Privacy Policy

Ableton AG, SchĂśnhauser Allee 6-7, D-10119 Berlin herewith informs you about the processing of personal data for which Ableton is responsible in the sense of the EU General Data Protection Regulation (GDPR).

Apart from sending us a letter, you may contact us at any time via privacy[at]ableton[dot]com

You can reach our data protection officer by sending an e-mail to AbletonDSB[at]daspro[dot]de or by sending a letter to Ableton DSB, daspro GmbH, KurfĂźrstendamm 21, 10719 Berlin.

Below we have compiled the most important information on typical data processing for you, broken down by groups of data subjects. For certain data processing operations, which only concern specific groups, the information requirements are fulfilled separately. Where the term "data" is used, only personal data within the meaning of the GDPR are meant.

  1. Website Visitors
  2. Newsletter Recipients

  3. Survey, interview and usability test participants

  4. Job Candidates

  5. Customers and Respective Contacts

  6. Communication Partners, Artists, Externals

  7. Rights of Data Subjects and Further Information

  8. Children’s Online Privacy Protection Act („COPPA")

1. Website Visitors

1.1 Server-log data

When using the website, certain information is sent to the server of our website by the browser used on your device for technical reasons. This data is stored and processed on our server.

(i) We process the following data for the purpose of providing the contents of the website that you have visited, to ensure the security of the IT infrastructure used, to correct errors, to enable and simplify searches on the website and to manage cookies.

(ii) The data processed is HTTP data: HTTP data is protocol data that is generated when the Website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons: This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit. HTTP(S) data also accumulates on the servers of service providers (e.g. when requesting third-party content).

(iii) The legal basis for the processing is our legitimate interest in the operation of an Internet presence and the communication with communication partners in accordance with Article 6 (1) (f) GDPR.

(iv) The data is automatically transmitted by the browser of the user.

(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.

(vi) IP addresses are anonymized after 24 hours at the latest. Pseudonymous usage data will be deleted after six months.

(vii) Without disclosure of personal data such as the IP address, the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

1.2 Technically required cookies

We use cookies on our website. Cookies are small text files containing information that can be stored on the user's device via the browser when visiting a website. The information stored in cookies can be read out and processed when the website is visited again using the same device. In doing so, we use processing and storage functions of the browser of your device and collect information from the storage of the browser of your device.

In the structure of our privacy policy, we differentiate between technically required cookies and tracking cookies. Cookies that are technically required for the functioning of the website cannot be deactivated via the cookie management function of this website. However, you can generally deactivate cookies at any time in your browser. Different browsers offer different ways to configure the cookie settings in the browser. However, we would like to point out that some functions of the website may not function or no longer function properly if you generally deactivate cookies in your browser.

We use so-called Consent Cookies to store your consent, possible revocation of consent and opt-out of the use of cookies on our website.

(i) The purpose of data processing is the storage of the user decisions on cookies (consent, revocation, opt-out).

(ii) The processed data are:

  • HTTP data:
    HTTP data is protocol data that is technically generated when the website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.

  • User decision on cookies:
    User's decision on individual cookies or groups of cookies. Time of the decision and of the last visit.

(iii) The legal basis for the processing is our legitimate interest in the easy and reliable control of cookies settings in accordance with the respective user decisions in accordance with Article 6 (1) (f) GDPR.

(iv) The data is actively provided by the user (decision on cookies) or automatically transmitted by the user's browser (protocol data, time stamp).

(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.

(vi) A negative user decision with regard to cookies is deleted at the end of the session. The other data will be deleted after one year.

(vii) Without disclosure of personal data, the use of the website is not possible. Communication via the website without the disclosure of data is technically not possible.

1.2.2 Ablsessionid

We use the Ablsessionid cookie as the so-called "session ID". This enables us to save the customer account, individual settings and certain user actions for the duration of your visit (e.g. login, language settings, shopping basket function).

(i) The purpose of data processing is to enable the login, user-specific settings (e.g. language) and the technical provision of a shopping cart function.

(ii) The processed data are data concerning the customer's account, language selection, country, cookie settings and shopping cart.

(iii) The legal basis for the processing is our legitimate interest in the provision of the individual sessions for the users, including the shopping basket function or the respective language setting in accordance with Article 6 (1) (f) GDPR.

(iv) The data is automatically transmitted by the browser of the user.

(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.

(vi) The data is deleted after one year.

(vii) Without disclosure of personal data the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

1.2.3 crftoken

We use the crftoken cookie on our website, which is used to protect against so-called cross-site request forgery attacks. Here, attackers attempt to display fake requests to website visitors. The cookie helps us to prevent such attacks.

(i) The purpose of the data processing is to increase the security of the website and to prevent so-called cross-site request forgery attacks.

(ii) The data processed are the crftoken test result and the HTTP log data.

(iii) The legal basis for the processing is our legitimate interest in protecting our website visitors from cross-site request forgery attacks in accordance with Article 6 (1) (f) GDPR.

(iv) The data is automatically transmitted by the browser of the user.

(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.

(vi) The data is deleted at the end of the session.

(vii) Without disclosure of personal data the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

1.2.4 Google Tag Manager

We use the Google Tag Manager on our website. The Google Tag Manager enables us to manage cookies and control their placement. This enables us to implement, for example, your consent, a revocation of consent or an opt-out. The Google Tag Manager does not set its own cookies and does not process data stored in cookies.

(i) The purpose of the data processing is to control the placement of cookies on our website and to ensure the security of the application.

(ii) The data processed is HTTP data: HTTP data is protocol data that is generated when the Website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons: This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit. HTTP(S) data also accumulates on the servers of service providers (e.g. when requesting third-party content). Your IP address is automatically anonymized during processing.

(iii) The legal basis for the processing is our legitimate interest in the simple and reliable control of cookies in accordance with Article 6 (1) (f) GDPR.

(iv) The data is automatically transmitted by the browser of the user.

(v) The recipient of the data is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, which we use as processor within the framework of a data processing agreement.

(vi) IP addresses will be anonymised after 24 hours at the latest. Pseudonymous usage data will be deleted after six months.

(vii) Without disclosure of personal data the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

1.3 Tracking Cookies

We use cookies on our website. Cookies are small text files containing information that can be stored on the user's device via the browser when visiting a website. The information stored in cookies can be read out and processed when the website is visited again using the same device. In doing so, we use processing and storage functions of the browser of your device and collect information from the storage of the browser of your device.

In the structure of our privacy policy, we differentiate between technically required cookies and tracking cookies. Depending on their function and purpose, the use of certain cookies may require the user's consent. Your consent is given through a so-called "cookie banner": When you visit our website, we display our cookie banner. In our cookie banner you can declare your consent to the use of all cookies requiring consent on this website by clicking on the "Accept" button. Without such consent, the cookies requiring consent are not activated. By clicking the "Close" button, you can also completely reject the use of cookies requiring consent. Your decision will be saved in a cookie. Alternatively, you have the possibility to access our "cookie board" by clicking on the "More information" button. In the cookie board, you can make an individual selection of cookies and customize them at a later time. We store your cookie settings in the form of a cookie on your device in order to determine whether you have already made cookie settings the next time you visit the website.

1.3.1 Google Analytics

If you have given your consent, we use the web analysis tool Google Analytics on our website. With the help of Google Analytics, we can analyze the user behaviour of visitors to our website in pseudonymized and anonymised form.

You can deactivate the data processing by Google Analytics at any time in our "cookie board". Alternatively, you can install a browser plug-in from Google which prevents data collection by Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en

(i) The purpose of data processing is to analyze user behaviour and to measure the reach of our website and advertisements to optimize our website.

(ii) The processed data are:

  • Google Analytics HTTP data:
    This is protocol data that is generated for technical reasons when using the web analysis tool Google Analytics via the Hypertext Transfer Protocol (Secure) (HTTP(S)) used on the website: This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.

  • Google Analytics device data:
    Data generated by the web analysis tool Google Analytics and assigned to your device: This includes a unique ID for the (re-)recognition of returning visitors (so-called "client ID") as well as certain technical parameters for controlling data collection for web analysis.

  • Google Analytics measurement data:
    Device-related raw data (so-called "dimensions" and " measurement results"), which are collected and analyzed by the web analysis tool Google Analytics when using our website: This includes, above all, information about the sources through which visitors reach our website, information about the location, the browser and the device used, information about the use of the website (in particular page views, frequency of visits and length of stay on accessed pages) as well as information about the fulfilment of certain purposes (in particular transactions in the online shop). The data is assigned to the client ID assigned to your device. As a result, device-related usage profiles are created in which all device-related raw data is combined into a client ID. The data that we collect using Google Analytics does not enable us to identify you personally (i.e. by your civil name). We also do not merge the device-related raw data and the resulting device-related usage profiles with data that directly identifies you personally without your consent.

  • Google Analytics report data:
    Data contained in aggregated segment and device-related reports generated by the Google Analytics web analysis tool based on the analysis of device-related raw data.

(iii) The legal basis for the processing is Article 6 (1) (a) GDPR (consent).

(iv) The data is automatically transmitted by the browser of the user.

(v) The recipient of the data is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, which we use as processor within the framework of a data processing agreement. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as its service provider. The basis for data processing in the USA is your consent granted through the cookie banner (Art. 49 (1) (a) GDPR). In the USA, there is no level of data protection comparable to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably not possible in the USA. You can withdraw your given consent at any time with effect for the future through the cookie settings.

(vi) The data will be deleted after 6 months.

(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the data subject to provide the data. If the data is not provided, we cannot make web analysis using Google Analytics.

1.3.2 Crazy Egg

If you have given your consent, we use the heatmap function of the web analysis tool Crazy Egg on our website. With the help of the heatmap function we can analyze in pseudonymized and anonymized form which contents of our website are viewed by visitors.

You can deactivate the data processing by Crazy Egg at any time in our "cookie board". Alternatively, you can install a browser plug-in from Crazy Egg which prevents Crazy Egg from collecting data: https://www.crazyegg.com/opt-out?clean=1

(i) The purpose of data processing is the analysis of user behaviour, in particular the examination of the individual steps of the purchasing process as well as the effectiveness test of special web offers.

(ii) The processed data are:

  • Crazy Egg HTTP data:
    This is protocol data that is generated for technical reasons when using the web analysis tool Crazy Egg via the Hypertext Transfer Protocol (Secure) (HTTP(S)) used on the website: This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.

  • Crazy Egg device data:
    Data generated by the Crazy Egg web analysis tool and assigned to your device. This includes the device used (PC, table PC or smartphone) and the respective operating system.

  • Crazy Egg report data:
    Data contained in aggregated segment and device-related reports by the Crazy Egg web analysis tool based on the heat map analysis.

(iii) The legal basis for the processing is Article 6 (1) (a) GDPR (consent).

(iv) The data is automatically transmitted by the browser of the user.

(v) The recipient of the data is Crazy Egg Inc., 16220 E. Ridgeview Lane, La Mirada, CA 90638, USA, which we use as processor within the framework of a data processing agreement. The basis for data processing in the USA is your consent granted through the cookie banner (Art. 49 (1) (a) GDPR). The basis for data processing in the USA is your consent granted through the cookie banner (Art. 49 (1) (a) GDPR). In the USA, there is no level of data protection comparable to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably not possible in the USA. You can withdraw your given consent at any time with effect for the future through the cookie settings. 

(vi) The data will be deleted after 3 months.

(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the data subject to provide the data. If the data is not provided, we cannot make web analysis using Crazy Egg.

1.3.3 Web Extend (Emarsys)

If you have given your consent, we use the web analysis tool Web Extend from the provider Emarsys Interactive Services GmbH on our website. With the help of Web Extend, we can examine the user behavior of visitors to our website in pseudonymized and anonymized form and, for example, evaluate purchases made as a result of email campaigns.

You can deactivate data processing by Web Extend at any time in our "cookie board".

(i) The purpose of data processing is to analyze user behaviour and to measure the reach of our newsletter in order to optimize our offers. The main focus here is on the analysis of purchases as a result of email campaigns.

(ii) The processed data are:

  • Web Extend HTTP data:
    This is protocol data that is generated for technical reasons when using the web analysis tool Web Extend via the Hypertext Transfer Protocol (Secure) (HTTP(S)) used on the website: This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.

  • Web Extend identifiers
    These are pseudonymized identifiers such as external IDs or hashed email addresses for cases where customers are logged in.

  • Web Extend Browsing Information
    Data generated by the web analysis tool Web Extend: Information about the last shopping cart that was canceled, the last completed purchase, and the last web page session.

(iii) The legal basis for the processing is Article 6 (1) (a) GDPR (consent).

(iv) The data is automatically transmitted by the browser of the user.

(v) The recipient of the data is Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin, which we use as processor within the framework of a data processing agreement. In the case of data processing in the USA, the basis for data processing is your consent granted through the cookie banner (Art. 49 (1) (a) GDPR). In the USA, there is no level of data protection comparable to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably not possible in the USA. You can withdraw your given consent at any time with effect for the future through the cookie settings. 

(vi) The data from the session cookie is deleted after the end of the session. The remaining data will be deleted after one year.

(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the data subject to provide the data. If the data is not provided, we cannot make web analysis using Web Extend.

1.4 Social media content from third party providers

1.4.1 Soundcloud Embedding

There are links on our website to audio files that are stored and accessible on Soundcloud. As soon as you click the button to play a content from Soundcloud, the file is loaded from Soundcloud. Technically, the same thing happens as if you would go to the Soundcloud website via a link: Soundcloud receives all information that your browser automatically transfers (including your IP address). Soundcloud also sets its own cookies on your device. This also happens if you do not have a Soundcloud user account. If you are logged in to Soundcloud, your data is directly associated with your account. If you do not want your profile to be associated with Soundcloud, you must log out of Soundcloud before clicking on the audio file.

The collection and processing of this data is the sole responsibility of Soundcloud Limited, 20 Old Bailey, London, EC4M 7 AN, United Kingdom. We have no knowledge of further details of the processing of personal data or a possible data processing in the USA in the area of data controllership of Soundcloud. Ableton has no influence on the data processing of Soundcloud.

For information about the processing of personal data by Soundcloud, please refer to the Soundcloud Privacy Policy: https://soundcloud.com/pages/privacy

1.4.2 YouTube Embedding (Privacy Enhanced Mode)

We include videos that are stored on YouTube. We include videos stored on our website on YouTube. In this embedding, the contents of the YouTube website are displayed in parts of a browser window. However, the YouTube videos are only accessed by clicking on them separately. The embedding of YouTube content is carried out in the so-called "Privacy Enhanced Mode". This is provided by Google as the provider of YouTube and thus ensures that no data is transmitted to Google and no cookies are stored on your device before a click to play the video.

As soon as you click the button to play the YouTube content, the video is loaded from YouTube. Technically, the same thing happens then as would happen if you clicked a link to go to the YouTube website: YouTube receives all information that your browser automatically transmits (including your IP address). YouTube also sets its own cookies on your device. This also happens if you do not have a YouTube user account. If you are logged in at YouTube or Google, your data will be associated directly with your account. If you do not want the association to your YouTube or Google user account, you must log out of YouTube and Google before clicking on the video file.

The collection and processing of this data is the sole responsibility of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as its service provider. 

We have no knowledge of further details of the processing of personal data  in the area of data controllership of Google or a possible data processing in the USA. Ableton has no influence on the data processing of Google.

For information about the processing of personal data by Google, please refer to the Google Privacy Policy: https://policies.google.com/privacy

2. Newsletter Recipients

If you subscribe to a newsletter, we will send you information about Ableton and our products and partners. We also occasionally invite you to participate in surveys as part of our newsletter. If you participate in such surveys, the information in Section 3 applies, and we also monitor the reach and success of the newsletter through anonymous or pseudonymous analysis.

(i) If you subscribe to our newsletter, we process your data for the purpose of sending the newsletter.

(ii) The processed data are:

  • Name, e-mail address

  • HTTP data:
    This is protocol data that is technically required for opening the newsletter via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.

  • Web Extend Identifiers
    These are pseudonymised identifiers such as external IDs or hashed email addresses

  • Opening and reading times of the newsletter

(iii) The legal basis for the processing of newsletter data is Article 6 (1) (f) GDPR (consent).

(iv) You provide your contact details yourself when you subscribe to the newsletter; the further data for analysis is transmitted automatically by your browser.

(v) We use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems. In particular, we use Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin, Germany, and Validity Inc., 4010 Boy Scout Boulevard, Suite 1100, Tampa, FL 33607 USA as processors for the mailing and the analysis of the newsletter. The basis for data processing in the USA is your consent (Art. 49 (1) (a) GDPR). ). In the USA, there is no level of data protection comparable to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably not possible in the USA. You can withdraw your given consent at any time with effect for the future. We have concluded the EU standard contractual clauses with Validity Inc., so that Validity Inc. may only process your data for our purposes.

(vi) Data regarding newsletters will be deleted when you unsubscribe from the newsletters. Data from the session cookie is deleted after the end of the session. The remaining data will be deleted after one year.

(vii) Data is required to receive newsletters. Without providing data, they cannot be sent. A revocation of the consent is possible at any time. Please use the unsubscribe function in the newsletter.

3. Survey, interview and usability test participants

(i) We process your data for the purpose of conducting surveys, interviews and usability tests and the evaluation of the respective results.

(ii) Processed data are name (if it is provided), survey and interview content, time stamp of participation and technical metadata of participation.

(iii) The legal basis for data processing for the conduction and evaluation of surveys, other interviews and usability tests is Article 6 (1) (a) GDPR (consent).

(iv) We use service providers as processors within the framework of a data processing agreement for conducting and evaluating surveys, interviews and usability tests, as well as for the provision, maintenance and servicing of IT systems. A data transfer to the USA takes place, when we use the software of our service provider’s., Skype Communications SARL, Zoom Video Communications Inc. and Survey Monkey Europe UC to conduct usability tests. The basis for data processing in the USA is your consent (Art. 49 (1) (a) GDPR). ). In the USA, there is no level of data protection comparable to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably not possible in the USA. You can withdraw your given consent at any time with effect for the future  We have concluded the EU standard contractual clauses with Skype Communications SARL, Zoom Video Communications Inc. and Survey Monkey Europe UC, so that Skype Communications SARL, Zoom Video Communications Inc. and Survey Monkey Europe UC may only process your data for our purposes.

(v) Data regarding surveys, other interviews or usability tests will be deleted one year after having taken part in a survey, interview or test, at the latest.

(vi) Taking part in surveys, interviews and usability tests is voluntary and not obligatory. The use of all Ableton products and services is possible without taking part in surveys, interviews and usability tests.

4. Job Candidates

(i) The purpose of data processing is the selection of job candidates. There are no plans to change these purposes.

(ii) Processed data are name, contact data, communication details, job application documents including certificates and curriculum vitae, time stamp of communication as well as technical metadata of communication.

(iii) The legal basis is Section 26 German Federal Data Protection Act (2017) in conjunction with Article 6 (1) (b) (employment contract) and Article 88 GDPR.

(iv) The candidate’s data will be transferred internally to the responsible employees in charge of the decision-making. We also use service providers as processors within the framework of a data processing agreement for the provision of services, especially the service provider Personio and providers for the provision, maintenance and servicing of IT systems.

(v) The data will be deleted three months after the application process has ended.

(vi) The provision of personal data is required for the examination of the job application and, if applicable, the subsequent conclusion of an employment contract. Without personal data, a job application cannot be considered. However, applications can be submitted without providing the information that has been marked as voluntary.

5. Customer and Respective Contacts

(i) We process your data for the purpose of performing the obligations stemming from our contractual relationship, for credit checks prior to purchases and for license checks. This also includes consulting, support and the information about new features in the product and new products and the analysis of the usage behavior of the software for product improvement. A change of these purposes is not planned.

(ii) The processed data are name and address data, user name, language settings, data of the registration of the Ableton license and account, type of Ableton Product (Trial License, Live Lite, Live Intro, Live Standard, Live Suite, EDU, Max for Live, Push), order history, download data, IP address, email validation, account events including timestamp and the payment confirmation from Worldpay.

(iii) The legal basis for processing the data of customers who are natural persons is Article 6 (1) (b) GDPR (contract) and Article 6 (1) (c) GDPR (legal obligations). The legal basis for the processing of contact data for customers who are not natural persons is Article 6 (1) (f) GDPR (legitimate interest, namely communication with the customer). The legal basis for information on products is Article 6 (1) (f) GDPR (legitimate interest, namely advertising). The legal basis for the analysis of the usage behavior of the software is Article 6 (1) (f) GDPR (legitimate interest, namely product improvement). The legal basis for the transfer of payment information to payment providers is Article 6 (1) (f) GDPR (legitimate interest). The legal basis for the transfer of historic order and payment information to payment providers is Article 6 (1) (a) GDPR (consent).

(iv) Banks and payment providers may be recipients of data for the processing of payments and credit worthiness checks. In individual cases, data may be transferred to debt collection service providers, lawyers and courts. We also use service providers as processors within the framework of a data processing agreement for the provision of services, such as a service provider, which enables installment payments, as well as other services providers for the provision, maintenance and servicing of IT systems.

(v) All data relevant to contracts and book keeping shall be stored for a period of ten calendar years after the contract’s end in accordance with tax and commercial law retention periods. If you don´t want the analysis of the usage behavior of the software for product improvement, you can prevent this at any time by yourself in your Ableton account under "Send usage data off".

(vi) The provision of data is obligatory for customers based on statutory and contractual regulations. The contractual relationship cannot be established and carried out without providing data.

6. Communication Partners, Artists, Externals

(i) The purpose of the processing is the preparation and execution of a contractual relationship or other communication.

(ii) The data processed are name, contact details, communication details, communication timestamps and technical metadata of the communication.

(iii) The legal basis for processing the data with natural persons is Article 6 (1) (b) GDPR (contract or contract initiation), whereas for contracts with legal persons Article 6 (1) (f) GDPR (legitimate interest, namely communication with contact persons relevant to the contract) and Article 6 (1) (c) GDPR (statutory obligations, in particular tax and commercial law provisions) apply. For simple communication, the legal basis is Article 6 (1) (f) GDPR (legitimate interest, namely documentation of communication processes).

(iv) Contact and contract data can be transmitted to other service providers, business partners as well as offices and authorities if necessary for the execution of the contract or order. We also use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems.

(v) Data of contract partners and service providers will be deleted ten calendar years after termination of the contract or order.

(vi) The processing of contact data on part of the service providers and business partners is necessary to execute the contract or order. If the data is not provided, the communication may be considerably disturbed.

7. Rights of Data Subjects and Further Information

(i) We do not use any methods of automated individual decision-making.

(ii) You have the right to request information at any time about all your personal data which we are processing.

(iii) If your personal data is incorrect or incomplete, you have the right to have it rectified and completed.

(iv) You can request the erasure of your personal data at any time, as long as we are not bound by legal obligations that require or allow us to continue processing your data.

(v) If the applicable legal requirements are met, you can request a restriction to the processing of your personal data.

(vi) You have the right to object to the processing, insofar as the data processing is based on profiling or direct marketing purposes.

(vii) If the processing is carried out on the basis of the balancing of interests, you may object to the processing by stating reasons arising from your particular situation.

(viii) If the data processing takes place on the basis of your consent or a contract, you have the right to a transfer of the data provided by you, insofar as the rights and freedoms of others are thereby not impaired.

(ix) If we process your data on the basis of a declaration of consent, you have the right to revoke this consent at any time with future effect. The processing carried out prior to a revocation remains unaffected by the revocation.

(x) Moreover, you have the right to file a complaint at any time with a data protection supervisory authority, if you believe that data processing has been carried out in violation of the applicable law.

8. Children’s Online Privacy Protection Act („COPPA")

Under the Children's Online Privacy Protection Act ("COPPA"), the US Federal Trade Commission (FTC) requires us to make the following statement:

Ableton does not knowingly collect or use personal information from children under 13 years without containing verifiable consent from their parents. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce this privacy policy by instructing their children never to provide personal information without their permission.