Privacy policy statement

The protection of your privacy is very important to us. Below we inform you in detail about the handling of your data.

Data protection, Controller and Data Protection Officer

In this privacy policy we inform you about the collection of personal data when using our website. Personal data are all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

This privacy policy explains which kind of data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission in the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Unless a more specific storage period is specified within this privacy policy, your personal data will remain with us until the purpose for the data processing doesn’t apply anymore. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons cease to apply.

The Controller for the processing of your personal data through this website is the

Rammstein GbR,
consisting of Richard Kruspe, Paul Landers, Till Lindemann, Christian Lorenz, Oliver Riedel, Christoph Schneider (hereinafter referred to as: Rammstein)

Hertzstr.63 b
13158 Berlin
Deutschland
E-Mail: info@rammstein-management.de

You can reach our data protection officer at the e-mail datenschutz@rammsteinshop.de.

2. General notes and mandatory information

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the website operator, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website are stored on the hoster's servers. This may include e.g. IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Our hoster will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.

We host the content of our website with the following provider:

Vercel Inc.

340 S Lemon Ave #4133,

Walnut, CA 91789

E-Mail: privacy@vercel.com

https://vercel.com

Details can be found in the privacy policy of Vercel: https://vercel.com/legal/privacy-policy.

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that our service provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

In addition, we have concluded standard contractual clauses of the EU Commission in order to be able to guarantee an appropriate level of protection during data transmission.

c) Content Delivery Network

We use Vercel Edge Network for the content delivery network. The provider is Vercel Inc, 340 S Lemon Ave #4133, Walnut, CA 91789, https://vercel.com (hereinafter "Vercel"). This is a globally distributed content delivery network. Technically, the transfer of information between your browser and our website is routed via the content delivery network. This means that access data is processed on the provider's servers.

By using Vercel Edge Network, we can increase the global accessibility and performance of our website. This is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).

As a service provider, Vercel works for us in accordance with our instructions as part of order processing.

We have concluded an data processing contract and standard contractual clauses of the EU Commission in order to be able to guarantee data subjects a level of data protection comparable to that of the EU / EEA, even in the case of data transfer to the USA. You can find details here: https://vercel.com/legal/dpa.

You can find more information about Vercel’s privacy policy here: https://vercel.com/legal/privacy-policy.

3. Data collection on our website

a) Cookies

Our websites and pages use what the industry refers to as “cookies.” Cookies are small data packages that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically eradicated by your web browser.

Cookies can be issued by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies into websites (e.g., cookies for handling payment services).

Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of these cookies (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for promotional purposes.

Cookies, which are required for the performance of electronic communication transactions, for the provision of certain functions you want to use (e.g., for the shopping cart function) or those that are necessary for the optimization (required cookies) of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6 para. 1 lit.f GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of required cookies to ensure the technically error-free and optimized provision of the operator’s services. If your consent to the storage of the cookies and similar recognition technologies has been requested, the processing occurs exclusively on the basis of the consent obtained (Art. 6 para. 1 lit.a GDPR and § 25 para. 1 TTDSG); this consent may be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete-function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.

Which cookies and services are used on this website can be found in this privacy policy.

b) Cookie Script of Universal Music

Our website also includes cookies from Universal Music GmbH (hereinafter: "Universal"), Stralauer Allee 1, 10245 Berlin, Germany, which in turn integrate other cookies and services. According to Universal, these can be used to categorize user pools (on an anonymous basis) based on demographic and/or behavioral data and to target their advertising and third-party advertising to users with cookies on third-party websites. automated decision-making techniques, including profiling, may be used to try to identify artists, music, messages, products or offers of interest.

You can find more information about Universal's data collection at https://www.universal-music.de/rechtliche-hinweise/privacy-policy.

Cookies are stored on the basis of your consent in accordance with Art. 6 para. 1 lit.a GDPR, which can be revoked at any time.

c) Consent with Klaro Consent Manager

Our website uses the technology of the open source tool Klaro Consent Manager (hereinafter referred to as "Klaro") to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document these in compliance with data protection regulations. The provider of this technology is KIProtect, Bismarckstr. 10-12, 10625 Berlin, Germany, website: https://klaro.org.

When you visit our website, the following personal data is transmitted to Klaro:

- your consent(s) or the withdrawal of your consent(s)

- your IP address

- Information about your browser

- Information about your end device

- the time of your visit to the website.

Furthermore, Klaro stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Klaro cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

Klaro is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

We have concluded an order processing contract with KIProtect. You can find more information on how Klaro handles your personal data at https://klaro.org/resources/privacy.

d) Server log files

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:

The type and version of browser used
The used operating system
Referrer URL
The hostname of the accessing computer
The time of the server inquiry
The IP address

This data is not merged with other data sources.

This data is recorded on the basis of Art. 6 para. 1 lit.f GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.

e) Press area of our website

(1) General information

As a press representative, you can register on our portal https://shop.rammstein.de/en to get access to exclusive image material after the live shows. To register, please enter the following data, which will be stored in the system:

- Last name, first name

- Street / house number

- Zip code, city, country

- Telephone / Mobile

- E-mail address

- Company / Publisher

- Function

- Password

You must enter the above data in order to use the portal. You can change your user data at any time after successful login. Further personal data is only collected if you provide this information voluntarily, e.g. as part of an inquiry.

Registration takes place by means of the so-called double opt-in procedure. This means that your registration is only complete once you have confirmed your registration via a confirmation e-mail sent to you for this purpose by activating the link contained therein. If your confirmation is not received within 24 hours, we will automatically delete your registration from our database.

By registering, you expressly declare (by clicking) that you will use the artist-related data exclusively for editorial and non-commercial purposes in accordance with our GTC. If you do not make this declaration, registration in our portal is not possible.

Access to the artist-related data via your registered profile is limited to the period of the current tour. If another tour takes place, we will inform you by e-mail in good time in advance so that you can reactivate your master data and access authorization and receive the corresponding access. For this purpose, you must give your express consent for your personal data to be stored in our database for the purpose of contacting you for any future tours. The data is stored to protect our legitimate interest on the basis of Art. 6 para.1 lit. b GDPR. If you do not give this consent, your data will be deleted shortly after the end of the current tour.

If you cancel your user account, we will delete your personal data seven days after confirmation.

(2) Recipients of personal data

In the context of press activities (e.g. interview requests/events), personal data may be forwarded to third parties (e.g. agencies, event organizers, venues). However, in these cases, the scope of the data transmitted is limited to what is necessary in the interests of data economy and data minimization. Therefore, only the necessary contact details are passed on. Further processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR for contractual fulfillment and our legitimate interest on the basis of Art. 6 para. 1 lit. f GDPR for the planned and safe execution of an event. If data is transferred to a third country outside the EU (e.g. USA) in this context, we will inform you about this and ask for your consent in accordance with Art. 6 para. 1 lit. a GDPR.

(3) Supabase

For user administration and authentication, we use the Supabase tool from the provider Supabase, Inc, 970 Toa Payoh North #07-04, Singapore, for the press area. In order to provide the services, it is necessary to process the contact details of the press agencies or similar interested parties as well as the contact details of the specific contact person. This is a mutual interest on the basis of Art. 6 para. 1 lit. f GDPR.

We have concluded a data processing agreement and standard contractual clauses with Supabase, which place a transfer to a third country under an appropriate level of data protection and oblige the processor to process your data only in accordance with our instructions.

You can find further information on data protection at https://supabase.com/privacy

4. Analysis tools

a) Tracking tools

The tracking measures listed below and used by us are carried out on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. With the tracking measures used, we want to ensure a needs-based design and continuous optimization of our website. On the other hand, we use the analysis measures to statistically record the use of our website and evaluate it for the purpose of optimizing our offer for you.

The respective data processing purposes and data categories can be found in the following explanations of the corresponding tracking tools.

b) Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

The company "Google" is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant- detail?contact=true&id=a2zt000000001L5AAI&status=Active.

c) Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant- detail?contact=true&id=a2zt000000001L5AAI&status=Active.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

We have concluded an order processing contract with Google. This means that Google will only process your personal data on our instructions and not for its own purposes.

5. Plugins und Tools

a) YouTube with extended data protection

This website embeds videos from the website YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube - regardless of whether you watch a video - establishes a connection to the Google DoubleClick network.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube may store various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.

If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

You can find more information about data protection at YouTube in their privacy policy at: https://policies.google.com/privacy?hl=en.

Vimeo without tracking (Do-Not-Track)

This website uses plugins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages equipped with Vimeo videos, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. In addition, Vimeo obtains your IP address. However, we have set Vimeo in such a way that Vimeo will not track your user activities and will not set any cookies.

The use of Vimeo is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. Insofar as a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Data transfer to the U.S. is based on the EU-U.S. Data Privacy Framework and/or the standard contractual clauses of the EU Commission, as well as, according to Vimeo, on "legitimate business interests".

For more information on the handling of user data, please see Vimeo's privacy policy at: https://vimeo.com/privacy.

c) Adobe Fonts

This website uses web fonts from Adobe for the uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you access this website, your browser loads the required fonts directly from Adobe in order to display them correctly on your device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This gives Adobe knowledge that this website has been accessed via your IP address. According to Adobe, no cookies are stored when the fonts are provided.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.adobe.com/de/privacy/eudatatransfers.html.

You can find more information about Adobe Fonts at: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

You can find Adobe's privacy policy at https://www.adobe.com/de/privacy/policy.html.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information you can obtain from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant- detail?contact=true&id=a2zt0000000TNo9AAG&status=Active.

d) OneSignal for Push-Messages

When you visit our website, we will ask you whether you would like to receive news from us in the future. If you give your consent, you will receive push notifications from our website at regular intervals. Clicking on these will take you directly to the advertised website and/or promotion. Push notifications are sent on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and Art. 6 para. 1 lit. f GDPR, as the function facilitates our service.

You can unsubscribe from the push notifications at any time if you no longer wish to receive them. This is possible directly with every push notification sent (depending on the browser) or on our website and in the general browser/system settings (depending on the browser/system).

To send push notifications, we use the service of the provider OneSignal Inc (hereinafter "OneSignal"), 2850 S Delaware St #201, San Mateo, CA 94403, USA.

In order to be able to send you the push notifications, it is necessary that non-personal data, such as a message, is sent to the OneSignal server and a non-personal ID is assigned that does not allow any conclusions to be drawn about the person. OneSignal states that it does not automatically collect IP addresses from users from the EU/EEA.

OneSignal may place cookies on your device if you have consented to the use and storage of cookies from third-party providers. The purpose of using the service is to make it easier for us to process inquiries and provide our website. The legal basis for the use of cookies is Art. 6 para. 1 lit. a GDPR.

You can find OneSignal's privacy policy here: https://onesignal.com/privacy_policy.

6. Newsletter

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use the newsletter service provider Mailchimp to process the newsletter.

Mailchimp

This website uses the services of Mailchimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Mailchimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. If you enter data for the purpose of subscribing to the newsletter (e.g. e-mail address), this data is stored on Mailchimp's servers in the USA.

With the help of Mailchimp, we can analyze our newsletter campaigns. When you open an email sent with Mailchimp, a file contained in the email (known as a web beacon) connects to Mailchimp's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not wish to be analyzed by Mailchimp, you should unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://mailchimp.com/eu-us-data-transfer-statement/ und https://mailchimp.com/legal/data-processing-addendum/ - Annex_C_-_Standard_Contractual_Clauses.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

You can get more information on the privacy policy of Mailchimp unter https://mailchimp.com/legal/terms/.

7. Transfer of personal data

a) Legal basis

We will only pass on your personal data to third parties if this is necessary to achieve our purposes and at least one of the following legal bases exists:

you have expressly given your consent to this in accordance with Art. 6 Para. 1 lit. a GDPR,
this is legally permissible and necessary for the processing of contractual relationships according to Art. 6 Para. 1 lit. b GDPR,
in the event that a legal obligation exists for the disclosure pursuant to Art. 6 para. 1 lit. c GDPR, as well as
the transfer according to Art. 6 para. 1 lit. f GDPR is necessary to protect our legitimate interests, unless your interests, fundamental rights and freedoms, which require the protection of your personal data, prevail.

b) Data transfer to the USA

We largely, but not exclusively, rely on service providers located within the EU/EEA or a third country for which the European Commission has adopted an adequacy decision within the meaning of Art. 45 of the GDPR. Even in the case of service providers based within the EU/EEA, however, we cannot guarantee in individual cases that they will store or process your data exclusively on servers in countries where a level of protection comparable to that in the EU/EEA prevails.

Among other things, we use tools from companies based in the USA. If these tools are active, your personal data may be transferred to these third countries and processed there. We note that the European Commission has adopted an adequacy decision for the EU-U.S. Data Privacy Framework (successor to the "Privacy Shield"). The decision states that the United States will ensure an adequate level of protection - comparable to that of the European Union - for personal data transferred from the EU to U.S. companies within the new framework. Based on this sectoral adequacy decision, personal data can be transferred securely from the EU to U.S. companies participating in the framework ("Data Privacy Framework") without having to implement additional data protection safeguards. To participate, companies must have certified themselves with the U.S. Department of Commerce. If they have not done so, the adequacy decision does not serve as a basis for secure data transmission. In these cases, we enter into Standard Contractual Clauses (SCC) with the service providers. By concluding standard contractual clauses within the meaning of Art. 46 para. 1 lit. c GDPR, we provide guarantees for the protection of your data.

In addition, we encrypt or pseudonymize personal data before transferring it to a service provider in a third country, if this is technically possible and appropriate.

8. Data subject rights

You have the right to,

to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details;

in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or completion of your personal data stored by us;

pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;

in accordance with Art. 18 GDPR to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;

pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;

in accordance with Art. 7 para.3 GDPR, to revoke your consent given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent in the future; and

complain to a supervisory authority in accordance with Art. 77 GDPR. Usually you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

9. Right of objection

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.

If you wish to exercise your right to object, an email to info@rammstein-management.de will suffice.

10. Data security

We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser when visiting the website. Usually this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

11. Actuality and change of this privacy policy

This privacy policy is currently valid and has the status of November 2023.

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed at any time on our website at https://www.rammstein.de/en/datenschutz/.