In the following, we will inform you about the type, scope and purpose of the processing of personal data by our company in accordance with the legal requirements of data protection law (in particular according to BDSG n.F. and the European General Data Protection Regulation ‘DS-GVO’). This data protection declaration also applies to our websites and social media profiles. Regarding the definition of terms such as “personal data” or “processing”, we refer to Art. 4 GDPR.

Name and contact details of the person responsible
Responsible in this case (hereinafter “responsible”) i.S.d. Art. 4 no. 7 GDPR is:

Ryszard Osowski Geigenbau
Ryszard Osowski
Bayreutherstraße 9
91301, Forchheim, Germany
Register court: Forchheim District Court
E-Mail-Adresse: info@osowski-violins.com

Types of data, purposes of processing and categories of data subjects

Below we will inform you about the type, scope and purpose of the collection, processing and use of personal data.

1. Types of data that we process
Usage data (access times, websites visited etc.), inventory data (name, address etc.), contact details (telephone number, email, fax etc.), payment data (bank details, account details, payment history etc.),

2. Purposes of processing according to Art. 13 Para. 1 c) GDPR
Processing contracts, purposes of evidence / preservation of evidence, website technically and economically optimized, user experience improved, website user-friendly, marketing / sales / advertising,

3. Categories of data subjects according to Art. 13 Para. 1 e) GDPR
Visitors / users of the website, customers, prospects,

The data subjects are collectively referred to as “users”.

Legal basis for the processing of personal data

Below we will inform you about the legal basis for the processing of personal data:

1. If we have obtained your consent for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a) GDPR legal basis.
2. If processing is necessary to fulfill a contract or to carry out pre-contractual measures that take place at your request, Art. 6 para. 1 sentence 1 lit. b) GDPR legal basis.
3. If processing is necessary to fulfill a legal obligation to which we are subject (e.g. statutory retention requirements), Art. 6 Para. 1 S. 1 lit. c) GDPR legal basis.
4. If processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 sentence 1 lit. d) GDPR legal basis.
5. If processing is necessary to safeguard our or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not outweigh this, Art. 6 para. 1 sentence 1 lit. f) GDPR legal basis.

Disclosure of personal data to third parties and processors

We will never pass on any data to third parties without your consent. If this is the case, then the transfer takes place on the basis of the aforementioned legal basis, e.g. when data is passed on to online payment providers to fulfill the contract or on the basis of a court order or due to a legal obligation to disclose the data for the purposes of law enforcement, to avert danger or to enforce intellectual property rights.
We also use processors (external service providers, e.g. for web hosting of our websites and databases) to process your data. If data is passed on to the processor in the context of an order processing agreement, this is always done in accordance with Art. 28 GDPR. We carefully select our processors, check them regularly and have given us the right to issue instructions regarding the data. In addition, the processors must have taken appropriate technical and organizational measures and the data protection regulations in accordance with BDSG n.F. and comply with GDPR.

Data transfer to third countries

The adoption of the European General Data Protection Regulation (GDPR) created a uniform basis for data protection in Europe. Your data is therefore mainly processed by companies for which GDPR applies. If processing by third parties takes place outside the European Union or the European Economic Area, they must meet the special requirements of Art. 44 ff. GDPR. This means that the processing takes place on the basis of special guarantees, such as the determination of a data protection level that corresponds to the EU officially recognized by the EU Commission or compliance with officially recognized special contractual obligations, the so-called “standard contractual clauses”. For US companies, submission to the so-called “Privacy Shield”, the data protection agreement between the EU and the USA, meets these requirements.

Deletion of data and storage period

Unless expressly stated in this data protection declaration, your personal data will be deleted or blocked as soon as the purpose for the storage ceases to exist, unless their further storage is necessary for evidence purposes or if this is contrary to statutory retention obligations. This includes, for example, commercial law retention requirements for business letters in accordance with Section 257 (1) HGB (6 years) and tax retention requirements in accordance with Section 147 (1) AO for documents (10 years). If the prescribed retention period expires, your data will be blocked or deleted, unless the storage is still necessary for the conclusion of a contract or for the fulfillment of the contract. This includes, for example, commercial law retention obligations for business letters in accordance with Section 257 Paragraph. 1 HGB (6 years) as well as tax retention obligations according to § 147 para. 1 AO of receipts (10 years). When the prescribed retention period expires, your data will be blocked or deleted, unless storage is still necessary to conclude a contract or to fulfill the contract.

Existing automated decision making

We do not use automatic decision making or profiling.

Provision of our website and creation of log files

1. If you only use our website for informational purposes (i.e. no registration and no other transmission of information), we only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data: If you would like to view our website, we collect the following data:
   • IP address;
   • Internet service provider of the user;
   • date and time of access;
   • browser type;
   • Language and browser version;
   • content of the call;
   • time zone;
   • Access status / HTTP status code;
   • amount of data;
   • websites from which the request comes;
   • Operating system.
   This data is not stored together with other personal data from you.
2. These data serve the purpose of the user-friendly, functional and secure delivery of our website to you with functions and content as well as their optimization and statistical evaluation.
3. The legal basis for this is our legitimate interest in data processing according to Art. 6 Para. 1 S.1 lit. f) GDPR.
4. For security reasons, we save this data in server log files for a storage period of 10 days. After this period, these are automatically deleted, unless we need to keep them for evidence purposes in the event of attacks on the server infrastructure or other legal violations. After this period has expired, they will be automatically deleted unless we need them to be retained for evidence purposes in the event of attacks on the server infrastructure or other legal violations.

Cookies

1. We use so-called cookies when you visit our website. Cookies are small text files that your Internet browser places and saves on your computer. When you visit our website again, these cookies provide information to automatically recognize you. The information obtained in this way serves the purpose of technically and economically optimizing our web offerings and enabling you to access our website more easily and securely. When you access our website, we will inform you by referring to our data protection declaration about the use of cookies for the aforementioned purposes and how you can object to them or prevent them from being stored (“opt-out”). Our website uses session cookies, persistent cookies and third-party cookies:

   • Session cookies: We use so-called cookies to recognize multiple uses of an offer by the same user (e.g. if you have logged in to determine your login status). If you call up our page again, these cookies provide information in order to automatically recognize you. The information obtained in this way is used to optimize our offers and to make it easier for you to access our website. If you close the browser or log out, the session cookies are deleted. When you visit our site again, these cookies provide information to automatically recognize you. The information obtained in this way is used to optimize our offers and to give you easier access to our site. When you close the browser or log out, the session cookies are deleted.

   • Persistent cookies: These are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser. You can delete cookies at any time in your browser’s security settings.

   • Third-party cookies (third-party cookies): According to your wishes, you can configure your browser settings and e.g. B. Refuse to accept third party cookies or all cookies. However, we would like to point out that you may not be able to use all functions of this website. Read more about these cookies in the respective data protection declarations of the third-party providers. However, we would like to point out that you may then not be able to use all of the functions of this website. Read more about these cookies in the respective data protection declarations of the third-party providers.

2. The legal basis for this processing is Art. 6 Para. 1 S. lit. b) GDPR, if the cookies for contract initiation e.g. placed with orders and otherwise we have a legitimate interest in the effective functionality of the website, so that in the case of Art. 6 para. 1 sentence 1 lit. f) GDPR is the legal basis.
3. Objection and “opt-out”: You can generally prevent cookies from being saved on your hard drive by selecting “do not accept cookies” in your browser settings. However, this can result in a functional restriction of our offers. You can use third-party cookies for advertising purposes by opting out via this American website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de/preference management/) contradict. However, this can result in a functional restriction of our offers. You can opt out of the use of third-party cookies for advertising purposes via a so-called “opt-out” via this American website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de /preference management/).

Processing contracts

1. We process inventory data (e.g. company, title / academic degree, names and addresses as well as contact details of users, email), contract data (e.g. services used, names of contact persons) and payment data (e.g. bank details, payment history) in order to fulfill our contractual obligations (Knowledge of who is the contractual partner; justification, content and execution of the contract; checking the plausibility of the data) and services (e.g. contacting customer service) in accordance with Art. 6 para. 1 sentence 1 lit b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract. The entries marked as mandatory in online forms are required for the conclusion of the contract.
2. This data is not passed on to third parties, unless it is necessary to pursue our claims (e.g. transfer to a lawyer for collection) or to fulfill the contract (e.g. transfer of the data to payment providers) or there is a legal obligation to do so in accordance with. Art. 6 para. 1 sentence 1 lit. c) GDPR.
3. We can also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information.
4. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the inventory and contract data if the data is no longer required for the execution of the contract and no claims can be asserted from the contract because they have expired (warranty: two years / standard limitation: three years ). Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, if the contract is terminated after three years, we will restrict processing, i.e. H. Your data will only be used to comply with legal obligations. Information in the user account remains until it is deleted.

Online payment provider

1. When paying via “Paypal”, billing is carried out via PayPal (Europe) S.àr.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Web: paypal.de, https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
   Die Abrechnung erfolgt bei Bezahlung über „Sofort.com“ über Klarna GmbH, Theresienhöhe 12, 80339 München, https://www.klarna.com/sofort/datenschutz/.
   Hereinafter referred to as “online accounting”. The online billers collect, save and process your usage and billing data to determine and bill for the services you use. The data entered in the online accounts is only processed and saved by them. If the online billers cannot or only partially collect the usage fees or the online billers fail to do so due to a complaint from you, the usage data will be passed on by the online billers to the person responsible and, if necessary, blocked by the person responsible. The same also applies if, for example, a credit card company reverses a transaction from you at the expense of the person responsible.
2. The legal basis is Art. 6 para. 1 lit. b) GDPR, since the processing is necessary for the fulfillment of a contract by the person responsible. In addition, external online invoices based on Art. 6 Para. 1 S. 1 lit. f) GDPR used for the legitimate interests of the person responsible to be able to offer you payment options that are as safe, simple and varied as possible.
3. With regard to the storage period, right of revocation, information and data subjects, we refer to the above data protection declarations of the online settlers.

Use of blog functions / comments

1. You can make public comments on our blog, which contains articles on topics on our website. You can use a pseudonym instead of a real name. Your contribution will then be published under the pseudonym. The specification of the email address is mandatory, all other information is voluntary. You can use a pseudonym instead of a real name. Your contribution will then be published under the pseudonym. Providing your email address is mandatory, all other information is voluntary.
2. When you post a comment, we save your IP address with the date and time, which we will delete after 10 days. The storage serves the legitimate interest of the defense against the claims of third parties when you publish illegal or untrue content. We save your e-mail address for the purpose of contacting third parties should legally object to your comments. The storage serves the legitimate interest of defending against claims by third parties if you publish illegal or untrue content. We save your email address for the purpose of contacting you if third parties have legal objections to your comments.
3. The legal basis is Art. 6 para. 1 sentence 1 lit. b) and f) GDPR.
4. We will not review your comments prior to posting. In the event of complaints from third parties, we reserve the right to delete your comments. We do not pass on the data to third parties unless it is necessary to pursue our claims or there is a legal obligation (Art. 6 Para. 1 S. 1. lit. c) GDPR).
5. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected or to carry out the contract because the contract has ended.

Google Maps

1. We have integrated maps from “Google Maps” on our website (Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland). This enables us to display the location of addresses and a route description directly on our website in interactive maps and enable you to use this tool.
2. When you access our website, where Google Maps is integrated, a connection to Google’s servers in the USA is established. Your IP and location can be transferred to Google. Google also receives the information that you have accessed the corresponding page. This also happens without a Google user account. If you are logged into your Google account, Google can assign the above data to your account. If you do not want this, you must log out of your Google account. Google creates user profiles from such data and uses this data for the purposes of advertising, market research or optimizing its websites.
3. The legal basis for this is our legitimate interest in data processing according to Art. 6 Para. 1 S.1 lit. f) GDPR.
4. You have a right of objection to Google against the creation of user profiles. Therefore, please contact Google directly using the data protection declaration below. You can opt out of the advertising cookies here in your Google account: Please contact Google directly via the data protection declaration mentioned below. You can opt out of advertising cookies here in your Google account:
   https://adssettings.google.com/authenticated.
5. You can find Google Maps’ terms of use at https://www.google.com/intl/de_de/help/terms_maps.html and Google’s advertising privacy policy at https://policies.google.com/technologies/ads Further information on the use of Google cookies and their advertising technologies, storage period, anonymization, location data, functionality and your rights. General data protection declaration from Google: https://policies.google.com/privacy.
6. Google is certified according to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and is therefore obliged to comply with European data protection law.

Presence on social media

1. We maintain profiles or fan pages on social media in order to communicate with the users connected and registered there and to provide information about our products, offers and services. The US providers are certified under the so-called Privacy Shield and are therefore obliged to comply with European data protection. When you use and call up our profile in the respective network, the respective data protection information and terms of use of the respective network apply. When you use and access our profile in the respective network, the respective data protection information and terms of use of the respective network apply.
2. We process your data that you send us via these networks in order to communicate with you and to answer your messages there.
3. The legal basis for the processing of personal data is our legitimate interest in communicating with users and our external image for the purpose of advertising in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR. If you have given the person responsible for the social network consent to the processing of your personal data, the legal basis is Art. 6 Para. 1 S. 1 lit. a) and Art. 7 GDPR.
4. The data protection information, information and objection options (opt-out) of the respective networks can be found here:

   • Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) Data protection declaration: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

   • Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Datenschutzerklärung/ Opt-Out: http://instagram.com/about/legal/privacy/.

   • XING (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland) – Datenschutzerklärung/ Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.

   • LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland) – Datenschutzerklärung: https://www.linkedin.com/legal/privacy-policy, Cookie-Richtlinie und Opt-Out: https://www.linkedin.com/legal/cookie-policy, Privacy Shield der US-Firma LinkedIn Inc.: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.

Rights of the data subject

1. Objection or revocation against the processing of your data

   Insofar as the processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a), Art. 7 GDPR, you have the right to withdraw your consent at any time. a), Art. 7 GDPR, you have the right to revoke your consent at any time. his does not affect the lawfulness of processing based on consent before its withdrawal.

   Insofar as we process your personal data based on the balancing of interests in accordance with Art. 6 Para. 1 S. 1 lit. f) support GDPR, you can object to the processing. f) DS-GVO, you can object to the processing. This is the case if the processing is not necessary to fulfill a contract with you, which is explained by us in the following description of the functions. If you exercise such an objection, we ask that you explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either stop or adjust the data processing or show you our compelling legitimate reasons for continuing the processing.

   You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise your right to object free of charge. You can inform us about your objection to advertising using the following contact details:

   Ryszard Osowski Geigenbau
   Ryszard Osowski
   Bayreutherstraße 9
   91301, Forchheim, Germany
   Register court: Forchheim District Court
   E-Mail-Adresse: info@osowski-violins.com
   

2. Right to information
   You have the right to request confirmation from us as to whether your personal data is being processed. If this is the case, you have the right to information about your personal data stored by us in accordance with Art. 15 GDPR. This includes, in particular, information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, if it was not collected directly from you.
3. Right to rectification
   You have the right to correct inaccurate or correct data in accordance with Art. 16 GDPR.
4. Right to cancellation
   You have the right to have your data stored by us deleted in accordance with Art. 17 GDPR, unless legal or contractual retention periods or other legal obligations or rights to further storage prevent this.
5. Right to restriction
   You have the right to request a restriction in the processing of your personal data if one of the requirements in Art. 18 Para. 1 lit. a) to d) GDPR is fulfilled:
   • If you contest the accuracy of your personal data for a period of time that enables the person responsible to check the accuracy of the personal data;

   • the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

   • the controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or

   • if you have objected to processing in accordance with Art. 21 Para. 1 GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

6. Right to data portability
   You have the right to data portability according to Art. 20 GDPR, which means that you can receive the personal data we have stored about you in a structured, common and machine-readable format or you can request the transfer to another person responsible.
7. Right to complain
   You have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged violation.

Data security

In order to protect all personal data that is transmitted to us and to ensure that we and our external service providers comply with the data protection regulations, we have taken appropriate technical and organizational security measures. That’s why, among other things, all data between your browser and our server is transmitted encrypted via a secure SSL connection.

As of: May 21, 2023