make an individual selection of cookies and customize them at a later time. We store your cookie settings in the form of a cookie on your device in order to determine whether you have already made cookie settings the next time you visit the websites.
a) Matomo (on-premise version)
We use the web analysis tool Matomo on our websites. We only process data generated by Matomo on our own servers (on-premise). With the help of Matomo, we can analyze the usage behavior of visitors to our websites in pseudonymized and anonymized form. Your IP address is anonymized because we have enabled this function.
You can deactivate the data processing by Matomo at any time in our âcookie settings sectionâ.
(i) The purpose of data processing is to analyze user behavior and to measure the reach of our website and advertisements to optimize our website.
(ii) The processed data or information are:
HTTP data: HTTP data are information generated for technical reasons when using the web analysis tool Matomo via the Hypertext Transfer Protocol (Secure) (HTTP(S)) used on the website: Such data include anonymized IP address, type and version of your Internet browser, operating system used, the page visited and URL, the page previously visited (referrer URL), date and time of the visit.
Location data (based on anonymized IP address): Such data may include country, region, city.
Data generated for web analysis and assigned to your device: This includes the User ID. Such User ID is a feature in Matomo that lets us connect together a given userâs data collected from multiple devices and multiple browsers.Â
Ecommerce data (only when you purchase Ableton products): transaction value, product purchased, product price purchased.
Customer account data (only when you are logged in your Ableton Account): Such data may include current licenses, type of registered hardware unit(s), date of first free unlock of a license, date of last product purchase.
Interaction and event tracking data: Such data are generated from your interactions with functions on our website. Such data include newsletter subscription, form interactions, video and audio interactions, adds to cart, clicks on payment method, links (internal and external) and downloads.
Analytics measurement and report data: Data contained in aggregated segment and device-related reports by the Matomo web analysis tool based on a heatmap analysis and session recordings. These data include information where on a page you as website visitor tried to click, where you moved the mouse and how far down you scrolled as well as clicks, mouse movements, scrolls, window resizes, form interactions, and changes to the website.Â
(iii) The legal basis for the processing of the above-mentioned data is your consent (Article 6 para. (1) (a) GDPR).
(iv) The data is automatically transmitted by the browser of the user.
(v) We use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems.
(vi) The data will be deleted after 6 months at the latest.
(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the data subject to provide the data. If the data is not provided, we cannot perform web analysis using Matomo.
b) Snowplow (on-premise version)
If you have given your consent, we use the web analysis tool Snowplow by the provider Snowplow Analytics. on our website to examine your individual usage of the website. We only process data generated by or in connection with Snowplow on (virtual) servers operated by us (on-premise).
You can deactivate tracking by Snowplow at any time in the âcookie settings sectionâ.
(i) The purpose of data processing is to analyze individual user behavior.Â
(ii) The processed data are:
HTTP data: HTTP data are information generated for technical reasons when using the web analysis tool Snowplow via the Hypertext Transfer Protocol (Secure) (HTTP(S)) used on the website: Such data include anonymized IP address, type and version of your Internet browser, operating system used, the page visited and URL, the page previously visited (referrer URL), date and time of the visit.
Location data (based on anonymized IP address): Such data may include country, region, city.
Data generated for web analysis and assigned to your device: This includes the domain ID. Such domain ID is a feature in Snowplow that lets us connect together a given userâs data collected from multiple devices and multiple browsers.Â
Customer account data (only when you are logged in your Ableton Account): Such data may include current licenses, type of registered hardware unit(s), date of first free unlock of a license, date of last product purchase.
Interaction and event tracking data: Such data are generated from your interactions with functions on our website. Such data include newsletter subscription, form interactions, video and audio interactions, adds to cart, clicks on payment method, links (internal and external) and downloads.
(iii) The legal basis for the processing is your consent (Article 6 para. (1) (a) GDPR).
(iv) The data is automatically transmitted by the browser of the user.
(v) The data from the cookie is deleted after the end of the session. The remaining data will be deleted after two years.
(vi) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the data subject to provide the data. If the data is not provided, we cannot perform individual user tracking using Snowplow.
(viii) If you have not given your consent for individual user tracking or if you have revoked it (e.g. by deactivating the Snowplow cookie), Ableton may perform anonymous usage data analysis on the basis of the session ID by means of the software Snowplow. Please find further information here. Ableton will anonymize the connection between the session ID and the website visitor before processing the usage data further, so that no personal identifiable data will be analyzed. The legal basis for the anonymization is the legitimate interest, namely improving the website content (Article 6 para. (1) (f) GDPR).
c) Web Extend (Emarsys)
If you have given your consent, we use the web analysis tool Web Extend from the provider Emarsys Interactive Services GmbH on our website. With the help of Web Extend, we can examine the user behavior of visitors to our website in pseudonymized and anonymized form and, for example, evaluate purchases made as a result of email campaigns.
You can deactivate data processing by Web Extend at any time in the âcookie settings sectionâ.
(i) The purpose of data processing is to analyze user behavior, to measure the reach of our newsletter in order to optimize our offers and to deliver relevant content to users (according to their browsing behavior).
(ii) The processed data are:
Web Extend HTTP data:
This is protocol data that is generated for technical reasons when using the web analysis tool Web Extend via the Hypertext Transfer Protocol (Secure) (HTTP(S)) used on the website: This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.
Web Extend identifiers
These are pseudonymized identifiers such as external IDs or hashed email addresses for cases where customers are logged in.
Web Extend Browsing Information
Data generated by the web analysis tool Web Extend: Information about the last shopping cart that was canceled, the last completed purchase, and the web page sessions of the preceding 180 days.
(iii) The legal basis for the processing is your consent (Article 6 para. (1) (a) GDPR).
(iv) The data is automatically transmitted by the browser of the user.
(v) The recipient of the data is Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin, which we use as processor within the framework of a data processing agreement. In the case of data processing in the USA, the basis for data processing is your consent granted through the cookie banner (Art. 49 para. (1) (a) GDPR). In the USA, there is no level of data protection entirely equivalent to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably possible only to a limited extent in the USA. You can withdraw your given consent at any time with effect for the future through the âcookie settings sectionâ.
(vi) The data from the session cookie is deleted after the end of the session. The remaining data will be deleted after one year.
(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the data subject to provide the data. If the data is not provided, we cannot perform web analysis using Web Extend.
d) Google Pixel
If you have given your consent, we use Google Analytics 4 (GA4) from Google Ireland Limited. This service analyzes user behavior in pseudonymized form to evaluate website performance and marketing campaign effectiveness.
You can disable GA4 tracking anytime via our âcookie settings sectionâ or the Google Analytics Opt-Out Browser Add-on.
(i) The purpose of data processing is to analyze user interactions (e.g., page views, session duration) to optimize website content and measure ad campaign performance.
(ii) The processed data are:
- HTTP Data: IP address (anonymized for EU users), browser type/version, operating system, visited pages, referral URLs, timestamps.
- Event Data: Clickstream activity, scroll depth, video engagement, and e-commerce transactions.
- User Identifiers: Pseudonymized client IDs and hashed user IDs (if logged in).
(iii) The legal basis for the processing is your consent (Article 6 para. (1) (a) GDPR).Â
(iv) The data is automatically transmitted by the browser of the user and Google tags.
(v) Recipients:
The recipients of the data are Google LLC (USA), 1600 Amphitheatre Parkway, Mountain View, California 94043, United States (under the EU-US Data Privacy Framework adequacy decision) and Google Ireland Limited (EU), Gordon House, Barrow Street, Dublin 4, Ireland (as data processor under a Data Processing Agreement). In the case of data processing in the USA, the basis for data processing is your consent granted through the cookie banner (Art. 49 para. (1) (a) GDPR). In the USA, there is no level of data protection entirely equivalent to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably possible only to a limited extent in the USA. You can withdraw your given consent at any time with effect for the future through the âcookie settings sectionâ.
(vi) Retention: User-level data deleted after 26 months; aggregated reports retained indefinitely.
(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the data subject to provide the data. If the data is not provided, we cannot perform web analysis using Google Pixel.
e) Meta Pixel
If you have granted consent, we implement Meta Pixel from Meta Platforms Ireland Ltd. to analyze ad performance and user interactions across Facebook/Instagram.
You can revoke consent anytime via âcookie settings sectionâ.
(i) The purpose of data processing is to track conversions, build custom audiences, and optimize ad delivery.
(ii) The processed data are:
- HTTP Data: IP address, browser/OS details, visited pages.
- Event Data: Clicks, form submissions, cart abandonments, purchases.
- Identifiers: Hashed Facebook ID, cookie identifiers.
(iii) The legal basis for the processing is your consent (Article 6 para. (1) (a) GDPR).Â
(iv) The data is automatically transmitted by the browser of the user and Meta Pixel scripts.
(v) Recipients:
The recipients of the data are Meta Platforms Ireland Ltd. (EU), Merrion Road, Dublin 4, D04 X2K5, Ireland, as independent controller) and Meta Platforms, Inc., 1 Meta Way, Menlo Park, CA 94025, United States, (USA, under Standard Contractual Clauses). In the case of data processing in the USA, the basis for data processing is your consent granted through the cookie banner (Art. 49 para. (1) (a) GDPR). In the USA, there is no level of data protection entirely equivalent to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably possible only to a limited extent in the USA. You can withdraw your given consent at any time with effect for the future through the âcookie settings sectionâ.
(vi) Retention: Data stored until user profile deletion or consent revocation.
(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the data subject to provide the data. If the data is not provided, we cannot perform ad personalization and performance tracking by using Meta Pixel.
f) TikTok Pixel
If you have granted consent, we implement the TikTok Pixel from TikTok Technology Limited to measure ad effectiveness and create targeted audiences.Â
You can revoke consent anytime via âcookie settings sectionâ.
(i) The purpose of data processing is to analyze ad-driven user actions (e.g., purchases, sign-ups) and optimize TikTok campaigns.
(ii) The processed data are:
- HTTP Data: IP address (partial anonymization), device/browser metadata..
- Event Data: Page views, button clicks, video interactions.
- Identifiers: Hashed TikTok user ID, device ID.
(iii) The legal basis for the processing is your consent (Article 6 para. (1) (a) GDPR).Â
(iv) The data is automatically transmitted by the browser of the user and TikTok Pixel scripts.
(v) Recipients:
The recipients of the data are TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TIK TOK TECHNOLOGIES LTD (UK Subsidiary), 61 Barras Lane, Coventry, England, CV1 4AQ, as joint controllers and TikTok Inc. (USA under Standard Contractual Clauses). In the case of data processing in the USA, the basis for data processing is your consent granted through the cookie banner (Art. 49 para. (1) (a) GDPR). In the USA, there is no level of data protection entirely equivalent to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably possible only to a limited extent in the USA. You can withdraw your given consent at any time with effect for the future through the âcookie settings sectionâ.
(vi) Retention: Data removed after 12 months or upon consent withdrawal.
(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the data subject to provide the data. If the data is not provided, we cannot perform campaign analytics with TikTok Pixel.
g) Zendesk (on Ableton Help Website)
We use the help desk software tool Zendesk on our Ableton Help Website. Zendesk is acting as our processor within the framework of a data processing agreement. With the help of Zendesk we can answer your questions and help requests in a better way. When Zendesk is used, cookies are used to improve the user experience. If you do not want us to process your data with specific requests through the Zendesk tool and thereby process your usage data, you can alternatively use our other communication channels: https://www.ableton.com/en/contact-us/
(i) The purpose of data processing is to answer help requests of our users on our Ableton Help Website, to analyze user help requests and to improve the user experience.
(ii) The processed data are:
Zendesk HTTP data:
This is protocol data that is generated for technical reasons when using the help desk software Zendesk via the Hypertext Transfer Protocol (Secure) (HTTP(S)) used on the website: This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.
Zendesk identifiers
These are pseudonymized identifiers such as external IDs or hashed email addresses for cases where customers are logged in (chat widget authentication).
(iii) The legal basis for the processing is your consent (Article 6 para. (1) (a) GDPR).
(iv) The data is automatically transmitted by the browser of the user.
(v) The recipient of the data is Zendesk, Inc., 1019 Market Street, San Francisco, CA 94193, USA, which we use as processor within the framework of a data processing agreement. We have concluded the EU standard contractual clauses with Zendesk, Inc., so that Zendesk, Inc may only process your data for our purposes. In addition, Zendesk, Inc., has established Binding Corporate Rules (Article 42 para. (2) (b), 47 GDPR), which have been approved by the Irish data protection supervisory authority. Further, Zendesk is part of the EU-US Data Privacy Framework.
If the aforementioned measures are not considered sufficient the data processing in the USA is based on your consent (Article 49 para. (1) (a) GDPR). It is possible that US authorities may access personal data without us or you being informed.
(vi) The majority of data is deleted at the end of the session. The support preference settings are stored for one year. Aggregated data will not be deleted.
(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the data subject to provide the data. If the data is not provided, we cannot answer your questions and help requests via Zendesk help desk software.
1.4 Audio and other content from third parties
There are links on our websites to audio files that are stored and accessible on external music content platforms. As soon as you click the button to play a content from such music content platform, the file is loaded by such platform. Technically, the same thing happens as if you would go to the respective platform website via a link: The external music content platform receives all information that your browser automatically transfers (including your IP address). Such external music content platform also sets its own cookies on your device. This also happens if you do not have an external music content platform user account. If you are logged in to such account, your data is directly associated with your account. If you do not want your profile to be associated with such external platform you must log out of your account there before clicking on the audio file content.
Please find more details about the external music content platforms below and in their respective privacy information linked on the external music content platforms.
a) Soundcloud Embedding
The collection and processing of this data is the sole responsibility of SoundCloud Global Limited & Co. KG, Rheinsberger Str. 76/77, 10115 Berlin, Germany, or SoundCloud Inc, 71 5th Avenue, 5th Floor, New York 10003, NY, USA (if you are located in the US). Ableton has no influence on the data processing of Soundcloud.
For information about the processing of personal data by Soundcloud, please refer to the Soundcloud Privacy Policy: https://soundcloud.com/pages/privacy
b) YouTube Embedding (Privacy Enhanced Mode)
The collection and processing of this data is the sole responsibility of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as its service provider. Ableton has no influence on the data processing of Google. For information about the processing of personal data by Google, please refer to the Google Privacy Policy: https://policies.google.com/privacy
c) Spotify Embedding
The collection and processing of this data is the sole responsibility of Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden. Ableton has no influence on the data processing by Spotify. For information about the processing of personal data by Spotify please refer to the Spotify Privacy Policy: https://www.spotify.com/de/legal/privacy-policy/
d) Bandcamp Embedding
The collection and processing of this data is the sole responsibility of Bandcamp, Inc., USA. Ableton has no influence on the data processing of Bandcamp. For information about the processing of personal data by Bandcamp please refer to the Bandcamp Privacy Policy: https://bandcamp.com/privacy
e) Facebook Video and Instagram Embedding
The collection and processing of this data is the sole responsibility of Facebook (if user is located in the EU: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). Ableton has no influence on the data processing of Facebook. For information about the processing of personal data by Facebook or Instagram please refer to the Facebook products Privacy Policy: https://www.facebook.com/about/privacy
f) Vimeo Embedding
The collection and processing of this data is the sole responsibility of Vimeo.com, Inc., 555 West 18th Street, New York, New York 10011, USA. Ableton has no influence on the data processing of Vimeo. For information about the processing of personal data by Facebook or Instagram please refer to Vimeo Privacy Policy: https://vimeo.com/privacy
4. Survey, interview and usability test participants
(i) We process your data for the purpose of conducting surveys, interviews and usability tests and the evaluation of the respective results.
(ii) Processed data are name (if it is provided), survey and interview content, time stamp of participation and technical metadata of participation.
(iii) The legal basis for data processing for the conduction and evaluation of surveys, other interviews and usability tests is your consent (Article 6 para. (1) (a) GDPR) or, if you are a frequent tester, a contract (Article 6 para. (1) (b) GPDR). We may also process your mostly aggregated data with our legitimate interest of aligning and improving our products, services and customersâ needs (Article 6 para. (1) (f) GDPR). The legal basis on keeping your data â which might be relevant for certain legal disputes - for three years (statutory limitation period) is Article 6 para. (1) (f) GDPR (legitimate interest to defend us against possible claims).
(iv) You provide your name and the survey, interview and usability test content yourself when you take part in the survey, interview or usability test; the further data is transmitted automatically by your browser.
(v) We use service providers as processors within the framework of a data processing agreement for conducting and evaluating surveys, interviews and usability tests, as well as for the provision, maintenance and servicing of IT systems. A data transfer to the USA takes place, when we use the software of our service providers. Such service providers include Zoom Video Communications Inc., Zendesk, Inc., Momentive Europe UC, Zenloop GmbH and UserZoom, Inc. (including the Software EnjoyHQ) to conduct surveys and usability tests and improve Ableton products and support service. Zenloop is a business-to-business software-as-a-service platform that allows us to collect your survey responses and analyze feedback from our customers. This enables us to align and improve our needs of our customers and improve them. The basis for data processing in the USA is your consent (Art. 49 para. (1) (a) GDPR). In the USA, there is no level of data protection entirely equivalent to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably possible only to a limited extent in the USA. You can withdraw your given consent at any time with effect for the future. The providers Zoom Video Communications Inc., Zendesk, Inc., Momentive Europe UC, and UserZoom, Inc. are bound by EU Standard Contractual Clauses, so that Zoom Video Communications Inc., Zendesk, Inc., Momentive Europe UC and UserZoom, Inc. may only process your data for our purposes. Further are Zoom Video Communications Inc., Zendesk and Inc., Momentive Europe UC part of the EU-US Data Privacy Framework.
We also use the CRM (= customer relation management) service by salesforce.com GmbH. We have concluded the EU standard contractual clauses with salesforce.com and salesforce.com may only process your data for our purposes. In addition, salesforce.com has established Binding Corporate Rules and Zendesk, Inc., Momentive Europe UC.
(vi) If we are not required to keep your data for follow up questions or compliance with our legal retention obligations, the data regarding surveys, other interviews or usability tests will usually be deleted once the user testing contract with you has ended or one year after having taken part in a survey, interview or test, at the latest. Data that become relevant for a defense against possible claims are stored for three years (statutory limitation). If you no longer wish to participate in surveys, you can use the unsubscribe button in the emails or change your settings in your Ableton Account under âPersonal Detailsâ.
(vii) Taking part in surveys, interviews and usability tests is voluntary and not obligatory. The use of all Ableton products and services is possible without taking part in surveys, interviews and usability tests.
8. Ableton Social Media Pages Visitors
Ableton operates social media sites. Social media pages are run by service providers who process data for providing such sites.
(i) The purpose for data processing on our social media sites is providing you with interesting content and to interact with you on social media platforms. Depending on the social media service usage data may also be analyzed to improve our social media presence.
(ii) The data processed are content and usage data on such social media pages.
(iii) Information and data displayed or shared on Ableton social media sites may be accessible to the applicable provider of the social media platform, its users and Ableton (or engaged service providers).
(iv) Further details on data processing on the respective social media sites can be found on the respective social media pages and this Privacy Policy.
Facebook:
We and Facebook (for users in the EU/EEA: Facebook Ireland Ltd. (Facebook), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are joint controllers of the processing of personal data via the Ableton Facebook page. The agreement on joint controllership is available under:Â https://www.facebook.com/legal/terms/page_controller_addendum. According to the agreement, Facebook is responsible to inform data subjects about the processing activities. Facebookâs Privacy Policy is available under:Â https://www.facebook.com/privacy/explanation. Data subjects may exercise their rights in respect of and against each of the controllers, Ableton and/or Facebook. The legal basis for the processing of data by Ableton is the legitimate interest in the analysis of usage data in order to improve the Facebook Page (Article 6 para. (1) (f) GDPR).
Instagram:
We and Instagram (for users in the EU/EEA provided by Facebook Ireland Ltd. (Facebook), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are joint controllers of the processing of personal data via the Ableton Instagram page. The agreement on joint controllership is available under: https://www.facebook.com/legal/terms/page_controller_addendum. According to the agreement, Instagram (provided by Facebook) is responsible to inform data subjects about the processing activities. Instagramâs Privacy Policy is available under: https://help.instagram.com/519522125107875. Data subjects may exercise their rights in respect of and against each of the controllers, Ableton and/or Instagram (provided by Facebook). For more information on the data Instagram shares with Ableton please visit https://facebook.com/help/instagram/788388387972460?helpref=related. The legal basis for the processing of data by Ableton is the legitimate interest in the analysis of usage data in order to improve the Instagram Page (Article 6 para. (1) (f) GDPR).
YouTube:
We operate a social media page on the Youtube platform. The collection and processing of this data is the sole responsibility of Google (for EU/EEA Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as its service provider). We have no knowledge of further details of the processing of personal data in the area of data controllership of Google or a possible data processing in the USA. Ableton has no influence on the data processing of Google. For information about the processing of personal data by Google, please refer to the Google Privacy Policy: https://policies.google.com/privacy. As applicable, the legal basis for the processing of data by Ableton is the legitimate interest in the analysis of usage data in order to improve the Youtube Page (Article 6 para. (1) (f) GDPR).
TikTok:
We maintain a presence on TikTok. Data processing on this platform is independently managed by TikTok Technology Limited (10 Earlsfort Terrace, Dublin, Ireland), which utilizes global service providers including ByteDance Ltd. (Singapore) and TikTok Pte. Ltd. (Singapore). We lack detailed insight into TikTokâs processing activities, including potential data access under Chinese jurisdiction. For comprehensive details, consult TikTokâs Privacy Policy: https://www.tiktok.com/legal/privacy-policy. The lawful basis for limited data analysis under GDPR Article 6(1)(f) is legitimate interest in content optimization.
X:
We operate a social media page on X (by X Corp, Inc., 1355 Market Street, Suite 900
San Francisco, CA 94103, USA). For users in the EU/EEA the controller to controller data protection addendum between X and Ableton  applies https://gdpr.x.com/en/controller-to-controller-transfers.html. According to the agreement the collection and processing of this data is the sole responsibility of X. Xâs Privacy Policy is available under: https://x.com/en/privacy As applicable, the legal basis for the processing of data by Ableton is the legitimate interest in the analysis of usage data in order to improve the X Page (Article 6 para. (1) (f) GDPR).
LinkedIn:
We and LinkedIn (for users in the EU/EEA: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland) are joint controllers of the processing of personal data via the Ableton LinkedIn page. The agreement on joint controllership is available under: https://legal.linkedin.com/pages-joint-controller-addendum. According to the agreement, LinkedIn is responsible to inform data subjects about the processing activities. LinkedInâs Privacy Policy is available under: https://www.linkedin.com/legal/privacy-policy. Data subjects may exercise their rights in respect of and against each of the controllers, Ableton and/or LinkedIn. For more information on the data LinkedIn shares with Ableton please visit https://www.linkedin.com/help/linkedin/answer/4499/viewing-company-page-analytics?lang=en. The legal basis for the processing of data by Ableton is the legitimate interest in the analysis of usage data in order to improve the LinkedIn Page (Article 6 para. (1) (f) GDPR).
Discord:
We operate a discussion platform on Discord (Discord Inc. 444 de Haro Street, Suite 200, San Francisco, CA 94107). The collection and processing of data is the sole responsibility of Discord. With regard to users in the EU/EEA, data processing is carried out by Discord Netherlands B.V. Schiphol Boulevard 195, 1118BG Schiphol, Netherlands. Discord is part of the EU-US Data Privacy Framework. Discord's privacy policy is available at: https://discord.com/privacy
The legal basis for the processing of data by Ableton may be the legitimate interest in moderation on the discussion platform (Art. 6 para. 1 lit. f) GDPR).