Mr. Nikolaus Daim, owner of the unrecorded sole proprietorship with the business name "Master The Score", having its office in Vienna and its business address at A-1160 Vienna, Speckbachergasse 22/54, (hereinafter referred to as “Master The Score" or “MTS”) is a website, available at the address https://masterthescore.com – which redirects to https://master-the-score.teachable.com, offering highest level online courses, in particular for composition, orchestration, production, mixing and/or mastering, aimed equally at film, TV, game and/or trailer composers – that is a natural or legal person, regardless of whether consumer or entrepreneur, making use of the courses offered by MTS (hereinafter referred to as “Courses”).
The booking of and participation in Courses is based on an agreement (hereinafter referred to as “Agreement") concluded online between MTS as provider and the subject as participant of the Course.
MTS decides on the processing of the personal data collected from the data subjects in connection with the initiation and conclusion of the Agreement and is responsible for the data processing (controller according to Art 4 para 7 GDPR).
Courses offered by MTS to data subjects are designed in particular for learning, improving and mastering of composition, orchestration, production, mixing and/or mastering techniques and skills and are aimed equally at film, TV, game and/or trailer composers.
This data protection guideline (hereinafter referred to as “DPG") regulates the data protection relationship between MTS and the data subjects.
Data subjects in the sense of this DPG are natural persons whose personal data is processed by MTS in the course of booking and participating in Courses of MTS (hereinafter referred to as "data subjects" or “subjects”).
Personal data is any information relating to an identified or identifiable natural person (hereinafter as referred to as “data”).
An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; (Article 4 para 1 GDPR).
5.1. What is understood by the term processing of personal data?
Processing of personal data encompasses for example the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data, irrespective of whether the processing is carried out with or without the aid of automated means (Art 4 para 2 GDPR).
5.2. For what purpose does MTS process personal data?The processing of personal data from data subjects is carried out for the purposes stated below:
5.3. What personal data does MTS process during the initiation, conclusion and fulfillment of the Agreement?
During the initiation, conclusion and fulfillment of the Agreement with a data subject, the following personal data of the data subject are processed by MTS:
The legal basis for the processing of the above-mentioned personal data of the subject lies within Art 6 par 1 lit a, lit b and lit f GDPR (explicit consent of the data subject, necessity of data processing for the performance of the agreement and protection of legitimate interests of the controller).
5.5. What personal data does MTS process for the fulfillment of retention obligations under tax and/or company law?
For the fulfillment of retention obligations under tax and/or company law the personal data of the data subject mentioned under clause 5.3 are processed by MTS.
The legal basis for the processing of the data of the data subject lies within Art 6 para 1 lit a and Art 6 para 1 lit c GDPR (explicit consent of the data subject and necessity for compliance with a legal obligation to which the controller is subject).
5.6. Which personal data is processed for marketing and advertising purposes?For marketing and advertising purposes, the following processors are used by MTS:
5.6.1 Mailchimp
MTS uses “Mailchimp” a marketing automation platform and e-mail marketing service provided by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (hereinafter referred to as “Mailchimp”) for marketing and/or advertising purposes (newsletters). Additionally, MTS analyzes the usage behavior of data subject in order to optimize its offers. For this purpose, MTS shares the following personal data with Mailchimp:
Mailchimp is a recipient of data subject’s personal data and acts in this particular context as a processor on behalf of the controller (Art 4 para 8 GDPR).
Additionally, Mailchimp collects the following personal data using cookies and implemented tracking devices:
MTS does not store any of subject’s data that is collected additionally by Mailchimp. Mailchimp processes the aforementioned personal data to ensure the security and reliability of its systems, compliance with its terms of use and the prevention of abuse. This corresponds to the legitimate interest of Mailchimp (according to Art 6 para 1 lit f GDPR) and serves the execution of the contract (according to Art 6 para 1 lit b GDPR). Mailchimp has also implemented compliance measures for international data transfers. These apply to all global activities where Mailchimp processes personal data of individuals in the EU. These measures are based on standard contractual clauses for data transfers (2010/87/EC and/or 2004/915/EC) and can be retrieved in detail under https://mailchimp.com/legal/data-processing-addendum/.
Subjects can find out which data is collected by Mailchimp and what this data is used for in detail at https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts.
The legal basis for the processing of the subject’s data listed above and found in details under https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts lies within Art 6 para 1 lit a and Art 6 para 1 lit f GDPR (explicit consent of the data subject and protection of legitimate interests of the controller).
5.6.2 Meta Pixel
MTS uses "Meta Pixel" a tracking cookie provided by Meta Platforms, Inc. USA, or if subject is resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as "Meta").
Therefore, MTS has implemented a code on its website. Meta Pixel is a snippet of Java-Script code that loads a collection of functions that allow Meta / Instagram to track subject’s user actions in case subject navigated to MTS’ website through “Meta ads”. Accordingly, MTS uses Meta Pixel to display the Meta / Instagram ads placed by MTS only to those Meta / Instagram users who have also shown an interest in MTS’ online offers or who possess certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that MTS transmits to Meta / Instagram ("Custom Audiences"). The Meta Pixel sends tracking information to the Meta Business account so that it can optimise ads to target visitors to our landing page.
By implementing Meta Pixel, MTS also want to ensure that Meta / Instagram ads, placed by MTS, correspond to the potential interest of users and do not have a harassing effect. By implementing Meta Pixel, MTS can further track the effectiveness of its Meta / Instagram ads for statistical, marketing and advertising purposes by learning whether users were redirected to MTS’ website after clicking on a Meta / Instagram ad ("conversion"). Those cookies allow Meta / Instagram to match subject’s data (such as IP address, user ID) with subject’s Meta / Instagram account data. The collected data is anonymous, not visible to MTS and can only be used in the context of ad placements. If subject is a Meta / Instagram user and logged in, the visit to MTS’s website is automatically assigned to subject’s Meta / Instagram user account.
Subjects can find out which data is collected by Meta / Instagram and what this data is used for in detail at https://www.facebook.com/policy/cookies/printable for Meta and https://help.instagram.com/help/instagram/519522125107875/?locale=en_US for Instagram.The legal basis for the processing of the subject’s data found under https://www.facebook.com/policy/cookies/printable for Facebook and https://help.instagram.com/help/instagram/1896641480634370/?locale=en_US&helpref=hc_fnav for Instagram lies within Art 6 para 1 lit a GDPR (explicit consent of the data subject).
We expressly point out that when using Meta Pixel, a data transfer to the USA cannot be excluded. In this context, it should be noted that data protextion in the USA is not as strict as in Europe. Irrespective of this, an adequate level of protection within the meaning of Art 45 GDPR is guaranteed by the fact that Meta Platforms, Inc. is certified under the EU-US Data Privacy Framework: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active
5.6.3 Sumo
MTS uses “Sumo” an all-in-one suite of apps designed for e-mail list-building, on-site analytics, social sharing, traffic boosting, communication and e-commerce provided by Sumo Group Inc. (d/b/a "AppSumo","Sumo","Sumo.com"), 1305 E. 6th St #3, Austin, TX 78702, USA (hereinafter referred to as “Sumo”) for marketing and/or advertising purposes (newsletters).
For this purpose, MTS shares the following personal data with Sumo:
Sumo is a recipient of data subject’s personal data and acts in this particular context as a processor on behalf of the controller (Art 4 para 8 GDPR).Sumo has also implemented compliance measures for international data transfers. These apply to all global activities where Sumo processes personal data of individuals in the EU. These measures are based on standard contractual clauses for data transfers (2010/87/EC and/or 2004/915/EC) and can be retrieved in detail under https://sumo.com/data-processing-agreement. Subjects can find out which data is collected by Sumo and what this data is used for in detail at https://sumo.helpscoutdocs.com/article/833-privacy-policy.The legal basis for disclosing data to processors is found in Art 6 para 1 lit a and lit f GDPR.
5.7. What personal data is processed for statistical purposes?
For statistical purposes, the following processors are used by MTS:
5.7.1 Google Analytics and Google Ads
MTS uses “Google Analytics”, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Analytics uses cookies. The information collected using cookies about subject’s use of MTS’ website (including subject’s IP address and the URLs of the websites accessed) is transmitted to Google servers in Ireland and stored there.
MTS does not store any of subject’s data that is collected in connection with Google Analytics. MTS’ website uses the IP anonymization option provided by Google. Subject’s IP address will therefore be shortened or anonymized by Google as soon as Google receives subject’s IP address and the data linked to it. From this point on, the usage statistics collected can no longer be assigned to a specific website user.
Google Analytics offers the possibility, for example, to record how many users use which pages of MTS’ website, how long users are on the individual pages of the website, and what demographic characteristics the users of the website have. However, within the framework of these statistics, it is not possible for MTS to establish a personal reference to individual users of MTS’ website. Furthermore MTS uses Google Ads. Google Ads (formerly AdWords) can be used to generate online advertising to attract prospective customers precisely when they show interest in your product or service. In this case, data such as visit statistics including location of access, data from the accessed device, visit duration and time, diagnosis of what was clicked on and the IP address could be processed. Personal data such as names or e-mail addresses may also be processed.
Subjects can find a list of data collected by Google and what this data is used for in detail at https://policies.google.com/privacy?hl=en.
The legal basis for the processing of the subject’s data as listed in https://policies.google.com/privacy?hl=en lies within Art 6 para 1 lit a and GDPR (explicit consent of the data subject). We expressly point out that when using Google Analytics and Google Ads, a data transfer to the USA cannot be excluded. In this context, it should be noted that data protection in the USA is not as strict as in Europe. Irrespective of this, an adequate level of protection within the meaning of Art 45 GDPR is guaranteed by the fact that Google LLC is certified under the EU-US Data Privacy Framework: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
6.1. MTS shall maintain a data processing record in which all operations in which MTS processes personal data are mapped (Art 30 GDPR).
6.2. Unless explicitly stated otherwise in the preceding points of this DPG, all stored data of the data subjects as well as all communication between MTS and the database servers will be encrypted.
7.1. Personal data of data subjects will only be disclosed to the organs or employees of MTS who are contractually bound to secrecy.
The legal basis for this disclosure of personal data lies within in Art 6 para 1 lit b and lit f GDPR.
7.2. Personal data of data subjects shall also be disclosed to third parties in the following exceptional cases:
7.2.1. Disclosure to Courts or Law Enforcement Authorities
In the case of unlawful use of services offered by MTS, including but not limited to Courses, for the enforcement of legal claims of MTS against data subjects or if this is necessary for criminal justice purposes, personal data of data subjects may be disclosed by MTS to law enforcement authorities and to the competent courts.
The legal basis for the disclosure of data to law enforcement authorities or domestic courts is found in Art 6 para 1 lit f GDPR.
7.2.2. Disclosure to other Processors
MTS uses various processors to process data of data subjects. The term processor is understood to mean a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller (Art 4 para 8 GDPR). The contracted processors are IT service providers.
MTS is entitled to involve IT service providers at any time, including other IT service providers than those currently involved and subsequently named. If MTS uses recipients for the processing of personal data of data subjects whose registered office is outside the European Union (EU) or the European Economic Area (EEA), it is ensured that personal data of data subjects are only transferred to third countries - located outside the EU or the EEA - for which the EU Commission has expressly decided that they have an adequate level of data protection. In addition, MTS ensures that each recipient in third countries has an adequate level of data protection by concluding standard contractual clauses for data transfers (2010/87/EC and/or 2004/915/EC). MTS will gladly provide these standard contractual clauses to data subjects upon request.
7.2.2.1. Teachable
The hosting and technical operation of the data server, its maintenance as well as the technical data security are currently carried out by Teachable, Inc., 470 Park Avenue South, 6th Floor, New York, New York 10016, USA on behalf of MTS. Standard contractual clauses have been concluded between MTS and the aforementioned processor. The processor may use other (sub-) processors. In case of transfer of data outside the EEA, the processor assures to comply with the provisions of its own privacy policy and the relevant data protection laws. This includes, for example, the transfer of data to the U.S. in accordance with the framework agreements for the EU-U.S. Privacy Shield and the Switzerland-U.S. Privacy Shield or in accordance with data transfer agreements that include the standard contractual clauses approved by the EU Commission.
The legal basis for disclosing data to processors is found in Art 6 para 1 lit b and lit f GDPR.
7.2.2.2. Zapier
MTS uses “Zapier”, a web applications integration service provided by Zapier Inc., 243 Buena Vista Ave 508, Sunnyvale, CA 94086, USA (hereinafter referred to as “Zapier”). Zapier allows for connectivity, interactivity and automation of individual functions of Mailchimp and Fastspring. Thus, MTS utilizes Zapier in connection with Mailchimp and Fastspring in order to properly classify and manage subjects subscribed to its mailing lists and for establishing the connection between Fastspring and the platform Teachable. For this purpose, MTS shares the following personal data with Zapier: E-mail address, name, adress, purchase information.
Zapier has also implemented compliance measures for international data transfers. These apply to all global activities where Zapier processes personal data of individuals in the EU. These measures are based on standard contractual clauses for data transfers (2010/87/EC and/or 2004/915/EC) and can be retrieved in detail under https://zapier.com/privacy/zapier-services?from_url=https%3A%2F%2Fzapier.com%2Fprivacy.
Subjects can find out which data is collected by Zapier and what this data is used for in detail at https://zapier.com/privacy.
The legal basis for disclosing data to processors is found in Art 6 para 1 lit a and lit f GDPR.
7.2.2.3. Fastspring
MTS uses Fastspring as a payment provider and digital reseller. Any Personal Information collected by visiting this Website is controlled by Bright Market, LLC d/b/a FastSpring, 801 Garden Street, #201, Santa Barbara, CA 93101, United States of America. FastSpring complies with the EU-U.S. DPF as set forth by the U.S. Department of Commerce. FastSpring has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF program Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. Subjects can find out which data is collected by Fastspring and what this data is used for in detail at https://fastspring.com/privacy/
7.2.3. Disclosure to Consultants
For the purpose of the further development of Courses, it may be necessary to disclose personal data of data subjects to consultants of MTS (legal advisors, tax advisors and/or management consultants).The legal basis for a disclosure of data to consultants is found within Art 6 para 1 lit b and Art 6 para 1 lit f GDPR.
Subjects may find advertising and/or other content at MTS’ website that link to the websites and/or services of MTS’ partners, suppliers, advertisers, sponsors, licensors and other third parties. MTS does not control the content and/or links that appear on these websites. These websites and/or services may have their own data protection guidelines and/or customer service policies.
Browsing and interaction on any other website is subject to that website's own terms and policies.
9.1. The personal data disclosed by data subjects will generally be stored by MTS for as long as is necessary for MTS to fulfill the purposes stated in section 5.2 of this DPG.
9.2. The data of the data subject will be deleted, if data subject objects to the data processing or the Agreement with MTS is terminated - for whatever reason – unless there is another basis for the lawfulness of the data processing (Art 6 GDPR with the exception of Art 6 para 1 lit a GDPR).
9.3. Irrespective of any objection by the data subject to the data processing or the termination of the Agreement with MTS - for whatever reason the lawfully processed personal data collected from the data subject until the objection or the termination of the contract, namely
10.1. Data subjects may have the following rights:
10.2. If the data subject makes use of one of the aforementioned rights, wishes to receive certain information, wishes to notify MTS of a change in his/her personal data or has questions regarding the use of his/her disclosed personal data, data subject may contact MTS (data controller) by using the contact details provided below:
“Master The Score”
Owner: Mr. Nikolaus Daim
A-1160 Vienna, Speckbachergasse 22/54
info@masterthescore.com
Vienna, November 2021