Our website can generally be used without the provision of personal data. However, the processing of your personal data may become necessary if you use our company's services through our website.
The data collected automatically when you visit our website or the personal data you input when you use our services will be processed in accordance with the current legal provisions for the protection of personal data. If the processing of your personal data is necessary and there is no legal basis for such processing, we will always obtain consent for the necessary processing purpose.
As the company responsible for processing, we have laid down technical and organisational measures to ensure the highest possible level of protection of your personal data.
However, please note that there may be security gaps with respect to data transmission via the World Wide Web. You may also contact us by telephone if you would like to use our company's services and do not wish to transmit data via the World Wide Web.
1. Controller’s contact details
The Controller within the meaning of the General Data Protection Regulation is:
Filmakademie Baden-Württemberg GmbH
Tel.: +49 7141 969 0
The following person has been appointed Data Protection Officer:
Coseco GmbH, Telephone: +49 8232 80988-70 Email: firstname.lastname@example.org
2. Collection of general access information
The server log file information that your browser transmits to us every time you visit our website will be recorded automatically. These are:
1. the accessing computer’s IP address (internet protocol address)
2. The website from which you visit us (referrer);
3. The webpage that you visit on our site;
4. date and duration of your visit;
5. Browser type and settings;
6. Operating system.
Please note that this data cannot be assigned to specific persons. We will only use this technical access information for the following purposes:
1. To improve our websites’ attractiveness and usability;
2. To detect technical problems on our website at an early stage.
3. To deliver the contents of our website correctly;
4. To provide law enforcement agencies with the information necessary for prosecution in the event of a cyberattack.
5. To collect information about our marketing tools.
This data will be stored for a maximum of 7 days as a technical precaution to protect the data processing systems against unauthorized access.
3. Collection and passing on of personal data
We will only use your personal data for the purposes stated on this data protection information page. Our website has the following input masks for the collection of personal data:
3.1 Making contact by e-mail
On our website, we offer you the option of contacting us by e-mail. The personal data you transmit will be stored automatically if you contact us by e-mail. Such personal data which you provide to us voluntarily will be stored for the purpose of processing your inquiry or contacting the person concerned. This personal data will not be passed on to third parties.
4. Deletion, blocking and duration of the storage of personal data
We will only process and store your personal data for the period of time required to achieve the respective storage purpose or which is stipulated by law. After a storage purpose ceases to subsist or after expiry of the statutorily stipulated storage period, the personal data will be routinely blocked for further processing or deleted in accordance with the statutory provisions.
5. Data subject’s privacy rights
You can contact us in writing at any time if you have any questions about your personal data. You have the following rights under the GDPR:
5.1 Right to information (Article 15 GDPR)
You have the right to receive information at any time about which categories and information concerning your personal data we are processing for which purpose and how long and according to which criteria these data will be stored, and whether an automated decision-making process including profiling has been applied in this connection. You also have the right to know to which recipients or categories of recipients your data has been or is still being disclosed, in particular recipients in third countries or international organisations. In this case, you also have the right to be informed about appropriate safeguards in connection with the transmission of your personal data. In addition to the right to lodge complaints with the supervisory authority and the right to information about your data’s provenance, you have the right to have your personal data erased and rectified and the right to restrict or object to the processing of your personal data. In all the above cases, you have the right to request a free copy of your personal data that we have processed from the data processor. We are entitled to charge an appropriate administrative fee for all additional copies that you request or which go beyond the data subject's right to information.
5.2 Right to rectification (Article 16 GDPR)
You have the right to request the immediate rectification of your incorrect personal data and, taking into account the purposes of the processing, to request the completion of incomplete personal data including by means of providing a supplementary statement. You can contact our data protection officer or the data controller at any time if you wish to exercise your right to rectification.
5.3 Right to erasure (Article 17 GDPR)
You have the right to demand the immediate erasure of your data (“right to be forgotten”) especially if the storage of the data is no longer necessary, if you revoke your consent to data processing, if your data was processed unlawfully or was collected unlawfully and if there is a legal obligation to erase under EU or national law. However, the right to be forgotten shall not apply if there is an overriding right to freedom of expression or information, if data storage is necessary for the fulfilment of a legal obligation (e.g. storage obligations), if archiving purposes prevent erasure or if the storage serves to establish, exercise or defend legal claims.
5.4 Right to restriction of processing (Article 18 GDPR)
You have the right to request the controller to restrict the processing of your data if you dispute the data's accuracy, if the processing is unlawful and you oppose the erasure of your personal data and instead request a restriction of its processing, if the necessity for the processing purpose ceases or if you have objected to the processing in accordance with Article 21(1), as long as it is has not yet been established whether there are any legitimate reasons on our part which outweigh yours.
5.5 Right to data portability (Article 20 GDPR)
You have the right to the portability of your personal data which you have provided to our company in a standard format, so that you can have your personal data transmitted to another controller without hindrance, provided, for example, that you have given your consent and the processing is carried out using an automated procedure.
5.6 Right to object (Article 21 GDPR)
You have the right to object at any time to the collection, processing or use of your personal data for the purposes of direct advertising or market and opinion research as well as general business data processing, unless we can prove compelling reasons worthy of protection for processing which outweigh your interests, rights and freedoms. Furthermore, you cannot exercise your right to object if a statutory provision stipulates or requires the data’s collection, processing or use.
5.7 Right to lodge a complaint with the Data Protection Supervisory Authority (Article 77 GDPR in conjunction with Section 19 of the German Federal Data Protection Act)
You have the right to lodge a complaint with the competent supervisory authority if you believe there has been an infringement in the processing of your personal data.
5.8 Right to withdrawal of consent (Art. 7(3) GDPR)
You can withdraw your consent to the processing of your personal data at any time and without giving reasons. This also applies to the revocation of declarations of consent given to us prior to the EU General Data Protection Regulation’s entry into force.
6. Legal basis of the processing
Article 6(1)(a) of the General Data Protection Regulation (GDPR) is the legal basis for the processing of personal data for which we obtain the data subject’s consent. Article 6(6) GDPR is the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a contractual party. This provision also covers processing operations necessary to implement pre-contractual measures. Article 6(1)(c) GDPR is the legal basis for a processing of personal data necessary to fulfil a legal obligation to which our company is subject. Article 6(1)(f) GDPR is the legal basis for processing that is necessary to protect a legitimate interest of our company or a third party, and if the data subject’s interests, fundamental rights and freedoms do not outweigh the first-mentioned interest. Our company’s legitimate interest lies in the performance of our business activities and in the analysis, optimisation and maintenance of our online offer’s security.
7. Transfer of data to third parties
8. Statutory or contractual provisions concerning the provision of personal data and the possible consequences of non-provision
Please note that in specific cases (e.g. tax regulations) the provision of personal data is prescribed by law or may result from contractual regulations (e.g. information concerning the contractual partner(s)). For instance, the conclusion of a contract may require the respective person/contractual partner to make available their personal data so that we can process their request (e.g. an order) in the first place. An obligation to provide personal data arises especially when concluding contracts. In such cases, a contract cannot be concluded with the person concerned if no personal data is provided. A data subject may contact our data protection officer or the data controller before providing personal data. The data protection officer or the controller shall then inform the data subject whether the provision of the required personal data is statutorily or contractually stipulated or is necessary for the contract’s conclusion, and whether the data subject's concerns give rise to an obligation to provide the personal data or what consequences the failure to provide the requested data will have for the data subject.
9. Existence of an automated decision-making process
As a responsible company, we refrain from automatic decision-making or profiling in our business relations.