Privacy policy for Konzertmeister

KM Konzertmeister GmbH, Gartengasse 16, 3743 Röschitz, Austria ("Konzertmeister" or "we") respects your privacy ("user" or "you"). This privacy policy applies to the use of the smartphone and browser applications "Konzertmeister" and "Löschmeister" ("App") as well as the use of the websites of Konzertmeister (https://konzertmeister.app) and Löschmeister (https://loeschmeister.app).

• 1. SCOPE OF APPLICATION

• 1.1 This privacy policy informs about the processing of personal data when using the app and the website of Konzertmeister. It forms the basis for all data processing by Konzertmeister.
• 1.2 The processing of personal data by Konzertmeister as the controller is subject to the General Data Protection Regulation ("GDPR") and the Austrian Data Protection Act ("DPA").
• 1.3 By personal data we mean any information relating to an identified or identifiable natural person.

• 2. PERSON RESPONSIBLE FOR DATA PROCESSING

• 2.1 Konzertmeister provides its users the app for innovative appointment management for concerts, choirs, or other musical events as well as for the publication of a public website. With regard to the processing of personal data on the one hand, Konzertmeister acts as the person responsible for the users in the sense of the GDPR (point 3), on the other hand, the respective association is also responsible for the administration of appointments and members (point 4).
• 2.2 If the association created in the app by the association administrator is a real association (point 1.3 of the terms of service), the association administrator acts as the representative of the association and the association is the person responsible in connection with the appointment and member management (point 3). In the case of fictitious associations (point 1.3 of the terms of service), the association administrator himself/herself is the person responsible in connection with the administration of appointments and members (point 4 data protection declaration). In this case, the association administrator is subject to all obligations under this data protection declaration that are otherwise addressed to the association. Whenever "association" is mentioned in this data protection declaration, the respective provision refers either to the real association or to the association administrator in the case of fictitious associations (item 1.3 of the terms of service).
• 2.3 This privacy policy informs you whether Konzertmeister or the respective association is the controller (Art. 4 Zf. 7 GDPR) with regard to the respective purpose of data processing and which personal data are processed.

• 3. DATA PROCESSING BY KONZERTMEISTER

• 3.1 Konzertmeister is the data controller within the meaning of the GDPR with regard to the following data processing. You can reach Konzertmeister by post at the address given above and by e-mail at the address given in the imprint on the website.
• 3.2 Use of the website and the web application
  • 3.2.1 In order to provide you with the website (Art. 6 para. 1 lit. b) GDPR) and to be able to detect, prevent and investigate attacks on our website (Art. 6 para. 1 lit. f) GDPR), Konzertmeister processes the following personal data:
    • (a) The URL called up;
    • (b) The date and time of the call;
    • (c) The IP address of the computer or mobile device;
    • (d) Name and version of the web browser;
    • (e) The browser type and setting data (screen resolution, colour depth, time zone settings, browser extensions, fonts, language);
    • (f) The operating system; and
    • (g) the website (URL) from which you visit our website ("referrer").
  • 3.2.2 We store the aforementioned personal data as long as this is necessary for the provision of the service, or as long as this is necessary for the pursuit or defence of legal claims, or for the fulfilment of legal retention obligations. The user contract ends in any case after a period of 60 months of inactivity.
• 3.3 Registration and login to use the app
  • 3.3.1 Registration is required to use the app. During registration and for the login, we process the following data from you so that you can use the app (Art. 6 para. 1 lit. b) GDPR):
    • (a) Name and encrypted password;
    • (b) Optional: Date of birth;
    • (c) Optional: Address;
    • (d) E-mail address;
    • (e) Telephone number (if given);
    • (f) Date and time of registration.
  • 3.3.2 We store the aforementioned personal data as long as this is necessary for the provision of the service, or as long as this is necessary for the pursuit or defence of legal claims, or for the fulfilment of legal retention obligations. The user contract ends in any case after a period of 60 months of inactivity.
• 3.4 Receiving electronic messages
  • 3.4.1 Your express consent is required to receive electronic messages. This consent can be revoked at any time by using the link "unsubscribe" or "unsubscribe" in the message or by revoking the consent in your profile.
  • 3.4.2 We store the personal data as long as this is necessary for the provision of the service, or as long as this is necessary for the pursuit or defence of legal claims, or for the fulfilment of legal retention obligations. The user contract ends in any case after a period of 60 months of inactivity.
• 3.5 Use of paid functions
  • 3.5.1 The app offers you the possibility to purchase and pay for additional functions. In order to be able to provide you with these functions and to be able to invoice the fees incurred, we process the following personal data from you (Art. 6 para. 1 lit. b) GDPR):
    • (a) Name of the invoice recipient;
    • (b) E-mail address;
    • (c) Billing address;
    • (d) Selected subscription;
    • (e) Payment interval;
    • (f) UID (if customer is an entrepreneur);
    • (g) Payment status.
• 3.6 Enquiries to Konzertmeister and diagnostic reports
  • 3.6.1 We offer you the possibility to contact us via a feedback form in the app. In this case, the following data of the user will be stored and processed by us to answer the request and for error diagnosis (Art. 6 para. 1 lit. f) GDPR):
    • (a) Name of the user;
    • (b) E-mail address;
    • (c) Content of the request;
    • (d) Time of request;
    • (e) Version of the app;
    • (f) Device version and system language;
    • (g) OS version;
    • (h) Information about the browser (browser, version, resolution, colour depth, language, operating system) when using the app in the browser.
  • 3.6.2 The data will be stored as long as this is necessary to answer the request and as long as the user has a user account in the app. The user contract ends in any case after a period of 60 months of inactivity. Thereafter, personal data processing of invoice data will continue until the end of the statutory retention period (currently in principle 7 years after the end of the business year in which the transaction occurred).
• 3.7 Compilation of anonymous statistics on the use of the website and the web application
  • 3.7.1 The Website uses Google Analytics, a web analytics service provided by Google Ireland Limited with offices at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Opt-out: Opt Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements : https://adssettings.google.com/authenticated
  • 3.7.2 Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. We process your data on the basis of your consent in order to compile access statistics in a cost-effective manner and to optimise our website (Art. 6 para. 1 lit. a) GDPR). This consent can be revoked at any time.
  • 3.7.3 For the purpose of analysing your use of the website and generating anonymous statistics, the following data is processed by Google on our behalf:
    • (a) Dwell time on the website;
    • (b) Dwell time on each individual page and the order in which individual pages are visited;
    • (c) Which internal links are clicked on the website;
    • (d) Previously accessed website;
    • (e) First page viewed;
    • (f) IP address;
    • (g) Geographical location;
    • (h) Browser (including plug-ins) and operating system;
    • (i) Screen resolution and whether Flash or Java is installed in the user's browser.
  • 3.7.4 The cookies set by Google can be found in the cookie information (point 6).
  • 3.7.5 The aforementioned data about your use of the website is transmitted on our behalf to Google servers in the USA and stored there. This website uses the IP anonymisation option offered by Google Analytics. Your IP address will therefore be shortened by Google as soon as Google receives your IP address. You can find more information on IP anonymisation under https://support.google.com/analytics/answer/2763052?hl=de.
  • 3.7.6 Google will process this information on our behalf for the purpose of evaluating your use of our websites and compiling reports on website activity for website operators. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
  • 3.7.7 You may refuse the use of cookies by selecting the appropriate settings on your browser. However, we would like to point out that in this case you may not be able to use all functions of the website to their full extent. You can also prevent Google from collecting your data in connection with Google Analytics by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
• 3.8 Creation of anonymous statistics on the use of the app
  • 3.8.1 The Smartphone Apps use Google Analytics for Firebase, a mobile app analytics service provided by Google Ireland Limited with offices at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics for Firebase uses the advertising ID of your device to analyse your use of the app. We process your data on the basis of our legitimate interest in creating access statistics in a cost-effective manner and optimising our apps (Art. 6 para. 1 lit. f) GDPR).
  • 3.8.2 You can find more information about Firebase at the following link: https://firebase.google.com/terms/analytics/.
  • 3.8.3 For the purpose of analysing your use of the website and generating anonymous statistics, the following data is processed by Google on our behalf:
    • (a) Session duration;
    • (b) Operating system;
    • (c) Device model;
    • (d) Region;
    • (e) First start of the app;
    • (f) Timing of app executions;
    • (g) Geographical location;
  • 3.8.4 Google uses the following mobile device identification numbers (IDs) on our behalf (e.g. the Android or iOS advertising ID) to identify your device:

    Name	Purpose
    Advertising ID	Differentiation of individual users.
    Device ID	Differentiation of individual users. If the advertising ID is not available.

  • 3.8.5 The aforementioned data about your use of the app is transmitted on our behalf to Google servers in the USA and stored there. Your IP address is not stored.
  • 3.8.6 Google will process this information on our behalf for the purpose of evaluating your use of our apps and compiling reports on user activity. The data transmitted by your app as part of Google Analytics for Firebase will not be merged with other data from Google.
  • 3.8.7 You can prevent the creation of statistics about the use of the app by making the appropriate setting in the app. To do this, go to the menu item "Profile" in the app and deactivate the switch for "Send usage data". Apart from this, you can restrict the use of the advertising ID in the device settings. To do this, proceed as follows:
    • (a) iOS: Privacy → Advertising → No ad tracking.
    • (b) Android: Settings → Google → Advertising → Disable interest-based advertising or disable personalised advertising.

• 4. DATA PROCESSING BY THE ASSOCIATION

• 4.1 The association is the data controller within the meaning of the GDPR with regard to the following data processing. You can reach the association via the address given in the imprint of the respective association in the app.
• 4.2 The association processes the following of your personal data in order to carry out scheduling, including inviting users to appointments, and to keep a public website accessible, which can be used, among other things, to publish information about the association and the association's appointments, on the basis of a legitimate interest (Art. 6 para. 1 lit. f) GDPR), after acceptance by the user on the basis of a contract (Art. 6 para. 1 lit. b) GDPR) with the association:
  • 4.2.1 User data (name, email address, phone number, push notifications yes/no);
  • 4.2.2 Association data (name, role in the association, register);
  • 4.2.3 Appointments (name, type, description, date, re-registration deadline, attendance statistics);
  • 4.2.4 Invitations to appointments (participation yes/no/maybe, reason, time of feedback);
• 4.3 The personal data mentioned will be stored until you delete your user account. In any case, however, for as long as this is necessary due to legal storage obligations or for the pursuit or defence of legal claims. The user contract ends in any case after a period of 60 months of inactivity. Thereafter, personal data processing of invoice data shall continue until the end of the statutory retention obligation (currently in principle 7 years after the end of the business year in which the transaction occurred).
• 4.4 Insofar as Konzertmeister processes this personal data on behalf of the respective association, Konzertmeister qualifies as a processor within the meaning of the GDPR. For this purpose, Konzertmeister concludes a commission processing agreement with the association pursuant to Art. 28 GDPR (see Appendix B of the terms of service).

• 5. DATA RECIPIENT

• 5.1 Individual services of the app access services of independent providers, such as Google Maps, Apple Maps or YouTube. We obtain your express consent to use these services. You can revoke your consent at any time in your profile.
• 5.2 Payment processing is carried out by the payment service provider "Stripe", a service of Stripe Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, United States. When using the payment process, the user is redirected to the online services of Stripe. Stripe then confirms to Konzertmeister that the payment process has been carried out. The user can find more information on the processing of his personal data by Stripe at https://stripe.com/privacy.
• 5.3 We use processors to perform services on our behalf. The processors may only process the data provided to them in accordance with our instructions and to the extent necessary to perform services for us. We contractually oblige these processors to ensure the confidentiality and security of the personal data processed under the contract. We currently work with the following processors, but expressly reserve the right to switch to or use other processors:
  • 5.3.1 Customer Support:
    Zendesk, Inc, 1019 Market Street, San Francisco, CA 94103, United States; https://www.zendesk.com/company/customers-partners/privacy-policy/
  • 5.3.2 Email campaign dispatch:
    Sendinblue GmbH, Köpenicker Straße 126, D-10179 Berlin; https://de.sendinblue.com/datenschutz-uebersicht/
• 5.4 The level of data protection in other countries outside the EEA may not be the same as within the EEA. However, we only transfer your personal data to countries for which the European Commission has decided that they have an adequate level of data protection or we take steps to ensure that all recipients in third countries ensure an adequate level of data protection. For example, we conclude the standard contractual clauses issued by the European Commission with these recipients.

• 6. COOKIE INFORMATION

• 6.1 What are cookies?
  • 6.1.1 Cookies are small data sets that are generated by a web server, sent through the Internet and stored on your terminal device with the help of your browser programme. The website essentially uses "cookies" to recognise users or their end devices, to store the user's preferences or information for the duration of browsing or in the event of a return. Furthermore, cookies are also used to play behaviour-based advertising and to control ad content.
• 6.2 What types of cookies are there?
  • 6.2.1 Distinction according to domain
    • (a) First-party cookies:
      are sent and read exclusively by the service provider's domain.
    • (b) Third-party cookies:
      are sent and read by domains of other service providers.
  • 6.2.2 Differentiation according to storage period
    • (a) Session cookies (session-id):
      Temporary cookies that are automatically deleted when the browser is closed. Session cookies allow the recognition of the user's movements on the website so that information is retained. Without cookies, websites have no "memory".
    • (b) Permanent cookies:
      Permanent cookies that have to be deleted manually or are deleted after a certain period of time. These cookies help the website to remember the user and their settings; e.g. language selection, menu preferences, internal bookmarks or favourites.
  • 6.2.3 Differentiation according to use
    • (a) Technically necessary cookies:
      These cookies are required to ensure the functionality of the website and web application and cannot be disabled for this reason.
    • (b) Analysis cookies:
      These cookies collect anonymised information to create statistics to better understand user behaviour on the website and in the web application and to improve the application.
    • (c) Marketing cookies:
      These cookies store information about websites visited in order to display personalised advertising.
• 6.3 How can the user reject, delete and manage cookies?
  • 6.3.1 Common browsers allow the user to control the storage of cookies and to delete cookies that have already been stored:
    • (a) Firefox: http://support.mozilla.com/de/kb/Cookies
    • (b) Chrome: https://support.google.com/chrome/answer/95647?hl=de
    • (c) Safari: http://support.apple.com/kb/PH5042
    • (d) Edge: https://support.microsoft.com/de-at/help/4027947/windows-delete-cookies?tid=221101038
    • (e) Opera: http://www.opera.com/browser/tutorials/security/privacy/
• 6.4 When may the provider use cookies without consent?
  • 6.4.1 The provider is entitled to store cookies on the terminal device of the (informed) user, the sole purpose of which is to carry out or facilitate the transmission of a message via an electronic communications network or, if absolutely necessary, to provide a service expressly requested by the subscriber or user (Art 5 (3) ePrivacy Directive).
  • 6.4.2 Analysis cookies and marketing cookies are only used after prior information and with the express consent of the user. This consent can be revoked at any time on the website and in the web application.
• 6.5 Which cookies are used?
  • 6.5.1 Technically necessary cookies
    

    Name	Lifetime	Purpose
    km_cookie_policy	30 days	Saves the cookie settings.
    km_language	30 days	Saves the set language.
    Authorization	100 days	Saves the authentication token for the logged-in user.
    KM-REFRESH-COOKIE	100 days	Used to renew the authentication token.

  • 6.5.2 Analysis Cookies
    • (a) Google Analytics

      Name	Lifetime	Purpose
      _ga	2 years	Differentiation of individual users.
      _gid	24 hours	Differentiation of individual users.
      _gat	10 minutes	Throttling the number of requests.

  • 6.5.3 Marketing Cookies
    • (a) YouTube

      Name	Lifetime	Purpose
      APISID	2 years	Storage of user preferences.
      CONSENT	20 years	Storage of user preferences.
      HSID	2 years	Storage of user preferences.
      NID	182 days	Storage of user preferences.
      SAPISID	2 years	Storage of user preferences.
      SID	2 years	Storage of user preferences.
      SIDCC	1 day	Security cookie that protects user data from unauthorised access.
      SSID	2 years	Storage of user preferences.
      LOGIN_INFO	10 years	Storage of user preferences.
      PREF	10 years	Storage of user preferences.
      VISITOR_INFO1_LIVE	10 years	Storage of user preferences.
      YSC	10 years	Storage of user preferences.

    • (b) Google Ads

      Name	Lifetime	Purpose
      Conversion	3 months	Storage of conversions that come through Google Ads.
      _gac	3 months	Stores information about clicked advertisements.

• 7. YOUR RIGHTS

• 7.1 You have the following rights vis-à-vis the Konzertmeister (point 3) or the association (point 4) as the person responsible under the GDPR:
  • 7.1.1 The right to information according to Art. 15 GDPR regarding the personal data processed by us.
  • 7.1.2 The right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR and the right to restriction of processing under Article 18 of the GDPR.
  • 7.1.3 The right to object according to Art. 21 GDPR.
  • 7.1.4 The right to data portability according to Art. 20 GDPR.
  • 7.1.5 The right of appeal to the competent data protection authority pursuant to Art. 77 GDPR and § 24 DPA.
  • 7.1.6 You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

• 8.

  SUPERVISORY AUTHORITY

  Austrian Data Protection Authority
  Barichgasse 40-42
  A-1030 Wien
  Telephone: +43 1 52 152-0
  E-mail: dsb@dsb.gv.at