Privacy Policy (Datenschutzerklärung)

This Privacy Policy explains the type, scope, and purpose of the processing of personal data on our platform. We treat your personal data confidentially and in accordance with the statutory data protection regulations (GDPR / DSGVO) as well as this Privacy Policy.

1. Data Controller

The responsible party (Data Controller) for data processing on this website is:

Merlin Sahorn
Kurt-Schumacher-Straße 33
63073 Offenbach am Main
Germany

Email: merlin.sahorn@gmail.com

2. Hosting & Infrastructure

Host: This website is hosted on a virtual private server provided by Contabo GmbH (Aschauer Straße 32a, 81549 Munich, Germany). The server is physically located in a data center in Frankfurt, Germany.

Data Processing Agreement: We have concluded a Data Processing Agreement (Auftragsverarbeitungsvertrag) with our host to ensure they process our users' data only in accordance with our instructions and the GDPR.

No CDNs / Proxies: We do not route your traffic through external Content Delivery Networks (like Cloudflare). Direct access means your connection data stays between you and our Frankfurt server.

3. Data Collection on Our Website

Server Log Files:
When you visit our website, your browser automatically transmits data to our server. We have implemented Privacy by Design. Your IP address is automatically anonymized (masking the final octet) before it is ever written to our log files.

Our logs contain:

  • Anonymized IP address (e.g., 192.168.1.0)
  • Date and time of the server request
  • URI accessed
  • Status codes and transferred data volume

These anonymized logs cannot be traced back to a specific individual. The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest in the technical stability of our systems).

Cookies & Local Storage:
We do not use tracking cookies, analytics cookies, or third-party marketing cookies. We only use strictly necessary cookies required for the technical functioning of the app (Section 25 (2) TTDSG):

  • vrcdj_auth: A persistent token used to keep you logged in across our domains.
  • vrcdj_sid: A temporary session ID.
  • vrcdj_theme: Saves your preference for Light or Dark mode (stored locally).

No cookie banner is required or displayed because we strictly process only these technically necessary cookies.

4. User Accounts & Discord OAuth

If you choose to create a profile or interact with features on vrc.dj, you must log in via Discord OAuth.

By logging in, we collect and store:

  • Your Discord User ID
  • Your Discord Username & Display Name
  • Your Discord Avatar URL (hotlinked via Discord's CDN)

Purpose: We need this data to establish your account, prove your ownership of artist/community pages, and manage access limits.
Legal Basis: Art. 6(1)(b) GDPR (processing is necessary for the performance of a contract/providing the requested service).

5. Third-Party Embeds (Livesets)

Our platform allows users to embed livesets from third-party platforms (YouTube, SoundCloud, Mixcloud, HearThis.at).

We use a Two-Click Consent Solution to protect your privacy. When you visit an artist's page, no connection is made to these third-party platforms. Only when you actively click on the specific embed will the external iframe load, at which point the external provider may log your IP address and set their own cookies.

Legal basis: Your active click constitutes explicit consent under Art. 6(1)(a) GDPR.
To learn how these platforms handle your data, please review their respective privacy policies:

  • YouTube (Google Ireland Limited, Ireland)
  • SoundCloud (SoundCloud Global Limited & Co. KG, Germany)
  • Mixcloud (Mixcloud Ltd, UK)
  • Hearthis.at (Hearthis, Germany)

6. Data Retention & Deletion

We adhere to the principles of data minimization and storage limitation (Art. 5 GDPR).

  • Account Deletion: You can permanently delete your account at any time via your user dashboard.
  • Orphaned Data Safeguard: If you delete your account, any liveset links you submitted on behalf of another artist's page will be safely anonymized (attributed to a deleted user) so that the artist does not lose their page content.
  • Automated Cleanup: Our systems run automated daily routines to permanently purge data. User data sitting in the deletion "graveyard" is permanently destroyed after 90 days. System notification logs are wiped after 30 days.

7. Age Restriction

Our services are not directed at individuals under the age of 16. By logging in or creating an account, you confirm that you are at least 16 years old. If we become aware that we have collected personal data from a minor without verifiable parental consent, we will delete that information immediately.

8. Your Rights (Betroffenenrechte)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR): You can request information about your stored data at any time.
  • Right to Rectification (Art. 16 GDPR): You can update your data or ask us to correct it.
  • Right to Erasure (Art. 17 GDPR): You can delete your account via the dashboard or request manual deletion.
  • Right to Restriction of Processing (Art. 18 GDPR)
  • Right to Data Portability (Art. 20 GDPR)
  • Right to Object (Art. 21 GDPR)

To exercise any of these rights, please contact us at the email address provided in Section 1.
Furthermore, you have the right to lodge a complaint with the competent supervisory data protection authority (Art. 77 GDPR) if you believe your data is being processed unlawfully.