This Privacy Policy informs you about the type, scope, and purpose of the processing of personal data within our online offering and the associated websites, features, and content, as well as external online presences such as our social media profiles. With regard to the terms used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

**Controller:**
Crash Your Sound GmbH
Am Speicher 2-4
10245 Berlin
Germany
Managing Director: Nico Meckelnburg

Phone: +49 (0) 30 2260 0454
Email: nm@crashyoursound.com

**Types of processed data:**

– Basic data (e.g., names, addresses).
– Contact data (e.g., email, phone numbers).
– Content data (e.g., text entries, photographs, videos).
– Usage data (e.g., websites visited, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).

**Categories of affected persons**

Visitors and users of the online offering (hereinafter referred to collectively as “users”).

**Purpose of processing**

– Provision of the online offering, its features, and content.
– Responding to contact requests and communication with users.
– Security measures.
– Reach measurement/marketing.

**Terminology used**

– **Personal Data:** Any information related to an identified or identifiable natural person.
– **Processing:** Any operation or set of operations performed on personal data, with or without the aid of automated processes.
– **Pseudonymization:** Processing personal data in a way that it can no longer be attributed to a specific person without additional information, provided this information is kept separately.
– **Profiling:** Automated processing of personal data to evaluate personal aspects related to a natural person.
– **Controller:** The person or entity deciding on the purposes and means of processing personal data.
– **Processor:** The person or entity processing personal data on behalf of the controller.

**Relevant legal bases**

In accordance with Article 13 GDPR, we provide the legal basis for our data processing. Where not specified in the Privacy Policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR; the basis for processing to perform our services and contractual measures as well as responding to inquiries is Article 6(1)(b) GDPR; for compliance with legal obligations, Article 6(1)(c) GDPR; and to protect our legitimate interests, Article 6(1)(f) GDPR. Where vital interests of the data subject or another natural person require data processing, Article 6(1)(d) GDPR serves as the legal basis.

**Security measures**

In line with Article 32 GDPR, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

**Cooperation with processors and third parties**

We disclose data to other people and companies (processors or third parties) only on the basis of legal permission, your consent, a legal obligation, or our legitimate interests.

**Transfers to third countries**

Data is processed in a third country (outside the EU or EEA) only if necessary to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation, or based on our legitimate interests.

**Rights of affected persons**

You have the right to confirm whether data is being processed and to access this data as per Article 15 GDPR, as well as further information and a copy of the data. You also have the right to request the correction of incorrect data (Article 16 GDPR), the deletion of data (Article 17 GDPR), or the restriction of data processing (Article 18 GDPR).

**Right to withdraw consent**

You have the right to withdraw consent under Article 7(3) GDPR with effect for the future.

**Right to object**

You may object to the future processing of your data at any time in accordance with Article 21 GDPR.

**Cookies and right to object to direct marketing**

Cookies are small files stored on users’ devices. They may contain information for various purposes. Users who do not want cookies stored on their computers are asked to deactivate the respective option in their browser settings.

**Deletion of data**

The data we process is deleted or restricted in accordance with Articles 17 and 18 GDPR once it is no longer necessary for its intended purpose and no legal retention obligations apply.

**Business-related processing**

We process contract and payment data from our clients, prospective customers, and business partners for contract performance, customer care, marketing, and market research.

**Brokerage Services**

We process the data of our customers, clients, and prospects (collectively referred to as “customers”) in accordance with Article 6(1)(b) GDPR to provide them with our contractual or pre-contractual services. The data processed, its nature, scope, purpose, and necessity, depend on the underlying order. Generally, this includes basic customer data (name, address, etc.), contact information (email, phone, etc.), contract data (details of the engagement, fees, terms, information about referred companies/insurers/services), and payment data (commissions, payment history, etc.). We may also process information on the characteristics and circumstances of individuals or owned property, if relevant to our services, such as personal life circumstances, mobile or immobile assets.

In the course of our assignment, it may be necessary for us to process special categories of data under Article 9(1) GDPR, specifically health-related information. Where required, we obtain explicit consent from customers under Article 6(1)(a), Article 7, and Article 9(2)(a) GDPR.

If necessary for fulfilling a contract or required by law, we disclose or transmit customer data within the scope of coverage inquiries, policy issuance, and contract execution to providers of the mediated services/objects, insurers, reinsurers, broker pools, technical service providers, other service providers (e.g., cooperating associations), as well as financial service providers, credit institutions, investment companies, social security bodies, tax authorities, tax advisors, legal advisors, auditors, insurance ombudsmen, and the Federal Financial Supervisory Authority (BaFin). We may also employ subcontractors, such as sub-brokers. Customer consent is obtained if necessary for disclosure/transmission, especially concerning special categories of data under Article 9 GDPR.

Data is deleted after the expiry of legal warranty and similar obligations, with data retention requirements reviewed every three years; otherwise, legal retention obligations apply. If legally required to archive data, deletion occurs at the end of the mandatory storage period. In the insurance and financial sectors under German law, advisory records are stored for 5 years, final broker notes for 7 years, and brokerage contracts for 5 years, with a general retention period of 6 years for commercial documents and 10 years for tax-relevant documents.

**Contractual Services**

We process data of our contractual partners, prospects, and other clients, customers, mandatees, or contract partners (collectively “contract partners”) according to Article 6(1)(b) GDPR to provide our contractual or pre-contractual services. The data processed, its nature, scope, purpose, and necessity, depend on the underlying contractual relationship. This includes our partners’ basic data (e.g., names, addresses), contact data (e.g., email addresses, phone numbers), contract data (e.g., services provided, contract content, contractual communication, names of contact persons), and payment data (e.g., bank details, payment history).

We do not generally process special categories of personal data unless these are part of the commissioned or contractual processing. Data required to establish and fulfill contractual services is processed, with indication of its necessity if it is not evident to the contract partners. Disclosure to external persons or companies occurs only when contractually necessary. For data entrusted to us as part of an assignment, we act according to the client’s instructions and legal requirements.

In the context of our online services, we may store IP addresses and the time of user actions based on our legitimate interests, as well as users’ interests in protection from misuse or other unauthorized use. This data is not shared with third parties unless necessary to enforce our claims under Article 6(1)(f) GDPR or if legally required under Article 6(1)(c) GDPR. Data is deleted once it is no longer necessary for fulfilling contractual or legal care obligations and for handling any warranty and similar obligations, with retention requirements reviewed every three years; otherwise, legal retention obligations apply.

**Administration, Financial Accounting, Office Organization, Contact Management**

We process data in the context of administrative tasks, organizing our business, financial accounting, and fulfilling legal obligations, such as archiving. We process the same data as for providing our contractual services. The legal bases are Article 6(1)(c) GDPR and Article 6(1)(f) GDPR. Affected parties include customers, prospects, business partners, and website visitors. The purpose and our interest in processing lie in administration, financial accounting, office organization, and archiving, necessary to maintain our business activities and perform our tasks and services. Data deletion related to contractual services and communication follows the data retention statements above.

We disclose or transfer data to the tax authorities, advisors (e.g., tax consultants or auditors), as well as other fee offices and payment service providers. Additionally, we store information on suppliers, event organizers, and other business partners based on our business interests, for potential future contact. Generally, these mostly company-related data are stored permanently.

**SoundCloud**

Our podcasts are hosted on the “SoundCloud” platform, provided by SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany, and are streamed from this platform. For this purpose, we embed SoundCloud widgets on our website, which is playback software that allows users to listen to the podcasts. SoundCloud may track which podcasts are listened to and how often, processing this data pseudonymously for statistical and business purposes. Cookies may be stored in users’ browsers to create usage profiles for purposes such as displaying advertisements tailored to users’ interests. For registered SoundCloud users, SoundCloud may link listening data to their profiles. Use is based on our legitimate interest in the secure and efficient delivery, analysis, and optimization of our audio content, per Article 6(1)(f) GDPR. Further information and options for opting out are available in SoundCloud’s privacy policy: [soundcloud.com/privacy](https://soundcloud.com/privacy).

**Contacting Us**

When contacting us (e.g., via contact form, email, phone, or social media), users’ information is processed to handle and respond to the contact request according to Article 6(1)(b) (for contractual/pre-contractual relationships) or Article 6(1)(f) (other inquiries) GDPR. User data may be stored in a customer relationship management (CRM) system or similar inquiry organization system. Requests are deleted once they are no longer needed; the necessity is reviewed every two years. Additionally, statutory archiving obligations apply.

**Newsletter**

The following provides information about the content of our newsletter, the registration, distribution, and statistical evaluation procedures, and your rights to object. By subscribing to our newsletter, you consent to its receipt and the described procedures.

Newsletter content: We send newsletters, emails, and other electronic notifications containing promotional information (“newsletter”) only with recipients’ consent or as legally permitted. If specific content is described during registration, it is relevant to users’ consent. Otherwise, newsletters contain information about our services and ourselves.

Double opt-in and logging: Newsletter registration uses a double opt-in process, meaning you receive an email after registering, requesting confirmation of your subscription. This confirmation prevents unauthorized email sign-ups. Newsletter registrations are logged to verify the registration process meets legal requirements. This includes recording the registration and confirmation time and IP address. Any changes to data stored by the distribution service are also logged.

### Collection of Access Data and Log Files

We, or our hosting provider, collect data on each server access where this service is hosted (known as server log files) based on our legitimate interests as per Art. 6 Para. 1 lit. f. GDPR. Access data includes the name of the accessed website, file, date and time of access, data volume transferred, notification of successful retrieval, browser type and version, user’s operating system, referrer URL (previously visited page), IP address, and the requesting provider.

Log file information is stored for a maximum of 7 days for security reasons (e.g., to investigate cases of misuse or fraud) and is then deleted. Data that needs to be retained for evidence purposes is exempt from deletion until the respective incident is finally clarified.

### Google Tag Manager

Google Tag Manager is a solution that allows us to manage website tags through an interface (for example, to integrate Google Analytics and other Google marketing services into our online offering). The Tag Manager itself (which implements the tags) does not process any personal data of the users. For more information on user data processing, please refer to the respective Google services listed. Usage guidelines: google.com.

### Google Analytics

We use Google Analytics, a web analysis service provided by Google LLC (“Google”), based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering in accordance with Art. 6 Para. 1 lit. f. GDPR). Google uses cookies, and the information generated by the cookie regarding the usage of the online offering by users is generally transmitted to and stored on a Google server in the USA.

Google is certified under the Privacy Shield Agreement, offering a guarantee of compliance with European data protection law (privacyshield.gov).

Google will use this information on our behalf to evaluate the usage of our online offering by users, compile reports on activities within this online offering, and provide us with further services related to the usage of this online offering and internet usage. Pseudonymous usage profiles of the users can be created from the processed data.

We use Google Analytics with activated IP anonymization, meaning that the IP address of users is shortened by Google within the member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and related to their use of the online offering as well as from processing this data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.

For more information on Google’s data usage, settings, and opt-out options, please see Google’s privacy policy (policies.google.com/technologies/ads) and settings for the display of advertisements by Google (adssettings.google.com/authenticated).

User data is deleted or anonymized after 14 months.

### Google Universal Analytics

We use Google Analytics in the “Universal Analytics” format. “Universal Analytics” refers to a Google Analytics process that enables user analysis based on a pseudonymous user ID and thus creates a pseudonymous profile of the user with information from the use of various devices (so-called “cross-device tracking”).

### Audience Creation with Google Analytics

We use Google Analytics to display ads placed within Google’s and its partners’ advertising services only to those users who have shown interest in our online offering or exhibit certain characteristics (e.g., interests in specific topics or products, based on the visited websites) that we transmit to Google (so-called “Remarketing” or “Google Analytics Audiences”). With the help of remarketing audiences, we aim to ensure that our ads match the potential interest of users.

### Google Adsense with Personalized Ads

We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering under Art. 6 Para. 1 lit. f. GDPR).

Google is certified under the Privacy Shield Agreement and thereby offers a guarantee of compliance with European data protection law (privacyshield.gov/participant).

We use the AdSense service to display ads on our website for which we receive compensation for their display or other use. Usage data such as clicking on an ad and users’ IP addresses are processed for these purposes, with the IP address shortened by the last two digits. Therefore, user data processing is pseudonymized.

We use AdSense with personalized ads, where Google infers users’ interests based on visited websites or used apps and creates user profiles. Advertisers can use this information to align their campaigns with these interests, benefiting both users and advertisers. Ads are considered personalized by Google when recorded or known data determines or influences the ad selection.

For more information on Google’s data usage, settings, and opt-out options, please see Google’s privacy policy (policies.google.com/technologies/ads) and settings for the display of Google ads (adssettings.google.com/authenticated).

### Online Presence on Social Media

We maintain an online presence on social networks and platforms to communicate with active customers, interested parties, and users and inform them about our services. We note that user data may be processed outside the European Union. This can pose risks for users as it may be more difficult to enforce user rights.

Concerning US providers certified under the Privacy Shield, we note that they are committed to complying with EU data protection standards.

In general, user data is processed for market research and advertising purposes. User profiles can be created from the user behavior and interests. These profiles can be used to display advertisements that presumably match user interests within and outside the platforms. For these purposes, cookies are generally stored on users’ devices to save user behavior and interests.