Sirius Music Communications GmbH
represented by managing directors Sebastian Riegelbauer & Charlotte Dryander
Paul-Lincke-Ufer 39/40, 10999 Berlin
email: mail@sirius.video
Sebastian Riegelbauer
email: legal@sirius.video
Last name, first name, address
Company, registry data, authorized representatives
Communication data, payment data
To establish or coordinate the details of the user agreement, additional services and all related concerns.
As part of contacting us to initiate a contract for the use of the Sirius video platform to provide music lessons
The collection is carried out on the basis of Article 6 (1) b) GDPR
Session cookie/log files with the following data: Information about the language and version of the browser software used, the user's operating system and its interface, the user's IP address, date and time of the request, content of the request, access status/HTTP status code, amount of data transferred in each case, websites from which the user's system accesses our website is stored as referrers.
The legal basis for the temporary storage of data and log files on the delivery servers is Art. 6 para. 1 lit. e DSGVO in conjunction with Section 3 BDSG-neu. This serves to ensure operation and protect against attacks (e.g. DDOS).
Cookie Consent Opt-In/Opt-Out Permanently Per Browser Version
This cookie is used to manage cookie opt-in by the user.
Flash cookies to play media content per browser
Payment service provider integration without user analysis
AccessToken for encrypted identification as part of the LoginRefreshToken when logging out and for re-identificationROMURL manages the URL of the last video session room set up by the user password manages the access password for the last video session set up
These are technically necessary cookies, which do not require consent via a cookie consent banner, but are used on the basis of Art. 6 para. 1 lit. b GDPR to manage users and video sessions and are stored for the duration of the contract period or registration as well as for legitimate purposes and within the scope of the storage obligations incumbent on us.
Live chat, messenger services for user communication
The content of the live chat and all files shared in it are automatically deleted for all participants at the end of the respective video session. As a result, the content is no longer available when the video session is called up again.
paddle.com cookie
Through our contract manager Paddle.com, we use external payment service providers whose platforms users and we can use to make payment transactions. Registered users have the option of taking out a paid subscription with us. The information about the status of the payment (confirmation or payment failure) is sent to us via the cookie used by Paddle.com to activate the user account. We do not receive or process any account or credit card related information.
External payment processing
You choose the desired payment service provider during the booking process and their data protection and usage conditions apply (e.g.: PayPal (www.paypal.com/de/webapps/mpp/ua/privacy-full), Visa (www.visa.de/datenschutz), Mastercard (www.mastercard.de/de-de/datenschutz.html), American Express (www.americanexpress.com/de/content/privacy-policy-statement.html). As part of the fulfilment of contracts, we use payment service providers on the basis of Art. 6 para. 1 lit. b. GDPR and Art. 6 para. 1 lit. f. GDPR to offer our users effective and secure payment options. The data processed by payment service providers includes inventory data, such as name and address, bank details, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, sum and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by payment service providers and stored by them. This means that we do not receive any account or credit card information, but only information with confirmation or failure of the payment. Payment service providers may transfer the data to credit agencies. The purpose of this transfer is to verify identity and credit. In this regard, we refer to the terms and conditions and privacy policies of the payment service providers. Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which are available within the respective websites or transaction applications. We also refer to these for further information and to assert revocation, information and other data subject rights.
Art. 32 (1) GDPR: Taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, the controller and the processor take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
Processing of your data by a certified hosting service provider based and exclusive server locations in Germany.Use of peer2peer encryption for video communication, where the public IPv4 addresses of the participating clients are exchanged via a STUN (Session Traversal Utilities for NAT) server or enables the exchange of data via a TURN (Traversal Using Relays around NAT) server. Neither STUN nor TURN servers participate in the exchange of communication contents.Selection of technical tools and service providers based and place of service in the EU with the conclusion of order processing agreements and for support services from a service provider based in the UK also using the standard contractual clauses.Technical and organizational measures in accordance with the GDPR
Data from contact without a business relationship
We delete this data within three months of processing the request, if this has not finally led to a user agreement.
Registration data
Are deleted 10 years after the end of the year of last use or the last statement, unless the relevant years are the subject of a tax audit or we have our own legitimate interests in processing within the meaning of Article 6 (1) f) GDPR.
Your data will not be transferred to third parties outside the purpose of collection.
Insofar as the transfer of your data is necessary to establish the user contract and to process it, this is done on the basis of Article 6 (1) b) GDPR and, as far as relevant, within the framework of an order processing agreement or a contract for joint responsible processing.
Registration data (email)
Personal data will only be transferred to a third country, i.e. a country outside the EU, if there is an adequacy decision by the EU Commission within the meaning of Article 45 GDPR.
Art. 15 GDPR — Right to information
On request, we will immediately provide you with information about your personal data processed by us. The prerequisite for the request for information is that we can identify you with sufficient clarity.
Art. 14 GDPR — Right to be notified
If, as part of the use, you provide data other than students, participants, communication partners, contact persons, etc., we are obliged, as far as is reasonable, to provide the data subject with our data protection information in accordance with Article 14 GDPR at the latest within a month or when they first contact us, provided that the data subjects do not yet have this information. We fulfill this by providing data protection information in direct connection with the link to join a video session.
Art. 16 GDPR — Right to correction
Please let us know of any data changes so that we can manage our databases with your current data.
Art. 17 GDPR — Right to deletion
You can request that your data be deleted at any time. If there is still a contractual relationship or if we are subject to storage obligations, we will delete them after their expiry, unless our own legitimate interests conflict with us.
Art. 18 GDPR — Right to restrict processing
If you are of the opinion that the data stored by us has been processed incorrectly or unlawfully, but do not want the data to be deleted or that we need to continue processing it due to a legal obligation, we will restrict processing. This also applies, for example, when you complete your registration.
Art. 20 GDPR — Right to data portability
If we process your data electronically on the basis of consent or contract, we will provide you with your data in a structured, common and machine-readable format upon request.
Art. 7 (3) GDPR — Withdrawal of consent
Insofar as we process data on the basis of consent, you can withdraw it at any time without giving reasons by simply notifying us.
Art. 77 GDPR — Right to lodge a complaint
You have the right to complain about data processing by us to the Berlin Commissioner for Data Protection and Freedom of Information, the supervisory authority at your place of residence or place of work.
Art. 21 GDPR — Right of objection
If your personal data is processed on the basis of a legitimate interest in accordance with Article 6 (1) f) GDPR, you can object to processing with us.
Art. 34 GDPR — Notification obligation in case of data protection breaches
We must inform you of the personal data breach if there is likely to be a high risk for the data subjects and we have not taken appropriate technical and organizational measures to protect it within the meaning of Article 34 (3) GDPR.
