Privacy Policy

1. Controller

Jan-Ole Steinmann
Waagestr. 16
26386 Wilhelmshaven
Germany
Contact form

2. Overview of Processing

VinylTube is a platform for browsing vinyl records from various shops to help you make the best purchasing decision. We only process personal data to the extent necessary to provide a functional website and our content and services.

3. Legal Basis for Processing

  • Art. 6(1)(a) GDPR – Consent (e.g. registration, contact form)
  • Art. 6(1)(b) GDPR – Performance of a contract (providing user account and wishlist features)
  • Art. 6(1)(f) GDPR – Legitimate interest (security, error tracking, server log files)

4. Data We Collect

a) Registration / User Account
  • First name, last name
  • Email address
  • Encrypted password

Legal basis: Art. 6(1)(a), (b) GDPR. Retention: Until you delete your account.

b) Contact Form
  • Name, email address, message

Legal basis: Art. 6(1)(a) GDPR. Retention: Until your inquiry has been resolved, then in accordance with statutory retention periods.

c) Wishlist

Saved wishlist entries are associated with your account. Legal basis: Art. 6(1)(b) GDPR.

d) Server Log Files

Each time you access our website, the following data is automatically collected:

  • IP address
  • Date and time of the request
  • Requested URL / resource
  • HTTP status code
  • Browser type and operating system
  • Referrer URL

Legal basis: Art. 6(1)(f) GDPR. This data is used to ensure the operation and security of the website. Log files are deleted regularly.

5. Cookies

We only use technically necessary cookies (session cookies for login). These cookies are essential for the operation of the website and are deleted when you close your browser or when the session expires.

Legal basis: § 25(2) TDDDG (technically necessary — no consent required).

6. Third-Party Services

a) Hosting

This website is operated by a professional hosting provider. Server log files are collected to provide the website (see Section 4d). Legal basis: Art. 6(1)(f) GDPR.

b) Rollbar (Error Monitoring)

We use Rollbar (Rollbar Inc., San Francisco, USA) for server-side error monitoring. In the event of a server error, technical data (e.g. error message, IP address, URL) may be transmitted to Rollbar. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in uninterrupted operation). No browser data is sent directly from visitors to Rollbar.

More information: Rollbar Privacy Policy.

c) No External Fonts or CDNs

We do not load any fonts or libraries from external servers (e.g. Google Fonts, FontAwesome CDN). All resources are served locally from our own server.

7. Your Rights

You have the right at any time to:

  • Access your data stored with us (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdraw consent at any time with effect for the future (Art. 7(3) GDPR)

To exercise your rights, please contact us via our contact form.

8. Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

9. Data Security

We use SSL/TLS encryption for data transmission. Passwords are stored exclusively in encrypted form (bcrypt) and are not visible to us.

10. Changes to This Privacy Policy

We reserve the right to update this privacy policy as needed to ensure it always complies with current legal requirements. The current version can always be found on this page.