- Controller
The controller responsible for the processing of personal data on this website within the meaning of Art. 4 No. 7 GDPR is:
Henning Hein – Traces On Tape
- General Information
This Privacy Policy explains how personal data is collected and processed when you use this website, purchase products, subscribe to updates, or contact Traces On Tape.
Personal data is processed in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws.
- Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
To exercise any of these rights get in touch.
- Legal Basis for Processing
Personal data is processed on the following legal bases pursuant to Art. 6 GDPR:
- Art. 6(1)(b) GDPR — processing necessary for the performance of a contract or pre-contractual measures
- Art. 6(1)(c) GDPR — processing necessary to comply with legal obligations
- Art. 6(1)(f) GDPR — processing based on legitimate interests, including website security and communication handling
- Art. 6(1)(a) GDPR — processing based on consent, where required
- Orders & Purchases
When placing an order through this website, the following personal data may be processed:
- Name
- Billing address
- Email address
- Company name and VAT ID (if applicable)
- Payment information
- Order details
The processing is necessary to:
- complete transactions
- deliver digital products
- issue invoices
- comply with tax and accounting obligations
Payments are processed securely through external payment providers using encrypted connections.
Depending on the checkout method used, data may be processed by:
- PayPal
- Stripe
- WooCommerce
- Bandcamp
- Gumroad
The respective provider acts under its own privacy policy.
- Customer Accounts
Creating a customer account is optional.
If you create an account, the following data may be stored:
- Name
- Billing address
- Email address
- Order history
- Encrypted password credentials
This data is processed to provide account functionality and access to previous purchases and download links.
- Newsletter
If you subscribe to the newsletter, your email address will be processed for the purpose of sending updates, releases, and product-related information.
Newsletter subscriptions are based on your consent pursuant to Art. 6(1)(a) GDPR.
You may unsubscribe at any time using the unsubscribe link included in every email.
The newsletter is managed through Mailchimp.
- Contact Requests
If you contact Traces On Tape via email or contact form, the submitted data and communication history will be processed to handle your request.
This typically includes:
- Email address
- Name (if provided)
- Message content
Data is retained only as long as necessary to process the inquiry or as required by statutory retention obligations.
- Hosting & Server Log Files
The hosting provider of this website automatically collects and stores information in server log files transmitted by your browser.
This may include:
- IP address
- Browser type and version
- Operating system
- Referrer URL
- Date and time of access
- Requested pages
This data is processed to ensure website stability, functionality, and security.
- Cookies
This website uses technically necessary session cookies required for essential website and checkout functionality.
No analytics, tracking, or advertising cookies are used.
Third-party payment providers may set their own technically necessary cookies during checkout.
- Data Retention
Personal data is retained only as long as necessary for the respective processing purpose or as required by applicable law.
Commercial and tax-related records may be retained for up to 10 years in accordance with German legal obligations.
- International Data Transfers
Some third-party providers may process data outside the European Union.
Where applicable, such transfers are carried out in accordance with Art. 44 ff. GDPR using appropriate safeguards, including EU Standard Contractual Clauses.
- Data Security
Appropriate technical and organizational security measures are implemented to protect personal data against unauthorized access, loss, misuse, or disclosure.
- Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority.
Competent authority in North Rhine-Westphalia:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
