Native Instruments, effective October 8, 2021
The following information on data privacy applies to visits to our webpages, including the use of our online shop and services, as well as to the software and apps offered by Native Instruments. Information on the type, purpose, and scope of data processing is provided hereunder. We are aware that the careful handling of personal data is of utmost importance. When collecting, processing, and using data we strictly comply with the provisions of the law. To ensure the privacy of personal data, we implement technical and organizational measures to protect such data. These measures entail procedural and electronic security features in the processing of data, as well as the training of our teams and their obligation to ensure data privacy. The entity in charge for data processing pursuant to Art. 4 no. 7 GDPR can be contacted with regard to any questions pertaining to the data privacy of our aforementioned offers: Native Instruments GmbH Schlesische Str. 29-30 10997 Berlin, Germany Email: firstname.lastname@example.org Our data protection officer Kai-Hendrik Weutzing may be contacted at: email@example.com
1. Personal DataThe following information applies to the processing of personal data. Personal data are defined as any information related to an identified or identifiable natural person. Such data may be any information provided, such as name, address, email address, including payment information or online identifiers, as well as browsing behavior.
2. Collecting Data from Webpage Visitors
a) Usage Data
Each time you visit to our webpages, even if it is for informational purposes only, i.e., whenever you visit our webpages without logging in or registering an account, or knowingly transmit information to us (for example, when registering for a newsletter), we collect the following data, which are transmitted by your browser to enable you to visit our webpages (usage data):
- IP address
- date and time of request
- duration of website visit
- time difference to Greenwich Mean Time (GMT)
- content of the request (exact website)
- access status/http status code
- data volume transferred in each case
- website where the request comes from
- browser, language of browser, browser software version
- operating system
For IT security reasons, we store the IP address in our IT system log files for 7 days from the date the webpages were visited to identify and prevent (distributed) denial of service attacks. IP addresses are anonymized after 7 days by removing the last 8 bits of the IP addresses.
The legal basis for processing such data is our legitimate interest in the security of our webpages (Art. 6 para. 1 lit. f) GDPR).
When you visit our webpages or our online shop, cookies are stored on the device you use to access our website. Such cookies enable the systems of Native Instruments to recognize your browser and offer various personalized services.
Cookies are small text files (alphanumeric identifiers) that are stored on your terminal when you visit a webpage. The information stored is sent back to the respective servers during a repeat visit. We use first-party cookies and third-party cookies, which may either be session cookies or temporary cookies.
Once the browser session has ended, session cookies are automatically deleted from your hard drive. These cookies store a so-called session ID to assign various requests from your browser to a common session. We use this type of cookie for the shopping cart feature as well as for the user and license data. Using such cookies is a technical prerequisite for assigning all activities during multiple webpage visits to your account.
Temporary cookies are automatically deleted after a specified period of time, or after 36 months maximum. The feedback given by cookies to the servers concerned in various browser sessions enables us to recognize repeat visitors to our website or to maintain the language settings selected for multiple website visits. A connection to customer accounts (if any) and thus possible identification is only made if the "Remember Me" feature is selected during log-in so we may provide a personalized shopping experience.
The processing of data associated with the setting of the cookies required is based on our legitimate interest in providing the respective service requested (Art. 6 para. 1 lit. f) GDPR).
We only set such third-party tracking cookies, provided you have given us your consent via our cookie settings (Art. 6 para. 1 lit. a) GDPR). You may change or revoke your consent in the cookie settings provided in the footer of each webpage under “Manage cookies” at any time with future effect.
Furthermore, you may also configure your browser in the browser settings in such a way to object to the use of specific types of cookies or to block them from the outset. You may visit our webpages if you have blocked the setting of cookies or have not consented to them. However, we would like to point out that in this case you may not use our webpages to the full extent and may in particular not do any shopping by virtual shopping cart for technical reasons (see above).
c) Third-Party Web Analytics
(aa) AB Tasty
We use the AB Tasty web analytics service provided by AB TASTY SAS, 17-19 Rue Michel-le-Comte, 75003 Paris, France ("AB Tasty") for so-called A/B tests to improve our webpages. AB Tasty collects statistical information on visits to our webpages. Such information pertains to usage data – e.g., with regard to the browser concerned, the number of pages viewed, the number of visits, the order of visits, the length of visits to a webpage, the filling of a shopping cart or the deletion thereof, as well as the location from which our webpages are accessed. The data collected are anonymized and statistically analyzed. Furthermore, based on the IP address used, AB Tasty provides geolocation (regional details of the location concerned). Following geolocation, which is instantly provided when a webpage is visited, the IP address is immediately deleted. In the course of performing its contractual services, AB Tasty does not collect any data other than the IP address which might refer to a specific person (such as the name, telephone number, email address).
For the purpose of storing and recognizing your visit to our webpages, cookies are set for a period of 13 months maximum and are then automatically deleted. The legal basis for applying AB Tasty is your consent pursuant to Art. 6 para. 1 lit. a) GDPR. You may revoke your consent at any time with future effect by deleting the cookies in your browser or in the cookie settings.
AB Tasty provides further information on its collection of data here.
For newsletter marketing and push messages, we use the services of Braze Inc., 318 West 39th Street, 5th Floor New York, NY 10018, USA ("Braze"). Braze processes usage data, such as the respective email address, push tokens, interaction data, and IP addresses to control the dispatch of newsletters and push messages, and to analyze how customers interact with our newsletters. We have mutually agreed with Braze on so-called standard contractual clauses governing third-country transfers, a copy of which is available on request.
We use this service in view of our legitimate interest (Art. 6 para. 1 lit. f) GDPR) in optimizing our newsletter content and app push messages. Push messages are sent subject to your consent on the respective terminal used.
(cc) Google Analytics
We use Google Analytics on our website. This is a web analysis tool provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics sets the aforementioned cookies to analyze how webpages are used. The information generated by cookies on the use of our web pages, including the shortened IP address, is transmitted to a Google server, which may be located in the US, and is stored there. We have mutually agreed with Google Ireland Limited on so-called standard contractual clauses for the transfer of data to the US, a copy of which is available on request. Google exclusively analyzes anonymized data by using the code extension "anonymizeIp" provided by Google to partially change and thus anonymize IP addresses for the processing of data as described hereunder.
If you register an account with us, we use an additional so-called "User ID" for this particular service. It is made up of a unique, permanent, and non-personalized string of characters, which is assigned by us when you first log into your account. When you log into your account during future visits to our website, all website activities are assigned to your user ID. This user ID is not assigned to a specific terminal (smartphone, laptop, etc.), but to you. With regard to Google Universal Analytics, your user ID is transmitted to Google and used by us as a pseudonym vis-à-vis Google.
The cookies, identifiers (e.g., user ID), or data linked to advertising IDs transmitted by us are automatically deleted after 36 months maximum.
The legal basis for the use of Google Analytics is your consent pursuant to Art. 6 para. 1 lit. a) GDPR. You may revoke your consent at any time with future effect by deleting the cookies in your browser or in the cookie settings.
You may generally block the use of Google Analytics in your web browser. To this end, you merely need to install the browser add-on to disable Google Analytics. It is available for download here.
We use the web analytics service of Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta ("Hotjar") for our webpages. The information provided by this web analytics service helps us improve our webpages and render them more user friendly. The information recorded by Hotjar by way of cookies includes in particular information on how you navigate and interact with the content of our webpages. Furthermore, Hotjar obtains information on your shortened and anonymized IP address, the screen size, as well as information on your browser, your geographical location (only the country concerned), your preferred language, the referring domain, and the pages visited (including the date and time you visited the pages concerned).
d) Third-Party Retargeting Providers
Retargeting is a particular kind of online targeting enabling providers to mark users accessing an online offer by means of the retargeting feature. This feature is used to present interest-based advertisements on websites that are part of the advertising network concerned. To this effect, your browser stores so-called cookies (see above) enabling providers to recognize visitors to websites belonging to the same advertising network. This means that based on your browsing history, you are shown ads for products that you were interested in when visiting other websites before which use the remarketing feature of the provider concerned.
We only set such third-party retargeting cookies if you have given your consent in our cookie settings (Art. 6 para. 1 lit. a) GDPR). You may change or revoke your consent in the cookie settings provided in the footer of each webpage under “Manage cookies” at any time with future effect.
We mainly use the retargeting features of the following providers on our webpages:
(bb) Facebook Custom Audiences (Pixel)
We use Facebook Pixel provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook") on our webpages. Of the several features offered we use the Custom Audiences (Pixel) one. This allows for our advertising to be shown in a targeted manner on Facebook to people visiting our webpages who also have a Facebook account. To this effect, Facebook Pixel provides a direct connection to Facebook servers whilst the usage data are transmitted to Facebook for analysis and marketing purposes. If you have a Facebook account, such data can be assigned to you. Your activities may be tracked by Facebook over several pages. The processing of personal data is the sole responsibility of Facebook and beyond our control. Facebook provides further information on the collection and use of data here.
The legal basis for using Facebook Custom Audiences is your consent pursuant to Art. 6 para. 1 lit. a) GDPR. You may revoke your consent at any time with future effect by deleting cookies in your browser or in the cookie settings.
You may object to the use of Facebook Pixel at any time in the settings of your Facebook-account. Pursuant to data protection law, Facebook and we are jointly responsible for targeted advertising on Facebook. Further information can be found here and here.
The legal basis for the use of Google Remarketing is your consent pursuant to Art. 6 para. 1 lit. a) GDPR. You may revoke your consent at any time with future effect by deleting the cookies in your browser or in the cookie settings.
We use the performance marketing service abaGada from abaGada Internet Ltd, Habarzel 21b, Ramat Hachayal 6971029 Israel ("abaGada"). Israel provides an adequate level of data privacy which is recognized by the EU Commission. We use this service to evaluate, create, and manage advertising campaigns.
We use this service in view of our legitimate interest (Art. 6 para. 1 lit. f) GDPR) in optimizing our advertising campaigns.
(bb) Facebook Custom Audiences (List Method)
We use the Facebook Custom Audiences list method provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). This method provides for users who have an account with Facebook to be shown our targeted advertising on Facebook.
To this effect, we transmit pseudonymized email addresses to Facebook. The email addresses are encrypted before they are sent to Facebook, i.e., a hash value is created from email addresses (a combination of various letters and numbers). Facebook can match these hash values with the corresponding hash values of the email addresses of Facebook users.
If you have a Facebook account, such data can be assigned to you. The processing of personal data is the sole responsibility of Facebook and thus beyond our control. Facebook provides more information on the collection and use of data here.
We use the Facebook Custom Audiences list method in view of our legitimate interest (Art. 6 para. 1 lit. f) GDPR) in optimizing our advertising campaigns, which may be objected to at any time with future effect by notifying our data protection officer accordingly.
You may object to the use of Facebook Custom Audiences at any time in the settings of your Facebook account. Pursuant to data protection law, Facebook and we are jointly responsible for targeted advertising on Facebook. Further information can be found here and here.
(cc) Google Ads
The legal basis for the use of Google Ads is your consent pursuant to Art. 6 para. 1 lit a) GDPR. You may revoke your consent at any time with future effect by deleting the cookies in your browser or in the cookie settings.
The data transmitted by us, which are linked to cookies, customer IDs (e.g., user ID) or advertising IDs, are automatically deleted after 26 months.
You may block the collection of data generated by cookies that are related to your use of our webpages as well as the processing of such data by Google at any time. The required settings can be made here. Further information is available here.
We use the ShareASale advertising network provided by ShareASale.com Inc, 15 W. Hubbard St. STE 500, Chicago IL 60654, USA ("ShareASale"). ShareASale is a so-called affiliate network, which processes information on pages visited and purchases made so this information may be used for interest-based advertising on the websites of affiliated publishers, i.e., the websites on which the advertisements are placed. We have mutually agreed with ShareASale on so-called standard contractual clauses governing third-country transfers, a copy of which is available on request.
We use the Smartly.io service provided by Solutions Inc., Elielinaukio 2G, 00100 Helsinki, Finland ("Smartly.io"). This service is used to evaluate, create, and manage advertisements on social media platforms. When you are directed to our webpages when clicking on an advertisement of ours on social media platforms, such as Instagram or Facebook, the ad ID, and the time you called up the ad are recorded and aggregated by Smartly.io, and are stored without any reference to you and are used for the above-mentioned purposes.
We use this service in view of our legitimate interest (Art. 6 para. 1 lit. f) GDPR) in optimizing our advertising campaigns.
Your consent pursuant to Art. 6 para. 1 lit. a) GDPR is the legal basis for our use of Twitter Ads. You may revoke your consent at any time with future effect by deleting the cookies in your browser or in your cookie settings.
You may determine to which extent Twitter may use your personal data for personalization purposes. You can make the relevant settings and may also object to the use of your data – if applicable – here (opt-out).
f) Other Third Parties
We embed YouTube videos on our webpages. Youtube.com is a video portal operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube"). When you watch a YouTube video embedded on our webpages, a connection to youtube.com is established. This connection is required to display the respective video on our webpages in your browser. Google is responsible for the processing of data and the setting of cookies by YouTube. Such processing is beyond our control.
It should be noted that YouTube records and processes at least the IP address of your terminal, the date and time at which you watched the video, and the webpage you visited. Furthermore, a connection to Google's DoubleClick advertising network is established. Google provides further information on Google Ads as well as on opt-out options here as well as here.
If you are logged into YouTube when accessing our website, YouTube assigns the connection information to your YouTube account. If you wish to prevent this, you have to either log out of YouTube before visiting our webpages or make the relevant settings in your YouTube account.
We use this service in view of our legitimate interest (Art. 6 para. 1 lit. f) GDPR) in the user-friendly design of our website.
We use the "Zendesk" helpdesk system to process all requests submitted, in particular those addressed to our customer support. The relevant features are provided by Zendesk, Inc., 989 Market Street #300, San Francisco, CA 94102, USA. We have mutually agreed with Zendesk on so-called standard contractual clauses governing third-country transfers, a copy of which is available on request.
In the context of customer support, the following data are stored in Zendesk to enable us to respond to your requests: your name, email address, phone number, postal code, city, and country. In the case of inquiries pertaining to and the provision of hardware repair work, your full postal address is stored if this is essential for providing the repair work in question.
g) App-Specific Processing
We use Firebase for our apps, a service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Firebase enables us to provide our app and to analyze its use by our user base. To this end, the following data are collected: the opening/closing of an app, the time spent in the app, clicks, features used, and pages visited, GPS data, search entries as well as bookings made via the app. We use these data to evaluate the use of our app, and to improve our app and our services in general.
We use this service in view of our legitimate interest (Art. 6 para. 1 lit. f) GDPR). The data collected are stored for a period of 14 months.
You may object to the data processing by Google Analytics for Firebase by terminating the use of our app and uninstalling the app from your mobile device.
You may refer to Policies and Terms for information by Google on how we use data generated by webpages or apps via which our services are used.
h) Links to Third-Party Providers
We also provide links to third-party providers and to our website on Facebook, Twitter, Instagram, YouTube, and Soundcloud. When clicking on the relevant icon (such as the Facebook button) at the bottom of our website you will be redirected accordingly. Native Instruments is not responsible for the ensuing processing of data by third-party providers. The companies responsible provide information on data processing in their respective privacy policies.
3. Additional Data Processing Regarding Newsletter, Surveys, Questionnaires, and Sweepstakes
a) Newsletter Registration
We regularly inform you about offers, promotions, and other news in our newsletters. You may register for our newsletter on our webpages by providing a valid email address.
We use the so-called double opt-in process for newsletter registrations. This means that we will send an email to the email address you provided when registering for our newsletter and request you to confirm the correctness of the registered email address and that you wish to receive our newsletter.
The legal basis for the above is your consent (Art. 6 para. 1 lit. a) GDPR in conjunction with Art. 7 para. 2 no. 3 UWG [German Unfair Competition Act]). You may revoke your consent at any time with future effect at Newsletter Unsubscribe and via the unsubscribe link contained in every email.
When you buy a Native Instruments software product or download a demo version or a free version of a software we offer, we will also send you our newsletter. The legal basis for doing so is Art. 7 para. 3 UWG. You may object to the newsletter being sent to you at any time here. As an alternative, you can do so via the unsubscribe link contained in every email.
b) Surveys and Questionnaires
Once you have bought a Native Instruments product, we may conduct an email survey. The legal basis for doing so is your consent (Art. 6 para. 1 lit. a) GDPR), which you may revoke at any time. With the help of such questionnaires, we would like to use your feedback to continuously improve our products.
We offer sweepstakes at irregular intervals. You are invited to participate in such sweepstakes on our webpages, via social media, or by email. If you take part in sweepstakes, the data collected (your name, email address, and country of residence) are required to ensure that you are effectively participating in the sweepstakes. Your data will be deleted once the sweepstakes have ended.
The legal basis for the processing of data generated in the course of sweepstakes is Art. 6 para. 1 lit. b) GDPR.
4. Contact and Customer Support
If you contact us by email, we will use your email address and your name so we may attend to /respond to your request.
b) Customer Support
Registered users may also contact our customer support via a so-called help center. We use the email address and name of the person contacting us to attend to the respective request. Furthermore, we use and store the hardware and software data entered in the input mask. We can thus ensure that our customers are provided with the best support possible at a later date and in the long term.
We process requests made by email or via our help center so we may respond to them, which is also in line with our legitimate interest in data processing (Art. 6 para. 1 lit. f) GDPR).
5. Additional Data Processing Regarding User Accounts
A user account is needed to view the data of current and past orders, and to check the status of current orders at any time.
The mandatory information to be provided includes your name, email address, and a password of your choice. All other information may be given voluntarily and is marked accordingly.
If you buy products, it is mandatory to provide your address and payment information so we may process your order. Mandatory information is specifically marked. All other information may be provided voluntarily.
We place all personal data provided in this context - both those that are required for fulfilling the contract and those provided voluntarily – in revocable storage. You may adjust your user account settings at any time in the customer portal.
The legal basis for the processing of data pertaining to user accounts is pursuant to Art. 6 para. 1 lit. b) GDPR.
6. Ordering, Activating, and Registering Products
a) Ordering Products
You may place orders in our online shop via your user account by providing the personal data required for processing orders.
The data collected and stored by us for processing your orders are: your name, address, email address, and payment information. All other information may be given voluntarily and is marked accordingly.
We store order data to record the order history. The order data are sent to you by email. When confirming an order by email, we do not reveal payment details, but only the selected payment method.
Our general terms and conditions are available here.
Information on payment methods are available here.
The legal basis for processing order data is Art. 6 para 1 lit. b) GDPR.
b) Activating Software Products
Before you can use our software products, you have to activate them via our respective web tool. The serial number of the respective software is then stored and assigned to your customer account.
The legal basis for processing data for product activation is Art. 6 para. 1 lit. b) GDPR.
c) Registering Hardware Products
Apart from the required activation of our software products, you may also register any hardware purchased. When you register such products via our webpages, the serial number of the respective hardware is stored and assigned to your customer account.
The legal basis for processing data for product registration is Art. 6 para. 1 lit. b) GDPR.
7. Credit Check and Credit Card Verification
We may request a credit agency to assess the creditworthiness of our customers for each order placed.
The legal basis for processing these data is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in preventing payment defaults.
To detect credit card fraud, we may also consult credit card fraud detection companies. No personal data are disclosed if such companies want to use them for commercial purposes. The legal basis for our legitimate interest in fraud prevention is Art. 6 para. 1 lit. f) GDPR.
8. Disclosure of Personal Data
We use the personal data entrusted to us for processing orders or sending newsletters. As a matter of principle, we only pass data on to third parties for such purposes.
However, Native Instruments may be obligated by law to disclose information to third parties (Art. 6 para. 1 lit. c) GDPR). This is in particular the case if there is suspicion of a criminal offense, in which case Native Instruments may be obligated to disclose data to law enforcement authorities.
We also enlist the services of external service providers if we cannot or cannot reasonably perform such services ourselves. Apart from the third-party providers mentioned in clauses 2. c) - f), such external service providers are mainly IT service providers, such as our hoster, email provider, telecommunications provider, or our IT maintenance service provider.
When processing orders, we provide the commissioned shipping company with your name and address, and may pass on the relevant payment data to banks or payment service providers.
9. Processing Time
10. Obligation to Provide Data and Automated Decision Making (Including Profiling)
There are no contractual or legal obligations for you to provide us with your personal data. However, we may not be able to offer our services without such data.
You are not subject to automated decision-making, including profiling, with legal effects pursuant to Art. 22 para. 1 and para 4 GDPR.
11. Rights of People Affected
a) Right to Information
You have the right to request confirmation as to whether your personal data are processed, and if so, which specific data are processed and for what purpose(s) (Art. 15 GDPR).
You have the right to demand that inaccurate personal data be rectified without undue delay. Furthermore, in consideration of the processing purpose(s), you have the right to demand that incomplete personal data be completed (Art. 16 GDPR).
c) Right to Erasure
Once your user relationship has been terminated and the legal retention periods pursuant to tax and commercial law have expired, all personal data will be erased, unless you have expressly consented to the further use of such data with regard to your customer account.
You may demand the erasure of your data at any time pursuant to Art. 17 GDPR if the statutory retention periods are not affected thereby and if the data are no longer required for performing contracts.
d) Right to Restriction of Processing
You have the right to demand that the processing of your personal data be restricted if one of the criteria pursuant to Art. 18 GDPR is met.
e) Right of Data Portability
You have the right to receive the personal data you have provided in a structured, commonly used, and machine-readable format, and you have the right to transmit such data to another responsible party without hindrance from us, provided the requirements pursuant to Art. 20 GDPR are met.
f) Right to Object
Pursuant to Art. 21 GDPR, you have the right to object to the processing of your personal data pursuant to Art. 6 para 1 lit. e) or lit. f) GDPR at any time on grounds relating to your particular situation.
You may informally revoke your consent to the use of your data at any time with future effect (Art. 7 para. 3 GDPR). As the case may be, you may no longer use our services / may no longer use our services to the full extent.
h) Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority – without prejudice to any other administrative or judicial remedy – and may in particular do so in the country where you habitually reside or the place of the alleged infringement if you are of the opinion that our processing of your personal data constitutes a violation of data privacy laws (Art. 77 GDPR).