General Information
The protection of personal data is an important concern of the European Music School Union (EMU). Personal data is processed exclusively in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable data protection provisions.
This Privacy Policy explains how the EMU processes personal data in connection with its activities, including:
• membership administration,
• international cooperation and networking, EU projects,
• events and conferences, online meetings and recordings,
• newsletters, website and social media.
Controller
Controller within the meaning of Art. 4(7) GDPR:
European Music School Union (EMU)
Postfach 41 08 52, 50868 Cologne, Germany
Represented by:
Michaela Hahn, President
Email: michaela.hahn@musicschoolunion.eu
Website: https://www.musicschoolunion.eu/
Data protection contact:
Till Skoruppa, Secretary General
Email: till.skoruppa@musicschoolunion.eu
Website: https://www.musicschoolunion.eu/
Categories of Data Subjects
The EMU processes personal data relating in particular to:
• representatives of member organisations,
• directors, educators and students of music and arts schools,
• participants, speakers and experts in online meetings and events,
• project partners and cooperation partners,
• newsletter subscribers and website users.
Categories of Personal Data
The EMU may process:
• Identification and contact data (e.g. names, titles, addresses …),
• institutional and professional information,
• participation and registration data,
• additional information voluntarily provided in connection with events or projects,
• audio, photo and video recordings,
• metadata (e.g. login and access data for member areas, technical data …)
Purposes and Legal Bases of Processing
The legitimate interest of the EMU consists in fostering European exchange and cooperation between leaders, teachers and students of music and arts schools, strengthening international networks, and collaborating with European partners in the fields of cultural education, arts education and music school development.
Membership, Networking and Cooperation
The EMU processes personal data for:
• communication with member organisations,
• coordination of international cooperation,
• administration of boards, working groups and expert networks,
• and organisation of meetings and activities.
Events, Conferences and Meetings
Personal data is processed for the organisation and administration of:
• conferences,
• workshops,
• meetings,
• online spotlights,
• festivals
• and other international exchange activities.
Processed data may include:
• name,
• institution,
• role/function,
• contact details,
• registration and participation information.
For networking and organisational purposes, participant lists may be shared with registered participants. Participant lists are only distributed on the basis of consent pursuant to Art. 6(1)(a) GDPR obtained during registration.
The EMU may conduct evaluations, questionnaires and feedback surveys following events or within EU projects. Participation is voluntary.
Photo, Audio and Video Recordings
During events, meetings and online sessions, photo, audio and video recordings may be made.
Recordings may be used:
• for documentation, communication and dissemination activities,
• on the EMU website and in the internal members area,
• on social media channels and on the EMU YouTube channel.
Online spotlights and meetings are partly conducted and recorded via Zoom.
Certain videos may be published as “unlisted” on YouTube or made available exclusively in the internal members area. Participants are informed about recordings during registration and, where required, consent is obtained. Consent may be withdrawn at any time with future effect.
EU Projects and Project Cooperation
The EMU processes personal data in connection with European cooperation and funding projects.
This includes:
• project coordination,
• communication,
• reporting,
• dissemination,
• and documentation activities.
Recipients may include:
• project partners,
• funding bodies,
• public authorities,
• and auditors.
Newsletters and Mailing Lists
The EMU processes personal data for newsletters, mailing lists and project communication.
Processed data may include:
• name,
• email address,
• institution,
• language preferences,
• subscription information.
Subscriptions are generally managed through a double opt-in procedure.
Consent can be withdrawn at any time.
Members Area
The EMU may provide password-protected members areas on its website.
These areas may contain:
• internal documents,
• recordings,
• project materials,
• member information,
• and communication resources.
Access is restricted to authorised users only.
Website and Cookies
When visiting the EMU website, technical information may be processed, including:
• IP address,
• browser type,
• operating system,
• date and time of access,
• visited pages.
The EMU website uses cookies. Non-essential cookies and third-party services are only used on the basis of consent.
The EMU website is hosted by cyon AG, Brunngässlein 12, CH-4052 Basel
The EMU website may contain links to external websites.
The EMU is not responsible for the privacy practices or content of external websites.
Social Media
The EMU operates accounts on:
• Instagram
• LinkedIn
• YouTube
These platforms are used for communication, dissemination, networking and public information activities. When visiting these platforms, personal data may be processed by the respective providers.
Further information is available in the privacy policies of the respective platforms.
Cloud and Collaboration Services
The EMU uses the following digital services:
• Dropbox is primarily used for office administration and internal organisational files.
• Google Workspace / Google Drive is primarily used for board collaboration.
• Microsoft Teams is primarily used for project-related cooperation.
Personal data may be processed in connection with the use of these services.
Where required, data processing agreements pursuant to Art. 28 GDPR have been concluded.
Recipients of Personal Data
Personal data may be shared with:
• IT and hosting providers,
• communication and newsletter providers,
• project partners,
• public authorities,
• funding bodies,
• external service providers where necessary.
Personal data is only shared where required for the respective purpose.
International Data Transfers
Some service providers used by the EMU may process personal data outside the European Union or the European Economic Area, particularly in the United States.
Where such transfers occur, the EMU relies on appropriate safeguards pursuant to Art. 44 ff. GDPR, including:
• EU Standard Contractual Clauses,
• adequacy decisions,
• and the EU-US Data Privacy Framework where applicable.
Retention Periods
Personal data is stored only for as long as necessary for the respective purpose or as required by legal obligations. In particular:
• event-related data is generally stored up to 10 years where legally required.
• newsletter data until consent is withdrawn,
• project data according to funding and reporting obligations.
Rights of Data Subjects
You have the right to access your data, request correction or deletion, restrict or object its use, and ask for your data to be removed from the records by contacting the data protection officer.
Individuals have the right to lodge a complaint with a supervisory authority.
The competent authority for the EMU is:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
https://www.ldi.nrw.de/
Data Security
The EMU implements appropriate technical and organisational measures to protect personal data against loss, unauthorised access or unlawful processing.
These measures include:
• access restrictions,
• role-based permissions,
• secure communication systems,
• and encrypted data transmission where technically possible.
Last updated: May 2026
