Data Protection Notice
Every time a user accesses the website of the International Short Film Festival Oberhausen and every time a file is called up on that website, data on this process is temporarily stored and processed in a log file.
Before storage, each data record is anonymized by changing the IP address.
The following data are stored every time the website is accessed or a file on the website is called up:
· Anonymized IP address
· Date and time
· Page retrieved/ name of the retrieved file
· Data volume transferred
· Message on whether the access/retrieval was successful
These data are evaluated solely for statistical purposes and to improve our offerings and are subsequently deleted. The data are not used in any other way or passed on to third parties.
When individual pages are called up, so-called temporary, or session, cookies are used to facilitate navigation. These session cookies do not contain any personal data and expire at the end of the session.
If the user is asked to provide a postal address and/or email address within the scope of an enquiry or request for personalized services, these addresses will be used exclusively to deliver the services requested.
Data Protection Notice – effective from 25 May 2018
Festival Director Dr. Lars Henrik Gass
Address: Grillostrasse 35, 46045 Oberhausen
Phone number for main office: 0208 825-2652
Email address for main office: firstname.lastname@example.org
2. Purpose and legality of data processing
The International Short Film Festival Oberhausen (referred to in the following as the Festival) processes your personal data only for the purposes stated in this Data Protection Notice and in accordance with Art. 6 of the General Data Protection Regulation (EU) 2016/679 (referred to in the following as GDPR). Your personal data will not be passed on to third parties for purposes other than those specifically mentioned. We pass your personal data on to third parties only when one of the following cases applies:
· You have given us your express consent to do so
· The processing of this data is necessary to conclude a contract with you
· The processing of this data is necessary to fulfil a legal obligation
· The processing of this data is necessary to protect legitimate interests and there is no reason to believe that you have an overriding and legitimate interest in not disclosing your data
3. Rights affected
You can exercise at any time the following rights set forth in the GDPR, using the contact details we have provided for our Data Protection Officer:
a) Right of access by the data subject – Art. 15 GDPR
The right of access entitles the data subject to full access to information on the processing of her/his personal data and on other important criteria such as the purposes of such processing and how long the data will be stored. The exceptions to this right apply as set forth in § 34 of the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).
b) Right to rectification – Art. 16 GDPR
The right to rectification entitles the data subject to have incorrect personal data that concerns her/him corrected without undue delay.
a) Right to erasure – Art. 17 GDPR
The right to erasure entitles the data subject to have personal data that concerns her/him erased by the data controller without undue delay. However, this is only possible if the personal data concerning her/him are no longer necessary or have been processed illegally, or if consent to such processing has been revoked. The exceptions to this right apply as set forth in § 35 of the German Federal Data Protection Act.
d) Right to restriction of processing – Art. 18 GDPR
The right to restriction of processing entitles the data subject to restrict the further processing of her/his personal data for the time being. Such processing can be restricted above all while other rights that can be exercised by the data subject are being verified.
e) Right to data portability – Art. 20 GDPR
The right to data portability entitles the data subject to receive from the data controller the personal data s/he has provided in a commonly used, machine-readable format in order, for example, to transmit those data to another controller. According to Art. 20 para. 3 sentence 2 GDPR, however, this right does not apply to data processing necessary to perform a task that serves the public interest.
a) Right to object – Art. 21 GDPR
The right to object entitles the data subject to object to the further processing of her/his personal data on grounds relating to her/his particular situation, insofar as the performance of public duties or the existence of public or private interests do not require such processing. According to § 36 of the German Federal Data Protection Act, this right does not apply if a public authority is legally obliged to process the relevant data.
If you have given us your consent to process your personal data, you can revoke this consent at any time, effective immediately and for the future.
You may lodge a complaint at any time with the regulatory authority responsible for you. Which regulatory authority is responsible for you depends on which federal state you reside in, what work you do, and the alleged infringement. A list of regulatory authorities (for the private sector) and their addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
4. Festival homepage
Every time a user accesses the website of the International Short Film Festival Oberhausen and every time a file is called up, data on this process is temporarily stored and processed in a log file by means of so-called “cookies”. The information in these log files may include:
· Your web browser
· The operating system used
· Your internet provider
· Anonymized IP address
· Date and time
This information is technically necessary to correctly deliver the content you would like to call up on web pages and to enable you to use the internet. The information is processed in particular for the following purposes:
· To ensure a trouble-free connection to the website
· To ensure smooth use of our website
· To evaluate system security and stability
· Other administrative purposes
We do not use your data to draw conclusions about you personally. The recipients of the data are limited to the data controller and in some cases also persons contracted to process the data.
We may statistically evaluate anonymous information of this kind in order to optimize our website and the technology behind it.
Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent.
When individual pages are called up, so-called “session cookies” are used to facilitate navigation. These session cookies do not contain any personal data and expire at the end of the session.
5. Registering on our website
When you register to use our personalized services, some personal data will be collected from you, including your name and address and also contact and communication data such as your phone number and email address. Once you register, you can access content and services that we only provide to registered users. Upon request, we will of course inform you at all times about the personal data we have stored about you. As a registered user, you also have the option of changing or deleting at any time the data you provided at registration if you need to, provided there are no legal storage obligations to the contrary. To contact us in this connection, please use the contact details provided at the end of this Data Protection Notice.
6. SSL encryption
To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.
If you have given us your express consent, we will regularly send you our newsletter or our special information bulletins for industry insiders by email to the address you have provided.
To receive the newsletter, you need to give us only your email address. When you subscribe to our newsletter and/or our information bulletins, the data you provide will be used exclusively for this purpose. Subscribers may also be notified by email of circumstances relevant to the service or their subscription (e.g., changes to the newsletter or technical circumstances).
For your subscription to function, we need a valid email address. In order to verify that the subscription has in fact been made by the owner of the email address, we will from now on use the “double opt-in” procedure. For this purpose we keep a log of the subscription to the newsletter, the sending of a confirmation email and the receipt of the requested reply. Further data are not collected. The data are used exclusively for sending out the newsletter and information bulletins and will not be passed on to third parties.
You can revoke at any time your consent to the storage of your personal data and its use for sending newsletters and information bulletins. Each mailing contains a corresponding link. Alternatively, you can also unsubscribe at any time directly on this website or inform us of your request by using the contact option at the end of this Data Protection Notice.
8. Embedded YouTube/Vimeo videos
We embed videos on some of our web pages. The operators of the corresponding plug-ins are:
· YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA
· Vimeo, LLC, with headquarters at 555 West 18th Street, New York, NY 10011, USA
When you visit a page with the YouTube/Vimeo plug-in, a connection is made to servers operated by the respective provider. The provider is then informed of which pages you are visiting. If you are logged into your account with the provider, your surfing behaviour can be associated with you personally. You can prevent this by logging out of your YouTube/Vimeo account beforehand.
If you have disabled the storage of cookies for the Google Ad program, you need not expect such cookies when viewing YouTube videos. But YouTube also stores non-personal usage information in other cookies. If you would like to prevent this, you must change your browser settings to block cookies.
For further information on data protection on YouTube, see the provider’s own data protection notice at: https://www.google.de/intl/en/policies/privacy/
For further information on data protection at Vimeo, see the provider’s own data protection notice at: https://vimeo.com/privacy
9. Social plug-ins
We use social plug-ins on our web pages from the providers listed below. These plug-ins are labelled with the corresponding logo for ease of recognition.
These plug-ins may be used to send information to the service provider, which may include personal data, and the service provider may make use of this information. We prevent the inadvertent and unwanted collection of data and its transmission to the service provider through a 2-click solution. The desired social plug-in must therefore first be activated by clicking on the corresponding button. Only once the plug-in has been deliberately activated can data be collected and transmitted to the respective service provider. We ourselves do not collect any personal data via the social plug-ins or any information on their use.
We have no control over what data an activated plug-in collects and how this data is used by the respective provider. At present, it must be assumed that a direct connection to the provider’s services will be established and that at least the user’s IP address and device-related information will be recorded and used. It is also possible that the service provider will try to save cookies on the user’s computer. To find out which specific data is collected and how it is used, please refer to the data protection notice of the respective service provider. Note: If you are logged into Facebook while using our website, Facebook can identify you as a visitor to a specific page.
We have integrated the social media buttons of the following companies on our website:
10. Changes to our Data Protection Notice
We reserve the right to revise this Data Protection Notice to ensure that it complies at all times with current legal requirements or to reflect changes in our services, for example when introducing new services. The revised Data Protection Notice will then apply for your next visit to our website.
This Data Protection Notice was drafted with the help of the Data Protection Notice Generator from activeMind AG.