Logo
Gekko
Privacy Policy

Privacy Policy

Our privacy policy complies with the European GDPR (General Data Protection Regulation) and the Telemedia Act (TMG) of the Federal Republic of Germany. In addition, we are PCI-DSS compliant.

General Provisions

Responsible for data processing on this website according to the General Data Protection Regulation (DSGVO) is Cognitone GmbH, Rahlstedter Weg 114, 22159 Hamburg. Further contact details can be found on the Imprint and Contact pages.

Website visitors, interested users and customers ("users") entrust us with personal data while visiting our websites, when subscribing to our newsletter, when setting up a user account, or when placing an order. In principle, we collect, store and process this data only to the extent necessary to provide a functioning website and to provide and maintain our services. In general this is done only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for technical reasons and where the processing of the data is permitted or required by law.

Purpose

Our collection and processing of data is intended to enable individual communication with prospect users and customers, enable the execution of orders and the conclusion and management of license agreements, help provide technical support, serve the promotion and improvement of our products and services and occasionally the promotion of products and services cooperating with us, however always related to the field of composition and music production.

Retention Period And Deletion

Personal data will be deleted or locked as soon as the original purpose of storing it becomes obsolete. Data may be kept beyond that, if European EU regulations or national law, to which we are subject, require so. Data is also deleted or locked, when a retention period expires that is mandated by the authorities mentioned, unless there is a need for further retention in order to make possible the conclusion and fulfillment of a contract.

Confidentiality

Basically we don't share personal data with third parties. The only exception being partial submissions to service providers involved in the provision of our services and execution of orders, however only to the extent necessary (e.g. submitting an address to the post office for printing a shipping label, or submitting an e-mail address to our e-mail Provider in order to send a newsletter).

Provision Of Website And Use Of Logfiles

Each time a page is requested from our websites, our system automatically logs information about the calling computer (date, time, IP address, browser type, operating system, previously visited website upon entering, next visited website when leaving our site). This information however is not linked with other personal data of the user.

Purpose

The temporary storage of an IP address is necessary to make possible the delivery of the website to the user's computer. Therefore the IP address of the user must be retained at least for the duration of a session.

Retention Period And Deletion

Logs are deleted as soon as they are no longer necessary for the original purpose of their collection. This is the case after seven days at the latest. Further storage is possible, in which case IP addresses of users are deleted or anonymized, such that a link to the calling client is no longer possible. The collection and logging of this data is essential for the operation of the website. Consequently, there's no provision for users to deny their consent.

Cookies

Our websites make use of cookies. These are small text files a visitor's browser stores locally on their computer. Our cookie merely contains a unique identifier (session ID or customer number) that allows our server to identify a browser across multiple page requests and when it visits our websites again.

Purpose

Some features of our websites could not be offered without the help of cookies. Thus, it is necessary a browser can be recognized across multiple pages of our sites, e.g. to determine if the user is logged in and is allowed to access their personal area. Should cookies be disabled for our website, users could no longer log in to their personal area. This technical necessity justifies our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

Retention Period And Deletion

Our login cookie has a lifetime of a few hours, after which it automatically expires.

Since cookies are stored on your computer, you have full control over their use. By changing the settings in your browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted in the browser at any time.

Google Analytics

Our websites make use of Google Analytics, a service provided by Google Inc. ("Google"). Google Analytics uses cookies (text files) stored on a visitor's computer to give us an insight into the usage of our website. Information regarding visitor's moves on our website is usually transmitted to a Google server in the USA and kept there for us to review.

However, since we activated IP anonymisation, IP addresses will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.

Google uses this information on our behalf to compile statistics and reports on the use of our website and to provide related services to us. According to Google, the IP address provided by Google Analytics is not merged with other Google data.

Learn more about how Google deals with personal information in its advertising network in their advertising privacy statement.

Purpose

The purpose of processing this data is to make visible to us the otherwise invisible movement of visitors on our sites. Behind this is our legitimate interest in being able to "see" that visitors come to us and how they move in our store (much like in a traditional retail store).

Retention Period And Deletion

You can prevent the storage of cookies by a corresponding setting of your browser software. We point out, however, that in this case you may not be able to use all functions of this website in full. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing a browser plug-in.

Google Maps

Our websites use Google Maps to visually display geographic information. When using Google Maps, Google also collects, processes and uses information on the use of map features by visitors. For more information about Google's data processing, see the Google Privacy Statement. There you can also change your personal privacy settings in the privacy center.

For detailed instructions on how to manage your own data related to Google products, click here.

Google AdWords

Our websites make use of Google Conversion Tracking. If a visitor reaches our website via one of our ads, Google Adwords will set a cookie on their computer. The cookie loses its validity after 30 days and is not used for personal identification.

If our website is visited and the cookie has not expired yet, we and Google recognize which ad has been redirecting the visitor to our website. Each Google AdWords customer obtains a different cookie. Cookies can not be tracked across websites of different advertisers.

Purpose

Conversion cookies are used to measure the success of AdWords campaings we run. However, we do not receive any information that personally identifies users.

Retention Period And Deletion

A conversion cookie automatically expires after 30 days. If you do not want to participate in tracking, you can block cookies from the domain "googleleadservices.com" in your browser.

Google reCaptcha

We use the Google service reCaptcha to make sure that an actual human is making submissions to forms on our website, and not a computer or robot.

Google uses the following data to check whether a visitor is a human or a computer: Current IP address, our website being visited, date and time, select identification data of the visitor's device (browser and operating system type, Google account, if the visitor is logged in to Google, mouse movements on the reCaptcha surfaces) and tasks that require the visitor to identify certain images.

The legal basis for processing this data is Article 6 (1) lit (f) of the GDPR. There is a legitimate interest on our part in processing this data to ensure the security of our website and to protect us from automated input and attacks.

Script Libraries (Google Webfonts, Google Search)

In order to make our content visually appealing on all browsers, we use script libraries and font libraries on our sites, such as: Google Webfonts. Google web fonts are transferred to the cache of a visitor's browser to prevent repeated downloads. If a browser does not support Google Web fonts or prohibits access, content will be displayed using a default font.

The download of script libraries or font libraries automatically triggers a connection to the library operator (e.g. Google). While quite possible in theory, it is currently unclear whether and for what purpose a library operator might collect data. If so, it should be mentioned in their privacy policy, which can be found here.

Embedded YouTube Videos

On some of our websites, we embed YouTube videos. The operator of the embedded plug-in is YouTube, LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. When you visit a page with the plugin, it will connect to the operator's servers, telling them which page the plugin was called from. If you are logged in to an account you have with the operator, they can link that information to you personally. This can be prevented by logging out of your account at the operator's site beforehand.

When a YouTube video is started, YouTube will use cookies to gather information about user behavior.

Anyone who has disabled the storage of cookies for the Google Ad program will not have to expect any such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in the browser.

Further information on data protection at YouTube can be found in the privacy policy of the provider.

Embedded SoundCloud Music

On some of our websites, we embed music clips from SoundCloud. The operator of the embedded plug-in is SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany. When you visit a page with the plugin, it will connect to the operator's servers, telling them which page the plugin was called from. If you are logged in to an account you have with the operator, they can link that information to you personally. This can be prevented by logging out of your account at the operator's site beforehand. If, and to what extent, the operator collects personally identifiable data through its plugins, is explained in their privacy statement.

Embedded Mastodon Feed

On some of our websites, we embed our latest announcements using Mastodon. The operator of the embedded plug-in is the Mastodon network. When you visit a page with the plugin, it will connect to the operator's servers, telling them which page the plugin was called from. If you are logged in to an account you have with the operator, they can link that information to you personally. This can be prevented by logging out of your account at the operator's site beforehand. If, and to what extent, the operator collects personally identifiable data through its plugins, is explained in their privacy statement.

External Email Provider

We use the service provider SendGrid for sending newsletters and other e-mails. To send you an e-mail, your e-mail address and name will be temporarily submitted to SendGrid. As soon as this data is no longer needed there, we will delete it. This is usually the case after seven days at the latest. Find the privacy policy of SendGrid here.

Payment Service Providers

On our website we offer payment through PayPal, among other payment providers. Operator of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If a customer selects payment via PayPal, the payment data entered by them will be transmitted to PayPal in encrypted form, but only insofar as is required for the payment.

Alternative payment options are offered through other service providers (e.g. credit cards via iPayment, Skrill, Sofortüberweisung). If a customer selects payment via one of these providers, the payment data entered by them will be transmitted directly and in encrypted form to the respective service provider. We do not receive this input and therefore do not store or process any of it.

The PCI-DSS compliant payment service provider iPayment is offered by 1&1 Internet AG, Elgendorfer Str. 57, 56410 Montabaur. For more information about 1&1's handling of personal information, please refer to the privacy policy of 1&1.

Comments And Forums

Where users leave comments or posts on our websites, the time of creation and the users's login name (pseudonym) are stored along with the contributed content. This is for our security, as we may be prosecuted for any illegal content on our website, even if created by visitors.

Users can delete or empty their own posts at any time. If this should not work for technical reasons, users can ask our moderators to do this on their behalf (see contact page).

Newsletter

Our website offers the option to subscribe to a free newsletter. Upon submission of the registration form, the email address of the user is submitted to us. In addition, the time of registration is recorded.

We adhere to the so-called Double Opt-In standard, that is, every registration must be explicitly approved by the user via a link in a confirmation email.

If a visitor creates a personal account on our website for themselves ("user account", also guarded by Double Opt-In), the email address registered with this account may be subsequently used to deliver a newsletter.

Purpose

The e-mail address of the user is required to deliver the newsletter.

Retention Period, Correction And Deletion

The newsletter registration of a user is retained for as long as the subscription to the newsletter is active. A subscription can be terminated by the user at any time. For this purpose, a link is included with every newsletter sent, as well as a form is available on our website.

Contact Form And Email Contact

A contact form on our website can be used to contact our technical support. For this a user account must already have been created. Optional information about a user's hardware and software entered into the form is transmitted to us and kept.

Alternatively, vistors can contact us directly through email addresses listed on our contact page. In this case, all information included with an e-mail is kept in our e-mail archive as part of the legally required documentation.

Purpose

Personal data arising from e-mail conversations and technical support cases are used solely for the individual processing of the respective request. Such data is not collected systematically. Voluntarily provided information on a customer's hardware and software is intended exclusively to improve our technical support service.

Retention Period And Deletion

The information mentioned is, like all e-mails, archived in encrypted form as confidential data. It will be deleted as soon as legal retention periods expire. At the earliest, however, when the respective conversation with the user has ended.

If a user expresses the wish to subsequently delete personal data submitted to us by email, we will do so, to the extent as statutory retention requirements or a legitimate interest on our part don't contradict.

User Account (Registration)

Visitors to our website can create a personal account as interested users or customers. Personal information submitted with the registration form is transmitted to us and stored with the account (email address, pseudonym, password, salutation, name, company, address, phone). Some of that information is optional (see below). As part of the registration process, the user gives consent to our processing of their data.

Purpose

User accounts are required for completing orders, managing purchased or issued licenses, providing personal downloads (including some demos), and for performing pre-contractual actions.

Submission of address and phone are voluntary, as long as no order is placed. They are required only for a purchase or receipt of a license and/or shipping. The conclusion of a license agreement and legal accounting obligations require that a buyer or license agreement party be designated as a company or person.

Retention Period, Correction And Deletion

Users may correct and change their user profile at any time. User account data will be deleted or locked as soon as it is no longer necessary to achieve the purpose of its collection. If a user account can not be completely deleted due to legal retention periods or other requirements, it will be locked and excluded from further processing.

Voluntary Information

For individual communication (e.g. usage tips, references to tutorials and events) and the continuous improvement of our products and services, we occasionally collect voluntary information from our users in connection with our core topic of composition and music production (e.g. preferred workflows, means used, musical genres, musical education and experience, feature requests, surveys and the like).

If this information is linked to the user account, and this is not immediately apparent, the user will be informed in advance. Users can change or delete their voluntary information at any time.

Security Measures

To protect the security of your data during transmission, we use state-of-the-art encryption techniques (such as SSL over HTTPS). We store, encrypt and secure our infrastructure and all data according to current industry standards. Our servers are protected against unauthorized access by restrictive access controls and firewalls at multiple levels. Only a few specifically trained employees have access to personal data.

We are also compliant with PCI-DSS and do not receive, process or store credit card information or bank account numbers.

Consumer Rights

Where your personal data is being processed, according to the GDPR, you do have rights to the responsible operator processing your data. Responsible body in terms of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is Cognitone GmbH (see imprint). You can always exercise the following rights under the contact details provided:

  • Inquire about personal data stored with us and how it is processed
  • Rectify incorrect personal data
  • Delete or lock personal data, in case we can't yet delete it due to legal obligations
  • Retrieve your personal information in a portable format

If you have given us your consent, you can withdraw it at any time with effect for the future.

You may file a complaint with the supervisory authority responsible for you. Which supervisory authority is responsible for you depends on your place of residence, your workplace or the alleged violation. A list of regulatory authorities can be found here.

Legal Basis

Collection of Personal Data

Where consent is obtained from the user for processing personal data, legal basis is Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR).

Where processing of personal data is necessary for the execution of a contract to which the user is a party, legal basis is Art. 6 para. 1 lit. b GDPR. This also applies to processing required to carry out pre-contractual actions.

Insofar as processing of personal data is required to comply with a legal obligation we are subject of, legal basis is Art. 6 para. 1 lit. c GDPR.

In the event that vital interests of the user or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR is legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the user do not prevail over the former interest, Art. 6 para. 1 lit. f GDPR is legal basis for processing.

User Account (Registration)

Where the user gave consent, the legal basis for the processing of personal data is Art. 6 para. 1 lit. a GDPR. If the registration serves the fulfillment of a contract of which the user is a party or the implementation of pre-contractual actions, an additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.

Contact Form And Email Contact

Legal basis for processing of data is the consent of the user, according to Art. 6 para. 1 lit. a GDPR.

Legal basis for processing of data transmitted in the course of sending an e-mail is Article 6 (1) lit. f GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

Newsletter

Legal basis for processing of data after the user registered for a newsletter is the consent of the user, according to Art. 6 para. 1 lit. a GDPR. Legal basis for sending a newsletter to registered users, as a result of the sale of goods or services, is § 7 Abs. 3 UWG.

Provision of Website And Logfiles

Legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

Use of Cookies

Legal basis for the processing of personal data using cookies is Article 6 (1) lit. f GDPR.

Changes

We reserve the right to amend this privacy policy to always comply with the latest legal requirements or to reflect changes to our services in the privacy policy, e.g. when introducing new services. Upon your next visit, you will be subject to the new privacy policy.