1. Name and address of the person responsible
The person responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is the:
Rubin Records GmbH
Phone:+49 6022 23456
2. General information about data processing
2.1 Scope of personal data processing
In principle we only process personal data of our users when it is deemed necessary to provide a functional website as well as to ensure the availability of our service and also when it is governed by legal requirements.
2.2 Legal basis forpersonal dataprocessing
The legal basis for consent requiring processing operations of personal data is art. 6(1)(a) of the General Data Protection Regulation (GDPR).
The legal basis for processing personal data that is necessary for the compliance of a contract to which the data subject is party is art. 6(1)(b) of the GDPR. This also applies to processing operations required to carry out pre-contractual actions.
The legal basis for processing personal data required to fulfill a legal obligation that is subject to our company is art. 6(1)(c) of the GDPR.
The legal basis for processing personal data that is necessary to safeguard a legitimate interest of our company or a third party, and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, is art. 6(1)(f) of the GDPR.
2.3 Data deletion and storage period
Personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases. In addition, further storing may take place if it is intended by the European or national legislator in EU regulations, laws, or other regulations to which the person responsible is subjected to.
Unless there is a need for further storage of the data for a conclusion of contract or for a fulfillment of the contract, personal data will be deleted or blocked when the mentioned storage regulations expire.
Personal data is only collected to an extent as it is necessary for the use or operation of the service.
Access to this data will only be granted to selected employees and kept to a minimum. We do not create profiles of our users and only evaluate their activities on our websites as far as it is essential for providing our services.
All data on our website (this applies in particular to passwords) are always transmitted encrypted.
3. Provision of the website and creation of logfiles
3.1 Description and scope of data processing
Each time our website is accessed the system automatically collects data and information from the computer system of the connecting computer.
The following data is hereby collected:
1. information about browser type and used version
2. the operating system of the user
3. the IP address of the user
4. date and time of the connection
5. internal user ID (registered users)
This data is stored in the log files of our system. This data is not stored together with other personal data.
In addition, to improve the service the current filter and page settings of the respective registered user are saved when logging out of a user account. The consent to the processing of this data takes place during the registration process.
Furthermore we point out that our website is provided by the external service provider Strato (www.strato.de).
To provide the service our hosting provider processes data which is technically necessary. The legal basis for the processing is stated in art. 6(1)(f) of the GDPR. Further information can be found in the data protection FAQ of Strato (https://www.strato.de/datenschutz/)
3.2 Legal basis for data processing
The legal basis for the temporary storage of data and log files is stated in art. 6(1)(f) of the GDPR.
The legal basis for the storage of the settings is stated in art. 6(1)(a) of the GDPR.
3.3 Purpose of data processing
The temporary storage of the user's IP address by the system is necessary to allow delivery of the website to the computer of the user. Therefore the user's IP address must be kept for the duration of the session.
The storage of the data in log files is done to monitor the functionality of our website and thus to ensure the operations of the site, as well as to ensure the security of our information technology systems.
An evaluation of the data for marketing purposes does not take place in this context.
For these purposes our legitimate interest in the processing of data is justified in accordance with art. 6(1)(f) of the GDPR.
In cases of abuse or attacks on the system art. 100(1) of the Telecommunications Act forms the basis for the extended processing of the collected data.
The storage of the filter and page settings is done solely with the aim of making the operation of the website user-friendly.
3.4 Duration of storage
The data for the provision of the website will be deleted as soon as they are no longer necessary for the purpose of their survey.
This is the case after 4 weeks when storing data in log files. Any further storage is possible but only to prove an improper use or their attempt.
The filter and page settings are saved until the next login and will be deleted no later than two weeks after expiration of the product.
4.1 Description and scope of data processing
Some elements of our website require that the calling browser can be identified even when a new subpage is opened.
The following data is stored and transmitted in the cookies:
1. information about the validity of the session
2. language settings
In addition, we do not store any information in cookies that allow an analysis of the browsing behavior of users.
Maps are created on our website to provide a clear overview of the detection results for users with active products. For presenting these maps we use software from Openlayers.org. The cfduid-cookie of CloudFlare (www.cloudflare.com) is necessary to use this software. According to CloudFlare, this cookie is used to unambiguously identify the user, e.g. behind firewalls, and stores no personal data. Further information can be found at:
• What does the Cloudflare cfduid cookie do?
4.2 Legal basis for data processing
The legal basis for processing personal data using technically necessary cookies is art. 6(1)(f) of the GDPR.
The legal basis for processing personal data using cookies for analysis purposes when consent of the user in this regard has been obtained is art. 6(1)(a) of the GDPR.
4.3 Purpose of data processing
1. identification of the browser to validate the session
2. assumption of language settings
The user data collected through technically necessary cookies will not be used to create user profiles.
For these purposes, our legitimate interest in the processing of data is justified in accordance with art. 6(1)(f) of the GDPR.
4.4 Duration of storage, possibility for revocation and removal
5. Contact form and mail contact
5.1 Description and scope of data processing
Our website contains a contact form which can be used for electronic contacting. If a user utilizes this option, the data entered in the input mask will be transmitted to us and saved. These data are:
2. email address
3. phone number (voluntary)
At the time of sending the message the following data is also stored in the log files of the web server:
1. the IP address of the user
2. date and time of the call
Alternatively, you can contact us via the provided email address firstname.lastname@example.org. In this case, the user's personal data transmitted by email will be stored.
In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.
5.2 Legal basis for data processing
The legal basis for processing this data when consent of the user has been obtained is art. 6(1)(a) of the GDPR.
The legal basis for processing data which has been transmitted in the course of sending an email is art. 6(1)(f) of the GDPR. If the email contact aims to conclude a contract, art. 6(1)(b) of the GDPR is an additional legal basis for processing data.
5.3 Purpose of data processing
The processing of personal data from the input mask is solely for processing the contact. In the case of contact via email, this also leads to the required legitimate interest in processing data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to guarantee the security of our information technology systems.
5.4 Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of the survey. Data sent to us via email as well as the data of the input mask of the contact form will be stored until reaching the legal guidelines (6 years regarding paragraph 147 of the German Fiscal Code).
5.5 Possibility for revocation and removal
The user has the possibility to revoke his consent to processing personal data at any time. If the user contacts us by email, he may object to the storage of his personal data at any time.
The revocation must be made in writing in each case. This is possible either by email to the known support address or by mail to the above mentioned address.
All personal data stored in the course of contacting will be deleted in this case.
6. Rights of the data subject
If personal data of a user is processed, this person is data subject within the meaning of the GDPR and has the following rights to the person responsible:
6.1 Right to information
The person concerned may demand from the person responsible a confirmation as to whether personal data relating to him are being processed.
If such processing exits the person concerned may request information from the person responsible about the following information:
(1) the purposes for which the personal data is processed,
(2) the categories of personal data that are processed,
(3) the planned duration of storage personal data concerning him or, if specific information is not possible, criteria for determinating the retention period,
(4) the existence of a right to rectification or erasure of personal data concerning him, a right to restriction of processing by the person responsible or a right to object to such processing,
(5) the existence of a right of appeal to a supervisory authority.
6.2 Right to rectification
The data subject has a right of rectification and/or completion to the person responsible if the processed personal data concerning him are incorrect or incomplete. The person responsible must make the correction immediately.
6.3 Right to restriction of processing
Subject to the following conditions the person concerned may request the restriction of processing personal data concerning him:
(1) if the person concerned disputes the accuracy of the personal data for a period of time which enables the person responsible to verify the accuracy of the personal data,
(2) the processing is unlawful and the person concerned refuses to delete the personal data and instead requests the restriction of the use of the personal data,
(3) the person responsible no longer needs the personal data for the purposes of the processing, but the person concerned needs them for the assertion, exercise or defense of legal claims, or
(4) if the person concerned has lodged an objection to the processing pursuant to art. 21(1) of the GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh his reasons.
If processing personal data concerning the user has been restricted, this data may only be used – disregarding storage – with the consent of the user or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for important reasons of public interest of the EU or member state.
If processing has been restricted following the above mentioned conditions the user will be informed by the person responsible before the restriction is lifted.
6.4 Right to deletion
6.4.1 Obligation to deletion
Data subjects may require the person responsible to delete the personal data concerning them without delay and the person responsible is required to delete that data immediately, provided one of the following is true:
(1) The personal data concerning the user are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) Users revoke their consent to which the processing relates according to art. 6(1)(a) or art. 9(2)(a) of the GDPR and there is no other legal basis for processing.
(3) Users lodge an objection to the processing according to art. 21(1) of the GDPR and there are no prior justifiable reasons for the processing or users oppose the processing according to art. 21(2) of the GDPR.
(4) The personal data concerning the user were processed unlawfully.
(5) The deletion of the personal data concerning the user is necessary for the fulfillment of a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning the user were collected in relation to offered services of the information society according to art. 8(1) of the GDPR.
6.4.2 Information to third parties
If the person responsible made the personal data concerning the user public and is this person obligated to delete this data according to art. 17(1) of the GDPR, he takes appropriate measures for this taking into account the available technology and the costs of implementation. Responsible persons processing the personal data must be informed in this regard that the data subject has requested the deletion of all links to this personal data or of replications of this personal data.
The right to deletion does not exist if the processing is necessary
(1) to exercise the right to freedom of expression and information,
(2) to fulfill a legal obligation required by the law of the Union or of the Member States to which the person responsible is subject, or to carry out a task of public interest or in the exercise of public authority delegated to the controller,
(3) for reasons of public interest in the field of public health according to art. 9(2)(h) and (i) and art. 9(3) of the GDPR,
(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to art. 89(1) of the GDPR, to the extent that the law referred to in subparagraph 8.4.1 is likely to render impossible or seriously affect the achievement of the objectives of that processing or
(5) to assert, exercise or defend legal claims.
6.5 Right to consultation
If a user has asserted the right of rectification, deletion or restriction of processing his personal data to the controller, the latter is obliged to notify all recipients, to whom the personal data relating to the user have been made public, about the correction or deletion of the data or about the restriction of processing unless this proves impossible or involves disproportionate effort.
The user is entitled to the person responsible to be informed about these recipients.
6.6 Right to data portability
Users have the right to receive the personal data they provided to the person responsible in a structured, common and machine-readable format. In addition users have the right to transfer this data to another person without hindrance by the person responsible to whom the personal data has been provided, provided that
(1) the processing is based on a consent according to art. 6(1)(a) or art. 9(2)(a) of the GDPR or on a contract according to art. 6(1)(b) of the GDPR and
(2) the processing is done using automated procedures.
In exercising this right users also have the right to obtain that personal data relating to them be transmitted directly from one person responsible to another where technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary to carry out a task of public interest or in the exercise of public authority delegated to the controller.
6.7 Right of objection
At any time for reasons arising from their particular situation users have the right to lodge an objection against the processing of personal data relating to them which occur according to art. 6(1)(e) of the GDPR. This also applies to profiling based on these provisions.
The controller no longer processes the personal data concerning the user unless he can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the user, or the processing is intended to assert, exercise or defend legal claims.
If the personal data relating to the user are processed in order to operate direct mail the user has the right to object at any time to the processing of his personal data for the purposes of such advertising. This also applies to profiling insofar as it is associated with such direct mail.
If users object to the processing for direct marketing purposes their personal data will no longer be processed for these purposes.
Users have the option in the context of the use of information society services – regardless of directive 2002/58/EC – to exercise their right of objection through automated procedures using technical specifications.
6.8 Right to revoke the data protection consent declaration
Users have the right to object their declaration of consent in terms of data protection at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.