Privacy policy statement

The protection of your privacy is very important to us. Below we inform you in detail about the handling of your data.

1. name and contact details of the controller and the competent supervisory authority

This data protection information applies to data processing by:

Responsible for the website "rammstein.de" ("rammstein.com")

Rammstein GbR,

consisting of Richard Kruspe, Paul Landers, Till Lindemann, Christian Lorenz, Oliver Riedel, Christoph Schneider (in the following: Rammstein)

Hertzstr. 63 b
13158 Berlin
Deutschland

E-Mail: info@rammstein-management.de

Responsible for the website „rammsteinshop.de“

Rammstein Merchandising oHG

Hertzstr.63b
13158 Berlin
Deutschland

Email: info@rammsteinshop.de

Corporate Privacy Officer

You can reach our Group Privacy Officer at: datenschutz@rammsteinshop.de

Competent data protection supervisory authority

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin

Phone: +49 (0) 30 138 89 0
E-Mail: mailbox@datenschutz-berlin.de

2. collection and storage of personal data and the nature and purpose of their use

a) When visiting our websites

When you visit our websites rammstein.de and store.rammstein.de, information is automatically sent to the server of our website by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

• IP address of the requesting computer,

• Date and time of access,

• Name and URL of the accessed file,

• website from which the access is made (referrer URL),

• browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The aforementioned data will be processed by us for the following purposes:

• Ensuring a smooth connection of the website,

• Ensuring a comfortable use of our website,

• evaluation of system security and stability, and

• for further administrative purposes.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person. In addition, we use cookies and analysis services when you visit our website. You can find more detailed explanations of this under points 4 and 5 of this data protection declaration.

b) Note on data transfer to the USA

Among other things, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

c) Onlineshop

We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. DSGVO.

You can optionally create a user account, in which you can view your orders in particular. During the registration process, you will be provided with the required mandatory information. The user accounts are not public and cannot be indexed by search engines. If you have cancelled your user account, their data will be deleted with regard to the user account, unless their retention is necessary for commercial or tax reasons in accordance with Art. 6 para. 1 lit. c DSGVO. It is your responsibility to save your data in the event of termination before the end of the contract. We are entitled to irretrievably delete all data stored during the term of the contract.

In the context of registration and renewed registrations as well as use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c DSGVO.

We process usage data (e.g., the visited web pages of our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, for example, to show you product information based on your previously used services.

d) When registering for our newsletter

If you have expressly consented in accordance with Art. 6 (1) p. 1 lit. a DSGVO, we will use your e-mail address to send you our newsletter on a regular basis. We are interested in using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of users. To receive the newsletter, it is sufficient to provide an e-mail address. Optionally, we ask you to include your name and country in the newsletter, for the purpose of personal address and country-specific information.

Double-Opt-In and logging: The registration for our newsletter takes place in a so-called double-opt-in process. This means that you will receive an e-mail after registration in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations to the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise, the changes to your data stored with the shipping service provider are logged.

Shipping service provider:
Mailchimp with deactivated performance measurement

This website uses the services of Mailchimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Mailchimp is a service that can be used to organize the sending of newsletters, among other things. When you enter data for the purpose of receiving newsletters (e.g. e-mail address), this data is stored on Mailchimp's servers in the USA. We have disabled performance measurement with Mailchimp, so Mailchimp will not evaluate your behavior when you open our newsletters.

If you do not want your data to be transferred to Mailchimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Alternatively, you are welcome to send your unsubscribe request by email to newsletter@rammsteinshop.de at any time. The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://mailchimp.com/legal/data-processing-addendum/#9._Jurisdiction-Specific_Terms.

After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

For more details, please refer to the privacy policy of MailChimp at: https://mailchimp.com/legal/terms/.

Conclusion of a data processing agreement

We have concluded a so-called "Data Processing Agreement" with MailChimp, in which we oblige MailChimp to protect our customers' data and not to pass it on to third parties.

e) When using our contact form

For questions of any kind, we offer you the possibility to contact us via a form provided on the website. It is necessary to provide a valid e-mail address, so that we know from whom the request comes and to be able to answer it. Further information can be provided voluntarily.

Data processing for the purpose of contacting us is based on your voluntarily given consent according to Art. 6 para. 1 p. 1 lit. a DSGVO.

The personal data collected by us for the use of the contact form will be automatically deleted after completion of your request.

f) When using the Rammstein app

When you use our Rammstein app, the browser used in the app automatically sends information to the server of our website. The following information is collected without your intervention and stored until automated deletion:

• Name of the user

• E-mail address of the user

• IP address

• Device identifiers

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO.

If and insofar as the functions of the Rammstein Shop (with/or without a user account created by you) (see above) are used within the Rammstein App, we process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit. b. DSGVO.

In the context of registration and renewed registrations as well as use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c DSGVO.

g) When registering in the press portal

As a press representative you can register in our portal presse.rammstein.de to get access to exclusive picture material after the live shows. Registration is done by providing the following data, which will be stored in the system:

• Last name, first name

• Street / House number

• Postal code, city, country

• Phone / Mobile

• E-mail address

• Company / Publisher

• Function

• Password

It is obligatory to provide the above data in order to use the portal. You can change your user data at any time after successful login. Further personal data will only be collected if you provide this information voluntarily, e.g. in the context of an inquiry. The processing of this data is carried out for the implementation of a user relationship according to Art. 6 para. 1 lit. b DSGVO. 

The registration takes place by means of the so-called double-opt-in procedure. This means that your registration is only completed when you have previously confirmed your registration via a confirmation e-mail sent to you for this purpose by activating the link contained therein. If your confirmation is not received within 24 hours, we will automatically delete your registration from our database. 

With your registration you expressly declare (by clicking) that you will use the artist-related data exclusively for editorial and non-commercial purposes in accordance with our terms and conditions. If you do not make this declaration, registration in our portal is not possible.

Access to the artist-related data via your registered profile is limited to the period of the current tour. If another tour takes place, we will inform you in advance by e-mail so that you can reactivate your master data and access authorization and receive the corresponding access. For this purpose, you must expressly give your consent for your personal data to be stored in our database for the purpose of contacting you for any future tours. The storage of the data is done to protect our legitimate interest based on Art. 6 para. 1 lit. b DSGVO. If you do not give this consent, your data will be deleted promptly after the end of the current tour.

If you cancel your user account, we will delete your personal data seven days after confirmation.

Recipients of personal data

In the context of press activities (e.g. interview requests/events), personal data may be forwarded to third parties (e.g. agencies, organizers, localities). However, in these cases the scope of the transmitted data is limited to the necessary extent in the sense of data economy and data minimization. Therefore, only the necessary contact data will be forwarded. Further processing is carried out on the basis of Art. 6 (1) lit. b DSGVO for contractual fulfillment and our legitimate interest on the basis of Art. 6 (1) lit. f DSGVO for the scheduled and safe execution of an event. If data should be transferred to a third country outside the EU (e.g. USA) in this context, we will inform you about this and ask for your consent according to Art. 6 para. 1 lit. a DS-GVO.

Data processing

Our portal uses the database service supabase.io to process your data. For this purpose, the aforementioned data is transmitted to the servers of supabase.io.

You can find more information about supabase.io here.

3. Disclosure of personal data

We do not transfer your personal data to third parties for purposes other than those listed below.

We will only share your personal data with third parties if:

• you have given your express consent in accordance with Art. 6 (1) sentence 1 lit. a DSGVO,

• the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art. 6 (1) sentence 1 lit. f DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,

• in the event that there is a legal obligation for disclosure pursuant to Art. 6 (1) sentence 1 lit. c DSGVO, as well as

• this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you.

4. Use of cookies

We use cookies on our pages. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware.

Information is stored in the cookie that is related to the specific end device used. This does not mean, however, that we gain direct knowledge of your identity.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness. These cookies are stored on your terminal device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already been to our site when you visit it again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) p. 1 lit. f DSGVO.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

5. cookie consent management tool

When you visit our websites, we inform you about the types of cookies we use and give you the option to agree or not to individual types of cookies. We do not load non-essential cookies until you have consented to their use by type.

Klaro Consent Manager

In order to obtain your consent to the storage of certain cookies on your terminal device and to document this in accordance with data protection requirements, we use the Klaro consent management tool on our websites. The provider of this service is KIProtect GmbH, Bismarckstr. 10-12, 10625 Berlin, Germany (https://heyklaro.com/de/firma/impressum).

When you enter our websites, Klaro is visible to obtain your consent and other declarations on cookie use. Klaro then stores a cookie in your browser in order to be able to assign the consents granted to you or their revocation. The data collected in this way will be stored until you request us to delete it, delete the consent cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected. Klaro is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DSGVO.For more information on how Klaro handles your personal data, please visit https://heyklaro.com/de/ressourcen/datenschutz

6. creation of pseudonymous usage profiles for web analysis

a) Tracking-Tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 (1) p. 1 lit. f DSGVO. With the tracking measures used, we want to ensure a needs-based design and continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate in the sense of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

b) Google Analytics 

For the purpose of demand-oriented design and ongoing optimization of our pages, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymized usage profiles are created and cookies (see under section 4) are used. The information generated by the cookie about your use of this website such as

• Browser type/version,

• operating system used,

• Referrer URL (the previously visited page),

• Host name of the accessing computer (IP address),

• time of the server request,

are transferred to a Google server in the USA and stored there. 

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/

The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising. Insofar as a corresponding consent has been requested (e.g. consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 (1) lit. a DSGVO; the consent can be revoked at any time.

The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and Internet use for the purposes of market research and demand-oriented design of these Internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. In no case will your IP address be merged with other data from Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

On this website, Google Analytics has been extended by the code "gat._anonymizeIp();" to ensure that IP addresses are only recorded anonymously to exclude a direct personal reference (so-called IP masking).

Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. Details on this can be found under the following link:

https://support.google.com/analytics/answer/7667196

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help. (https://support.google.com/analytics/answer/6004245).

Joint responsibility

We and Google are jointly responsible for data processing pursuant to Art. 26 DSGVO. We have therefore concluded a Joint Control Contract (JCC) with Google and thus fully implement the strict requirements of the German data protection authorities when using Google Analytics.

c) Google-Re/Marketing-Services

We use the marketing and remarketing services of Google Inc., 1600 Amphitheatre Park, Mountain View, CA 9. DSGVO) the marketing and remarketing services (in short "Google Marketing Services") of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").

The Google Marketing Services allow us to display advertisements for and on our website in a more targeted manner in order to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products he or she was interested in on other websites, this is referred to as "remarketing". For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, which content he is interested in and which offers he has clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other data. 

web pages, time of visit and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area and only in exceptional cases is transferred in full to a Google server in the USA and shortened there. The IP address is not merged with the user's data within other Google offerings. The aforementioned information may also be linked on the part of Google with such information from other sources. If the user subsequently visits other websites, he can be shown ads tailored to his interests.

The user's data is processed pseudonymously as part of Google's marketing services. This means that Google does not store and process the name or e-mail address of the user, for example, but processes the relevant data on a cookie basis within pseudonymous user profiles. I.e. from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google marketing services about users is transmitted to Google and stored on Google's servers in the USA.

If you have a Google account, you can object to personalized advertising at the following link: https://www.google.com/settings/ads/onweb/

The use of Google Remarketing is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in marketing its products as effectively as possible. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 (1) a DSGVO; the consent can be revoked at any time.

The Google marketing services we use include, among others, the online advertising program "Google Ad". In the case of Google Ad, each Ad customer receives a different "conversion cookie". Cookies can therefore not be tracked across Ad customers' websites. The information obtained using the cookie is used to create conversion statistics for Ad customers who have opted for conversion tracking. The ad customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users.

We may integrate third-party advertisements based on the Google marketing service "DoubleClick". DoubleClick uses cookies to enable Google and its partner websites to serve ads based on users' visits to this website or other websites on the Internet.

We may include third-party advertisements based on Google's "AdSense" marketing service. AdSense uses cookies to enable Google and its partner websites to serve ads based on users' visits to this website or other websites on the Internet.

We may also use the "Google Optimizer" service. Google Optimizer allows us to track the effect of various changes to a website (e.g. changes to the input fields, design, etc.) as part of so-called "A/B testing". Cookies are placed on users' devices for these testing purposes. Only pseudonymous data of the users is processed in the process.

Furthermore, we may use the "Google Tag Manager" to integrate and manage Google analysis and marketing services on our website.

For more information on the use of data for marketing purposes by Google, please see the overview page: https://www.google.com/policies/technologies/ads, Google's privacy policy is available athttps://www.google.com/policies/privacy.

If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.

7. Facebook-, Custom Audiences and Facebook-Marketing-Services

Within our online offer, the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum and
https://www.facebook.com/help/566994660333381.

With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our online offer as a target group for the display of ads (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can further track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

The Facebook pixel is directly integrated by Facebook when our website is called up and can save a so-called cookie, i.e. a small file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our online offer will be noted in your profile. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and can be used by Facebook and for its own market research and advertising purposes. If we should transmit data to Facebook for matching purposes, this data is encrypted locally in on the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of creating a comparison with the data encrypted in the same way by Facebook.

Furthermore, when using the Facebook Pixel, we use the additional function "extended matching" (in this case, data such as telephone numbers, email addresses or Facebook IDs of the users) to create target groups ("Custom Audiences" or "Look Alike Audiences") are transmitted to Facebook (encrypted). Further notes on "advanced matching":

https://www.facebook.com/business/help/611774685654668.

The processing of data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, you can find general information on the display of Facebook ads in Facebook's data usage policy:

https://www.facebook.com/policy.php. 

For specific information and details about the Facebook Pixel and how it works, visit Facebook's help section: https://www.facebook.com/business/help/651294705016616.

You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To adjust which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: 

https://www.facebook.com/settings?tab=ads. 

The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

To prevent the collection of your data using the Facebook pixel on our website, please click on the following link: Opt-Out. Note: When you click on the link, an "opt-out" cookie is stored on your device. If you delete the cookies in this browser, then you must click the link again. Furthermore, the opt-out is only valid within the browser you are using and only within our web domain where the link was clicked.

You can also opt-out of the use of cookies for reach measurement and advertising purposes via the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Gemeinsame Verantwortlichkeit

We and Facebook Ireland Ltd. are jointly responsible for data processing pursuant to Art. 26 DSGVO. We have therefore entered into a Joint Control Contract (JCC) with Facebook and thus fully implement the strict requirements of the German data protection authorities when using Facebook.

For more information, please see Facebook's privacy policy at: https://facebook.com/privacy/explanation.

8. integration of services and contents of third parties

8.1. Internet

Within our online offer, we use content or service offers of third party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) to integrate content or services offered by third-party providers, such as videos or fonts (hereinafter uniformly referred to as "content"). This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources. 

The following presentation provides an overview of third-party providers and their content, along with links to their privacy statements, which contain further information on the processing of data and, in part already mentioned here, opt-out options:

• If our customers use the payment services of third parties (e.g. PayPal, VISA, Amex, Klarna), the terms and conditions and privacy notices of the respective third-party providers apply, which are available within the respective websites, or transaction applications.

• External fonts from Google, Inc, https://www.google.com/fonts ("Google Fonts"). The integration of Google Fonts is done by a server call at Google (usually in the USA). Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

• Maps of the service "Google Maps" of the third party provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

• Videos from the "YouTube" platform of the third-party provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

• Videos of the video portal "Vimeo" of the third-party provider Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. Privacy policy: https://vimeo.com/privacy, Opt-Out: https://vimeo.com/opt_out

a) YouTube with enhanced privacy

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube establishes a connection to the Google DoubleClick network - regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection to the servers ofYouTube is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts. If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

You can find more information about data protection at YouTube in their privacy policy at: https://policies.google.com/privacy.

b) Vimeo without Tracking (Do-Not-Track) 

This website uses plugins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages equipped with Vimeo videos, a connection to the Vimeo servers is established. In the process, the Vimeo server is informed which of our pages you have visited. In addition, Vimeo obtains your IP address. However, we have set Vimeo so that Vimeo will not track your user activity and will not set any cookies. The use of Vimeo is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. Insofar as a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on "legitimate business interests". Details can be found here: https://vimeo.com/privacy. You can find more information about the handling of user data in Vimeo's privacy policy at: https://vimeo.com/privacy.

d) Klarna

In order to offer you Klarna's payment methods, we will share your personal data in the form of contact and order information with Klarna during the payment process so that Klarna can assess whether you are eligible for Klarna's payment methods and to tailor those payment methods to you. Your submitted personal data will be processed in accordance with Klarna's own privacy policy. For payments from Switzerland, order and contact information will also be transferred to BillPay. Your submitted personal data will be processed in accordance with Klarna's and BillPay's privacy notices.

8.2. Rammstein-App

a) Google Firebase

This app uses Google Firebase technology (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, "Google"), an analytics service provided by Google Inc. to analyze user behavior.

The information generated about the use (app version, type and version of the device used, version of the operating system, the page requested, date and time of use, as well as the IP address used during use) is transmitted to a Google server in the USA and stored there. 

For the relevant data transfers to the USA, Google Firebase refers to the standard contractual clauses of the EU Commission. Details can be found here: https://firebase.google.com/support/privacy

In addition, we have concluded a Joint Controller Contract (JCC) with Google with so-called standard contractual clauses, in which Google undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level. 

Furthermore, through certain actions, information about them is collected by the Firebase SDK during the use of the app. Actions such as installing and launching the App, App updates, uninstalling, updating the operating system, deleting App data, App crashes and in-app purchases, as well as receiving, swiping away and opening push notifications and opening and updating the App via a dynamic link, trigger the event-driven data collection of the Firebase SDK. To identify devices, the Firebase SDK uses an instantiated app identifier e.g. via the advertising ID. 

On our behalf, Google will use this information to evaluate the use of the app, compile reports on the activities and provide other services related to the use. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

The legal basis for the use and evaluation of the data and use of Firebase is a legitimate interest (i.e. interest in the analysis, optimization and economic operation of our apps) within the meaning of Art. 6 (1) lit. f DSGVO). You can object to the use of Firebase at any time by setting the slider for anonymous statistics accordingly in the app under "Settings".

You can restrict the use of the advertising ID in the device settings (iOS: Privacy/ Advertising/ No Ad Tracking; Android: Account/ Google/ Ads). Google Analytics for Firebase (Google Inc.). Furthermore, we use Firebase Remote Config, which allows us to run A/B tests and customize the behavior and appearance of the app without downloading a new version. Personal data is not stored. 

You can see which subcontractors Google uses at the following link: https://firebase.google.com/terms/subprocessors.

More information about Google Firebase and privacy can be found here: https://firebase.google.com/terms/data-processing-terms; https://firebase.google.com/terms/; https://firebase.google.com/support/privacy/

b) Collection of location data

For selected functions, users can share their location using the location function of their smartphone. For example, when you use it, we can automatically give you current information about Rammstein in your area. The Rammstein App can determine your location if you turn on Location Services under Settings in your operating system. After installing the app, you can turn Location Services on and off at any time.

c) OneSignal

When you visit our app, we will ask you with an on-screen message whether we can inform you about location-based news in the future with messages (so-called push notifications). If you agree, you will receive push notifications from our app at regular intervals. Clicking on it will take you directly to the app and/or offer. You have the option to unsubscribe from push notifications at any time if you no longer want them. You can do this directly from every push notification that is delivered or within the app itself.

We implement this using technology by the provider OneSignal, 201 San Antonio Circle Suite #140, Mountain View, CA, USA. You will find the provider’s data privacy information here: https://onesignal.com/privacy_policy. In general, in order to be able to send you push notifications, it is necessary that a non-personal device ID be assigned to clearly identify the device without allowing OneSignal to draw any conclusions about the person. However, when location information is retrieved, personal data is also transmitted.

OneSignal may also store cookies on your device if you have consented to the use and storage of third-party cookies. The purpose of using the service is to make it easier for us to process inquiries and run our website. The legal basis for the use of cookies is Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR), since the relevant data processing takes place based on your consent. Furthermore, the legal basis is Article 6(1)(f) of the GDPR, since we have a legitimate interest in processing inquiries sent to us voluntarily.

The data will be deleted as soon as it is no longer needed for the original reason it was collected or for processing your request. For us, this is usually the case after 90 days. You can revoke your consent to the storage and use of cookies by OneSignal by deactivating “third-party cookies” or by technically deactivating it in your browser settings or through your browser add-ons. However, we would like to point out that in this case you may not be able to fully use all of the functions of our website.


OneSignal has certified to the US Department of Commerce that it complies with the EU-US Privacy Shield Framework between the EU and the US on the collection, use and retention of personal information from EU member states. More information about OneSignal and data privacy at OneSignal is available at https://onesignal.com/privacy_policy.

d) Permissions requested by the app and their use
1. Android
The Android app requires the following permissions: 

• To retrieve data from the internet/access to all networks: Required to load the app’s content.

• Camera: Required to take a photo for the forum profile picture.

• Storage: Required to select a photo for the forum profile picture.

• Location data: Required to receive location-based notifications.

• Notifications: Required to receive news.

2. iOS
The iOS app requires the following permissions: 

• Camera: Required to take a photo for the forum profile picture.

• Photos: Required to select a photo for the forum profile picture.

• Notifications: Required to receive news.

• Mobile data: Required to load the app’s content.

• Location data: Required to receive location-based notifications.

9. data subject rights

You have the right,

• in accordance with Art. 15 DSGVO to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;

• in accordance with Art. 16 DSGVO, to demand the immediate correction of incorrect or completion of your personal data stored by us;

• pursuant to Art. 17 DSGVO, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;

• in accordance with Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;

• pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;

• in accordance with Art. 7 (3) DSGVO, to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing, which was based on this consent, for the future; and

• complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or our company headquarters for this purpose.

10. right of objection

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation.

If you wish to exercise your right of objection, simply send an e-mail to datenschutz@rammsteinshop.de.

11. data security

We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser when visiting the website. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

12. up-to-dateness and modification of this privacy policy

This privacy policy is currently valid and has the status May 2022.

Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. You can access and print out the current data protection declaration at any time on the website at https://shop.rammstein.de/de/catalog/privacy.