Privacy Policy
Introduction and Overview
We have drafted this Privacy Policy (version 06/10/2023-112637638) to explain, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (shortened to "data") we, as the data controller, and our processors (e.g., providers) process, will process in the future, and what legal rights you have. The terms used in this policy are gender-neutral.

In a nutshell: We provide you with comprehensive information about the data we process about you, using language that is simple and transparent. While privacy policies are often technical and use legal jargon, our aim is to make this information as clear as possible. Technical terms, where necessary, are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We are committed to informing you in clear and simple language that we only process personal data within the scope of our business activities when there is a legal basis for doing so. This clarity would not be possible if we provided vague, unclear, and legally technical explanations, which are often standard on the internet when it comes to privacy. We hope you find the following explanations interesting and informative, and perhaps you'll discover some information you didn't know before. If you still have questions, we kindly ask you to contact the responsible entity mentioned below or refer to the information provided in the imprint. Our contact details can also be found in the imprint.

Scope

This Privacy Policy applies to all personal data processed by us in the company and all personal data processed by companies we have commissioned (data processors). By personal data, we mean information as defined in Article 4(1) of the GDPR, such as a person's name, email address, and postal address. The processing of personal data enables us to offer and invoice our services and products, whether online or offline. The scope of this Privacy Policy includes:

- All online presence (websites, online shops) we operate.
- Social media presence and email communication.
- Mobile apps for smartphones and other devices.

In short: The Privacy Policy applies to all areas where personal data in the company is processed via the mentioned channels. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Basis

In the following Privacy Policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which allow us to process personal data.

Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679.

We only process your data if at least one of the following conditions applies:

- Consent (Article 6(1)(a) GDPR): You have given us consent to process data for a specific purpose. An example would be storing your entered data from a contact form.
- Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we enter into a purchase contract with you, we need personal information beforehand.
- Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obligated to keep invoices for accounting purposes. These invoices typically contain personal data.
- Legitimate interests (Article 6(1)(f) GDPR): In case of legitimate interests that do not infringe upon your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically efficiently. This processing constitutes a legitimate interest.

Other conditions, such as the exercise of public interest or public authority and the protection of vital interests, usually do not apply to us. If such a legal basis should be relevant, it will be indicated at the respective point.

In addition to the EU Regulation, national laws also apply:

- In Austria, this is the Federal Act concerning the Protection of Personal Data (Datenschutzgesetz), abbreviated as DSG.
- In Germany, the Federal Data Protection Act (Bundesdatenschutzgesetz), abbreviated as BDSG, applies.

If additional regional or national laws come into play, we will inform you in the following sections.

Contact Details of the Controller

If you have any questions about data protection or the processing of personal data, you will find below the contact details of the responsible person or entity:
Alexander Lill
Email: alexlillaudio@gmail.com

Storage Duration

We only store personal data for as long as it is absolutely necessary to provide our services and products. This is our general criterion. It means that we delete personal data as soon as the purpose for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased, for example, for accounting purposes.

If you wish to delete your data or revoke your consent for data processing, the data will be deleted as soon as possible, provided there is no obligation to store it.

We will inform you below about the specific duration of each data processing, if we have further information on this.

Rights according to the General Data Protection Regulation

According to Articles 13 and 14 of the GDPR, we inform you about the following rights that you have to ensure fair and transparent data processing:

- According to Article 15 GDPR, you have the right to obtain confirmation as to whether or not we process data about you. If this is the case, you have the right to receive a copy of the data and to know the following information:
  - The purpose of the processing.
  - The categories, i.e., the types of data being processed.
  - Who receives this data, and if the data is transferred to third countries, how security can be guaranteed.
  - How long the data will be stored.
  - The right to rectification, erasure, or restriction of processing, and the right to object to processing.
  - The right to lodge a complaint with a supervisory authority (links to these authorities can be found below).
  - The origin of the data, if we did not collect it from you.
  - Whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile of you.
- According to Article 16 GDPR, you have the right to rectify data, meaning we must correct data if you find errors.
- According to Article 17 GDPR, you have the right to erasure ("right to be forgotten"), meaning you can request the deletion of your data.
- According to Article 18 GDPR, you have the right to restriction of processing, meaning we may only store the data but not use it further.
- According to Article 20 GDPR, you have the right to data portability, meaning we provide you with your data in a common format upon request.
- According to Article 21 GDPR, you have the right to object, which, when enforced, leads to a change in processing.
  - If the processing of your data is based on Article 6(1)(e) (public interest, exercise

of public authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
  - If data is used for direct marketing, you can object to this type of data processing at any time. We are not allowed to use your data for direct marketing after that.
  - If data is used for profiling, you can object to this type of data processing at any time. We are not allowed to use your data for profiling after that.
- According to Article 22 GDPR, under certain circumstances, you have the right not to be subject to a decision based solely on automated processing (e.g., profiling).
- According to Article 77 GDPR, you have the right to lodge a complaint. This means you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible entity listed above!

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).