Serafina-Music.de is pleased that you have visited our website https://serafina-music.de - hereinafter referred to as the "Website." We attach great importance to data protection. The collection and processing of your personal data takes place in compliance with applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data in order to optimally offer you the content on our website. This statement describes how and for what purpose your data is collected and used, and what choices you have regarding personal data.

By using this website, you consent to the collection, use, and transfer of your data in accordance with this privacy statement.

1. Responsible Party
The responsible party for the collection, processing, and use of your personal data within the meaning of the GDPR is: Papa-Promotions - department of PT Lasercom, Am Kuhlkenkamp 31, 44795 Bochum, Tel.: +49 234 91586381. If you wish to object to the collection, processing, or use of your data by us in accordance with this privacy policy in whole or in relation to individual measures, you can address your objection to the responsible party named above. You can save and print this privacy policy at any time.

2. General Use of the Website
2.1. Access Data
We collect information about visitors to this website when they use the website and automatically record information about their usage behavior and interaction with us, as well as record data about their computers or mobile devices.

All data exchange with this website is based on an SSL encryption protocol - also known as Hypertext Transfer Protocol Secure (HTTPS), which ensures that all visitor data is transmitted securely.

We collect, store, and use data about every access to our online offering (so-called server log files). This access data includes the name and URL of the retrieved file, the date and time of retrieval, the amount of data transferred, the notification of successful retrieval (HTTP response code), the browser type and version, the operating system, the referrer URL (i.e., the previously visited page), the IP address, and the requesting provider. We use this log data without assigning it to you personally or creating any other profile and solely for statistical evaluations for the purpose of operating, securing, and optimizing our online offering, as well as for anonymously recording the number of visitors to our website (traffic) and the extent and type of use of our website and services. Based on this information, we can provide personalized and location-based content, analyze data traffic, search for and correct errors, and improve our services. We reserve the right to subsequently review the log data if there is reasonable suspicion of illegal use based on concrete evidence. We store IP addresses in log files for a limited period of time if this is necessary for security purposes or for the provision or billing of a service, e.g., when visitors use one of our services. After the order process is canceled or after payment is received, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have concrete suspicions of a criminal offense in connection with the use of our website. We also store the date of your last visit (e.g., during registration, login, clicking on links, etc.) as part of your account.

2.2. Email Contact
If you contact us (e.g., via contact form or email), we save your information to process your request and in case any follow-up questions arise. We only store and use further personal data if you consent to this or if this is legally permitted without specific consent.

2.3. Legal basis and storage period
The legal basis for data processing according to the above paragraphs is Article 6 (1) (f) GDPR. Our interests in data processing include, in particular, ensuring the operation and security of the website, investigating how visitors use the website, and simplifying website use. Unless specifically stated, we only store personal data for as long as necessary to fulfill the purposes pursued.

3. Your rights as a data subject
Under applicable law, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request by email or post, clearly identifying yourself, to the address specified in Section 1.

Below you will find an overview of your rights.

3.1. Right to confirmation and information
You have the right to obtain confirmation from us at any time as to whether personal data concerning you is being processed. If this is the case, you have the right to obtain from us, free of charge, information about the personal data stored about you, along with a copy of this data. You also have the right to the following information:
1. the purposes of the processing;
2. the categories of personal data being processed;
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
4. where possible, the planned duration for which the personal data will be stored, or, if not possible, the criteria used to determine that duration;
5. the existence of the right to request from the controller rectification or erasure of personal data concerning you or restriction of processing, or to object to such processing;
6. the existence of the right to lodge a complaint with a supervisory authority;
7. if the personal data are not collected from you, all available information as to their origin;
8. the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and intended effects of such processing for you. If personal data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

3.2. Right to rectification
You have the right to request that we immediately rectify any inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed – also by means of a supplementary statement.

3.3. Right to erasure ("right to be forgotten")
You have the right to request that we immediately erase personal data concerning you, and we are obliged to erase personal data immediately if one of the following reasons applies:
1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
2. You withdraw your consent on which the processing was based pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and there is no other legal ground for the processing.
3. You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
4. The personal data were processed unlawfully.
5. The erasure of the personal data is necessary to fulfill a legal obligation under Union or Member State law to which we are subject.
6. The personal data were collected in relation to information society services offered pursuant to Article 8(1) GDPR.
If we have made the personal data public and are obliged to erase it pursuant to GDPR, we shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform data controllers which process the personal data that you have requested the erasure by such controllers of all links to, or copies or replications of, those personal data.

3.4. Right to Restriction of Processing
You have the right to request that we restrict processing if one of the following conditions applies:
1. you contest the accuracy of the personal data for a period enabling us to verify the accuracy of the personal data;
2. the processing is unlawful and you have refused to delete the personal data and instead requested that the use of the personal data be restricted;
3. we no longer need the personal data for the purposes of the processing, but you require the data to assert, exercise, or defend legal claims; or
4. you have objected to processing pursuant to Article 21 (1) GDPR, pending the verification whether our company's legitimate reasons outweigh yours.

3.5. Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided that...
1. the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and...
2. the processing is carried out using automated procedures.
When exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

3.6. Right of objection
You have the right to object at any time to the processing of personal data concerning you based on Article 6(1)(e) or (f) GDPR, for reasons arising from your particular situation. This also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct marketing.
You have the right to object, for reasons related to your particular situation, to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary to perform a task carried out in the public interest.

3.7. Automated decisions, including profiling:
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that produces legal effects concerning you or similarly significantly affects you.

3.8. Right to withdraw consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time.

3.9. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or place of the alleged infringement, if you believe that the processing of personal data concerning you is unlawful.

Data protection supervisory authority:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
PO Box 20 04 44
40102 Düsseldorf
Switchboard: +49 (0)211 / 38424 - 0

4. Data security
We make every effort to ensure the security of your data within the framework of applicable data protection laws and technical possibilities. Your personal data is transmitted using encrypted technology. This applies to the transmission of your contact details, your orders, and also to the customer login. We use the SSL (Secure Socket Layer) encryption system, but we would like to point out that data transmission over the Internet (e.g., when communicating via email) may have security gaps. Complete protection of data from access by third parties is not possible. To protect your data, we maintain technical and organizational security measures that we continually adapt to the state of the art.

We also do not guarantee that our service will be available at specific times; disruptions, interruptions, or failures cannot be ruled out. The servers we use are regularly and carefully backed up.

5. Automated Decision-Making
Automated decision-making based on the personal data collected does not take place.

6. Disclosure of Data to Third Parties, No Data Transfer to Non-EU Countries
In principle, we only use your personal data within our company.
If and to the extent that we engage third parties to fulfill contracts (such as logistics service providers), they will only receive personal data to the extent that the transfer is necessary for the corresponding service. In the event that we outsource certain parts of data processing ("contract processing"), we contractually oblige the contract processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject. Data transfer to entities or persons outside the EU outside of the cases mentioned in section 2.3 of this declaration does not take place and is not planned.

7. Questions about data protection
If you have any further questions or concerns about data protection, please contact us at any time.

Here is the law in the original version of the European Parliament and of the Council:
http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679

Created on May 4, 2018 - Provided by: Attorney Maximilian Greger (www.law-blog.de).
We update this privacy policy as needed. Last updated: 11.07.25