Steinberg Media Technologies GmbH

Creativity First

Beim Strohhause 31
20097 Hamburg

Tel: +49 (0)40 210 35-0
Fax: +49 (0)40 210 35-300

Privacy Policy

General Information

The protection of your personal data is very important to us. Your personal data will be used exclusively within the framework of statutory data protection regulations, e.g., the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Our employees and agents shall comply with all regulations of data protection law. In the following, you can review more detailed information about the type, scope and purpose of the collection and use of your personal data, as well as the rights to which you are entitled regarding the use of your personal data.

Contact details of the Controller and the Data Protection Officer

If you have any further questions about data protection, please feel free to contact us. Furthermore, if you have any questions about the collection, processing or use of your personal data, or about requesting information, or rectifying, blocking or erasing data, or about the revocation of any consent granted, please contact:

The Controller of the data processing:

Steinberg Media Technologies GmbH
Beim Strohhause 31
20097 Hamburg
Germany

E-mail: privacy@steinberg.de

You can reach our Data Protection Officer at: privacy@steinberg.de

Nature and Scope of Data Processing

When visiting our website

When visiting our website, personal data is processed as described below:

Accessing our website

When you visit our website, the browser used on your end device automatically sends information to the server of our website and stores it temporarily in a so-called log file. The following information is also automatically collected and stored until automatically deleted:

  • Date and time of access,

  • URL (address) of the referring webpage,

  • Retrieved file,

  • Amount of data sent,

  • Browser type and version,

  • Operating system

  • The IP address of the requesting Internet-enabled device.

The legal basis for such processing of the IP address is Article 6 Para. 1 lit. f GDPR. Our legitimate interest arises from the purposes of data collection listed below.

The IP address of your end device and the other data listed above are used by us for the following purposes:

  • To ensure the establishment a smooth connection,

  • To ensure the comfortable/pleasant use of our website/app,

  • To evaluate system security and stability.

The data is stored for a period of 7 days and is then automatically deleted. Furthermore, we use so-called cookies, analytical tools, and targeting methods for our website, as explained in more detail below.

In order to make visiting our websites attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called ‘session cookies’). Other cookies remain on your end device and enable us or our partner companies to recognize your browser upon your next visit (so-called ‘permanent cookies’). Cookies do not contain malware. They cannot be used to access other files on your computer or to determine your e-mail address. If you want to learn more about cookies in general and how to manage them, please visit www.aboutcookies.org.

On our website, we distinguish between technically necessary (“essential”) cookies, functional cookies, and marketing cookies. Since you cannot use our website properly without essential cookies, they are always enabled. However, we set functional and marketing cookies only with your consent.

If we use cookies that are technically necessary (“essential”) for the provision of our websites, the legal basis for the processing of personal data using these cookies is Art. 6 Para. 1 lit. f GDPR.

Any further processing of personal data based on functional or marketing cookies will only take place if you have given us your consent to do so. The legal basis in this case is Art. 6 Para. 1 lit. a GDPR.

You can revoke your consent at any time with effect for the future and without providing justification by using our Cookie Consent Tool. The Cookie Consent Tool also provides detailed information about all cookies used on this website (such as their providers, the specific processing purposes, the data collected, and the cookie storage period). Furthermore, you can also give consent here for the first time or again if necessary.

In addition to using our Cookie Consent Tool, you can also disable or restrict the use of cookies by changing your internet browser settings. Cookies that have already been saved can be deleted at any time. This can also be automated. If cookies are deactivated for our websites, you may no longer be able to use all the functions of the websites to their full extent.

We use the aforementioned tool of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany, on our website for the purpose of consent management. The legal basis for the processing of personal data associated with this is Art. 6 Para. 1 lit. c GDPR, as this is necessary to fulfill our legal obligation in providing proof of consent for the use of cookies and comparable technology. Further information, for example concerning the scope of processing, as well as the data collected and the duration of data processing, and the privacy notices of the provider, can be accessed at any time in the Cookie Consent Tool.

Website optimization and marketing services

We use the services described in more detail below on our website in order to be able to ensure the needs-based design and ongoing optimization of our offer. Unless otherwise stated, the processing of your personal data within the scope of these services is based on your consent, Art. 6 Para. 1 lit. a GDPR.

Cloudflare

To protect against attacks and harmful bots, as well as to improve performance, we use the services from CloudFlare Inc, 101 Townsend St, San Francisco, CA 94107, USA, (“Cloudflare”) for our website. Cloudflare provides a Content Delivery Network (CDN) to increase transmission speed. Cloudfare also offers Internet security services and distributed DNS services (domain name servers) that act as reverse proxies for websites.

To perform the aforementioned services, Cloudflare collects the following data when you visit our website: Name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited webpage), IP address and the requesting provider.

The legal basis for the data processing is the protection of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR. These legitimate interests lie in the protection of our website from attacks and in increasing the performance of our website.

By using Cloudflare, there may be a transfer of personal data to the United States, which is currently considered a so-called unsafe third country within the meaning of the GDPR. In order to nevertheless ensure compliance with an appropriate level of data protection, we, and/or our processor Zendesk, have agreed with the provider on the validity of standard contractual clauses.

Further information, for example concerning the scope of processing, as well as the data collected and the duration of data processing, and the privacy notices of the provider, can be accessed at any time in the Cookie Consent Tool.

Cloudfront

In order to properly deliver the content of our website, we use Amazon Cloudfront, a service provided by Amazon Web Services LLC, 410 Terry Ave. North, Seattle, Washington 98109, USA (“Cloudfront”). Cloudfront provides a Content Delivery Network (CDN) to increase transmission speed.

For this purpose, Cloudfront collects the following data: Usage data, such as the name of the website accessed, the requesting provider, referrer URL (the previously visited webpage), file, date and time of access, amount of data transmitted, and notification of successful access, browser type and version, the user's operating system, and the user's IP address.

By using Cloudfront, there may be a transfer of personal data to the United States, which is currently considered a so-called unsafe third country within the meaning of the GDPR. In order to nevertheless ensure compliance with an appropriate level of data protection, we have agreed with the provider on the validity of standard contractual clauses.

The legal basis for the data processing is the protection of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR. These legitimate interests are based on the secure and efficient provision of our website.

Further information, for example concerning the scope of processing, as well as the data collected and the duration of data processing, and the privacy notices of the provider, can be accessed at any time in the Cookie Consent Tool.

Geolocation using MaxMind

In order to ensure that a visitor to our website is always shown the correct website for the visitor’s country (and, where applicable, the correct information on prices, value-added tax rates, etc.), we use geolocation software provided by MaxMind Inc. (14 Spring Street, 3rd Floor Waltham, MA 02451, USA). This software analyzes your IP address to determine your approximate location. Geolocation takes place exclusively on the basis of anonymized IP addresses. It is not possible to determine the exact location of the visitor to the website. The legal basis for the data processing is the protection of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR. Our legitimate interests are based on improving our website and promoting our business objectives, which we hope to achieve as a result.

Due to the transfer of data to the USA, where the level of data protection does not correspond with European standards, we have agreed with the service provider on the application and validity of EU standard contractual clauses to establish a sufficient level of data protection.

You can find more information about this by clicking the following link: https://support.maxmind.com/maxmind-gdpr-faqs/

Bugherd

In order to make the determination and resolution of technical errors on our website easier, we use Bugherd, a service provided by Splitrock Studio Pty Ltd, Suite 12A, 80-82 Kerlor Road, Essendorn North, VIC 3041, Australia (“Bugherd”).

Further information, for example concerning the scope of processing, as well as the data collected and the duration of data processing, and the privacy notices of the provider, can be accessed at any time in the Cookie Consent Tool.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). The responsible body for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, Ireland, 1600. Google Analytics uses cookies that allow for an analysis of your use of the website. The information generated about your use of this website is usually transmitted to a Google server in the USA and stored there.

Our website uses Google Analytics with the extension “anonymize IP”. This means that your IP address will be collected by the cookies placed by Google Analytics and will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. Google uses this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.

The legal basis for the processing of personal data using cookies is Art. 6 Para. 1 lit. a GDPR. You can revoke this consent at any time by changing your cookie settings as described above.

Furthermore, you can delete cookies that have already been set at any time in the settings of your browser. If you delete these cookies, you may no longer be able to use all the functions of the websites to their full extent.

If data is processed outside the EEA, where the level of data protection does not correspond with European standards, we have concluded EU standard contractual clauses with the service provider in order to establish an adequate level of data protection.

You can find more information concerning Google’s terms of use and privacy policy at www.google.com/analytics/terms/de.html or under www.google.com/intl/de/analytics/privacyoverview.html

Snowplow

On this website, technology from SnowPlow Analytics Limited, 17 Bevis Marks, Floor 6, London, EC3A 7LN, United Kingdom (www.snowplowanalytics.com), collects and stores data for marketing and optimization purposes.

We store this information in an anonymized user profile on the basis of your previously given consent (Art. 6 Para. 1 lit. a GDPR). The information collected is neither used to identify individual users nor merged with other individual user data.

Further information, for example concerning the scope of processing, as well as the data collected and the duration of data processing, and the privacy notices of the provider, can be accessed at any time in the Cookie Consent Tool. You can also revoke any previously given consent using this tool at any time.

If, as part of the use of Snowplow, data is transmitted to a third country outside the EU, such transmission will only take place if the requirements of Art. 44 GDPR are met, i.e., if there is an adequacy decision in accordance with Art. 45 GDPR regarding the third country in question, or if the application of standard contractual clauses has been agreed upon.

Hotjar

On the basis of your previously given consent (Art. 6 Para. 1 lit. a GDPR), we use Hotjar on this website in order to better understand the needs of our users and to optimize the offer on this website. Hotjar is a service provided by Hotjar Limited, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta. With the help of Hotjar's technology, we can have a better understanding of our users' experiences (e.g., how much time users spend on which pages, which links they click on, what they like and don't like, etc.) and this helps us align our offering with our users' feedback. Hotjar works with cookies and other technology to collect information about the behavior of our users and about their end devices (in particular, IP address of the device (collected and stored only in anonymized form), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for viewing our website). Hotjar stores this information in the form of a pseudonymized user profile. The information is not used by Hotjar or by us to identify individual users or merged with other individual user data.

Further information, for example concerning the scope of processing, as well as the data collected and the duration of data processing, and the privacy notices of the provider, can be accessed at any time in the Cookie Consent Tool. You can also revoke any previously given consent using this tool at any time.

On the basis of your previously given consent (Art. 6 Para. 1 lit. a GDPR), we use the service Google Ads on this website. Google Ads is an online advertising program from Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

This means we run text and video ads from Google Ads and use Google Remarketing and conversion tracking as part of this. The ads are displayed after search queries using web pages of the Google advertising network. Furthermore, we use ads remarketing lists for search ads. This allows us to customize search ad campaigns for users who have visited our website before. By using these services, we have the possibility to combine our advertisements with certain search terms or to display to previous visitors’ ads, for example, that advertise certain services that those visitors had viewed on our website previously. Therefore, we can display interest-based advertising to users of our website on other websites within the Google advertising network (as a “Google ad” within Google Search or on other websites).

An analysis of online user behavior is necessary for such interest-based offers. Google uses cookies to carry out this analysis. If you click on an ad or visit our website, a cookie is set on your computer by Google. The information collected by means of said cookie is used to directly and more precisely advertise to the visitor in a subsequent search query. Further information concerning such cookie technology can also be found in the information provided by Google concerning website statistics as well as in Google’s privacy policy. With the help of this technology, we, as a customer, and Google receive information that a user has clicked on an ad and has been redirected to our website. The information obtained by doing this is used exclusively for statistical evaluation in order to optimize our ads. We do not receive information that can personally identify visitors. Your IP address will be transmitted to Google; however, since we use Google Analytics IP masking on this website, your IP address will be anonymized. The statistics provided to us by Google include the total number of users who clicked on one of our ads and, if applicable, whether they were redirected to a webpage on our website that had a conversion tag. On the basis of these statistics, we can track which search terms led to our ads being clicked on more often and which ads lead to the user contacting us via the contact form.

If data is processed outside the EEA, where the level of data protection does not correspond with European standards, we have concluded EU standard contractual clauses with the service provider in order to establish an adequate level of data protection.

Further information, for example concerning the scope of processing, as well as the data collected and the duration of data processing, and the privacy notices of the provider, can be accessed at any time in the Cookie Consent Tool. You can also revoke any previously given consent using this tool at any time.

If you have a Google account, you can also change settings there regarding the use of your personal data within the framework of personalized advertising.

Google Tag Manager

For reasons of transparency, we would like to point out that we use Google Tag Manager from Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible body for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

By using Google Tag Manager, we can implement a user interface for the incorporation of tracking code sections that we use on our website without programming and manage them more efficiently. These so-called tags are small pieces of code that allow certain tools to measure traffic and visitor behavior, track the effects of online advertising and social channels, set up remarketing and create target groups, and test and optimize websites, among other things.

The Google Tag Manager does not set any cookies and does not collect or store any personal data. It is simply the transport layer of the implemented tags and scripts. The data is forwarded in the Google Tag Manager to the target systems of the implemented tags (i.e., tools such as Google Analytics). If you would like to learn more about the processing of personal data, please see the respective sections of this Data Protection Notice.

For more information about Google Tag Manager please see: https://www.google.com/intl/de/tagmanager/use-policy.html.

YouTube Video

If you give us your consent to do so, we shall use the services of YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a subsidiary of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website in order to play video content. For those users who are habitually resident in the European Economic Area or Switzerland, Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, is the controller of your data.

The respective videos are located on the servers of the service provider, from where they are retrieved upon request. If you access a page on which a YouTube video is embedded, a connection to the YouTube servers will be established (provided that you have given your prior consent). This requires the transmission of your IP address, and the content is then displayed on the website. If you actively start the video, this information is also transmitted to YouTube.

If you are logged in to a YouTube account at that time, the information about the videos that you watch will be assigned to that YouTube account. You can prevent this by logging out of your YouTube account before visiting our website.

If data is processed outside the EEA, where the level of data protection does not correspond with European standards, Google, according to information provided by Google, uses standard contractual clauses in order to establish an adequate level of data protection.

The aforementioned data processing only takes place if you have explicitly consented in accordance with Art. 6 Para. 1 lit. a GDPR.

Further information, for example concerning the scope of processing, as well as the data collected and the duration of data processing, and the privacy notices of the provider, can be accessed at any time in the Cookie Consent Tool. You can also revoke any previously given consent using this tool at any time.

Soundcloud

We use Soundcloud on our websites, an online audio distribution platform and music exchange service provided by SoundCloud Global Limited & Co. KG, Rheinsberger Str. 76/77, 10115 Berlin, Germany. Here, data processing is based on your consent (Art. 6 Para. 1 lit. a GDPR). We would like to inform you that we, as the provider of the websites, have no knowledge of the content of the transmitted data or how it is used by SoundCloud. For more information, please see SoundCloud's Privacy Policy at: https://soundcloud.com/pages/privacy.

Google Fonts

For the uniform display of fonts on our website, we use Google Fonts from Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

When you visit our website, the necessary data is loaded into your browser’s cache so that the texts and fonts can be correctly displayed. A connection to the Google servers is required for this, and such a connection may result in the transmission of personal data, in particular your IP address, to the servers of Google LLC in the USA. Google Fonts are transmitted to your browser's cache in order to avoid multiple loadings of the same data. If your browser does not support web fonts or prevents access, a default font will then be used by your computer.

Google Fonts are used in order to present our online offers in a uniform and appealing manner. The legal basis for this is the protection of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR.

If data is processed outside the EEA, where the level of data protection does not correspond with European standards, we have concluded EU standard contractual clauses with Google in order to establish an adequate level of data protection.

For more information about Google Fonts, please see https://developers.google.com/fonts/faq and Google's Privacy Policy: https://www.google.com/policies/privacy/

Adobe Fonts (Typekit)

For the uniform display of fonts, we use so-called web fonts from Adobe Systems Software Ireland Limited (Adobe Ireland). When you visit a webpage, your browser loads the required web fonts into the browser’s cache in order to correctly display texts and fonts. In order to do so, the browser that you use must connect to Adobe's servers. Adobe will then know that your IP address has been used to access our website. Adobe Fonts are used in order to present our online offers in a uniform and appealing manner. The legal basis for this is the protection of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR.

If data is processed outside the EEA, where the level of data protection does not correspond with European standards, any such data transfer shall then be made on the basis of standard contractual clauses that are approved by the European Commission.

For more information about data protection with regard to Adobe Fonts or at Adobe, please visit: https://www.adobe.com/de/privacy/policies/adobe-fonts.html and https://www.adobe.com/de/privacy/policy.html.

Furthermore, you can change your browser settings so that the fonts are not loaded from Adobe servers (for example, you can install add-ons such as NoScript or Ghostery). If your browser does not support Adobe fonts or you disable any access to Adobe servers, the text will be displayed using your system’s default font.

Facebook conversion tracking pixel

We use the Custom Audiences service of Meta Platforms, Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA (hereinafter referred to as "Facebook") as part of our usage-based online advertising. For this purpose, we define target groups of users in the Facebook Ads Manager based on certain characteristics, who will subsequently be shown ads within the Facebook network. Users are selected by Facebook based on the profile information they provide and other data provided through their use of Facebook. If a user clicks on an advertisement and subsequently arrives on our website, Facebook receives the information that the user has clicked on the advertising banner via the Facebook pixel embedded on our website.

In principle, a non-reversible, non-personal checksum (hash value) is generated from your usage data and transmitted to Facebook for analytical and marketing purposes. A Facebook cookie is placed in the process. This records information concerning your activities on our website (e.g., surfing behaviour, subpages visited, etc.). Your IP address is also stored and used for the geographic targeting of advertising.

We do not use either Facebook Custom Audiences via the customer list nor the “advanced matching” function.

For more information about the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your settings options for the protection of your privacy, please refer to Facebook's privacy policy. You can also change the settings in Facebook's account settings to limit the kind of advertising that is shown to you on Facebook.

Your consent is the legal basis for the collection of data. You can revoke your consent at any time and with effect for the future, for instance by changing your cookie settings for data collection by the Facebook pixel here.

We store the data collected by Facebook’s conversion tracking pixel for 90 days.

Joint responsibility:

Steinberg Media Technologies GmbH and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, are jointly responsible for the collection and transfer of data as part of this process. We have concluded an appropriate agreement with Facebook to regulate this joint responsibility, which can be accessed here: https://www.facebook.com/legal/controller_addendum. This agreement defines the respective responsibilities for the fulfilment of the obligation pursuant to the GDPR in respect of the joint responsibility. The contact details and details of Facebook’s Data Protection Officer can be viewed here: https://www.facebook.com/about/privacy.

Optimizely

We are currently using the web analytics service known as Optimizely, operated by Optimizely, Inc., 631 Howard Street, Suite 100 San Francisco, CA 94105, USA. Optimizely offers a test method to improve website design (A/B and multivariant tests).

This method tests an original version of our website against an altered version to establish which of them is more attractive and effective for you. Optimizely uses cookies in this process. The data recorded by the cookie are generally transferred to an Optimizely server in the USA and stored there. The cookies expire after six months and do not record personal data. When you visit our website, technical information is also evaluated by Optimizely based on the data transmitted by your browser (for example, browser type/version, operating system used, web pages visited on our site including duration of stay, previously visited web page). Your IP address is processed only in anonymised form: IP addresses are truncated before they are transferred to a server in the USA. A direct personal reference in connection with the stored data is thus generally excluded.

The purpose of the data processing is to analyse user behaviour for optimisation and marketing purposes. Pseudonymised user profiles extracted from the same data can be created and evaluated for the same purpose.

Insofar as data are processed outside the territory of the European Union in countries where there is no level of data protection corresponding to the European standard, we have concluded EU-standard contractual clauses with the service provider to establish a secure level of data protection.

You can read Optimizely’s privacy policy here: https://www.optimizely.com/privacy/.

Data collection and storage always require express prior consent pursuant to Art. 6 (1)(1)(a) GDPR. This can be withdrawn at any time with effect for the future.

When purchasing through our website

If you decide to purchase one of the products presented to you here during your visit to our website, you will be redirected to the pages of our sales partner, FastSpring, when you press the “Buy now” button. FastSpring acts as the seller of the respective product and is therefore your contractual partner if you complete your order.

When you are transferred from our website to the website of our sales partner, only the data mentioned above in "Accessing our website" and the product selection you have made are transmitted:

  • Date and time of access,
  • URL (address) of the referring webpage,
  • Retrieved file,
  • Amount of data sent,
  • Browser type and version,
  • Operating system,
  • The IP address of the requesting Internet-enabled device

This is technically necessary in order to continue the order process. The legal basis for the data processing is therefore Art. 6 Para. 1 P. 1 lit. b GDPR.

As you proceed with your order, other personal data, such as your name or address and payment data, will be collected from you in order to be able to accept and execute your order. Our sales partner, FastSpring, is the controller under data protection law and within the meaning of Art. 4 No. 7 GDPR and is responsible for the processing of your data after you have been forwarded to the webpages of FastSpring.

If you would like to learn more about how we handle your personal data when making a purchase through our website, please review the Privacy Policy of FastSpring, which is available at https://fastspring.com/fastspring-privacy-policy-germany/.

MySteinberg Customer Account / Steinberg ID

You can apply for your personal Steinberg ID via our website and thereby gain access to our personal customer area (“MySteinberg Portal”). This customer area gives you access to an overview of your Steinberg products, including any updates or upgrades available for them, and direct access to customer support, the Steinberg forums, and other functionalities.

In order to set up a customer account, you will initially only need to provide a valid e-mail address, a secure password, and your first and last name. By doing so we are better able to help you, for example, if you are unable to access or lose access to your customer account or if you wish to register a product along with its corresponding license data. Any further information may be added on a voluntary basis. You must also be at least 16 years of age or provide us with proof of parental consent.

The creation of a customer account or your personal Steinberg ID is required for downloading and registering your Steinberg products. Furthermore, it is also required if you wish to receive support, updates, and upgrades or if you voluntarily use other Steinberg services, e.g., the Steinberg forum. Registration is a prerequisite for the use of numerous products. Only in this way is it possible for us to protect our software and services from unlawful copying and use.

The legal basis for the processing of personal data associated with your Steinberg ID and MySteinberg customer account is the fulfillment of the contract concluded with you (Art. 6 Para. 1 lit. b GDPR).

The details of your customer account will be stored until the customer account is deleted. If you have provided voluntary information, you can delete or change this yourself in your customer area at any time. Data collected as part of a request to create a user account will be automatically deleted no later than 48 hours after the creation of the customer account, unless the user has confirmed the creation of the customer account by then upon request by e-mail.

Your customer account data is partially processed by the third-party service provider Amazon Web Services LLC, 410 Terry Ave. North, Seattle, Washington 98109, USA. However, the storage of this data is done exclusively on servers within Germany. If personal data is nevertheless transmitted to the USA, we have concluded standard contractual clauses with Amazon in order to ensure Amazon’s compliance with an appropriate level of data protection.

Furthermore, your customer account data is also partially hosted by the third-party service provider ForgeRock Ltd, Avon, 60 Queen Square, Bristol BS1 4JZ, United Kingdom. However, the storage of this data is done exclusively on servers within Germany. If, in this context, data is transmitted to a third country outside the EU, such transfer will only take place if the requirements of Art. 44 GDPR are met, i.e., if there is an adequacy decision in accordance with Art. 45 GDPR regarding the third country in question, or, for example in the case of US subcontractors, the application of standard contractual clauses has been agreed upon with ForgeRock.

Newsletter

If you sign up for our newsletter, then we will send you news from Steinberg and information about special offers, promotions, and events. The legal basis for sending the aforementioned newsletter is your consent in accordance with Art. 6 Para. 1 P. 1 lit. a GDPR. We can also provide existing customers with relevant information by e-mail under the conditions set out in § 7 Para. 3 of the German Unfair Competition Act (UWG). We use Episerver GmbH, Wallstraße 16, 10179 Berlin, Germany, as a service provider for sending our newsletter. Your data will not be passed on to third parties for advertising purposes.

If you wish to sign up for our newsletter, we use the so-called double-opt-in procedure. This means that after your registration, we will send an e-mail to the e-mail address that you provided. In that e-mail we ask that you confirm that you wish to receive the newsletter. If you do not confirm that you signed up for the newsletter, then your information will be automatically deleted after two days.

We will store your IP address at the time of registration, as well as the time of registration and confirmation, for up to three years after registration (period of limitation) – unless you have interacted with the newsletter e-mail in the meantime (see below for more details). The purpose of this procedure is to be able to prove that you signed up for the newsletter in case of any doubt and, if necessary, to clear up any misuse of your personal data. The legal basis for logging your registration is our legitimate interest, pursuant to Art. 6 Para. 1 P.1 lit. f GDPR, in proving that you formerly gave your consent (see also Art. 7 Para. 1 GDPR).

You can revoke your consent to receive the newsletter and unsubscribe at any time. You can unsubscribe by clicking on the link provided in every newsletter e-mail.

In order to provide you with relevant information, we may collect data concerning your opening of the newsletter, your click behavior when registering products, any website purchases, and your behavior when visiting our website, as well as the information you provided. This is done in order to create newsletter campaigns. In order to carry this out, the e-mails sent contain so-called web beacons or tracking pixels and, if applicable, personalized links that are stored on our server and loaded only when the newsletter is opened or the link is clicked.

We create a user profile using data obtained in order to customize the newsletter to your individual interests. In doing so, we collect data concerning when you read our newsletters, as well as which links you click on in them, and then deduce your personal interests from this. We link this data to your activity on our website.

The legal basis for this data processing is your consent (Art. 6 Para. 1 P.1 lit. a GDPR).

You can revoke your consent at any time with effect for the future. Any such revocation includes the subscription to the newsletter, as a separate revocation concerning tracking is unfortunately not technically possible. You may simply click the unsubscribe link provided in each e-mail to do so.

MySteinberg Support

If you request assistance regarding your products by using the MySteinberg Support Portal (accessible within your customer account), the transmission of the following personal data is required: Title, first name, last name, request/issue, e-mail address, consent. This also applies if you contact MySteinberg Support by phone.

We use the Zendesk service offered by Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103, USA, to provide support. Support tickets are created through this service, which our staff and you, as a registered user of our products, can use to summarize the status of your request at any time (and our staff can launch further steps if necessary). The legal basis for the processing of personal data associated with this service is the protection of our legitimate interest in providing fast and efficient support for the users of our products (Art. 6 Para. 1 lit. f GDPR), as well as Art. 6 Para. 1 lit. b GDPR (if applicable), to the extent that either your request seeks to conclude a contract or such data processing is necessary for the fulfillment of a contractual relationship that exists between us.

We have entered into a Data Processing Agreement with Zendesk and agreed that your personal data will be hosted exclusively on servers in Germany (Frankfurt/Main). If data is nevertheless transmitted to a so-called unsafe third country, we have agreed with Zendesk on the validity of standard contractual clauses. Furthermore, Zendesk has a company-wide privacy policy (so-called Binding Corporate Rules (BCR)) that have been approved by the Irish supervisory authority and that are available here.

For more information about data protection at Zendesk, please visit: https://www.zendesk.de/company/privacy-and-data-protection/

Steinberg Forum

We operate a forum at https://forums.steinberg.net/, where our users can exchange information about various topics from the world of Steinberg, in particular about our individual products. If you wish to register for the forum, you need a Steinberg ID (see above) and a username of your choosing. Furthermore, additional information (biographical information, geolocation, birthday) can voluntarily be added.

If you submit a post in the forum, it will be posted in the respective thread for all visitors of the forum to see. Other users of the forum may reply to your post or ‘like’ or ‘share’ the post. Any contribution posted in our forum is stored permanently. The processing of your user data and the contributions published by you in the forum is based on Art. 6 Para. 1 lit. b GDPR (for the fulfillment of the contract concluded between us concerning the use of the MySteinberg customer account).

Furthermore, if you publish a post, your IP address will be stored. This is done so that the author of any inappropriate or illegal content can be identified (for which we as the operator of the offer can be held responsible) if necessary. The legal basis for this is Art. 6 Para. 1 lit. f GDPR. Our legitimate interests lie in the prevention and, if necessary, prosecution of illegal content posted by individual users.

We rely on the services of the provider Civilized Discourse Construction Kit, Inc, 8 The Green Suite #8383, Dover, DE 19901, United States, to provide the forum. By using Civilized Discourse Construction Kit, Inc. there may be a transfer of personal data to the United States, which is currently considered a so-called unsafe third country within the meaning of the GDPR. In order to nevertheless ensure compliance with an appropriate level of data protection, we have agreed with the provider on the validity of standard contractual clauses.

For more information about data protection at Civilized Discourse Construction Kit, Inc., please visit: https://www.discourse.org/privacy

Dorico Subdomain (including blog)

Under the URL https://blog.dorico.com there is a product subpage for our software “Dorico” This subpage was created with WordPress and has a blog. The following personal data is processed as a result (please note: this only relates to the Dorico subpage):

Blog

Users can comment on our articles and the contributions of other users as part of interacting with the blog posts. In order to do so, you only need to provide a username and a valid e-mail address. The specification of a website is optional.

Any comment posted to an article or to another comment will be posted in the respective thread for all visitors of the blog to see. Other users of the blog can reply to this. Any comments posted in our forum are stored permanently. The processing of your user data and the contributions published by you in the forum is based on Art. 6 Para. 1 lit. b GDPR Such processing is necessary for the comment function to be used by you within the framework of the Terms of Use of our website.

Furthermore, if you comment, your IP address will be stored. This is done so that the author of any inappropriate or illegal content can be identified (for which we as the operator of the offer can be held responsible) if necessary. The legal basis for this is Art. 6 Para. 1 lit. f GDPR. Our legitimate interests lie in the prevention and, if necessary, prosecution of illegal content posted by individual users.

Gravatar

We use the service Gravatar of Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, as part of the comment function of our blog. A Gravatar is a Globally Recognized Avatar (a user image available worldwide) that can be associated with an e-mail address and used in various online services. By using Gravatar you may personalize your posts by including a profile picture.

The use of the functionalities of Gravatar requires that you have previously registered with the provider Automattic Inc. and registered your e-mail addresses that will be associated with a Gravatar. When you post on our blog, the e-mail address you use for this purpose is sent in hashed form to Automattic's servers, where it is matched with the hashed e-mails of registered users. If your e-mail is associated with a Gravatar, the Gravatar that you have chosen for that respective e-mail address will then be displayed on our blog. If you do not wish for this to happen, you will have to leave a comment under an e-mail address that is not registered with Gravatar. Nonetheless, data such as technical and device-related data, in particular your IP address, will be transmitted to the USA. We would like to point out that the USA is currently classified as a so-called ‘Unsafe Third Country’ that does not offer a level of data protection that complies with the requirements of the European Union.

The legal basis for the aforementioned processing of personal data, including the transmission of data to the USA, is your previously given consent pursuant to Art. 6 Para. 1 lit. a GDPR. You may revoke this consent at any time with effect for the future by removing the corresponding checkmark from the consent checkbox.

For more information about data processing at Automattic, please see their Privacy Policy at: https://automattic.com/privacy/.

Akismet Anti-Spam

We use the service “Akismet” provided by Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. By using this service we are able to distinguish comments posted by real people from spam comments. In order for this to be carried out, all data pertaining to comments is sent to an Automattic server in the USA, where it is analyzed and stored for four days for comparative purposes. If a comment is classified as spam, then the data pertaining to that comment will be stored beyond this period. We would like to point out that the USA is currently classified as a so-called ‘Unsafe Third Country’ that does not offer a level of data protection that complies with the requirements of the European Union.

The following information is processed: Name, e-mail address, IP address, the content of the comment, referrer, browser used, time of posting, operating system used by the end device. You can partially prevent the collection of such data by not providing your name or e-mail address when commenting or by using pseudonyms. Alternatively, you would have to refrain from posting any comments.

The legal basis for the aforementioned processing of your personal data, including the transmission of data to the USA, is your previously given consent pursuant to Art. 6 Para. 1 lit. a GDPR. More information about the collection and use of data by Akismet can be found in the Privacy Policy of Automattic: https://automattic.com/privacy/.

Jetpack (WordPress Stats)

We use the plug-in Jetpack (here the sub-function “Wordpress Stats”) of Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, for the statistical analysis of visitor access to our website. Jetpack uses so-called “cookies”. Cookies are text files that are placed on your computer to help with the analysis of how users use the website.

This allows for user profiles to be created from the processed data, whereby these user profiles are only used for analytical purposes and not for marketing purposes. The information generated by the cookie about your use of the Dorico webpages is stored on a server in the USA. We would like to point out that the USA is currently classified as a so-called ‘Unsafe Third Country’ that does not offer a level of data protection that complies with the requirements of the European Union.

The legal basis for the aforementioned processing of personal data, including the transmission of data to the USA, is your previously given consent pursuant to Art. 6 Para. 1 lit. a GDPR. Further information, for example concerning the scope of processing, as well as the data collected and the duration of data processing, and the privacy notices of the provider, can be accessed at any time in the Cookie Consent Tool. You can also revoke any previously given consent using this tool at any time.

Trial Versions

We generally provide free trial versions of some of our software products. You can download these trial versions from our website after creating a Steinberg ID. Trial versions can be used only for a limited period of time. In order to create your Steinberg ID, you must have a valid e-mail address and create a password (see above).

We store your e-mail address, along with information pertaining to the trial version that was downloaded via said e-mail address, for a certain period of time in order to be able to effectively exclude multiple uses of the trial versions. The processing of the personal data that you provided for the provision of trial versions is based on Art. 6 Para. 1 lit. b GDPR.

The installation and use of a trial version may also require a so-called eLicenser (our software/hardware-based license management tool). This is a further, technical step that helps us ensure that your use of our respective (trial) software is authorized and that enables us to verify your (trial) license without obtaining any personal data from you.

Linking to Social Media Platforms (fan pages)

There are Steinberg profiles (fan pages) on some of the online platforms of third-party providers (such as Soundcloud, Facebook, Instagram, Twitter or YouTube). Users of these platforms may publish their own content concerning our products (e.g., comments). We expressly refer to the terms of use of the respective third-party providers, as well as to the corresponding privacy policies.

Our website contains links to the corresponding Steinberg profiles that are hosted with these third-party providers (recognizable by the respective icon of the third-party provider). These are not so-called ‘social plug-ins’, but simple links. Therefore, simply visiting our website does not initiate the transmission of data with the websites of these third-party providers. Data will only be transmitted if you decide to access the corresponding third-party service by clicking one of the aforementioned icons. Please refer to the privacy policies of the respective providers for more information concerning the processing of your personal data that is carried out there.

VST Transit (VST Connect)

VST Transit is a platform of Steinberg Media Technologies GmbH that allows you to exchange and store data regarding your projects with a third party online. In addition to the limited free storage, optional paid storage is offered by Steinberg. You can access VST Transit through your MySteinberg customer account.

When using the platform, we will process not only the specific project data that you share with third parties through VST Transit, which also includes messages exchanged between project partners, but also your access data. The legal basis for this data processing is Art. 6 Para. 1 lit. b GDPR. Your data will be stored unless you delete it or cancel your customer account with us. Data processing is carried out in accordance with the specifications relating to your MySteinberg customer account.

Statistical evaluations

We use data from your transactions in our online store to generate statistical evaluations in order to further development our products and (store) website.

Therefore, if you make a purchase from our sales partner, FastSpring, we will receive data from them relating to your purchase. We use this data, in particular information concerning the person of the buyer, which includes the address, and the products purchased, to create and carry out statistical analyses.

These statistical analyses are used to improve and further develop the products and services that we offer, as well as to make sales forecasts. In order to prepare these statistical analyses, personal data is used to the extent necessary for the above purposes. If possible, the data will be pseudonymized or anonymized before it is analyzed. The results of the analyses are exclusively used in aggregated form. Customer-related or customer-specific analyses are not carried out unless the customer has expressly consented to this.

The legal basis for the processing of the data specified above is Art. 6 Para. 1 P. 1 lit. f GDPR. Our legitimate interests lie in maintaining the competitiveness of our products vis-a-vis out competitors and improving our sales.

We have concluded an agreement on joint responsibility with our distribution partner FastSpring. This transparently regulates which partner fulfills which obligations arising from the GDPR.

Recipients of your Data

We only transmit your data to third parties if this is necessary for the fulfillment of our business purposes, or if you have consented to this, or if the transmission is required by law.

We transmit personal data to third parties if it is related to the purchase of our products through the online store (store and payment service providers), or if it is necessary for the provision of customer support services (support ticketing system), or if the purpose of the transmission is to support marketing activities (e.g., marketing platforms and newsletter service providers). Furthermore, we may transmit personal data to public bodies and institutions (tax offices, governmental authorities, customs offices) if there is a legal obligation to do so, or to legal advisors and collection agencies for the purpose of following up on and enforcing contractual claims.

Further details about the recipients of your data and about the guarantees applicable for the protection of your data if transmitted to a third country can be found in the individual processing situations found in this Data Protection Policy.

Data Deletion and Storage Period

We process and store your personal data to the extent necessary and only for the duration of our business relationship, which includes, but is not limited to, the initiation and execution of a contract, or for the regular limitation period of three years in order to defend ourselves against or assert our legal claims.

Furthermore, we are subject to various retention and documentation obligations set forth in the German Commercial Code (HGB) and the German Fiscal Code (AO) among others. The retention periods specified therein are six to ten years. During this time, the processing of data is restricted. The obligation to retain data begins at the end of the calendar year in which the offer was made or the contract was fulfilled. Therefore, accounting documents relevant to commercial or tax law are retained for ten years and contractual and tax-relevant documents for at least six years.

IP addresses are usually stored temporarily for the purpose of establishing a connection or for verification purposes, insofar as we use them for website optimization or for marketing purposes. If this is the case, they are immediately anonymized and processed only in anonymized form. The functional duration of the cookies used is limited to a maximum of two years (exemptions can be found above).

Forum data and posts are valuable contributions within the Steinburg customer community. Therefore, we store such data until you either delete your posts or your forum user account or Steinberg deletes the forum.

Your Rights

You have the right:

  • to request access to information about your personal data processed by us in accordance with Art. 15 GDPR;

  • to demand the rectification of incorrect or completion of your personal data stored by us in accordance with Art. 16 GDPR;

  • to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR;

  • to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR;

  • to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request the transfer to another controller in accordance with Art. 20 GDPR;

  • (i) to object under certain conditions to the processing of your personal data carried out on the basis of Art. 6 Para. 1 lit. e GDPR (in the public interest) or on the basis of Art. 6 Para. 1 lit. f GDPR (for the protection of a legitimate interest), or (ii) object to the processing for direct marketing purposes in accordance with Art. 21;

  • to revoke any previously given consent at any time in accordance with Art. 7 Para. 3 GDPR . This also applies to the revocation of any declarations of consent given to us before the applicability of the General Data Protection Regulation, that is before May 25, 2018. By doing so, we may no longer continue to process your data based on your previously given consent; however, the lawfulness of the data processing that was carried out on the basis of your consent up until its revocation remains unaffected by the revocation;

  • to complain to a supervisory authority in accordance with Art. 77 GDPR.

In order to assert any of the aforementioned statutory rights of data subjects and for all other questions regarding data processing, please contact Steinberg Media Technologies GmbH in writing at the address provided below or by e-mail to privacy@steinberg.de. You may exercise any of the above rights free of charge.

To request the erasure of data, as well as to revoke your consent, please contact: info@steinberg.de

Right of Objection

Pursuant to Art. 21 Para. 1 GDPR, you have the right to object, at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6 Para. 1 lit. f GDPR. This also applies to profiling based on this regulation. When exercising your right to object, you must provide us with your personal reasons as to why we should not process your personal data. We will review your objection and either stop or adjust the data processing or show you compelling legitimate grounds on our part on the basis of which we may continue the processing.

If personal data relating to you is processed on the basis of Art. 6 Para. 1 lit. f GDPR for the purpose of direct marketing, you have the right, pursuant to Art. 21 Para. 2 GDPR, to object, at any time and without providing justification, to the processing of personal data relating to you for the purpose of such direct marketing. This also applies to profiling if it is associated with direct marketing. If you object to data processing for the purpose of direct marketing, we will no longer process the personal data concerning you for the purpose of direct marketing.

To exercise your right to object, simply send an e-mail to privacy@steinberg.de.

For the various types of data processing, different specific technical options may exist for exercising your right of revocation or objection. We have already informed you about this in the explanation of the respective data processing measures that are carried out.

Changes to this Data Protection Notice

We revise our data protection information when changes are made to this website or on other occasions that make it necessary to do so. Therefore, you should visit this website regularly to keep yourself informed about the current status of this Data Protection Notice. You can find our current data protection information at any time online at https://www.steinberg.net/de/extras/datenschutz.html.