Privacy Policy

Ableton AG, Schönhauser Allee 6-7, D-10119 Berlin herewith informs you about the processing of personal data for which Ableton is responsible in the sense of the EU General Data Protection Regulation (GDPR).

This privacy policy relates to data processing related to Loop and Loop Events. Further information about data processing by Ableton may be found here.

Apart from sending us a letter, you may contact us at any time via privacy[at]ableton[dot]com

You can reach our data protection officer by sending an email to AbletonDSB[at]daspro[dot]de or by sending a letter to Ableton DSB, daspro GmbH, Kurfürstendamm 21, 10719 Berlin.

Below you can find the most important information on typical processing of your data, organized by affected user groups (groups of data subjects). For certain data processing operations, which only concern specific groups, the information requirements are fulfilled separately. Where the term "data" is used, we refer to personal data within the meaning of the GDPR only.

  1. Website Visitors

1. Website Visitors

1.1 Server-log data


When using our websites, certain information is sent to the server of our websites by the browser used on your device for technical reasons. This data is stored and processed on our server.

  • We process the following data for the purpose of providing the contents of the website that you have visited, to ensure the security of the IT infrastructure used, to correct errors, to enable and simplify searches on the website and to manage cookies.
  • The data processed is HTTP data: HTTP data is protocol data that is generated when the Websites is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons: This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit. HTTP(S) data also accumulates on the servers of service providers (e.g. when requesting third-party content).
  • The legal basis for the processing of the above mentioned data is our legitimate interest in the operation of an internet presence and the communication with communication partners in accordance with Article 6 para. (1) (f) GDPR. We may also have the legal obligation to process such data according to Article 6 para. (1) (c) GDPR.
  • The data is automatically transmitted by the browser of the user.
  • Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
  • IP addresses are anonymized after 24 hours at the latest. Pseudonymous usage data will be deleted after six months.
  • Without disclosure of personal data such as the IP address, the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

1.2 Technically required cookies


We use cookies on our websites. Cookies are small text files containing information that can be stored on the user’s device via the browser when visiting a website. The information stored in cookies can be read out and processed when the website is visited again using the same device. In doing so, we use processing and storage functions of the browser of your device and collect information from the storage of the browser of your device.

In the structure of our privacy policy, we differentiate between technically required cookies and tracking cookies. Cookies that are technically required for the functioning of the websites cannot be deactivated via the cookie management function of the websites. However, you can generally deactivate cookies at any time in your browser. Different browsers offer different ways to configure the cookie settings in the browser. However, we would like to point out that some functions of the websites may not or no longer function properly if you generally deactivate cookies in your browser settings.


a) Consent Cookies


We use so-called Consent Cookies to store your consent, possible right to withdraw your consent and opt-out of the use of cookies on our websites.

The purpose of data processing is the storage of the user decisions on cookies (consent, withdrawal, opt-out).

The processed data are:

  • HTTP data:
    HTTP data is protocol data that is technically generated when the website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.
  • User decision on cookies:
    User’s decision on individual cookies or groups of cookies. Time of the decision and of the last visit.

(iii) The legal basis for the processing is our legitimate interest in easy and reliable control of cookies settings in accordance with the respective user decisions (legal basis: Article 6 para. (1) (f) GDPR).

(iv) The data is actively provided by the user (decision on cookies) or automatically transmitted by the user’s browser (protocol data, time stamp).

(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.

(vi) Information about your decision to reject cookies is deleted at the end of the session. The remaining other data will be deleted after one year.

(vii) Without disclosure of personal data, the use of the website is not possible. Communication via the website without the disclosure of data is technically not possible.

b) Session Cookies


We use Session Cookies on our websites. This enables us to save information about your customer account, individual settings and certain user actions for the duration of your visit (e.g. login, language settings).

(i) The purpose of data processing is to enable the login, user-specific settings (e.g. language) and the technical provision of a shopping cart function.

(ii) The processed data is data concerning the customer’s account, language selection, country, cookie settings and shopping cart.

(iii) The legal basis for the processing is our legitimate interest in the provision of the individual sessions for the users, including the cookies accepting/rejecting function, shopping basket function or the respective language setting function, each in accordance with Article 6 para. (1) (f) GDPR.

(iv) The data is automatically transmitted by the browser of the user.

(v) Recipients of the personal data are IT service providers that we use as processors within the framework of a data processing agreement.

(vi) The data is deleted after one year.

(vii) Without disclosure of personal data the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

c) IT Security Cookies


We use IT Security Cookies on our websites to protect our websites and also our website visitors against IT Security attacks, for example so-called cross-site request forgery attacks or other attacks by malicious visitors. Some attackers attempt to display fake requests to website visitors.

(i) The purpose of the data processing is to increase the IT Security of the website and of our website visitors and to prevent IT Security attacks.

(ii) The data processed are the IT Security test results and the HTTP log data. Wherever it is possible we use one-way hashes of certain test result values.

(iii) The legal basis for the processing is our legitimate interest in protecting our website and our website visitors from IT Security attacks in accordance with Article 6 para. (1) (f) GDPR. We may also have the legal obligation to process such data according to Article 6 para. (1) (c) GDPR.

(iv) The data is automatically transmitted by the browser of the user.

(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.

(vi) The data is deleted at the end of the session.

(vii) Without disclosure of personal data the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

1.3 Tracking Cookies


We use cookies on our websites. Cookies are small text files containing information that can be stored on the user’s device via the browser when visiting a website. The information stored in cookies can be read out and processed when the website is visited again using the same device. In doing so, we use processing and storage functions of the browser of your device and collect information from the storage of the browser of your device.

In the structure of our privacy policy, we differentiate between technically required cookies and tracking cookies. Depending on their function and purpose, the use of certain cookies may require the user’s consent. Your consent is given through a so-called "cookie banner": When you visit our websites, we display our cookie banner. In our cookie banner you can declare your consent to the use of all cookies requiring consent on this website by clicking on the "Accept" button. Without such consent, the cookies requiring consent are not activated. By clicking the "Close" button, you can also completely reject the use of cookies requiring consent. Your decision will be saved in a cookie. Alternatively, you have the possibility to access our "cookie settings section" by clicking on the "More information" button. In the cookie settings section, you can make an individual selection of cookies and customize them at a later time. We store your cookie settings in the form of a cookie on your device in order to determine whether you have already made cookie settings the next time you visit the websites.

1.4 Information about specific Cookies and similar technologies used on the Loop website


Information about specific Cookies and similar technologies used on the Loop website are set out in the Ableton Privacy Policy.

2. Newsletter Recipients

  • When you sign up for our newsletter, we process your data with the purpose of sending the newsletter. You can unsubscribe from the newsletter at any time. No further costs than the transmission costs arise.
  • The legal basis for data processing with respect to newsletters is Art. 6 (1) (a) GDPR (consent).
  • We use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.
  • Data relating to newsletters will be deleted when you unsubscribe from the newsletter.
  • Data submission is necessary for the receipt of newsletters. Without submitting data it is not possible to send the newsletter.

3. Prospective Attendees, Attendees and Participants of Loop Events

  • We process your data for the purpose of holding Loop Events, statistical evaluations about Loop Events, documenting the event by means of video and audio recordings and the use of the recordings made for press and public relations purposes. There are no plans to change these purposes.
  • The legal basis for the processing of personal data of prospective attendees, attendees and participants in Loop Events is Article 6 (1) (b) GDPR (contract for the participation of the event) and Article 6 (1) (c) GDPR (statutory obligations, in particular tax and commercial law provisions). The legal basis for the production of video and audio recordings is Article 6 (1) (f) GDPR (legitimate interest in the documentation of the events organized by Ableton and the legitimate interest in the representation of Ableton through press and public relations work). The legal basis for the processing of health data is Article 6 (1) (a) in connection with Article 9 (2) (a) GDPR (consent).
  • For the purpose of press and public relations work, the image and sound recordings produced can also be transmitted abroad to journalists, media companies, press and photo agencies as well as social media platforms and published by us in printed or digital form.
  • We use data processors like service providers to organize Loop Events and for the provision of our services, in particular for the provision, maintenance and support of IT systems. Some of our service providers offer the possibility to register directly to their end user services. If you enter into such a direct contractual relationship with one of our service providers the service provider is the independent controller for all data processing under such contract.

For Loop the following external third party services are used:

The use of the third party services may require you creating account(s) with the respective service. The third party services are used to offer a similar to live experience of the Loop events via using online services. In general, their use is not mandatory and you can deactivate certain functions at any time (e.g. switch off your camera, etc.).

No costs outside the transmitting costs occur for you when using these tools and you can delete your accounts at the third party services at any time. Further information on data processing by the third party services (including your data being processed outside the EU) please refer to the privacy policies of the respective third party services.

  • Banks and payment service providers may be recipients of data for the processing of payments. In individual cases, data may be transferred to debt collection service providers, lawyers and courts.
  • If you haven’t received a ticket for Loop via the draw/selection, your application data will be deleted immediately.
  • Archived video and sound recordings of the event as well as publications are usually not deleted. All contractual data and data relevant for accounting are stored for 10 calendar years.
  • Processing of data is necessary in order to attend Loop Events. If the personal data is not provided, you may not participate in Loop Events.

4. Communication Partners, Artists and Externals

  • The purpose of the processing is the preparation and execution of a contractual relationship or other communication.
  • With respect to contracts with natural persons, the legal basis for processing is Art. 6 (1) (b) GDPR (contract or contract initiation), whereas for contracts with legal persons Art. 6 (1) (f) GDPR (legitimate interest, namely communication with contact persons relevant to the contract) and Art. 6 (1) (c) GDPR (statutory obligations, in particular tax and commercial law provisions) apply. If just communication is concerned, the legal basis is Article 6 (1) (f) GDPR (legitimate interest, namely documentation of communication processes).
  • Contact and contract data can be transmitted to other service providers, business partners as well as offices and authorities if necessary for the execution of the contract or order. We also use service providers to process orders for the provision of our services, in particular for the provision, maintenance and servicing of IT systems.
  • Data of contract partners and service providers shall be deleted 10 calendar years after termination of the contract or order.
  • The processing of contact data on part of the service providers and business partners is necessary to execute the contract or order. If the data is not provided, the communication may be considerably impaired.

5. Rights of Data Subjects and Further Information

  • We do not use any methods of automated individual decision-making.
  • You have the right to request information at any time about all your personal data which we are processing.
  • If your personal data is incorrect or incomplete, you have the right to have it rectified and completed.
  • You can request the erasure of your personal data at any time, as long as we are not bound by legal obligations that require or allow us to continue processing your data.
  • If the applicable legal requirements are met, you can request a restriction to the processing of your personal data.
  • You have the right to object to the processing, insofar as the data processing is based on profiling or direct marketing purposes.
  • If the processing is carried out on the basis of the weighing of interests, you may object to the processing by stating reasons arising from your particular situation.
  • If the data processing takes place on the basis of your consent or a contract, you have the right to a transfer of the data provided by you, insofar as the rights and freedoms of others are thereby not impaired.
  • If we process your data on the basis of a declaration of consent, you have the right to revoke this consent at any time with future effect. The processing carried out prior to a revocation remains unaffected by the revocation.
  • Moreover, you have the right to file a complaint at any time with a data protection supervisory authority, if you believe that data processing has been carried out in violation of the applicable law.