Privacy Policy

The basis of effective data protection is comprehensive information about the collection, processing and use of your data. Therefore, we would like to inform you,

  • when or during which actions we process data

  • what data we process and for what reasons

  • who receives data

  • what rights you have because of the data processing by us.

This privacy policy only governs the processing of personal data in the context of the use of our platform www.maltemartenmethod.com ("Platform").

When you leave the platform, you also leave the scope of this privacy policy.

The privacy policy can be accessed at any time under the following URL: [www.maltemartenmethod.com/privacy-policy].


1. Contact information

The person responsible for data processing within the framework of this platform within the meaning of the General Data Protection Regulation (GDPR) is:

Malte Marten GmbH

Heimatstraße 19, 79102 Freiburg

contact@maltemartenmethod.com


2. General information on data processing

2.1.

On the website Maltemartenmethod.com you will find information about the handpan player Malte Marten. There are also onlineclasses to learn how to play the handpan according to the MalteMartenMethod, connect with an active community, take part in workshops and so much more. The processing of personal data is essential to a certain extent so that we can offer these extensive services. In other areas, it is not absolutely necessary but enables us to significantly improve our offering. The purpose of this document is to provide clear and transparent information about all these data processing operations. If you have any questions, please do not hesitate to contact us using the contact details provided.

2.2. Scope of the processing of personal data

The provision of the platform requires the processing of various information. In addition, the scope of data processing depends on your use of the functionalities of the platform, for example when you register or check-in to an event.

You are not obliged to provide us with personal data. However, insofar as the provision of this data is technically mandatory for the use of our platform, a refusal will result in you not being able to use our platform.

As a user of our platform, you are not subject to automated decision-making within the meaning of Art. 22 GDPR.

The following categories of data may be processed in the context of the use of the platform:

  • Access data

  • Contact details (e.g. surname, first name, username, address(optional), telephone number, e-mail address(optional))[JDJ1] 

  • Identification data (e.g. date of birth (optional))

  • profile picture

  • System and log data (e.g. IP address, device manufacturer, provider name, operating system


2.3. Legal basis for the processing of personal data


The legal bases for the processing of personal data are presented below.

Performance of contract or implementation of pre-contractual measures (Art. 6 para. 1 b) GDPR)

Processing is only carried out to the extent that is necessary for the exercise and fulfilment of the rights and obligations arising from the contract. Unless expressly stated otherwise, data processing by us will only take place to this extent.

Legitimate interest (Art. 6 para. 1 f) GDPR)

Processing takes place insofar as we have a legitimate interest and no conflicting overriding interests of the data subject are apparent. The specific interest is explained in this data protection declaration as part of the processing description.

Consent (Art. 6 para. 1 a) GDPR)

Processing takes place if you have expressly consented to the type and scope of data processing. You can revoke your consent at any time with effect for the future. However, the processing that has taken place up to this point will not be affected by this.

Legal obligation (Art. 6 para. 1 c) GDPR)

Processing takes place insofar as this is necessary for the fulfilment of German or European legal obligations.


2.4. Data deletion and storage period

We delete your personal data as soon as the legal basis for its processing ceases to apply. In some cases, however, legal bases may also exist in parallel or a new legal basis may take effect when a legal basis ceases to exist, such as the obligation to store certain data in order to comply with a statutory retention obligation.


3. Data processing in detail

In order for us to be able to show you the platform, it is necessary to process certain information. This already takes place when you call up our platform. In addition, we offer various functionalities on our platform that make further data processing necessary.


3.1. Log Files

When you call up our platform, your end device sends various information, so-called server log files, to our server. We need these to establish and maintain the connection. Among the data is also your IP address, which we treat as personal data.

This data is not merged with other data about you. The storage of log files including your IP address serves the legitimate interest of providing our platform and preventing its misuse. Stored log files are deleted after 30 days at the latest, unless longer storage is necessary, for example, to prevent or clarify an attack on our platform.


3.2. Registration and log-in

In order to use the Platform, you must register. For this purpose, we collect the following data:

First name, last name, e-mail address, picture, date of birth[JDJ2] 


3.3.    Event participation (weekly live calls)

If you attend an event, such as the weekly live calls on our Platform, we process the personal data you provide during registration to determine whether you have the necessary authorisation for access.


3.4.   Event information by e-mail

Within the scope of your registration on our platform and in your user account, you have the option of activating or deactivating notifications regarding important information about the event (e.g. event cancellation). These notifications will only be made after you have given your consent or if there is a justified interest in this respect.


3.5.   Social Features

We offer several features that allow you to experience events even better with your friends. We can only make some of these functions available to you if you give us permission to process additional data (e.g. access to the address book of your mobile phone). Of course, you can revoke such consents (we ask for them separately) at any time.


4. Cookies

We use cookies on our platform. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognised by our servers. If this use of cookies results in the processing of personal data, this is based on the legal basis of Art. 6 (1) (f) GDPR if the cookie is absolutely necessary for the operation of the platform. Otherwise, we obtain your consent in advance in accordance with Art. 6 (1) (a) GDPR. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or for specific cases.

The following cookies are absolutely necessary for the operation of the platform. The legal basis in this respect is Art. 6 (1) (f) GDPR, § 25 II TTDSG.

  • Name: CookieConsent; Purpose: Storage of the user's consent status for cookies on the platform.

  • Name: LOCALIZE_DEFAULT_LANGUAGE; Purpose: Storage of the language settings on the platform.


The following cookies are only used, when consent has been given:

Google Analytics

We use Google Analytics to analyse website usage. The data obtained from this is used to optimise our website and advertising measures.

Google Analytics is provided to us by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the website usage data on our behalf and is contractually obliged to take measures to ensure the security and confidentiality of the processed data. We have a Data processing agreement in place with Google Ireland Limited (Art. 28 GDPR). Other Google entities based in the US are part of the Data Framework Agreement.
Google Analytics is processing the following data after consent is given:

  • Pages viewed

  • contact enquiries and newsletter registrations

  • length of stay, clicks

  • Your approximate location 

  • Your IP address (in abbreviated form, so that no clear assignment is possible)

  • Technical information such as browser, internet provider, end device and screen resolution

  • Source of origin of your visit


This data is transferred to Google servers in the USA. We would like to point out that all Google companies seated in the USA are part of the Data Privacy Framework (https://www.dataprivacyframework.gov/).

Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future visits to the website.

You can revoke your consent at any time afterwards.

Facebook Tracking/Pixel

We use a tracking function from Facebook (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland) on our website. We have implemented a code on our website for this purpose. If you have come to our website via Facebook ads, Meta can track your behaviour on our website by storing activities in a cookie on your computer. These cookies enable Meta to match your user data (customer data such as IP address, user ID) with the data of your Facebook account. The data collected is anonymous and cannot be viewed by us and can only be used in the context of adverts. If you are a Facebook user and are logged in, your visit to our website is automatically assigned to your Facebook user account.

All Meta companies that are based in the USA are part of the Data Privacy Framework. We have concluded a data processing agreement with Meta. For data processing that is not carried out on our behalf, you can also contact Meta directly.

You can revoke your consent at any time afterwards.


5. Possibility of objection and revocation

Insofar as the data processing is based on your consent or our legitimate interest, you have the right to object to the processing at any time or to revoke the consent you have given. Your objection or revocation only has effect for the future. If the analysis cookies used offer their own technical options for deactivation, this is shown there in each case. You can exercise your right of objection or revocation at any time by contacting contact@maltemartenmethod.com to exercise your right to object or revoke. If you object to processing on the basis of our legitimate interest, we may nevertheless continue the processing if we can demonstrate compelling legitimate grounds for the processing which override your interest, rights and freedoms.


6. Data subjects' rights

If personal data relating to you is processed, you are a data subject within the meaning of Art. 4 (1) GDPR. As a data subject, you are entitled to the following rights with regard to your personal data. To exercise these rights, you can contact us using the contact details provided above.

Right of access by the data subject according to Art. 15 GDPR

You have a right of access to your personal data processed by us. This includes the mandatory information set out in Art. 15 GDPR.

Right of rectification according to Art. 16 GDPR

You have the right to request the immediate correction of incorrect personal data and the completion of incorrect personal data.

Right to erasure according to Art. 17 GDPR

You have the right to request the erasure of your personal data if one of the reasons listed in Art. 17 of the GDPR applies, in particular if there is no longer a legal basis for the processing.

Right to restriction of processing according to Art. 18 GDPR

You have the right to request the restriction of the processing of your personal data if one of the reasons listed in Art. 18 of the GDPR applies, in particular at your request instead of deletion of the data.

Right to data portability according to Art. 20 GDPR

In accordance with the provisions of Article 20 of the GDPR, you have the right to request the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller without hindrance from the controller to whom the personal data was provided.

Right to complain to the competent supervisory authority, Art. 77 GDPR

You have the right to lodge a complaint with the supervisory authority responsible for you in accordance with Art. 77 GDPR.


7. Recipients of data

The processing of your personal data in the context of the use of the platform is also partly carried out by processors. These are involved exclusively on the basis of a commissioning agreement in accordance with Art. 28 (3) GDPR.

We will only pass on your data to third parties if

  • you have given your consent to this, Art. 6 para. 1 p. 1 lit. a GDPR.

  • which is necessary for the processing of the contractual relationship with you, Art. 6 para. 1 p. 1 lit. b GDPR.

  • there is a legal obligation to do so, Art. 6 para. 1 lit. c GDPR.

  • the processing is necessary to protect vital interests pursuant to Art. 6 para. 1 sentence 1 lit. d GDPR.

  • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller pursuant to Art. 6 para. 1 sentence 1 lit. e GDPR.

  • the disclosure is necessary in accordance with Art. 6 (1) p. 1 lit. f GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.


8. Data transfer to third countries

If there is a transfer of personal data to a third country, this is described in this declaration in connection with the respective processing. The current Standard Contractual Clauses (SCC) of the EU Commission are used to secure the transfer if no adequacy decision is available for the third country.

The data is generally hosted on servers located in Germany.


9. Data security

The transmission of information to or from this platform is secured with TLS encryption.

In addition, we use a range of technical and organisational measures to protect your data. In particular, we focus on the requirements of Article 32 of the GDPR. This means that we protect personal data by implementing appropriate technical and organisational measures. This includes, for example, the pseudonymisation and/or encryption of data. We also ensure that all employees who have access to personal data receive regular training on how to handle sensitive data in accordance with data protection regulations.


10. Other

The further development of our platform as well as changes in legal requirements may make it necessary to amend this data protection declaration. The current version is available at any time on our plattform.


Status: February 2024