Privacy policy

Privacy Policy

1) Introduction and Contact Details of the Controller

1.1

We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how we handle your personal data when you use our website. Personal data refers to all data with which you can be personally identified.

1.2

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Bernhard Schopf
Musicmedia24
Hindenburgstraße 31
94469 Deggendorf
Germany

Phone: +49 991 98158167
Email: info@midifiles24.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 Server Log Files

When you use our website for informational purposes only, meaning you do not register or otherwise transmit information to us, we collect only the data that your browser transmits to our server (so-called "server log files").

When you access our website, we collect the following data, which is technically necessary to display the website to you:

  • The website visited

  • Date and time of access

  • Amount of data transmitted in bytes

  • Source/referring page from which you accessed the website

  • Browser used

  • Operating system used

  • IP address used (possibly in anonymized form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website.

The data will not be disclosed or used for any other purpose. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.

2.2 SSL/TLS Encryption

For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries), this website uses SSL or TLS encryption.

You can recognize an encrypted connection by the “https://” prefix and the lock symbol in your browser’s address bar.

3) Hosting & Content Delivery Network (CDN)

Cloudflare

We use a Content Delivery Network (CDN) provided by:

Cloudflare Inc.
101 Townsend Street
San Francisco, CA 94107
USA

This service enables us to deliver large media files such as graphics, website content, or scripts more quickly via a network of geographically distributed servers.

Processing is carried out based on our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6(1)(f) GDPR.

We have concluded a Data Processing Agreement (DPA) with the provider to ensure the protection of our visitors’ data and to prohibit unauthorized disclosure to third parties.

For data transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies. Cookies are small text files stored on your device.

Some cookies are automatically deleted after you close your browser ("session cookies"), while others remain on your device for a longer period and enable the storage of page settings ("persistent cookies").

For persistent cookies, you can find the storage duration in your browser’s cookie settings overview.

If personal data is processed through individual cookies used by us, processing is carried out:

  • pursuant to Art. 6(1)(b) GDPR for contract performance,

  • pursuant to Art. 6(1)(a) GDPR where consent has been given,

  • or pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interests in providing the best possible website functionality and a user-friendly and effective website experience.

You can configure your browser so that you are informed about the setting of cookies and can decide individually whether to accept them, or exclude the acceptance of cookies for specific cases or generally.

Please note that disabling cookies may limit the functionality of our website.

Privacy Policy (Continued)

5) Contacting Us

5.1 Judge.me

We use the services of the following provider for review reminders:

Judge.me Ltd.
c/o Buckworths
2nd Floor, 1-3 Worship Street
London EC2A 2AB
United Kingdom

Based solely on your explicit consent pursuant to Art. 6(1)(a) GDPR, we transmit your email address and, where applicable, additional customer data to the provider so that they can send you review reminder emails.

You may revoke your consent at any time with future effect, either directly with us or with the provider.

We have concluded a Data Processing Agreement with the provider to ensure the protection of our website visitors' data and to prevent unauthorized disclosure to third parties.

For data transfers to the United Kingdom, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

5.2 Klaviyo

We use the services of the following provider for review reminders:

Klaviyo, Inc.
125 Summer St., Suite 600
Boston, MA 02110
USA

Based solely on your explicit consent pursuant to Art. 6(1)(a) GDPR, we transmit your email address and, where applicable, additional customer data to the provider so that they can contact you with review reminder emails.

You may withdraw your consent at any time with future effect.

We have concluded a Data Processing Agreement with the provider.

For transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework.

5.3 Contact Form and Email Contact

When you contact us (e.g., via contact form or email), personal data is processed exclusively for the purpose of handling and responding to your inquiry and only to the extent necessary.

The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Art. 6(1)(f) GDPR.

If your inquiry relates to the conclusion of a contract, the additional legal basis is Art. 6(1)(b) GDPR.

Your data will be deleted once your inquiry has been conclusively resolved and provided no statutory retention obligations prevent deletion.

6) Data Processing When Opening a Customer Account

Pursuant to Art. 6(1)(b) GDPR, personal data is collected and processed to the extent necessary when you provide it during the creation of a customer account.

The required data for account creation can be found in the respective input form on our website.

You may delete your customer account at any time by sending a message to the controller named above.

After deletion of your account, your data will be deleted provided that:

  • all contracts concluded through the account have been fully completed,

  • no statutory retention periods apply,

  • and we have no legitimate interest in retaining the data.

7) Use of Customer Data for Direct Advertising

7.1 Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers.

The only mandatory information required for receiving the newsletter is your email address. Any additional information is voluntary and may be used to address you personally.

We use the double opt-in procedure to ensure that you only receive newsletters after explicitly confirming your subscription via a verification link sent to your email address.

By activating the confirmation link, you grant us consent to use your personal data pursuant to Art. 6(1)(a) GDPR.

During registration, we store:

  • your IP address assigned by your Internet Service Provider (ISP),

  • the date and time of registration.

This serves to prevent misuse of your email address.

The data collected for newsletter registration is used exclusively for this purpose.

You may unsubscribe at any time via the unsubscribe link contained in every newsletter or by contacting the controller.

After unsubscribing, your email address will be removed from our mailing list immediately unless you have expressly consented to further use of your data or we are legally permitted to continue processing it.

7.2 Klaviyo

Our email newsletters and promotional email communications are sent through:

Klaviyo, Inc.
125 Summer St., Suite 600
Boston, MA 02110
USA

Based on our legitimate interest in effective and user-friendly email marketing pursuant to Art. 6(1)(f) GDPR, we transfer the data you provide during newsletter registration to Klaviyo for the purpose of sending emails on our behalf.

Subject to your explicit consent pursuant to Art. 6(1)(a) GDPR, Klaviyo also performs statistical analyses of email campaigns using web beacons or tracking pixels. These technologies may measure:

  • open rates,

  • clicks,

  • and interactions with newsletter content.

Device information such as IP address, browser type, operating system, and access time may also be collected.

You may withdraw your consent to email tracking at any time.

A Data Processing Agreement has been concluded with Klaviyo, and the provider participates in the EU-U.S. Data Privacy Framework.

7.3 PushOwl

You may subscribe to push notifications regarding our offers.

Provider:

Creatorbox Softwares Private Limited
80 Feet Road, Koramangala, 4th Block
Bangalore 560034
Karnataka, India

Based on your explicit consent pursuant to Art. 6(1)(a) GDPR, the provider collects and processes your browser ID and device ID to deliver notifications correctly.

Subject to your consent, the provider may also perform statistical analyses of notification interactions and collect additional information such as:

  • IP address,

  • date and time of access.

You may revoke your consent at any time by disabling the service in your browser settings or unsubscribing through the push notification system.

A Data Processing Agreement has been concluded with the provider.

7.4 Shopping Cart Reminder Emails

If you abandon a purchase before completing checkout, you may choose to receive a one-time email reminder regarding your shopping cart.

The only mandatory information required is your email address.

The reminder is sent only after completion of a double opt-in process.

By confirming via the verification link, you consent to the processing of your personal data pursuant to Art. 6(1)(a) GDPR.

We store:

  • your IP address,

  • date and time of registration.

You may unsubscribe from shopping cart reminders at any time.

After unsubscribing, your email address will be removed immediately from the corresponding distribution list.

8) Data Processing for Order Fulfillment

8.1 General Information

To the extent necessary for contract fulfillment, personal data collected by us will be transferred to:

  • shipping service providers,

  • payment institutions,

in accordance with Art. 6(1)(b) GDPR.

If we are legally required to provide updates for digital products or goods with digital elements, we process the contact details provided during the order process to inform you about such updates pursuant to Art. 6(1)(c) GDPR.

Your contact details are used exclusively for this purpose.

We also cooperate with external service providers who assist us in fulfilling contractual obligations. Personal data may be transferred to these providers to the extent necessary.

8.2 Payment Service Providers

Depending on the selected payment method, payment data may be transferred to the relevant payment service provider for processing.

Supported payment providers include:

  • Apple Pay

  • Bancontact

  • EPS Transfer

  • Google Pay

  • iDEAL

  • Klarna

  • PayPal

  • Shopify Payments

  • TWINT

Where required for payment processing, personal data such as:

  • name,

  • address,

  • payment card details,

  • bank account information,

  • currency,

  • transaction number,

  • order details,

may be transferred pursuant to Art. 6(1)(b) GDPR.

For payment methods involving credit assessment (e.g., Klarna invoice purchase, installment payments, or certain PayPal services), additional personal information may be collected and transmitted for creditworthiness checks pursuant to Art. 6(1)(f) GDPR.

Where applicable, the respective provider may obtain identity and credit information from authorized credit agencies and use automated scoring procedures to assess payment default risk.

Further information on the specific processing activities of each payment provider can be found in their respective privacy policies.

Privacy Policy (Continued)

9) Web Analytics Services

Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by:

Google Ireland Limited
Gordon House
4 Barrow Street
Dublin D04 E5W5
Ireland

Google Analytics 4 enables us to analyze how visitors use our website.

By default, Google Analytics 4 uses cookies that are stored on your device and collect certain information. This information includes your IP address, which Google shortens before processing in order to prevent direct personal identification.

The information collected is transmitted to Google servers and processed there. Data transfers to Google LLC in the United States may also occur.

Google uses this information on our behalf to:

  • evaluate website usage,

  • compile reports on website activity,

  • provide additional services related to website and internet usage.

The shortened IP address transmitted by your browser is not combined with other Google data.

Data collected through Google Analytics 4 is retained for two months and then deleted.

All processing activities described above, including the storage of cookies on your device, occur only with your explicit consent pursuant to Art. 6(1)(a) GDPR.

You may withdraw your consent at any time with future effect via the cookie consent tool provided on our website.

We have concluded a Data Processing Agreement with Google.

Further information:

Demographic Data

Google Analytics 4 may use the "Demographics" feature to generate statistics regarding:

  • age,

  • gender,

  • interests.

This information is derived from advertising data and third-party information and is used to identify target groups for marketing purposes.

The data cannot be assigned to specific individuals and is deleted after two months.

Google Signals

Google Signals may be used to create cross-device reports.

If you have enabled personalized advertising and linked your devices to your Google account, Google may, subject to your consent, analyze your usage behavior across devices and create models including cross-device conversions.

We receive only aggregated statistics and no personally identifiable information.

You can disable personalized advertising within your Google account settings at any time.

User IDs

Google Analytics 4 may also use the User ID feature.

If you:

  • consent to Google Analytics,

  • create a customer account,

  • and log in across multiple devices,

your activities and conversions may be analyzed across devices.

International Transfers

For transfers to the United States, Google participates in the EU-U.S. Data Privacy Framework.

10) Retargeting, Remarketing and Conversion Tracking

10.1 Meta Pixel

Within our online offering, we use Meta Pixel provided by:

Meta Platforms Ireland Limited
4 Grand Canal Square
Dublin 2
Ireland

When a user clicks on a Facebook or Instagram advertisement placed by us, Meta Pixel adds a parameter to the URL of our website.

This parameter is subsequently stored through a cookie placed on our website.

Meta Pixel enables us to:

  • identify website visitors as target groups for advertising,

  • display Facebook and Instagram advertisements to users who have shown interest in our services,

  • create custom audiences,

  • measure the effectiveness of advertising campaigns,

  • perform conversion tracking.

The data collected is anonymous to us. However, Meta may store and process this information and associate it with individual user profiles.

Meta may use the data for its own advertising purposes.

All processing activities involving cookies are carried out only with your explicit consent pursuant to Art. 6(1)(a) GDPR.

You may revoke your consent at any time through our cookie consent tool.

We have concluded a Data Processing Agreement with Meta.

Data may be transferred to Meta servers in the United States.

Meta participates in the EU-U.S. Data Privacy Framework.

10.2 Google Ads Remarketing

This website uses remarketing technology provided by:

Google Ireland Limited
Gordon House
4 Barrow Street
Dublin D04 E5W5
Ireland

Google uses cookies containing pseudonymous identifiers to display interest-based advertising based on pages previously visited.

Additional processing may occur if you have agreed that Google may link your web and app browsing history with your Google account and use account information for ad personalization.

If you are logged into your Google account while visiting our website, Google may combine your data with Google Analytics information to create cross-device remarketing audiences.

Personal data may also be transferred to Google LLC servers in the United States.

All processing activities occur only with your explicit consent pursuant to Art. 6(1)(a) GDPR.

You may withdraw your consent at any time via our cookie consent tool.

Google participates in the EU-U.S. Data Privacy Framework.

Additional information:

10.3 Google Ads Conversion Tracking

This website uses the Google Ads advertising platform and Google Ads Conversion Tracking provided by Google Ireland Limited.

We use Google Ads to advertise our products and services on external websites.

Conversion tracking enables us to measure the effectiveness of our advertising campaigns.

When a user clicks on a Google advertisement, a conversion tracking cookie is stored on their device.

These cookies generally expire after 30 days and do not personally identify users.

If a user visits certain pages on our website before the cookie expires, Google and we can determine that the advertisement led to the visit.

The information collected is used to create conversion statistics.

We receive only aggregated information and no personally identifiable user data.

Data transfers to Google LLC in the United States may occur.

Processing takes place only with your explicit consent pursuant to Art. 6(1)(a) GDPR.

You may:

  • withdraw consent via our cookie consent tool,

  • or permanently disable conversion tracking by installing Google's browser plugin.

Google's privacy information can be found at:

Google participates in the EU-U.S. Data Privacy Framework.

11) Website Functionalities

11.1 Judge.me

Our website incorporates graphical elements provided by:

Judge.me Ltd.
c/o Buckworths
2nd Floor, 1–3 Worship Street
London EC2A 2AB
United Kingdom

These elements display:

  • customer reviews,

  • trust badges,

  • quality seals.

When a page containing these elements is accessed, your browser establishes a direct connection with the provider’s servers.

In this process, certain browser information, including your IP address, may be transmitted.

Where personal data is processed, the legal basis is our legitimate interest pursuant to Art. 6(1)(f) GDPR in:

  • promoting our products and services,

  • presenting our website attractively,

  • displaying authentic customer reviews.

A Data Processing Agreement has been concluded with the provider.

The United Kingdom benefits from an adequacy decision of the European Commission.

11.2 Google reCAPTCHA

This website uses Google reCAPTCHA provided by:

Google Ireland Limited
Gordon House
4 Barrow Street
Dublin D04 E5W5
Ireland

Data may also be transferred to:

Google LLC
United States

Google reCAPTCHA helps determine whether website interactions are performed by human users or automated bots.

The service helps protect against:

  • spam,

  • automated abuse,

  • DDoS attacks,

  • fraudulent activities.

For this purpose, Google may collect:

  • IP address,

  • browser type,

  • operating system information,

  • date and duration of the visit,

  • user behavior indicators.

Cookies may also be used.

Where cookies are involved, processing is based on your consent pursuant to Art. 6(1)(a) GDPR.

Where no cookies are used, processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in protecting our website against misuse and automated attacks.

Google Fonts may also be loaded as part of the visual presentation of the reCAPTCHA interface.

We have concluded a Data Processing Agreement with Google.

Google participates in the EU-U.S. Data Privacy Framework.

12) Tools and Miscellaneous

12.1 Lexware Office

We use the cloud-based accounting software service provided by the following provider for our bookkeeping:

Haufe-Lexware GmbH & Co. KG
Munzinger Straße 9
79111 Freiburg
Germany

The provider processes incoming and outgoing invoices and, where applicable, our company's banking transactions in order to automatically record invoices, match them with transactions, and generate financial accounting records in a semi-automated process.

Where personal data is also processed in this context, such processing is carried out on the basis of our legitimate interest in the efficient organization and documentation of our business operations pursuant to Art. 6 (1) lit. f GDPR.

12.2 Cookie Consent Tool

This website uses a so-called "Cookie Consent Tool" to obtain valid user consent for cookies and cookie-based applications that require consent.

The Cookie Consent Tool is displayed to users as an interactive user interface when they access the website. Through this interface, users can grant consent for specific cookies and/or cookie-based applications by selecting the corresponding checkboxes.

By using this tool, all cookies and services that require consent are only activated if the respective user has provided consent by selecting the relevant checkboxes. This ensures that such cookies are only placed on the user's device if consent has been granted.

The tool sets technically necessary cookies in order to save your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or documenting cookie settings, such processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in legally compliant, user-specific, and user-friendly cookie consent management and thus in the legally compliant design of our website.

An additional legal basis for processing is Art. 6 (1) lit. c GDPR. As the controller, we are legally obliged to make the use of non-essential cookies dependent on the user's consent.

Where required, we have concluded a Data Processing Agreement with the provider to ensure the protection of our website visitors' data and to prevent unauthorized disclosure to third parties.

Further information about the operator and the configuration options of the Cookie Consent Tool can be found directly within the corresponding user interface on our website.

13) Rights of the Data Subject

13.1 Rights Under Data Protection Law

Applicable data protection law grants you the following rights with regard to the processing of your personal data by the controller. Reference is made to the respective legal basis for the conditions under which these rights may be exercised:

  • Right of access pursuant to Art. 15 GDPR;

  • Right to rectification pursuant to Art. 16 GDPR;

  • Right to erasure pursuant to Art. 17 GDPR;

  • Right to restriction of processing pursuant to Art. 18 GDPR;

  • Right to notification pursuant to Art. 19 GDPR;

  • Right to data portability pursuant to Art. 20 GDPR;

  • Right to withdraw consent granted pursuant to Art. 7 (3) GDPR;

  • Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.

13.2 Right to Object

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTERESTS FOLLOWING A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING MAY BE RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES. YOU MAY EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

14) Duration of Storage of Personal Data

The duration for which personal data is stored depends on the respective legal basis, the purpose of processing, and—where applicable—the relevant statutory retention periods (e.g., retention periods under commercial and tax law).

Where personal data is processed on the basis of explicit consent pursuant to Art. 6 (1) lit. a GDPR, such data will be stored until you withdraw your consent.

If statutory retention periods apply to data processed within the framework of contractual or quasi-contractual obligations pursuant to Art. 6 (1) lit. b GDPR, such data will be routinely deleted after the retention periods expire, provided that it is no longer required for contract performance or contract initiation and/or we no longer have a legitimate interest in retaining it.

Where personal data is processed on the basis of Art. 6 (1) lit. f GDPR, such data will be stored until you exercise your right to object pursuant to Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

Where personal data is processed for direct marketing purposes on the basis of Art. 6 (1) lit. f GDPR, such data will be stored until you exercise your right to object pursuant to Art. 21 (2) GDPR.

Unless otherwise stated in the specific processing situations described in this Privacy Policy, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.