Datenschutzerklärung / Privacy Policy – Indie Munich

→ Diese Seite auf Deutsch ansehen

Effective Date: 5th December 2025
Last Updated: 20th November 2025

Indie Munich (“we”, “us”, “our”) is a community-driven platform supporting local and visiting musicians through events, workshops, jam sessions, and creative collaboration. We are committed to protecting the privacy of all artists, participants, community members, supporters, and visitors who interact with us online or in person.

This Privacy Policy explains what personal data we collect, how we use it, who we share it with, how long we keep it, your rights under the GDPR, and how to contact us.

This Privacy Policy applies to all interactions with Indie Munich, whether online, through messaging apps, or at in-person events.

1. Who We Are (Art. 13(1)(a))

Indie Munich

Email: info@indiemunich.com
Website: www.indiemunich.com

Indie Munich acts as the data controller for the processing described in this Privacy Policy.

2. What Personal Data We Collect (Art. 13(1)(c))

We collect only the information needed to run our community activities, organise events, communicate with participants, and manage bookings. Depending on how you interact with us, we may collect:

Identity & Contact Information

  • Name
  • Email address
  • Phone number
  • Social-media usernames or profile links
  • Contact details shared in WhatsApp, Telegram, Instagram, Facebook or email

Event & Workshop Information

  • Registration details (Calendly, Tally, Patreon)
  • Selected event or workshop
  • Attendance information

Payment-Related Information

We receive limited information from payment processors (e.g. Stripe, PayPal):

  • Name
  • Email address
  • Payment confirmation

(We do not receive or store full card or bank details.)

Photos & Videos from Events

We may take general photos and videos at events and workshops to document and promote Indie Munich’s activities.

Messages, Submissions & Voluntary Information

  • Messages, DMs or emails sent to us
  • Details shared when you ask to join a workshop, project, community group, or collaboration
  • Reviews on Google Business

Technical or Social-Media Interaction Data

  • Likes, comments, messages and other interactions on our social-media accounts

Indie Munich does not intentionally collect or request special-category data (e.g., health, religion) unless you choose to provide it voluntarily.

3. How We Collect Personal Data (Art. 13(1)(e))

We collect information through:

  • Booking and sign-up tools (Calendly, Tally, Patreon)
  • Payment services (Stripe, PayPal, direct bank transfers)
  • Messaging platforms (WhatsApp, Instagram DM, Facebook Messenger, Telegram, email)
  • Social-media engagement where you contact us or share materials
  • Website contact forms
  • In-person interactions at events, jam sessions, workshops or open mics

We also receive some personal data indirectly from third-party services such as Calendly, Tally, Patreon, Stripe, PayPal, WhatsApp, Instagram and Facebook when you interact with us on those platforms.

If you post a public review of Indie Munich (for example on Google Business), the content is processed under the terms of the relevant platform. We may view these reviews but we do not copy or store them outside the platform.

Cookies and Tracking

Our website (indiemunich.com) does not use cookies, analytics tools or tracking technologies. We do not track user behaviour on our website, and no personal data is collected through the site other than information you voluntarily submit via our contact forms.

4. Why We Process Personal Data & Legal Bases (Art. 13(1)(c), Art. 6 GDPR)

We process your personal data for the following purposes and based on the following lawful bases:

A. Performance of a Contract – Art. 6(1)(b)

To:

  • Process registrations for events, workshops or classes
  • Confirm bookings
  • Provide access to paid activities
  • Manage attendance and communication around events
  • Process payments through third-party providers

B. Legitimate Interests – Art. 6(1)(f)

We process data when necessary for the operation, organisation and growth of Indie Munich, including:

  • Coordinating with musicians, performers and workshop participants
  • Managing events, communication and community activities
  • Maintaining and promoting our artistic community
  • Ensuring the safety and smooth running of events
  • Using photos and videos for documentation and promotional purposes
  • Communicating with you about relevant Indie Munich events or updates
  • Understanding social-media engagement
Event Photos & Videos

We may capture general photos and videos at events for the purpose of documenting and promoting Indie Munich.

We take steps to respect privacy, including:

  • Informing attendees through event descriptions and/or signs at venues
  • Avoiding focused images of individuals who indicate they do not wish to be photographed
  • Offering simple ways to object (see Section 11)

In addition to the GDPR, the publication of identifiable photographs or video recordings is also subject to the German Kunsturhebergesetz (KUG), in particular §§ 22–23.

These provisions require that recognisable images of individuals may only be published with permission, unless a statutory exception applies (for example, images taken as part of a public event without focusing on a single identifiable person).

Indie Munich respects these rights and applies the following approach:

  • We normally take wide-angle or group shots that show the atmosphere of an event rather than focusing on individuals.
  • Where we publish images in which a person is clearly identifiable, we rely on either a statutory exception under § 23 KUG or the individual’s permission.
  • You can object at any time to being shown in photographs or videos, and we will avoid capturing you or remove identifiable content wherever reasonably possible.

Automated Decision-Making

We do not use personal data for automated decision-making or profiling within the meaning of Article 22 GDPR.

C. Consent – Art. 6(1)(a)

We only use consent where we actively request it. For example:

  • Optional newsletters or promotional updates (if introduced)
  • Featuring a specific individual prominently in a promotional campaign

Consent can be withdrawn at any time.

D. Legal Obligations – Art. 6(1)(c)

We may process information if required by law, for example for accounting and tax retention obligations relating to payment records.

5. Who We Share Data With (Art. 13(1)(e))

We share data only when necessary to operate our community activities, such as:

Event Operations

  • Event venues
  • Workshop instructors
  • Collaborating musicians and artists
  • Photographers/videographers for event coverage

Payment & Membership Platforms

  • Stripe
  • PayPal
  • Patreon

Communication & Coordination Tools

  • WhatsApp, Instagram, Facebook, Telegram
  • Email service providers (Gmail)

Marketing & Promotion

  • Social-media platforms where photos/videos are posted
  • Google Business (public reviews)

We may also share photos, videos or promotional materials with the musicians, workshop hosts or collaborators involved in a specific event where it is reasonably connected to documenting or promoting that event.

Photographers or videographers who cover events act as independent creators, not processors of Indie Munich. They process any images under their own professional responsibility.

When you interact with us on platforms such as Instagram or Facebook, those platforms also process your personal data under their own responsibility. Indie Munich does not control how these platforms collect or use personal data. Please refer to the privacy policies of the respective platform operators.

Indie Munich does not sell personal data.

6. International Data Transfers (Art. 13(1)(f))

Some third-party providers are located outside the EU/EEA, including:

  • Google (Gmail, YouTube, Google Business) – U.S.
  • Meta (Instagram, Facebook, WhatsApp) – U.S.
  • Patreon – U.S.
  • Stripe – U.S. HQ, EU entities
  • PayPal – U.S. HQ
  • Canva & Linktree – Australia

When data is transferred outside the EU/EEA, we rely on:

  • The EU–US Data Privacy Framework (where applicable)
  • The European Commission’s Standard Contractual Clauses (SCCs)
  • Additional technical and organisational safeguards

7. How We Store Your Data (Art. 13(1)(c))

We store data securely in:

  • Gmail email accounts (access only for authorised Indie Munich team members)
  • Calendly, Tally, Patreon, Stripe, PayPal
  • WhatsApp, Instagram, Telegram and Facebook (encrypted apps)
  • Password-protected laptops and mobile devices
  • Temporary printed lists, which are securely disposed after use

We do not maintain a central database; information stays within the services where it was originally collected.

8. Security Measures (Art. 32)

We take appropriate steps to protect personal data against unauthorised access, misuse, loss or disclosure. Our measures are based on Article 32 GDPR and the relevant provisions of the Bundesdatenschutzgesetz (BDSG), in particular §§ 62 and 64, which require data controllers to implement suitable technical and organisational measures (“TOMs”).

Indie Munich applies the following TOMs appropriate to the size and nature of our organisation:

Access Control & Authorisation

  • Personal data is accessible only to a small number of authorised organisers.
  • Access rights are limited to what is needed for event and community management.

Account & Device Security

  • Password protection for all accounts used for Indie Munich activities.
  • Two-factor authentication (2FA) activated where possible (Google, Instagram, Stripe, etc.).
  • Personal laptops and smartphones used for Indie Munich purposes are protected by device passcodes and screen locks.
  • Use of reputable password-management tools by organisers.

Transmission & Storage Security

  • Communication via encrypted messaging platforms (WhatsApp, Instagram DM, Telegram).
  • Storage of email-based data in secure Gmail accounts with 2FA.
  • Minimal long-term storage: most data remains within the service where it was originally collected (Calendly, Stripe, PayPal, Patreon).

Data Minimisation & Retention

  • Data is kept only as long as necessary (see Retention section).
  • Temporary printed lists are securely disposed of after use.

Confidentiality & Awareness

  • Individuals handling data are instructed to treat it confidentially and use it only for Indie Munich purposes.

Ongoing Review

These measures are reviewed periodically and updated where necessary as our activities evolve.

Certain authorised organisers may use their personal laptops or mobile devices for Indie Munich activities. These devices are protected with passwords, device-lock features and, where available, two-factor authentication.

9. Retention (Art. 13(2)(a))

We retain data only as long as necessary for the purpose for which it was collected:

Data Category Retention Period
Event/workshop bookings Until event completion & short administrative period as necessary for organising the event
Payment records 10 years (legal requirement)
Communication messages As long as needed for organisational purposes
Photos/videos Until you object (see Section 11 of the Privacy Policy) or until they are no longer used.
Social-media interactions According to each social media platform’s own policies.

10. Your Rights (Art. 13(2)(b–f), Art. 15–22 GDPR)

You have the following rights:

  • Right of access: obtain a copy of your data
  • Right to rectification: correct inaccurate information
  • Right to erasure: request deletion in certain circumstances
  • Right to restriction: limit processing
  • Right to object: especially relevant for photos/videos and legitimate-interest processing
  • Right to data portability
  • Right to withdraw consent
  • Right to lodge a complaint with the Bavarian Data Protection Authority (BayLDA)

To exercise any right, please first contact us: info@indiemunich.com.

11. Right to Object to Event Photos (Art. 21 GDPR)

If you do not want to appear in photos or videos taken at Indie Munich events, you may:

  • Inform an organiser or photographer at the event, or
  • Email info@indiemunich.com with a description or link to the image/post in question

We will respect your objection and will avoid capturing you or will remove identifiable images where reasonably possible.

12. Minor’s Information

Our activities are generally intended for adults, but we do not knowingly collect personal data from minors without appropriate consent.

13. Changes to This Privacy Policy (Art. 13(3))

We may update this Privacy Policy from time to time. If significant changes are made, we will notify users through our website or communication channels.

14. Contact

For questions about this Privacy Policy or your rights, please contact:

Indie Munich
Email: info@indiemunich.com

Copyright | ©2025 | Indie Munich