Privacy Policy
Privacy Policy "Joscho Stephan"
This Privacy Policy applies to the collection, processing, and use of your personal data ("data processing") when using www.joscho-stephan.de.
Protecting your personal data is very important to us. We collect and process your data exclusively based on the applicable legal regulations, particularly the BDSG and the GDPR. This Privacy Policy informs you about the most important aspects of data processing on our website.
Below, we explain which data we collect, process, and use, for what purpose, and how you can object to such processing.
1. Name and Address of the Controller
Joscho Stephan
Von-Groote-Strasse 110
41066 Mönchengladbach, Germany
Email: music@joscho-stephan.de
Phone: +49(0)178-7640195
2. Name and Address of the Data Protection Officer
The Data Protection Officer is identical to the Controller: Joscho Stephan.
3. Scope of Processing Personal Data
We process personal data to ensure the functionality of our website and to provide our content and services.
All personal data is stored and processed exclusively on servers within the European Union. Data transmission is encrypted via SSL. Processing is based on Art. 6(1)(a) or (f) GDPR.
The following data may be collected automatically when visiting our website:
- Browser type and version
- Operating system
- Referrer URL
- Search terms used to find our site
- Date and time of access
- Accessed subpages
IP addresses are only evaluated in the event of attacks on our network infrastructure.
If you use paid services, we also process your payment data (Art. 6(1)(b) GDPR). When signing up for our newsletter or contacting us via the contact form, we process the personal data you provide to handle your request.
4. Legal Basis for Processing
The processing of your data is based on:
- Your consent (Art. 6(1)(a) GDPR)
- Contract fulfillment (Art. 6(1)(b) GDPR)
- Compliance with legal obligations (Art. 6(1)(c) GDPR)
- Our legitimate interests (Art. 6(1)(f) GDPR)
5. Recipients of the Data
Recipients may include internal departments (e.g., accounting, customer service) and external service providers for hosting, payment processing, and shipping. Data is only transferred to third parties if required for contract fulfillment.
6. Data Deletion and Storage Period
We store personal data only as long as necessary to achieve the purposes outlined or as required by statutory retention periods. After that, the data will be deleted or anonymized.
Newsletter data is stored until the subscription is canceled.
7. Your Rights
You have the right to:
- Access your data
- Rectification of inaccurate data
- Erasure of your data ("Right to be forgotten")
- Restriction of processing
- Data portability
- Object to the processing
- Withdraw your consent at any time
You also have the right to lodge a complaint with a supervisory authority.
8. Exercising Your Rights
You can exercise your rights informally via:
Postal Mail: Joscho Stephan, Von-Groote-Strasse 110, 41066 Mönchengladbach, Germany
Phone: +49(0)178-7640195
Email: music@joscho-stephan.de
9. Cookies
We use cookies to improve usability. Some cookies are technically necessary, while others help optimize the website. Processing is based on our legitimate interest (Art. 6(1)(f) GDPR).
You can manage and delete cookies via your browser settings. Disabling cookies may limit the functionality of the website.
10. Protection of Minors
Persons under 18 years of age should not submit personal data to us without parental or guardian consent.
11. Use of Third-Party Services and Redirects
We embed content from third-party providers and link to external platforms. The following providers may receive personal data (such as your IP address):
- YouTube (Google LLC) – Privacy Policy
- Mailchimp (Intuit Inc.) – Privacy Policy
- Shopify (Shopify International Ltd. / Shopify Inc.) – Privacy Policy
When redirecting (e.g., to "Lessons" at www.gypsyguitaracademy.com or "YouTube"), the respective site's privacy policies apply.
We note that using these services may result in the transfer of your data to countries outside the European Union (e.g., the USA), where data protection laws may not provide the same level of protection as in the EU. Transfers are based on your consent (Art. 49(1)(a) GDPR) and Standard Contractual Clauses (SCCs) adopted by the European Commission.
12. Technical and Organizational Measures (TOMs)
We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or destruction.
13. No Automated Decision-Making / Profiling
No automated decision-making or profiling pursuant to Art. 22 GDPR takes place.