Chorister beta

Privacy Policy

1. General Information

This document outlines our responsibilities and duties regarding the processing of your personal data, as defined by Article 13 of the European Union's General Data Protection Regulation (GDPR), and provides information on the rights that you have as a data subject.

2. Data Controller

Rouven Malecki
c/o Mindspace
Max-Beer-Str. 2-4
10119 Berlin

Data Protection Officer: privacy@chorister.app

Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the responsible Information Commissioner's Office: https://www.datenschutz-berlin.de

3. Data Processing Reasons & Legal Basis

When accessing Chorister and its services, the following information is processed by us for the reasons outlined below:

  1. Account details (e-mail addresses, name), for the purpose of providing you with an account on our platform.

    • Data is recorded during account registration at https://chorister.app (under "Register").
    • Data can be changed on the user account page at https://chorister.app/users/settings.
    • There is no requirement to use real personal information besides a reachable e-mail address.
    • Legal basis for processing this data is the user's consent to either share the data on our platform or to receive notifications (Art. 6.1.a GDPR).

  2. Technical metadata for the purpose of providing the platform services and avoiding misuse of our resources.

    • Data is processed during regular use of our website, and includes the IP address of the requesting computer, the browser and operating system you are using, the date and time of access, the Uniform Resource Locators (URL) requested on our website, as well as the previously visited website (referrer URL). When stored in logs, the IP address is truncated so that this data is not associated with your personal data.
    • Further metadata includes technically necessary cookies to identify the session of a logged-in user or to protect users from so-called CSRF attacks. Chorister does NOT use cookies or other techniques for user-targeted analytics or advertisements.
    • The legal basis for processing this data is a legitimate interest of the platform operator (Art. 6.1.f GDPR).

4. Data Handling by Third Parties

Infrastructure administrators can access all resources and personal information stored on our servers. This is required for maintaining the infrastructure necessary for providing Chorister's services.

All servers of Chorister are physically located in Germany.

5. Data Retention

  1. Account details are stored until the deletion of the account.
  2. Technical metadata like IP addresses are not stored for more than 7 days or as required by German legislature.
  3. Personal data may exist in encrypted backups for up to 1 year. If the data retention period is exceeded at the time of restoration of a backup, affected personal data will be purged.
  4. Personal data is stored in accordance with the statutory archiving obligations in Germany.

6. Data Subject Rights

As a subject of personal data processing, you have the following rights:

  1. Right to access: You can request copies of your personal data, as defined in Art. 15 GDPR.
  2. Right to rectification: you can request that we correct any information you believe is inaccurate, or complete any information you believe is incomplete, as defined in Art. 16 GDPR.
  3. Right to erasure: you can request that we erase your personal data, under the condition that the retention and processing of the information is not required by law and is not neccessary due to the reasons outlined in Art. 17 (3) GDPR.
  4. Right to restrict processing: you can request that we restrict the processing of your personal data, as defined in Art. 18 GDPR.
  5. Right to object to processing: you can object to and withdraw consent to us processing your personal data, as defined in Art. 21 GDPR.
  6. Right to data portability: you can request that we transfer the data that we have collected to another organization, or directly to you, as defined in Art. 20 GDPR.
  7. If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please use the contact information listed in Art. 2 of this privacy policy.