Privacy Policy

Data controller

Responsible for data processing

Dominik Thanner (Wirtschaftsinformatiker HWK), Kleinunternehmer nach § 19 UStG

Hosting and server log files

The technical provision of this website is carried out by a hosting provider whose data centres host this website and the related services. When you access the website, your browser automatically transmits information to the server of the hosting provider, which is stored in so-called server log files (e.g. IP address, date and time of access, requested URL, referrer URL, browser type, operating system). The data is processed in order to ensure the stable and secure operation of the website and to investigate misuse or fraud on the basis of Art. 6(1)(f) GDPR. The log files are automatically deleted as soon as they are no longer required for the purposes for which they were collected.

What data is collected?

When signing in via Spotify: Spotify user ID, display name, email address (if provided by Spotify), access to the tracks you pitch and the "{discoveriesPlaylistName}" playlist. Further profile data is only processed where necessary to operate the service and where you have allowed such access in your Spotify account.

Technical data: IP address, time of access, language setting (cookie), and, where necessary, browser type and operating system – in each case only insofar as required for technical operation, system security or error analysis.

Purpose of processing

Provision and performance of the track exchange service (shuffle, playlist assignments, discoveries), management of your user account, communication with you (e.g. for support requests), and ensuring technical operation, system security and the prevention of misuse.

Legal basis

Depending on the specific processing operation, your data is processed on the following legal bases: for the performance of a contract with you or in order to take steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR), for the purposes of our legitimate interests in the secure and user-friendly operation of the service (Art. 6(1)(f) GDPR), and – where you have given explicit consent (e.g. for optional features) – on the basis of Art. 6(1)(a) GDPR. Where more specific legal bases apply, these will be indicated in the corresponding sections.

Retention

Personal data is stored only for as long as necessary for the respective purposes or as long as statutory retention periods require. After deletion of your account, your data will be deleted or anonymised without undue delay, unless longer storage is required by law (e.g. under commercial or tax retention obligations).

Your rights

Within the scope of the statutory provisions you have the right to obtain information about the personal data concerning you, the right to rectification of inaccurate data, erasure, restriction of processing, data portability and the right to object to certain processing activities (in particular processing based on Art. 6(1)(f) GDPR). Where processing is based on your consent, you may withdraw that consent at any time with effect for the future. You also have the right to lodge a complaint with a data protection supervisory authority.

Cookies

Technically necessary cookies within the meaning of the applicable telecommunications and telemedia rules (e.g. the German TDDDG) are used (for example to store your language preference or to maintain login functionality). These cookies are required to provide the website and the service and therefore do not require separate consent. In addition, and only with your consent (category "Statistics / Analytics"), we may set another cookie for our own anonymous reach and performance analytics. This analytics processing takes place exclusively on our own servers without using third-party tools such as Google Analytics. The legal basis for this is Art. 6(1)(a) GDPR.

Own reach and performance analytics

We use our own, server-side reach and performance analytics to better understand how our website and service are used and to detect technical issues. In particular, this involves processing the pages/URLs accessed, timestamps of requests, technical delivery metrics (such as load times and so-called "Largest Contentful Paint"), browser and device characteristics, and – where transmitted – the referrer URL and optional campaign parameters that you use (such as "utm_source", "utm_medium", "utm_campaign"). Analysis is carried out exclusively on our own servers; we do not use third-party analytics services such as Google Analytics. Reach and performance analytics are only carried out if you consent via the consent banner under the category "Statistics / Analytics". The legal basis is Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future via the consent banner or by deleting the relevant cookies in your browser.

Third parties (Spotify)

Sign-in is provided via the "Spotify" service. For this, you are redirected to the pages of Spotify AB or affiliated entities. Spotify's own privacy and terms of use apply to that part of the processing. We only receive the data that you authorise during the OAuth sign-in process and that is required to operate Playlist-Shuffle. You can view the type and scope of the data transmitted to us in your Spotify account and in Spotify's privacy information.

Contact for privacy matters

If you have any questions about how we process your personal data or wish to exercise your data subject rights, please contact the controller named above using the contact details provided in the imprint.