Privacy Policy

We are very pleased about your interest in our company. Data protection is of particular importance to the management of HSM-Hamburg School of Music GmbH. In general, the website of HSM-Hamburg School of Music GmbH can be used without providing any personal data. However, if a data subject wishes to make use of specific services offered by our company via our website, the processing of personal data may become necessary. Where the processing of personal data is required and there is no statutory basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as a data subject’s name, address, email address, or telephone number, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to HSM-Hamburg School of Music GmbH. By means of this Privacy Policy, our company wishes to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, this Privacy Policy informs data subjects about their rights.

As the controller responsible for processing, HSM-Hamburg School of Music GmbH has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed through this website. Nevertheless, internet-based data transmissions may generally contain security gaps, meaning that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

1. Definitions

The Privacy Policy of HSM-Hamburg School of Music GmbH is based on the terminology used by the European legislator in adopting the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be easy to read and understand for the public, customers, and business partners. To ensure this, we would like to explain the terminology used in advance.

Within this Privacy Policy, we use, among others, the following terms:

a) Personal Data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data Subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

c) Processing

Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d) Restriction of Processing

Restriction of processing means the marking of stored personal data with the aim of limiting its future processing.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymization

Pseudonymization means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures ensuring that the personal data is not attributed to an identified or identifiable natural person.

g) Controller

Controller means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data.

h) Processor

Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient means a natural or legal person, public authority, agency, or another body to which personal data is disclosed, regardless of whether it is a third party or not.

j) Third Party

Third party means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons authorized to process personal data under the direct authority of the controller or processor.

k) Consent

Consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, through a statement or clear affirmative action, signify agreement to the processing of personal data relating to them.

2. Name and Address of the Controller

Controller for the purposes of the GDPR, other data protection laws applicable in Member States of the European Union, and other provisions related to data protection is:

HSM-Hamburg School of Music GmbH
Feldstr. 66
20359 Hamburg
Germany

Phone: +49 40 43190099
Email: info@theschool.de
Website: www.theschool.de

3. Cookies

The websites of HSM-Hamburg School of Music GmbH use cookies. Cookies are text files stored on a computer system via an internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID, which is a unique identifier allowing websites and servers to recognize a specific internet browser.

Through the use of cookies, HSM-Hamburg School of Music GmbH can provide users with more user-friendly services that would not be possible without the use of cookies.

Cookies allow us to optimize the information and services offered on our website in the interests of the user. For example, cookies enable users to avoid re-entering login details each time they visit the website.

The data subject may prevent the setting of cookies at any time through the appropriate settings of the browser used and may thus permanently object to the setting of cookies. Furthermore, cookies already set can be deleted at any time via the browser or other software programs. However, if cookies are disabled, not all functions of our website may be fully usable.

4. Collection of General Data and Information

The website of HSM-Hamburg School of Music GmbH collects a series of general data and information whenever a data subject or automated system accesses the website. This data is stored in the server log files.

Collected data may include:

  • browser types and versions used

  • the operating system used by the accessing system

  • the website from which an accessing system reaches our website (referrer)

  • subpages visited on our website

  • date and time of access

  • IP address

  • internet service provider of the accessing system

  • other similar data and information used for security purposes

When using this general data and information, HSM-Hamburg School of Music GmbH does not draw conclusions about the data subject. Instead, this information is needed to:

  1. correctly deliver website content

  2. optimize website content and advertising

  3. ensure the long-term functionality of our IT systems and website technology

  4. provide law enforcement authorities with information necessary for prosecution in the event of a cyberattack

This anonymously collected data is evaluated statistically and with the aim of increasing data protection and data security within our company.

5. Contact via the Website

The website of HSM-Hamburg School of Music GmbH contains information enabling quick electronic contact with our company and direct communication with us, including a general email address.

If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted voluntarily is stored for the purpose of processing or contacting the data subject. This personal data will not be passed on to third parties.

6. Routine Deletion and Blocking of Personal Data

The controller processes and stores personal data only for the period necessary to achieve the purpose of storage or as required by European directives, regulations, or other applicable laws.

Once the storage purpose ceases to apply or a prescribed storage period expires, the personal data is routinely blocked or deleted in accordance with legal requirements.

7. Rights of the Data Subject

Data subjects have the following rights under the GDPR:

  • Right to confirmation

  • Right of access

  • Right to rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restriction of processing

  • Right to data portability

  • Right to object

  • Rights relating to automated decision-making and profiling

  • Right to withdraw consent at any time

To exercise any of these rights, the data subject may contact an employee of HSM-Hamburg School of Music GmbH at any time.

8. Data Protection in Applications and Recruitment Procedures

The controller collects and processes applicants’ personal data for the purpose of handling recruitment procedures. Processing may also take place electronically, for example when application documents are submitted via email or an online form.

If an employment contract is concluded, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with legal regulations.

If no employment contract is concluded, application documents will automatically be deleted two months after notification of the rejection decision, unless other legitimate interests of the controller prevent deletion.

9. Facebook

This website integrates components of Facebook. Facebook is a social network operated by:

Facebook, Inc.
1 Hacker Way
Menlo Park, CA 94025
USA

If the data subject lives outside the USA or Canada, the controller responsible is:

Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

Whenever a page containing a Facebook plugin is accessed, the browser automatically downloads the relevant Facebook component. Facebook thereby receives information about which subpage of our website was visited.

If the data subject is logged into Facebook at the same time, Facebook can associate the visit with the user’s Facebook account.

Further information:
https://developers.facebook.com/docs/plugins/
https://de-de.facebook.com/about/privacy/

10. Google Analytics

This website uses Google Analytics with anonymization functionality. Google Analytics is a web analysis service operated by:

Google Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043-1351
USA

Google Analytics uses cookies to analyze website traffic and user behavior. IP addresses are anonymized within EU/EEA member states using the extension “_gat._anonymizeIp”.

Users may prevent the collection of data by Google Analytics by adjusting browser settings or installing the browser add-on available at:

https://tools.google.com/dlpage/gaoptout

Further information:
https://www.google.de/intl/de/policies/privacy/
https://www.google.com/analytics/terms/de.html

11. Google+

This website may use Google+ components. Google+ is a social network operated by Google Inc.

If a user is logged into Google+, Google may associate visits to our website with the user’s Google+ account.

Further information:
https://developers.google.com/+/
https://developers.google.com/+/web/buttons-policy
https://www.google.de/intl/de/policies/privacy/

12. Instagram

This website integrates Instagram components. Instagram is operated by:

Instagram LLC
1 Hacker Way, Building 14 First Floor
Menlo Park, CA
USA

If the user is logged into Instagram while visiting our website, Instagram may associate the visit with the user’s Instagram account.

Further information:
https://help.instagram.com/155833707900388
https://www.instagram.com/about/legal/privacy/

13. Twitter

This website integrates Twitter components. Twitter is a public microblogging service operated by:

Twitter, Inc.
1355 Market Street, Suite 900
San Francisco, CA 94103
USA

When visiting pages containing Twitter components, Twitter may receive information about the pages visited and associate them with the user’s Twitter account if logged in.

Further information:
https://about.twitter.com/de/resources/buttons
https://twitter.com/privacy

14. YouTube

This website integrates YouTube components. YouTube is operated by:

YouTube, LLC
901 Cherry Ave.
San Bruno, CA 94066
USA

YouTube is a subsidiary of Google Inc.

When visiting pages containing YouTube videos, YouTube and Google may receive information about the visited pages.

Further information:
https://www.youtube.com/yt/about/de/
https://www.google.de/intl/de/policies/privacy/

15. Legal Basis for Processing

The legal basis for processing operations is Art. 6 GDPR:

  • Art. 6(1)(a) GDPR — consent

  • Art. 6(1)(b) GDPR — performance of a contract

  • Art. 6(1)(c) GDPR — compliance with legal obligations

  • Art. 6(1)(d) GDPR — protection of vital interests

  • Art. 6(1)(f) GDPR — legitimate interests pursued by the controller

16. Legitimate Interests

Where processing is based on Art. 6(1)(f) GDPR, our legitimate interest is the conduct of our business activities for the benefit of all employees and shareholders.

17. Storage Period

Personal data is stored in accordance with applicable statutory retention periods. After expiry of such periods, the data is routinely deleted unless it is still required for contract fulfillment or initiation.

18. Provision of Personal Data

The provision of personal data may be legally or contractually required. Failure to provide personal data may result in the inability to conclude a contract.

Before providing personal data, the data subject may contact one of our employees for clarification regarding whether the provision is legally or contractually required and what consequences may arise from non-provision.

19. Automated Decision-Making

As a responsible company, we do not use automated decision-making or profiling.

This Privacy Policy was generated using the Privacy Policy Generator of DGD Deutsche Gesellschaft für Datenschutz GmbH in cooperation with data protection lawyer Christian Solmecke.