Privacy Policy

Privacy Policy

1 General

Protection of your personal data is very important to us. We would like to take the chance to inform you about data protection at Steinberg and how we use data, to which extent, for what purposes, and about your rights. We will use the personal data you have provided to us only within the legal boundaries of the European General Data Protection Regulation (GDPR) and the new German Data Protection Act (BDSG). Our employees and service providers are required to adhere to data protection regulation. This information is also available at https://www.steinberg.net/en/extras/privacy_policy.html

Your personal data will be transferred to our associated companies and service providers, e.g. IT providers and others who are subject to our instructions and who help us provide the services to you. Through appropriate legal, technical and organizational measures as well as through a regular monitoring thereof we ensure compliance with the applicable data protection laws and an adequate level of data protection where personal data is transferred to service providers located outside the European Union and the European Economic Area. Involved service providers will only get access to those specific personal data that is required to fulfill their services. They do not have the right to use your information for their own purposes, especially promotional activities.

Only with your explicit consent do we pass on personal information to third parties (e.g. our distributors) especially when these third parties have their domicile outside of the states covered by European Union law. Also we will only contact you in an unsolicited way by means of the personal information stored on our servers if you have given your explicit consent to do so.

2 If you visit the Steinberg website

2.1 Scope of data collection and storage

Seq. Nr. Data Purpose Legal basis
1. Browser data (data and time of access, URL of referring website, requested file, amount of data transmitted, user agent and version, operating system, IP address, country where request was made from) Connecting to website Art. 6 (1) lit. f GDPR
2. Web analytics data* Measuring reach, website optimization, relevant advertizing Art. 6 (1) lit. f GDPR
3. Information regarding use of cookies Cookie usage Art. 6 (1) lit. f GDPR
4. Deployed web fonts incl. Adobe TypeKit kit ID, loading time, requesting and deploying server, ad-blocker installation Web font usage Art. 6 (1) lit. f GDPR

* We use this cookie technology to tailor our web pages to your language and preferred areas of interest. Cookies persist up to two years (exceptions are cookie used to avoid web analytics). Cookies also enable us to tell if you visit our website for a second time or more. Cookies are text files containing information which your web browser stores on your computer when you open a web page. If you do not want this, you can simply disable cookies in your browser. Most browsers accept cookies by default but provide you with options to disallow cookies or to show a warning before storing them.

 

Web analytics

To constantly improve content and usability of this website, we use analytics technologies by Google LLC with the product „Google Analytics“, „AdWords Conversion Tracking“, and by etracker GmbH. To achieve that session and behavior data is collected and statistically analysed. For that purpose cookies are used. The data is processed anonymously so that it is impossible to link it to actual individuals.

The Steinberg websites use the following analytics services:

  • Google Analytics and Conversion Tracking
    This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”; these are text files which are stored on your computer to analyse the way you use the website.
    The Hamburg Commissioner for Data Protection and Freedom of Information reached an agreement with Google based on the decision of the Düsseldorf Group on data protection. According to this, a compliant use of analytical methods of reach measurement of Internet advertisements is now possible under certain conditions. Therefore, it is possible to use Google Analytics in a manner which is compliant with the law and does not raise any concerns. We do, of course, comply with these requirements. In particular, we point out that Google Analytics has been extended by the code “{ ‘anonymize_ip’: true }” on this website to guarantee the anonymized collection of IP addresses (so-called IP masking). Google will first truncate your IP address in Member States of the European Union or in other state parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to and truncated on a Google server in the USA. Google uses this information on behalf of the website operator to evaluate the way you use the website, to collate reports on website activities and to provide the website operator other services related to website and Internet use. The IP address sent by your browser as part of Google Analytics is not combined with other data held by Google.
    Further information concerning the terms and conditions of use and data privacy can be found at http://www.google.com/analytics/terms/gb.html or at https://www.google.de/intl/en_uk/policies/.
    The information about the way you use this website created by the cookie is sent to and stored on a Google server in the USA. You can change your browser settings to prevent cookies from being stored; however, we draw your attention to the fact that, in these circumstances, you may find that you are unable to make full use of functions on the website. You can also prevent the data (including your IP address) relating to your use of the website which is captured by the cookie being sent to or processed by Google by downloading and installing the browser plug-in from the following link https://tools.google.com/dlpage/gaoptout?hl=en. You can refuse the use of Google Analytics by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting this website: Deactivate Google Analytics
    We also use Google Conversion Tracking for Google Analytics. This allows us to capture the behavior of our website visitors. For example, we will see how many PDFs were downloaded on our website or how often the contact form was filled out. We also report how many clicks on ads from external sources (AdWords, LinkedIn, Xing, Bing) have led to our website.
  • etracker
    Steinberg uses the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. Here, cookies are used which enable the statistical analysis of the use of this website by its visitors as well as the display of usage-relevant content or advertising. Cookies are small text files that are stored by the Internet browser on the user’s device. etracker cookies do not contain any information that could identify a user.
    The data generated with etracker is processed and stored by etracker solely in Germany by commission of Steinberg and is thus subject to strict German and European data protection laws and standards. In this regard, etracker was checked, certified and awarded with the ePrivacyseal data protection seal of approval.
    The data is processed on the legal basis of Art. 6 Section 1 lit f (legitimate interest) of the EU General Data Protection Regulation (GDPR). Our legitimate interest is the optimization of our online offer and our website. As the privacy of our visitors is very important to us, etracker anonymizes the IP address as early as possible and converts login or device IDs into a unique key with which, however,no connection to any specific person can be made with. etracker does not use it for any other purpose, combine it with other data or pass it on to third parties.
    You can object to the outlined data processing at any time provided it is related to your person. Your objection has no detrimental consequences for you.
  • Cookie Consent
    On this website we use Cookie Consent technology (an open source project by Silktide Ltd., https://cookieconsent.insites.com), to inform website visitors about cookie use. Cookie Consent does not transmit any data to Silktide Ltd. or other third parties.
  • Adobe TypeKit
    On this website we use Adobe TypeKit technology to be able to use design fonts. Via the embedded JavaScript code snippet usage data for payment purposes is transmitted to Adobe: https://www.adobe.com/privacy/policies/typekit.html
  • Google Tag Manager
    For reasons of transparency, please note that we use Google Tag Manager. Google Tag Manager does not collect personally identifiable information. The tag manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used to measure traffic and visitor behavior, capture the impact of online advertising and social channels, set up remarketing and target audience targeting, and test and optimize web pages. We use the Tag Manager for the Google Service “Google Analytics”. If you have disabled, Google Tag Manager will consider this deactivation. For more information about Google Tag Manager, see: https://www.google.com/intl/en-uk/tagmanager/use-policy.html

 

2.2 Legitimate interest if legal basis is Art. 6 (1) lit. f) GDPR

Legitimate interest
See 2.1

 

2.3 Source of data, unless data is not collected from the end user

# 2.1 seq. number Source
1-4 End user device

 

2.4 Disclosure and use of personal data

Recipient or category of recipients
Disclosure of personal data

Upon order from governmental bodies we could be forced to disclose personal data if that is necessary for e.g. law enforcement.

Social Plugins

We do not use Social Plugins on the Steinberg website to protect your privacy. We only use graphic links to social networds, e.g. facebook.com. Steinberg Media Technologies GmbH does not accept liability for privacy policies of web pages it links to.

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Anonymized data forGoogle Analytics and Conversion Tracking (see above). Google is subject to the EU/US Privacy Shield.(Existing EU/US Privacy Shield certifications are available here: https://www.privacyshield.gov/list. The EU Commission has decided on Juli 12, 2016 that the protection level of the EU/US Privacy Shield is similar to the data protection level in the EU.

etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany

Anonymized data

Silktide Ltd., Brunel Parkway, Pride Park, Derby, DE24 8HR, United Kingdom

No data is transmitted to Silktide

Adobe Systems Incorporated: 345 Park Avenue, San Jose, California 95110-2704, USA

Anonymized usage data for TypeKit web font service

 

2.5 Data transfer outside the EU

Yes
Existing guarantees:

EU Standard Contractual Clauses

EU/US Privacy Shield (see https://www.privacyshield.gov/list and https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_de)

 

2.6 Obligation to provide personal data and automated individual decision-making, including profiling.

There is no legal or contractual obligation to provide personal data. Providing personal data to close a contract is also not necessary. If you do not provide personal data, the website could not be usuable. Automated individual decision-making, including profiling in the sense of Art. 22 GDPR does not take place.

 

3 If you use MySteinberg or request or use a trial version

If you use MySteinberg or request or use a trial version, we collect additional personal data:

3.1 Scope of data collection and storage

Seq. No. Data Purpose Legal basis
1. MySteinberg account data (personal and contact data, e.g. email address, salutation, first name, last name, date of birth, company, postal address, other contact data, country) Identity attributes for MySteinberg account or for requesting a trial version Art. 6 (1) lit. b GDPR
2. Newsletter data (email adress, salutation, first name, last name, country, consent data) email marketing* Art. 6 (1) lit. a GDPR (in connection with

§ 7 (2) Nr. 3 UWG)

3. Support request data(salutation, first name, last name, subject of inquiry, email address, consent data) Processing of support request Art. 6 (1) lit. b GDPR

* Usage of this data requires a separate opt-in. In this case we record your consent.

 

3.2 Source of data, unless data is not collected from the end user

# 3.1 Seq. No. Source
1, 2, 3 IP address, server log file, user device

 

3.3 Disclosure and use of personal data

Recipient or category of recipients
Use of data for newsletter marketing

In order to be able to send Steinberg Media Technologies GmbH marketing information via newsletter, we transfer your data to Episerver GmbH, Wallstraße 16, 10179 Berlin. For automated newsletter campaigns we combine newsletter click behavior with visitor behavior on the website. To be able to do that, a pseudonymized data transfer with technologies of etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, is taking place. We do not disclose your data to other third parties for marketing purposes.

Disclosure for support purposes

If you request support for your products, you transmit your data to the Steinberg Zendesk support portal where a ticket is created.

Disclosure to distributors

If you consent to forwarding your data to a Steinberg distributor, they can process your support requests by searching for your record via your email address using a Steinberg support website, if you disclose it to them.

Amazon Web Services, LLC, 410 Terry Ave. North, Seattle, Washington 98109, USA

From 08.2018, MySteinberg profile data is hosted at Amazon Web Services in a German data center.

Corpex Webhosting Internet GmbH, Schauenburgerstraße 6, 20095 Hamburg, Germany

MySteinberg profile and registration data are hosted at Corpex.

Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103, USA

Support tickets are created and processed in Zendesk.

To some extent, we use service providers for hardware or software maintenance, or other services where they could have access to personal data.

These service providers will only get access to those specific personal data that is required to fulfill their services. They do not have the right to use your information for their own purposes, especially promotional activities. Your personal data will only be transferred to our associated companies and service providers, e.g. IT providers and others who are subject to our instructions and who help us provide the services to you. Through appropriate legal, technical and organizational measures as well as through a regular monitoring thereof we ensure compliance with the applicable data protection laws and an adequate level of data protection where personal data is transferred to service providers located outside the European Union and the European Economic Area.

 

3.4 Data transfer outside the EU

Yes
Existing guarantees:

EU Standard Contractual Clauses

(see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_de)

 

3.5 Obligation to provide personal data and automated individual decision-making, including profiling

There is no legal or contractual obligation to provide personal data. Providing personal data to close a contract is also not necessary. If you do not provide personal data, you can neither download products that you have purchased or otherwise acquired, nor get support. Automated individual decision-making, including profiling in the sense of Art. 22 GDPR does not take place.

4 Forum

4.1 Scope of data collection and storage

Seq. No. Data Purpose Legal basis
1. Email address Identification attribute for forum user account Art. 6 (1) lit. a GDPR
2. First name, last name, Date of birth, Social Media accounts Optional, depending on individual preference Art. 6 (1) lit. a GDPR
3. IP address Identification attribute for forum posts Art. 6 (1) lit. f GDPR

 

4.2 Legitimate interest if legal basis is Art. 6 (1) lit. f) GDPR

Legitimate interest
Legal responsibility as provider of forum

 

4.3 Source of data, unless data is not collected from the end user

# 4.1 Seq. No. Source
3 User device

 

4.4 Disclosure and use of personal data

Recipient or category of recipients
Corpex Internet GmbH, Schauenburgerstraße 6, 20095 Hamburg, Germany

Forum user accounts, first name, last name, date of birth, Social media accounts, IP address

etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany

Anonymized data

These service providers will only get access to those specific personal data that is required to fulfill their services. They do not have the right to use your information for their own purposes, especially promotional activities. Your personal data will only be transferred to our associated companies and service providers, e.g. IT providers and others who are subject to our instructions and who help us provide the services to you. Through appropriate legal, technical and organizational measures as well as through a regular monitoring thereof we ensure compliance with the applicable data protection laws and an adequate level of data protection where personal data is transferred to service providers located outside the European Union and the European Economic Area.

 

4.5 Obligation to provide personal data and automated individual decision-making, including profiling

There is no legal or contractual obligation to provide personal data. Providing personal data to close a contract is also not necessary. If you do not provide at least your email address, you cannot use the Steinberg forum. Automated individual decision-making, including profiling in the sense of Art. 22 GDPR does not take place.

 

5 Social media platforms (fan pages)

5.1 Scope of data collection and storage

Seq. No. Data Purpose Legal basis
1. User interactions (postings, likes, etc.) Customer communication via social media Art. 6 (1) lit. f) GDPR

 

5.2 Legitimate interest if legal basis is Art. 6 (1) lit. f) GDPR

Legitimate interest
See purpose in # 5.1

 

5.3 Source of data, unless data is not collected from the end user

# 7.1 Seq. No. Source

 

5.4 Disclosure and use of personal data

Recipient or category of recipients
Platform providers

If you use a social media platform, of course the respective platform provider has access to your data, which could be located outside the EU where the level of required data protection is lower. Twitter, Inc., 1355 Market Street #900, San Francisco, California 94103, USA, is subject to the EU/US Privacy Shield. The same applies to Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA, Instagram (run by Facebook), and Google+ and YouTube (both run by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

Existing EU/US Privacy Shield certifications are avaiable here: https://www.privacyshield.gov/list einsehen. THe EU commission has acknowledged that EU/US Privacy Shield establishes a data protection level equal to that in the EU.

Service Providers

To some extent, we use service providers for hardware or software maintenance, or other services where they could have access to personal data.

 

5.5 Miscellaneous

There is no legal or contractual obligation to provide personal data. Providing personal data to close a contract is also not necessary. If you do not provide personal data, the website is still fully usuable. Automated individual decision-making, including profiling in the sense of Art. 22 GDPR does not take place.

 

6 VST Transit, VST Connect

If you use VST Transit or VST Connect for online collaboration, we store additional data:

6.1 Scope of data collection and storage

Seq. No. Data Purpose Legal basis
1. Profile and collaboration data Contract fulfillment Art. 6 (1) lit. b GDPR
2. Project, usage, and transaction data (VST Transit) Contract fulfillment Art. 6 (1) lit. b GDPR
3. Amount of upload, download (VST Transit) Contract fulfillment Art. 6 (1) lit. b GDPR

 

6.1 Source of data, unless data is not collected from the end user

#3.1 Seq. No. Source
1, 2, 3 Server Logs, user device

 

6.2 Disclosure and use of personal data

Recipient or category of recipients
Amazon Web Services LLC, 410 Terry Ave. North, Seattle, Washington 98109, USA

Collaboration, usage, transaction and project data; MySteinberg profile data are hosted from August 2018 at Amazon Web Services in a German data center.

Corpex Internet GmbH, Schauenburgerstraße 6, 20095 Hamburg, Germany

MySteinberg profile data is hosted at Corpex.

Other users of VST Transit and/or VST Connect

If you share data with other users, they can access and/or use it.

To some extent, we use service providers for hardware or software maintenance, or other services where they could have access to personal data.

 

6.3 Data transfer outside the EU

Yes
Existing guarantees:

EU Standard Contractual Clauses

EU/US Privacy Shield (see https://www.privacyshield.gov/list and https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_de)

 

6.4 Obligation to provide personal data and automated individual decision-making, including profiling

There is no legal or contractual obligation to provide personal data. Providing personal data to close a contract is also not necessary. If you do not provide personal data, neither VST Transit nor VST Connect are usuable. Automated individual decision-making, including profiling in the sense of Art. 22 GDPR does not take place.

 

7 Online purchase and education verification

If you purchase products in the Steinberg Online Shop or want to purchase a Steinberg education produkt, you are using and close a contract with our service provider Asknet AG in Karlsruhe/Germany and enter data on the Asknet infrastructure. Asknet saves this data:

7.1 Scope of data collection and storage

Seq. No. Data Purpose Legal basis
1. Personal and contact data, e.g. email address, salutation, first name, last name, date of birth, company, postal address, other contact data, country) Processing the purchase Art. 6 (1) lit. b GDPR
2. Proof of eligibility for the purchase of an education product (e.g. PDF, photo) Proof of eligibility for the purchase of an education version Art. 6 (1) lit. b GDPR

 

7.2 Disclosure and use of personal data

Recipient or category of recipients
Asknet AG, Vincenz-Priessnitz-Str. 3, 76131 Karlsruhe, Germany

Purchase processing and proof of eligibility for the purchase of an education version

etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany

Anonymized analytics data

Adobe Systems Incorporated: 345 Park Avenue, San Jose, California 95110-2704, USA

Anonymized analytics data

These service providers will only get access to those specific personal data that is required to fulfill their services. They do not have the right to use your information for their own purposes, especially promotional activities. Your personal data will only be transferred to our associated companies and service providers, e.g. IT providers and others who are subject to our instructions and who help us provide the services to you. Through appropriate legal, technical and organizational measures as well as through a regular monitoring thereof we ensure compliance with the applicable data protection laws and an adequate level of data protection where personal data is transferred to service providers located outside the European Union and the European Economic Area.

 

7.3 Obligation to provide personal data and automated individual decision-making, including profiling

There is no legal or contractual obligation to provide personal data. However, providing personal data is necessary to purchase. If you do not provide personal data, you can neither purchase in nor download products from the Steinberg Online Shop. Automated individual decision-making, including profiling in the sense of Art. 22 GDPR does not take place.

 

8 Duration of data storage

We process and store your personal data while required, and for the time of our mutual business relationship, which includes for example also entering into or fulfilling a contract, or the routinely statute of limitation of three years to defend against or pursue legal claims.

Moreover, we are subject to various storage and documentation duties from the German Handelsgesetzbuch (commercial law, HGB) or Abgabenordnung (tax law, AO) which require storage of records for six to ten years. In this period, processing of data is limited. Records must be stored from the end of calender year in which we entered into a contract or in which the contract was fulfilled. Book-keeping receipts are typically stored for ten years, while contractual or tax-relevant records have to be kept for six years. If legal councelling is involved, records are stored for at least six years. Records related to the execution of claims could be stored for up to thirty years.

IP addresses are typically stored for a limited time to enable access to our website. If we use them for website optimization or marketing, IP addresses are immediately anonymized and only processes anonymously. Cookies are stored for up to two years (for exceptions, please see above).

Forum data and posts are valuable contributions to the Steinberg customer community. Therefore we keep them unless you delete them, delete your forum account, or we delete the forum altogether.

In as far you have consented to process your data, we store it for the processing period, and as part of the statute of limitation for three more years.

 

9 Your rights

You have the right

  • according to Art. 15 GDPR to demand access to your personal data we are processing;
  • according to Art. 16 GDPR to demand the rectification or completion of inaccurate your personal data we are processing;
  • according to Art. 17 GDPR to demand the deletion of your personal data we are processing;
  • according to Art. 18 GDPR to demand the limitation of processing your personal data;
  • according to Art. 20 GDPR to receive the your personal in a structured, commonly used and machine-readable format or have the right demand to transmit those data to another controller;
  • according to Art. 21 to object, on certain grounds relating to your particular situation, at any time to the processing of personal data;
  • according to Art. 7 (3) GDPR to withdraw consent which you have given before. This also applies for withdrawal of consent which was given before GDPR became applicable on May 25, 2018. This prevents us from further processing your data but does not affect the lawfulness of processing based on consent before its withdrawal;
  • according to Art. 77 GDPR to lodge a complaint with a supervisory authority.

To claim your legal rights and regarding all other questions regarding data processing please get in touch with us using the address of Steinberg Media Technologies GmbH below or via email to privacy@steinberg.de. Claiming your legal rights is free of charge for you.

 

10 Contact Data

If you have further questions regarding privacy, collection, processing, use of your personal data, or would like to correct, amend or delete your personal data, please get in touch with us.

Controller of data processing Legal representative Data protection commissioner

Steinberg Media Technologies GmbH
Beim Strohhause 31
20097 Hamburg
Germany

 

President: 
Andreas Stelling

Directors: 
Thomas Schöpe,
Yoshiyuki Tsugawa

Mr. Matthias Lindner
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg

www.intersoft-consulting.de