Privacy Policy (GDPR)

This policy explains how we process personal data when you visit our website, submit music, join our newsletter, or contact us.

Controller

Harati Media
Occamstr. 21
80802 München, Germany
Email: info@haratimedia.com

Purposes & Legal Bases

• Contact & submissions: We process personal data to respond to messages and evaluate music submissions. The legal basis is Art. 6(1)(b) GDPR if related to a contract, otherwise Art. 6(1)(f) GDPR based on our legitimate interest in communication and project review.
• Newsletter: If you subscribe to our newsletter, we process your email address to send updates about releases, concerts, and projects. The legal basis is Art. 6(1)(a) GDPR. You can unsubscribe at any time via the link in each email.
• Analytics: We may use analytics tools to understand and improve website performance and content. The legal basis is Art. 6(1)(a) GDPR where consent is required, or Art. 6(1)(f) GDPR for privacy-friendly analytics. Google Analytics may be used in a privacy-conscious configuration with IP anonymization enabled.
• Security & logs: Technical data may be processed to protect the website against misuse, spam, and security threats. The legal basis is Art. 6(1)(f) GDPR.

Forms, Email & Newsletter

If you submit a form, contact us by email, or join our newsletter, we process the data you provide. We may use external service providers such as Formspree for forms and Mailchimp for newsletter management. These providers process data on our behalf under data-processing agreements according to Art. 28 GDPR.

Service Providers

Our website may use service providers for hosting, forms, newsletter delivery, analytics, embedded media, and technical security. These providers may process technical data such as IP addresses, browser information, timestamps, and form data where applicable.

Embedded Content

This website may embed content from third-party platforms, including Spotify and other third-party media services. Embedded content from third-party websites behaves as if you visited those websites directly. These providers may collect data, use cookies, and track interactions according to their own privacy policies.

Recipients & Transfers

Service providers may process personal data in the EU/EEA or in third countries. Where data is transferred outside the EU/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses where required.

Retention

We keep submissions, emails, and related communication only as long as necessary for review, communication, project management, or legal obligations. Newsletter data is kept until you unsubscribe or request deletion.

Your Rights

• Right of access according to Art. 15 GDPR.
• Right to rectification according to Art. 16 GDPR.
• Right to erasure according to Art. 17 GDPR.
• Right to restriction of processing according to Art. 18 GDPR.
• Right to data portability according to Art. 20 GDPR.
• Right to object according to Art. 21 GDPR.
• Right to withdraw consent at any time according to Art. 7(3) GDPR, where processing is based on consent.
• Right to lodge a complaint with a supervisory authority, such as the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

Cookies

We aim to avoid non-essential cookies where possible. If we implement features that require non-essential cookies, we will request consent where legally required.

Security

We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration.

Updates

We may update this privacy policy from time to time. The latest version is always available on this page.

Last updated: May 17, 2026