Language Notice: This content is legally binding exclusively in the German language. Translations into other languages are provided for informational purposes only and are non-binding.
Last updated: May 2026
This Privacy Policy informs you about the processing of personal data when you use our website, our pre-registration, our future platform features, and the related communications.
This Privacy Policy is addressed to visitors to our website as well as to persons who pre-register, create a user account, or use the Apollum platform.
The platform is intended exclusively for persons who have reached the age of 18. We do not knowingly collect data from minors. If we become aware of any such data, it will be deleted without delay.
| Company | apollum highend GmbH Robert-Bosch-Str. 19c 48153 Münster Germany |
| legal@apollum.com | |
| Managing Director | Sebastian Strube |
| Commercial Register | HRB 23212 |
| Register Court | Local Court Münster |
No data protection officer has been appointed.
We process personal data only to the extent necessary to provide our website, to conduct pre-registration, to provide and operate the platform, to communicate with you, to improve and secure our services, or to fulfil legal obligations.
Personal data means any information relating to an identified or identifiable natural person. This includes in particular name, email address, contact details, usage data, technical access data, communication content, and information you submit to us during registration or use of the platform.
Processing is based in particular on the following legal grounds:
When you access our website, your browser automatically transmits information to our web server. This information is temporarily stored in so-called server log files.
The following data may in particular be processed:
This data is processed to provide the website technically, to ensure the stability and security of the systems, to detect and prevent misuse, and to operate the website administratively.
The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable, and functional provision of our website.
Server log files are stored for a maximum of 30 days and are then deleted or anonymised. Longer storage takes place only in exceptional cases where it is required for the investigation of specific security incidents or for legal enforcement.
Our website and platform are hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.
Processing takes place on servers in Germany. In the context of hosting, the following data may in particular be processed:
Hetzner is used for the secure, stable, and efficient provision of our website and platform.
The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure and reliable provision of our online services. Where hosting is required for the provision of contractual platform functions, Art. 6(1)(b) GDPR is an additional legal basis.
A data processing agreement in accordance with Art. 28 GDPR has been concluded with Hetzner.
We use only technically necessary cookies. Cookies are small text files stored on your device. They are necessary to provide basic functions, such as storing a language setting, a login session, a security status, or your cookie preferences.
Technically necessary cookies are used in particular for:
The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure and functional provision of our website and platform. Where cookies are required for the performance of a contract or pre-contractual measures, Art. 6(1)(b) GDPR is the legal basis.
We currently use no non-essential cookies and no Google services, in particular no Google Analytics, no Google Tag Manager, no Google Ads, and no Google Fonts served via Google servers.
We use Plausible Analytics, a privacy-friendly web analytics service provided by Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia. A data processing agreement in accordance with Art. 28 GDPR has been concluded with Plausible.
We use Plausible to collect general usage statistics in order to understand how our website is used and how we can improve our services. The following information may in particular be processed:
According to Plausible, the service does not use cookies, persistent identifiers, cross-site tracking, or cross-device tracking. No individual user profiles are created. Plausible is designed as a privacy-friendly, cookieless alternative to Google Analytics and, according to its own statements, processes analytics data on servers within the European Union.
Processing is carried out for statistical analysis and improvement of our online services.
The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the privacy-friendly analysis and improvement of our website. Since Plausible operates without cookies and without persistent tracking of individual users, the impact on users' rights and freedoms is minimal.
We offer users the opportunity to express interest in the Apollum platform before it is fully launched. Pre-registration does not establish a contractual relationship and does not confer any right to use the platform or specific features.
The following data may in particular be processed during pre-registration:
The data is processed to document your interest, to inform you of the platform launch, and to send you relevant information about Apollum.
The legal basis is Art. 6(1)(a) GDPR. Your consent covers the storage of your details and contact in connection with the platform. You may withdraw your consent at any time with effect for the future by contacting us at contact@apollum.com.
Before the full launch of the platform, it is necessary for you to confirm the terms of use, privacy notices, and other legal declarations applicable at that time. Your account will only be activated upon such confirmation.
Pre-registration data will be deleted upon request at any time; otherwise at the latest twelve months after the platform launch if no account has been activated.
When you create a user account or use the platform, we process the personal data necessary for this purpose.
This may include in particular:
Processing is carried out to provide you with a user account, to enable platform features, to manage your identity within your user account, to ensure security and prevent misuse, to enable communication, and to operate the platform properly.
The legal basis is Art. 6(1)(b) GDPR where processing is necessary for the provision of the user account and platform features. Where data is processed for security, stability, misuse detection, fraud prevention, or platform development, Art. 6(1)(f) GDPR is the legal basis.
Account data is stored for the duration of the user account. After deletion of the account, personal data will be deleted to the extent no statutory retention obligations apply or further storage is required for legal enforcement. Where no statutory retention obligation applies, deletion takes place no later than 30 days after account closure.
Apollum is aimed in part at brands, retailers, service partners, and other commercial users in the high-end audio sector.
If you create or manage a commercial profile, the following data may in particular be processed:
Where information is publicly displayed in the profile, this is done to present the company on the platform and to allow other users to make contact.
The legal basis is Art. 6(1)(b) GDPR where processing is necessary for the performance of the contractual relationship. Where personal data of contact persons who are not themselves a party to the contract is processed (e.g. employees managing company data), this is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in providing complete and up-to-date company profiles. Affected contact persons must be informed of this processing; the obligation to provide such information lies with the respective company as account holder.
When you post listings, product information, images, descriptions, certifications, or other content on the platform, we process the associated data.
This may include in particular:
Please ensure that you do not publish personal data of third parties in listings, images, or descriptions unless there is a legal basis for doing so.
Processing is carried out for the publication and management of listings, the display of products, facilitating contacts, and the provision of platform features.
The legal basis is Art. 6(1)(b) GDPR. Where processing serves quality assurance, misuse prevention, fraud avoidance, or legal enforcement, Art. 6(1)(f) GDPR is the legal basis.
We use services provided by OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA, to process public or publication-intended content on the platform in an automated manner.
This may in particular serve the following purposes:
The relevant public or publication-intended content may be transmitted to OpenAI and processed there. Depending on the content, this may also include personal data, for example if you publish personal details in a public profile, listing, or description text.
Processing is carried out to make content accessible in multiple languages, to ensure platform quality, to detect abusive content, and to provide a safe and high-quality platform environment.
The legal basis is Art. 6(1)(b) GDPR where processing is necessary for the provision of platform features. Where processing serves quality assurance, translation, moderation, misuse prevention, or platform improvement, Art. 6(1)(f) GDPR is the legal basis. Our legitimate interest lies in providing a multilingual, secure, and high-quality platform.
A data processing agreement in accordance with Art. 28 GDPR has been concluded with OpenAI. According to OpenAI, data processed via the API or business services is not used by default for model training.
As OpenAI is a US company, processing of personal data in the United States cannot be excluded. The transfer is based on the adequacy decision of the European Commission of 10 July 2023 on the EU–U.S. Data Privacy Framework (EU–U.S. DPF), as OpenAI is certified under the EU–U.S. DPF. Where EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR are used additionally or as a fallback, these are available upon request.
Private messages and private communication content are not transmitted to OpenAI. Please do not include confidential information or personal data of third parties in public or publication-intended content unless there is a legal basis for doing so.
Apollum may provide features that allow users to communicate with each other, for example via messages, contact requests, or comparable communication features.
The following data may in particular be processed:
Private messages and private communication content are not transmitted to OpenAI.
Where private messages or non-public communication content are translated, this is done via a private AI or translation solution operated or controlled exclusively by us within our own technical environment or infrastructure. If an external service provider is used for this purpose in the future, this Privacy Policy will be updated accordingly.
Private communication content is processed to enable communication between users, to deliver messages, and to provide translations where required.
The legal basis is Art. 6(1)(b) GDPR where communication and translation form part of the platform service. Where we process communication data for security, misuse detection, fraud prevention, or legal enforcement, this is based on Art. 6(1)(f) GDPR.
Private messages are not reviewed for their content by employees without cause. A review may take place where necessary to handle complaints, to combat misuse, to prevent fraud, to enforce our terms of use, or to fulfil legal obligations.
To safeguard the quality and integrity of the platform, we may review public content, listings, product descriptions, profile content, or other publication-intended content in an automated or semi-automated manner.
This may in particular serve to detect the following content:
OpenAI may be used for public or publication-intended content. Private messages are not transmitted to OpenAI for this purpose.
Processing is carried out for security, quality assurance, and misuse prevention.
The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in a safe, trustworthy, and high-quality platform environment. Where moderation is necessary for the performance of the platform contract, Art. 6(1)(b) GDPR is an additional legal basis.
No exclusively automated decision-making with legal effect within the meaning of Art. 22 GDPR takes place. Where content is restricted, removed, or user accounts are blocked, this is done in accordance with our terms of use and, where necessary, with human review.
Apollum may use algorithmic functions to sort, rank, or generate recommendations for content, listings, products, or user profiles by relevance. This may include in particular:
Processing is carried out to improve the user experience, to increase the relevance of displayed content, and to efficiently connect providers and interested parties on the platform.
The legal basis is Art. 6(1)(b) GDPR where the function forms part of the contractually agreed platform service. Where processing serves the improvement and development of the platform, Art. 6(1)(f) GDPR is the legal basis.
No exclusively automated decision-making with legal effect or comparable significant impact within the meaning of Art. 22 GDPR takes place. Algorithmic sorting and recommendations do not produce direct legal effects for users.
When you contact us, for example by email, contact form, telephone, or via a platform feature, we process the data you provide to handle your enquiry.
This may include in particular:
Processing is carried out to handle and respond to your enquiry.
The legal basis is Art. 6(1)(b) GDPR where your enquiry relates to an existing or prospective contractual relationship. In all other cases, Art. 6(1)(f) GDPR is the legal basis. Our legitimate interest lies in the proper handling of enquiries. Where statutory retention obligations apply, Art. 6(1)(c) GDPR is the legal basis.
Enquiry data without contractual connection will be deleted after final processing, at the latest upon expiry of the standard limitation period of three years from the end of the year in which the enquiry was received.
If you subscribe to a newsletter or comparable regular communications, we process your email address and any other voluntary information provided in order to send you this information.
We use a double opt-in procedure for subscription. Following sign-up, you will receive a confirmation email requiring your active confirmation. This serves as evidence that the sign-up was carried out by you.
Processing is based on your consent in accordance with Art. 6(1)(a) GDPR.
You may withdraw your consent at any time with effect for the future, via an unsubscribe link in the relevant email or by contacting contact@apollum.com.
For the sending of emails we use the Mailgun service provided by Mailgun Technologies, Inc. (now part of Sinch), 535 Mission Street, San Francisco, CA 94105, USA. Mailgun receives your email address and technical dispatch metadata for this purpose. A data processing agreement in accordance with Art. 28 GDPR has been concluded with Mailgun. The transfer to the USA is based on EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.
Independently of this, we may send you necessary transactional emails within the context of existing contractual or user relationships, for example in connection with registration, account security, contract performance, changes to legal terms, platform features, or important service notifications. The legal basis for this is Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.
Where fee-based services are offered, we process the data required for billing purposes.
This may include in particular:
Processing is carried out for contract performance, invoicing, payment processing, and fulfilment of tax and commercial law obligations.
The legal basis is Art. 6(1)(b) GDPR. For statutory retention and documentation obligations, Art. 6(1)(c) GDPR is the legal basis.
For payment processing we use the Stripe service provided by Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA (for Europe: Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland). Stripe receives only the data necessary for payment processing. A data processing agreement in accordance with Art. 28 GDPR has been concluded with Stripe. Where data is transferred to Stripe, Inc. in the USA, the transfer is based on EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.
Contractual and billing data is stored in accordance with statutory retention obligations. Tax-relevant records are subject to a retention period of ten years (§ 147 German Fiscal Code / § 257 German Commercial Code); commercially relevant records to a retention period of six years.
We process personal data to the extent necessary to protect our website, platform, user accounts, communications, and content against misuse, unauthorised access, fraud, spam, technical attacks, or other unlawful acts.
Technical data, login data, IP addresses, timestamps, account activity, communication metadata, reports from other users, and security-relevant events may in particular be processed for this purpose.
The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the security and integrity of our platform, the protection of our users, and the enforcement of our rights.
We process personal data to the extent required to fulfil legal obligations. This includes in particular obligations under commercial law, tax law, regulatory law, or other statutory retention and cooperation requirements.
The legal basis is Art. 6(1)(c) GDPR.
In addition, we may process personal data to the extent necessary for the establishment, exercise, or defence of legal claims.
The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the protection and enforcement of our rights.
Personal data is only disclosed where this is necessary for the stated purposes, where a legal obligation exists, where you have given consent, or where another legal basis applies.
Recipients may in particular include:
Where service providers act as processors, processing is based on a data processing agreement in accordance with Art. 28 GDPR.
We endeavour to process personal data primarily within the European Union or the European Economic Area.
Hosting is carried out by Hetzner on servers in Germany. Plausible processes analytics data within the European Union according to its own statements.
The following service providers may process data outside the EU/EEA, in particular in the USA:
OpenAI: The transfer is based on the adequacy decision of the European Commission on the EU–U.S. Data Privacy Framework (EU–U.S. DPF). OpenAI is certified under the EU–U.S. DPF. As a fallback, the transfer is based on EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.
Mailgun: The transfer is based on EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.
Stripe: The transfer to Stripe, Inc. (USA) is based on EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR. Where processing takes place via Stripe Payments Europe, Ltd. (Ireland), no third-country transfer occurs.
Private messages and private communication content are not transmitted to OpenAI.
We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations.
The following periods and principles apply in particular:
Where data is no longer required, it is deleted or anonymised.
No exclusively automated decision-making including profiling with legal effect or comparable significant impact within the meaning of Art. 22 GDPR takes place.
Where algorithmic functions such as ranking or recommendation systems are used (see Section 14), these produce no legal effects and do not constitute decisions within the meaning of Art. 22 GDPR.
You have the following rights subject to the applicable legal requirements:
To exercise your rights, please contact: contact@apollum.com
Where you have given us consent, you may withdraw it at any time with effect for the future. The lawfulness of processing carried out on the basis of consent prior to withdrawal remains unaffected.
You may declare your withdrawal by email to contact@apollum.com or, where available, via an unsubscribe link in the relevant communication.
Notice pursuant to Art. 21 GDPR:
Where we process personal data on the basis of Art. 6(1)(f) GDPR (legitimate interests), you have the right to object to such processing at any time on grounds relating to your particular situation. We will then no longer process the data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing for such purposes; this also applies to profiling insofar as it is related to such direct marketing.
You may declare your objection by email to contact@apollum.com.
You have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of your personal data infringes data protection law.
The supervisory authority with primary responsibility for us is:
State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia Kavalleriestraße 2-4 40213 Düsseldorf Germany
Phone: +49 (0)211 / 38424 - 0 Email: poststelle@ldi.nrw.de Website: https://www.ldi.nrw.de
You may also contact any other competent data protection supervisory authority, in particular the authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.
We implement appropriate technical and organisational measures in accordance with Art. 32 GDPR to protect personal data against loss, misuse, unauthorised access, alteration, or destruction. These include in particular encrypted transmission using TLS/HTTPS, hashed storage of passwords, and access controls at infrastructure level.
Our security measures are continuously reviewed and updated in line with technological developments.
We may update this Privacy Policy where required due to technical, legal, or organisational changes. The current version is available on our website at all times. Registered users will be separately notified of material changes.
