Privacy Policy
SECTION I: Data protection statement Audio Resonance Therapy Website
SECTION II Data protection statenent Audio Resonance Therapy Mobile App
I.I. An overview of data protection
General information
The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.
Data recording on this website
Who is the responsible party for the recording of data on this website (i.e. the “controller”)?
The data on this website is processed by the operator of the website, whose contact information is available under section “Information Required by Law” on this website.
How do we record your data?
We collect your data as a result of your sharing of your data with us. This may, for instance be information you enter into our contact form.
Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g. web browser, operating system or time the site was accessed). This information is recorded automatically when you access this website.
What are the purposes we use your data for?
A portion of the information is generated to guarantee the error free provision of the website. Other data may be used to analyze your user patterns.
What rights do you have as far as your information is concerned?
You have the right to receive information about the source, recipients and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency.
Please do not hesitate to contact us at any time under the address disclosed in section “Information Required by Law” on this website if you have questions about this or any other data protection related issues.
I.II. General information and mandatory information
Data protection
The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.
Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.
We herewith advise you that the transmission of data via the Internet (i.e. through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third party access.
Information about the responsible party (referred to as the “controller” in the GDPR)
The data processing controller on this website is:
jamXmusic GmbH&Co KG
Kieler Strasse 107
25474 Bönningstedt
Germany
Phone: +49.40.55620110
E-mail: [email protected]
Revocation of your consent to the processing of data
A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.
Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)
IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6 SECT. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21 SECT. 1 GDPR).
IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21 SECT. 2 GDPR).
Right to log a complaint with the competent supervisory agency
In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.
Right to data portability
You have the right to demand that we hand over any data we automatically process on the basis of your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.
Information about, rectification and eradication of data
Within the scope of the applicable statutory provisions, you have the right to at any time demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time at the address provided in section “Information Required by Law.”
Right to demand processing restrictions
You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time at the address provided in section “Information Required by Law.” The right to demand restriction of processing applies in the following cases:
- In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
- If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the eradication of this data.
- If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.
- If you have raised an objection pursuant to Art. 21 Sect. 1 GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.
If you have restricted the processing of your personal data, these data – with the exception of their archiving – may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.
Status: 06/2020
II. Data Protection Statement for Audio Resonance Therapy Mobile App
II. I. Data Protection Statement
We take the protection of your personal data very seriously and treat it confidentially and in accordance with the statutory data protection regulations and this Data Protection Statement. This Data Protection Statement applies to our cellular iPhone and Android apps (hereinafter “APP”). It explains the nature, purpose and scope of data collection during APP use. We point out that data transmission over the Internet be exposed to security gaps. A complete protection of the data from access by third parties is not possible.
Controller (responsible entity)
The controller (responsible entity) for data processing within the framework of this APP is:
jamXmusic GmbH&Co KG, Kieler Strasse 107, 25474 Bönningstedt, Germany,
Data Protection Officer
You can reach our Data Protection Officer under:
General storage duration of personal data
Unless otherwise specified or specifically specified in this Data Protection Statement, personal data collected by this APP shall be stored until you request us to delete it, revoke your consent to storage or the purpose for the data storage is no longer applicable. Insofar as there is a statutory obligation to store or any other legally recognized reason for storing the data (e.g. legitimate interest), the personal data concerned shall not be deleted before the respective retention reason ceases to apply.
Legal basis for the storage of personal data
The processing of personal data is only permitted insofar as there is an effective legal basis for the processing of such data. Insofar as we process your data, this is done regularly on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR (for example, insofar as your data is provided voluntarily in the registration form or within the framework of the contact form), for the purpose of fulfilling the contract in accordance with Article 6 (1) lit. b GDPR (e.g. when using in-app purchases or the use of other fee-based APP functions) or due to legitimate interests pursuant to Art. 6 (1) lit. f GDPR, which are always weighed taking your interests into consideration (for example in the context of advertising campaigns). The relevant legal bases may be specified in a separate provision within the framework of this Data Protection Statement.
Encryption
This APP uses encryption for security purposes and to protect the transmission of sensitive content, such as requests you send to us as an APP operator, or communication between APP users. This encryption prevents the data you submit from being read by unauthorized third parties.
Change of this Data Protection Statement
We reserve the right to change these Data Protection Provisions at any time in accordance with statutory requirements.
II. II. Your rights
The GDPR grants data subjects, whose personal data is processed by us specific rights, with regard to which we would like to inform you at this juncture:
Revocation of your consent to data processing
Many data processing operations are only possible with your consent. These shall be requested from you before the start of data processing. You can revoke this consent at any time. An informal message by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
RIGHT OF OBJECTION AGAINST DATA COLLECTION IN PARTICULAR CASES AND AGAINST DIRECT ADVERTISING (ART. 21 GDPR)
INSOFAR AS DATA PROCESSING IS BASED ON ART. 6 (1) LIT. E OR F GDPR, YOU AS A DATA SUBJECT RESERVE THE RIGHT, AT ANY TIME, TO FILE AN OBJECTION, FOR REASONS ARISING OUT OF ITS SPECIAL SITUATION, AGANST THE PROCESSING OF YOUR PERSONAL DATA CONCERNED; THIS APPLIES ALSO TO A PROFILING BASED ON THESE PROVISIONS. PLEASE REFER TO THIS DATA PROTECTION STATEMENT FOR THE RELEVANT LEGAL BASIS PURSUNT TO WHICH A PROCESSING IS PERMITTED. INSOFAR AS YOU FILE AN OBJECTION, WE SHALL NO LONGER PROCESS THE AFFECTED PERSONAL DATA UNLESS WE CAN PROVIDE LEGITIMATE INTERESTS FOR PROCESSING, WHICH TAKE PRECEDENCE OVER YOUR INTERESTS, RIGHTS AND FREEDOMS OR INSOFAR AS THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
INSOFAR AS YOUR PERSONAL DATA IS PROCESSED FOR THEPUPOSES OF THE EXERCISE OF DIRECT ADVERTISING, YOU RESERVE THE RIGHT TO FILE AN OBJECTION AGAINST THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS RELATED TO SUCH DIRECT ADVERTISING. INSOFAR AS YOU FILE AN OBJECTION, YOUR PERSONAL DATA SHALL THEN NO LONGER BE USED FOR THE PURPOSES OF DIRECT ADVERTISING.
Right of appeal to a supervisory authority
In the case of violations of the GDPR, the data subject is entitled to a right of appeal to a supervisory authority. The right of appeal is without prejudice to any other administrative or judicial remedies.
Information, deletion and rectification
As a data subject, you at any given time reserve the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing, as well as a right to rectification or deletion of this data. For further information on personal data, please contact us at any time under the address provided in the imprint.
Right to restriction of processing
As a data subject, you at any given time reserve the right to request the restriction of the processing of your personal data. You can contact us at any time under the address provided in the imprint. The right to restrict processing exists in the following cases:
- Insofar as you challenge the accuracy of your personal information stored with us, whereby we usually need time to verify this. For the duration of the audit, you as a data subject reserve the right to request the restriction of the processing of your personal data.
- Insofar as the processing of your personal data is unlawful, you as a data subject reserve the right to request the restriction of data processing instead of the deletion.
- Insofar as we no longer require your personal information, but you need it to exercise, defend or assert a claim, you as a data subject reserve the right to request that your personal information be restricted instead of deleting it.
- Insofar as you have filed an objection pursuant to Art. 21 (1) GDPR, a weighing-up of your and our interests must be carried out. As long as it is not clear whose interests prevail, you as a data subject reserve the right to demand the restriction of the processing of your personal data. Insofar as you have restricted the processing of your personal data, this data – without prejudice to its storage – may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for important public interests of the European Union or a Member State. Right to data portability You as a data subject reserve the right to have data that we automatically process on the basis of your consent or in fulfilment of a contract, to be transmitted to you personally or to a third party in a standard, machine-readable format. Insofar as you require the direct transmission of the data to another controller (responsible entity), this shall only be done to the extent technically feasible.
II. III. Access rights of the APP
To provide our services through the APP, we require the access rights listed below, which allow us to access specific functions of your device.
- Device make and model, operating system
- Background playback
Access to the device functions is required to ensure the functionality of the APP. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR, your consent within the meaning of Art. 6 (1) lit. a GDPR or – insofar as a contract has been concluded – the fulfilment of our contractual obligations (Article 6 (1) (b) GDPR).
The storage period for the data thus collected is regulated as follows: during the period of contractual services up to a maximum of 6 months after termination
II. IV. Collection of personal data within the framework of APP use
General
When you use our APP, we collect the following personal information from you:
- Nickname / Pseudonym
- E-Mail-address
- Usage data
- IP address
- Device identification
- Metadata
- required data for contractual purposes and purchase receipts
The processing of this personal data is necessary to ensure the functionality of the APP. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR, your consent within the meaning of Art. 6 (1) lit. a GDPR or – insofar as a contract has been concluded – the fulfilment of our contractual obligations (Article 6 (1) (b) GDPR). The storage period for the data thus collected is regulated as follows: during the period of contractual services up to a maximum of 6 months after termination
Inquiry within the APP, by e-mail, telephone or fax
Insofar as you contact us (e.g. via contact form within the app, by e-mail, telephone or fax), your request including all resulting personal data (e.g. name, request) shall be stored and processed by us for the purpose of processing your request. The processing of this data is based on Art. 6 (1) lit. b GDPR, insofar as your request relates to the fulfilment of a contract or is required for the implementation of pre-contractual measures. In all other cases the processing is based on your consent (Art. 6 (1) lit. a GDPR) and / or on our legitimate interests (Art. 6 (1) lit. f GDPR), since we have a legitimate interest in the effective processing of requests addressed to us.
If we contact you by e-mail outside of a newsletter or a contact request from you, the processing of personal data takes place on the basis of our legitimate interests (Art. 6 Para. 1 lit. f GDPR), registered users of the app to improve the user experience to inform about new functions, enhancements, product news and / or special offers. You can unsubscribe from this type of data processing with immediate effect using the subscribe / unsubscribe function.
The data sent by you to us by way of contact request, remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage ceases to apply (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected. We shall not share your information without your consent.
Comment function in this APP
In addition to your comment, the comments function in this APP shall also include information about when the comment was created and, insofar as you are not anonymous, the username you selected. The comments are stored on the basis of your consent (Article 6 (1) (a) GDPR). The comments and related data are stored and remain in the comment section and on our servers until the commented content has been completely deleted.
Newsletter data
Insofar as you would like to receive the newsletter offered in our APP, we require an e-mail address from you, as well as information that allows us to verify that you are the owner of the e- mail address provided and consent to the receipt of the newsletter. Further data is not collected. We use this data exclusively for the shipment of the requested information and do not pass it on to third parties. The shipment of the newsletter is effected on the basis of your consent (Article 6 (1) (a) GDPR). You can revoke this consent at any time. The data deposited with us for the purpose of the shipment of the newsletter shall be stored by us until the date of the cancelation of your subscription of the newsletter and deleted after cancelation of your subscription.
Transactional email
Audio Resonance Therapy uses SendGrid’s services to send various email notifications. The provider is SendGrid Inc., 1801 California Street, Suite 500, Denver, CO 80202
Sendgrid is a service with which emails can be sent and analyzed according to the highest security standards.
SendGrid is certified according to the “EU-US Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA, which is intended to ensure compliance with European data protection standards in the USA. You can find further information on SendGrid certification here: SendGrid Privacy Shield certification
UPDATE: Please note on July 16, 2020, the European Court of Justice ruled that the US-EU Privacy Shield is no longer a valid cross-border data transfer mechanism. However, the same ruling upheld Standard Contractual Clauses as a valid cross-border data transfer mechanism. Customers aren’t required to do anything in order to be covered by the Standard Contractual Clauses as they are already part of the Data Protection Addendum which covers all SendGrid and Twilio services by default. Please see our blog post if you’d like to learn more.
Organizations are only allowed to transfer personal data outside of the European Economic Area if they have in place appropriate safeguards to protect personal data abroad. Accepted transfer mechanisms include self-certifying to the Privacy Shield Framework (if a US organization), using the EU Commission’s Standard Contractual Clauses, transferring the data to a country that has been recognized by the European Commission as providing an “adequate” level of data protection, obtaining Binding Corporate Rules approval, as well as other less established mechanisms such as certifications and codes of conduct.
Data processing is based on your consent (Art. 6 Para. 1 lit. a GDPR). You can withdraw this consent at any time by contacting us or following the “Unsubscribe”-link in the email footer. The legality of the data processing that has already taken place remains unaffected by the revocation.
For more information, see the Privacy Policy from SendGrid.
II. V. Data Analysis
When you access our APP, your behaviour may be statistically analysed using certain analysis tools and analysed for promotional or market research purposes or to improve our offerings. When using such tools, we ensure compliance with Statutory Data Protection Provisions. When using external service providers (processors), we ensure through appropriate contracts with the service providers that the data processing complies with German and European data protection standards.
Google Analytics Firebase
We use Google Analytics Firebase (hereafter Google Firebase) to analyse user behaviour. Provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Google Firebase includes several features that allow us to analyse your in-app behaviour. In this way we can analyse, for example, your screen calls, operation of buttons, in-app purchases or the effectiveness of advertising campaigns. We can also determine which features are commonly or rarely used within our APP.
Google Firebase stores for these purposes, among others the number and duration of sessions, operating systems, device models, region, and a range of other data. For a detailed overview of the data collected by Google Firebase, see:
Use of Google Firebase may require the transfer of your personal information to the United States. The storage period for the data thus acquired is regulated as follows:
During the period of contractual services up to a maximum of 6 months after termination
Use of Google Firebase is effected to optimize this APP and improve our offerings. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR
For more information about Google Firebase, visit:
https://firebase.google.com/ https://www.firebase.com/terms/privacy-policy.html
Status: 06.2020