top of page
  • Telegram
  • X
  • Instagram
  • TikTok
  • Soundcloud
  • Youtube
  • Beatport

PRIVACY POLICY

I. DEFINITIONS


“Label” is BeMeow  (Beats of Meow) , operated by XTH CRAFT UG (see article V. "Responsibility").

"User" is any private persons or corporate entity that engages in using BEMEOW Platforms and/or Services as defined in our Terms.

“Data protection declaration” is the document presented here and describes how the label processes personal data, which data is affected or delimited and which rights the user can exercise.

“GDPR” is the General Data Protection Regulation and regulates the handling of personal data in the European Union.

 

“BDSG” is the Federal Data Protection Act, which regulates the handling of personal data in the Federal Republic of Germany.

“KUG” is the Art Copyright Act and regulates the handling of copyrights of works of art, such as photos and videos in the Federal Republic of Germany.

The term “third party processor” replaces the definition of “third party” in Art. 4 GDPR. This means that a third party processor is a natural or legal person, public authority, institution or other body, other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or the processor.

In the context of this data protection declaration, “third parties” are all legal entities that are outside the legal relationship of the label and user and the term is therefore not to be confused with the definition of “third party” in Art. 4 GDPR.

 

“Personal data” is all information that relates to an identified or identifiable natural person. A natural person is considered identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

“Metadata” is data that is additionally linked to files or emails or stored in them, and is usually not obvious without additional effort when simply looking at the file or email itself.

“Personal metadata” is metadata that contains personal data.

“Personal media” is music, photos and videos that contain personal data. Identity cards or photos of or on identity cards do not fall under the category of personal media.

A “biography” is a text that describes the life of the user or the author of contributions. A biography can contain, for example, date of birth, age, place of birth, place of residence, previous places of residence, professional career, life experiences, knowledge, skills, milestones, goals, and possibly also political views, ethnicity, sexual orientation, gender identity, relationships, friendships or collaboration with third parties, etc. Data in a biography is not processed individually by the label, i.e. not outside of the biography, unless this data is made available to the label separately for other purposes.

“Artistic data” are personal media and biographies.

“Sensitive personal data” are, unless they are part of artistic data, personal data that allow conclusions to be drawn about individuals with regard to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the unique identification of a natural person and data concerning health or data concerning sex life or sexual orientation.

“Genetic data” are personal data on the inherited or acquired genetic characteristics of a natural person that provide unique information about the physiology or health of that natural person and that were obtained in particular from the analysis of a biological sample from the natural person concerned.

“Biometric data” are personal data obtained using special technical procedures on the physical, physiological or behavioral characteristics of a natural person that enable or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.

‘Data concerning health’ means personal data relating to the physical or mental health of a natural person, including the provision of healthcare, and which reveal information about his or her health status.
  
“Vicarious agents” are third parties commissioned by the label or by service providers.

“Controller” is the natural or legal person, public authority, institution or other body which, alone or jointly with others, decides on the purposes and means of processing personal data; if the purposes and means of this processing are specified by Union law or the law of the Member States, the controller or the specific criteria for its appointment can be provided for by Union law or the law of the Member States.

“Basic personal data” are personal data that the user sends to the label for the purpose of fulfilling essential contractual obligations, i.e. salutation, title, first name, last name, date of birth; and full address of residence, i.e. street, house number, postal code, district, province, city and country; and contact details, i.e. email address and telephone number or mobile number; and payment details, i.e. IBAN, account number, bank code, bank name and BIC.

The “ID card copy” is a copy of an ID card on which the user may have obscured all serial numbers before sending it to the Label.

“Email data” is the following data or metadata from emails that the user sends to the label or the label sends to the user:

  • Email address of the sender, recipient and, if applicable, other recipients.

  • Subject line of emails, insofar as this should contain personal data.

  • Content of the email, i.e. text and programming language or markup language.

  • Inserted or attached media, such as documents, photos, videos, audio files or other files.

  • Date, time and time zone of sending and receiving, or of the sender and recipient of emails

  • Names of the recipient or sender, if these are stored in the email address or email account.

  • IP address, port and location data of the sender or recipient.

  • Information about the webmail provider of the sender or recipient.

  • Information about the success of sending or receiving emails.

  • Amount of data transmitted or received.

  • Host name, device type and device ID of the recipient or sender.

  • Information about the operating system used by the recipient or sender.

  • Information resulting from the data described here or the combination of this data, e.g. through analysis or comparison with other data.

  • Basic personal data and copy of ID Card, if provided by the user.

  • Crypto wallet addresses of the user.

  • User names that the user may have on any platform that the label offers or uses.

 

“Affected personal data” are, insofar as they are processed by the label in accordance with the GDPR, the totality of all basic personal data, email data and the copy of the identity card.

“Processing” is any operation or set of operations which is carried out with or without the aid of automated procedures in connection with personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction.

“Restriction of processing” is the marking of stored personal data with the aim of restricting its future processing.

 

“Profiling” is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“Data protection consent” is any expression of will given voluntarily by the user for a specific case in an informed and unambiguous manner in the form of a declaration or other unambiguous confirmatory act by which the user indicates that he agrees to the processing of his personal data in accordance with Art. 6 (1) letter a of the GDPR.

 

“Standard contractual clauses” are contracts agreed between two service providers if both service providers do not operate in the European Union and serve to make the data protection laws to which service providers outside the EU are subject compatible with the data protection laws to which service providers within the EU are subject.

 

“Supervisory authority” means an independent public authority established by a Member State pursuant to Article 51 of the GDPR.

 

“Contributions” are the works defined in the distribution contract which are subject to the distribution contract through a contribution agreement.

 

“Undertaking” means a natural or legal person carrying out an economic activity, regardless of its legal form, including partnerships or associations regularly carrying out an economic activity;

 

“Representative” means a natural or legal person established in the Union who, appointed in writing by the controller or processor in accordance with Article 27, represents the controller or processor with regard to their respective obligations under this Regulation;

 

“File system” means any structured collection of personal data accessible according to specific criteria, whether centralized, decentralized or organized according to functional or geographical criteria.

 

“Legitimate interest” means a justification for processing personal data that is considered legitimate if it outweighs the legitimate interests of the user.

 

“Legitimate interests” means the fundamental rights and freedoms of the person whose personal data are processed and require the protection of such data, in particular where the data subject is a child.

 

 

II. DATA PROCESSING


(1) Data Collection

1. Unless otherwise agreed, the label only collects personal data that the user sends to the label.

2. If the label receives personal data from the user about third parties that have no contractual relevance or sensitive personal data, the label will prevent any further processing of this data that could be avoided with reasonable effort from the moment it becomes aware of its receipt.

 


(2) Legal Basis and Purpose

1. Contract fulfillment

a) The processing of personal data is primarily based on Art. 6 Para. 1 Letter b GDPR and is absolutely necessary so that the label can fulfill its associated contractual obligations once the distribution contract has been concluded. This means that the user is obliged to send the label personal data for this purpose, because otherwise the conclusion of the contract and the fulfillment of contractual obligations would not be possible. The user's consent to data protection is not required for this processing.

b) In order to fulfill a contract obligation, basic personal data and email data are processed for the purposes of:
• Processing payments and sending sales reports to the user.
• Clarifying contractual relationships with GEMA or other collecting societies.
• Creating sales reports, credit notes or other addressed documents.
• Distribution and sales promotion of contributions.
• Promotion of the author or artist of the contributions.

2. Fulfillment of legal obligations

a) Article 6 paragraph (1) letter c GDPR applies, where legal obligations must be fulfilled by the label. No data protection consent from the user is required for this processing.

b) In order to fulfill legal obligations, the label processes basic personal data and email data for the purpose of:

• if necessary, fulfilling the reporting and filing obligations to the Artists' Social Insurance Fund.

• Fulfilling the statutory retention periods for documents according to the Tax Code, the Sales Tax Act and the Commercial Code.

• Fulfilling the reporting obligations to the tax office.

• other legal obligations, such as supporting the clarification of official investigations.

3. Protection of the label

a) The label has a legitimate interest in accordance with Art. 6 (1) letter f GDPR, where the processing of personal data serves to protect the label. No data protection consent from the user is required for this processing as long as the legitimate interests of the label outweigh the legitimate interests of the user.

b) To protect the label, the label processes basic personal data, email data and copies of ID cards for the purposes of:
• Identification and identity verification of the user.
• Informing the user in the event of suspected copyright infringement.
• Pursuing legal action.
• Preventing or settling claims for damages or legal disputes, e.g. in the event of copyright infringement or suspected copyright infringement.

4. Information and Advertising

a) In addition, Art. 6 Para. (1) Letter a GDPR applies, e.g. where the processing can improve the work or success of the label or serves to inform the user beyond the declarations in Nos. 1 to 3. This processing requires the user's signature on the "Declaration of Consent in accordance with the GDPR". This signature is voluntary and is not mandatory for the label's work. If the user does not sign the "Declaration of Consent in accordance with the GDPR", the data described therein will not be processed for information and advertising purposes.

b) For advertising and information to the user, the label processes basic personal data and email data for the purposes of:
• Updates on the label's milestones and successes.
• Updates on the label's products and services.
• Updates on the label's technical developments
• Updates on the label's advertising measures that have been carried out or are planned

 


(3) Processing Period

1. Basic personal data and email data are deleted from the label's devices as soon as they are no longer required for the purposes of their processing. This means that, as far as permitted, the label processes data until none of the reasons for the processing (as provided in this privacy policy) apply any more. The duration of processing may correspond to the duration of the label's existence, as this data must be available in the event of copyright infringements or suspected copyright infringements in order to clarify or settle legal disputes.

2. The user's ID card copy is deleted from the storage media managed by the label itself within 24 hours of viewing the label and, where received in paper form by post, is made unrecognizable and irreversibly destroyed.

3. The label's regular statutory retention periods for documents that may contain basic personal data of the user are:

a) ten years retention period in electronic form and/or in paper form from the first day of the year following the creation of the document for invoices, contracts, credit notes, account statements, sales reports and tax-relevant commercial and business letters, such as mail or emails.

b) six years retention period in electronic form and/or in paper form from the first day of the year following the creation of the document for non-tax-relevant business letters, such as mail or emails.

4. The regular statutory retention periods for all documents described in Section 1 Paragraph 5 No. 5 may be extended in the event of an official order until the respective matter is resolved.

 


(4) Locations

1. Personal data is initially stored at the label's Headquarters and Server in Frankfurt (a.m.) Germany.

2. The label's may comission vicarious agents to store personal data.

3. The label will not transfer personal data to third countries unless there are legal obligations or orders or the use of third-party Services.

 


(5) Profiling

1. The label does not carry out any automated decision-making in accordance with Art. 22 GDPR or profiling.

 


(6) Third Parties

1. The label will not forward personal data to third parties, unless required by law or unless otherwise agreed or pointed out in this pricacy Policy. Examples are e.g. to tax consultants, lawyers, payment service providers, IT service providers, distributors, service providers for sales promotion, debt collection companies, GEMA, other collecting societies, tax offices, artists' social insurance funds and other authorities, as well as platforms for the publication of personal media, or other third parties in the event of copyright infringement or suspected copyright infringement.

 

2. We ensure the security of personal data in connection with third-party providers by concluding compliant agreements where necessary.

 

 


III. DATA FOR ARTISTIC PURPOSES

(1) Unless otherwise stated, provisions in this data protection declaration in which data for artistic purposes are not mentioned do not apply to data for artistic purposes.

(2) The legal basis for the processing of data for artistic purposes by the label is:

a) Contract fulfillment for the purpose of distributing or promoting the sales of contributions.

b) Fulfillment of legal obligations, for the purpose of assisting in the clarification of official investigations.

c) Processing for artistic purposes in accordance with Art. 85 GDPR.

d) Section 22 KUG for image material that contains personal data.

(3) The label will not store data for artistic purposes for longer than is necessary for the reasons set out in paragraph (2), i.e. during the distribution or promotional period and beyond, if and for as long as the label is required to do so by the authorities.

(4) The user acknowledges that data for artistic purposes will be processed in the way described in any general or custom agreement that the user may have with the label.

 

 


IV. RIGHTS OF THE USER

The user has the following data protection rights:


(1) Right to Information

According to Art. 15 GDPR, the user has the right to request confirmation from the label as to whether the label processes personal data concerned and, if this is the case, the user has the right to information about this data and about further information in accordance with Art. 15 GDPR.

 


(2) Right to Object


a) Pursuant to Art. 21 (1) GDPR, the user has the right to object at any time to the processing of the personal data concerned, which is carried out on the basis of Article 6 (1) (f) GDPR, for reasons arising from his or her particular situation. The label will then no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

b) Pursuant to Art. 21 (2) and (3) GDPR, the user has the right to object at any time to the processing of the personal data concerned where this serves the purpose of direct advertising and the label will then no longer process this data for these purposes.

 


(3) Right to Revocation


Where the processing of personal data is based on a data protection consent, the user has the right to revoke his data protection consent to data processing at any time in accordance with Art. 7 Para. 3 GDPR. The revocation of the data protection consent does not affect the legality of the processing carried out on the basis of the data protection consent until the revocation.

 


(4) Right to Correction


According to Art. 16 GDPR, the user has the right to demand that the label immediately correct inaccurate personal data processed by the label and, taking into account the purposes of the processing, the user also has the right to request that incomplete personal data be completed - also by means of a supplementary declaration.

 


(5) Right to Erasure

According to Art. 17 GDPR, the user has the right to demand that the label immediately delete personal data and, taking into account Section 18 GDPR, the label is obliged to delete it immediately if one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

  • The user withdraws his data protection consent on which the processing was based and there is no other legal basis for the processing.

  • The user objects to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for the processing, or the user objects to the processing pursuant to Art. 21 Para. 2 GDPR.

  • The personal data were processed unlawfully.

  • The deletion of the personal data is necessary to fulfill a legal obligation under Union or Member State law to which the label is subject.

  • The personal data were collected in relation to information society services offered pursuant to Art. 8 Para. 1 GDPR.

 


(6) Right to Restriction

The user has the right to request restriction of processing pursuant to Art. 18 (1) GDPR if one of the following conditions is met:

  • The accuracy of the personal data is contested by the user, for a period that enables the label to verify the accuracy of the personal data.

  • The processing is unlawful and the user refuses to delete the personal data and instead requests the restriction of the use of the personal data.

  • The label no longer needs the personal data for the purposes of the processing, and the user needs them to assert, exercise or defend legal claims.

  • The user has objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the label outweigh the legitimate reasons of the user.

 


(7) Right to Complaint


If the user believes that the processing of his personal data violates data protection law, he has the right under Art. 77 Para. 1 GDPR to contact a data protection supervisory authority in the member state of his residence or place of work. He can also do this with the following data protection supervisory authority responsible for the label:

State Commissioner for Data Protection and Freedom of Information, North Rhine-Westphalia, PO Box 20 04 44, 40102 Düsseldorf, Telephone: 0211/38424-0; Fax: 0211/38424-10; Email: poststelle@ldi.nrw.de

The complaint can also be made via the following link: https://www.ldi.nrw.de/kontakt/ihre-beschwerde.

 


(8) Right to Data Portability

a) The user has the right to receive the personal data that he sends to the label in a structured, common and machine-readable format. The user also has the right to transmit this data to another controller without interference from the label, provided that the processing is based on the data protection consent in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract in accordance with Art. 6 (1) (b) GDPR and the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority vested in the label.

b) Furthermore, in exercising its right to data portability pursuant to Art. 20 (1) GDPR, the user has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that doing so does not adversely affect the rights and freedoms of others.

 

 


V. RESPONSIBILITY

(1) The responsible for data processing is:
XTH CRAFT UG (for more information see our Imprint)

(2) Contact options for the person responsible: E-mail: mgmt@bemeow.club

(3) The label will only process and answer e-mails with data protection concerns via this e-mail address.

(4) When contacting the person responsible, personal data may be processed in the manner and scope of the data protection declaration presented here, whereby sales promotion purposes are excluded from this.

bottom of page