Privacy Policy
With this Privacy Notice, we inform you about our handling of personal data and your rights under the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
The controller in terms of data protection laws is
smile for music gUG (haftungsbeschränkt)
Lehmgrube 5
97688 Bad Kissingen, Germany
Contact details: see imprint
Managing Director: Reiner Hartmann
Registered Office: Bad Kissingen, Germany
Schweinfurt, Germany, Local Court – HRB 9929
Info: On our website, we usually address you with the informal “Du” (see note in the imprint). We have made an exception for the Privacy Policy.
A – General Information
A1 Basis on which we process data
The data protection term “personal data” refers to all information relating to an identified or identifiable natural person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us takes place on the basis of legal permission. We process personal data only with your consent (Art. 6 para. 1 lit. a GDPR), for the performance of a contract to which you are a party or upon a request to take steps prior to entering into a contract (Art. 6 para. 1 lit. b GDPR), for compliance with a legal obligation (Art. 6 para. 1 lit. c GDPR), or if processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 para. 1 lit. f GDPR).
A2 Rights of data subjects
If personal data of the user is processed, the user is a data subject within the meaning of the GDPR. Data subjects have the following rights:
Right of access: The data subject has the right to obtain confirmation as to whether or not personal data concerning them are being processed. If personal data are processed, the data subject has the right to obtain free information and a copy of the personal data that are the subject of the processing.
Right to rectification: The data subject has the right to demand the immediate rectification of inaccurate or completion of incomplete personal data.
Right to erasure: The data subject has the right to demand the immediate erasure of personal data concerning them, in accordance with legal provisions.
Right to restriction of processing: The data subject has the right to demand the restriction of processing of personal data concerning them, in accordance with legal provisions.
Right to data portability: The data subject has the right to receive the personal data concerning them in a structured, commonly used and machine-readable format or to request transmission to another controller.
Right to object: The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Art. 6 para. 1 subpara. 1 lit. e) or f) GDPR; this also applies to profiling based on these provisions. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
Right to withdraw consent: The data subject has the right to withdraw their consent at any time.
Right to lodge a complaint: The data subject has the right to lodge a complaint with a supervisory authority.
A3 Duration of data storage
Unless otherwise defined in the following notices, we store data only as long as it is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations.
Such legal retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and personal data present in commercial letters and contracts for six years. Furthermore, we will retain data related to consents requiring proof, as well as claims for complaints and receivables, for the duration of the statutory limitation periods. Data stored for advertising purposes will be deleted if you object to processing for this purpose.
A4 Use of “Cookies” and other tracking technologies
We use cookies and similar technologies on our website and when providing our services. More information on how we use these technologies can be found in Part C.
On our website, we also use technologies to recognize the end device used. These can be cookies, tracking pixels, and/or mobile identifiers. The recognition of an end device can generally serve different purposes. For example, it may be necessary to provide functions of our website. In addition, the aforementioned technologies can be used to track user behavior on the site.
A5 Data transfer
To provide our services and to operate effectively as a non-profit organization, we use various external service providers and third-party providers, to whom we sometimes transmit personal data. With the exception of the service providers and third-party providers named in this Privacy Policy, we do not pass on data to third parties.
| Recipient | Reason for transfer |
| Hosting provider | We do not have our own servers but commission certified service providers to host our systems and platforms. |
| IT service providers, freelancers | We use the services of various service providers who, as processors, help us to provide our services and products and to implement our projects. |
| Advertising and marketing service providers | We want to provide an attractive service for our customers (donors, recipients, partners, etc.) and convince more customers to join us. For this purpose, we commission advertising and marketing service providers. |
| Authorities | For compliance with legal regulations or to respond to official orders or other official requests. |
| Payment providers | To process payments and donations, you provide data to payment providers and banks when donating, and we forward it, with them processing the data as processors. |
| Service providers | Furthermore, we may transmit your personal data to entities such as postal and delivery services, house bank, tax consulting/auditing firm, the tax authorities, and service providers for donation processing. |
| Affiliated companies, associations, foundations, and other non-profit organizations | We are an internationally active non-profit company with cross-country and cross-company teams. Therefore, data transfer to companies, associations, foundations, and other non-profit organizations affiliated with us cannot be excluded. |
A6 Existing customer advertising
If the user has provided their contact details, such as an email address, during contact, an inquiry, a donation, or other communication processes with us, we reserve the right to use these according to § 7 para. 3 UWG for direct advertising in connection with similar goods or services (donations). This does not apply if the user has objected to the use.
The legal basis for processing is Art. 6 para. 1 subpara. 1 lit. f) GDPR. Our legitimate interest is to promote our business purpose. The user can object to the use of their contact details, email address for existing customer advertising at any time with effect for the future, without incurring costs other than the transmission costs according to the basic rates.
Status of the Privacy Policy: 2026-01-06
Changes to our Privacy Policy: We reserve the right to adapt this Privacy Policy so that it always complies with current legal requirements or to implement changes to our services in the Privacy Policy, e.g., when introducing new services. The new Privacy Policy will then apply to your next visit.
B Data collection and purpose
In addition to the general information, further details on the respective user groups are explained here. These provide an overview of what data we collect and for what purpose we process it. You can revoke the storage of the respective data (depending on the communication/business purpose) at any time. To do this, use the email address in the imprint. If we are required to retain data received due to legal and/or tax regulations, data storage cannot be revoked.
B1 Visitors to our website and interested parties
In principle, we process your data on servers with high security standards. In providing our services, we are supported by external service providers who process the data for us. Each time our website is accessed, the user’s browser transmits various data. For the duration of the website visit, e.g., technical data are processed and stored in log files even beyond the end of a connection. The processing of this data is necessary to deliver the website to the user and to optimize it for the respective end device. Storage in log files serves to improve the security of our website (e.g., protection against DDoS attacks). The legal basis for processing is Art. 6 para. 1 subpara. 1 lit. f) GDPR. Our legitimate interest lies in providing the website and improving website security. Log files are automatically deleted regularly.
| What is collected? | For what purpose is data collected? |
| Technical data, e.g., browser data, such as Browser type and version used, operating system, pages and files accessed, date and time of access, user’s provider, IP address, referrer URL, etc. Data that you provide to us, e.g., via the contact form. These may include: Name, company name, email address, phone number, purpose, communication content, date, time, etc. |
Lead generation and customer acquisition; answering inquiries (general, donation-oriented, etc.) and any other information based on the respective communication content. |
B2 Donors
Donors are individuals, companies, organizations, associations, etc. who have made a donation. This can be either a monetary or an in-kind donation. For monetary donations, data is stored at the time of the online donation. For in-kind donations, data is exchanged and stored even before the actual donation/handover of the donation.
Special feature for monetary donations: We ourselves cannot access bank data; this is encrypted and passed on to our payment service providers via an interface.
| What is collected? | For what purpose is data collected? |
Private individuals: Additionally for in-kind donations: detailed description of the in-kind donation, pictures, etc. |
Processing and administration of your donation; issuing and sending a donation receipt; fulfilling legal retention obligations or defending against legal claims. In-kind donations: |
|
Companies / Organizations / Associations / etc. Data about you and the company/organization/association/… that you provide when making a donation. This includes, among other things: company, company address, communication data, personal data (within the company), reason for communication and content, payment data, the value of the monetary donation, etc. Additionally for in-kind donations: detailed description of the in-kind donation, pictures, etc. |
Processing and administration of your donation; issuing and sending a donation receipt; fulfilling legal retention obligations or defending against legal claims. In-kind donations: |
B3 Donation seekers and recipients
These can be: organizations, associations, individuals, etc. who request a donation or have received a donation.
| What is collected? | For what purpose is data collected? |
Private individuals: Additionally upon receipt of a donation: |
Processing and administration of your donation request; determining whether a donation can be made; support, communication, and answering donation inquiries. Inclusion in our database for donation requests and potential donation recipients for later re-contact (if no donation is made initially). |
|
Companies / Organizations / Associations, etc. Data about you and the organization/association/… that you provide with the donation request. This includes, among other things: organization address, communication data, personal data (within the organization), the reason for your request, the scope and content of the request, the current (economic) situation, justification for what a charitable donation should achieve. Additionally upon receipt of a donation: |
Processing and administration of the donation request; determining whether a donation can be made; support, communication, and answering donation inquiries. Inclusion in our database for donation requests and potential donation recipients for later re-contact (if no donation is made initially). |
B4 B2B customers and their contacts
This group includes, among others, service providers, suppliers, and business partners and their contacts.
| What is collected? | For what purpose is data collected? |
| Data that you provide to us about yourself and the company you work for, such as company address, communication data, personal data (within the company), reason for communication and content, etc. |
Fulfillment of inquiries and contracts with companies you work for. For example: answering inquiries, advertising, contract management, invoicing/billing, support and communication, maintaining a contact list for collaboration, etc. |
B5 Supporters and applicants
Supporters are volunteers who work unpaid for smile for music and its concerns, as well as organizations (associations, etc.) and companies that perform a specific activity free of charge (non-profit).
| What is collected? | For what purpose is data collected? |
| Supporters: Data that you provide for our potential collaboration (as a smile for music supporter), such as name, email address, phone number, professional skills, reason for your initiative, etc. |
Contacting you; determining a possible deployment with us – now or potentially in the future; inclusion in our supporter list for possible future collaboration; coordination and processing of your support. |
| Applicants: Data that you provide to us during your application. This includes, among other things, information in your resume, your previous career path, and other data you share with us. |
Contacting you; determining whether employment is possible; inclusion in our talent pool for later re-contact if no employment relationship is established for the time being; initiation of an employment relationship, etc. |
C Third-Party Services Used
C1 Payment Provider PayPal
On our website, we offer payment via PayPal, among other methods. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). If you select payment via PayPal, the payment data you enter will be transmitted to PayPal. The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of past data processing operations.
PayPal Privacy Policy
C2 Cookie Tool
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/de/rcb/datenverarbeitung/. The legal bases for the processing of personal data in this context are Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents. The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we cannot manage your consents. Cookie Policy
C3 Google Analytics
Google Analytics creates detailed statistics about user behavior on the website to obtain analytical information. This requires processing a user’s IP address and metadata, which can determine a user’s country, city, and language. Cookies or cookie-like technologies can be stored and read. These may contain personal data and technical data such as the user ID, which can provide the following additional information:
– Time information about when and for how long a user was or is on the different pages of the website
– Device category (desktop, mobile, and tablet), platform (web, iOS app, or Android app), browser, and screen resolution used by a user
– where a user came from (e.g., referring website, search engine including the search term, social media platform, newsletter, organic video, paid search, or campaign)
– whether a user belongs to an audience or not
– what a user did on the website and what events were triggered by the user’s actions (e.g., page views, user engagement, scroll behavior, clicks, added payment information, and custom events such as e-commerce tracking)
– conversions (e.g., whether a user purchased something and what was purchased)
– gender, age, and interests, if an assignment is possible.
This data could also be used by Google to record the websites visited and to improve Google’s services. It can be linked across multiple domains operated by this website operator with other Google products (e.g., Google AdSense, Google Ads, BigQuery, Google Play) used by the website operator. It can also be linked by Google with the data of users who are logged into Google’s websites (e.g., google.com). Google shares personal data with its affiliated companies and other trusted companies or persons who process this data on Google’s instructions and in accordance with Google’s privacy policy. It can also be used for profiling by the website operator and Google, for example, to offer personalized services to a user, such as ads based on a user’s interests or recommendations. Cookie Policy
