Privacy policy

PRIVACY POLICY
for shop.sbam.rocks

Version with Operator & Responsibility Clarification
(GDPR / EU compliant – strengthened operator separation)

A. CONTROLLER & RESPONSIBILITIES

This Privacy Policy explains how personal data is processed in connection with the website and online shop at shop.sbam.rocks.

Two different legal entities are involved depending on the service used:

SHOP OPERATION (ONLINE SHOP / MERCH / ORDERS)

The online shop at shop.sbam.rocks is operated by:

Stefan Beham / SBAM Records
Marktstraße 25
4090 Engelhartszell
Austria
Email: shop@sbam.rocks

Stefan Beham / SBAM Records is the data controller within the meaning of Art. 4 GDPR for all personal data processed in connection with:

– online shop orders
– merchandise sales
– customer accounts
– product inquiries
– newsletter (if shop-related)
– customer service communication
– shop marketing activities

EVENT OPERATION (SBAM FEST)

Ticketing and event-related processing concerning SBAM Fest is handled by a separate controller:

Longstocking Productions GmbH
Hauptstraße 54
4092 Esternberg
Austria
Email: bigi@sbam.rocks

Longstocking Productions GmbH is the independent data controller for all personal data processed in connection with:

– SBAM Fest ticket sales
– event registration
– event access control
– event-related communication
– event refunds or rescheduling
– event legal obligations

Where data is transferred between SBAM Records and Longstocking Productions GmbH, this occurs only where legally permitted and necessary for contract performance or legal obligations.

B. GENERAL DATA PROCESSING PRINCIPLES

We process personal data only in accordance with:

– EU General Data Protection Regulation (GDPR)
– Austrian Data Protection Act (DSG)
– applicable e-commerce and tax laws

Processing occurs only where necessary:

– to provide website functionality
– to fulfill contracts
– to process orders or tickets
– to respond to inquiries
– to comply with legal obligations
– to protect legitimate business interests
– based on consent where required.

C. LEGAL BASES (ART. 6 GDPR)

Processing is based on:

– Art. 6(1)(a) consent
– Art. 6(1)(b) contract / pre-contract measures
– Art. 6(1)(c) legal obligation
– Art. 6(1)(f) legitimate interest (security, fraud prevention, shop operation, event organization, documentation, legal defense).

D. DATA RECIPIENTS & PROCESSORS

Data may be shared with carefully selected processors where necessary, including:

– hosting providers
– shop software providers
– ticketing systems
– payment providers
– shipping companies
– IT support
– newsletter systems
– accounting providers

All processors are bound by GDPR Art. 28 agreements where required.

Separate processors may be used by SBAM Records and by Longstocking Productions GmbH depending on whether shop or event services are involved.

E. DATA RETENTION

Data is stored only as long as necessary and legally permitted.

Typical retention:

– order & invoice data: up to 10 years
– ticket & event billing data: up to 10 years
– inquiries: up to 12 months
– newsletter consent logs: until withdrawal + legal defense period

Data may be retained longer where required for legal claims or dispute defense.

F. WEBSITE ACCESS & SERVER LOG FILES

When visiting the website, technical data is automatically collected:

– IP address
– date/time
– page accessed
– browser & OS
– referrer

Purpose: system stability, security, abuse prevention.
Legal basis: legitimate interest.

G. COOKIES & CONSENT

We use necessary cookies for shop functionality. Optional cookies (analytics/marketing) are used only with consent where required.

Users can manage cookies in browser settings. Functionality may be limited if disabled.

H. SHOP ORDERS (SBAM RECORDS)

When placing shop orders, SBAM Records processes:

– name
– address
– email
– order details
– payment confirmation data

Purpose: contract fulfillment, shipping, accounting.
Legal basis: contract & legal obligation.

I. SBAM FEST TICKETS (LONGSTOCKING PRODUCTIONS GMBH)

For SBAM Fest tickets and event processing, Longstocking Productions GmbH processes:

– purchaser details
– ticket data
– payment confirmations
– access validation data

Purpose: event execution and legal compliance.
Legal basis: contract & legal obligation.

J. NEWSLETTER

Newsletters are sent only with explicit consent (double opt-in). Consent logs are stored for legal proof. Unsubscribe possible at any time.

K. SECURITY MEASURES

We implement technical and organizational measures including:

– TLS/SSL encryption
– access controls
– processor agreements
– data minimization
– backup systems

Absolute internet security cannot be guaranteed.

L. DATA SUBJECT RIGHTS

You have rights under GDPR:

– access
– correction
– deletion
– restriction
– portability
– objection
– withdraw consent
– complaint to supervisory authority (Austria: Datenschutzbehörde)

Requests may require identity verification.

M. LEGAL DEFENSE & FRAUD PREVENTION

Both SBAM Records and Longstocking Productions GmbH reserve the right to retain and process data where necessary for:

– legal enforcement
– fraud prevention
– dispute resolution
– contract defense

Legal basis: legitimate interest.

N. POLICY UPDATES

This Privacy Policy may be updated at any time with future effect. The current website version applies.

O. NO JOINT CONTROLLERSHIP

Unless explicitly stated otherwise, SBAM Records (Stefan Beham) and Longstocking Productions GmbH act as separate, independent controllers for their respective processing activities. No joint controllership under Art. 26 GDPR is established unless expressly declared.