PRIVACY POLICY

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

2. General Information on Data Processing

We process personal data of our visitors only to the extent necessary to provide a functional website as well as our content and services. Personal data is regularly processed only with the user's consent or in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

Legal basis

Insofar as we obtain the consent of the data subject for processing operations, Art. 6 (1) (a) GDPR serves as the legal basis. For processing necessary for the performance of a contract, Art. 6 (1) (b) GDPR applies. Where processing is required to comply with a legal obligation, Art. 6 (1) (c) GDPR is the legal basis. Art. 6 (1) (f) GDPR serves as the legal basis where processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest.

3. Access Data & Server Log Files

When you visit our website, our hosting provider (Netlify, see Section 8) automatically collects and processes technical information that your browser transmits. These are:

• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address
• HTTP status code and data volume transferred

This data is not merged with other data sources and is processed solely for the purpose of providing a technically secure and stable website. The legal basis is Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website. Details on storage periods can be found in the Netlify privacy policy linked in Section 8.

4. Cookies

This website uses only technically necessary cookies (e.g., to remember whether the cookie notice has been acknowledged). No tracking cookies, no analytics cookies, no marketing cookies, and no third-party scripts are used. The legal basis is § 25 (2) (2) TTDSG in conjunction with Art. 6 (1) (f) GDPR.

You can configure your browser to inform you about the setting of cookies and to decide individually about their acceptance or to generally exclude the acceptance of cookies for certain cases. Disabling cookies may limit the functionality of this website.

5. Contact via Email or Phone

If you contact us by email or telephone, your inquiry, including all personal data resulting therefrom (name, inquiry), will be stored and processed by us for the purpose of processing your request. The legal basis is Art. 6 (1) (b) GDPR for inquiries related to a contract or to pre-contractual measures, and otherwise Art. 6 (1) (f) GDPR (legitimate interest in answering your inquiry).

We do not pass on this data without your consent. The data will be deleted as soon as it is no longer required for the purpose of its collection, unless statutory retention periods (e.g., commercial or tax law) prevent this.

6. External Links (EPK, Streaming, Social Media)

This website contains links to external services, including but not limited to:

• Instagram (operated by Meta Platforms Ireland Ltd.)
• EPK on linkfire / lnk.to (operated by Linkfire A/S, Denmark)
• Streaming services (e.g., Spotify, SoundCloud, YouTube) where applicable

These services are only loaded when you actively click on the respective link. No automatic data transfer to these providers takes place by merely opening this website. Once you click an external link, you leave our site; we have no influence over the data processing of the linked services. Please consult the privacy policies of the respective providers.

7. YouTube Video Embedding (2-Click Solution)

This website embeds a video from YouTube (provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). We use the so-called 2-click solution in combination with youtube-nocookie.com (YouTube's extended data protection mode).

This means that no data is transmitted to YouTube / Google when the page is loaded. Only when you actively click on the video preview ("Play" button) is a connection established with YouTube servers, and only then is the video loaded. By clicking, you actively consent to the data transfer.

Once you start the video, the following data may be transmitted to YouTube:

• IP address
• Browser type and version
• Date and time of access
• Referrer URL
• Information about the device used

If you are logged into your Google account at the time of playback, YouTube can associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Google account before playing the video.

The legal basis for processing after your active click is your consent pursuant to Art. 6 (1) (a) GDPR and § 25 (1) TTDSG. You can withdraw your consent at any time with effect for the future by not clicking the video.

Google processes data in the USA. The European Commission has issued an adequacy decision for the USA (EU-US Data Privacy Framework) under which certified US companies — including Google LLC — provide an adequate level of data protection. Further information on data processing by YouTube can be found in YouTube's privacy policy: https://policies.google.com/privacy.

8. Bandsintown Tour Date Widget (2-Click Solution)

On our Tourdates section we use a widget provided by:

To protect your privacy, we use a 2-click solution: the Bandsintown widget is not loaded automatically when you open this website. Instead, a placeholder is shown. Only when you actively click on the "Load Tour Dates" button is the Bandsintown script loaded and a connection to Bandsintown servers established.

Once you load the widget, the following data may be transmitted to Bandsintown:

• IP address
• Browser type and version
• Operating system
• Referrer URL
• Date and time of access
• Information about the device used
• Cookies set by Bandsintown

If you interact with the widget (e.g. clicking "RSVP", "Follow" or "Request a Show"), additional personal data such as your email address or location may be processed by Bandsintown directly. This processing takes place outside of our control.

The legal basis for processing after your active click is your consent pursuant to Art. 6 (1) (a) GDPR and § 25 (1) TTDSG. You can withdraw your consent at any time with effect for the future by not clicking the widget.

Data Transfer to the USA

Bandsintown processes data on servers located in the USA. The transfer is based on the EU-US Data Privacy Framework and/or EU Standard Contractual Clauses. Please note that a residual risk remains regarding access to data by US authorities. Further information on data processing by Bandsintown can be found in their privacy policy: https://www.bandsintown.com/privacy.

9. Hosting (Netlify)

This website is hosted by:

Netlify is a US-based provider of website hosting and content delivery network (CDN) services. When you visit this website, Netlify automatically processes technical access data in so-called server log files. This includes:

• IP address
• Browser type and version
• Operating system
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• HTTP status code and data volume transferred

This data is necessary for the technically secure, fast and stable delivery of our website via Netlify's global CDN infrastructure. The legal basis is Art. 6 (1) (f) GDPR — our legitimate interest in the secure and efficient provision of our online presence.

Data Transfer to the USA

Netlify processes data on servers located in the USA and other countries. The transfer of personal data to the USA is based on the EU-US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023). Netlify, Inc. is self-certified under the EU-US Data Privacy Framework and therefore commits to comply with European data protection standards. You can verify the certification at: https://www.dataprivacyframework.gov/list.

In addition, we have concluded a Data Processing Agreement (DPA) with Netlify, Inc. pursuant to Art. 28 GDPR, which includes the EU Standard Contractual Clauses (SCCs) as an additional safeguard.

Please note: Despite these safeguards, a residual risk remains regarding access to data by US authorities (e.g. under the US CLOUD Act), as no transfer to a third country can offer the same level of protection as processing within the EU.

Further information on data processing by Netlify can be found in Netlify's privacy policy: https://www.netlify.com/privacy/ and DPA: https://www.netlify.com/gdpr-ccpa/.

10. Your Rights as a Data Subject

You have the following rights with regard to your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure ("right to be forgotten", Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing (Art. 21 GDPR)
• Right to withdraw consent at any time, with effect for the future (Art. 7 (3) GDPR)

To exercise any of these rights, please contact us using the details provided in Section 1.

11. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

For Lower Saxony, the responsible supervisory authority is:
Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5, 30159 Hannover, Germany
https://lfd.niedersachsen.de

Last updated: May 2026