This data protection declaration informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as „data“) within our online offer and the websites, functions and content associated
with it, as well as external online presences, such as our social media profiles. (hereinafter collectively referred to as „online offer“). With regard to the terms used, such as „processing“ or „controller“, we refer to
the definitions in Article 4 of the General Data Protection Regulation (GDPR).
If you have general questions about the Services or the information we collect about you and how we use it, please contact us at:
MB Film Marc Boettcher
Address: Gütergotzer Straße 59, 14165 Berlin
Phone: +49 (0) 30 80 11 425
Fax: +49 (0) 30 80 11 425
Types of data processed:
– Inventory data (e.g., names)
– Contact data (e.g., e-mail, phone numbers)
– Content data (e.g., text input, photographs, videos)
– Usage data (e.g., web pages visited, interest in content, access times)
– Meta/communication data (e.g., device information, IP addresses)
Categories of persons concerned
Visitors and users of the online offer (hereinafter we also refer to the data subjects collectively as „users“).
Purpose of processing
– Provision of the online offer, its functions and contents.
– Answering contact requests and communication with users.
– Security measures.
– Reach measurement/marketing
„Personal data“ means any information relating to an identified or identifiable natural person (hereinafter „data subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular
by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural
or social identity of that natural person.
„Processing“ means any operation or set of operations which is performed upon personal data, whether or not by automatic means.
„Controller“ means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Relevant legal bases
The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 DSGVO, the legal basis for processing to fulfill our services and perform contractual measures and respond to inquiries is Art. 6(1)(b) DSGVO, the legal basis
for processing to fulfill our legal obligations is Art. 6(1)(c) DSGVO, and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) DSGVO.
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this shall only be done:
· on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the fulfillment of the contract according to Art. 6 para. 1 lit. b DSGVO),
· if you have consented
· a legal obligation provides for this
· or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called „order processing agreement“, this is done on the basis of Art. 28 DSGVO.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties,
this is only done if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions,
we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. DSGVO are met. This means that the processing is carried out, for example, on the basis of special guarantees,
such as the officially recognized determination of a level of data protection that corresponds to the EU (e.g. for the USA by the „Privacy Shield“) or compliance with officially recognized special contractual obligations
(so-called „standard contractual clauses“).
Rights of the data subjects
You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 of the GDPR.
You have according to. Art. 16 DSGVO the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
You have the right, in accordance with Art. 17 DSGVO, to demand that data concerning you be deleted without delay, or alternatively, in accordance with Art. 18 DSGVO, to demand restriction of the processing of the data.
You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 DSGVO and to request that it be transferred to other data controllers.
You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 DSGVO.
Right of withdrawal
You have the right to revoke given consents according to Art. 7 para. 3 DSGVO with effect for the future
Right of objection
You may object to the future processing of data relating to you in accordance with Art. 21 DSGVO at any time. The objection can be made in particular against the processing for purposes of direct marketing.
The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 DSGVO. Unless expressly stated within the scope of this data protection declaration, the data stored by us will
be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally
permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
According to legal requirements in Germany, data is stored for 6 years in accordance with Section 257 (1) of the German Commercial Code (commercial books, inventories, opening balances, annual financial statements, commercial
letters, accounting vouchers, etc.) and for 10 years in accordance with Section 147 (1) of the German Fiscal Code (AO) (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant
for taxation, etc.).
According to legal requirements in Austria, storage is carried out in particular for 7 years in accordance with Section 132 (1) BAO (accounting records, vouchers/invoices, accounts, receipts, business papers, statement of
income and expenditure, etc.), for 22 years in connection with real estate and for 10 years for documents in connection with electronically provided services, telecommunications, radio and television services provided to
non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.
The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which
we use for the purpose of operating this online offering.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer
on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO. Art. 28 DSGVO (conclusion of order processing contract).
Where does the hosting partner store the data:
The personal data of our users and users of users is stored in Germany.
Collection of access data and log files
We, or rather our hosting provider, collects on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO data about each access to the server on which this service is located (so-called server
log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer
URL (the previously visited page), IP address and the requesting provider.
Why do we collect this data?
We may use your information for the following purposes:
· to provide and operate our services;
· to develop, adapt and improve our services;
· to respond to your feedback, inquiries and requests and offer assistance;
· to analyze request and usage patterns;
· for other internal, statistical and research purposes;
· to be able to improve our data security and fraud prevention capabilities;
· to investigate violations and enforce our terms and policies, and to comply with applicable law, regulations or governmental requests;
· to send you updates, news, promotional material and other information related to our services. For promotional emails, you can decide for yourself whether you want to continue receiving them. If not, simply click
on the unsubscribe link in these emails.
Who do we share this data with?
We may share your information with our service providers to operate our services (e.g., storing data via third-party hosting services, providing technical support, etc.).
We may also disclose your information in the following circumstances: (i) to investigate, detect, prevent or take action regarding illegal activities or other misconduct; (ii) to establish or exercise our rights of defense;
(iii) to protect our rights, property or personal safety and the safety of our users or the public; (iv) in the event of a change of control of us or any of our affiliates (by way of merger, acquisition or purchase of (substantially)
all of the assets, et al. a.); (v) to collect, maintain and/or manage your information through authorized third party vendors (e.g., cloud service providers) as appropriate for business purposes; (vi) to work with third party
vendors to improve your user experience. For the avoidance of doubt, we would like to point out that we may transfer or disclose non-personal data to third parties or otherwise use it at our discretion.
Please note that our services allow social interactions (e.g., posting content, information, and comments publicly and chatting with other users). Please be advised that any content or data you provide in these areas may be
read, collected, and used by others. We discourage posting or sharing information that you do not wish to make public. If you upload content to our digital assets or otherwise make it available as part of your use of a service,
you do so at your own risk. We cannot control the actions of other users or members of the public with access to your data or content. You acknowledge and hereby agree that copies of your data may remain accessible even after
it has been deleted from cached and archived pages or after a third party has made a copy/stored your content.
Cookies and similar technologies
When you visit or access our Services, we authorize third parties to use web beacons, cookies, pixel tags, scripts, and other technologies and analytics services („Tracking Technologies“). These Tracking Technologies may allow
third parties to automatically collect your information to improve the navigation experience on our Digital Assets, optimize their performance and provide a customized user experience, as well as for security and fraud prevention
Category: The user is NOT connected to an advertising service
We will not share your email address or other personal information with advertisers or advertising networks without your consent.
How do we protect the data?
The hosting service for our digital assets provides us with the online platform through which we can offer you our services. Your data can be stored via our hosting provider’s data storage, databases and general applications.
It stores your data on secure servers behind a firewall and it provides secure HTTPS access to most areas of its services.
Notwithstanding the measures and efforts taken by us and our hosting provider, we cannot and do not guarantee absolute protection and security of the data you upload, post or otherwise share with us or others.
For this reason, we ask that you establish strong passwords and, whenever possible, do not provide us or others with confidential information that you believe could cause you significant or lasting harm if disclosed. In addition,
because e-mail and instant messaging are not considered secure forms of communication, we ask that you do not share confidential information through any of these communication channels.
How do we deal with minors?
User does NOT collect data from minors
The Services are not intended for users who have not reached the legal age of majority. We will not knowingly collect information from children. If you are under the age of majority, you should not download or use the Services
or provide any information to us.
We reserve the right to request proof of age at any time so that we can verify whether minors are using our Services. In the event that we become aware that a minor is using our services, we may prohibit such users from accessing
and blocking our services, and we may delete any information we have about such user. If you have reason to believe that a minor has disclosed data to us, please contact us as explained below.
Category: User collects data from minors
Children can use our services. However, if they want access to certain features, they may have to provide certain information. The collection of some data (including data collected through cookies, web beacons and other similar
technologies) may be automatic. If we knowingly collect, use, or disclose data collected from a child, we will provide notice and obtain parental consent in accordance with applicable law. We do not condition a child’s participation
in an online activity on the child providing more contact information than is reasonably necessary to participate in that activity. We will only use the information we collect in connection with the services the child has
We may also use a parent’s contact information to communicate about the child’s activities on the Services. Parents may review data we have collected from their child, prohibit us from collecting any more of your child’s data,
and request that any data we have collected be deleted from our records.
Please contact us to view, update or delete your child’s information. To protect your child, we may ask you to provide proof of your identity. We may deny you access to the data if we believe your identity is questionable.
Please note that certain data cannot be deleted due to other legal obligations.
Principles of data collection for this website offer
· the use of your personal data is necessary to perform or enter into a contract (for example, to provide you with the services themselves or customer service or technical support);
· the use of your personal data is necessary to comply with relevant legal or regulatory obligations, or
· the use of your personal data is necessary to support our legitimate business interests (provided that at all times this is done in a way that is proportionate and respects your data protection rights).
As an EU resident you can:
· request confirmation as to whether or not personal data concerning you is being processed and request access to your stored personal data and certain additional information;
· request the receipt of personal data that you have provided to us in a structured, common and machine-readable format;
· request the correction of your personal data stored by us;
· request the deletion of your personal data;
· object to the processing of your personal data by us;
· request the restriction of the processing of your personal data, or
· file a complaint with a supervisory authority.
Please note, however, that these rights are not unlimited and may be subject to our own legitimate interests and regulatory requirements. If you have general questions about the personal information we collect and how we use
it, please contact us as indicated above.
In the course of providing the Services, we may transfer data across borders to affiliates or other third parties and from your country/jurisdiction to other countries/jurisdictions around the world. By using the Services,
you consent to the transfer of your data outside the EEA.
If you are located in the EEA, your personal data will only be transferred to locations outside the EEA if we are satisfied that there is an adequate or comparable level of protection for personal data. We will take appropriate
steps to ensure that we have adequate contractual arrangements in place with our third parties to ensure that appropriate safeguards are in place so that the risk of unlawful use, alteration, deletion, loss or theft of your
personal data is minimized and that such third parties act at all times in accordance with applicable laws.
Rights under the California Consumer Protection Act
If you use the Services as a California resident, then you may be entitled to request access to and deletion of your information under the California Consumer Privacy Act („CCPA“).
More about social media, embedding and linking
We delete the requests if they are no longer necessary. We review the necessity every two years; Furthermore, the legal archiving obligations apply.
The follow-up comments can be subscribed to by users with their consent pursuant to Art. 6 para. 1 lit. a DSGVO. Users will receive a confirmation email to verify that they are the owner of the email address entered. Users
can unsubscribe from ongoing comment subscriptions at any time. The confirmation email will include instructions on how to unsubscribe. For the purposes of proving users‘ consent, we store the sign-up point along with users‘
IP address and delete this information when users unsubscribe.
You can unsubscribe from our subscription service at any time, i.e. revoke your consents. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove consent
formerly given. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed
at the same time.
Online presence in social media
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up
the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
Integration of third-party services and content
Within our online offer, we use content or service offers of third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the
meaning of Art. 6 para. 1 lit. f. DSGVO) to integrate content or services offered by third-party providers, such as videos or fonts (hereinafter uniformly referred to as „content“).
This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for
the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics,
also known as „web beacons“) for statistical or marketing purposes. The „pixel tags“ can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored
in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer,
as well as be combined with such information from other sources.
Use of Facebook social plugins
We use social plugins („plugins“) of the social network facebook.com on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art.
6 para. 1 lit. f. DSGVO) social plugins („plugins“) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Facebook“). The plugins can
display interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white „f“ on blue tile, the terms „Like“, „Like“ or a „thumbs up“ sign) or are marked
with the addition „Facebook Social Plugin“. The list and appearance of Facebook social plugins can be viewed here:
Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user calls up a function of this online offer that contains such a plugin, his or her device establishes a direct connection with Facebook’s servers. The content of the plugin is transmitted by Facebook directly to
the user’s device and integrated by the latter into the online offer. In the process, usage profiles of the users can be created from the processed data. We therefore have no influence on the scope of the data that Facebook
collects with the help of this plugin and therefore inform users according to our level of knowledge.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged into
Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from your device
directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will learn and store his or her IP address. According to Facebook, only an anonymized IP address is
stored in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and settings options for protecting the privacy of users, can be found in Facebook’s privacy
If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her membership data stored on Facebook, he or she must log out of Facebook and delete
his or her cookies before using our online offer. Further settings and objections to the use of data for advertising purposes, are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or
via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
In the context of the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other
unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so pursuant to Art. 6 Para. 1 lit. c DSGVO.
We process usage data (e.g., the visited web pages of our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, e.g., to display
product information to the user based on their previously used services.
Amazon Affiliate Program
Based on our legitimate interests (i.e. interest in the economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO. DSGVO), we are participants in the Amazon EU affiliate program, which was designed
that you have clicked the affiliate link on this website and subsequently purchased a product from Amazon.
ContactingWhen contacting us (e.g. by contact form, e-mail, telephone or via social media), the user’s details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) lit. b)
DSGVO. The user’s details may be stored in a customer relationship management system („CRM system“) or comparable inquiry organization.
Within our online offer, functions and contents of the service Twitter may be integrated, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include, for example, content such as
images, videos or texts and buttons with which users can announce their liking of the content, the authors of the content or subscribe to our posts. If the users are members of the Twitter platform, Twitter can assign the
call of the above-mentioned content and functions to the profiles of the users there. Twitter is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law ( Privacy
for changes. In the event of material changes, we will post a notice to that effect on our Website. Your continued use of the Services after we have posted a notice of changes on our Website will constitute your acknowledgement