Ableton AG, Schönhauser Allee 6-7, D-10119 Berlin herewith informs you about the processing of personal data for which Ableton is responsible in the sense of the EU General Data Protection Regulation (GDPR).
Apart from sending us a letter, you may contact us at any time via privacy[at]ableton[dot]com
You can reach our data protection officer by sending an e-mail to AbletonDSB[at]daspro[dot]de or by sending a letter to Ableton DSB, daspro GmbH, Kurfürstendamm 21, 10719 Berlin.
Below we have compiled the most important information on typical data processing for you, broken down by groups of data subjects. For certain data processing operations, which only concern specific groups, the information requirements are fulfilled separately. Where the term "data" is used, only personal data within the meaning of the GDPR are meant.
- Website Visitors
- Newsletter Recipients
- Job Candidates
- Customers and Respective Contacts
- Communication Partners, Artists, Externals
- Rights of Data Subjects and Further Information
- Children's Online Privacy Protection Act ("COPPA")
1. Website Visitors
1.1 Server protocol data
Our web server processes a series of data for each request, which your browser automatically transmits to our web server. This data comprises the IP address currently assigned to your device, the date and time of the request, the time zone, the specific page or file called up, the http status code and the amount of data transferred. Additionally, the website from which your request came, the browser used, the operating system of your end device and the set language. The web server uses this data to display the contents of this website in the best possible way on your device.
1.2 Web analysis with Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. IP anonymization is activated for this website, meaning Google will shorten your IP address within the European Union or in another contracting state to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Google will use this information as a processor according to Art. 28 GDPR to evaluate your use of the website, to compile reports on the website activities and to provide the website’s operator with further services connected with the use of the website and the internet. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
1.3 Web analysis with Google AdWords
This website uses Google AdWords conversion tracking, another Google analysis service. Google AdWords uses temporary cookies that are stored on your computer for a short time when you click on an Ableton ad. The information generated by the cookie about your use of this website after the advertisement has been clicked is usually transferred to a Google server in the USA and stored there. Google will use this information as a contractually designated processor pursuant to Art. 28 GDPR to evaluate your use of the website after the advertisement has been clicked and to compile reports on these website activities.
1.4 Web analysis with Crazy Egg
This website uses Crazy Egg, a web analysis service of Crazy Egg, Inc. ("Crazy Egg"). A cookie analyses your user behavior (especially your clicks) on our websites. The information generated by the cookie about your click behavior on our websites is usually transferred to a Crazy Egg server in the USA. You can object to the use of Crazy Egg at any time.
1.5 The purpose of data processing is to present Ableton AG on the internet and to communicate with job candidates, interested parties, customers and business partners. The purpose of evaluating user behavior on the website is to design the website in line with their requirements.
1.6 The legal basis for processing is Art. 6 (1)(b) GDPR (contract of use for the website). The legal basis for the analysis of user behavior is Art. 6 (1) (f) GDPR (legitimate interest, namely the demand-oriented design of the website).
1.7 Protocol and communication data will not be transferred to third parties unless special circumstances have arisen. If a criminal offence is suspected or in the course of an investigation, data may be transferred to the police and the public prosecutor's office. We use service providersfor the provision of our services by way of commissioned data processing, in particular for the provision, maintenance and servicing of IT systems.
1.8 IP addresses are anonymized after 24 hours at the latest. Pseudonymous user data is deleted after a period of six months.
1.9 The use of the website is not possible without disclosure of personal data, such as the IP address. Communication via the website without providing data is not possible. The use of the website is also possible if the pseudonymous user analysis was denied.
2. Newsletter Recipients
2.1 When you order our newsletter, we process your data with the purpose of sending the newsletter.
2.2 The legal basis for data processing with respect to newsletters is Art. 6 (1) (a) GDPR (consent).
2.3 We use service providers by way of commissioned data processing for the performance of services, in particular for the provision, maintenance and servicing of IT systems.
2.4 Data relating to newsletters will be deleted when you unsubscribe from the newsletter.
2.5 Data submission is necessary for the receipt of newsletters. Without submitting data, it is not possible to send the newsletter.
3. Job Candidates
3.1 The purpose of data processing is the selection of job candidates. There are no plans to change these purposes.
3.2 The legal basis is § 26 Federal Data Protection Act (2017) in conjunction with Art. 6 (1) (b) (employment contract) and Art. 88 GDPR.
3.3 The candidate’s data will be transferred internally to the responsible employees in charge of the decision-making. We also use service providers for the provision of our services by way of commissioned data processing, in particular for the provision, maintenance and servicing of IT systems.
3.4 The data will be deleted three months after the application process has ended.
3.5 The provision of personal data is required for the examination of the application and, if applicable, the subsequent conclusion of an employment contract. Without personal data, an application cannot be considered. However, applications can be submitted without designating the information as having been provided voluntarily.
3.6 In the course of the application procedure, data will be processed by the service provider Personio. This processing is based on the conclusion of a processor controller agreement under German law. A copy can be made available by the data protection officer at any time.
4. Customers and Respective Contacts
4.1 We process your data for the purpose of performing the obligations stemming from our contractual relationship. This also includes consulting, support and information about product innovations and new products.
4.2 The legal basis for processing the data of customers who are natural persons is Article 6 (1) (b) GDPR (contract) and Article 6 (1) (c) GDPR (legal obligations). The legal basis for the processing of contact data for customers who are not natural persons is Article 6 (1) (f) GDPR (legitimate interest, namely communication with the customer). The legal basis for information on products is Article 6 (1) (f) GDPR (legitimate interest, namely advertising). The legal basis for the transfer of payment information to payment providers is Article 6 (1) (c) GDPR (legitimate interest). The legal basis for the transfer of historic order and payment information to payment providers is Article 6 (1) (a) GDPR (consent).
Historic order and payment information are the unambiguous name, the specific customer account’s identification number, date and time on which the customer created the account (locally), date and time of the last change to the account undertaken by the customer (locally), card, direct banking, payment provider, SMS, other payment method, total amount of successful purchases, date and time of the last successful purchase (local), date and time of the first successful purchase (local).
4.3 Banks and payment providers may be recipients of data for the processing of payments and credit worthiness checks. In individual cases, data may be transferred to debt collection service providers, lawyers and courts. We also use service providers for the provision of our services by way of commissioned data processing, in particular for the provision, maintenance and servicing of IT systems.
4.4 All data relevant to contracts and book keeping shall be stored for a period of ten calendar years after the contract’s end in accordance with tax and commercial law retention periods.
4.5 The provision of data is obligatory for customers based on statutory and contractual regulations. The contractual relationship cannot be established and carried out without providing data.
4.6 Support requests may be processed by Ableton corporations in the USA and Japan. This processing is based on the conclusion of EU standard contractual clauses. A copy can be made available by the data protection officer at any time.
5. Communication Partners, Artists and Externals
5.1 The purpose of the processing is the preparation and execution of a contractual relationship or other communication.
5.2 With respect to contracts with natural persons, the legal basis for processing is Art. 6 (1) (b) GDPR (contract or contract initiation), whereas for contracts with legal persons Art. 6 (1) (f) GDPR (legitimate interest, namely communication with contact persons relevant to the contract) and Art. 6 (1) (c) GDPR (statutory obligations, in particular tax and commercial law provisions) apply. If just communication concerned, the legal basis is Article 6(1) (f) GDPR (legitimate interest, namely documentation of communication processes).
5.3 Contact and contract data can be transmitted to other service providers, business partners as well as offices and authorities if necessary for the execution of the contract or order. We also use service providers for the provision of our services by way of commissioned data processing, in particular for the provision, maintenance and servicing of IT systems.
5.4 Data of contract partners and service providers shall be deleted ten calendar years after termination of the contract or order.
5.5 The processing of contact data on part of the service providers and business partners is necessary to execute the contract or order. If the data is not provided, the communication may be considerably impaired.
6. Rights of Data Subjects and Further Information
6.1 We do not use any methods of automated individual decision-making.
6.2 You have the right to request information at any time about all your personal data which we are processing.
6.3 If your personal data is incorrect or incomplete, you have the right to have it rectified and completed.
6.4 You can request the erasure of your personal data at any time, as long as we are not bound by legal obligations that require or allow us to continue processing your data.
6.5 If the applicable legal requirements are met, you can request a restriction to the processing of your personal data.
6.6 You have the right to object to the processing, insofar as the data processing is based on profiling or direct marketing purposes.
6.7 If the processing is carried out on the basis of the weighing of interests, you may object to the processing by stating reasons arising from your particular situation.
6.8 If the data processing takes place on the basis of your consent or a contract, you have the right to a transfer of the data provided by you, insofar as the rights and freedoms of others are thereby not impaired.
6.9 If we process your data on the basis of a declaration of consent, you have the right to revoke this consent at any time with future effect. The processing carried out prior to a revocation remains unaffected by the revocation.
6.10 Moreover, you have the right to file a complaint at any time with a data protection supervisory authority, if you believe that data processing has been carried out in violation of the applicable law.
7. Children's Online Privacy Protection Act ("COPPA")