Steinberg privacy policy
We attach a great deal of importance to protecting your personal data. Your personal data will be used exclusively in the context of the statutory data protection regulations, such as the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) or the German Telecommunications Telemedia Data Protection Act (TTDSG). Our employees and representatives are obligated to comply with data protection regulations. Below, you will find more detailed information about the nature, scope and purposes of the collection and use of your personal data and the rights you are entitled to. Please click on the individual headings to obtain further information on the individual topics.
1 The controller’s and the data protection officer’s contact details
Please contact us if you have any further questions relating to data protection. If you have any questions relating to the collection, processing or use of your personal data, or if you would like to request access to or rectification, blocking or erasure of your data, and to revoke your consent, please contact:
Controller responsible for data processing:
Steinberg Media Technologies GmbH
Beim Strohhause 31
20097 Hamburg
Germany
Email: privacy[at]steinberg.de
You can contact our data protection officer by emailing: privacy[at]steinberg.de
2 General data protection information
2.1 General rights of data subjects
According to the General Data Protection Regulation, you have the right:
under Article 15 of the GDPR to request information about what personal data we process about you;
under Article 16 of the GDPR to request rectification of incorrect personal data or completion of incomplete personal data that we store about you;
under Article 17 of the GDPR to request that we erase personal data that we store about you;
under Article 18 of the GDPR to demand that we restrict processing of your personal data;
under Article 20 of the GDPR to receive your personal data that you provided us with in a structured, commonly used and machine-readable format or to request transfer of the same to another controller;
under Article 7 (3) of the GDPR, to revoke your consent that you granted us at any time. This also applies to the revocation of declarations of consent that you made to us before the General Data Protection Regulation came into force (i.e. before May 25, 2018). If you revoke your consent, we may no longer continue any processing based on this consent in the future, without affecting the lawfulness of such processing carried out based on such consent until the same is revoked;
under Article 77 of the GDPR to lodge a complaint with a supervisory authority.
To assert your statutory rights as a data subject, and for all other questions relating to data processing, please contact Steinberg Media Technologies GmbH in writing on the postal address given below or by emailing privacy[at]steinberg.de. You can exercise your aforementioned rights free of charge.
To have data erased and revoke consents granted, please contact: info[at]steinberg.de.
Right to objectIn addition to the general rights of data subjects, we would like to expressly draw your attention to your right to object in the following cases: Under Article 21 (1) of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on Article 6 (1) (f) of the GDPR. This also applies to profiling based on this provision. When exercising this right to object, you must provide us with your personal reasons as to why we should not process your personal data. We will examine your objection and either cease or adjust our data processing activities or demonstrate to you compelling legitimate grounds based on which we may continue our processing activities. If personal data concerning you is processed based on Article 6 (1) (f) of the GDPR for the purpose of direct marketing, you have the right to object to such processing of personal data concerning you for the purpose of such marketing at any time without any need to state your reasons for doing so under Article 21 (2) of the GDPR. This also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes. To exercise your right to object, simply send an email to privacy[at]steinberg.de. Specific technical options for exercising your right to revoke consent or to object may exist for individual types of data processing. We may have already pointed this out to you in our explanation of the data processing measures in question. |
|---|
2.2 Transferring data to third countries
We select the services that we use on our website in such a way that protection of your personal data is guaranteed in the best possible way. In case of some services, we have no influence over whether the data processed by these services is transferred to the parent companies in the USA or to other third countries. If the European Union has not come to a decision that such countries have a level of data protection similar to that of the European Union (“EU adequacy decision”), we or our contractual partner have concluded a separate contract or binding corporate regulations that ensure this level of protection through additional measures and guarantees. In this way, the provider contractually ensures the protection of your personal data, even in case of a transfer to the third country.
2.3 Data recipients
We only transfer your personal data to third parties if, for example:
you have given your express consent to such disclosure under Article 6 (1) (a) of the GDPR; or
doing so is necessary under Article 6 (1) (b) of the GDPR for executing contractual relationships with you; or
we are legally obligated to disclose the data under Article 6 (1) (c) of the GDPR; or
disclosure under Article 6 (1) (f) of the GDPR is necessary in the context of our legitimate interests (e.g. for the establishment, exercise or defense of legal claims) and you have no overriding legitimate interest in your data not being disclosed.
External service providers and partner companies will only receive your data if doing so is necessary to process your request. In these cases, however, the scope of the data transferred is limited to the minimum required. Insofar as our service providers come into contact with your personal data, we ensure that they comply with the regulations set out in data protection legislation in the same way. Please also note the providers’ respective privacy policies. The service provider in question is responsible for the contents of external services, whereby we check the services to ensure that they comply with legal requirements as far as is reasonable to do so.
We currently use service providers for hosting and marketing activities, as well as for identification and access management, media playback, support services and the blog.
The company listed below, Bright Market, LLC (trading as and hereinafter referred to as “FastSpring”), is not a service provider that Steinberg engages. Instead, it acts as an independent sales partner for purchasing products over the website.
2.4 Erasure of data and duration of storage
Your personal data will be deleted as soon as it is no longer required for the purposes it was collected and processed for. Once the purpose has ceased to exist, the data will be deleted unless storage is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims. Legal obligations arise for us in particular from tax and commercial law, as well as from other laws. For example, we must store accounting data such as order and payment data or business correspondence for 10 years or 6 years, depending on the applicable regulations under tax and commercial law. Further information on any retention periods can be found in the respective sections relating to the individual processing operations.
Forum data and posts are valuable contributions within the Steinberg customer community. That is why we store them until you either delete your posts or your forum user account or until Steinberg deletes the forum.
2.5 Modifications to this privacy policy
We revise our data protection information when changes are made to this website or on other occasions that make doing so necessary. You should therefore visit this website regularly to check the current state of the privacy policy.
3 When visiting our website
In the context of visiting our website, personal data is processed as described below:
3.1 Visiting our website
When you visit our website, the browser used on your terminal device automatically sends information to our website’s server and stores it temporarily in what is known as a “log file”. The following information is also collected during this process without your intervention and is stored until it is automatically erased:
The date and time of access;
The URL (address) of the referring website;
The file retrieved;
The amount of data sent;
The browser type and version;
The operating system;
The IP address of the requesting internet-enabled device.
The legal basis for processing the IP address is Article 6 (1) (f) of the GDPR. Our legitimate interest results from the data collection purposes listed below.
We use your terminal device’s IP address and the other data listed above for the following purposes:
Ensuring that a smooth connection is established;
Ensuring that our website / app is convenient to use;
Evaluating system security and stability.
The data is stored for a period of 7 days and then automatically erased. We also use cookies, analytics tools and targeting procedures for our website, as explained in more detail below.
3.2 Our services for website optimization and marketing
We use what are known as “cookies” on various pages to make your visit to our website attractive and to enable the use of certain functions. Cookies are small text files that are stored on your terminal device. Some of the cookies we use are deleted again after the browser session has ended (i.e. after you close your browser (“session cookies”)). Other cookies remain on your terminal device and enable us or our partner companies to recognize your browser the next time you visit our website (“persistent cookies”). Cookies do not contain any malware. They cannot be used to access other files on your computer or to determine your email address. If you would like to learn more about cookies in general and how to manage them, visit: www.aboutcookies.org.
On our website, we make a distinction between technically necessary (“essential”) cookies, functional cookies and marketing cookies. Since you cannot use our website properly without essential cookies, they are always activated. However, we only set functional and marketing cookies with your consent.
Insofar as we use cookies that are technically necessary (“essential”) for the provision of our website, the legal basis for personal data processing using such cookies is Article 6 (1) (f) of the GDPR.
Any further personal data processing by functional or marketing cookies will only take place if you have given us your consent to this effect. The legal basis in this case is Article 6 (1) (a) of the GDPR.
You can revoke your consent at any time with effect for the future and without any need to state your reasons for doing so in our cookie consent tool. You can also find detailed information on all the cookies used on this website (such as the cookie providers, the specific processing purposes, the data collected and the cookie storage periods) in the cookie consent tool. You can also give your consent here for the first time or again.
In addition to using our cookie consent tool, you can also disable or restrict the use of cookies by changing your web browser settings. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, you may no longer be able to use all of the website’s functions in full.
Below, you will find the services that we currently use to ensure the needs-based design and continuous optimization of our website.
3.2.1 Our cookie consent tool
We use the aforementioned tool from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany, on our website for the purpose of consent management. The legal basis for the associated personal data processing is Article 6 (1) (c) of the GDPR, as this is necessary to comply with our legal obligation to provide proof of consent for the use of cookies and similar technologies. Further information, such as the scope of processing, including the data collected and the duration of processing, as well as the provider’s own privacy policy, can be accessed at any time in the cookie consent tool.
3.2.2 CloudFlare
To protect against attacks and malicious bots and to improve performance, we use the services provided by CloudFlare Inc., 101 Townsend St, San Francisco, CA 94107 USA (“CloudFlare”) for our website. CloudFlare provides a content delivery network (CDN) to increase the transfer speed and also offers internet security services and distributed domain name server (DNS) services that act as a reverse proxy for websites.
When you visit our website, CloudFlare collects the following data to perform the above-mentioned functions: the name of the web page visited, the file, the date and time of access, the amount of data transferred, the successful access notification, the browser type and version, the user’s operating system, the referrer URL (the page visited beforehand), the IP address, and the requesting provider.
The data is stored for 4 hours and then erased, provided that there are no statutory retention periods or other grounds preventing erasure.
The legal basis for data processing is the need to safeguard our legitimate interests under Article 6 (1) (f) of the GDPR. These legitimate interests lie in protecting our website from attacks and increasing our website’s performance.
3.2.3 Cloudfront
To properly provide our website’s content, we use Amazon Cloudfront, a service provided by Amazon Web Services LLC, 410 Terry Ave. North, Seattle, Washington 98109, USA (“Cloudfront”). Cloudfront provides a content delivery network (CDN) to increase the transfer speed.
Cloudfront collects the following data for this purpose: the usage data, such as the name of the web page visited, the requesting provider, the referrer URL (the page visited beforehand), the file, the date and time of access, the amount of data transferred and successful access notification, the browser type and version, the operating system, and the accessing computer’s IP address.
The data will be erased as soon as it is no longer required for the purpose it was collected for. The legal basis for data processing is the need to safeguard our legitimate interests under Article 6 (1) (f) of the GDPR. It is in our legitimate interest under the first sentence of Article 6 (1) (f) of the GDPR not to operate a content delivery network ourselves and yet to ensure modern and effective provision of our website.
3.2.4 Bugherd
We use Bugherd, a service provided by Splitrock Studio Pty Ltd., Suite 12A, 80 – 82 Kerlor Road, Essendorn North, VIC 3041, Australia (“Bugherd”) to make identifying and rectifying technical errors on our website easier.
Technical errors on the website are tracked internally by means of a cookie. The IP address and other data in connection with the malfunction or crash are processed in this regard. The data collected in this way is used to prevent such technical errors in the future so as to ensure that the website works properly for visitors.
The data will be erased once the error analysis and evaluation is complete, unless statutory retention periods prevent erasure on a case-by-case basis.
The legal basis for processing is the legitimate interest under Article 6 (1) (f) of the GDPR. Our legitimate interest is to display the website in a technically perfect manner and to receive systemic feedback in case of malfunctions.
3.2.5 Google Tag Manager
For reasons of transparency, we would like to point out that we use Google Tag Manager provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The controller for users in the EU, the EEA and Switzerland is Google Ireland Limited, Google Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
We can use Google Tag Manager to integrate sections of tracking code that we use on our website over a user interface without any programming effort and to manage them more efficiently. These “tags” are small elements of code that enable certain tools to measure traffic and visitor behavior, to track the impact of online advertising and social media channels, to set up remarketing and targeting, and to test and optimize websites, to name but a few examples. We use Google Tag Manager to integrate tracking and analytics services on our website (e.g. Google Analytics, Snowplow or Hotjar). If you have disabled these services, Google Tag Manager will take this into account.
Google Tag Manager does not set any cookies itself and does not collect or store any personal data. It acts as a mere transport layer for the implemented tags and scripts.
For more information on Google Tag Manager, see: https://marketingplatform.google.com/intl/en/about/analytics/tag-manager/use-policy/.
3.2.6 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The controller for users in the EU / the EEA and Switzerland is Google Ireland Limited, Google Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Analytics uses cookies that enable analysis of your use of the website. The information it generates about how you use this website is generally transferred to and stored on a Google server in the USA.
Our website uses Google Analytics with the “anonymizeIP” extension. This means that Google will truncate your IP address collected by the Google Analytics cookie within member states of the European Union or in other states that are signatories to the Agreement on the European Economic Area before transferring it to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. Google uses this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activities and providing the website operator with other services relating to website and internet usage. The IP address that your browser transfers in the context of Google Analytics will not be merged with other data held by Google.
The legal basis for personal data processing using cookies is Article 6 (1) (a) of the GDPR. You can revoke this consent at any time as described above by adjusting your cookie settings.
Further information on terms of use and data protection can be found at: https://marketingplatform.google.com/about/analytics/terms/us/ or www.google.com/intl/en/analytics/privacyoverview.html.
3.2.7 Matomo Analytics
Our website uses the open source web analytics service Matomo, a service provided by “InnoCraft Ltd”, a company based at 7 Waterloo Quay, PO625 Wellington, New Zealand. As InnoCraft is based outside the EU, InnoCraft has appointed a representative in the EU: ePrivacy Holding GmbH, Grosse Bleichen 21, 20354 Hamburg (privacy[at]innocraft.com).
This web analytics software is not used to recognize returning users, but only to statistically evaluate how our website is used. In addition to the pages visited and files accessed, data on the operating system used (browser, browser plugins, screen resolution and approximate location) and the time spent on the components of the website is stored. We have taken the following measures to achieve this:
The IP address or other identifying data is anonymized.
Profiling does not take place.
No cookies are used.
No data is disclosed to third parties.
The legal basis for using Matomo is the first sentence of Article 6 (1) (f) of the GDPR. The legitimate interest lies in analyzing, optimizing and economically operating our website. If you have set the “Do Not Track” option in your browser, Matomo will not store any data about your visit to our website. However, if you have not set the “Do Not Track” option and do not agree to Matomo storing data, you can object to such storage in the window that appears.
The data that Matomo collects is erased as soon as it is no longer required for processing purposes.
3.2.8 Snowplow
This website uses technologies provided by SnowPlow Analytics Limited, 17 Bevis Marks, Floor 6, London, EC3A 7LN, United Kingdom (www.snowplowanalytics.com), to collect data about your behavior when you visit the Steinberg website. This may include the likes of the web browser used, the web pages visited, the links clicked, the products viewed and how long you stayed on our website. We use, analyze and store this data to optimize our website and to improve marketing of our products.
We store this information in a pseudonymized user profile based on the consent you granted previously (Article 6 (1) (a) of the GDPR). The information is not used to identify individual users or merged with other data about individual users. Steinberg stores this data until it is no longer required for the above-mentioned marketing purposes.
3.2.9 Mouseflow
This website uses Mouseflow, a web analytics tool provided by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. Mouseflow is a web analytics tool that enables us to collect and evaluate information about how our website is used. For this purpose, Mouseflow processes data such as mouse movements, clicks, scroll events and keystrokes (entries in forms are not saved) that take place when visitors use our website. Mouseflow either does not collect the assigned IP address at all or only collects it in anonymized form, in addition to other technical data that is generated when you visit our website, such as the browser, operating system or screen resolution. Mouseflow processes the data in European data centers (Amsterdam) only and on our behalf.
Some of this data is information that is stored on the terminal device you are using. Mouseflow also uses cookies, which are used to store and retrieve further information on the terminal device you are using. Such storage of information by Mouseflow or access to information that is already stored on your terminal device will only take place with your consent. Consent can be revoked at any time and with effect for the future by means of our cookie banner or using Mouseflow’s opt-out function.
The data that Mouseflow collects is erased as soon as it is no longer required for processing purposes.
You can find more information on data protection at Mouseflow here: https://mouseflow.com/legal/gdpr/.
3.2.10 Google Ads, Remarketing and Conversion Tracking
We use the Google Ads service on this website based on the consent you granted previously (Article 6 (1) (a) of the GDPR). Google Ads is an online advertising program provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The controller for users in the EU / the EEA and Switzerland is Google Ireland Limited, Google Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
This means that we place Google Ads text and video ads and also use Google Remarketing and Conversion Tracking as part of this. The ads are displayed after search requests are made on websites in the Google advertising network. We also use ad remarketing lists for search ads. This allows us to customize search ad campaigns for visitors who have already visited our website. The services enable us to combine our ads with certain search terms or to place ads for previous visitors (e.g. advertising services that visitors have viewed on our website). This allows us to display interest-based advertising to visitors to our website on other websites within the Google advertising network (as a “Google ad” in Google search results or on other websites).
Analyzing online user behavior is essential if we are to show interest-based advertising. Google uses cookies to conduct this analysis. When a user clicks on an ad or visits our website, Google sets a cookie on their computer. The information collected by means of the cookie in question is used for the purpose of addressing the user specifically in a subsequent search request. Further information on the cookie technology used can also be found in Google’s website statistics information and in its privacy policy. With the help of this technology, Google and we as a customer are notified that users have clicked on an ad and have been redirected to our website. The information obtained in this way is used exclusively for statistical analysis purposes to optimize advertising. We do not receive any information that can be used to identify visitors personally. Your IP address will be transferred to Google, but as we use Google’s IP masking on this website as part of using Google Analytics, your IP address will be anonymized. The statistics that Google provides to us include the total number of users who clicked on one of our ads and, if applicable, whether they were redirected to a page on our website with a conversion tag. Based on these statistics, we can track which search terms were clicked on our ad particularly often and which ads lead to users contacting us using the contact form.
3.2.11 YouTube videos
With your consent, we use the services provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website to play video content. For those users who have their habitual residence in the European Economic Area or in Switzerland, Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, is the controller who is responsible for your data.
The videos in question are stored on the service provider’s servers and are retrieved from them as required. When you visit a page that a YouTube video is embedded in, a connection to the YouTube servers is established (provided you have given your prior consent), which also requires your IP address to be transferred, and the content is displayed on the website by notifying your browser. When you actively start the video, this information is also transferred to YouTube.
If you are logged into YouTube at this time, the information about the videos you have watched will be assigned to your YouTube account. You can stop this from happening by logging out of your account before visiting our website.
The data processing operations described above only take place with your express consent under Article 6 (1) (a) of the GDPR.
Further information on YouTube’s data protection practices is provided by Google at the following link: https://www.google.de/intl/en/policies/privacy/.
3.2.12 SoundCloud
We use an embedded media player from SoundCloud, an online audio distribution platform and music exchange service provided by SoundCloud Global Limited & Co. KG, Rheinsberger Str. 76/77, 10115 Berlin, Germany, on our website. The SoundCloud media player uses cookies and similar technologies to provide, protect and improve the SoundCloud platform.
We use SoundCloud by embedding individual audio files or playlists from the platform on our website as an “iFrame” so that they can be played directly on our website. When you visit a subpage of our website that an audio file is embedded in, a connection to the SoundCloud servers is established and the audio file is made playable within our website. This tells SoundCloud which web page you have visited. Your IP address will also be transferred to SoundCloud. If you play an embedded audio file, this information is also passed on to SoundCloud. If you are logged in as a SoundCloud user, SoundCloud will assign this data to your user account.
Steinberg has no influence over data processing at SoundCloud, in particular over how long the collected data is stored for or over data transfer. You can find information on this in SoundCloud’s cookie policy at: https://soundcloud.com/pages/cookies.
Data is processed based on your consent (Article 6 (1) (a) of the GDPR). You can revoke your consent at any time with effect for the future.
3.2.13 Google Fonts
We use Google Fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to display fonts on our website in a uniform manner. The controller for users in the EU / the EEA and Switzerland is Google Ireland Limited, Google Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
When you visit our website, the required data is loaded to your browser cache to display texts and fonts correctly. This requires a connection to Google’s servers to be established and may result in transfer of personal data, in particular your IP address, to Google LLC’s servers in the USA. Google Fonts are transferred to your browser’s cache to avoid loading multiple times over. If your browser does not support web fonts or blocks access, your computer will use a standard font.
We use Google Fonts in the interest of displaying our website in a uniform and appealing way. The legal basis is the need to safeguard our legitimate interests under Article 6 (1) (f) of the GDPR.
3.2.14 Adobe Fonts (Typekit)
We use what are known as “web fonts” from Adobe Systems Software
Ireland Limited (Adobe Ireland) to display fonts in a uniform manner.
When you view a page, your browser loads the required web fonts to your
browser cache to display texts and fonts correctly. The browser you are
using must connect to Adobe’s servers for this purpose. Adobe thus
receives information that our website has been accessed using your IP
address. We use Adobe Fonts in the interest of displaying our website in
a uniform and appealing way. The legal basis is the need to safeguard
our legitimate interests under Article 6 (1) (f) of the GDPR.
Insofar as data is processed outside the EEA, where a level of data
protection corresponding to the European standard does not exist, such
data transfer takes place based on standard contractual clauses approved
by the European Commission.
Further information on data protection with regard to Adobe Fonts and Adobe in general can be found at: https://www.adobe.com/privacy/policies/adobe-fonts.html and https://www.adobe.com/privacy/policy.html.
3.2.15 Facebook conversion tracking pixel
We use the Custom Audiences service provided by Meta Platforms, Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA (hereinafter referred to as “Facebook”), as part of usage-based online advertising. For this purpose, we use the Facebook Ads Manager to define target groups of users based on certain characteristics who are subsequently shown ads within the Facebook network. Facebook selects users based on the profile information they provide and other data provided using Facebook. If users click on an ad and then reach our website, Facebook is notified that the users have clicked on the advertising banner using the Facebook pixel integrated on our website.
In principle, a non-reversible and non-personal checksum (hash value) that is transferred to Facebook for analytics and marketing purposes is generated from your usage data. A Facebook cookie is set during this process. It collects information on your activities on our website (e.g. surfing behavior, subpages visited, etc.). Your IP address is also stored and used to geographically control advertising.
We do not use Facebook Custom Audiences using the customer list or the “advanced matching” function.
Please refer to Facebook’s privacy policy for further information about the purpose and scope of data collection and Facebook’s further processing and use of the data, as well as possible settings you can make to protect your privacy. You can also make settings to control which ads you are shown on Facebook in your Facebook account settings.
The legal basis for data collection is your consent. You can revoke your consent at any time with effect for the future.
We store the data that the Facebook conversion tracking pixel collects for 90 days.
Joint controllership:
Steinberg Media Technologies GmbH and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, are joint controllers who are responsible for data collection and transfer as part of this process. We have concluded a corresponding agreement with Facebook regulating our joint controllership. It is available here: https://www.facebook.com/legal/controller_addendum. This defines the respective responsibilities for complying with the obligation under the GDPR with regard to joint controllership. The contact details and data of Facebook’s data protection officer can be found here: https://www.facebook.com/about/privacy.
3.2.16 TikTok Pixel
We use “TikTok Pixel”, a tracking and conversion tool provided by the Chinese company ByteDance, on our website. The controller for users in the EU / the EEA and Switzerland is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok”).
TikTok Pixel allows us to measure our ad performance and conversions, and to build target groups for remarketing purposes. It also enables us to display interest-based advertising to users of our website and to measure and analyze their behavior on our website for statistical and market research purposes.
Among other things, the IP address, a device ID, the device type and the operating system, not to mention information on the activities on our website (e.g. surfing behavior, subpages visited, etc.), may be recorded. This data is transferred to TikTok. TikTok may use this information to assign users of our website to a TikTok user account. TikTok uses this data to display personalized advertising to its users and to create interest-based user profiles.
If data is transferred to countries outside the European Economic Area where a level of data protection corresponding to the European standard does not exist, TikTok states that it uses standard data protection clauses under Article 46 (2) (c) of the GDPR.
TikTok Pixel processes data based on your consent under Article 6 (1) (a) of the GDPR. You can revoke this consent at any time with effect for the future.
Further information on TikTok’s data processing operations can be found in TikTok’s privacy policy: https://www.tiktok.com/legal/privacy-policy-eea?lang=en.
3.2.17 Optimizely
We currently use Optimizely, which is operated by Optimizely, Inc., 631 Howard Street, Suite 100, San Francisco, CA 94105, USA, to improve website design (A/B and multivariate tests).
This involves testing an original version of our website against a modified version to find out which is more appealing and effective to you. Optimizely uses cookies for this purpose. The data collected in the cookie is generally transferred to and stored on an Optimizely server in the USA. The cookies are valid for six months and do not collect any personal data. When you visit our website, Optimizely also evaluates technical information based on the data transferred by your browser (e.g. browser type / version, operating system used, web pages visited on our site, including length of stay, web page visited beforehand). Your IP address is only processed in anonymized form. IP addresses are thus truncated before they are transferred to a server in the USA. The possibility of direct reference to individuals in connection with the stored data is therefore generally excluded.
The purpose of data processing is to analyze user behavior for optimization and marketing purposes. Pseudonymized usage profiles can be created and evaluated from the collected data for the same purpose.
Optimizely’s privacy policy can be viewed here: https://www.optimizely.com/privacy/.
Data is only collected and stored with your express consent under the first sentence of Article 6 (1) (a) of the GDPR. You can revoke this consent at any time with effect for the future.
3.3 Protecting privacy in telecommunications and digital services (TDDDG)
The Telecommunications Digital Services Data Protection Act (TDDDG) codifies the principles on consent to the storage of information on terminal devices that were previously established by case law and regulates the lawfulness of access to existing information. Insofar as consent under Article 6 (1) of the GDPR is indicated as the legal basis in the context of the processing listed above, this is also consent under Section 25 (1) of the TDDDG.
4 MySteinberg customer account / Steinberg ID
You can apply for your personal Steinberg ID using our website and thus gain access to a personal customer area (“MySteinberg portal”). This customer area gives you access to an overview of your Steinberg products and any updates or upgrades available for them, not to mention direct access to our support services, Steinberg forums and other functionalities.
To create such a customer account, you only need to provide a valid email address, a secure password, your first and last name (so that we can help you if you need to restore access to your customer account, for example), and the corresponding license data if you are registering a product. You can provide further information on a voluntary basis. You must also be at least 16 years old or provide us with proof of parental consent.
You need to create a customer account or to have your personal Steinberg ID to download and activate or register your Steinberg products, to receive support, updates and upgrades, or to voluntarily use other Steinberg services (e.g. to take part in discussions on the Steinberg forum). Registration is a prerequisite for using many products. This is the only way we can protect our software and services from unlawful duplication and use. Details on activating and licensing our products can be found in the Steinberg EULA.
The legal basis for personal data processing associated with the Steinberg ID and the MySteinberg customer account is the performance of the contract concluded with you in this regard (Article 6 (1) (b) of the GDPR).
The details of your customer account will be stored until it is deleted. If you have provided voluntary information, you can delete or change it yourself at any time in your customer area. Data collected as part of a request to create a user account will be automatically deleted no later than 48 hours after the customer account has been created, unless the user has confirmed the setup of their customer account by email by that time.
Your customer account data is hosted exclusively on servers within Germany by a service provider.
5 When making purchases using our website
If you decide to purchase one of the products shown on our website during your visit, you will be taken to the website of FastSpring (our sales partner) as soon as you click on the “Add to shopping cart” button. FastSpring is the seller of the product in question in the legal sense and becomes your contractual partner when you place an order.
Data processing by our sales partner
As technology from FastSpring (our sales partner) is integrated into the Steinberg website, only the data mentioned above under “Visiting our website” and the product selection you have made will be transferred:
The date and time of access;
The URL (address) of the referring website;
The browser type and version;
The operating system;
The IP address of the requesting internet-enabled device.
This is absolutely necessary to be able to continue the ordering process from a technical standpoint. The legal basis for data processing is therefore the first sentence of Article 6 (1) (b) of the GDPR.
As you continue with the ordering process, further personal data such as your name, address and payment details will be collected from you for the purpose of recording and processing your order.
If you do not have a Steinberg ID for licensing or activating your new Steinberg product, Steinberg will create a Steinberg ID for the email address you used when you made your purchase and will guide you through the process of using it from now on. You can find more information about the Steinberg ID in the section entitled “MySteinberg customer account / Steinberg ID”.
FastSpring (our sales partner) and Steinberg are joint controllers for processing this data under Article 26 (1) of the GDPR. Steinberg has concluded a corresponding agreement on joint controllership with the sales partner. Please contact FastSpring if you have any data protection concerns regarding purchase and payment. Please contact Steinberg at any time if you have any further concerns or questions relating to data protection.
Support with licensing, activation and startup
If you buy a product from our online store, Steinberg will be happy to help you with any questions you have relating to licensing, activation and startup. For these support purposes, it may be necessary for us to process your personal data to resolve your request.
The legal basis for this is the purchase contract for Steinberg products that you concluded with FastSpring (our sales partner). We store the data that we collect as part of our support services for as long as is necessary to assist you with your request.
Statistical evaluations
We use data from your transactions on our online store to generate statistical evaluations for further developing our products and (store) website.
For this purpose, FastSpring (our sales partner) will provide us with data relating to your purchase once you have completed a purchase with it. We use this data, in particular the purchaser’s personal data, and including their address and the products they purchased, to create statistical evaluations.
These statistics are used to improve and further develop the products and services we offer and to create sales forecasts. Personal data is only used to create the evaluations to the extent that doing so is necessary for the aforementioned purposes. The data is pseudonymized or anonymized as far as possible before it is evaluated. The results of the evaluations are used exclusively in aggregated form. Customer-related evaluations are not carried out unless the customer has expressly consented to this.
The legal basis for processing the data described above is the first sentence of Article 6 (1) (f) of the GDPR. Our legitimate interests lie in maintaining the competitiveness of our products and improving our sales.
We have concluded a joint controllership agreement with FastSpring (our sales partner). It transparently regulates who complies with which obligations under the GDPR. Please contact us at any time to assert your rights as a data subject.
If you would like to purchase an Education or Crossgrade version
We must check your eligibility if you would like to purchase a discounted Education version for pupils, students or teachers or a Crossgrade version (for anyone who owns another qualifying product). For that reason, we request that you log in with your Steinberg ID and upload your school certificate in PDF form or proof of purchase for a competitor’s product, for example. Once a Steinberg employee has checked it, you will receive a link that you can use to purchase your desired product at a reduced price.
The documents you uploaded will be deleted 30 days after they were checked. The metadata for checking your eligibility will be stored for support purposes until your Steinberg ID is deleted.
The legal basis for storing and processing the data and documents you provided to prove your eligibility is Article 6 (1) (b) of the GDPR.
6 Trial and SE/AI/LE versions
We generally provide free trial or SE/AI/LE versions for some of our software products. You can download these time-limited trial versions or SE/AI/LE versions with limited functionality from our website after creating a Steinberg ID. To create your Steinberg ID, all we need from you is a valid email address, your first and last name, and a password of your choosing (see above).
Together with your Steinberg ID, we store the fact that you have used a specific trial version in our license management system. We do this for a certain period of time to effectively eliminate the possibility of unintended use of multiple trial versions. Your personal data is processed in the context of providing trial and SE/AI/LE versions based on Article 6 (1) (b) of the GDPR.
In case of trial versions, we reserve the right to exchange, evaluate and process usage data for the purpose of product improvement. This is based on a legitimate interest under Article 6 (1) (f) of the EU’s GDPR for software improvement, with the possibility of objection with effect for the future (e.g. in the product or in the Steinberg account). In case of products acquired for free, such as SE/AI/LE versions, any exchange, evaluation and processing of usage data serves the purpose of product improvement and is based on the legitimate interest of performing the contract under Article 6 (1) (b) of the GDPR.
7 VST Connect
VST Connect is a product from Steinberg Media Technologies GmbH that allows you to invite other musicians to contribute to your project over the internet.
VST Connect allows you and a third party to work together on an audio project or to exchange audio and video messages over a peer-to-peer connection with audio, video or MIDI data. To do this, you and the third party you would like to work with must log in with your Steinberg ID. An alias that the project partner can use to find you is created to establish the connection. Steinberg can assign this alias to you as a person. Steinberg also processes your IP address to establish the connection. Steinberg has no access to the audio, video and MIDI data.
The purpose of such processing is thus to establish a technical connection for cooperation between you and third parties. No other personal data is collected apart from the data mentioned here and the data mentioned in the section entitled “Steinberg ID”.
Data in the context of VST Connect is erased after the connection has been terminated or after the Steinberg ID that the data was assigned to has been deleted. Please also refer to the “Steinberg ID” section of this privacy policy.
The legal basis for such data processing is Article 6 (1) (b) of the GDPR.
8 Product support
If you request assistance with your products using the support portal (which is accessible within your customer account), the following personal data must be transferred: your title, first name, last name, request, email address, and consent data. This also applies if you contact our Support team over the phone.
We create support tickets with the help of a service provider’s product. Our employees and you as a registered user of our products can use these support tickets to recap the status of your request at any time (and our employees can use them to initiate further steps if necessary). The legal basis for the associated personal data processing is the safeguarding of our legitimate interest in providing fast and efficient support for the users of our products (Article 6 (1) (f) of the GDPR), as well as Article 6 (1) (b) of the GDPR, if the aim of your request is to conclude a contract or if the processing is necessary for the performance of an existing contractual relationship between us.
If you are based outside the EU / EEA, the regional sales partner in whose territory you indicate your country of residence as being in in the Steinberg customer area can view the data you have provided for the requested support, all the while ensuring an adequate level of data protection. If, in this case, you have to enter your data in a system operated by our regional sales partner, an adequate level of data protection is also guaranteed for your data.
9 Steinberg Forum
We operate a forum at https://forums.steinberg.net/, where our users can discuss various topics from the world of Steinberg, in particular our individual products. To register for the forum, you need a Steinberg ID (see above) and a username of your choosing. Additional information (biographical details, geolocation, date of birth) can be added as an option.
When you submit posts, they are posted in the thread in question for all forum visitors to see. Other forum users can reply, add likes, etc. Your posts on our forums are always saved permanently. Processing of your user data and the posts you publish on the forum is based on Article 6 (1) (b) of the GDPR, for the performance of the contract concluded with you on the use of your Steinberg ID.
Furthermore, when a post is published, your IP address is stored for the purpose of identifying authors of inappropriate or illegal posts (for which we as the site operator can be held responsible) if necessary. The legal basis for this is Article 6 (1) (f) of the GDPR. Our legitimate interests lie in preventing individual users from and, if necessary, having them prosecuted for posting illegal content.
Further information on data protection at Civilized Discourse Construction Kit, Inc. can be found at: https://www.discourse.org/privacy
10 If you read and comment on our blog
You will find a product subpage for our “Dorico” software at the URL: https://blog.dorico.com. This subpage was created with WordPress and contains its own blog. This results in the following special personal data processing operations, which only relate to this Dorico subpage:
10.1 Blog function
In the context of the blog, users can comment on our articles and on other users’ posts. To take part in the blog, all you need to do is enter a username and a valid email address. Providing details of a website is optional.
When you submit comments on an article (or a comment), they are posted in the thread in question for all blog visitors to see. Other blog users can reply to them. Your comments on our forums are always saved permanently. Processing of your user data and the posts you publish on the forum is based on Article 6 (1) (b) and Article 6 (1) (f) of the GDPR. This necessary to provide the comments function you use in the context of our website’s terms of use and to comply with our legitimate interest in contacting you if third parties should object to your comment as unlawful.
Furthermore, when a comment is published, your IP address is stored for the purpose of identifying authors of inappropriate or illegal comments (for which we as the site operator can be held responsible) if necessary. The legal basis for this is Article 6 (1) (f) of the GDPR. Our legitimate interests lie in preventing individual users from and, if necessary, having them prosecuted for posting illegal content.
10.2 Gravatar
We use the Gravatar service provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, within our blog’s comments function. A “gravatar” is a globally recognized avatar – a user image available worldwide – that is assigned to an email address and can be used in various online services. With the help of Gravatar, we offer you the opportunity to personalize your posts with a profile picture.
To use Gravatar’s functions, you must first of all register with Automattic Inc. (the provider) and enter the email addresses you wish to use a gravatar for. When you submit a post on our blog, the email address you use here is sent to Automattic’s servers in hashed form and compared there with registered users’ hashed email addresses. If the assignment is successful, the gravatar you have selected for the email address in question will then be displayed in our blog. If you do not want this to happen, you can also leave a comment using an email address that is not registered with Gravatar. However, even then data (such as technical and device-related data, and in particular your IP address) will be transferred to the USA.
The legal basis for the personal data processing described above, including transfer to the USA, is the consent you granted previously under Article 6 (1) (a) of the GDPR. You can revoke this consent at any time with effect for the future by unchecking the corresponding consent checkbox.
Further information on Automattic’s processing of your personal data can be found in its privacy policy at: https://automattic.com/privacy/.
10.3 Akismet anti-spam check
We use the “Akismet” service provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. With the help of this service, we can make a distinction between comments made by real people and spam comments. For this purpose, all comments are sent to an Automattic server in the USA, where they are analyzed and stored for four days for comparison purposes. If a comment is classified as spam, the data will also be stored beyond this period.
The following information is processed: the name entered, the email address, the IP address, the content of the comment, the referrer, the browser used, the time of posting, and the terminal device’s operating system. You can prevent data collection to some extent by not entering your name or email address or by using a pseudonym when commenting. Alternatively, you would have to refrain from commenting.
The legal basis for the aforementioned processing of your personal data is your consent under Article 6 (1) (a) of the GDPR. Further information on Akismet’s data collection and usage activities can be found in Automattic’s privacy policy: https://automattic.com/privacy/.
10.4 Jetpack (WordPress Stats)
We use the Jetpack plugin (specifically the “WordPress Stats” subfunction) provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, for the purpose of statistically evaluating user visits. Jetpack uses what are known as “cookies”, which are text files that are stored on your computer and enable analysis of your use of the website.
The processed data can be used to create user profiles, whereby they are only used for analytics purposes, not for advertising purposes. The information that the cookie generates about your use of the Dorico pages is stored on a server in the USA.
The legal basis for the personal data processing described above is the consent you granted previously under Article 6 (1) (a) of the GDPR.
11 Newsletter, online surveys, social media fan pages
11.1 Newsletter
If you subscribe to our newsletter, we will inform you by email of the latest news from Steinberg and of special offers, promotions and events. The legal basis for sending the newsletter in question is your consent under the first sentence of Article 6 (1) (a) of the GDPR. We can also provide existing customers with relevant information by email under the conditions set out in Section 7 (3) of the German Protection Against Unfair Competition Act (UWG). Your data will not be disclosed to third parties for advertising purposes.
We use what is known as the “double opt-in procedure” to register subscribers to our newsletters. This means that, once you have subscribed, we will send you an email to the email address you provided. In this email, we ask you to confirm that you would like to receive the newsletter. If you do not confirm your subscription, your information will be automatically erased after 2 days.
We store your current IP address at the time of subscription, the time of subscription and the confirmation for up to three years after subscription (limitation period) – unless you have interacted with a newsletter email in the meantime (see below for details). The purpose of this procedure is to be able to prove your subscription in case of doubt and, if necessary, to clarify any misuse of your personal data. The legal basis for logging the subscription is our legitimate interest under the first sentence of Article 6 (1) (f) of the GDPR in proving previously granted consent. Also see Article 7 (1) of the GDPR.
You can revoke your consent to receiving the newsletter and unsubscribe from it at any time. You can revoke your consent by clicking on the link provided in every newsletter email.
To provide relevant information, we may combine newsletter opening and clicking behavior with product activations, purchasing behavior and visiting behavior on the website, and your details for newsletter campaigns. For this evaluation, the emails sent contain what are known as “web beacons” or “tracking pixels” and, if applicable, personalized links that are stored on our server and are loaded when the newsletter is opened or when you click on the link.
We use the data obtained in this way to create a user profile so we can tailor the newsletter to your individual interests. We record when you read our newsletters and which links you click on in them, and thus draw conclusions about your personal interests. We link this data to actions you perform on our website.
The legal basis for such data processing is your consent under the first sentence of Article 6 (1) (b) of the GDPR.
You can revoke your consent at any time with effect for the future. Simply click on the Unsubscribe link provided in every email.
11.2 Online surveys
From time to time, we conduct online surveys (e.g. by means of a link on our forum, using the website or in our newsletter). We record your answers to the individual questions as part of the survey. Participation in the survey is voluntary, as is answering the questions.
We will process the data you enter in the survey to enable us to analyze all the respondents’ responses. We hope that the analysis will allow us to draw conclusions about the respective questions in the survey.
We will retain your data for as long as doing so is necessary for the purposes for which it was collected (in particular for marketing purposes). The legal basis for processing your data as part of the online survey is the consent you granted previously under Article 6 (1) (a) of the GDPR, which you can revoke at any time with effect for the future.
We use two tools in particular for the surveys:
Our surveys can be carried out using the QuestionPro tool. QuestionPro is a product provided by QuestionPro GmbH, Friedrichstrasse 171, 10117 Berlin, Germany. If you take part in a survey, the information you provide, the time of your participation and your IP address will be processed by QuestionPro on our behalf. We have concluded a processing agreement with QuestionPro (under Article 28 of the GDPR).
To create and conduct surveys, we sometimes also use Google Forms provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. The data collected with a Google Forms form is stored on a cloud storage solution provided for us by Google. In addition to the respective personal data that you enter in the forms, information about your operating system, your browser, the date and time of your visit, the referrer URL and your IP address is also collected, transferred to the provider and stored on the provider’s servers.
11.3 Social media fan pages
The online platforms provided by some third-party providers (such as SoundCloud, Facebook, Instagram, Twitter or YouTube) have their own Steinberg profiles (fan pages), where users have the opportunity to publish their own content relating to our products (e.g. comments they have posted). We expressly refer to the terms of use applicable to the third-party providers in question, in particular the corresponding data protection provisions.
On our website, you will find links to our corresponding profiles with these third-party providers (which are recognizable by the symbol of the third-party provider in question). They are not what are known as “social plugins”, but are rather simple links. So data is not exchanged with the websites of these third-party providers when you merely visit our website. Data is only exchanged when you decide to access the third-party provider’s corresponding service by clicking on one of the symbols. Please refer to the privacy policy of the provider in question for information on how it processes your personal data.