Privacy Policy

Audiomatik GmbH

Last updated on 2026-05-19

This Privacy Policy explains how Audiomatik GmbH (“Audiomatik”, “we”, “us”) processes personal data in connection with the Audiomatik software (the “Software”) and the related online services. This Privacy Policy complies with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the German Federal Data Protection Act (BDSG).

1. Controller

The controller responsible for the processing of personal data described in this Privacy Policy is:

Audiomatik GmbH
Kästrich 6
55116 Mainz
Germany
Email: service@audiomatik.com

2. Categories of Data, Purposes and Legal Basis

We process personal data for the purposes described below. The categories of data, the purpose of the processing and the legal basis under Article 6 GDPR are set out for each processing activity.

2.1 Account, Authentication, Download and License Verification

To provide the core functionality of the Software, we process the data required to authenticate you, determine which content you are entitled to download, deliver the corresponding files, and verify that downloads have completed correctly.

Where the Software is used in connection with stores operated by Boom Library GmbH, Astockmedia GmbH or other store operators, the respective store operator remains responsible for the customer account, purchase history, media license and entitlement data in its own systems. Audiomatik receives and processes only the data necessary to authenticate the user, verify the user’s download entitlements, and deliver the requested files through the Software.

Categories of data processed:

  1. Account identifier and secure authentication tokens (no passwords are stored or processed by us)
  2. License and entitlement information received from the respective store operator via OAuth or related authorization interfaces, including information on which collections you may download
  3. Download metadata (collection identifiers, file lists, download status, file checksums, timestamps)
  4. IP address (for the duration of the data transfer)
  5. Technical connection data required to deliver the requested files

Purpose: Performance of the agreement under which the Software is provided to you, including authentication, authorisation, delivery and integrity verification of the licensed content.

Legal basis: Article 6(1)(b) GDPR (performance of a contract).

2.2 Diagnostic Information

When the Software encounters a technical issue, an error log is transmitted to us automatically. This allows us to investigate problems, provide support and improve the stability of the Software.

Categories of data processed:

  1. Error type and error message
  2. Technical context (affected feature, operating system, Software version, timestamp)
  3. Your account identifier, so that the error can be linked to your specific situation if needed for support
  4. Limited technical metadata about the event

Purpose: Maintaining a stable and reliable Software, identifying and fixing defects, and being able to provide effective support to our users.

Legal basis: Article 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in operating a stable product and supporting our users; the processing is limited to what is necessary for this purpose, and you can object to it at any time (see Section 7).

Right to object: You can disable the transmission of diagnostic information at any time under Settings > Privacy in the Software.

2.3 Usage Statistics

If you choose to enable usage statistics, we record information about how you use the Software in order to understand which features are used, where users encounter difficulties, and how the Software can be improved.

Categories of data processed:

  1. Feature usage events (which functions are used and how)
  2. Navigation paths within the Software
  3. Technical metadata of the event (Software version, operating system, timestamp)
  4. Your account identifier, used to link events to a user for analysis

Purpose: Improving the Software, prioritising development efforts and analysing user behaviour in an aggregated form.

Legal basis: Article 6(1)(a) GDPR (consent).

Withdrawal of consent: You may withdraw your consent at any time with effect for the future under Settings > Privacy in the Software. Withdrawing consent does not affect the lawfulness of processing carried out prior to the withdrawal.

2.4 Customer Communication

If you contact us with a request (e.g. by email), we process the data you provide in order to respond.

Categories of data processed: Name, email address, content of your message and any further information you provide.

Purpose: Handling your request and providing support.

Legal basis: Article 6(1)(b) GDPR where the request relates to the performance of a contract, otherwise Article 6(1)(f) GDPR (legitimate interest in responding to inquiries).

3. Recipients of Personal Data

We use carefully selected service providers to operate the Software and the related services. These providers process personal data on our behalf as processors under Article 28 GDPR and only in accordance with our instructions. They are bound by appropriate data processing agreements.

Current categories of service providers:

  1. Hosting and data storage: Hetzner Online GmbH (Germany) and G-Core Labs S.A. (Luxembourg), used for database hosting and content delivery. All data is processed within the European Union.

Beyond these processors, we do not share your personal data with third parties unless we are legally obliged to do so (e.g. in response to lawful requests by public authorities) or unless required to enforce or protect our rights.

4. International Data Transfers

Our core databases are located within the European Union (Hetzner and G-Core). To ensure fast worldwide downloads, we use G-Core’s global Content Delivery Network (CDN). Depending on your location, your download request and IP address may be processed by a local CDN node outside the EU. These transfers are legally secured through EU Standard Contractual Clauses (SCCs).

5. Retention Period

We retain personal data only for as long as necessary for the purposes for which it was collected, or for as long as we are legally required to do so.

  1. Account, authentication and download data: for the duration of your account, and thereafter for the periods prescribed by applicable statutory retention obligations (in particular tax and commercial law obligations under German law).
  2. Diagnostic information: retained only for as long as necessary to investigate and resolve technical issues and to ensure the stability of the Software, and in any event no longer than required to fulfil this purpose or any applicable statutory requirements. Thereafter, the data is deleted or fully anonymised.
  3. Usage statistics: raw event data is retained only for as long as necessary for the analytical purpose described above, and in any event no longer than required to fulfil this purpose or any applicable statutory requirements. Thereafter, the data is deleted or fully anonymised (aggregated).
  4. Customer communication: kept for as long as necessary to handle the request and thereafter in line with applicable statutory retention obligations.

After expiry of the relevant retention period, the data is deleted or fully anonymised.

6. Your Rights

Subject to the conditions set out in the GDPR, you have the following rights regarding your personal data:

  1. Right of access (Article 15 GDPR): you have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to that data.
  2. Right to rectification (Article 16 GDPR): you have the right to have inaccurate personal data corrected and incomplete data completed.
  3. Right to erasure (Article 17 GDPR): you have the right to have your personal data deleted in the cases provided for by the GDPR.
  4. Right to restriction of processing (Article 18 GDPR): you have the right to obtain restriction of processing under the conditions of the GDPR.
  5. Right to data portability (Article 20 GDPR): you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format.
  6. Right to withdraw consent (Article 7(3) GDPR): where processing is based on your consent, you have the right to withdraw that consent at any time with effect for the future.
  7. Right to lodge a complaint (Article 77 GDPR): you have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

The competent supervisory authority for Audiomatik GmbH is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34
55116 Mainz
Germany

To exercise any of your rights, please contact us using the contact details provided in Section 1.

7. Right to Object (Article 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR (legitimate interest). In this case, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

In particular, you can object to the transmission of diagnostic information at any time by disabling the corresponding setting under Settings > Privacy in the Software, or by contacting us using the contact details in Section 1.

8. No Obligation to Provide Personal Data; No Automated Decision-Making

The provision of personal data required for the performance of the agreement (in particular for authentication, license verification and download delivery) is necessary to use the Software. Without this data, we cannot provide the Software.

The provision of data for diagnostic information and usage statistics is voluntary; you are not required to provide it and there are no disadvantages associated with refusing or withdrawing consent, other than the fact that we will have less information available to investigate issues or improve the Software.

We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you within the meaning of Article 22 GDPR.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our processing activities or in the legal framework. The current version is always available within the Software. Where changes are material, we will inform you separately and, where required by law, ask for your renewed consent before such changes take effect.

10. Contact

If you have questions about this Privacy Policy or about the processing of your personal data, please contact us at:

Audiomatik GmbH
Kästrich 6
55116 Mainz
Germany
Email: service@audiomatik.com

Addendum: Additional Data Processing for Website Visitors and General Corporate Services

The following provisions supplement the main Privacy Policy above and describe how Audiomatik GmbH processes personal data specifically when you visit our website (audiomatik.com), subscribe to our corporate newsletters, or utilize our extended website customer support tools.

A.1 Website Hosting and Log Files

When you browse our website for informational purposes, technical connection data is processed automatically.

  • Processor: STRATO AG (Otto-Ostrowski-Straße 7, 10249 Berlin, Germany) – used for web hosting and operating our web server infrastructure. All data is processed within Germany.
  • Categories of data: IP address, browser type/version, operating system, referrer URL, pages accessed, and timestamps.
  • Purpose & Legal Basis: Operating a functional website and maintaining security. Legal basis is Article 6(1)(f) GDPR (legitimate interest).

A.2 Corporate Customer Support via Zoho

In addition to the software communication features, we utilize an extended ticket system on our website and via direct support emails to manage enterprise requests and product inquiries.

  • Processor: Zoho Corporation B.V. (Beneluxlaan 4B, 3527 HS Utrecht, Netherlands) and its international affiliates.
  • Categories of data: Name, email address, corporate store association, support ticket details, and historical technical correspondence.
  • Purpose & Legal Basis: Central management of corporate support and resolution of operational technical issues. Legal basis is Article 6(1)(b) GDPR (performance of a contract/support) or Article 6(1)(f) GDPR (legitimate interest in providing an efficient customer service platform).

A.3 Website Analytics (Google Analytics)

Our website uses Google Analytics to analyze user patterns and improve web presentations.

  • Provider: Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) / Google LLC (USA).
  • Categories of data: Anonymized/masked IP address, website navigation paths, device parameters, and unique tracking IDs stored in cookies.
  • Purpose & Legal Basis: Optimizing marketing and layout performance. Legal basis is Article 6(1)(a) GDPR (Consent, provided via our website cookie banner).

A.4 Newsletters and Email Marketing

If you subscribe to our product update loops or corporate newsletters, we process the data necessary for automated email delivery.

  • Provider: Mailchimp (Intuit France SAS, 7 rue de la Paix, 75002 Paris, France) / Intuit Inc. (USA).
  • Categories of data: Email address, name, subscription preferences, and opening/click statistics.
  • Purpose & Legal Basis: Sending promotional materials and feature releases. Legal basis is Article 6(1)(a) GDPR (Consent). You can unsubscribe at any time via the link located at the bottom of each email.

A.5 International Data Safeguards for Website Services

While our central databases remain within the EU, web activities using Google Analytics, Mailchimp, or Zoho may involve processing or data access by entities outside the European Economic Area (EEA), particularly in the United States or India.

To ensure a level of protection equivalent to the GDPR, these transfers are legally secured as follows:

  • The providers are certified under the EU-U.S. Data Privacy Framework (adequacy decision of the European Commission), and/or
  • We have concluded strict EU Standard Contractual Clauses (SCCs) with the respective providers to safeguard any technical access from outside the EEA.

A.6 Cookies and Tracking Technologies

Our website utilizes cookies to ensure proper session management and to enable web analytics. For a full breakdown of specific storage intervals and to modify your tracking preferences, please open our interactive website consent banner or refer to our dedicated [Cookie Policy].