© 2026 RockTrackR – Loud. Live. Unforgettable.

Privacy Policy

Privacy Policy for RockTrackR (App & Website)

The protection of your personal data is a special concern of mine. In this Privacy Policy, I inform you about how data is processed within the RockTrackR app and during visits to the associated website.

1. Controller

Responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Volker Herrmann
Am Dorfteich 11, 25462 Rellingen, Germany
E-Mail: privacy@rocktrackr.de

The controller is an individual. A data protection officer has not been appointed, as there is no legal obligation to do so.

2. General Information on Data Processing

As a matter of principle, we process personal data of our users only insofar as this is necessary to provide a functional website and our app, as well as our content and services. Processing takes place exclusively within the framework of the legal provisions (GDPR).

3. Data Collection on the Website (Hosting)
3.1 Server Log Files

When you visit our website, the provider of the pages (IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany) automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL (the previously visited page)
  • Hostname of the accessing computer
  • Time of the server request
  • IP address (possibly in anonymized form)

This data is technically necessary to display the website stably and securely.

Storage Period: Server log files are generally deleted automatically after 7–14 days.

Legal Basis: Art. 6 (1) lit. f GDPR (Legitimate interest in technical administration and security).

3.2 SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://”.

4. Processing of Personal Data in the App
4.1 No Registration / No User Account

The app requires no registration and no login. No names, e-mail addresses, or other account data are collected or stored by the controller.

4.2 Technically Necessary Data (API Access)

When accessing external services (e.g., APIs), the IP address is processed temporarily for technical reasons to enable the respective request.

Purpose: Technical provision of content.

Legal Basis: Art. 6 (1) lit. f GDPR. Storage: No permanent storage by the controller.

4.3 In-App Purchases (Purchase History)

Transactions are processed via the Apple App Store. We only receive information about the purchase status (e.g., a transaction ID) to unlock content. We have no access to your payment data.

Legal Basis: Art. 6 (1) lit. b GDPR (Performance of contract).

4.4 Access to Photos

The app requests permission to access your photo library to locally link images with entries within the app. The selection takes place exclusively locally on your device. No upload to our servers takes place.

Legal Basis: Art. 6 (1) lit. a GDPR (Consent by granting iOS system permission).

Withdrawal: Consent can be withdrawn at any time via the iOS settings (Settings → Privacy & Security → Photos → RockTrackR). The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

4.5 Access to Calendar

The app requests access to the device’s calendar to create app-specific entries (e.g., concert dates). No analysis or disclosure of calendar data to third parties takes place.

Legal Basis: Art. 6 (1) lit. a GDPR (Consent by granting iOS system permission).

Withdrawal: Consent can be withdrawn at any time via the iOS settings (Settings → Privacy & Security → Calendar → RockTrackR).

5. Server & Backend (Proxy Service)

The app uses its own server as a technical proxy for requests to external APIs. The server is operated at IONOS SE, Germany. No separate permanent data storage of personal data takes place. IP addresses are not passed on to external APIs. As the server is operated in the EU, no third-country transfer takes place in this context.

6. Use of External Services
6.1 Ticketmaster API

The app uses the API of Ticketmaster (Ticketmaster Entertainment, LLC, 9348 Civic Center Drive, Beverly Hills, CA 90210, USA) to display event data. For technical reasons, requests are routed through the app’s own proxy server so that no direct IP address of the user is transmitted to Ticketmaster.

Legal Basis: Art. 6 (1) lit. f GDPR (Legitimate interest in providing up-to-date event information).

Third-Country Transfer: Since Ticketmaster is a US company, data may be transmitted to the USA. Ticketmaster uses standard contractual clauses pursuant to Art. 46 GDPR as the basis for third-country transfers. Further info: https://www.ticketmaster.com/privacy

6.2 Eventim API

The app uses the API of CTS Eventim AG & Co. KGaA (Contrescarpe 75, 28195 Bremen, Germany) to display event data. Requests are routed through the app’s own proxy server.

Legal Basis: Art. 6 (1) lit. f GDPR.

Third-Country Transfer: Eventim is a German company; no transfer to third countries takes place by the controller. Further info: https://www.eventim.de/service/datenschutz/

6.3 setlist.fm API

The app uses the API of setlist.fm (Rudi-Dutschke-Str. 23, 10969 Berlin, Germany / operated by Neoworks Ltd.) to display setlists and concert data. Requests are routed through the app’s own proxy server.

Legal Basis: Art. 6 (1) lit. f GDPR. Further info: https://www.setlist.fm/legal

6.4 iCloud (Apple)

The app uses iCloud to synchronize app data between user devices (Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA). The data is stored exclusively in the user’s private iCloud storage; the controller has no access.

Legal Basis: Art. 6 (1) lit. b GDPR.

Third-Country Transfer: Apple may process iCloud data in the USA. Apple relies on standard contractual clauses pursuant to Art. 46 GDPR and the EU-U.S. Data Privacy Framework. Further info: https://www.apple.com/legal/privacy/

6.5 Apple Music

Links to Apple Music are provided without transmitting personal user data to the controller. No user profiling takes place. Apple’s privacy policy applies (see 6.4).

6.6 Links to External Websites (e.g., Ticket Shops)

Within the app and on the website, links to third-party websites (e.g., Eventim, Ticketmaster) are provided to enable the purchase of tickets or to access further information. When you click on such a link, you leave our app or website.

Please note that we have no influence over the current or future design or content of the linked sites. The respective site operator is solely responsible for data processing on these external websites. For information on how these providers handle your data, please refer to their respective privacy policies.

6.7 Weather Data (Apple WeatherKit)

To display weather forecasts for upcoming concerts, the app uses Apple WeatherKit (Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA).

Legal Basis: Art. 6 (1) lit. f GDPR (legitimate interest in providing weather-related additional information for event planning).

Third-Country Transfer: Apple may process weather data requests on servers in the USA. Apple relies on standard contractual clauses pursuant to Art. 46 GDPR and the EU-U.S. Data Privacy Framework. Further information can be found at: https://www.apple.com/legal/privacy/.

7. Analysis, Tracking & Advertising

The website uses exclusively technically necessary cookies (e.g., session cookies) to ensure the core functions of the website. These cookies are deleted automatically at the end of your visit or are necessary for the duration of the session. Consent is not required under Section 25 (2) TDDDG. No analysis, tracking, or advertising tools are used.

8. Storage Period & Data Transfer

Personal data is only processed for as long as necessary for the technical purpose.

  • Server log files (website): 7–14 days
  • Technical API requests (app): No permanent storage
  • Transaction data (in-app purchases): For the duration of the contractual relationship and statutory retention periods

No transfer to third parties takes place unless there is a legal obligation or it is necessary for the performance of the contract (cf. sections 6.1–6.5).

9. Rights of Data Subjects

You have the following rights towards the controller:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

Please send inquiries to: privacy@rocktrackr.de

Withdrawal of Consent: If the processing is based on consent (Art. 6 (1) lit. a GDPR), you can withdraw it at any time with effect for the future (e.g., via the iOS settings for app permissions). The lawfulness of processing carried out until the withdrawal remains unaffected.

Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent authority is the Unabhängige Landeszentrum für Datenschutz Schleswig-Holstein (ULD), Holstenstraße 98, 24103 Kiel, Germany, www.datenschutzzentrum.de.

10. Amendments

This statement may be updated to reflect changes in the app, the services used, or the legal situation. The current version is always available on this website. The date of the last update is given at the end of this statement.

As of: March 2026

ImprintTermsPrivacy Policy

All artist names shown are for illustrative purposes only. No official affiliation.

© 2026 RockTrackR – Loud. Live. Unforgettable.. Created with ❤ using WordPress and Kubio