Privacy Policy

The protection of your privacy is very important to us. In what follows we inform you in detail about the handling of your data.

1. Name and contact details of the Controller and the competent supervisory authority 

This data protection information applies to data processing by:

The Controller

Rammstein GbR,

consisting of Richard Kruspe, Paul Landers, Till Lindemann, Christian Lorenz, Oliver Riedel, Christoph Schneider (hereinafter: Rammstein)

Hertzstr. 63 b
13158 Berlin
Germany

Email: info@rammstein-management.de


Data Protection Officer

You can contact our Data Protection Officer at: datenschutz@rammsteinshop.de

Competent data protection supervisory authority 

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin

Telephone: +49 (0) 30 138 89 0
Email: mailbox@datenschutz-berlin.de

2. Collection and Storage of Personal Data and the Nature and Purpose of its Use 

a) During a visit to the website

When you visit our websites rammstein.de and shop.rammstein.de, information is automatically sent to the server of our website by the browser used on your terminal device. This information is temporarily stored in a so-called log file. The following information is thereby collected without your involvement and stored until its automatic deletion:

  • the IP address of the accessing computer

  • the date and time of access

  • the name and URL of the file called up

  • the website from which the access took place (referrer URL),

  • the browser used, and, if applicable, the operating system of your computer and the name of your access provider.

We process the above data for the following purposes:

  • to ensure a smooth connection to the website,

  • to ensure comfortable use of our website,

  • for evaluation of the system's security and stability, and

  • for further administrative purposes.

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the above-listed purposes of data collection. In no case do we use the collected data for the purpose of drawing inferences about your person. In addition, during visits to our website we use cookies and analytic services. For further details, please refer to points 4 and 5 of this Privacy Policy. 

b) Note on data transfer to the USA

Among other things, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country as defined by EU data protection law. US companies are obliged to hand over personal data to security authorities without you being able to take legal action against them. It can therefore not be ruled out that US authorities (e.g., intelligence services) process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.

c) Online shop

We process inventory data (e.g., names and addresses and contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Article 6 (1) lit b. GDPR.

You can optionally create a user account, in which you can, in particular, view your orders. During the registration process, you will be informed of which type of information is required. The user accounts are not public and cannot be indexed by search engines. If you have cancelled your user account, its data relating to the user account will be deleted, unless this data must be retained for commercial-law or tax-law reasons in accordance with Article 6 (1) (c) GDPR. It is your responsibility to save your data in the event of termination before the end of the contract. We are entitled to irretrievably delete all data stored during the period of the contract.

Within the scope of registration and renewed logins, as well as during use of our online services, we store the IP address and the time of the respective user activity. The storage is undertaken based on our legitimate interests, as well as on those of the users in protection against misuse and other unauthorised use. In principle, this data is not passed on to third parties unless this is necessary for the pursuit of our claims, or if there is a statutory obligation to do so in accordance with Article 6(1)(c) GDPR.

We process usage data (e.g., the web pages visited on our website, interest in our products) and content data (e.g., entries made in the contact form or user profile) for advertising purposes in a user profile, e.g., to show you product information based on the services you have used so far.

d) When registering for our newsletter 

If you have expressly consented in accordance with Article 6(1)(a) GDPR, we will use your email address to send you our newsletter on a regular basis. We are interested in using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of our users. To receive the newsletter, it is sufficient to provide an email address. Optionally, we ask you to include your name and country in the newsletter for the purpose of addressing you personally and providing you with country-specific information.

Double opt-in and keeping records: Registration for our newsletter takes place in a so-called double opt-in process. This means that you will receive an email after registration in which you are asked to confirm your registration. This confirmation is necessary so that no one can register using someone else's email address. The registrations for the newsletter are recorded in order to be able to verify the registration process in keeping with the legal requirements. This includes storage of the times of registration and confirmation, as well as of the IP address. Changes to your data stored with the dispatch service provider are also recorded.

Dispatch service provider: 

Mailchimp with deactivated performance measurement

This website uses the services of Mailchimp for dispatching newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. 

Mailchimp is a service that can be used to organise the dispatch of newsletters, among other things. If you enter data for the purpose of receiving newsletters (e.g., email address), this data is stored on Mailchimp servers in the USA. We have deactivated the performance measurement with Mailchimp, so that Mailchimp will not evaluate your behaviour when opening our newsletter.

If you do not want your data to be transferred to Mailchimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Alternatively, you can also send your unsubscribe request at any time to newsletter@rammsteinshop.de via email. The data processing is based on your consent (Article 6 (1) (a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing already carried out remains unaffected by the revocation.

The data you provide to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://mailchimp.com/legal/data-processing-addendum/#9._Jurisdiction-Specific_Terms.

After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for dispatching newsletters (legitimate interest as defined by Article 6 (1) (f) GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

You can find more details in MailChimp's data protection provisions at: https://mailchimp.com/legal/terms/.

Conclusion of a data processing agreement

We have concluded a so-called "Data Processing Agreement" with MailChimp, in which we oblige MailChimp to protect our customers' data and not to disclose it to third parties.

e) When you use our contact form

For enquiries of any kind, we offer you the possibility to contact us using a form provided on the website. It is necessary to provide a valid email address, so that we know who the enquiry is from and can send a reply. Further disclosures can be made voluntarily.

Data processing for the purpose of contacting us is undertaken in accordance with Article 6(1)(a) GDPR on the basis of your voluntarily given consent.

The personal data collected by us for the use of the contact form will be automatically deleted after conclusion of your enquiry. 

f) When you use the Rammstein app

When you use our Rammstein app, the browser used in the app automatically sends information to our website server. The following information is collected without your involvement and stored until its automatic deletion: 

  • the user's name

  • the user's email address

  • the IP address

  • device identifiers

The legal basis for the data processing is Article 6(1)(f) GDPR.

If and insofar as the functions of the Rammstein Shop (with or without a user account created by you) (see above) are used within the Rammstein App, we process inventory data (e.g., names and addresses and contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Article 6(1)(b) GDPR.

Within the scope of registration and renewed logins and the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests and those of the users in protection against misuse and other unauthorised use. In principle, this data is not passed on to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Article 6(1)(c) GDPR.

g) When you register in the press portal

As a press representative you can register on our portal www.presse.rammstein.de to get access to exclusive picture material after the live shows. Registration is done by entering the following data, which will be stored in the system: 

  • surname, first name

  • street / building number

  • postal code, place, country

  • telephone / mobile phone

  • email address

  • company / publisher

  • position

  • password

You are required to provide the details listed in order to use the portal. You can change your user data at any time after successful login. Further personal data is only collected if you provide this information voluntarily, e.g., in the context of an enquiry. The processing of this data is carried out for the implementation of a user relationship in accordance with Article 6(1)(b) GDPR. 

Registration takes place by means of the so-called double-opt-in process. This means that your registration is only completed once you have confirmed your registration via a confirmation email sent to you for this purpose by activating the link contained therein. If your confirmation is not received within 24 hours, we will automatically delete your registration from our database. 

With your registration, you expressly declare (by clicking) that you will use the artist-related data exclusively for editorial and non-commercial purposes in accordance with our General Terms and Conditions. If you do not make this declaration, registration in our portal is not possible.

Access to artist-related data via your registered profile is limited to the period of the current tour. If another tour takes place, we will inform you in advance by email so that you can reactivate your master data and access authorisation and receive the corresponding access. To do this, you must expressly give your consent for your personal data to be stored in our database for the purpose of contacting you for any future tours. The data is stored to protect our legitimate interest on the basis of Article 6(1)(b) GDPR. If you do not give this consent, your data will be deleted promptly after the end of the current tour.

If you cancel your user account, we will delete your personal data seven days after confirmation. 

Recipients of personal data 

In the context of press activities (e.g., interview requests/events), personal data may be forwarded to third parties (e.g., agencies, organisers, localities). However, in these cases the scope of the transmitted data is limited to the necessary extent for the purpose of data economy and data minimisation. Therefore, only the necessary contact data will be passed on. Further processing is carried out on the basis of Article 6(1)(b) GDPR for contractual fulfilment and our legitimate interest on the basis of Article 6(1)(f) GDPR for the scheduled and safe implementation of an event. If data is transferred to a third country outside the EU (e.g., USA), we will inform you of this and ask for your consent in accordance with Article 6(1)(a) of the GDPR.

Data processing

Our portal uses the database service supabase.io to process your data. For this purpose, the aforementioned data is transmitted to the servers of supabase.io.

You can find more information about supabase.io here.

3. Disclosure of personal data

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only disclose your personal data to third parties if:

  • you have given your express consent to this in accordance with Article 6(1)(a) GDPR 

  • the disclosure is necessary in accordance with Article 6(1)(f) GDPR for the purposes of assertion, exercising or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data

  • a statutory obligation exists for disclosure, in keeping with Article 6(1)(c) GDPR, and

  • this is legally permissible and necessary according to Article 6(1)(b) GDPR for the processing of contractual relationships with you.

4. Use of cookies

We use cookies on our site. These are small files that are automatically created by your browser and stored on your terminal device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your terminal device and do not contain any viruses, Trojans or other malware.

Information is stored in the cookie that arises in connection with the specific terminal device used. However, this does not mean that we thereby have direct knowledge of your identity.

The use of cookies serves on the one hand to make it more pleasant for you to use our website. We use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your terminal device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognised that you have already been with us and which entries and settings you have made, so that you do not have to enter them again.

On the other hand, we also use cookies to statistically record and evaluate the use of our website, and for the purpose of optimising our website for you. These cookies enable us to automatically recognise that you have already visited our website when you visit it again. These cookies are automatically deleted after a specified period of time.

The data processed by cookies is necessary for the above-mentioned purposes and for safeguarding our legitimate interests and those of third parties, in keeping with Article 6(1)(f) GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or a message always appears before a new cookie is created. However, the full deactivation of cookies may mean that you cannot use all the functions of our website.

5. Creation of Pseudonymised User Profiles for Web Analysis

a) Tracking tools

We use and implement the tracking measures listed below on the basis of Article 6(1)(f) GDPR. With the tracking measures used, we want to ensure a needs-oriented design and the ongoing optimisation of our website. On the other hand, we also employ tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our website for you. These interests are to be seen as legitimate as defined by the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

b) Google Analytics 

For the purpose of needs-oriented design and continuous optimisation of our site, we use Google Analytics, a web analysis service of Google Inc. (https://www.google.de/intl/de/about/) (1)600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymised user profiles are created and cookies (see under point 4) are used. The information generated by the cookie about your use of this website such as

  • browser type/ version,

  • operating system used,

  • referrer URL (the previously visited page),

  • host name of the accessing computer (IP address),

  • time of the server enquiry,

is transferred to a Google server in the USA and is stored there. 

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: 

https://privacy.google.com/businesses/controllerterms/mccs/

The use of this analysis tool is based on Article 6(1)(f) GDPR. We have a legitimate interest in analysing user behaviour in order to optimise both our website and our advertising. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; the consent may be revoked at any time. 

The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services associated with website and internet use for the purposes of market research and needs-oriented design of these Internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting your data by clicking on this link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

On this website, Google Analytics has been extended by the code "gat._anonymizeIp();" to ensure that IP addresses are only recorded anonymously in order to exclude direct personal reference (so-called IP masking). 

Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g., user ID) or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) is anonymised or deleted after 14 months. Details can be found under the following link: 

https://support.google.com/analytics/answer/7667196?hl=de

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

Joint responsibility

We and Google are jointly responsible for data processing in accordance with Article 26 GDPR. We have therefore concluded a Joint Control Contract (JCC) with Google and thus fully implement the strict requirements of the German data protection authorities when using Google Analytics.

c) Google-Re/Marketing services

We use the marketing and remarketing services (Google Marketing Services for short) of Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google") based on our legitimate interests (i.e. interest in the analysis, optimisation and efficient operation of our online services as defined by Article 6(1)(f) GDPR.

Google's marketing services allow us to display advertisements for and on our website in a more targeted manner in order to present users only with ads that potentially match their interests. For example, if a user is shown ads for products they were interested in on other websites, this is called "remarketing". For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e., a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which web pages the user has visited, which content they are interested in and which offers they have clicked on, and technical information on the browser and operating system, referring web pages, time of visit and other information on the use of the website. 

The user's IP address is also recorded, whereby we inform you, in the context of Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and is transmitted in full to a Google server in the USA and shortened there only in exceptional cases. The IP address will not be merged with user data within other offers from Google. The aforementioned information may also be combined by Google with such information from other sources. If the user subsequently visits other websites, they can be shown ads tailored to their interests.

User data is processed pseudonymously within the scope of Google marketing services. This means that Google does not store and process the user's name or email address, for example, but processes the relevant data in a cookie-related manner within pseudonymous user profiles. In other words, from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie holder is. This does not apply if a user has explicitly permitted Google to process the data without this pseudonymisation. The information collected about users by Google marketing services is transmitted to Google and stored on Google's servers in the USA.

If you have a Google account, you can object to personalised advertising using the following link: https://www.google.com/settings/ads/onweb/

The use of Google Remarketing is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in marketing its products as effectively as possible. If consent has been requested, the processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; consent may be revoked at any time.

The Google Marketing services we use include the online advertising programme "Google Ad". In the case of Google Ad, each Ad customer receives a different "conversion cookie". Cookies can therefore not be tracked via the websites of Ad customers. The information obtained with the help of the cookie is used to create conversion statistics for ad customers who have opted for conversion tracking. The ad customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

We may integrate third-party advertisements based on the Google marketing service "DoubleClick". DoubleClick uses cookies to enable Google and its partner websites to serve ads based on users' visits to this website or other websites on the Internet.

We may integrate third-party advertisements based on the Google marketing service "AdSense". AdSense uses cookies to enable Google and its partner websites to serve ads based on users' visits to this website or other websites on the Internet.

We can also make use of the "Google Optimizer" service. Google Optimizer allows us to track the effects of various changes to a website (e.g., changes to the input fields, design, etc.) as part of so-called "A/B testing". For these testing purposes, cookies are placed on the users' devices. Only pseudonymised user data is thereby processed.

Furthermore, we may use the "Google Tag Manager" in order to integrate and manage Google analysis and marketing services on our website.

For more information about Google's use of data for marketing purposes, please visit the overview page: https://www.google.com/policies/technologies/ads, Google's privacy policy is available at https://www.google.com/policies/privacy.

If you wish to object to interest-specific advertising by Google marketing services, you can use the settings and opt-out options made available by Google: http://www.google.com/ads/preferences.

6. Facebook, Custom Audiences and Facebook Marketing Services

Within our website, so-called "Facebook Pixels" of the Facebook social network, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), are used on the basis of our legitimate interests in analysis, optimisation and economic operation of our website and for this purpose.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

You can find details here:

https://www.facebook.com/legal/EU_data_transfer_addendum and

https://de-de.facebook.com/help/566994660333381.

With the help of Facebook Pixels, Facebook is able to target the visitors to our website for the display of advertisements (so-called "Facebook ads"). Accordingly, we use Facebook Pixels to limit the use of Facebook ads placed by us to Facebook users who have also shown an interest in our website or who have certain characteristics (e.g., interest in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of Facebook pixels, we also want to ensure that our Facebook ads appeal to potentially interested users and do not annoy them. With the help of Facebook pixels, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

Facebook pixels are directly integrated by Facebook when you visit our website and can save a so-called cookie, i.e., a small file, on your device. When you subsequently log in to Facebook or visit Facebook while logged in, your visit to our website will be noted in your profile. The data collected about you is anonymous for us, so we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook and for its own market research and advertising purposes. If we transmit data to Facebook for purposes of comparison, this data is encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is undertaken solely for the purpose of creating a comparison with the data that is also encrypted by Facebook. 

Furthermore, when using Facebook Pixels, we use the additional "extended comparison" function, where data such as users' telephone numbers, email addresses or Facebook IDs are transmitted to Facebook (encrypted) for the creation of target groups ("Custom Audiences" or "Look Alike Audiences"). For further information on "extended comparison" see: https://www.facebook.com/business/help/611774685654668).

The processing of data by Facebook is undertaken within the framework of Facebook's data-usage policy. Accordingly, you can find general information on the display of Facebook ads in Facebook's data usage policy: https://www.facebook.com/policy.php.

You can find specific information and details about Facebook Pixels and how they work in the Facebook help section: https://www.facebook.com/business/help/651294705016616.

You can object to the recording and use of your data by Facebook Pixels for presentation of Facebook ads. To set which types of ads will be displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads.

The settings are platform-independent, i.e., they are used on all devices, such as desktop computers or mobile devices. 

To prevent the recording of your data by means of Facebook Pixels on our website, please click on the following link: Opt-Out. Note: When you click on the link, an "opt-out" cookie will be stored on your device. If you delete the cookies in this browser, you must click the link again. Furthermore, the opt-out only applies within the browser you are using and only within our web domain on which the link was clicked.

You can also opt out of the use of cookies that are used for purposes of media-reach measurement and advertising, via the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally via the US website (http://www.aboutads.info/choices) or the European website http://www.youronlinechoices.com/uk/your-ad-choices/).

Joint responsibility

We and Facebook Ireland Ltd. are jointly responsible for data processing in accordance with Article 26 GDPR. We have therefore concluded a Joint Control Contract (JCC) with Facebook and thus fully implement the strict requirements of the German data protection authorities when using Facebook.

You can find more information on this in the Facebook privacy policy at:
https://de-de.facebook.com/privacy/explanation.

7. Integration of third-party services and content

7.1. Internet

Within our website, we use content or service offers from third-party providers on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our website as defined by Article 6(1)(f) GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content are aware of the user's IP address, since without the IP address they would not be able to send the content to their browser. The IP address is thus required for the presentation of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymised information may also be stored in cookies on the user's device and may contain, among other things, technical information on the browser and operating system, referring web pages, time of visit and further details on the use of our website, and can also be linked to such information from other sources. 

The following presentation provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and, in some cases already mentioned here, opt-out options:

Klarna:

In order to be able to offer you Klarna's payment methods, we will pass on your personal data in the form of contact and order details to Klarna during the payment process, so that Klarna can assess whether you are eligible for Klarna's payment methods and to tailor these payment methods to you. Your submitted personal data will be processed in accordance with Klarna’s own privacy notice. For payments from Switzerland, order and contact data will also be passed on to BillPay. Your personal data will be processed in accordance with Klarna’s and BillPay´s privacy notice. 

7.2. Rammstein App

a) Spotify:

Functions of the Spotify music service are integrated in our app. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm in Sweden. The use of the Spotify plugin only refers to the discography and must be explicitly activated in the settings. 

When you select a track with the Spotify plug-in activated, a connection is established to the Spotify servers. This tells Spotify which of the tracks you have selected. Spotify learns your IP address. You have the option to prevent this by logging out.

You can find more information on this in Spotify's privacy policy: https://www.spotify.com/de/legal/privacy-policy/.

b) Apple Music:

Functions of the Apple Music service are integrated in our app. The provider is Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. The use of the Apple Music plugin only refers to the discography and must be explicitly activated in the settings. 

When you select a track with the Apple Music plug-in activated, a connection is established to the Apple Music servers. Apple Music learns which of our tracks you have selected. Apple Music learns your IP address. You have the option to prevent this by logging out.

You can find more information on this in Apple Music's privacy policy: https://support.apple.com/de-de/HT204881

c) Google Firebase

This app uses Google Firebase technology (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, "Google"), an analytics service provided by Google Inc. to analyse user behaviour.

The information generated about the use (app version, type and version of the device used, version of the operating system, the page requested, date and time of use, and the IP address used during use) is transmitted to a Google server in the USA and stored there. 

For the relevant data transfers to the USA, Google Firebase refers to the standard contractual clauses of the EU Commission. You can find details about this here: https://firebase.google.com/support/privacy

In addition, we have concluded a Joint Controller Contract (JCC) with Google with so-called standard contractual clauses, in which Google undertakes to process user data only in accordance with our instructions and to comply with the EU level of data protection. 

Furthermore, information about certain actions is collected by the Firebase SDK while using the app. Actions such as installing and launching the app, app updates, uninstalling, updating the operating system, deleting app data, app crashes and in-app purchases, and receiving, swiping away and opening push notifications and opening and updating the app via a dynamic link, trigger the event-driven data collection of the Firebase SDK. To identify devices, the Firebase SDK uses an instantiated app identifier, e.g., via the advertising ID. 

On our behalf, Google will use this information for the purpose of evaluating your use of the app, compiling reports on our activities and providing other services relating to your use of the app. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

The legal basis for the use and evaluation of the data and use of Firebase is a legitimate interest (i.e., interest in the analysis, optimisation and economic operation of our apps) as defined by Article 6 (1) (f) GDPR). You can object to the use of Firebase at any time by setting the slider for anonymous statistics accordingly in the app under "Settings". 

You can restrict the use of the advertising ID in the device settings (iOS: Privacy/ Advertising/ No Ad Tracking; Android: Account/ Google/ Ads). Google Analytics for Firebase (Google Inc.). Furthermore, we use Firebase Remote Config, which allows us to run A/B tests and customise the behaviour and appearance of the app without having to download a new version. Personal data is not stored. 

Under the following link you can see which subcontractors Google uses: https://firebase.google.com/terms/subprocessors.

You can find more information about Google Firebase and data protection here: https://firebase.google.com/terms/data-processing-terms; https://firebase.google.com/terms/; https://firebase.google.com/support/privacy/ 

d) PushPal (Push Notifications):We use the service of Appsfactory GmbH (Nikolaistraße 28-32, 04109 Leipzig, Germany) to send push messages to mobile devices. The push messages are sent using a pseudonymous push token assigned by your operating system or the corresponding push service. Neither we nor Appsfactory can derive personal data from the push token or assign it to an end device. 

The sending of push messages is based on your consent in accordance with Article 6(1)(a) GDPR.

You can revoke your consent at any time by turning off the "Receive push notifications" function in the app settings or by deactivating the receipt of push messages in the operating system settings.

e) QuickBloxTo use the forum in the app, we use the service of the company QuickBlox (4 Mulberry Avenue Staines, Upon Thames, United Kingdom). Registration within the forum only takes place when you log in to the app and purchase or already have LIFAD membership. Registration takes place with the e-mail address used for registration and a randomly generated password. This password is only used for identification within the forum and is not related to the password used for registration.

When you delete your account in the app, your QuickBlox account will also be deleted. You can find more information on this in the QuickBlox privacy policy: https://quickblox.com/privacy/.

f) Permissions requested by the app and their use

1. Android
The Android app requires the following permissions: 

  • To retrieve data from the internet/access to all networks: Required to download the content for the app.

  • Camera: Required to take a photo for the profile picture in the forum.

  • Memory: Required to select a photo for the profile picture in the forum. 

2. iOS
The iOS app requires the following permissions: 

  • Camera: Required to take a photo for the profile picture in the forum.

  • Photos: Required to select a photo for the profile picture in the forum. 

  • Messages: Required to receive news.

  • Mobile data: Required to download the content for the app. 

8. Rights of Data Subjects

You have the right to

  • request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, erasure, restriction of processing or to objection, the existence of a right to lodge a complaint, the origins of your data if it has not been collected by us, and on the existence of automated decision-making process including profiling and, where applicable, sound information about its details;

  • request the correction of inaccurate or incomplete personal data stored by us without undue delay in accordance with Article 16 of the GDPR;

  • request the erasure of your personal data stored by us in accordance with Article 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

  • request the restriction of the processing of your personal data in accordance with Article 18 GDPR, insofar as the accuracy of the data is contested by you, if the processing is unlawful, but you object to its erasure and we no longer require the data, though you need it for the assertion, exercise or defence of legal claims, or you have objected to the processing in accordance with Article 21 GDPR;

  • receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller in accordance with Article 20 GDPR;

  • revoke your consent at any time in accordance with Article 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future, and 

  • complain to a supervisory authority in accordance with Article 77 of the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or our company headquarters.

9. Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Article 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided that there are grounds for doing so which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection that will be implemented by us without the need for details referring to a special situation.

If you wish to exercise your right of objection, simply send an email to datenschutz@rammsteinshop.de

10. Data security

We use the much-used SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser when visiting the website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the closed depiction of the key or lock symbol in the lower status bar of your browser.

We otherwise make use of appropriate technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

11. Current validity and amendment of this Privacy Policy 

This privacy policy is currently valid and as in May 2022.

Due to the further development of our website and the offers presented on it, or due to changes in statutory or official requirements, it may become necessary to amend this Privacy Policy. The current Privacy Policy can be found on the website at https://shop.rammstein.de/de/catalog/privacy and can be viewed and printed out by you at any time.