Privacy and Security

Privacy Hints

Controller

Breitkopf & Härtel KG
Buch- und Musikverlag
Walkmühlstraße 52, 65195 Wiesbaden, Germany
Telephone (+49) 611 45008 0, Fax (+49) 611 45008 59

info@breitkopf.com, www.breitkopf.com


Data Protection Officer of the Company

Monika Haven

datenschutz@breitkopf.com

Data Processing Principles

We, Breitkopf & Härtel KG, take the protection of your personal data very seriously and would like to inform you in the following about the type of personal data we collect and how we process this in accordance with the statutory provisions. Please also see our General Terms and Conditions.

We process and store personal data as described below only for purposes in accordance with Article 6, section 1 of the GDPR. We treat the stored data confidentially and only pass it on to third parties in the cases outlined below. The data will be stored only for the period that is necessary for the respective purpose, but at least as long as is prescribed in accordance with the statutory retention periods that are applicable in each case.

Data Security

We take technical and organizational measures in order to protect your data as comprehensively as possible from unauthorized access. On our websites, we use an encryption method. That means the data will be transmitted from your computer to our server and vice versa via the internet using an SSL encryption method. The closed padlock symbol in the status bar of your browser and the address line starting with https:// show this encryption.


Referral to Social Media Websites / Electronic Services of Third Party Providers on our Website

Distribution of Content through Sharing

Some content of our website includes the possibility of sharing this content with other users (via Facebook, Twitter, Google+, email). The buttons used for this purpose are integrated using Shariff (read more at heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html) with the result that no data is transferred when a page is accessed. The Shariff button establishes the direct contact between the social network and the visitor only if the visitor actively clicks the Share button. If you click on this button, you as the user will leave our website and access the website of the social network provider.

SoundCloud

Our website uses plugins from the social network SoundCloud. The operator of this service is SoundCloud Limited, Berlin.

The SoundCloud plugins can be recognized by the SoundCloud logo on the pages concerned. You can play the SoundCloud file directly using the plugin on our page. A direct connection between your browser and the SoundCloud server will then be established after the activation of the plugin. SoundCloud receives the information that you have visited our website with your IP address. If you click the like or share button while being logged into your SoundCloud user account, you are able to link the content of our pages to your SoundCloud profile and/or share this content. By doing so, SoundCloud may associate the visit to our pages with your user account. We would like to make you aware of the fact that we will not gain any knowledge of the content of the transferred data or its use by SoundCloud. You can find further information about this in the privacy policy of SoundCloud at soundcloud.com/pages/privacy and in the cookie policy soundcloud.com/pages/cookies. If you do not wish SoundCloud to associate the visit of our pages to your SoundCloud user account, please log out of your SoundCloud user account before activating any content of the SoundCloud plugin.

Alternatively, the respective SoundCloud website can be accessed by clicking on the title within the plugin. If you click on this, you as the user will leave our website and access the SoundCloud website.

ISSUU

On our website, we allow you to browse through several works in the browser. For that purpose, we use the publisher network ISSUU. The operator of that website is Issuu Inc., Palo Alto, USA. You can read their privacy policy at issuu.com/legal/privacy. By clicking on the button, you will leave our website and access the Issuu website. We would like to make you aware of the fact that we will not gain any knowledge of the content of the data transferred there or its use by Issuu. If you are logged into your Issuu account, you allow Issuu to associate your browsing behaviour directly to your personal profile. You can prevent this by logging out of your Issuu account.

YouTube

Our website contains links to the website YouTube operated by Google. The operator of those pages is YouTube LLC, San Bruno, USA. You can read their privacy policy at policies.google.com/?hl=en. By clicking on such a link, you as the user will leave our website and access the YouTube website. We would like to make you aware of the fact that we will not gain any knowledge of the content of the data transferred there or its use by YouTube. If you are logged into your YouTube account, you allow YouTube to associate your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.


Contact Us

You have the opportunity to communicate with us in person, by telephone, by fax, via e-mail or by using the contact form on our website. In these cases, we will record your personal data that is required for responding to/processing your request. For example, in order to be able to process a request/message submitted via our contact form, we require your name and your e-mail address. You may submit further information, but you do not have to do so. We store and use this data exclusively for the purpose of responding to your request or for contacting you as well as for the technical administration related to this. The legal basis for the processing of your data is our legitimate interest in accordance with Article 6, section 1, lit. f of the GDPR in responding to your request. If you contact us for the purpose of concluding a contract, an additional legal basis for the processing of your data can be found in Article 6, section 1, lit. b of the GDPR.


Recipients of Your Data / Transfer of Data to Third Parties

We process your data only for our own business purposes. If necessary, your data will be transferred to service providers (third parties) that have been bound by contracts accordingly. This means that the data transfer and processing will be performed exclusively in the scope required for the respective purpose, including for the operation of our websites (e.g. hosting, maintenance), for the shipment of the ordered goods (e.g. postal services operators, shipping providers, parcel service providers), for payment transactions* (e.g. credit card companies, payment service providers; in the case of delayed payments also to debt collection companies** and credit reporting agencies), for the newsletter distribution (see below under Newsletter) and for the operation of our software solutions used internally (software maintenance).

* see below under Webshop

** If we instruct Creditreform to collect debts in the event of default, Creditreform Wiesbaden Hoffmann & Nikbakht KG is responsible within the meaning of Art. 4 No. 7 EU-GDPR. For more information, please visit https://www.creditreform.de/wiesbaden/datenschutz.

Data Transfer to Third Countries

If you request ordered goods to be shipped to a third country outside of the EU, we will transfer the personal data required for that purpose to service providers outside of the EU.

When accessing our digital services on YouTube and Issuu, data will be transferred to a third country outside of the EU (see above).


Cookies

We use cookies on our websites. Cookies are small text files that can be stored and read on your end device. A distinction is made between session cookies, which will be deleted as soon as you close your browser, and permanent cookies, which will be stored even after the termination of an individual session. Cookies may contain data that enables the later recognition of the device used. In some cases, however, cookies only contain information regarding certain settings that cannot be traced to a specific person.

On our websites, we only use session cookies. Data processing will be performed on the basis of Article 6, section 1, lit. f of the GDPR in order to optimize the user guidance and/or to make it more secure and effective, to adjust the presentation of our website and to maintain the SSL-secured connection. If you order items on our website, data processing is furthermore performed on the basis of Article 6, section 1, lit. b of the GDPR.

You can configure your browser so that it informs you when cookies are placed. This means that the use of cookies is transparent for you. In addition, you can delete cookies by using the corresponding browser settings and prevent new cookies being placed. Please note that in this case our webpages may not be displayed optimally and some functions will be no longer available for technical reasons.


Newsletter

We provide newsletters on various topics of our publishing programme. If you are at least 16 years old, you can subscribe to this newsletter on the basis of consent (Article 6, section 1a of the GDPR) whereby an e-mail address must be provided.

If you voluntarily indicate your fields of interest, you will receive a newsletter that contains customized information.

For the purpose of ensuring that the newsletters are sent in accordance with the customers’ consent, we use the double opt-in procedure. The double opt-in means that the potential recipient is added to a mailing list on his/her request. Subsequently, the user receives a confirmation e-mail and thereby the opportunity to confirm the registration in accordance with the law. Only if the user confirms the registration, the address will be actively included in the mailing list. We will use this data exclusively for sending the requested information and offers.

We use the Newsletter2Go newsletter software. Your data will be submitted to the company Newsletter2Go GmbH. Newsletter2Go GmbH is prohibited from selling your data and using it for purposes other than sending the newsletter. Newsletter2Go GmbH is a German certified provider that has been selected in accordance with the requirements of the General Data Protection Regulation and the German Federal Data Protection Law. You can find further information at newsletter2go.com/information-for-newsletter-recipients/.

You can revoke the consent granted regarding the storage of the data and the e-mail address as well as regarding their use for sending the newsletter at any time, e.g. by using the “unsubscribe” link in the newsletter.

If you subscribe to our newsletter, your e-mail address, IP address as well as the activation time will be recorded (stored) at the time of the activation together with the activation code. You can unsubscribe from the newsletter at any time.


Webshop

If you are at least 16 years old, you are able to purchase our publishing products in our online shop. If you are younger, please contact the local retailers.

If you order our products through our webshop, you can pay by credit card or PayPal. For this you will be redirected directly to the websites of the payment service providers and your payment data will be stored and processed directly by the payment service provider and not by us.

For the payment process by credit card, you will be redirected directly to the website of our PCI-certified payment service provider (Wirecard AG, 85609 Aschheim). Wirecard Bank AG processes personal data of cardholders for the purpose of payment processing as the responsible person within the meaning of Art. 4 (7) GDPR. Further information is available at https://www.wirecardbank.de/DSGVO.

For the payment process via PayPal you will be forwarded directly to the PayPal site (PayPal Europe S.à.r.l. et Cie, S.C.A., L-2449 Luxembourg). Payment requires a PayPal account. PayPal processes personal data as the person responsible within the meaning of Art. 4 (7) GDPR. More information is available at https://www.paypal.com/ie/webapps/mpp/ua/legalhub-full?locale.x=en_US.


Information Regarding Your Rights as User

You have the right to request a confirmation on whether personal data concerning you is processed; if this is the case, you have a right of access to this personal data and to the information detailed in Article 15 of the GDPR.

In accordance with Article 16 of the GDPR, you have the right to request the completion of the data concerning you or the rectification of the incorrect data concerning you.

In accordance with Article 17 of the GDPR, you have the right to request that data concerning you will be deleted immediately or, alternatively, to request a restriction of the processing of the data in accordance with Article 18 of the GDPR.

In certain cases that are detailed in Article 20 of the GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to request the transfer of this data to a third party. 

Withdrawal of the Consent (Article 7, section 3 of the GDPR)

In accordance with Article 7, section 3 of the GDPR, you have the right to withdraw any consent granted at any time with effect for the future.

Right to Object (Article 21 of the GDPR)

If data is collected on the basis of Article 6, section 1, lit. f (data processing necessary for the purposes of legitimate interests), you have the right to object at any time to the processing for reasons that result from your particular situation. We will then no longer process the personal data, unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or unless the processing serves for the establishment, exercise or defence of legal claims.

Right to Lodge a Complaint with a Supervisory Authority

In accordance with Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of the personal data concerning you infringes data protection provisions. The right to lodge a complaint may be asserted in particular vis-á-vis a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement.


Privacy Hints, version of 26 November 2019