Data controller:
Guido Fölsing, An der Hut 17, DE-36093 Künzell - Email: info@cnoc-records.de
1. Overview
We process personal data to fulfill contracts, handle payments via PayPal, provide digital downloads and comply with legal obligations. Legal bases include Art. 6 GDPR (contract performance, legitimate interest, consent).
2. Categories of processed data
- Account/order data: name, address, email, payment information as required (e.g., PayPal transaction data).
- Usage data: order history, IP address, download timestamps, server logs (from Goneo).
- Communication data: emails, support requests.
3. Purposes and legal bases
- Contract performance (Art. 6(1)(b) GDPR): order fulfillment, sending invoices/receipts, providing download links.
- Legitimate interest (Art. 6(1)(f) GDPR): operation and security of the PrestaShop store, fraud prevention, legal defense.
4. Technical operations & third parties
Shop software & hosting:
The shop runs on PrestaShop and is hosted on servers provided by Goneo GmbH (goneo.de). Server logs (e.g., IP address, timestamps, pages accessed) may be processed.
Payment processing:
Payments are processed via PayPal (e.g., PayPal Express/PayPal Standard). Necessary payment data will be transmitted to PayPal; PayPal processes these data according to its privacy policy. International data transfers may occur.
Email delivery / transactional emails:
Order and transactional emails may be sent via Goneo’s hosting email service or an external email provider; order details required for delivery will be transmitted.
Download hosting:
Digital downloads are hosted directly on the Goneo webspace; temporary access and server logs may be created.
Necessity & legal basis:
The disclosure and processing of the above data are necessary for contract performance, order processing and to ensure the operation of the shop (Art. 6(1)(b) GDPR). Where processing is necessary to protect legitimate interests (e.g., ensuring operation or fraud prevention), processing relies on Art. 6(1)(f) GDPR.
Recipients / processors:
Hosting and email services and payment providers act as processors or independent controllers; named providers include Goneo GmbH, PayPal and, where applicable, named email providers.
Merchandise shop (shirtee):
We only provide a link to a shop section on shirtee.com. Orders, payments, production, shipping, invoicing and all related data processing are handled exclusively between customers and shirtee; we do not transmit any order data to shirtee. For information on shipping, returns, withdrawal rights and privacy, please refer to the information provided in the shirtee shop.
International data transfers:
Where providers process data outside the EU/EEA (e.g., PayPal in the USA), this is done only on the basis of appropriate safeguards (e.g., standard contractual clauses) or other legal bases; users may consult the providers’ privacy notices for details.
Storage period & logs:
Server and access logs are retained only as long as necessary for the stated purposes or as required by law.
Security & measures:
Reasonable technical and organizational measures are implemented to protect data (e.g., access restrictions, encryption, regular security updates).
Contact / inquiries:
For questions about processing by a listed provider, please consult that provider’s privacy information; for general privacy inquiries contact us at info@cnoc-records.de.
5. Cookies & Tracking
- Necessary cookies: cookies required for the ordering process, login status and shopping cart functionality.
- Analytics/Marketing: currently no analytics/marketing tools are enabled.
- Withdrawal/Opt‑out: browser cookie settings can be used to disable non‑essential cookies; consent banner is used for consent where necessary.
6. Data retention
- Invoices/tax documents: 10 years.
- Order data: as long as required for contract fulfillment and to assert/defend claims (typically 3 years or longer when tax relevant).
- Server logs: deletion per Goneo policy or internal rules (e.g., 30–90 days), unless legal retention applies.
7. Data subject rights
You have rights to access, rectify, erase, restrict processing, object, data portability and withdraw consent, and to lodge a complaint with a supervisory authority.
8. Security
Appropriate technical and organizational measures are implemented (e.g., TLS/HTTPS, access restrictions, regular backups by Goneo).
9. Downloads / Logging
To provide downloadable music files, technical data (e.g., IP address, timestamp) is logged to enable delivery and prevent abuse.
10. International transfers
Use of PayPal and other services may result in transfers outside the EU/EEA; transfers are based on appropriate safeguards (e.g., SCCs) or provider terms.
Privacy contact: info@cnoc-records.de