Privacy Policy
Privacy Policy
This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter “data”) within our online offering and the associated websites, functions, and content, as well as external online presences such as our social media profiles (collectively referred to as the “online offering”). With regard to the terminology used (e.g., “processing” or “controller”), we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Contact
If you have general questions about the services or about the data we collect about you and how we use it, please contact us at:
MB Film Marc Boettcher
Address: Gütergotzer Straße 59, 14165 Berlin, Germany
Email: info@boettcher-film.de
Phone: +49 30 80 11 425
Fax: +49 30 80 11 425
Types of data processed
– Inventory data (e.g., names)
– Contact data (e.g., email addresses, phone numbers)
– Content data (e.g., text entries, photographs, videos)
– Usage data (e.g., visited pages, interest in content, access times)
– Meta/communication data (e.g., device information, IP addresses)
Categories of data subjects
Visitors and users of the online offering (hereinafter also collectively referred to as “users”).
Purpose of processing
– Provision of the online offering, its functions and content
– Responding to contact requests and communicating with users
– Security measures
– Reach measurement / marketing
Definitions
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
“Processing” means any operation or set of operations performed on personal data, whether or not by automated means.
“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Relevant legal bases
In accordance with Article 13 GDPR, we inform you of the legal bases of our data processing. If a legal basis is not mentioned in this Privacy Policy, the following applies:
– The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR.
– The legal basis for processing to perform our services, to carry out contractual measures, and to respond to inquiries is Article 6(1)(b) GDPR.
– The legal basis for processing to fulfill legal obligations is Article 6(1)(c) GDPR.
– The legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) GDPR.
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons or companies (processors or third parties), transmit it to them, or otherwise grant them access to the data, this will only occur:
– on the basis of a legal permission (e.g., where disclosure to third parties such as payment service providers is necessary for contract performance under Article 6(1)(b) GDPR),
– if you have consented,
– if a legal obligation requires it, or
– on the basis of our legitimate interests (e.g., the use of agents, web hosts, etc.).
If we commission third parties to process data on the basis of a “data processing agreement,” this is done on the basis of Article 28 GDPR.
Transfers to third countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this happens in the context of using third-party services or disclosing/transferring data to third parties, this will only take place if it is necessary to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests.
Subject to statutory or contractual permissions, we only process or have data processed in a third country if the special requirements of Articles 44 et seq. GDPR are met. This means, for example, that processing takes place on the basis of specific safeguards, such as an officially recognized determination of an adequate level of data protection (e.g., for the USA via the “Privacy Shield”) or compliance with officially recognized contractual obligations (so-called “standard contractual clauses”).
Rights of data subjects
You have the right to request confirmation as to whether data concerning you is being processed, and to obtain access to this data, as well as further information and a copy of the data in accordance with Article 15 GDPR.
In accordance with Article 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
In accordance with Article 17 GDPR, you have the right to request that data concerning you be deleted without undue delay, or alternatively, in accordance with Article 18 GDPR, to request restriction of processing.
In accordance with Article 20 GDPR, you have the right to receive the data you have provided to us and to request its transmission to other controllers.
You also have the right, pursuant to Article 77 GDPR, to lodge a complaint with a competent supervisory authority.
Right of withdrawal
You have the right to withdraw consent you have given, with effect for the future, pursuant to Article 7(3) GDPR.
Right to object
You can object to the future processing of data concerning you at any time in accordance with Article 21 GDPR. In particular, the objection may be made against processing for direct marketing purposes.
Deletion of data
The data processed by us is deleted or restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated otherwise in this Privacy Policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and provided that no statutory retention obligations prevent deletion.
If data is not deleted because it is required for other lawful purposes, its processing will be restricted. That means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
According to legal requirements in Germany, retention is in particular:
– 6 years pursuant to Section 257(1) of the German Commercial Code (HGB) (e.g., commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.)
– 10 years pursuant to Section 147(1) of the German Fiscal Code (AO) (e.g., books, records, management reports, accounting documents, commercial and business letters, tax-relevant documents, etc.)
According to legal requirements in Austria, retention is in particular:
– 7 years pursuant to Section 132(1) BAO (accounting documents, vouchers/invoices, accounts, business papers, list of income and expenses, etc.)
– 22 years in connection with real estate
– 10 years for documents related to electronically supplied services, telecommunications, broadcasting, and television services provided to non-business customers in EU member states where the Mini-One-Stop-Shop (MOSS) is used.
Hosting
The hosting services we use serve to provide the following: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services, which we use for the operation of this online offering.
In doing so, we (or our hosting provider) process inventory data, contact data, content data, contract data, usage data, and meta/communication data of customers, interested parties, and visitors on the basis of our legitimate interests in efficient and secure provision of this online offering pursuant to Article 6(1)(f) GDPR in conjunction with Article 28 GDPR (conclusion of a data processing agreement).
Our hosting provider processes the collected data as follows:
We may share your personal data with service providers and third parties (or otherwise allow them access) only in the following ways and in the following cases:
Third-party providers: Wix works with a number of selected service providers whose services and solutions complement, facilitate, and improve ours. These include hosting and server co-location services, communications and content delivery networks (CDNs), data and cyber security services, billing and payment processing services, domain name registrars, fraud detection and prevention service providers, web analytics, email distribution and monitoring services, session recording services, remote access and performance measurement services, data optimization and marketing services, content providers, and our legal and financial advisors (collectively: “third-party providers”).
Where does the hosting partner store the data?
The personal data of our users (and users of users) is stored in Germany.
Collection of access data and log files
We (or our hosting provider) collect data about each access to the server on which this service is located (“server log files”) on the basis of our legitimate interests within the meaning of Article 6(1)(f) GDPR.
Access data includes: name of the accessed website, file, date and time of access, amount of data transferred, message about successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
Why do we collect this data?
We may use your data for the following purposes:
– to provide and operate our services;
– to develop, customize, and improve our services;
– to respond to your feedback, requests, and inquiries and to provide support;
– to analyze demand and usage patterns;
– for other internal, statistical, and research purposes;
– to improve our data security and fraud prevention capabilities;
– to investigate and prevent illegal activities or other misconduct, enforce our terms and policies, and comply with applicable laws, regulations, or governmental orders;
– to send you updates, news, promotional materials, and other information related to our services. For promotional emails, you can decide whether you wish to continue receiving them. If not, simply click the unsubscribe link in those emails.
To whom do we disclose this data?
We may share your data with our service providers in order to operate our services (e.g., storing data via third-party hosting services, providing technical support, etc.).
We may also disclose your data in the following circumstances: (i) to investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing; (ii) to establish or exercise our right of defense; (iii) to protect our rights, property, or personal safety and the safety of our users or the public; (iv) in the event of a change of control in us or in any of our affiliated companies (via a merger, acquisition, or purchase of (substantially) all assets, etc.); (v) to collect, hold, and/or manage your data via authorized third-party providers (e.g., cloud service providers) as reasonably required for business purposes; (vi) to work with third-party providers to improve your user experience. For clarity, we note that we cannot transfer, share, or otherwise use non-personal data at our discretion.
Please note that our services may enable social interactions (e.g., posting content, information, and comments publicly and chatting with other users). Any content or data you provide in these areas may be read, collected, and used by others. We recommend that you do not post or share information that you do not want to be public.
If you upload content to our digital assets or otherwise make it available when using a service, you do so at your own risk. We cannot control the actions of other users or members of the public with access to your data or content.
You acknowledge and agree that copies of your data may remain viewable even after deletion on cached and archived pages, or after third parties have copied or stored your content.
Cookies and similar technologies
When you visit or access our services, we authorize third parties to use web beacons, cookies, pixel tags, scripts, and other technologies and analytics services (“tracking technologies”).
These tracking technologies may allow third parties to automatically collect your data in order to improve navigation on our digital assets, optimize performance, ensure a tailored user experience, and for security and fraud prevention purposes.
To learn more, please read our cookie policy.
Security note
For this reason, we ask you to use strong passwords and, if possible, not to send us or others any confidential information whose disclosure could, in your view, cause you significant or lasting harm. Since email and instant messaging are not considered secure forms of communication, we also ask you not to transmit confidential information via these channels.
How do we handle minors?
We do not knowingly collect data from minors.
The services are not intended for users who have not yet reached the legal age of majority. We will not knowingly collect data from children. If you are not of legal age, you should not download or use the services and should not provide us with any information.
We reserve the right to request proof of age at any time to verify whether minors are using our services. If we become aware that a minor is using our services, we may deny and block access and delete all data stored about that user.
If you believe that a minor has provided us with data, please contact us as described above.
(If children can use our services: If they wish to access certain functions, they may need to provide certain information. Some data (including data collected via cookies, web beacons, and similar technologies) may be collected automatically. If we knowingly collect, use, or disclose data collected from a child, we will provide notice in accordance with applicable law and obtain parental consent. We do not condition a child’s participation in an online activity on the child providing more contact information than is reasonably necessary. We use the data we collect only in connection with the services the child requested. We may also use a parent’s contact details to communicate about the child’s activities. Parents may review the data collected from their child, instruct us to stop collecting further data, and request deletion of all collected data. Please contact us to view, update, or delete your child’s data. To protect your child, we may request proof of identity. We may refuse access if we believe your identity is questionable. Please note that certain data cannot be deleted due to other legal obligations.)
Principles of data collection for this website
We use your personal data only for the purposes set out in this Privacy Policy and only if we believe that:
– the use of your personal data is necessary to perform or enter into a contract (e.g., to provide the services or customer support/technical support);
– the use of your personal data is necessary to comply with legal or regulatory obligations; or
– the use of your personal data is necessary to support our legitimate business interests (provided that this is always done proportionately and respects your data protection rights).
As an EU resident, you may:
– request confirmation as to whether personal data concerning you is being processed and request access to your stored personal data and certain additional information;
– request to receive personal data you provided to us in a structured, commonly used, machine-readable format;
– request correction of your personal data stored by us;
– request deletion of your personal data;
– object to the processing of your personal data by us;
– request restriction of processing of your personal data; or
– lodge a complaint with a supervisory authority.
Please note that these rights are not absolute and may be subject to our legitimate interests and regulatory requirements. If you have general questions about the personal data we collect and how we use it, please contact us as described above.
In providing the services, we may transfer data cross-border to affiliated companies or other third parties and from your country/jurisdiction to other countries/jurisdictions worldwide. By using the services, you consent to the transfer of your data outside the EEA.
Comment subscriptions
Follow-up comments can be subscribed to by users on the basis of their consent pursuant to Article 6(1)(a) GDPR. Users receive a confirmation email to verify that they are the owner of the email address entered. Users can unsubscribe from ongoing comment subscriptions at any time. The confirmation email will contain information about withdrawal options.
For the purpose of documenting users’ consent, we store the time of registration and the users’ IP address and delete this information when users unsubscribe from the subscription.
You can cancel receipt of our subscription at any time, i.e., withdraw your consent. We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to be able to prove that consent was previously given. Processing of this data is restricted to the purpose of possible defense against claims.
An individual deletion request is possible at any time, provided that the prior existence of consent is confirmed at the same time.
Social media presences
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and data processing policies of their respective operators apply.
Unless otherwise stated in this Privacy Policy, we process users’ data if they communicate with us within social networks and platforms, e.g., by posting on our presences or sending us messages.
Integration of third-party services and content
Within our online offering, we use content or service offerings from third-party providers on the basis of our legitimate interests (i.e., interest in analysis, optimization, and economic operation of our online offering within the meaning of Article 6(1)(f) GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter collectively “content”).
This always requires that the third-party providers of such content perceive the user’s IP address, because without the IP address they could not send the content to the user’s browser. The IP address is therefore necessary for displaying this content. We endeavor to use only content whose providers use the IP address solely for delivering the content.
Third-party providers may also use so-called pixel tags (“web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website.
Pseudonymous information may also be stored in cookies on users’ devices and may include technical information about browser and operating system, referring websites, time of visit, and other details about use of our online offering, and may also be linked with such information from other sources.
YouTube
We embed videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated
Google Fonts
We embed fonts (“Google Fonts”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated
Use of Facebook social plugins
On the basis of our legitimate interests (i.e., interest in analysis, optimization, and economic operation of our online offering within the meaning of Article 6(1)(f) GDPR), we use social plugins (“plugins”) of the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins may represent interaction elements or content (e.g., videos, graphics, or text contributions) and can be recognized by one of the Facebook logos (white “f” on a blue tile, the terms “Like”, “Gefällt mir” or a “thumbs-up” sign) or are marked with the addendum “Facebook Social Plugin”. The list and appearance of Facebook social plugins can be viewed here:
https://developers.facebook.com/docs/plugins/
Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee to comply with European data protection law.
If a user accesses a function of this online offering that contains such a plugin, their device establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the online offering. Usage profiles may be created from the processed data.
We have no influence on the scope of data that Facebook collects with the help of this plugin and therefore inform users according to our current knowledge.
Through the integration of the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offering. If the user is logged into Facebook, Facebook can associate the visit with their Facebook account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from their device directly to Facebook and stored there.
If a user is not a member of Facebook, it is still possible that Facebook obtains and stores their IP address. According to Facebook, only an anonymized IP address is stored in Germany.
For the purpose and scope of data collection and the further processing and use of data by Facebook, as well as related rights and settings options for protecting users’ privacy, please refer to Facebook’s privacy notices:
https://www.facebook.com/about/privacy/
If a user is a Facebook member and does not want Facebook to collect data about them via this online offering and link it with their membership data stored on Facebook, they must log out of Facebook before using our online offering and delete their cookies.
Further settings and objections to the use of data for advertising purposes are possible within Facebook profile settings:
https://www.facebook.com/settings?tab=ads
or via the US site http://www.aboutads.info/choices/
or the EU site http://www.youronlinechoices.com/
The settings are platform-independent, i.e., they apply to all devices such as desktop computers or mobile devices.
When using our online services, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests and users’ interest in protection against misuse and other unauthorized use. This data is generally not passed on to third parties unless it is necessary for pursuing our claims or there is a legal obligation under Article 6(1)(c) GDPR.
We process usage data (e.g., visited websites of our online offering, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile in order, for example, to display product notices to the user based on services previously used.
Amazon Partner Program
On the basis of our legitimate interests (i.e., interest in the economic operation of our online offering within the meaning of Article 6(1)(f) GDPR), we participate in the Amazon EU Partner Program, which is designed to provide a medium for websites through which advertising fees can be earned by placing ads and links to Amazon.de (affiliate system). Amazon uses cookies to track the origin of orders.
Among other things, Amazon can recognize that you clicked the affiliate link on this website and subsequently purchased a product from Amazon.
For more information about Amazon’s data use and objection options, please see Amazon’s Privacy Policy:
http://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401
Contacting us
When contacting us (e.g., via contact form, email, phone, or social media), the user’s details are processed to handle the contact request and its processing pursuant to Article 6(1)(b) GDPR. Users’ details may be stored in a customer relationship management system (“CRM system”) or a comparable request organization.
X (f.k.a. Twitter)
Within our online offering, functions and content of the Twitter service may be embedded, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include content such as images, videos, or text, and buttons that allow users to express their appreciation of the content, subscribe to the authors of the content, or follow our posts. If users are members of Twitter, Twitter can associate the access to the aforementioned content and functions with their profiles there.
Twitter is certified under the Privacy Shield agreement and thereby offers a guarantee to comply with European data protection law.
Privacy Policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization
Updates or changes to this Privacy Policy
We may revise this Privacy Policy from time to time at our sole discretion; the version published on the website is always current (see the “Last updated” information). Please check this Privacy Policy regularly for changes. In the event of material changes, we will publish a notice on our website.
If you continue to use the services after notification of changes on our website, this will be deemed your confirmation and consent to the changes and your agreement to be bound by the terms of those changes.