Privacy Policy

Last updated: May 2026. This privacy policy applies to https://www.danovmusic.com as well as to all booking, brief and chat features of Danov Music Studio.

1. Controller

The controller in the meaning of the GDPR and other national data protection laws is:

Mykyta Bogdanov
Danov Music Studio
Bonifaziusstraße 16-18
13509 Berlin, Germany

Phone: +49 175 4137518
E-Mail: [email protected]

2. General information

We treat personal data confidentially and in accordance with the statutory data protection regulations (GDPR, German Federal Data Protection Act, German Telecommunications-Telemedia Data Protection Act) and this privacy policy. Personal data is any data that can be used to identify you personally (e.g. name, address, e-mail address, phone number, IP address).

Data transmission over the Internet may have security gaps. Complete protection against access by third parties is not possible. Our website therefore uses TLS encryption (HTTPS) throughout.

3. Data collection when visiting our website

3.1 Server log files

When you visit our website, our web server (Nginx, hosted on a VPS in the EU) automatically collects the following information that your browser transmits:

  • IP address of the requesting device
  • Date and time of the request
  • Requested URL and HTTP status code
  • Amount of data transferred
  • Referrer URL and user agent (browser, operating system)
  • Language preference

Legal basis: Art. 6 (1) (f) GDPR. Legitimate interest: ensuring stable operation, error analysis, defence against abuse (brute force, scraping, DDoS).
Storage duration: up to 14 days in the access logs, then automatic rotation and deletion. Individual entries may be retained longer in case of security-relevant incidents.

3.2 Cookies and similar technologies

We only use technically necessary cookies (CSRF token, session, language selection, cookie banner status). A detailed description of the cookies used, their purpose and storage duration can be found in our Cookie Policy.

Legal basis: § 25 (2) No. 2 TTDSG (strictly necessary) or Art. 6 (1) (f) GDPR.

4. Booking and brief form

4.1 Purpose of processing

When you submit a request via the booking form or the project brief, we process the data you provide (artist name, full name, e-mail, phone, preferred date, service type, project description) to handle your request, prepare an offer and, if applicable, conclude and perform a contract with you.

4.2 Legal basis

Art. 6 (1) (b) GDPR (pre-contractual measures / contract performance) and Art. 6 (1) (a) GDPR (consent given via the consent boxes you have selected).

4.3 Spam and abuse prevention

To prevent automated requests, we log the sender's IP address, check the request against a rate limit (max. 3 bookings per IP/hour) and detect duplicate submissions within a short time window. Suspicious attempts are stored in an internal spam log.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in abuse-free operation).

4.4 Storage duration

Booking and brief data is deleted as soon as the purpose of processing no longer applies — generally 12 months after the project has been completed or finally cancelled. If a contract is concluded, the statutory commercial and tax retention periods apply (generally 10 years, § 257 HGB, § 147 AO).

5. Google reCAPTCHA

To protect our booking form from automated input, we use Google reCAPTCHA v2. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. reCAPTCHA analyses various information (e.g. IP address, time spent on the website, mouse movements) to distinguish between human users and bots.

Legal basis: Art. 6 (1) (f) GDPR. Legitimate interest: protection against spam and automated attacks.
Third-country transfer: Data may be transferred to the USA. Google is certified under the EU-US Data Privacy Framework (EU Commission's adequacy decision of 10 July 2023).
Further information: policies.google.com/privacy

6. Cloudflare Turnstile

When you open our chat widget, Cloudflare Turnstile is loaded — a CAPTCHA alternative provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Turnstile checks whether the request is coming from a real browser without showing a classic image puzzle.

Legal basis: Art. 6 (1) (f) GDPR (protection of the chat endpoint from abuse).
Third-country transfer: Cloudflare is certified under the EU-US Data Privacy Framework.
Further information: cloudflare.com/privacypolicy

7. AI chat "ADanov Manager"

Our chat assistant uses the API of OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA. When you actively use the chat, the content of your messages is transmitted to the OpenAI API to generate a response.

Conversation history is stored exclusively locally in your browser (IndexedDB). Our server keeps no personally identifiable chat logs.

Legal basis: Art. 6 (1) (a) GDPR (consent given by actively using the chat) or Art. 6 (1) (b) GDPR for pre-contractual enquiries.
Third-country transfer: Transfer to the USA. OpenAI is certified under the EU-US Data Privacy Framework. We recommend not entering particularly sensitive personal data (e.g. health data, financial data) into the chat.
Further information: openai.com/policies/eu-privacy-policy

8. Hosting and media files

The website is hosted on a VPS with a provider whose data centre is located in the EU. Media files (images, audio, video) are delivered via Cloudflare R2 (S3-compatible object storage). Provider: Cloudflare, Inc. Region: EU.

We have concluded data processing agreements with both providers in accordance with Art. 28 GDPR.

9. E-mail delivery

Confirmation and notification e-mails are sent via an SMTP provider based in the EU. E-mail addresses are used exclusively to respond to the respective enquiry.

10. Recipients of the data

Your data will only be passed on to third parties if this is necessary to perform the contract, if there is a legal obligation, or if you have expressly consented. Recipients are exclusively the data processors named in sections 5–9, and law-enforcement authorities upon request.

11. Your rights as a data subject

You have the following rights with regard to the personal data concerning you:

a) Right of access (Art. 15 GDPR)

You can request information about whether and which data we process about you.

b) Right to rectification (Art. 16 GDPR)

You have the right to have inaccurate data corrected or incomplete data completed.

c) Right to erasure (Art. 17 GDPR)

You can request the deletion of your data, provided no statutory retention obligations conflict with this.

d) Right to restriction of processing (Art. 18 GDPR)

You can request that the processing of your data be restricted.

e) Right to data portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used, machine-readable format.

f) Right to object (Art. 21 GDPR)

You can object at any time, on grounds relating to your particular situation, to processing based on Art. 6 (1) (e) or (f) GDPR. In the case of direct marketing, the objection is possible at any time without giving reasons.

g) Right to withdraw consent (Art. 7 (3) GDPR)

You can withdraw your consent at any time with effect for the future. The lawfulness of processing carried out up to the withdrawal remains unaffected.

h) Right to lodge a complaint (Art. 77 GDPR)

Without prejudice to any other remedy, you have the right to lodge a complaint with a supervisory authority. The competent authority for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin, Germany
E-Mail: [email protected]

An informal message to the contact details given in section 1 is sufficient to exercise your rights.

12. Updates and changes

We reserve the right to update this privacy policy so that it always complies with current legal requirements or to reflect changes to our services. The version available at the time of your visit applies.

Back to Home
ADanov
ADanov Manager
Your end-to-end studio manager
ADanov is AI-powered and may make mistakes or perform site actions incorrectly. Please monitor and double-check.