Songs by Reya Rivers
Start your custom song now
Gift Guides

Last updated: 09 December 2025

Introduction

Reya Rivers (Andreas Schevzik) takes your privacy seriously. This policy explains how we collect, use, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR).

Data Controller (Art. 4(7) GDPR):
Andreas Schevzik (Reya Rivers)
Tulpenstraße 20
92706 Luhe-Wildenau
Germany
Email: [email protected]
Phone: +49 9607 9228532

Data We Collect

When you place an order, we process:

  • Name
  • Email address
  • Payment information (processed securely by Stripe; we do not view or store full card details)
  • Story details: Information you provide for the song creation.

Note: By voluntarily including personal or sensitive details (e.g., health, religion, relationships) in your brief, you explicitly consent to us processing this data exclusively for the purpose of creating your song and handling your order.

If you submit a reaction video, we process:

  • Email address
  • Video content (facial images, audio)
  • Social media handles (if provided)

Automatically collected:

  • Technical data: IP address and browser type (strictly for security and site functionality).

We do not use third-party tracking pixels, advertising cookies, or analytics services (like Google Analytics).

How We Use Your Data

We use your personal data to:

  • Contract performance: Create your personalized song and deliver the files.
  • Communication: Send specific updates regarding your order.
  • Payments: Process transactions via Stripe.
  • Legal obligations: Comply with German tax and accounting laws (e.g., GoBD, § 147 AO).
  • Marketing (with consent): Display reaction videos or portfolio samples only if you have given explicit permission.

Legal Basis for Processing

We process your data based on the following legal grounds:

  • Article 6(1)(b) GDPR (contract): To fulfill your song order.
  • Article 6(1)(c) GDPR (legal obligation): Statutory tax and accounting retention.
  • Article 6(1)(f) GDPR (legitimate interest): Site security and technical maintenance.
  • Article 6(1)(a) GDPR (consent): When you upload a reaction video or agree to let us use your song or reaction in our portfolio or marketing.

Data Sharing (Service Providers & Recipients)

We do not sell your data. We only share data with carefully selected service providers who support our business operations. These providers are contractually or legally bound to protect your data and only process it as permitted by data protection laws.

  • Stripe (payments): Processes payments securely (global).
  • Google (Forms/Drive): Used for collecting and storing reaction videos (global).
  • Hostinger: Hosting provider for our website and email services (EU/global).

Each provider may also process data under its own responsibility in accordance with its own privacy policy.

Data Storage & Retention

We store your data only as long as necessary for the purposes described above or as required by law.

  • Order details: Stored for the statutory retention periods under German tax law (currently up to 10 years, § 147 AO).
  • Song files (backups): Stored securely for 1 year after delivery to assist you if you lose your file, after which they are deleted.
  • Reaction videos: Stored until you withdraw consent or request deletion.
  • Payment data: Handled entirely by Stripe; we do not store card data on our servers.

Your Rights (GDPR)

You have the following rights under GDPR:

  • Access: Request a copy of your personal data (Art. 15).
  • Rectification: Correct inaccurate data (Art. 16).
  • Erasure: Request deletion (Art. 17), subject to legal retention requirements.
  • Restriction: Limit how we process your data (Art. 18).
  • Data portability: Receive data you have provided in a structured, commonly used and machine-readable format where applicable (Art. 20).
  • Object: Object to certain processing based on legitimate interests (Art. 21).
  • Withdraw consent: You may withdraw consent for marketing or reaction video usage at any time with effect for the future.

To exercise your rights, email: [email protected]

Data Security

We protect your data with appropriate technical and organisational measures, including:

  • SSL encryption (HTTPS) for the entire website.
  • Stripe’s PCI-compliant payment processing.
  • Two-factor authentication (2FA) on administrative accounts where possible.
  • Regular security updates to the WordPress core and plugins.

International Data Transfers

Some of our service providers (e.g., Stripe, Google) may process data in countries outside the EU/EEA, particularly the USA.

We ensure these providers use valid data transfer mechanisms (e.g., the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs)) to guarantee an adequate level of data protection equivalent to that in the EU.

Children’s Privacy

Our services are not directed at children under 16. We do not knowingly collect data directly from children. If a song is for a child, the data must be provided by a parent or legal guardian.

Cookies

We do not use advertising or tracking cookies. However, our website (WordPress) may use essential technical cookies that are strictly necessary for the functioning of the site (e.g., session cookies, security-related cookies, or cookies necessary for payment processing). These cookies do not track your activity across the internet.

Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated “Last updated” date.

Contact & Supervisory Authority

If you have any questions or concerns about this policy or how we handle your data, please contact:

Email: [email protected]

You also have the right to file a complaint with a data protection supervisory authority. For us, the competent authority is in particular:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Website: https://www.lda.bayern.de/