Privacy Policy

Data privacy statement of the Leipzig Bach Archive

We at the Leipzig Bach Archive consider it part of our corporate responsibility to protect the personal data that our customers and prospective customers entrust to us. Principles such as data minimisation, transparency and security are a priority at the Bach Archive.

We set ourselves the objective of designing our data privacy statement in such a way that you can get a rapid insight into how the Bach Archive uses your personal data. One specific aim was to make it easy for you to exercise your rights. The following information refers to the use of the website available on PCs as well as on all other Internet-enabled, mobile or desktop devices.

 

1. When do we store data concerning you?

We collect a limited amount of data to send you tickets you have ordered or offer you tailored services. We collect personal data

• When you order tickets
• When you apply for the International Bach Competition
• When you subscribe to our newsletter
• Via the contact form.
• When you download the mobile app, the required information is transferred to the respective app store, in particular your user name, e-mail address and customer account number as well as the date and time of the download, payment information and your individual device code number. We have no influence on the acquisition of this data and are not responsible for it. We process the data only to the extent necessary for downloading the mobile app onto your mobile device. The app itself does not collect or process any further personal data.

As a general rule, we store your IP address in anonymised form. IP addresses are only stored in complete form to track technical errors and to log consent, e.g. for newsletter subscriptions.

In addition, when you visit our website and read the newsletter we store data about how you use them via cookies. That way, we can see what content our customers have browsed, how often and from which regions they come, and what action they took on our website.

This data is collected under a pseudonym and is not collated with your personal data (see sections 4 and 5 of this Data Privacy Statement). 

Moreover, we store further, non-personal data to be able to continuously improve our digital services for you. We store information that your browser sends us automatically for technical reasons in our server log files. This information is:

• Your browser type/version,
• The operating system you use,
• The referrer URL (the page you previously visited),
• The host name of the accessing device (anonymised IP address),
• Time of the server request,
• Possibly, in the case of smartphones, tablets and other mobile devices, the manufacturer/type

This data is not stored in such a way that it can be traced to you. Neither is this data collated with other data sources. The anonymised IP address is deleted in a timely manner after your visit to our site.

Wherever you have the possibility of entering personal data on our website, please check for yourself what data you wish to disclose to us. We need fields marked as compulsory to be able to process your request or ticket order.

You are entitled at all times to obtain information, correct, block or delete data stored on our server free of charge, as long as there are no legal storage limitations.

 

2. What do we use your data for?

The Bach Archive uses your data with the aim of providing the best possible service. In doing so, we treat your data responsibly.

To be precise, we use your data

• To process an order placed by you,
• To process your application for the International Bach Competition,
• To send advertising material by post,
• To send you our email newsletter if you have given your consent,
• For our own marketing purposes and user-based online advertising,
• For internal analytical and statistical purposes,
• To optimise the services we offer.

First and foremost, we make sure that our services are tailored as closely as possible to your needs.

You are entitled at all times to obtain information, correct, block or delete data stored on our server free of charge, as long as there are no tax-related legal storage limitations. You can oppose the use of your data for advertising purposes at any time. 

 

3. Do we share your personal data with third parties?

The Bach Archive does not share personal data (by selling or renting it) with third parties and does not trade addresses.

 

4. Why do we set cookies?

We use cookies on our website and in our newsletter. These use pseudonyms to measure

• How frequently a page is viewed,
• General navigation on our web pages

Cookies also serve to control special and convenience features.

They also enable us to tailor our website to your needs as closely as possible. Of course, you can oppose the pseudonymized evaluation of your data to improve our services at any time (see section 9 of this Data Privacy Statement).

Cookies are small text files that our website sets on your computer, smartphone or tablet and are stored by your browser.

In several places, we use what are known as “session cookies”. These are automatically deleted at the end of your visit and serve to make our website more user-friendly, effective and secure.

Our cookies are protected from being read by third-parties by your browser's security features.

Most web browsers (see the Help feature in your browser’s menu bar) can be set not to accept new cookies, to notify you when a new cookie is set, or to switch off all received cookies. In the case of smartphones, tablets and other mobile and desktop devices, you can find out how to make the requisite settings in the user instructions.

Our cookies do not store any sensitive data, such as passwords, credit card data or other such information. They do no damage to your device and contain no viruses.

 

5. Are you interested in our newsletter?

If you would like to subscribe to the newsletter we offer on our website, we need an email address from you and information that enables us to verify that you are the owner of the supplied email address and agree to receiving the newsletter.

To guarantee that you consent to being sent the newsletter, we use what is the called the »double opt-in« procedure. Potential recipients give their consent to be included in a mailing list. Users then have the chance to confirm their registration in a legally compliant manner via a confirming email. Only if confirmation is given is the address actively added to the mailing list.

We use this data solely to send the requested information and services.

The newsletter software we use is Newsletter2Go. Your data is forwarded to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data or using it for purposes other than sending newsletters. Newsletter2Go is a certified German provider selected according to the requirements of the General Data Protection Regulation and the German Federal Data Protection Act.

You can find out more here: https://www.newsletter2go.co.uk/information-for-newsletter-recipients/

You can withdraw your given consent to your data and email address being stored and used to send the newsletter via the »Unsubscribe« link in the newsletter at any time.

 

6. How do we use social plugins?

Our website uses social plugins (plugins) from various social networking websites, such as facebook.com and Twitter. You can recognise these plugins from the respective logos. 

When you access a page on our website using these social plugins, your browser establishes a direct link with the servers of the respective logo operator (e.g. facebook.com or twitter.com). The service provider then forwards the content of the plugin directly to your browser and integrates it into the web page. Please note that Facebook, Twitter and Yahoo process data outside the European Union. Moreover, we have no influence on the scope of the data collected by the use of social plugins and can therefore only inform you of what we know:

By integrating social plugins, the service providers receive the information that you accessed the corresponding page of our website. If you are logged into a service such as Facebook, Twitter or Delicious, the provider can assign your visit to your account. If you interact with this plugin, e.g. the Facebook “Like” button, or leave a comment, the corresponding information is sent by your browser directly to the service provider and stored there. If you are not a member of the social network, the provider may still find out and store your IP address. You can find out about the purpose and scope of data collection by the service provider and how the data is processed and used, as well as your rights in relation to this, from the respective privacy statements:

The social networking website »Facebook« is operated by

Facebook Inc.
1601 S. California Ave
Palo Alto
CA 94304
USA

Its European branch is:

Facebook Ireland Limited
Hanover Reach
5-7 Hanover Quay
Dublin 2
IRELAND.

• https://www.facebook.com/policy.php
• https://twitter.com/en/privacy
• https://policies.google.com/privacy?hl=en

You can prevent the integration of social plugins and the use of website analysis software by using appropriate software, such as the programme Ghostery.

Also, logging out of the respective social networking website – Facebook, for example – prevents that network from assigning data collected on our website to your profile.

To provide a more attractive shopping experience, our website has social plugin features for the Facebook, Twitter and Google+ networks.

To protect your privacy, we offer you these social plugins as so-called »2-click« buttons.

 

7. How does the Bach Archive protect your data?

When transferring data, for example when you enter your customer data in the order or contact form, we offer what is known as SSL (Secure Sockets Layer) security in conjunction with 256-bit encryption.

You can see when data is being transferred in encrypted form by the closed key or lock icon in the lower status bar of your browser.

This technology provides the highest level of security, which is why banks also use it to protect data in online banking, for example.

If your data is processed by our partner companies, who support us by providing customer service, delivering our products or designing and mailing our advertising material, the scope of transferred data is restricted to the required minimum.

We have selected carefully our partners and they are bound by the legal provisions of the Saxon Data Protection Act to treat your data confidentially and to comply with our own privacy standards. In particular, our partners are not allowed to pass on the data of our customers to third parties for advertising purposes.

 

8. Security during payment transactions

The Bach Archive allows you to pay by invoice, bank debit or credit card. All methods of payment are comprehensively protected by the above-mentioned security standards.

If you pay by credit card, we have integrated additional security: we provide this by asking for the Credit Card Verification Number during the order process, under »Method of payment«. You will find the three-digit Credit Card Verification Number in the signature field on the reverse side of your credit card.

Your credit card data is not saved on our website but encrypted immediately and sent via a secure link to the credit card payment processor for processing.

In addition to this, we of course meet the requirements of the mandatory Payment Card Industry Data Security Standard (PCI-DSS).

 

9. How can you have personal data stored at the Bach Archive modified or deleted?

If you send a request to the Bach Archive, we will correct, block or delete your personal data provided that other legal provisions (e.g. requirement to keep invoices) do not prevent this.

If you would like information about your personal data, please send a written request to the Bach Archive.

 

10. How can you oppose our use of your data?

You can oppose use of your data for advertising purposes or withdraw your consent by sending a short notification in writing to info@bach-leipzig.de.

 

11. Contacting us

You can contact the Data Protection Officer at datenschutz@bach-leipzig.de or by writing to our postal address, c/o the Data Protection Officer (Datenschutzbeauftragter).

If a data subject contacts us via these channels, the personal data they transfer to us will be automatically stored (Art. 6 (1 b, f) of the GDPR). The data is stored solely for the purpose of processing or contacting the data subject.