DATA PROTECTION

Privacy policy statement

Privacy policy statement for www.roba.com

Please be welcomed to the website of ROBA which ROBA Music Verlag GmbH, (“ROBA”, “we”, “us”, “our”) operates. Protecting our users’ personal data is an important concern for ROBA. All ROBA activities on and in connection with this website (“our website”) comply with the applicable data protection laws.

Our privacy policy informs you how and for what purpose we process your personal data in connection with your visit to, and use of, our website and ROBA services. Any changes that we make to our privacy policy in the future will be posted here.

CONTACT

The contact information of our data officer is:

E-mail: dataprotectionofficer@roba.com

ROBA Music Verlag GmbH

Data Protection Officer

Neue Rabenstr. 3

20354 Hamburg

Germany

  1. COLLECTION AND PROCESSING

We collect and process personal data, i.e. information that identifies, or at least makes it possible to identify, you as a natural person (e.g. your name, your address and/or e-mail address) when you decide to actively communicate with us, when you subscribe to services we may provide, and when you use our online client platform (the “Platform”) as a writer, publisher or other contracting partner of ROBA (jointly “ROBA Partner(s)”) in the “my.roba.com” section of our website (see sections A.1 and A.2 below). Furthermore, we collect and process certain technical data that results from you visiting our website (see section B below) which is also considered personal data. Processing means any operation which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation, retrieval, any kind of disclosure, erasure or destruction or other use.

  1. The Public Section of the Website

There are certain data that you may – but by no means must – submit to us when using the public parts of our website.

  1. a) When you subscribe to services that we may offer our users from time to time you will obviously have to submit your email address as well as any other data necessary for the provision of the service. Also, there are means on our website to get in touch with us directly, especially our contact form, which in turn requires you to submit personal data, such as your name and email address, but also the very content of your request.
  2. b) We collect, store and use such data in order to fulfil your corresponding request. For this, the legal basis is Article 6 sec. 1 sent. 1 lit. f GDPR, as it is in our mutual interest to handle your requests. Your data will not be collected, stored or used in any other way or for any other purpose. Hence, as an example, if you submit your email address via our contact form with a request for certain information, we will use only your email address to get back to you with – so we hope – the information you requested. Hence, you fully control the information you provide ROBA about yourself and how it may be used.
  3. Our Online Client Platform

The Platform under my.roba.com is a service for ROBA composers and publishing partners who wish to stay fully informed and up to date on their royalty earnings. For you we provide an online interface to our corresponding databases. For this, the legal basis is the performance or the of a contract or pre-contractual measures, Article 6 sec. 1 sent. 1 lit. b GDPR.

  1. a) To ensure that only you as a ROBA Partner may gain access to the corresponding information we conduct an registration process. If you have decided to get in touch with the designated contact person or filled out our request form and after you have received your login data, you may login to your account on the Platform.
  2. b) You are not required to submit any extra personal data before or while using the Platform (see section 2.3, though). Please, be aware, however, that the data you can retrieve on the Platform is personal and confidential. If you pass on your login data to anyone else, or if it gets passed on to anyone else, that person can access the data just as you can, unless and until you tell us to block your login data.

The Website under www.roba.com is a website which demonstrates our services and offers. Users of our label services under www.robadigital.com can use our login portal to get insights and information about their digital sales and neighbouring rights. Our music search system under music.roba.com and www.robapm.com are services for producers of media content (the “Producers”) to licence music and keep track of their licensed products. For Producers we provide an online interface to our corresponding databases, to access sample music and to download tracks for their production. For this, the legal basis is the performance or the preparation of a contract, Article 6 sec. 1 sent. 1 lit. b GDPR.

  1. a) To use our Platforms you must register online for our services by submitting the required personal information, including:

–  Contact information (Email, Phone, Address)

–  Business information

We use this information to create your account and to contact you regarding relevant licensing opportunities. Considering potential licensing contracts, this is based on Art. 6 sec. 1 lit. b GDPR. Upon registration, our team will evaluate the soundness of your business by matching it to additional data collected a public internet search. We use this information to prevent fraudulent behavior on our platform to protect our and our client’s interests, Art. 6 sec. 1 lit. f GDPR.

  1. b) Upon registering to our licensing platform, you can opt into our newsletters to receive information regarding our platform and services we offer. You can opt-out of the newsletter and any marketing communication at any time and free of charge (notwithstanding provider fees) by sending an email to this address info@roba.com or clicking this link: (www.roba.com/pages/de/subscribe). Data processing for the newsletter is based on your consent (i.e. your “opt-in”), Art. 6 sec. 1 lit. a GDPR. Furthermore, you may from time to time take part in contestsand competitions hosted on our website. In this case we will process the data provided upon entering such contest (in most cases your email address) based on Art. 6 sec. 1 lit. b GDPR exclusively for the purposes of your participation in such contest, unless you provide consent for further use separately.
  2. c) ROBA will collect and maintain a history of your use of our website, especially of your browsing of our music library, download and licensing history, we will use this information to assess and detect any case of possibly unlicensed use of our music products. For this purpose, we match your use of the website regarding browsing, listening and download history to our directory of anonymized download patterns of Producers. For this the legal basis is Article 6 sec. 1 lit. f GDPR, as it is in our legitimate interest to detect such use.
  3. d) In case we directly license our music to you we will further collect and maintain a record of any contractual informationgathered upon closing a licensing agreement. For this, the legal basis is Article 6 sec. 1 lit. f GDPR.
  4. e) While not being required to submit personal data through the Platform, you can edit certain personal data in the “Settings” section of the Platform. We will store and use edited personal data to, as applicable, continue providing the services of the Platform for you and/or to fulfil our obligations towards you. For example, by informing us of a new postal address, you allow us to send you any statements or other documents we may owe you to that address, unless stipulated otherwise in your contractual documentation.
  5. f) Personal data that is collected for our Online Music Publishing Client Platform, our Online Music Licensing Platform and our Label Services Client Platform is retained until you decide to close your account and properly erased afterwards (see below, Data Retention)
  6. NEWSLETTER

When you subscribe to our newsletter by contacting our personnel, we use the so-called double opt-in procedure, i.e. we will only send you newsletters by e-mail if you confirm in our notification e-mail by clicking on a link that you are the owner of the e-mail address provided. If you confirm your e-mail address, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of the storage is to send you the newsletters and to be able to prove your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. A message to the contact data given below or in the newsletter (e.g. by e-mail or letter) is of course also sufficient. The legal basis of the processing is your consent pursuant to Art. 6 sec. 1 lit. f GDPR.

In our newsletters we use commercially established technologies, enabling us to measure interactions with the newsletters (e.g. opening of the e-mail, clicked links).  We use this data in pseudonymous form for general statistical evaluations as well as for the optimization and further development of our content and customer communication. This data is collected using small graphics embedded in the newsletter (so-called pixels), which can also collect Technical Data regarding the device you use. The data is collected exclusively pseudonymized and is not linked to your other personal data. The legal basis for this is our aforementioned legitimate interest, Art. 6 sec. 1 lit. f GDPR.

Through our newsletter we want to share content that is as relevant as possible for our customers and better understand what readers are interested in. If you do not wish the analysis of usage behavior, you can unsubscribe the newsletter or deactivate graphics in your e-mail program by default. The data on the interaction with our newsletters is stored pseudonymously for 30 days and subsequently made completely anonymous.

III. LOG FILES, COOKIES, WEB ANALYTICS AND SOCIAL MEDIA PLUGINS

  1. General and Error Log Files

When you visit our website, our webservers automatically store certain data in log files.

  1. a) The general log files may tell us which Internet browser and operating system you were using, and which IP address was allocated to your Internet access when you were visiting the site, the URL of the internet page from which you arrived at our website, the exact time when you accessed and left our website, the amount of data transmitted, and the pages you accessed on our website. The last octet (8-bit byte) of the IP address in the general log files will be masked, thereby restricting our (or a third party’s) ability to connect the IP address to your specific Internet access. The personal data automatically collected is necessary for us to provide the website (Article 6 sec. 1 sent. 1 lit. f GDPR), and for our legitimate interest to guarantee the website’s stability and security (Article 6 sec. 1 sent. 1 lit. f GDPR).

Personal data that is collected automatically is retained for 35 days and properly erased afterwards.

  1. b) Should our web server(s) detect an error in processing requests, it will send the corresponding information to an error log file. Those log files for technical reasons also record the client IP address from which the request was sent, i.e. your IP address if your request caused the error.
  2. c) We have no means, and no interest in, identifying you through the general or error log file data. We use the general log file data for statistical purposes. The information we can from time to time retrieve from the files relates to, for example, peak times of the use of our website, which information our users are most interested in on the website, how users navigate on our website and which browsers and operating system our users use. We use that information to improve the technical setup as well as the design of our website. The error log files are used to diagnose and fix the error. The personal data collected during this process is necessary for our legitimate interest to guarantee the website’s stability and security (Article 6 sec. 1 sent. 1 lit. f GDPR).
  3. Platform Log Files

In addition to the general and error log files, we keep log files of all logins to and logouts from, and downloads of documents from, the Platforms under www.roba.com, www.robapm.com and www.robadigital.com in order to protect you and ourselves from any misuse of the service. For that purpose, we also display the exact time and date of your latest login in the “Settings” section of your account on the Platform, which we store in our database. Platform Log Files are retained for 35 days and properly erased afterwards.

  1. Cookies
  2. a) Our website uses http cookies. An http cookie is a piece of text stored on your computer by your web browser. Cookies are sent as a field in the header of the http response by our web server(s). It is then sent back by your browser every time it accesses the respective web server.
  • Our website uses session and persistent cookies to provide you with an easy and comfortable web service. They allow us to, for example, display the German contact information any time you visit our website if your first visit to the site came from Germany. It is our legitimate interest (Art. 6 sec 1 lit. f) to provide you a comfortable web service.
  • The Platforms under www.roba.com, www.robapm.com and www.robadigital.com use session cookies (which are automatically deleted at the end of each session) that, for example, allow us to identify you as the same user (but no more) over a session on our website and to “keep” certain data across more than one webpage so that you don’t have to reinsert the same data or set your personal settings over and over again. Also, www.roba.com (http://roba.com) sets a persistent cookie to keep the language that you prefer so that you can use the Platform in that language without having to change your settings each time you access the Platform. Use of cookies for the purposes of our website is necessary to provide you with our services and therefore based on Art. 6 sec. 1 lit. b GDPR (performance of a contract).
  1. b) Should you, however, wish to generally discontinue the use of cookies, you may use your browser settings to prevent the acceptance and storage of new cookies. To find out how this works with your browser, resort to the browser’s help function or contact the manufacturer. However, we recommend leaving the cookies functions switched on as, only if you do, will you retain the full benefit of the high level of user comfort to which we strive. In addition, the use of the Platform requires us to be able to set cookies.
  2. Web Analytics

Our website may use Google Analytics. Google Analytics is a web analytics service provided by Google, Inc., of Mountain View, CA 94043, U.S.A. („Google“). Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of our website (such as when you visited the website, the referrer URL, details on the configuration of your operating system, your browser and your access provider) are generally transmitted to, and stored on, a server of Google located in the U.S.A. As we are using Google Analytics’ “anonymizeIp()” function, your IP address will be shortened when you access our site from a member state of the European Union or from other states of the European Economic Area. It is only in exceptional circumstances that your IP address is transmitted to the U.S.A. and shortened there. Google will use the information on our behalf to analyze your use of the website, to compile reports on website activity, and to provide us with additional services related to the use of the website as well as Internet use. The IP address collected within the framework of Google Analytics will not be combined with other Google data.

We will use the Information gathered by cookies deployed by Google Analytics to analyze your use of our website, to generate reports on website activities and to perform other website related services to you.

The legal basis for this processing is Art. 6 sec. 1 sent. 1 lit. f GDPR and represents our legitimate interest to analyze our website’s traffic to improve the user’s experience and to optimize the website in general. Where you have given consent to our use of cookies for web analytics purposes the legal basis for this processing is Art. 6 sec. 1 lit. a GDPR.

You will find further information on Google and Google Analytics: Google and Google’s Privacy Policy here or here.

As already explained above, you can use your browser settings to prevent the acceptance and storage of new cookies. Should you disagree with the analysis of your use of our website you can also deactivate Google Analytics and thus declare your objection to the collection and processing of the respective data.

To do this, please download and install the browser plugin that Google provides for this purpose. The plugin is available here.

Once the plugin has been installed, it will prevent the recollection of the data related to your use of our website that has been generated by the cookie (including your IP address).

  1. Social Media Plugins

On certain webpages of our website we may implement so-called social media plugins, in particular Facebook, Inc.’s “like” button, Google’s “+1” button and Twitter, Inc.’s Twitter buttons. When you visit a page that displays one or more of such buttons your browser will establish a direct connection to the respective Facebook, Google and/or Twitter server and load the button from there. At the same time Facebook, Google and/or Twitter will know that the respective page on our website has been visited. This processing is based on Article 6 sec. 1 sent. 1 lit. f GDPR and represents our legitimate interest to improve your website experience and to optimize our services.

We have no influence on the data that Facebook, Google and Twitter collect based on the buttons. According to the available information, however, if you do not click on the respective buttons no personal data will be collected and stored unless you have logged onto to your Facebook, Google or Twitter account. In that case certain user data (including your IP address at the time) may be collected and linked to the account information already present at Facebook, Google or Twitter, respectively. If you wish to prevent this, please log out of your social media accounts before visiting our website.

In addition, clicking a button may also lead to a collection of certain data, such as the user’s IP address. Facebook, Google or Twitter may set cookies as well, unless you have disabled the acceptance and storage of cookies in your browser settings (see above).

We receive no information from Facebook, Google or Twitter about which social media buttons you may have clicked or seen on our website, but, if at all, we may receive a summarized, non-person-related statistical report on the use of the buttons.

If you wish to obtain more information on the subject go to:

  • Facebook’s Privacy Policy hereor here
  • Additional Information on Facebook’s Social Plugins hereor here
  • Google’s +1 Button Privacy Policy hereor here
  • Twitter’s Privacy Policy here
  1. NO DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

We will not disclose your personal data, be it by transmission or otherwise, to third parties except where:

  • such disclosure is necessary to fulfil existing obligations towards, or assert and enforce claims against, you;
  • you consented to such disclosure;
  • federal or competent state authorities, law enforcement and/or data protection supervisory agencies, request such disclosure on the basis of the applicable laws, if and inasmuch as such disclosure is necessary to counter dangers to public safety and order or for the investigation and persecution of criminal acts;
  • we are otherwise bound to do so by law.
  1. TRANSFER OF PERSONAL DATA OUTSIDE EEA

The information we collect from you may be transferred to, processed and stored at a destination outside the European Economic Area (“EEC”) when we transfer data to third parties or members of the ROBA group of companies. Recipients outside the EEA are either Privacy Shield certified or bound by Standard Contractual Clauses draft by the EU Commission for the protection of personal Data.

  1. SECURITY

ROBA takes great care to ensure the security of personal data. Your data is conscientiously protected from loss, destruction, distortion/falsification, manipulation and unauthorized access or unauthorized disclosure through appropriate technical and organizational measures. However, due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our system or otherwise in our care, will be safe from intrusion by others, such as hackers.

You are responsible for maintaining the strict confidentiality of your account password, and you shall be responsible for any access to or use of the website by you or any person or entity using your password, whether such access or use has been authorized by you or on your behalf.

VII. THIRD PARTY SITES

Third party sites linked to from this website may have different privacy policies and practices. We are not responsible for the information practices of third party sites, or channels or areas of this website, that are operated by third parties. You should carefully review these other privacy policies in order to determine how each third party may use any personal information you provide.

IIX. DATA RETENTION

We strive to keep our processing activities with respect to your personal data as limited as possible. Personal data provided by you upon using our services will be retained only for as long as we need it to fulfil the purpose for which we have collected it or if required by statutory retention requirements. Technical Data will be retained only if it is necessary to provide access to our site. The IP-Address will be retained for 7 days to enable us to engage in effective defense against attacks on our site, i.e. DDOS attacks. However, we may retain Technical Data if certain marketing purposes require. In no event will we retain your Technical Data longer than 35 days, provided storage of data is not required by statutory retention requirements. This may be the case as far as data collected during the use of the Platform is relevant for taxes or accounting reasons. In Germany, we are obliged to keep such data up to ten years according to German Tax and Trade Law.

  1. YOUR RIGHTS

Under the legislation applicable to you, you may be entitled to exercise some or all the following rights:

  • Right of access (Art. 15 GDPR);

You have the right to information regarding the data we process concerning you. Upon request we will provide you a copy of the data together with additional information to the extent defined in Art. 15 GDPR.

  • Right to rectification (Art. 16 GDPR);

You have the right to rectification of your data, wherever such data is incorrect or incomplete.

  • Right to erasure (Art. 17 GDPR);​

You have a right to erasure regarding data that is no longer required for the original purposes or that is processed unlawfully, as described in Art. 17 GDPR. Wherever certain data is subject to retention periods, instead of deleting the data we will restrict processing to the duration and intended purposes of such period.

  • Right to restriction of processing (Art. 18 GDPR);

​Upon your request, we will restrict processing of personal according to Art. 18, wherever there are uncertainties regarding our right to process such data or while a decision regarding your objection to such processing is pending. In such cases we will only retain data, restrict any processing to the minimal extent necessary and withdraw access to your data from our employees.

  • Right to data portability (Art. 20 GDPR);

Upon your request we will transfer any personal data you have provided to us during the use of our services on the basis of consent or any contractual or pre-contractual relationship to you or any third party, provided secure communication with third party is technically feasible. We will provide the data in a structured and machine-readable format.

  • Right to object to processing based on Art. 6 sec. 1 lit. f GDPR​

Upon your objection we will cease any processing of your personal data based on Art. 6 lit. f. Wherever we have compelling legitimate grounds to process your data, we can further process such data, provided our interest in doing so prevails in a weighting against your interest against the processing activity.

Therefore, to allow us to evaluate your request, please let us know the reason for your objection.

  • Right to withdraw consent

Where a processing is based on your consent, you have the right to withdraw your consent at any time by sending an email to datenschutz@bertelsmann.de, without affecting the lawfulness of processing based on consent before its withdrawal.

You may (i) exercise the rights referred to above or (ii) pose any questions or (iii) make any complaints regarding our data processing by contacting us under the contact details set out below. Additionally, you have the right lodge a complaint with a supervisory authority.

Effective Date of our Privacy Policy Statement: 23. May 2018