This data protection declaration informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the websites, functions and content associated with it, as well as external online presences, such as our social media profiles. (hereinafter collectively referred to as "online offer"). With regard to the terms used, such as "processing" or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
If you have general questions about the Services or the information we collect about you and how we use it, please contact us at:
MB Film Marc Boettcher
Address: Gütergotzer Straße 59, 14165 Berlin
E-mail address: firstname.lastname@example.org
Phone: +49 (0) 30 80 11 425
Fax: +49 (0) 30 80 11 425
Web pages: https://www.boettcher-film.de
Types of data processed:
- Inventory data (e.g., names)
- Contact data (e.g., e-mail, phone numbers)
- Content data (e.g., text input, photographs, videos)
- Usage data (e.g., web pages visited, interest in content, access times)
- Meta/communication data (e.g., device information, IP addresses)
Categories of persons concerned
Visitors and users of the online offer (hereinafter we also refer to the data subjects collectively as "users").
Purpose of processing
- Provision of the online offer, its functions and contents.
- Answering contact requests and communication with users.
- Security measures.
- Reach measurement/marketing
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means.
"Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Relevant legal bases
The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 DSGVO, the legal basis for processing to fulfill our services and perform contractual measures and respond to inquiries is Art. 6(1)(b) DSGVO, the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) DSGVO, and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) DSGVO.
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this shall only be done:
· on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the fulfillment of the contract according to Art. 6 para. 1 lit. b DSGVO),
· if you have consented
· a legal obligation provides for this
· or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 DSGVO.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. DSGVO are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection that corresponds to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
Rights of the data subjects
You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 of the GDPR.
You have according to. Art. 16 DSGVO the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
You have the right, in accordance with Art. 17 DSGVO, to demand that data concerning you be deleted without delay, or alternatively, in accordance with Art. 18 DSGVO, to demand restriction of the processing of the data.
You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 DSGVO and to request that it be transferred to other data controllers.
You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 DSGVO.
Right of withdrawal
You have the right to revoke given consents according to Art. 7 para. 3 DSGVO with effect for the future
Right of objection
You may object to the future processing of data relating to you in accordance with Art. 21 DSGVO at any time. The objection can be made in particular against the processing for purposes of direct marketing.
The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 DSGVO. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
According to legal requirements in Germany, data is stored for 6 years in accordance with Section 257 (1) of the German Commercial Code (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with Section 147 (1) of the German Fiscal Code (AO) (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
According to legal requirements in Austria, storage is carried out in particular for 7 years in accordance with Section 132 (1) BAO (accounting records, vouchers/invoices, accounts, receipts, business papers, statement of income and expenditure, etc.), for 22 years in connection with real estate and for 10 years for documents in connection with electronically provided services, telecommunications, radio and television services provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.
The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offering.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO. Art. 28 DSGVO (conclusion of order processing contract).
Our hosting provider processes the collected data as follows:
We may share (or otherwise provide you with access to) your personal information with service providers and third parties, but only in the following ways and to:
Third Party Providers: Wix works with a number of select service providers whose services and solutions complement, facilitate and enhance ours. These include hosting and server co-location services, communications and content delivery networks (CDNs), data and cybersecurity services, billing and payment processing services, domain name registration managers, fraud detection and prevention service providers, web analysts, email distribution and monitoring services, session recording, remote access and performance measurement services, data optimization and marketing services, content providers, and our legal and financial advisors (collectively: "Third Party Providers").
Wix may share personal information from the following categories with third party vendors for a business purpose:
· Identifiers, such as name, pseudonym, mailing address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifier.
· promotional personal data, such as personal data relating to products or services purchased, received or contemplated.
Wix is responsible for Personal Data it receives under the Privacy Shield and subsequently discloses to third parties as described in the Privacy Shield Principles. In particular, Wix remains responsible and liable under the Privacy Shield Principles if Third Party Providers process Personal Data on its behalf in a manner inconsistent with the Principles, unless Wix proves that it is not responsible for the event giving rise to the damage.
We may share the personal information of our users and our users' users with various third parties (certain service providers and law enforcement agencies, among others).
Personal data may only be disclosed in accordance with this policy.
Law Enforcement, Governmental Requests and Obligations: Wix may disclose or otherwise provide access to third parties to your personal information, in response to a government request, such as a subpoena, court proceeding, search warrant or court order, or if otherwise required by applicable law, if we believe in good faith that we are required to do so by law, even without notifying you.
Protection of Rights and Safety: Wix may share your personal information when we believe in good faith that doing so is necessary to protect the rights, property, or personal safety of Wix, one of our users or users of users, or a member of the public, even without notifying you.
Social Media Features and Framed Pages: Our Services include certain features, widgets and single sign-on features, such as the "Facebook Connect", "Google Sign-in", "Facebook Like" button, the "Share" button or other interactive mini-programs ("Social Media Features"). These Social Media Features may collect certain personal information, such as your IP address and the page you visit on our website, and may set a cookie to enable smooth use of these features. Social media features are either hosted by third parties or directly on our Services. Your interactions with such third-party social media features are subject to their policies and not ours.
In addition, our Services may allow you to share your Personal Data directly with third parties, such as through page framing techniques, to provide content to or obtain content from third parties or other parties, while maintaining the look and feel of our Website and Services ("Frames"). Please note that by choosing to interact or share personal information through such Frames, you are providing that information to said third parties and not to us, so those interactions and transfers of information are also subject to the policies of said third parties and not to ours.
App Market Developers: Under our App Market program, we allow third-party developers ("Third-Party Developers") to develop and offer their own applications through Wix's App Market ("Third-Party App(s)") in connection with Wix.
We encourage you to read the privacy policies of third party apps and contact the applicable third party developer for any further clarification you may need before deciding to install and use the third party apps. Wix has no control over and is not responsible for the actions or policies of Third Party Developers, so you use any Third Party Apps at your own risk.
You are solely responsible for informing Users of Users about the collection, processing, and use of their information, and for informing them that their information will be shared with Wix for processing on your behalf.
The transfer of personal data from subsidiaries and affiliates in the European Union and Switzerland to a Wix subsidiary in the United States is in accordance with the EU-US and Swiss-US Privacy Shield Framework Agreements.
In connection with a change in management: In addition, your personal information may be disclosed to the parties involved in a change of control of Wix or one of its affiliates (including by way of a merger, acquisition or sale of substantially all of its assets).
Where does the hosting partner store the data:
The personal data of our users and users of users may be stored in data centers in the United States, Ireland, South Korea, Taiwan and Israel. We may also involve other jurisdictions for the proper provision of our Services and/or if required by law (as further explained below).
Wix.com Ltd. is based in Israel, which is considered by the European Commission to provide adequate protection for personal data of citizens from EU member states.
Affiliates and third-party vendors of Wix that store or process your personal information on Wix's behalf have contractually agreed to protect that information in compliance with industry standards and whether or not lesser legal requirements apply in their jurisdictions.
Collection of access data and log files
We, or rather our hosting provider, collects on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Why do we collect this data?
We may use your information for the following purposes:
· to provide and operate our services;
· to develop, adapt and improve our services;
· to respond to your feedback, inquiries and requests and offer assistance;
· to analyze request and usage patterns;
· for other internal, statistical and research purposes;
· to be able to improve our data security and fraud prevention capabilities;
· to investigate violations and enforce our terms and policies, and to comply with applicable law, regulations or governmental requests;
· to send you updates, news, promotional material and other information related to our services. For promotional emails, you can decide for yourself whether you want to continue receiving them. If not, simply click on the unsubscribe link in these emails.
Who do we share this data with?
We may share your information with our service providers to operate our services (e.g., storing data via third-party hosting services, providing technical support, etc.).
We may also disclose your information in the following circumstances: (i) to investigate, detect, prevent or take action regarding illegal activities or other misconduct; (ii) to establish or exercise our rights of defense; (iii) to protect our rights, property or personal safety and the safety of our users or the public; (iv) in the event of a change of control of us or any of our affiliates (by way of merger, acquisition or purchase of (substantially) all of the assets, et al. a.); (v) to collect, maintain and/or manage your information through authorized third party vendors (e.g., cloud service providers) as appropriate for business purposes; (vi) to work with third party vendors to improve your user experience. For the avoidance of doubt, we would like to point out that we may transfer or disclose non-personal data to third parties or otherwise use it at our discretion.
Please note that our services allow social interactions (e.g., posting content, information, and comments publicly and chatting with other users). Please be advised that any content or data you provide in these areas may be read, collected, and used by others. We discourage posting or sharing information that you do not wish to make public. If you upload content to our digital assets or otherwise make it available as part of your use of a service, you do so at your own risk. We cannot control the actions of other users or members of the public with access to your data or content. You acknowledge and hereby agree that copies of your data may remain accessible even after it has been deleted from cached and archived pages or after a third party has made a copy/stored your content.
Cookies and similar technologies
When you visit or access our Services, we authorize third parties to use web beacons, cookies, pixel tags, scripts, and other technologies and analytics services ("Tracking Technologies"). These Tracking Technologies may allow third parties to automatically collect your information to improve the navigation experience on our Digital Assets, optimize their performance and provide a customized user experience, as well as for security and fraud prevention purposes.
Category: The user is NOT connected to an advertising service
We will not share your email address or other personal information with advertisers or advertising networks without your consent.
We may provide advertising through our Services and our digital assets (including websites and applications that use our Services) that may also be tailored to you, such as ads based on your recent website, device, or browser browsing behavior.
How do we protect the data?
The hosting service for our digital assets provides us with the online platform through which we can offer you our services. Your data can be stored via our hosting provider's data storage, databases and general applications. It stores your data on secure servers behind a firewall and it provides secure HTTPS access to most areas of its services.
Notwithstanding the measures and efforts taken by us and our hosting provider, we cannot and do not guarantee absolute protection and security of the data you upload, post or otherwise share with us or others.
For this reason, we ask that you establish strong passwords and, whenever possible, do not provide us or others with confidential information that you believe could cause you significant or lasting harm if disclosed. In addition, because e-mail and instant messaging are not considered secure forms of communication, we ask that you do not share confidential information through any of these communication channels.
How do we deal with minors?
User does NOT collect data from minors
The Services are not intended for users who have not reached the legal age of majority. We will not knowingly collect information from children. If you are under the age of majority, you should not download or use the Services or provide any information to us.
We reserve the right to request proof of age at any time so that we can verify whether minors are using our Services. In the event that we become aware that a minor is using our services, we may prohibit such users from accessing and blocking our services, and we may delete any information we have about such user. If you have reason to believe that a minor has disclosed data to us, please contact us as explained below.
Category: User collects data from minors
Children can use our services. However, if they want access to certain features, they may have to provide certain information. The collection of some data (including data collected through cookies, web beacons and other similar technologies) may be automatic. If we knowingly collect, use, or disclose data collected from a child, we will provide notice and obtain parental consent in accordance with applicable law. We do not condition a child's participation in an online activity on the child providing more contact information than is reasonably necessary to participate in that activity. We will only use the information we collect in connection with the services the child has requested.
We may also use a parent's contact information to communicate about the child's activities on the Services. Parents may review data we have collected from their child, prohibit us from collecting any more of your child's data, and request that any data we have collected be deleted from our records.
Please contact us to view, update or delete your child's information. To protect your child, we may ask you to provide proof of your identity. We may deny you access to the data if we believe your identity is questionable. Please note that certain data cannot be deleted due to other legal obligations.
Principles of data collection for this website offer
· the use of your personal data is necessary to perform or enter into a contract (for example, to provide you with the services themselves or customer service or technical support);
· the use of your personal data is necessary to comply with relevant legal or regulatory obligations, or
· the use of your personal data is necessary to support our legitimate business interests (provided that at all times this is done in a way that is proportionate and respects your data protection rights).
As an EU resident you can:
· request confirmation as to whether or not personal data concerning you is being processed and request access to your stored personal data and certain additional information;
· request the receipt of personal data that you have provided to us in a structured, common and machine-readable format;
· request the correction of your personal data stored by us;
· request the deletion of your personal data;
· object to the processing of your personal data by us;
· request the restriction of the processing of your personal data, or
· file a complaint with a supervisory authority.
Please note, however, that these rights are not unlimited and may be subject to our own legitimate interests and regulatory requirements. If you have general questions about the personal information we collect and how we use it, please contact us as indicated above.
In the course of providing the Services, we may transfer data across borders to affiliates or other third parties and from your country/jurisdiction to other countries/jurisdictions around the world. By using the Services, you consent to the transfer of your data outside the EEA.
If you are located in the EEA, your personal data will only be transferred to locations outside the EEA if we are satisfied that there is an adequate or comparable level of protection for personal data. We will take appropriate steps to ensure that we have adequate contractual arrangements in place with our third parties to ensure that appropriate safeguards are in place so that the risk of unlawful use, alteration, deletion, loss or theft of your personal data is minimized and that such third parties act at all times in accordance with applicable laws.
Rights under the California Consumer Protection Act
If you use the Services as a California resident, then you may be entitled to request access to and deletion of your information under the California Consumer Privacy Act ("CCPA").
More about social media, embedding and linking
We delete the requests if they are no longer necessary. We review the necessity every two years; Furthermore, the legal archiving obligations apply.
The follow-up comments can be subscribed to by users with their consent pursuant to Art. 6 para. 1 lit. a DSGVO. Users will receive a confirmation email to verify that they are the owner of the email address entered. Users can unsubscribe from ongoing comment subscriptions at any time. The confirmation email will include instructions on how to unsubscribe. For the purposes of proving users' consent, we store the sign-up point along with users' IP address and delete this information when users unsubscribe.
You can unsubscribe from our subscription service at any time, i.e. revoke your consents. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove consent formerly given. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.
Online presence in social media
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
Integration of third-party services and content
Within our online offer, we use content or service offers of third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) to integrate content or services offered by third-party providers, such as videos or fonts (hereinafter uniformly referred to as "content").
This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be combined with such information from other sources.
Use of Facebook social plugins
We use social plugins ("plugins") of the social network facebook.com on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white "f" on blue tile, the terms "Like", "Like" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook social plugins can be viewed here:
Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user calls up a function of this online offer that contains such a plugin, his or her device establishes a direct connection with Facebook's servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated by the latter into the online offer. In the process, usage profiles of the users can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged into
Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will learn and store his or her IP address. According to Facebook, only an anonymized IP address is stored in Germany.
If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her membership data stored on Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offer. Further settings and objections to the use of data for advertising purposes, are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
In the context of the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so pursuant to Art. 6 Para. 1 lit. c DSGVO.
We process usage data (e.g., the visited web pages of our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, e.g., to display product information to the user based on their previously used services.
Amazon Affiliate Program
ContactingWhen contacting us (e.g. by contact form, e-mail, telephone or via social media), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) lit. b) DSGVO. The user's details may be stored in a customer relationship management system ("CRM system") or comparable inquiry organization.