Our service is subject to the strict German data protection law and we are anxious to treat your data with the greatest care. Here you can find out which data we collect and how it is processed and used.
The party responsible for this website (the "controller") for purposes of data protection law is:
DFF – Deutsches Filminstitut & Filmmuseuem e.V.
60596 Frankfurt am Main
Telephone: +49 (0) 69 961 220 0
Data Security Engineer
If you have any questions about we processes your data in accordance with data protection regulations, you can contact our data protection officer:
a) Visiting the website
When you visit our website, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
The data mentioned will be processed by us for the following purposes:
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f DSGVO. Our justified interest follows from the purposes listed above for the collection of data. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.
b) During registration and use of the offer
If you want to take advantage of the full range of services, e.g. watching movies, you have to register and purchase a subscription. Your personal data will be entered into an input mask, transmitted to us and stored. We collect the following data:
User account and watchlist
With registration, a user account with your e-mail address is considered to have been created. In the user account, films marked by the user (watch list), a child viewing PIN (if applicable) and the language setting are permanently stored.
Furthermore, your individual transaction data is stored:
The collection of this data is carried out,
As part of the registration process, you will be asked for your consent to process this data.
The data processing is carried out upon your registration and is required in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO for the above-mentioned purposes for the appropriate processing of your use of ours.
The personal data collected by us will be stored until the expiration of the legal storage obligation and deleted thereafter, unless we are obligated to store the data for a longer period of time according to article 6 paragraph 1 sentence 1 lit. c DSGVO due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have consented to a storage beyond that according to article 6 paragraph 1 sentence 1 lit. a DSGVO.
c) On payment
For payment we work together with the external payment provider PayPal. PayPal provides the technical infrastructure for processing the payments. PayPal is a TÜV-certified means of payment: TÜV-Saarland has awarded PayPal the title "Certified Online Payment System". The multi-level test procedure includes, among other things, data protection management and the technical requirements for data encryption.
We ourselves do not store any of your payment information (account data, credit card number, etc.) - with the exception of the payment method (PayPal, credit card).
d) When playing a movie (Intertrust ExpressPlay)
Our movies are copyrighted. To view the movies it is necessary to use the service "Intertrust ExpressPlay" of Intertrust Technologies Corporation, 920 Stewart Drive, Sunnyvale, CA 94085, USA (Intertrust). To do this, the user browser connects to Intertrust's license servers to retrieve the keys required to decrypt the movies. The browser transmits the data required for proper viewing to Intertrust's servers, including the user's IP address.
If processing is carried out by us in this context, the legal basis is Art. 6 para. 1 sentence 1 lit. b) DSGVO, as well as Art. 6 para. 1 sentence 1 lit. f) DSGVO.
The described data exchange is necessary for the presentation and playback of the films within the scope of our contractual offer. It also serves to prevent misuse. Our legitimate interest also lies in the aforementioned reasons, provided that we process the data in the process.
The Intertrust keys provided for decryption are valid for a limited period of time. We do not store any further information about the use of Intertrust services. The other data will be deleted as soon as they are no longer required for the purpose for which they were collected.
e) When using our contact form
If you have any questions, we offer you the possibility to contact us via a form provided on the website. We require a name, a valid e-mail address and your request so that we know who sent the request and can answer it. Further information can be provided voluntarily.
Data processing for the purpose of contacting us is carried out in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO on the basis of your voluntary consent.
The personal data collected by us for the use of the contact form will be deleted by us after we have received your request.
Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:
You have the right:
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
If you wish to make use of your right of revocation or objection, an e-mail to firstname.lastname@example.org is sufficient.
We use the common SSL procedure (Secure Socket Layer) within the website visit in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.