Privacy Policy

Compliance with the data protection regulations has a special significance for us. The purpose of this privacy policy is to inform you, as the user of the website and our app, about the nature, scope and purpose of the processing of personal data and the rights that exist for you, insofar as you, as the person concerned, i.S.d. Article 4 (1) of the General Data Protection Regulation applies. The following privacy policy already takes into account the changes according to the General Data Protection Regulation applicable from 25.5.2018. At the same time, this declaration also fulfills the requirements of § 13 Telemediengesetz (German Teleservices Act), which had previously applied.

mubo, Marcel Dittmann

1. General

Both the development of the website and the development of the app were designed to collect as little data as possible from you. In principle, it is possible to visit our website without providing personal data. Only when you decide to use certain services (for example, registration)  the processing of personal data will become necessary. In doing so, we always take care to process your personal data only in accordance with a legal basis or your consent. We comply with the provisions of the General Data Protection Regulation (GDPR) applicable from 25.5.2018 and the applicable national regulations, such as the Federal Data Protection Act, the Telemedia Act or other special data protection laws.

2. Definition

The terms used in this Privacy Policy have the following meaning in accordance with the GDPR.

„Personal data“  means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.;

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.;

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.;

Pseudonymisation“ is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.;

Controller or controller responsible for the processing“ is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.;

„Processor“ is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.;

„Recipient“ is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.;

„Third party“ is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.;

„Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.;

3. Consent

By completing the registration, you consent to the collection and use of personal information provided by you as described in this Privacy Policy. You can revoke this consent at any time with effect for the future by making a corresponding declaration to us. However, we point out that use of the app without your consent is no longer possible. For your revocation please use the above mentioned contact.

4. Collected and processed personal data

In order to be able to provide you with our full services via the website or the app, Registration / Login is required. In this case, we collect and process in particular the following personal data from you.

Username, email address, password, location data

As far as further data are processed, these result from the active input of personal data by you.

5. Purpose of the personal data

We use your personal information for the following purposes:

  1. For the justification (registration), execution or termination of the contract of use to be concluded or existing between you and us (General Terms of Use), and, if applicable, for the processing of payments (e.g. e-mail, user name, password).
  2. To show you relevant Musicboxes in your area (e.g. location data)
  3. To keep the maximum number of votes per user (e.g. an identification number of the app installation)
  4. In order to be able to process your request with you in case of contact inquiries (e.g. e-mail address)
  5. To ensure that our website and app is presented to you in the most effective and interesting way possible (e.g. by statistical analysis)
  6. For the technical realisation of our offers and for monitoring the legal and contractual use of our offers by registered users (IP address, user name)
  7. To enable you to participate in interactive offers, such as subscribing to newsletters, if you wish and have given your consent
  8. To inform you about changes and news of our services, as far as you have consented accordingly

6. Legal basis of the processing

Insofar as we collect and process special categories of personal data from you, this is done on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR. The processing of your personal data is also based on your consent if you decide to subscribe to a newsletter from us. Personal data required for the establishment, implementation or processing of the contract of use is processed on the legal basis of Art. 6 (1) lit. b GDPR. Insofar as we use external service providers in the context of order data processing, processing is based on the legal basis of Art. 28 GDPR.

7. General Log Files

  1. Each time you visit our website, your browser automatically sends certain information to the server of the website and stores it in a so-called logfile. The same applies to the case when you retrieve data using our app. These are, for example, information about
    • the type and version of the browser you are using
    • the operating system you are using
    • the website from which you came to the current page
    • the host name (IP address) of your device as well
    • the time when the request was made
    • the Internet service provider of the accessing device
  2. Subject to any legal retention requirements, we will delete or anonymise your IP address after leaving our website / app
  3. Incidentally, we use the information transmitted by your browser to our servers in anonymous form – without any conclusions being possible – to analyze and improve our services. In this way we can, for example, detect possible errors or determine on which days and at what times our services are used particularly strongly
  4. When using the aforementioned data, we do not draw any conclusions about you as the data subject. We need the data solely to properly deliver and streamline the content of our site, to ensure the integrity of our systems and the technology to provide law enforcement with the information necessary for law enforcement purposes. This anonymously collected data and information is therefore statistically and further evaluated by the company with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process.
  5. The data of the server log files are stored separately from all personal data provided by you

8. Cookies

  1. We may collect information about your use of our website through the use of so-called browser cookies. These are small text files that are stored on your disk and that store certain settings and data for sharing with our system through your browser. A cookie usually contains the name of the domain from which the cookie data was sent, as well as information about the age of the cookie and an alphanumeric identifier. Cookies allow our systems to recognize the user’s device and make any presets available immediately. As soon as a user accesses the platform, a cookie is transmitted to the hard disk of the user’s computer. Cookies help us improve our website and offer you a better and more personalized service. They enable us to recognize your computer or your (mobile) device when you return to our website and thereby:
    • To save information about your favorite activities on the website and thus to tailor our website to your individual interests. This includes, for example, advertising that corresponds to your personal interests;
    • Speed up the processing of your requests;
  2. We may also work with business partners [Google – Google Analytics] to help us make the website and website more interesting to you. Therefore, when visiting the website, cookies from these partner companies (third-party providers) will also be stored on your hard drive. These are cookies that automatically delete after the given time. The cookies of our partner companies also only collect information under a cookie ID, which enables our advertising partners to address you with advertisements that might actually interest you. To stop the use of such cookies, see 8c.
  3. If you do not wish to use browser cookies, you can set your browser so that the storage of cookies is not accepted. Please note that in this case you may be able to use our website only partially or not at all. If you only want to accept our own cookies, but not the cookies of our service providers and partners, you can choose the setting in your browser “block third-party cookies”.

9. Google Analytics

  1. It is important to us to make our websites as optimal as possible and to make them attractive to our visitors. For this it is necessary that we know which parts of it arrive as with our visitors. This website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).
  2. Google Analytics also uses cookies, which are text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
  3. IP anonymisation has been activated on our website so that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
  4. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to us as website operators. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.
  5. You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to use all functions of this website in full.
  6. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available under the following link and install: ___ [currently].
  7. Alternatively, you can prevent a collection by Google Analytics by setting an opt-out cookie by clicking here. If you delete the cookies in your browser, you must click this link again.
  8. Google’s privacy policy can be found at:

10. Location Data

Your location data will only be accessed when needed through an interface (API) from Google (Android App) or Apple (iOS App). How often your location data is retrieved depends on the usage of the app (find Musicboxes or start your own Musicbox).

To show you Musicboxes in your area, your location information is temporarily stored on your device. Your location will be transferred to the map provided by Google or Apple so that your location can be visualized. If you want to connect to a Musicbox, your location will be compared to that of the Musicbox. So we check if you are in the range specified by the owner to this Musicbox.

If you start a Musicbox yourself, your location data will be periodically retrieved and transmitted to our system. This location information is used to ensure that only people in the range you specify can connect to your Musicbox.

If you do not want to share location data, you can switch off this accordingly in your terminal. A use of all functions of the app is then no longer possible.

11. Data Security

  1. All your personal data is transmitted encrypted with us. We use the SSL / TLS (Secure Sockets Layer / Transport Layer Security) coding system. Our security measures are continuously improved in line with technological developments. Unfortunately, the transmission of information over the Internet is never 100% secure, which is why we can not guarantee the security of data transmitted via the Internet to our website / app.
  2. However, we secure our website and our app through technical and organizational measures against loss, destruction, access, modification or dissemination of your data by unauthorized persons.

12. Contact

You can contact us by e-mail or via our contact form. In this case, we will store the personal data you provide to process your request and to contact you to process your request. These data will be transmitted to us on a purely voluntary basis. A passing on of the personal data communicated to us in this way to third does not take place.

The information for contacting us can be found above in this privacy policy and in our imprint.

13. Rights of the Data Subject

Insofar as you, the data subject i.S.d. Art. 4 (1) GDPR, you have the following rights regarding the processing of your personal data under the GDPR. The legal text of the rights listed below can be found at

  1. Right of confirmation and access
    Under the conditions of Article 15 GDPR, you have the right to request confirmation as to whether personal data relating to you are processed and to obtain, at any time and free of charge, information from the controller about the personal data relating to you stored and a copy of this information.
  2. Right to rectification
    Under the conditions of Art. 16 GDPR, you have the right to demand the immediate correction of incorrect personal data concerning you. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data – also by means of a supplementary declaration.
  3. Right to erasure (‘right to be forgotten’)
    Under the preconditions of Art. 17 GDPR, you have the right to demand that personal data concerning you be deleted without delay, provided that one of the reasons stated in Art. 17 GDPR exists and the processing is not required.
  4. Right to restriction of processing
    Under the conditions of Art. 18 GDPR, you have the right to demand the restriction of processing if one of the conditions set out in Art. 18 GDPR exists.
  5. Right to data portability
    Under the conditions of Art. 20 GDPR, you have the right to receive the personal data you have provided us in a structured, common and machine-readable format, and you have the right to transfer this data to another person without hindrance provided that the further requirements of Article 20 GDPR are met.
  6. Right to withdraw data protection consent
    You have the right to withdraw your consent to the processing of personal data at any time with future effect. The revocation should be directed to the above contact details.
  7. Right to object
    Under the conditions of Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you. If the conditions for an effective objection are met, processing by us may no longer take place.
  8. Right of appeal to a supervisory authority
    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, employment or the place of the alleged infringement, if you believe that the processing of your personal data is contrary to the requirements the GDPR violates.

14. Transfer of your Personal Data

The transfer of your personal data is described below.

  1. The website uses services of 1und1 and the app as well as our servers use services of the IBM cloud. The hosting of the website and the mubo system server is therefore carried out by external service providers. This is necessary for the operation of the website and the app, as well as for the justification, the implementation and the execution of the existing user contract and also without your consent.
  2. Your location data will be transferred to the map provided by Google or Apple so that your location can be visualized. If you do not want to share location data, you can switch off this accordingly in your terminal.
  3. In addition, disclosure shall take place if we are entitled or obliged to forward data due to statutory provisions and / or official or judicial orders. This may, in particular, be the provision of information for law enforcement purposes, security or enforcement of intellectual property rights.
  4. Insofar as your data is passed on to service providers to the required extent, they will only have access to your personal data to the extent necessary to fulfill their duties. These service providers (1und1 and IBM) are obliged to treat your personal data in accordance with the applicable data protection laws, in particular the GDPR.
  5. In addition to the aforementioned circumstances, we will not transmit your data without your consent to third parties.

15. Storage Period for the Personal Data

With regard to the storage period, we delete personal data as soon as their storage is no longer necessary for the fulfillment of the original purpose and there are no longer any statutory retention periods. The statutory retention periods ultimately form the criterion for the final duration of the storage of personal data. After the deadline, the corresponding data will be routinely deleted. If retention periods exist, processing is restricted by blocking the data.

16. Notice Regarding the Provision of Personal Data by the Data Subject

At this point we would like to inform you that the provision of personal data may be required by law (for example, payment data for the billing of paid offers) or may arise from contractual arrangements. In order to fully use our app and / or the services offered on the website, it is necessary that you conclude a corresponding user agreement (general terms of use) with us by registering. For the execution of this contract, it is necessary that you provide us with certain personal data (such as e-mail address) that we process in the course of the execution of the contract. Failure to provide (do not provide) such personal information would mean that the contract could not be concluded with you, or that our services could not be provided in full if only partial provision was made.

17. Data Protection at Third Party Websites

The Website and the App may contain hyperlinks to and from third party websites. If you follow a hyperlink to any of these websites, please note that we can not accept any responsibility or liability for third party content or privacy. Please make sure you are aware of the applicable privacy policy before submitting personally identifiable information to these websites.

18. Change of Privacy Policy

  1. We are constantly developing our app and website to provide you with an ever-improving service. We will always keep this privacy policy up-to-date and adjust it accordingly, if and as far as necessary.
  2. Of course, we will inform you in good time about any changes to this privacy policy. We will do this, e.g. by e-mail to the e-mail address you have given us. In addition, if you require further consent from us to handle your data, we will, of course, obtain this from you before appropriate changes take effect.
  3. You can access the latest version of our Privacy Policy at any time on the Internet at


Status of the Privacy Policy: May 2018