YELLOW BEAR RECORDS

    Privacy Policy

    1) Introduction and Contact Details of the Responsible Party

    1.1 We are pleased that you visit our website and thank you for your interest. The following informs you about the handling of your personal data when using our website. Personal data means any data by which you can be personally identified.

    1.2 The party responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Yellow Bear Records GmbH, Groß-Nabas-Str. 9, 81827 Munich, Germany, Tel.: +49 (0)89 12126142, Email: info@yellowbearrecords.com. The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

    2) Data Collection When Visiting Our Website

    2.1 For purely informational use of our website, i.e., if you do not register or otherwise transmit information to us, we only collect such data that your browser transmits to the server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website:

    • The website you visited
    • Date and time of access
    • Amount of data sent in bytes
    • Referrer URL from which you reached the page
    • Browser used
    • Operating system used
    • IP address used (if applicable, anonymized)

    The processing is based on Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not shared or used otherwise. We reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

    2.2 This website uses SSL/TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries). You can recognize a secure connection by the “https://” in your browser’s address bar and the lock icon.

    3) Hosting & Content Delivery Network

    For hosting our website and displaying content, we use a provider that delivers its services exclusively on servers within the European Union. All data collected on our website is processed on these servers. We have concluded a data processing agreement with the provider to ensure the protection of our visitors’ data and prevent unauthorized sharing with third parties.

    4) Cookies

    To make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your device. Some cookies are automatically deleted when the browser is closed (session cookies), while others remain on your device for longer periods and enable the storage of page settings (persistent cookies). You can check the storage duration in your browser’s cookie settings.

    If any of our cookies also process personal data, this processing is based on Art. 6(1)(b) GDPR for contract fulfillment, Art. 6(1)(a) GDPR for consent, or Art. 6(1)(f) GDPR for our legitimate interest in the best possible functionality and user experience of the website.

    You can configure your browser to inform you about cookies and allow or deny them individually. Please note that if you refuse cookies, the functionality of our website may be limited.

    5) Contact

    When contacting us (e.g., via contact form or email), personal data is collected. The data collected through a contact form is indicated on the form itself. This data is used solely for responding to your inquiry and for technical administration purposes. The legal basis for processing this data is our legitimate interest under Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, Art. 6(1)(b) GDPR applies additionally. Data will be deleted after your inquiry is fully processed, unless legal retention obligations prevent this.

    6) Use of Customer Data for Direct Marketing

    If you provided us with your email address when purchasing goods or services, we may send you regular offers for similar products via email based on our legitimate interest in personalized direct marketing (Art. 6(1)(f) GDPR). You may object at any time by notifying the responsible party. Email delivery will cease promptly after objection.

    7) Data Processing for Order Fulfillment

    7.1 For contract fulfillment, the personal data collected may be forwarded to the contracted shipping and payment service providers under Art. 6(1)(b) GDPR.

    7.2 Use of payment providers:

    • Apple Pay: Transactions are processed via Apple Pay using the security features of your iOS, watchOS, or macOS device. Data is transmitted in encrypted form for payment processing. Art. 6(1)(b) GDPR applies.
    • Google Pay: Transactions are processed via the Google Pay app on your Android device with NFC. Relevant transaction information is transmitted to Google. Processing is based on Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR for legitimate interest.
    • Klarna: Payment data provided during checkout is shared with Klarna only for the purpose of payment processing under Art. 6(1)(b) GDPR. Creditworthiness checks are conducted on the basis of personal data and legally allowed score values under Art. 6(1)(f) GDPR.
    • PayPal: Payment data provided during checkout is shared with PayPal for processing only as required, under Art. 6(1)(b) and (f) GDPR.
    • Stripe: Payment data provided during checkout is shared with Stripe for processing only as required, under Art. 6(1)(b) and (f) GDPR.

    8) Web Analytics

    We use the Jetpack service (Automattic Inc., USA) for web analytics. The service uses cookies and other technologies to collect pseudonymized visitor data for statistical analysis and to create pseudonymized usage profiles. Personal identification is excluded. Processing is based on Art. 6(1)(a) GDPR with consent. Users can revoke consent at any time via the cookie consent tool.

    9) Tools and Miscellaneous

    Cookie Consent Tool: We use an interactive cookie consent tool to manage opt-in for cookies. Only cookies with consent are loaded. Personal data is not processed except as necessary to store preferences under Art. 6(1)(f) and 6(1)(c) GDPR.

    10) Rights of the Data Subject

    10.1 You have the following rights under applicable data protection law: access (Art. 15), rectification (Art. 16), deletion (Art. 17), restriction of processing (Art. 18), notification (Art. 19), data portability (Art. 20), withdrawal of consent (Art. 7(3)), and complaint (Art. 77) GDPR.

    10.2 Right to Object: You may object at any time to processing based on our legitimate interest under Art. 6(1)(f) GDPR. Objection halts processing, except where overriding legitimate reasons exist or for legal claims. You may also object to direct marketing at any time under Art. 21(2) GDPR.

    11) Duration of Data Storage

    Data is stored based on legal grounds, purpose of processing, and statutory retention periods. Data based on consent (Art. 6(1)(a) GDPR) is stored until withdrawal of consent. Data for contract obligations (Art. 6(1)(b) GDPR) is deleted after retention periods expire. Data processed under legitimate interest (Art. 6(1)(f) GDPR) is stored until objection rights are exercised, unless overriding legitimate reasons exist or data is needed for legal claims. Data for direct marketing is stored until objection under Art. 21(2) GDPR.