Privacy Policy

Privacy Policy

Our service is subject to the strict German data protection law and is anxious to treat your data with the greatest care. Here you can find out which data we collect and how it is processed and used.

Information about us as controllers of your data

The party responsible for this website (the "controller") for purposes of data protection law is:

Kinemathek Hamburg e.V.

Kalkhof 7

D-20354 Hamburg

Germany

represented by Martin Aust (Managing Director)

Email: info@kinemathek-hamburg.de

Telephone: ++49 (0)40 34 23 53

Data Security Engineer

If you have any questions about we processes your data in accordance with data protection regulations, you can contact our data protection officer:

Martin Aust

aust@kinemathek-hamburg.de

Collection and storage of personal data and the nature and purpose of their use

a) Visiting the website

When you visit our website, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The data mentioned will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website,
  • To ensure a comfortable use of our website,
  • Evaluation of system safety and stability as well as
  • for other administrative purposes.

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f DSGVO. Our justified interest follows from the purposes listed above for the collection of data. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

b) During registration and use of the offer

If you want to take advantage of the full range of services, e.g. watching movies, you have to register and purchase a subscription. Your personal data will be entered into an input mask, transmitted to us and stored. We collect the following data:

  • first name, last name,
  • date of birth
  • a valid e-mail address,
  • password

User account and watchlist

With registration, a user account with your e-mail address is considered to have been created. In the user account, films marked by the user (watch list), a child viewing PIN (if applicable) and the language setting are permanently stored.

Furthermore, your individual transaction data is stored:

  • IP address
  • Date of use
  • Type of use (subscription or TVoD)
  • Streamed title
  • Streaming time

The collection of this data is carried out,

  • to be able to identify you as our customer;
  • to be able to provide you with our offer;
  • for correspondence with you;
  • to ensure the technical administration of our website;
  • to manage our customer data.

As part of the registration process, you will be asked for your consent to process this data.

The data processing is carried out upon your registration and is required in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO for the above-mentioned purposes for the appropriate processing of your use of ours.

The personal data collected by us will be stored until the expiration of the legal storage obligation and deleted thereafter, unless we are obligated to store the data for a longer period of time according to article 6 paragraph 1 sentence 1 lit. c DSGVO due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have consented to a storage beyond that according to article 6 paragraph 1 sentence 1 lit. a DSGVO.

c) On payment

For payment we work together with the external payment provider PayPal. PayPal provides the technical infrastructure for processing the payments. PayPal is a TÜV-certified means of payment: TÜV-Saarland has awarded PayPal the title "Certified Online Payment System". The multi-level test procedure includes, among other things, data protection management and the technical requirements for data encryption.

We ourselves do not store any of your payment information (account data, credit card number, etc.) - with the exception of the payment method (PayPal, credit card).

The storage of your payment information is exclusively carried out by the external and certified payment systems of PayPal. PayPal's privacy policy can be found here.

d) When playing a movie (Intertrust ExpressPlay)

Our movies are copyrighted. To view the movies it is necessary to use the service "Intertrust ExpressPlay" of Intertrust Technologies Corporation, 920 Stewart Drive, Sunnyvale, CA 94085, USA (Intertrust). To do this, the user browser connects to Intertrust's license servers to retrieve the keys required to decrypt the movies. The browser transmits the data required for proper viewing to Intertrust's servers, including the user's IP address.

If processing is carried out by us in this context, the legal basis is Art. 6 para. 1 sentence 1 lit. b) DSGVO, as well as Art. 6 para. 1 sentence 1 lit. f) DSGVO.

The described data exchange is necessary for the presentation and playback of the films within the scope of our contractual offer. It also serves to prevent misuse. Our legitimate interest also lies in the aforementioned reasons, provided that we process the data in the process.

The Intertrust keys provided for decryption are valid for a limited period of time. We do not store any further information about the use of Intertrust services. The other data will be deleted as soon as they are no longer required for the purpose for which they were collected.

Further information can be found in Intertrust's privacy policy: www.intertrust.com/privacy-policy/

e) When using our contact form

If you have any questions, we offer you the possibility to contact us via a form provided on the website. We require a name, a valid e-mail address and your request so that we know who sent the request and can answer it. Further information can be provided voluntarily.

Data processing for the purpose of contacting us is carried out in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO on the basis of your voluntary consent.

The personal data collected by us for the use of the contact form will be deleted by us after we have received your request.

Data transfer

Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:

  • you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO,
  • the transfer in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO for the purpose of asserting, exercising or
  • You are not required to provide us with any information that is necessary for the defense of any legal claim and there is no reason to believe that you have an overriding legitimate interest in not disclosing your information,
  • in the event that there is a legal obligation to pass on data pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO, and
  • this is legally permissible and required for the execution of contractual relationships with you pursuant to Art. 6 Para. 1 S. 1 lit. B DSGVO.

rights of data subjects

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you may request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, unless it has been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 DSGVO to immediately request the correction of incorrect or incomplete personal data stored by us;
  • to demand the deletion of your personal data stored by us in accordance with Art. 17 DSGVO, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • to demand the restriction of the processing of your personal data in accordance with Art. 18 DSGVO if the accuracy of the data is disputed by you, the processing is unlawful but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;
  • in accordance with Art. 20 DSGVO, to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request transmission to another responsible person;
  • in accordance with Art. 7 Para. 3 DSGVO to revoke your consent once given to us at any time. The consequence of this is that we may no longer continue the data processing based on this consent in the future, and
  • to complain to a supervisory authority pursuant to Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or our office.

right of revocation – deletion of data

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.

If you wish to make use of your right of revocation or objection, an e-mail to aust@kinemathek-hamburg.de is sufficient.

data security

We use the common SSL procedure (Secure Socket Layer) within the website visit in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

topicality and change of this data protection explanation

This privacy policy is currently valid and as of april 2021. Due to the further development of our website and offers about it or due to changed legal or official requirements, it may be necessary to change this privacy policy.