Privacy Policy

Last updated: May 5, 2023

MoveMusic LLC, located at PO Box 421, China Spring, TX 76633-0421, USA, herewith informs you about the processing of personal data for which MoveMusic is the responsible controller according to the provisions of the EU General Data Protection Regulation (GDPR). Your data may also be processed by other companies belonging to the MoveMusic group, whereas such data processing is based on Adequacy Decisions by the EU Commission and EU standard contractual clauses (with additional safeguards where legally required).

Apart from sending us a letter, you may contact us at any time via [email protected].

Below you can find the most important information on typical processing of your data, organized by affected user groups (groups of data subjects). For certain data processing operations, which only concern specific groups, the information requirements are fulfilled separately. Where the term "data" is used, we refer to personal data within the meaning of the GDPR only.

1. Application(s) Users
2. Website Visitors
3. Newsletter Recipients
4. Help and Support Requesters
5. MoveMusic Social Media Pages Visitors
6. Communication Partners, Artists, Community Members, other Externals
7. Development Partners
8. Rights of Data Subjects and Further Information
9. Information for Non-EU and US Residents

#1. Application(s) Users

When using our software application(s), excluding our website but including the “MoveMusic Control” VR application and “MMConnect” desktop application for macOS, Windows, and Linux, no user data is collected, stored, or accessible by MoveMusic LLC or by any included third-party software used within our application(s). Data is stored temporarily on the user's computer(s) and sent between the applications to allow wireless communication and user-control of multimedia software. Additionally, user-generated project file and application preference data are stored in long-term file storage on the user's computers and accessed by our application(s). None of this data can be accessed by MoveMusic LLC, only by our application(s) which the user chooses to run on their computer(s).

#1.1 Wireless Communication Data

For our applications to function wirelessly, certain data is sent over Wi-Fi between the “MoveMusic Control” VR application and the “MMConnect” desktop application.

(i) Our applications process this data to allow the “MoveMusic Control” VR application and “MMConnect” to find each other on a local Wi-Fi network and communicate events, which a user may perform in the VR application, to control multimedia software (such as third-party music software) on an external computer that is running the “MMConnect” application.

(ii) The data processed is UDP and OSC data: UDP (User Datagram Protocol) data is protocol data that allows communication between two computers by sending data contained in a UDP packet: This includes IP address of the source and destination computer (or VR headset) and port numbers of the computer where the message should be delivered. The data in the UDP packets sent by our application(s) include OSC data: OSC (Open Sound Control) is a protocol for communication between computers and multimedia devices. The OSC data includes basic numeric and textual data about how the user has configured the application(s) to be mapped to control their multimedia software. This may include textual data the user has specifically entered into textboxes in the application(s).

(iii) The legal basis for our applications processing the above-mentioned data is our legitimate interest in providing a working product to the user that can be used wirelessly.

(iv) The data is automatically transmitted between our applications when the user has started our application(s) on their computer, has attempted to connect their computer(s) (or VR headset) to a Wi-Fi network, and has initiated connection events in the menus of the VR application.

(v) MoveMusic LLC cannot access and does not store any of this data. The data only exists on the user's computer(s) and the Wi-Fi router to which the user has connected their computer(s). The data is stored temporarily in our applications' memory on the user's computer(s) (or VR headset) until it is processed by the applications.

(vi) When the applications are closed, this data is deleted from the user's computer(s) (or VR headset).

(vii) Without sending data such as local IP address between our applications, the use of our products wirelessly would not be technically possible.

#1.2 Multimedia Control Data

For the user to control multimedia software on their computer from their interactions with our applications, the “MMConnect” desktop application sends data to other multimedia applications of the user's choosing on their computer.

(i) Our “MMConnect” application processes this data to initiate control events in other multimedia applications on the user's computer.

(ii) The data processed is MIDI data: MIDI (Musical Instrument Digital Interface) data is protocol data that allows communication between multimedia applications and hardware (including music software and hardware). The data includes numeric and textual data representing musical and multimedia control events.

(iii) The legal basis for our applications processing the above-mentioned data is our legitimate interest in providing a working “MIDI controller” product to the user that can be used to control other multimedia applications via MIDI.

(iv) The data is automatically transmitted by “MMConnect”, but can be configured to send to specific multimedia applications by the user. Data transmission events are most often initiated when the user interacts in the “MoveMusic Control” VR application and messages of this interaction are received by “MMConnect”.

(v) MoveMusic LLC cannot access and does not store any of this data. The data only exists on the user's computer, but the data can be optionally received and recorded by multimedia applications of the user's choosing.

(vi) When the applications are closed, this data is deleted from the user's computer unless the user has sent this data to a multimedia application and that application has stored the data.

(vii) Without sending multimedia control data between “MMConnect” and other multimedia applications of the user's choosing on their computer, the use of our product as a controller for multimedia software would not be technically possible.

#1.3 User-Generated Project Files & Application Preferences

For users to reload previously created projects in our applications and for our applications to recall user-preference settings, our applications store data in long-term file storage on the user's computers.

(i) Our applications process this data to allow user-generated content such as “MoveMusic Control” project files to be saved and reloaded into the application later. Our applications also process data to remember application settings the user has chosen so they do not need to change settings every time they close and reopen the applications.

(ii) The data processed is user-generated “MoveMusic Control” project files (.mmc file format) and user preference files. These files contain binary data representing layout and configuration of “MoveMusic Control” controls in a project configured by the user, basic textual information, date & time of file modification, and information the user has specifically entered into text boxes of the applications such as project file name.

(iii) The legal basis for our applications processing the above-mentioned data is our legitimate interest in providing a working product to the user that can save and reload user-generated project files and remember preferences that have been set by users in our application(s).

(iv) The preference data is automatically saved by our application(s) when the user configures settings in menus of our application(s) and loaded by our application(s) when they are running. The project data is saved when the user initiates save events in our “MoveMusic Control” application and loaded by “MoveMusic Control” when it is running or when the user browsers through the project file browser UI in the menus. These saving and loading of this data can only be performed by our application(s) after the user has granted file saving and loading permissions to our application(s).

(v) MoveMusic LLC cannot access and does not store any of this data. The data only exists on the user's computer(s) (or VR headset) in long-term storage and is processed by our application(s).

(vi) The files will exist on the user's computer(s) until the user manually deletes the files or requests that our application delete these files on their behalf by using commands in our applications' menus.

(vii) Without saving and loading data such as project files or user preferences to long-term storage on the user's computer(s), users would not be able to conveniently recall previous settings or user-generated content in our application(s) and this feature would not be technically possible.

#2. Website Visitors

#2.1 Server-log data

When using our websites, certain information is sent to the server of our websites by the browser used on your device for technical reasons. This data is stored and processed on our server.

(i) We process the following data for the purpose of providing the contents of the website that you have visited, to ensure the security of the IT infrastructure used, to correct errors, to enable and simplify searches on the website and to manage cookies.

(ii) The data processed is HTTP data: HTTP data is protocol data that is generated when the Websites is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons: This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit. HTTP(S) data also accumulates on the servers of service providers (for example: when requesting third-party content).

(iii) The legal basis for the processing of the above-mentioned data is our legitimate interest in the operation of an online presence, communication with communication partners and internal compliance reporting (Article 6 para. (1) (f) GDPR).

(iv) The data is automatically transmitted by the browser of the user.

(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.

(vi) IP addresses are anonymized after 24 hours at the latest. Pseudonymous usage data will be deleted after six months.

(vii) Without disclosure of personal data such as the IP address, the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

#2.2 Technically required cookies

We use cookies on our websites. Cookies are small text files containing information that can be stored on the user's device via the browser when visiting a website. The information stored in cookies can be read out and processed when the website is visited again using the same device. In doing so, we use processing and storage functions of the browser of your device and collect information from the storage of the browser of your device.

In the structure of our privacy policy, we differentiate between technically required cookies and tracking cookies. Cookies that are technically required for the functioning of the websites cannot be deactivated via the cookie management function of the websites. However, you can generally deactivate cookies at any time in your browser. Different browsers offer different ways to configure the cookie settings in the browser. However, we would like to point out that some functions of the websites may not or no longer function properly if you generally deactivate cookies in your browser settings.

#a) Consent Cookies

We use so-called Consent Cookies to store your consent, possible right to withdraw your consent and opt-out of the use of cookies on our websites.

(i) The purpose of data processing is the storage of the user decisions on cookies (consent, withdrawal, opt-out).

(ii) The processed data are:

• HTTP data: HTTP data is protocol data that is technically generated when the website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.
• User decision on cookies: User's decision on individual cookies or groups of cookies. Time of the decision and of the last visit.

(iii) The legal basis for the processing is our legitimate interest of easy and reliable control of cookies settings in accordance with the respective user decisions and improving of user experience (legal basis: Article 6 para. (1) (f) GDPR).

(iv) The data is actively provided by the user (decision on cookies) or automatically transmitted by the user's browser (protocol data, time stamp).

(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.

(vi) Information about your decision rejecting cookies is deleted at the end of the session. The remaining other data will be deleted after one year.

(vii) Without disclosure of personal data, the use of the website is not possible. Communication via the website without the disclosure of data is technically not possible.

#b) Session Cookies

We use Session Cookies on our websites. This enables us to save information about your customer account, individual settings and certain user actions for the duration of your visit (for example: login, language settings, shopping basket function).

(i) The purpose of data processing is to enable the login, user-specific settings (for example: language) and the technical provision of a shopping cart function.

(ii) The processed data are data concerning the customer account, language selection, country, cookie settings and shopping cart.

(iii) The legal basis for the processing is the usage contract for visiting the website and our legitimate interest in the provision of the individual sessions for the users, including the cookies accepting/rejecting function, shopping basket function or the respective language setting function, each in accordance with Article 6 para. (1) (f) GDPR.

(iv) The data is automatically transmitted by the browser of the user.

(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.

(vi) The data is deleted after one year.

(vii) Without disclosure of personal data the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

#c) IT Security Cookies

We use IT Security Cookies on our websites to protect our websites and also our website visitors against IT Security attacks, like for example so-called cross-site request forgery attacks or other attacks by malicious visitors. Some attackers attempt to display fake requests to website visitors.

(i) The purpose of the data processing is to increase the IT Security of the website and of our website visitors and to prevent IT Security attacks.

(ii) The data processed are the IT Security test results and the HTTP log data. Wherever it is possible we use one-way hashes of certain test result values.

(iii) The legal basis for the processing is our legitimate interest in protecting our website and our website visitors from IT Security attacks (Article 6 para. (1) (f) GDPR).

(iv) The data is automatically transmitted by the browser of the user.

(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.

(vi) The data is usually deleted at the end of the session.

(vii) Without disclosure of personal data the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

#2.3 Tracking Cookies

We use cookies on our websites. Cookies are small text files containing information that can be stored on the user's device via the browser when visiting a website. The information stored in cookies can be read out and processed when the website is visited again using the same device. In doing so, we use processing and storage functions of the browser of your device and collect information from the storage of the browser of your device.

In the structure of our privacy policy, we differentiate between technically required cookies and tracking cookies. Depending on their function and purpose, the use of certain cookies may require the user's consent. Your consent is given through a so-called "cookie banner": When you visit our websites, we display our cookie banner. In our cookie banner you can declare your consent to the use of all cookies requiring consent on this website by clicking on the "Accept" button. Without such consent, the cookies requiring consent are not activated. By clicking the "Close" button, you can also completely reject the use of cookies requiring consent. Your decision will be saved in a cookie. Alternatively, you have the possibility to access our "cookie settings section" by clicking on the "More information" button. In the cookie settings section, you can make an individual selection of cookies and customize them at a later time. We store your cookie settings in the form of a cookie on your device in order to determine whether you have already made cookie settings the next time you visit the websites.

#a) Google Analytics

We use the web analysis tool Google Analytics 4 (GA4) on our websites. Google Analytics 4 is owned and maintained by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The data generated by Google Analytics 4 is processed on Google’s servers in the USA. With the help of Google Analytics 4, we can analyze the usage behavior of visitors to our websites in pseudonymized and anonymized form. Your IP address is not logged or stored by GA4 so it remains anonymous.

You can deactivate the data processing by Google Analytics at any time in our “cookie settings section”.

(i) The purpose of data processing is to analyze user behavior and to measure the reach of our website and advertisements to optimize our website.

(ii) The processed data or information are:

• HTTP data: HTTP data are information generated for technical reasons when using the web analysis tool Google Analytics via the Hypertext Transfer Protocol (Secure) (HTTP(S)) used on the website: Such data include anonymized IP address, type and version of your Internet browser, operating system used, the page visited and URL, the page previously visited (referrer URL), date and time of the visit.
• Location data (based on anonymized IP address): Such data may include country, region, city.
• Data generated for web analysis and assigned to your device: This includes the User ID. Such User ID is a feature in Google Analytics that lets us connect together a given user’s data collected from multiple devices and multiple browsers.
• Ecommerce data (only when you purchase MoveMusic products directly from our website): transaction value, product purchased, product price purchased.
• Customer account data (only when you are logged in to your MoveMusic Account): Such data may include current licenses, type of registered hardware unit(s), date of first free unlock of a license, date of last product purchase.
• Interaction and event tracking data: Such data are generated from your interactions with functions on our website. Such data include newsletter subscription, form interactions, video and audio interactions, adds to cart, clicks on payment method, links (internal and external) and downloads.
• Analytics measurement and report data: Data contained in aggregated segment and device-related reports by the Google Analytics web analysis tool based on a heatmap analysis and session recordings. These data include information where on a page you as website visitor tried to click, where you moved the mouse and how far down you scrolled as well as clicks, mouse movements, scrolls, window resizes, form interactions, and changes to the website.

(iii) The legal basis for the processing of the above mentioned data is your consent (Article 6 para. (1) (a) GDPR).

(iv) The data is automatically transmitted by the browser of the user.

(v) We use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems.

(vi) The data will be deleted after 14 months at the latest.

(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the data subject to provide the data. If the data is not provided, we cannot perform web analysis using Google Analytics.

#2.4 Video and other content from third parties

There are links on our websites to video files that are stored and accessible on external video content platforms. As soon as you click the button to play content from such video content platform, the file is loaded by such platform. Technically, the same thing happens as if you would go to the respective platform website via a link: The external video content platform receives all information that your browser automatically transfers (including your IP address). Such external video content platform also sets its own cookies on your device. This also happens if you do not have an external video content platform user account. If you are logged in to such account, your data is directly associated with your account. If you do not want your profile to be associated with such external platform you must log out of your account there before clicking on the video file content.

Please find more details about the external video content platforms below and in their respective privacy information linked on the external video content platforms.

#a) YouTube Embedding (Privacy Enhanced Mode)

The collection and processing of this data is the sole responsibility of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as its service provider. MoveMusic has no influence on the data processing of Google. For information about the processing of personal data by Google, please refer to the Google Privacy Policy: https://policies.google.com/privacy

#b) Facebook Video and Instagram Embedding

The collection and processing of this data is the sole responsibility of Facebook (if user is located in the EU: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). MoveMusic has no influence on the data processing of Facebook. For information about the processing of personal data by Facebook or Instagram please refer to the Facebook products Privacy Policy: https://www.facebook.com/about/privacy

#c) Vimeo Embedding

The collection and processing of this data is the sole responsibility of Vimeo.com, Inc., 555 West 18th Street, New York, New York 10011, USA. MoveMusic has no influence on the data processing of Vimeo. For information about the processing of personal data by Facebook or Instagram please refer to Vimeo Privacy Policy: https://vimeo.com/privacy

#3. Newsletter Recipients

If you subscribe to a newsletter, we will send you information about MoveMusic and our products and partners. We also occasionally invite you to participate in surveys as part of our newsletter. If you participate in such surveys, the information in Section 3 applies, and we also monitor the reach and success of the newsletter.

If we have an existing contractual relationship with you and you did not opt-out, we may send you information about similar MoveMusic products and services.

(i) In these events we process your data for the purpose of sending the newsletter. We may also use your usage data to send you more relevant content.

(ii) The processed data are:

• name, email address
• HTTP data: This is protocol data that is technically required for opening the newsletter via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.
• Mailchimp Identifiers: These are pseudonymized identifiers such as external IDs or hashed email addresses
• Opening and reading times of the newsletter

(iii) If you subscribed for our newsletter the legal basis for the processing of newsletter data is Article 6 para. (1) (a) GDPR (consent). If we have an existing contractual relationship with you and you did not opt-out the legal basis for processing of newsletter data is Article 6 para. (1) (b), (f) GDPR (contract with you, legitimate interest about keeping you updated about our products). We may also process your usage data based on our legitimate interest of improving our newsletters, verifying mailing lists and showing you more relevant content (Article 6 para. (1) (f) GDPR).

(iv) You provide your contact details yourself when you engage into a contractual relationship with us or subscribe to the newsletter; the further data for analysis is transmitted automatically by your browser and email client.

(v) We use service providers as processors within the framework of a data processing agreement for the provision and improvement of services, especially for the provision, maintenance and servicing of IT systems. In particular, we use The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia, 30308, USA. Your provided data will be stored on Mailchimp servers in the USA.

(vi) Data regarding newsletters will be deleted when you unsubscribe from the newsletters (for example via using the unsubscribe button in a newsletter or via the settings in your MoveMusic Account). Data with regard to opening and reading times, will usually be deleted or anonymized after 14 months. The remaining data will be deleted after one year if we are not required to keep your data for legitimate interests (such as follow up questions) or compliance with our legal retention obligations the data.

(vii) Data is required to receive newsletters. Without providing data, they cannot be sent. A withdrawal of your consent is possible at any time. Please use the unsubscribe function in the newsletter.

#4. Help and Support Requesters

(i) The purpose of the processing is to provide you with a knowledge base and contact support regarding sales questions and technical support requests.

(ii) The data processed are:

• Login data of the MoveMusic Account: To provide you with our supports regarding your technical requests you have to log into your MoveMusic Account otherwise we cannot help you with your specific question.
• Name and contact data (email, phone, fax, and, as applicable, social media information)
• Description of your support request including corresponding data files and meta data
• MoveMusic Products you are using: To provide you with the relevant information we need to know which MoveMusic Products you are using.

(iii) The legal basis is the existing contract with you relating to the MoveMusic account and products (Article 6 para. (1) (b) GDPR) and our legitimate interest to provide our users with a knowledge base, a support contact and our legitimate interest in analyzing and evaluating support requests (Article 6 para. (1) (f) GDPR). We may also process your pseudonymous data with our legitimate interest of aligning and improving our products, services and customers’ needs (Article 6 para. (1) (f) GDPR). The legal basis on keeping your data – which might be relevant for certain legal disputes - for three years (statutory limitation period) is the legitimate interest to defend us against possible claims (Article 6 para. (1) (f) GDPR).

(iv) You provide the data yourself, if you send us an inquiry.

(v) We use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems. For online support requests the recipients of the data is Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), which we use as processor via their Google Workspace, Google Groups, and Google Mail (Gmail) services. If the aforementioned measures are not considered sufficient the data processing in the USA is based on your consent (Article 49 para. (1) (a) GDPR). It is possible that US authorities may access personal data without us or you being informed.

(vi) Your data will be deleted after you delete your MoveMusic Account or your request has been resolved from our active systems. All contractual data and data relevant for accounting are stored for 10 calendar years. Data that become relevant for a defense against possible claims are stored for three years (statutory limitation).

(vii) The processing of the data is necessary to help you with your inquiries. If the data is not provided, we cannot provide you with the service of our help center.

#5. MoveMusic Social Media Pages Visitors

MoveMusic operates social media sites. Social media pages are run by service providers who process data for providing such sites.

(i) The purpose for data processing on our social media sites is providing you with interesting content and to interact with you on social media platforms. Depending on the social media service usage data may also be analyzed to improve our social media presence.

(ii) The data processed are content and usage data on such social media pages.

(iii) Information and data displayed or shared on MoveMusic social media sites may be accessible to the applicable provider of the social media platform, its users and MoveMusic (or engaged service providers).

(iv) Further details on data processing on the respective social media sites can be found on the respective social media pages and this Privacy Policy.

#Facebook

We and Facebook (for users in the EU/EEA: Facebook Ireland Ltd. (Facebook), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are joint controllers of the processing of personal data via the MoveMusic Facebook page. The agreement on joint controllership is available under: https://www.facebook.com/legal/terms/page_controller_addendum. According to the agreement, Facebook is responsible to inform data subjects about the processing activities. Facebook’s Privacy Policy is available under: https://www.facebook.com/privacy/explanation. Data subjects may exercise their rights in respect of and against each of the controllers, MoveMusic and/or Facebook. For more information on the data Facebook shares with MoveMusic please visit https://www.facebook.com/business/learn/facebook-page-insights-basics. The legal basis for the processing of data by MoveMusic is the legitimate interest in the analysis of usage data in order to improve the Facebook Page (Article 6 para. (1) (f) GDPR).

#Instagram

We and Instagram (for users in the EU/EEA provided by Facebook Ireland Ltd. (Facebook), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are joint controllers of the processing of personal data via the MoveMusic Instagram page. The agreement on joint controllership is available under: https://www.facebook.com/legal/terms/page_controller_addendum. According to the agreement, Instagram (provided by Facebook) is responsible to inform data subjects about the processing activities. Instagram’s Privacy Policy is available under: https://help.instagram.com/519522125107875 Data subjects may exercise their rights in respect of and against each of the controllers, MoveMusic and/or Instagram (provided by Facebook). For more information on the data Instagram shares with MoveMusic please visit https://www.facebook.com/help/instagram/788388387972460?helpref=related. The legal basis for the processing of data by MoveMusic is the legitimate interest in the analysis of usage data in order to improve the Instagram Page (Article 6 para. (1) (f) GDPR).

#Youtube

We operate a social media page on the Youtube platform. The collection and processing of this data is the sole responsibility of Google (for EU/EEA Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as its service provider). We have no knowledge of further details of the processing of personal data in the area of data controllership of Google or a possible data processing in the USA. MoveMusic has no influence on the data processing of Google. For information about the processing of personal data by Google, please refer to the Google Privacy Policy: https://policies.google.com/privacy As applicable, the legal basis for the processing of data by MoveMusic is the legitimate interest in the analysis of usage data in order to improve the Youtube Page (Article 6 para. (1) (f) GDPR).

#Twitter

We operate a social media page on Twitter (by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA). For users in the EU/EEA the controller to controller data protection addendum between Twitter and MoveMusic applies: https://gdpr.twitter.com/en/controller-to-controller-transfers.html. According to the agreement the collection and processing of this data is the sole responsibility of Twitter. Twitter’s Privacy Policy is available under: https://twitter.com/en/privacy. As applicable, the legal basis for the processing of data by MoveMusic is the legitimate interest in the analysis of usage data in order to improve the Twitter Page (Article 6 para. (1) (f) GDPR).

#Discord

We operate a discussion community on Discord (by Discord Inc., 444 De Haro Street, Suite 200, San Francisco, CA 94107, USA). Discord’s Privacy Policy is available under: https://discord.com/privacy. According to the policy the collection and processing of this data is the sole responsibility of Discord. As applicable, the legal basis for the processing of data by MoveMusic is the legitimate interest in the analysis of usage data in order to improve MoveMusic’s Discord community (Article 6 para. (1) (f) GDPR).

#TikTok

We operate a social media page on TikTok (by TikTok Inc., TikTok Legal Department 5800 Bristol Parkway, Suite 100, Culver City, CA 90230). For users in the EU/EEA the controller to controller data protection addendum between TikTok and MoveMusic applies: https://ads.tiktok.com/i18n/official/policy/controller-to-controller. TikTok’s Privacy Policy is available under: https://www.tiktok.com/legal/privacy-policy-us. As applicable, the legal basis for the processing of data by MoveMusic is the legitimate interest in the analysis of usage data in order to improve the TikTok Page (Article 6 para. (1) (f) GDPR).

#Patreon

We operate a social media page on Patreon (by Patreon, Inc., 600 Townsend Street, Suite 500, San Francisco, CA 91403, USA). For users in the EU/EEA the controller to controller data protection addendum between Patreon and MoveMusic applies: https://gdpr.twitter.com/en/controller-to-controller-transfers.html. Patreon’s Privacy Policy is available under: https://privacy.patreon.com/policies. As applicable, the legal basis for the processing of data by MoveMusic is the legitimate interest in the analysis of usage data in order to improve the Patreon Page (Article 6 para. (1) (f) GDPR).

#6. Communication Partners, Artists, Community Members, other Externals

(i) The purpose of the processing is the preparation and execution of a contractual relationship or other communication, improving our services and quality management for building communities and other relationships.

(ii) The data processed are: contact data (name, contact details), communication details, usage data (such as: technical metadata of the communication, usage data of MoveMusic products), other interaction data

(iii) The legal basis for processing the data is a starting or existing contractual relationship (Article 6 para. (1) (b) GDPR, for contracts with legal persons Article 6 para. (1) (f) GDPR with legitimate interest, namely communication with contact persons relevant to the contract). We may also process your data based on statutory obligations, such as tax and commercial law (Article 6 (1) (c) GDPR) and legitimate interests, including the documentation of the communication, improving MoveMusic products, relationship building and services as well as quality management (Article 6 para. (1) (f) GDPR).

(iv) You provide data by yourself when you communicate with us. Further data is transmitted automatically by your browser or collected from publicly available resources.

(v) Contact and contract data can be transmitted to other service providers, business partners as well as offices and authorities if necessary for the execution of the contract or request. We also use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems. In particular, this includes Mailchimp by Rocket Science Group LLC (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia, 30308, USA) and Google Groups/Mail by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

(vi) Data of contract partners and service providers will be deleted ten calendar years after termination of the contract.

(vii) The processing of contact data on part of the service providers and business partners is necessary to execute the contract. If the data is not provided, the communication may be considerably disturbed.

#7. Development Partners

(i) The purpose of the processing is the preparation and execution of a contractual relationship, other communication or improving MoveMusic products.

(ii) The data processed are: contact data (name, contact details, GitHub name, organization, MoveMusic Account information), data about development activities, license contract data, usage data (such as: usage data of MoveMusic products).

(iii) The legal basis for processing the data is a starting or existing contractual relationship (Article 6 para. (1) (b) GDPR, for contracts with legal persons Article 6 para. (1) (f) GDPR with legitimate interest, namely communication with contact persons relevant to the contract). We may also process your data based on statutory obligations, such as tax and commercial law (Article 6 (1) (c) GDPR) and legitimate interests, including the verification of your contact data, documentation of the communication and improving MoveMusic products (Article 6 para. (1) (f) GDPR).

(iv) You provide data yourself. Further data is transmitted automatically by your browser.

(v) Contact and contract data can be transmitted to other service providers, business partners as well as offices and authorities if necessary for the execution of the contract. We also use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems. In particular, this includes Mailchimp by Rocket Science Group LLC (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia, 30308, USA) and Google Groups/Mail by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Some of our service providers like Github (from GitHub, Inc. 88 Colin P Kelly Jr Street San Francisco, CA 94107) offer the possibility to register directly to their platform. If you enter into such a direct contractual relationship with one of our service providers the service provider is the independent controller for all data processing under such contract. More information regarding the data processing within the independent controllership of Github may be found here: https://docs.github.com/en/github/site-policy/github-privacy-statement

(vi) Data of contract partners and service providers will be deleted ten calendar years after termination of the contract.

(vii) The processing of contact data on part of the service providers and business partners is necessary to execute the contract. If the data is not provided, the communication may be considerably disturbed.

#8. Rights of Data Subjects and Further Information

(i) We do not use any methods of automated individual decision-making.

(ii) You have the right to request information at any time about all your personal data which we are processing.

(iii) If your personal data is incorrect or incomplete, you have the right to have it rectified and completed.

(iv) You can request the erasure of your personal data at any time, as long as we are not bound by legal obligations that require or allow us to continue processing your data.

(v) If the applicable legal requirements are met, you can request a restriction to the processing of your personal data.

(vi) You have the right to object to the processing, insofar as the data processing is based on profiling or direct marketing purposes.

(vii) If the processing is carried out on the basis of the balancing of interests, you may object to the processing by stating reasons arising from your particular situation.

(viii) If the data processing takes place on the basis of your consent or a contract, you have the right to a transfer of the data provided by you, insofar as the rights and freedoms of others are thereby not impaired.

(ix) If we process your data on the basis of a declaration of consent, you have the right to withdraw your consent at any time with future effect. The processing carried out prior to a withdrawal remains unaffected by such withdrawal.

(x) Moreover, you have the right to file a complaint at any time with a data protection supervisory authority, if you believe that data processing has been carried out in violation of the applicable law.

#9. Information for Non-EU and US Residents

MoveMusic generally falls within the scope of the GDPR, which is why we have aligned the drafting of the entire Privacy Policy with the provisions of the GDPR. However, other local privacy law may be additionally applicable in individual cases, if you are a non-EU/EEA resident and visit the MoveMusic websites or online presences, interact with MoveMusic products, services or communities. We will provide you with additional information on such local laws via separate information where required.

#Information regarding the processing of personal data from children under 13 years (under Children’s Online Privacy Protection Act, COPPA)

MoveMusic does not knowingly collect or use personal data from children under 13 years without containing verifiable consent from their parents. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce this privacy policy by instructing their children never to provide personal data without their permission.