Privacy Policy

Last updated: 2026-02-04

1. General information

We take the protection of your personal data seriously. This Privacy Policy explains which personal data is processed when you visit our website, for what purposes, on which legal bases, and which rights you have as a data subject.

“Personal data” means any information relating to an identified or identifiable natural person.

2. Controller

Dietrich und Härter GbR
Ostseestraße 126
10409 Berlin
Germany

Email: info@hekticuniverse.com

3. Data Protection Officer

We have not appointed a Data Protection Officer because we are not legally required to do so.

4. Hosting and provision of the website

Our website is hosted by Strato AG.

When you access our website, the hosting provider automatically processes so-called server log files. These may include, in particular:

  • IP address
  • date and time of access
  • pages requested
  • amount of data transferred
  • HTTP status code
  • browser type, operating system, and user agent

This processing is necessary to technically deliver the website, ensure system security, and analyze errors.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation).

We have concluded a data processing agreement (DPA) with the hosting provider in accordance with Art. 28 GDPR, where required.

5. General data processing

We process personal data only to the extent necessary to provide our website and the offered features.

We do not use personal data for advertising, marketing, or analytics/tracking purposes.

Depending on the context, the legal bases are:

  • Art. 6(1)(b) GDPR (performance of a contract / steps prior to entering into a contract)
  • Art. 6(1)(f) GDPR (legitimate interest)

6. Cookies and similar technologies

Our website uses only technically necessary cookies and similar technologies, such as local storage.

They are used to provide essential functions of the website and connected applications and to store user preferences.

The storage/access is based on Art. 6(1)(f) GDPR and (where applicable) Section 25(2) No. 2 TTDSG (Germany), which allows storage that is strictly necessary for providing a service expressly requested by the user.

Further details are provided in our separate Cookie Policy.

7. Connecting external music services (OAuth)

To use certain features, external music services can be connected using OAuth authentication.

Depending on the service and your usage, we may process in particular:

  • user IDs
  • display names
  • profile images
  • access tokens
  • in some cases, email addresses

Access tokens are stored server-side to provide the requested functionality (e.g., displaying, creating, and editing playlists).

The legal basis is Art. 6(1)(b) GDPR.

8. Third-party providers used

Depending on your use of the website and its features, the following external services may be connected:

  • Spotify
  • YouTube (Google)
  • SoundCloud
  • Tidal
  • Amazon Music

Where legally required, we have concluded data processing agreements pursuant to Art. 28 GDPR.

To the extent these providers process personal data in their own responsibility (e.g., within their platforms), their respective privacy policies apply.

9. Transfers to third countries

Some of the providers mentioned above may be located outside the EU/EEA, in particular in the United States. In such cases, personal data may be transferred to a “third country”.

Where required, these transfers are based on appropriate safeguards, in particular the Standard Contractual Clauses (SCCs) adopted by the European Commission and/or other suitable safeguards provided by the relevant provider.

10. Storage period

We store personal data only as long as necessary for the respective purposes:

  • OAuth tokens: until the connection is disconnected
  • profile data: until the respective service is deactivated/disconnected
  • cache and local storage data: overwritten regularly or deleted by you manually
  • server log files: retained according to the hosting provider’s retention policies and then deleted

11. Your rights

Under the GDPR, you have the right to:

  • access (Art. 15 GDPR)
  • rectification (Art. 16 GDPR)
  • erasure (Art. 17 GDPR)
  • restriction of processing (Art. 18 GDPR)
  • data portability (Art. 20 GDPR)
  • objection to processing (Art. 21 GDPR)

Where processing is based on your consent, you may withdraw your consent at any time with effect for the future.

To exercise your rights, a simple message to the contact details above is sufficient.

12. Automated decision-making

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR.

13. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority.

In Berlin, the competent authority is generally:

Berlin Commissioner for Data Protection and Freedom of Information

14. Changes to this Privacy Policy

We may update this Privacy Policy if necessary due to legal, technical, or organizational changes.

The current version is always available on this website.