Paul van Dyk GmbH
c/o HÄRTING Rechtsanwälte PartGmbB
Chausseestraße 13 | 10115 Berlin | Germany
Phone: +49 (0)30 217 98 6 – 0
Fax: +49 (0)30 217 98 6 – 29
Web: www.paulvandyk.com
Email: imprint@paulvandyk.com
Paul van Dyk
Amtsgericht Charlottenburg
Registernummer: HR B 74035
DE197884415
Paul van Dyk
Privacy Policy
www.paulvandyk.com
1) Introduction and Contact Information of the Data Controller
1.1 We are pleased that you are visiting our website. Below, we inform you about the handling of your personal data when using our website. Personal data includes any data that can be used to personally identify you.
1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Paul van Dyk GmbH, Riebener Dorfstr. 27, D-14547 Beelitz, Germany, Email: privacy@paulvandyk.com, Website: https://paulvandyk.com. The controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
2) Data Collection When Visiting Our Website
2.1 When you visit our website purely for informational purposes, i.e. when you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called server log files). When you access our website, we collect the following data that is technically required to display the website:
Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. No transfer or further use of the data takes place. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.
2.2 This website uses SSL/TLS encryption for security reasons and to protect the transmission of personal data and other confidential content. You can recognise an encrypted connection by the string https:// and the lock symbol in your browser address bar.
3) Hosting
For hosting our website we use the services of plusserver GmbH, Welserstrasse 14, 51149 Cologne, Germany. All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
4) Cookies
To make visiting our website attractive and to enable the use of certain features, we use cookies, which are small text files stored on your device. Some cookies are automatically deleted after closing the browser (so-called session cookies), while others remain stored on your device for a longer period and allow the storage of page settings (so-called persistent cookies).
Where individual cookies we use also process personal data, processing is carried out in accordance with Art. 6(1)(b) GDPR for the performance of the contract, pursuant to Art. 6(1)(a) GDPR if consent has been given, or pursuant to Art. 6(1)(f) GDPR to protect our legitimate interest in the best possible functionality of the website.
You can set your browser to inform you when cookies are set and to individually decide whether to accept them, or to exclude the acceptance of cookies for certain cases or generally. Please note that if cookies are not accepted, the functionality of our website may be limited.
The following cookies are set on this website:
5) Contacting Us
When you contact us (e.g. via a contact form or email), we process personal data solely for the purpose of handling and responding to your inquiry and only to the extent necessary for this purpose.
The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted once the issue in question has been resolved and provided there are no statutory retention obligations to the contrary.
6) Email Newsletter
6.1 When you subscribe to our email newsletter, we will send you regular information about our offers and news. The mandatory information required for sending the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. We use the double opt-in procedure for sending newsletters, which ensures that you will only receive the newsletter once you have explicitly confirmed your consent by clicking on a confirmation link sent to the email address you provided.
6.2 Our email newsletter is sent via Brevo (formerly Sendinblue), a service of Brevo SAS, 7 rue de Madrid, 75008 Paris, France. We share your registration data with Brevo on the basis of our legitimate interest in effective and reliable newsletter delivery pursuant to Art. 6(1)(f) GDPR. With your explicit consent pursuant to Art. 6(1)(a) GDPR, Brevo may perform statistical analyses of newsletter performance using tracking tools (e.g. web beacons, pixels) to measure open rates and interactions. We have concluded a data processing agreement with Brevo that ensures the protection of our subscribers’ data and prohibits unauthorised disclosure to third parties. Brevo also operates marketing automation services on our website via the domain sibautomation.com, which may set the cookie sib_cuid for user identification. For further information on Brevo’s data protection practices, please visit https://www.brevo.com/legal/privacypolicy/.
6.3 By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. When you register for the newsletter, we also store the IP address assigned by your Internet Service Provider (ISP) as well as the date and time of registration, in order to be able to trace any possible misuse of your email address at a later point in time.
6.4 You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by notifying the controller accordingly. After unsubscribing, your email address will be removed from our newsletter distribution list without delay.
6.5 The newsletter of Paul van Dyk GmbH contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in newsletters sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. You may withdraw your consent to the use of tracking pixels at any time.
7) Analytics and Tracking
7.1 Google Tag Manager
This website uses Google Tag Manager, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags and does not itself collect personal data. However, it triggers other tags which may collect data. Google Tag Manager does not access this data. The legal basis is Art. 6(1)(f) GDPR. For further information, please visit https://policies.google.com/privacy.
7.2 PixelYourSite
This website uses PixelYourSite, a tracking plugin that connects our website to marketing platforms (including Meta/Facebook Pixel and Google Ads) and tracks visitor behaviour such as traffic sources, landing pages, and session data. The plugin sets several cookies (pys_*, last_pys_*) on your device. Processing is based on your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw consent at any time via the cookie settings on our website.
7.3 Google Ads / Doubleclick
This website uses Google Ads conversion tracking and Doubleclick, services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. These services allow us to measure the effectiveness of our advertising campaigns and may involve fingerprinting and advertising cookies. Data may be transferred to Google LLC in the USA; such transfers are based on the EU-U.S. Data Privacy Framework (adequacy decision). The legal basis is Art. 6(1)(a) GDPR (consent). Further information is available at https://policies.google.com/privacy.
7.4 Cloudflare Web Analytics
This website uses Cloudflare Web Analytics, provided by Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. Cloudflare Web Analytics collects aggregated, anonymised data about website usage and does not use cookies or track individual users across sites. Cloudflare is certified under the EU-U.S. Data Privacy Framework. The legal basis is Art. 6(1)(f) GDPR. Further information is available at https://www.cloudflare.com/privacypolicy/.
7.5 Sentry
This website uses Sentry, an error tracking service operated by Functional Software, Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. Sentry collects technical error reports to help us identify and fix issues with our website. Data transferred to the USA is covered by standard contractual clauses. The legal basis is Art. 6(1)(f) GDPR based on our legitimate interest in maintaining a functioning website. Further information is available at https://sentry.io/privacy/.
8) Third-Party Services and Social Networks
Our website integrates components of various third-party services and social networks. When you visit a page containing such components, your browser establishes a direct connection to the servers of the respective provider. If you are simultaneously logged in to that service, the provider may be able to associate your visit to our specific page with your account. If you do not wish this to occur, please log out of the respective service before visiting our website.
8.1 Facebook
Our website integrates components of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Facebook), including the Meta Pixel for conversion tracking and retargeting. The integration is based on your consent pursuant to Art. 6(1)(a) GDPR. Data may be transferred to Meta Platforms, Inc. in the USA under the EU-U.S. Data Privacy Framework. For information on data protection at Meta, please visit https://www.facebook.com/about/privacy/.
8.2 Instagram
Our website integrates components of Instagram, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The integration is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. Further information on data protection at Instagram is available at https://help.instagram.com/519522125107875.
8.3 X (formerly Twitter)
Our website integrates buttons of the service X, operated by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The integration is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. The privacy policy of X is available at https://x.com/en/privacy.
8.4 YouTube
Our website integrates video content from YouTube, a service of YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google LLC. YouTube sets several cookies on your device when embedded video content is loaded (VISITOR_INFO1_LIVE, YSC, VISITOR_PRIVACY_METADATA, __Secure-ROLLOUT_TOKEN, __Secure-YNID). The integration is based on your consent pursuant to Art. 6(1)(a) GDPR. Data transfers to the USA are covered by the EU-U.S. Data Privacy Framework. For information on data protection at YouTube, please visit https://policies.google.com/privacy.
8.5 SoundCloud
We present audio content on our website using SoundCloud, operated by SoundCloud Ltd., 33 St. James Square, London SW1Y 4JS, United Kingdom. The integration is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. Further information on data protection at SoundCloud is available at https://soundcloud.com/pages/privacy.
8.6 Mixcloud
Our website embeds audio content from Mixcloud, operated by Mixcloud Limited, 50 Broadway, London SW1H 0RG, United Kingdom. When Mixcloud content is loaded, your browser connects directly to Mixcloud’s servers, which may process your IP address and usage data. The integration is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. Further information is available at https://www.mixcloud.com/privacy/.
8.7 Spotify
Our website contains links and embedded content from Spotify, a service of Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden. The integration is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. The privacy policy of Spotify is available at https://www.spotify.com/legal/privacy-policy/.
8.8 Songkick
Our website integrates a tour dates widget from Songkick, operated by Songkick.com LLP, 35 Little Russell Street, London WC1A 2HH, United Kingdom. When the widget is loaded, your browser connects directly to Songkick’s servers, which may process your IP address and browser information. The integration is based on our legitimate interest in informing visitors about upcoming live events pursuant to Art. 6(1)(f) GDPR. Further information is available at https://www.songkick.com/privacy.
8.9 Google Fonts
This website loads fonts from Google Fonts, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When fonts are loaded, your browser transmits your IP address to Google’s servers. Data may be transferred to Google LLC in the USA under the EU-U.S. Data Privacy Framework. The legal basis is Art. 6(1)(f) GDPR based on our legitimate interest in a consistent visual presentation of our website. Further information is available at https://policies.google.com/privacy.
8.10 Font Awesome
This website loads icons from Font Awesome, a service of Fonticons, Inc., 6 Porter Road, Apartment 3R, Cambridge, MA 02140, USA. When icons are loaded, your browser transmits your IP address to Fonticons’ servers. The legal basis is Art. 6(1)(f) GDPR. Further information is available at https://fontawesome.com/privacy.
8.11 jQuery (Google CDN)
This website loads the jQuery JavaScript library from the Google CDN (ajax.googleapis.com), a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When the library is loaded, your browser transmits your IP address to Google’s servers. The legal basis is Art. 6(1)(f) GDPR. Further information is available at https://policies.google.com/privacy.
9) Online Shop (shop.paulvandyk.com)
9.1 Joint Controllers
The online shop at shop.paulvandyk.com is operated jointly by Paul van Dyk GmbH, Riebener Dorfstr. 27, D-14547 Beelitz, Germany, and Gekko Agency, Van Graftstraat 10, 3088 GL Rotterdam, The Netherlands. Both parties act as joint controllers within the meaning of Art. 26 GDPR, as they jointly determine the purposes and means of processing personal data in connection with the shop. A joint controller arrangement pursuant to Art. 26 GDPR has been established between the two parties. The essential content of this arrangement is available to data subjects on request at privacy@paulvandyk.com.
The shop is technically hosted on the Shopify platform, operated by Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, and Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada. A data processing agreement has been concluded with Shopify. Transfers to Canada are covered by an EU adequacy decision.
9.2 Data Processed in the Shop
When you open a customer account or place an order, we collect and process the personal data you provide to the extent necessary to fulfil the contract, pursuant to Art. 6(1)(b) GDPR. This includes name, delivery address, email address, payment data, and order details. You can request deletion of your customer account at any time by contacting privacy@paulvandyk.com.
9.3 Shipping Partners
To fulfil our contractual obligations, we share your name, delivery address, and where required your phone number with the following shipping providers, solely for delivery purposes, pursuant to Art. 6(1)(b) GDPR:
9.4 Payment Service Providers
For payment processing, we cooperate with the following payment service providers. When you select a payment method, your payment data (name, address, bank and payment card information, currency, transaction number) and order details will be shared with the respective provider in accordance with Art. 6(1)(b) GDPR solely for payment processing purposes:
10) Rights of the Data Subject
10.1 You have the following rights with regard to your personal data stored by us:
10.2 Right to object: Where we process your personal data on the basis of a balancing of interests pursuant to Art. 6(1)(f) GDPR, you have the right to object at any time, with future effect, to the processing of your personal data on grounds arising from your particular situation. If you exercise your right to object, we will cease processing the relevant data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
10.3 Where we process personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes. If you object, we will no longer process your personal data for these purposes.
To exercise your rights, please contact: privacy@paulvandyk.com
11) Duration of Storage of Personal Data
Personal data is stored only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law.
Data processed on the basis of Art. 6(1)(a) GDPR is stored until you withdraw your consent. Data processed on the basis of Art. 6(1)(b) GDPR is stored until the end of the contractual relationship and the expiry of applicable statutory retention periods. Where processing is based on Art. 6(1)(f) GDPR, data is stored until you object pursuant to Art. 21 GDPR, unless compelling grounds for continued processing exist. Once the data is no longer required, it will be deleted in accordance with GDPR requirements.
12) Automated Decision-Making
We do not use automated decision-making or profiling.
13) Legal Bases for Processing
Art. 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. Where processing is necessary for the performance of a contract to which the data subject is party, the processing is based on Art. 6(1)(b) GDPR. The same applies to processing operations required for carrying out pre-contractual measures. Where we are subject to a legal obligation that requires processing of personal data, the processing is based on Art. 6(1)(c) GDPR. Finally, processing operations may be based on Art. 6(1)(f) GDPR where processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not override those interests.
Last updated: May 2026