Privacy policy
Controller
We are pleased about your visit to our website. First of all, we would like to introduce ourselves as the responsible party (“controller” in terms of data protection law).
The BANDZONE service is developed and operated by
4YKINGS GmbH
represented by the managing director Tobias Gasser
Kiefernweg 36
82319 Starnberg
Phone: +49 89 2155 000 60
E-mail: contact@4ykings.com
General
In accordance with our legal obligation, we would like to inform you about the collection and use of your personal data.
When you use our online service, personal data is collected about you. This can be done by you entering the data independently - such as your mail address. However, our system also collects data from you automatically, such as your visit to our website. This occurs regardless of the device or software you use to access our service.
Any entry of data by you on our website is voluntary, there are no disadvantages for you by not disclosing your data. Without certain data, however, it is not possible for us to provide services or conclude contracts. We will point out such mandatory data to you in each case.
On this website, personal data of the user is only collected within the framework of the applicable data protection law, in particular the General Data Protection Regulation (DSGVO). The technical terms used in the text are explained in more detail in Art. 4 of the GDPR.
Data processing is permitted under the GDPR in three cases in particular:
- according to Art. 6 (1) lit. a and 7 GDPR, if you have consented to data processing by us; in each case, we will inform you in advance in this privacy policy and on the occasion of the consent in accordance with Art. 4 No. 11 GDPR exactly for what purpose and under what circumstances your data will be processed by us;
- according to Art. 6 (1) lit. b GDPR, if the processing of your personal data is necessary for the initiation, conclusion or execution of a contractual relationship;
- according to Art. 6 (1) lit. f GDPR, if, after a balancing of interests, the processing is necessary to protect our legitimate interests; this includes, in particular, our interests in analyzing, optimizing and securing the offer on our website - this includes, in particular, an analysis of user behavior, the creation of profiles for advertising purposes and the storage of access data as well as the use of third-party providers.
Inventory data
We collect inventory data insofar as it is necessary for the establishment, content or modification of a contractual relationship (also free of charge) between us and the user. This may include: Customer data (e.g. name, address), contact data (e.g. e-mail address, telephone number), performance data (e.g. ordered service, term, fee). When the user relationship is established, we will request this data from you (e.g. name, address and e-mail address) and also inform you of the extent to which the information is required in each case in order to establish the user relationship.
Usage data
We further collect usage data to enable the user's access to the services on our website. This may include: Usage data (e.g. web pages or areas accessed, duration of visit, interest in services), content data (e.g. data entered or uploaded by you, texts, images, sounds, videos), metadata (e.g. identity of your device, location, IP address).
We will only aggregate usage data if and to the extent necessary for billing purposes. Otherwise, we will only create usage data pseudonymously and only insofar as you have not revoked this. You can send this revocation at any time to the address given in the imprint or to the responsible person named in this privacy policy.
The legal basis for this data processing is, on the one hand, our legitimate interests pursuant to Art. 6 (1) lit. f GDPR in the analysis of the website and its use, and, if applicable, also the legal permission to store data as part of the initiation of a contractual relationship pursuant to Art. 6 (1) lit. b GDPR.
Details on the data and different processing points can be found below.
Initial contact through electronic inquiry
If you contact us in electronic form (e.g. mail, fax, telephone, messenger, etc.), we store and process the data you have provided us with (e.g. name, contact information, content of the inquiry). The legal basis for this is our legitimate interest in effective customer communication pursuant to Art. 6 (1) lit. a GDPR and, insofar as it concerns a request to enter into or fulfill a contract, also Art. 6 (1) lit. b GDPR.
We will only pass on this data to third parties insofar as it is necessary (according to Art. 6 (1) lit. b GDPR) for the fulfillment of the contract, this corresponds to the overriding interest in effective performance (according to Art. 6 (1) lit. f GDPR) or your consent (according to Art. 6 (1) lit. a GDPR) or another legal permission or obligation exists.
You can request information from us at any time and free of charge about the purpose of the processing, origin and, if applicable, recipients of your personal data. Furthermore, you can assert the correction, the deletion and the restriction of the processing of your personal data. You may object to the (further) processing of your data at any time and have a right to data portability as well as a right to lodge a complaint with the competent supervisory authority.
In principle, your data will only be stored for as long as required by the purpose of the respective data processing. Further storage is mainly considered if this is still necessary for legal prosecution or for legitimate interests or if there is a legal obligation to still store the data (e.g. tax retention periods, statute of limitations).
Consent
Where we ask for your consent to process your data, we will inform you in clear language and in an easily accessible way about the cases for which you are giving your consent. Any consent we ask for is voluntary, any benefit you wish to obtain by giving consent can be obtained without the consent, just ask us about it.
For any consent, you have the right to revoke any consent given to us to process your personal data at any time. This can be done by an informal message, e.g. via our contact form, a mail to the mail address given in the imprint or an unsubscribe link (if offered by us). Your revocation does not affect the lawfulness of the data processing carried out until then.
Storage period
In principle, your data will only be stored for as long as the purpose of the respective data processing requires. Further storage is mainly considered if this is still necessary for legal prosecution by us or for our other legitimate interests.
Regarding your inventory data that was required for the fulfillment of a contractual relationship (also free of charge), it means that we store it until the complete fulfillment or termination of the contractual relationship in addition to the statute of limitations (which is generally 2 or 3 years) along with an appropriate surcharge for a possible interruption of the statute of limitations.
For your usage data, which was collected on the occasion of your use of the website, this means that we will only store it for as long as this is still necessary for the proper functioning of our website and our legitimate interest is sufficient. As far as possible, we will only store statistical data in anonymized form, but at least always in pseudonymized form.
In addition, we still store your data insofar as we are legally obligated to do so. These are in particular the tax retention periods, which are generally 6 or even 10 years.
Rights of the users
You can request information from us at any time and free of charge about the personal data we have stored about you. In this case, identification of your person is required to prevent misuse.
Deletion, correction, restriction
You can request us to correct (also by supplementing) incorrect data at any time as well as to restrict its processing or also to delete your data. This applies in particular if the purpose of processing has expired, a required consent has been revoked and no other legal basis exists or our data processing is unlawful. We will then immediately correct, block or even delete your personal data within the legal framework.
Objection
You may object at any time to any processing of your personal data that we base on a consideration of your interests pursuant to Article 6 (1) lit. f GDPR if there are reasons for doing so that arise from your particular personal situation.
We will then no longer process your data unless we can provide compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of you, or the processing serves to assert, exercise or defend legal claims on our part.
Data transmission
You can request us to transfer the data stored about you in machine-readable form.
Complaint
If you feel that your rights have been violated by our data processing, you can file a complaint with the competent supervisory authority (you can find a list of authorities here).
Server log files
Technical system for BANDZONE
The service BANDZONE under the domain https://band.zone is operated on the systems of the company all-inkl in Germany.
ALL-INKL.COM - New Media Münnich
Hauptstraße 68
D-02742 Friedersdorf
For the privacy policy of all-inkl see https://all-inkl.com/info/datenschutzinformationen/.
We create standard server log files on this system with automatically collected data. These can be, depending on the settings of your computer, e.g. the following:
- Your (shortened) IP address
- Type and version of your browser and the device you are using
- screen resolution
- language setting
- host name
- time of visit
- the website from which you visited our website
- name of the website called up or URL
- exact time of the call as well as
- the amount of data transferred
- The IP address is only stored shortened by the last two digits. This means that, for example, for the IP 11.22.33.44 only 11.22.0.0 is stored.
This data is only used to identify and fix potential problems in the system.
They are stored directly on our system in Germany and automatically deleted after 2 days.
We have concluded an order processing agreement with all-inkl, according to which all-inkl has undertaken to process data only in accordance with our instructions.
Website system webflow
Within the framework of our legitimate interest in a technically flawless online service and its economically efficient design and optimization pursuant to Art.6 (1) lit.f GDPR, we have created this website with the CMS webflow of Webflow Inc, 398 11th Street, 2nd Floor, San Francisco, California, 94103, USA.
This system is used exclusively for content that can be accessed under the domain "https://the.band.zone". All of the following paragraphs thus refer exclusively to it.
The actual online service under the domain "https://band.zone" is operated on a separate system at all-inkl in Germany (see corresponding section above).
Webflow enables us to create our website and keep it available for retrieval in Webflow's worldwide hosting network. Webflow collects usage data like any other hoster. This is identified and non-identifiable data on the occasion of your visit to our website. This data is either provided to Webflow or collected automatically by using Webflow services ("non-personal data").
On the basis of such non-personal data, it is not possible for Webflow to trace the origin of the data. The non-personal data are technical information and usage information, such as those already mentioned in the previous section.
This data is transmitted to the USA or already stored directly there.
We have concluded an order processing agreement with Webflow, according to which Webflow has undertaken to process data only in accordance with our instructions.
Webflow takes physical, electronic and procedural security measures to protect personal data. Among other things, Webflow only provides encrypted access to our website.
IP addresses are never stored or logged in their entirety. They are either hashed only (= one-way transformation without inference to the IP address) or, where absolutely necessary, stored with the last part removed (e.g. 157.130.212.112 becomes 157.130.212._).
IP addresses shortened by the last part are used, for example, to identify the best possible delivery server.
The hashed IP addresses are kept in memory for a maximum of 24 hours to defend against brute force attacks and to display unique visits in our dashboard.
For more information about Webflow's data processing, please see Webflow's privacy policy https://webflow.com/legal/eu-privacy-policy.
External Scripts
On our website https://the.band.zone, we use the jsDelivr CDN (Content Delivery Network) from the company PROSPECT ONE SP. Z O.O., Królewska 65A/1, 30-081 Kraków / Poland at a few places (e.g., in the FAQs) for delivering special scripts via the domain cdn.jsdelivr.net. These scripts are used, for instance, for filtering the FAQs. Thus, your browser may transmit personal data, such as your IP address or information about the browser used, to jsDelivr's servers when you load the relevant pages of our website. Disabling these external scripts will result in functionalities, such as the FAQ filtering by categories, no longer being available.
For more information on data processing, please see PROSPECT ONE's Privacy Policy.
Cookies
Nature and purpose of processing
Like many other websites, we also use so-called "cookies". Cookies are small text files that are stored on your terminal device (laptop, tablet, smartphone or similar) when you visit our website.
Cookies cannot be used to launch programs or transfer viruses to a computer.
In no case will the data we collect be used to link to personal data without your consent.
Of course, you can generally view our website without cookies. Internet browsers are regularly set to accept cookies. In general, you can deactivate the use of cookies at any time via your browser settings. Please use the help functions of your internet browser to find out how to change these settings.
Please note that registration on BANDZONE (https://band.zone) and use of the online service are not possible if you have disabled the use of cookies.
However, the publicly accessible pages (at https://the.band.zone) can be used without cookies without restriction.
Storage period and cookies used
The following essential cookies are used on our websites:
- jam_session: sequence of random characters. Is a unique identifier for the active session in the system. The cookie does not contain any personal data. (Expiration date: current session)
- remember_web_[1-9a-z]: If you checked the "Stay logged in" checkbox when you logged in, this cookie is set to recognize you the next time you visit BANDZONE. If you delete this cookie, you will have to log in again with your username and password the next time.
- XSRF-TOKEN: sequence of random characters. Used to protect against cross-site request forgery (https://en.wikipedia.org/wiki/Cross-site_request_forgery). The cookie does not contain any personal data. (Expiration date: current session)
- paddlejs_campaign_referrer: This cookie is an essential cookie set by our payment service provider Paddle for the current domain. It contains the current domain for verification of authorized use of the payment service provider. It is only set on BANDZONE pages relevant to the booking process. (Expiration date: 1 month)
- meta-pixel-allowed: true/false. This stores whether you allow the Meta Pixel or not. If you delete this cookie, a request for consent will be made again the next time. (Expiration date: 1 year)
The following non-essential cookies are used on our websites after consent:
- _fbp: A sequence of random digits preceded by 'fb' and separated by dots. The purpose is the personalization of advertising and measurement of advertising success (Expiration date: 3 months). Consent can be given or revoked at any time via the following button.
You can delete individual cookies or the entire cookie inventory in your browser settings. In addition, you will receive information and instructions on how to delete these cookies or block their storage in advance. Depending on the provider of your browser, you will find the necessary information under the following links:
Mozilla Firefox:
https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Microsoft Edge:
Google Chrome:
https://support.google.com/accounts/answer/61416?hl=en
Vivaldi:
https://help.vivaldi.com/article/cookies/
Opera:
https://help.opera.com/en/latest/web-preferences/#cookies
Safari:
https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac
Social Media Tracking via Meta Pixel and Conversion API (CAPI)
As far as you have consented when visiting our website, we use the Meta Pixel and the Conversion API for our marketing approach and to evaluate the success of our marketing measures.
The Meta Pixel is a reach measurement service used on this website based on your voluntary consent according to Art. 6 Para. 1 lit. a GDPR, provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The technology implemented by the Meta Pixel allows us to measure the reach and resulting sales (so-called conversions) of our ads on Facebook, Instagram, and Meta Messenger, thereby improving our advertising approach. It also enables us to target users who have already visited our website with advertising on the mentioned platforms more precisely. Furthermore, we can use the data to create so-called Custom Audiences. Here, Meta evaluates data from users of our website to identify people with similar interests.
The Meta Pixel stores a cookie on your computer, which helps Meta recognize that you have visited our website if you are logged into a Meta service or log in again. The data is anonymized for us; we cannot assign it to you. The data is transmitted to the USA and stored at Meta. This provider is certified under the EU-US Data Privacy Framework. Thus, data transmission to the USA is legally secure based on the adequacy decision concluded on 10.07.2023.
For the same purpose, with your voluntary consent via the Meta Conversion API (CAPI), your hashed, i.e., pseudonymized, email address is transmitted to Meta at a few points after your registration (e.g., upon successful registration and when booking a plan). The legal basis here is also your consent according to Art. 6 Para. 1 lit. a GDPR.
Meta is able to connect that data to your respective user profile and use the data for its advertising purposes, according to the Meta Data Use Policy (https://www.facebook.com/about/privacy/). Meta offers you various settings for the remarketing function and the Custom Audiences if you are logged into a Meta service: Settings for Facebook, Settings for Instagram, or generally via the Meta Privacy Center. Without a Meta account, you can also make settings at the European Interactive Digital Advertising Alliance and prevent being targeted with advertising.
For more information on how Meta handles your data, please refer to Meta's privacy policy at: https://www.facebook.com/about/privacy. Your data is transferred by Meta Platforms Ireland to Meta in the USA based on the standard contractual clauses.
Usage statistics
Tracking directly in the system
We also collect certain other usage data for specific purposes when you are actively using our system while logged in.
Error tracing
We continuously collect advanced program flow data that allows us to trace and correct an error in the event of an issue.
This data may include, for example, your user ID and, if applicable, other information that you have stored in your account, insofar as this was used in the respective interaction.
The data is stored on our system in Germany and automatically deleted after 3 days.
Anonymous area statistics
Furthermore, we collect - also directly on our system in Germany - usage data on the different areas of the application, e.g. to determine how a change or a new feature is accepted.
Statistics system "matomo"
We use both for https://the.band.zone and for https://band.zone a tracking system installed on our own servers (in Germany) called "matomo" to collect and analyze data on usage behavior.
If you have activated DNT ('do not track') in your browser, no data will be collected in this system!
The system is configured so that no cookies are used.
The data stored in this system for the purpose of statistics are as follows.
- URL & title & times of the visited pages
- URL & title of all links clicked on the visited page
- User agent (browser details)
- Screen resolution
- Anonymized IP address (last two octets are replaced with a "0" before storage)
- We do NOT store exact referrer information, only the type of referrer (e.g. "search" or "social media")
Registration with our online service
Type and purpose of processing
When registering to use our services, two personal data are collected: Name and e-mail address. If you are registered at our site, you can access content and services that we offer only to registered users. Registered users also have the option to change the data provided during registration at any time, if necessary.
If you decide to delete your account, your personal data stored in the account will be deleted, unless there is a legal obligation to keep records. We do not store historical data about your name and e-mail address.
Of course, we will also provide you with information about the personal data we have stored about you at any time.
Special case "Registration of band members
As an administrator of a band, you can add additional band members via their e-mail address. As a result, an e-mail will be sent to the corresponding e-mail address with a request to confirm the invitation and complete the registration. This email will also contain a reference to the inviter(s) and the band from which the invitation was sent.
If the invitation is not confirmed within 3 days or the registration of the new band member is not completed by him, the account for this member, which is thus inactive, will be automatically deleted.
Legal basis
The processing of the data entered during registration is based on the user's consent (Art. 6 (1) lit. a GDPR).
If the registration serves the fulfillment of a contract to which the data subject is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) lit. b GDPR.
Recipient
Recipients of the data may be technical service providers who act as order processors for the operation and maintenance of our online service.
We have concluded order processing agreements with these service providers (see above).
Storage period
Data is only processed in this context as long as the corresponding consent has been given. Afterwards, they will be deleted, provided that there are no legal storage obligations to the contrary. To contact us in this context, please use the contact details provided at the end of this privacy policy.
Provision mandatory or required
The provision of your personal data is voluntary, based solely on your consent. Without the provision of your personal data, we cannot grant you access to our offered content and services.
SSL encryption
To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.
E-mail information
You have the possibility to be informed by us at irregular intervals via e-mail about current promotions, offers and news. For this purpose, you can sign up for our e-mail information on our website, during registration or later on your profile page.
Legal basis
If you sign up for our email information, the legal basis for the processing is your consent pursuant to Art. 6 (1) lit. a GDPR, which we verify with the help of a confirmation email. You can revoke your consent at any time with effect for the future. Registered users receive our information on the basis of Art. 6 (1) lit. f GDPR in conjunction with § 7 (3) German Unfair Competition Act (UWG). You can object to the use of your e-mail address for this purpose at any time.
Recipient
For sending our transactional emails as well as our email information, we use the services of the provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin. The e-mail addresses of the recipients are stored on cloud servers of Sendinblue GmbH in Germany. In addition, Sendinblue GmbH offers us the possibility to analyze whether the sent emails have been opened, how many users have received an email and whether users have unsubscribed from our email information after receiving an email.
We have concluded a data processing agreement on behalf of Sendinblue GmbH in accordance with Art. 28 GDPR to ensure that personal data is adequately protected there.
For more information, please refer to the Terms of Use of Sendinblue: https://www.brevo.com/legal/termsofuse/ .
Note: Since May 2023, the service of Sendinblue GmbH has been operating under the brand "Brevo" (see https://www.brevo.com/de/blog/warum-brevo/), but the company is currently still registered under the name Sendinblue GmbH.
Storage period
Data will only be processed in this context as long as the corresponding consent or user account exists. Afterwards, they will be deleted, provided that there are no legal retention obligations to the contrary. To contact us in this context, please use the contact details provided at the end of this privacy policy.
The specific storage period of analysis data by Sendinblue GmbH cannot be influenced by us, but is determined by Sendinblue GmbH. For more information, please see the Sendinblue privacy policy: https://www.brevo.com/legal/privacypolicy/.
Provision mandatory or required
The provision of your personal data is voluntary, based solely on your consent. Without the provision of your personal data, we cannot grant you access to our offered content and services.
JIRA Cloud
To process requests, we use JIRA Cloud from the provider Atlassian. Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia. JIRA Cloud is operated on Amazon Web Services (AWS) servers located within the European Union. The purpose of the processing is the handling of inquiries as well as any queries. As soon as they are no longer required to achieve the purpose for which they were collected, the data are deleted. This is the case for personal data sent by e-mail or transmitted via Jira Service Desk when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified. The legal basis is Art. 6 (1) lit. a and b GDPR.
We have concluded a so-called "Data-Processing-Agreement" with Atlassian, in which Atlassian commits itself to protect the data of our customers and not to pass it on to third parties.
Contract and payment processing via Paddle
If you make use of chargeable services on our website, the provider of these services and your contractual partner as well as payment processor is Paddle.com Market Ltd, 15 Bermondsey Square, SE1 3UN London, United Kingdom (hereinafter "Paddle"). Paddle is responsible in the sense of data protection law for the personal data collected and processed in the context of the order and implementation of fee-based service packages.
Paddle's booking and payment process is integrated as Java script using Paddle's Content Delivery Network service (CDN) (https://cdn.paddle.com). This script is loaded exclusively when the price information is called up and from pages that are relevant for the conclusion of a BANDZONE subscription. Personal data, such as your IP address, may be transmitted to Paddle. Paddle thereby receives the information that you have visited this website with your IP address. The storage and analysis of the data is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in the processing of bookings and payments by Paddle.
Insofar as personal data is transferred to the USA as part of the contract or payment processing, this is done on the basis of the standard contractual clauses of the EU Commission and, if applicable, your consent pursuant to Art. 49 (1) lit. a GDPR. We would like to point out that there may be a risk associated with the transfer of personal information to the USA, in particular due to potential access by US intelligence services for investigative purposes. The USA is not a safe third country in the view of the EU Commission.
You can find more information about data protection at Paddle here: https://paddle.com/privacy/
Use of Monotype Web Fonts
We use fonts delivered locally from our server by Monotype Imaging Holdings Inc.
Below is an excerpt of the privacy policy:
What information is collected?
The webfont tracking code in the font.css file (//hello.myfonts.net/...) does not collect, process, or store any personal information. When you visit a website with this tracking script, only the following information is collected:
- the anonymous project identification number
- the URL/domain of the licensing website (band.zone) which in turn is associated with a customer number at Myfonts
- the referrer URL
How is the collected information used?
The anonymized Webfont project ID is stored with the above data in an encrypted log file for 30 days so that the number of monthly page views can be counted. This number is used to calculate the costs band.zone incurs for licensing the fonts. After the monthly pageview reports are generated, the logfiles are deleted.
Complete information
For more detailed information about the privacy policy of Monotype Imaging Holdings Inc.
https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy/
Changes to our privacy policy
We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection statement will then apply to your next visit. In doing so, no changes will be made to the consents granted by the user.
Questions to the data protection officer
If you have any questions about data protection, please write us an e-mail or contact the person responsible for data protection in our organization directly:
datasec@4ykings.com