Welcome to the Steinway & Sons website. We take data privacy very seriously. Below we would like to inform you about how we process your data. We therefore ask you to carefully read the following privacy information.
1. Name and contact details of the controller and the company's data protection officer
Controller: Steinway & Sons, Rondenbarg 10, D-22525 Hamburg, Germany, Email: firstname.lastname@example.org Telephone: +49 (0)40853910
The company data protection officer of Steinway & Sons is at the above address, attn: Mr Olaf Mangliers, also contactable via www.datenschutzbeauftragter-hamburg.com.
2. Collection and storage of personal data and the nature and purpose of their use
a) When visiting the website
When you visit our website, the browser used on your device automatically sends information to our website's server. This information is temporarily stored in a so-called log file. The following information will be collected without your intervention and stored until automated deletion:
• IP address of the computer making the request,
• Date and time of access,
• Name and URL of the retrieved file,
• Website from which access is requested (referrer URL),
• Browser used and, if necessary, the operating system of your computer and the name of your access provider.
The data mentioned above are processed by us for the following purposes:
• Ensuring a smooth connection to the website,
• Ensuring comfortable use of our website,
• Evaluation of system security and stability, and
• for other administrative purposes.
The legal basis for data processing is Article 6 (1) number 1 lit. f GDPR. Our legitimate interests for the purposes of data collection are listed above. In no case will we use the collected data for the purpose of drawing conclusions about your person.
b) When subscribing to our newsletter
If you have expressly given your consent pursuant to Article 6 (1) number 1 lit. a GDPR, we will use your email address to regularly send you our newsletter. To receive the newsletter, providing an email address is sufficient.
Unsubscribing is possible at any time, for example via a link at the bottom of each newsletter. Alternatively, you can also send your unsubscribe request to email@example.com via email.
For our newsletters, we use the marketing automation system Microsoft Dynamics 365 Cloud for Marketing of the provider Microsoft Corporation (Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 Munich, Germany) — hereinafter "Microsoft". The data processing takes place within the European Union.
The use of the provider Microsoft and the system, the performance of statistical surveys and analyses, as well as the logging of the registration process for communication by email, are based on your consent to receive the newsletter.
Statistical surveys include determining whether newsletters are opened, when they are opened, and which links are clicked. Although this information can technically be assigned to individual newsletter recipients, an analysis of personal data is disabled and information about newsletter recipients is only processed anonymously.
Cookies are used for the provision of the Subscription Center for the independent management of the newsletter subscription.
Further information on Microsoft's data protection can be found at https://privacy.microsoft.com/de-de/privacystatement.
c) When using our contact form
For questions of any kind, you can contact us via the form provided on the website. A valid email address is required so that we know who sent the request, and so that we can respond to it.
In addition, the following information is requested: first name & last name, subject of the request and the address. We need this information to forward your request to the sales partner responsible for you.
The data processing for the purpose of contacting us is based on your voluntarily granted consent per Article 6 (1) number 1 lit. a GDPR.
Should your enquiry be sent to us from outside the European Union (EU), we will send your contact data to Steinway retailers close to your location and, if necessary, outside the EU. Countries outside the EU may not have an adequate national level of data protection, and no guarantees (e.g. standard safeguard clauses) can be agreed with companies in these countries. However, providing you with support from a Steinway retailer is in our legitimate interest in accordance with art. 6 (1) lit. f of the GDPR; as such, in these cases the transfer of data is necessary for the performance of (pre-)contractual measures in accordance with art. 49 (1) lit. b of the GDPR.
The personal data collected by us for the use of the contact form will be automatically deleted after completion your request.
3. Disclosure of data
Transfer of your personal data to third parties for purposes other than those listed below does not take place.
We only share your personal information with third parties if:
• You have expressly given your consent per Article 6 (1) number 1 lit. a GDPR,
• Disclosure under Article 6 (1) number 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to believe that you have an overriding legitimate grounds for the non-disclosure of your data,
• In the event that disclosure per Article 6 (1) number 1 lit. c GDPR is a legal obligation, and
• This permitted by law and is required per Article 6 (1) number 1 lit. b GDPR for handling our contractual relationship with you.
Information arising in connection with the specific device used is stored in the cookie. However, this does not mean that we are immediately aware of your identity.
In addition, to improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our website again to take advantage of our services, it will automatically recognise that you have previously visited our site and what inputs and settings you made, so you do not have to re-enter them.
The data processed by the cookies are required for the purposes mentioned above to protect our legitimate interests, as well as those of third parties, per Article 6 (1) number 1 lit. f GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or that an alert appears before a new cookie is created. However, disabling cookies completely may mean that you cannot use all features of our website.
5. Analysis tools
a) Tracking tools
The tracking measures listed below and used by us are conducted on the basis of Article 6 (1) number 1 lit. f GDPR. With the tracking measures to be used, we want to ensure needs-based design and the continuous optimisation of our website. At the same time, we use the tracking measures to statistically record the use of our website and to evaluate said use for the purpose of optimising our website for you. These interests are to be regarded as justified within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
a. 1) Google Analytics
We use Google Analytics, a Web Analytics service from Google Inc., for the purpose of designing and continuously optimising our pages. (https://www.google.de/intl/en/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymised usage profiles are created and cookies (see Point 4) are used. The information generated by the cookie about your use of this website such as
• Browser type/version,
• Operating system used,
• Referrer URL (the previously visited website),
• Hostname of the accessing computer (IP address),
• Time of the server request,
are transferred to a Google server in the United States and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and needs-based website design. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. In no case will your IP address be merged with other data by Google. The IP addresses are anonymised so that association with your data is not possible (IP masking).
You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case you may not be able to fully use all features of this website.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on this link: tools.google.com/dlpage/gaoptout. An opt-out cookie will be stored. This will prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
For more information about privacy related to Google Analytics, see the Google Analytics Help Centre (https://support.google.com/analytics/answer/6004245?hl=en).
a.2.) Friendly Captcha (Bot/Spam Protection)
Our website uses the "Friendly Captcha" service (www.friendlycaptcha.com). This service is offered by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. Friendly Captcha is a novel, privacy-friendly protection solution to make it more difficult for automated programs and scripts (so-called "bots") to use our website.
For this purpose, we have integrated a program code from Friendly Captcha into our website (e.g. for contact forms) so that the visitor's terminal device can establish a connection to the Friendly Captcha servers in order to receive a calculation task from Friendly Captcha. The visitor's terminal solves the calculation task, which requires certain system resources, and sends the calculation result to our web server. The server contacts the Friendly Captcha server via an interface and receives a response stating whether the puzzle was solved correctly by the end device. Depending on the result, we can apply security rules to requests via our website and thus, for example, process or reject them.
The data is used exclusively for the protection against spam and bots described above. Friendly Captcha does not set or read any cookies on the visitor's terminal device. IP addresses are only stored in hashed (one-way encrypted) form and do not allow us and Friendly Captcha to draw any conclusions about an individual person.
If personal data is collected, it is deleted after 30 days at the latest. The legal basis for the processing is our legitimate interest in protecting our website from improper access by bots, i.e. spam protection and protection against attacks (e.g. mass requests), Art. 6 para. 1 lit. f DSGVO. Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.
a.3) Facebook Pixel, Custom Audiences and Facebook Remarketing
6. Social media icons
On the basis of Article 6 (1) number 1 lit. f GDPR, our website uses social plug-ins from the social networks Facebook and Twitter to achieve greater recognition for our company. The underlying commercial purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for data-protection-compliant operation is to be guaranteed by the respective providers. The integration of these plug-ins by us is done by means of the so-called two-click method to protect visitors to our website in the best possible way.
7. Data subjects' rights
You have the right to:
• request information, in accordance with Article 15 GDPR, about personal data about you processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, limitation of processing or to object, the existence of a right of appeal, the origin of your data if not collected by us, as well as the existence of an automated decision-making process, including profiling and, where appropriate, information on their details;
• pursuant to Article 16 GDPR, demand the immediate correction (of incomplete data) or completion of personal data stored by us;
• demand, in accordance with Article 17 GDPR, the deletion of your personal data stored by us, except where processing is required for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
• demand, in accordance with Article 18 GDPR, the restriction of the processing of your personal data, as far as the accuracy of the data is disputed by you; or as far as the processing is unlawful, but you reject their deletion and we no longer need the data but you require them to assert, exercise or defend legal claims; or as far as you have objected to data processing per Article 21 GDPR;
• receive, per Article 20 GDPR, the personal data which you have provided us within a structured, common and machine-read format; or to demand their transmission to another data controller;
• per Article 7 Paragraph 3 GDPR, you may revoke your consent at any time. This will mean that we will no longer be able to carry out the data processing for which said consent was given;
• to complain to a supervisory authority per Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work, or of our office.
8. Right to object
If your personal data are processed based on legitimate interests in accordance with Article 6 (1) number 1 lit. f GDPR, you have the right to file an objection against the processing of your personal data in accordance with Article 21 GDPR, provided that there are reasons for this resulting from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without you being required to specify any particular situation.
If you would like to exercise your right of revocation or objection, please send an email to firstname.lastname@example.org
9. Data security
We use the popular SSL (Secure Socket Layer) method for site visits, in conjunction with the highest level of encryption supported by your browser. Typically, this is 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. Whether a single page of our website is encrypted is shown via a key or lock icon in the lower status bar of your browser.
We also take appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.