Data Privacy Statement of Film- und Medienfestival gGmbH for OnlineFestival.ITFS.de

We are pleased that you are visiting our website and would like to thank you for your interest. Protecting the privacy of our website visitors’ personal data is a key concern of ours, which is why we ask you to kindly take note of the information provided be-low.
In the following provisions we inform you about the collection, processing and use of your personal data in connection with your visit and use of the service offer on our website.
This Data Privacy Statement can be stored and printed.

1. Controller/ Data Protection Officer
1.1. Controller
The controller of the data collection, data processing and data use is the operator of the website onlinefestival.ist.de:

Film- und Medienfestival gGmbH
Stephanstr. 33
D-70173 Stuttgart, Germany
Tel: +49-(0)711-92546-0
Fax: +49-(0)711-92546-150
E-mail: kontakt@festival-gmbh.de

1.2. Data Protection Officer
The contact data of the Data Protection Officer is:
Thomas Lang
Oberer Kirchhaldenweg 9 b
70195 Stuttgart
datenschutz@festival-gmbh.de

2. Basic principles
We collect and process your personal data in compliance with the relevant statu-tory regulations, in particular with the General Data Protection Regulation (here-inafter referred to as: “GDPR”) and with the provisions of the German Federal Data Protection Act (hereinafter referred to as: “BDSG”) and in accordance with the provisions set out below.

3. Terminology
3.1. Personal Data
The term personal data means any information relating to an identified or identi-fiable natural person. This includes, for example, name, address, telephone number, e-mail address, IP address, user name, password, and information on the websites which have been viewed by a visitor.
3.2. Data subject
The data subject is every identified or identifiable natural person whose personal data is processed by the controller responsible for the processing or by a pro-cessor on behalf of the controller.
3.3. Processing
Processing means any operation or set of operations which is performed on personal data, whether or not by automated means. This includes collection, re-cording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise mak-ing available, alignment or combination, restriction, erasure or destruction.
3.4. Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting the processing thereof in the future.
3.5. Controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
3.6. Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
3.7. Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not.
3.8. Third Party
Third Party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the di-rect authority of the controller or processor, are authorised to process the per-sonal data.
3.9. Consent
Consent of the data subject means any freely given, specific, informed and un-ambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. Collection, processing and use of your personal data when you visit our website
4.1. Log files
Every time you access our website, the respective Internet browser transmits specific user data and stores it in log files, the so-called server log files. The data concerned is as follows:
– date and time when you access our website
– URL of the website you are referred from
– the file retrieved
– the amount of data transmitted
– the browser type and browser version
– your operating system
– your IP address.
This data is collected and processed for the purpose of enabling you to use our website (establish the connection), to guarantee system security, for technical administration of the network infrastructure, to pass information on to the law en-forcement authorities in the event of a cyber attack or abuse, and in order to op-timize our offer.
The data is stored for 7 days. It is then erased – subject to any statutory storage obligations or storage requirements of public authorities.
The legal basis for the collection, storage and use of this data is our legitimate interest in being able to make the information on our website available to you free of any impairment and in guaranteeing the necessary security (Art. 6 (1) sentence 1 (f) GDPR).

4.2. Establishing general contact
If, in order to receive general information or to order our commemorative publica-tion or a festival DVD, you contact us by e-mail, by means of the postal service or on the telephone, then depending on the transmission route you choose, we collect, store and process your form of address, your e-mail address, your first name and last name, your address and the content of your message. If you vol-untarily provide us with more data than is necessary for the chosen transmission route, then we also store and process this data.
If you contact us by using our contact form, we collect, store and process your e-mail address and the content of the message sent to us. These are mandatory details. In addition, you can also voluntarily provide us with your first name and last name.
Please note that we do not need the data you provide on a voluntary basis in or-der to reply to your messages and you should check carefully whether or not you wish to disclose this data to us.
After the communications with you have been concluded, this data will be rou-tinely erased – provided that there are no statutory storage obligations or stor-age requirements of public authorities or unless the lawfulness of the data pro-cessing is grounded on a different legal basis. This erasure is carried out no later than one year after we have had no further communications with you.
The legal basis for processing your personal data is our legitimate interest in communicating with you in order to reply to your messages and to be able to an-swer your questions (Art. 6 (1) sentence 1 (f) GDPR).

4.2.1. Registration
You are re-routed to the special website itfs.picturepipe.net for the purpose of registration. During the course of registration, we collect, store and process your e-mail address, your first name and last name, your address (street, postal code, town/city, country). This information is mandatory. You can also provide us with the following additional information on a voluntary basis: The name of the under-taking you work for and on whose behalf you are attending and the position you hold in this undertaking.
Please note that we do not need the data you provide on a voluntary basis in or-der for you to take part in the competitions and you should check carefully whether or not you wish to disclose this data to us.
The legal basis for processing your personal data is in order to take steps for participation at our event prior to entering into a contract and/or for the perfor-mance of the contract with you as attendee at the event (Art. 6 (1) sentence 1 (b) GDPR).

4.3. Cookies and tracking tools
4.3.1. Cookies
We use so-called cookies. Cookies are alphanumeric identification characters (small text files) which are either stored briefly in your working memory and then deleted again as soon as you close your browser (“session cookies”) or stored in your storage medium over a longer period or for an unlimited period of time (“permanent cookies”). They can be subdivided into the following categories:

4.3.1.1. Necessary cookies
We use cookies that are strictly necessary from a technical perspective to hold the connection while you visit our website, to guarantee the security of commu-nications and to protect our systems against attack. Without these cookies it is not possible to provide the website. The website cannot function securely with-out these cookies.
We use the following necessary cookies:

Name Cookie provider Cookie Description Storage
duration
ITFS itfs..de _current_language Keeps the Permanent
current 24 hours
language set
WordPress itfs.de nm_transient_id Assigns a unique ID to every website visitor. If the visitor revisits the website, a new ID is assigned. Session

 

The legal basis for the use of these cookies is our legitimate interest, pursuant to Art. 6 (1) sentence 1 (f) GDPR, to enable you to have secure and disruption-free use of the functionalities of our website.
4.3.1.2. Statistics cookies (tracking cookies)
Statistics cookies enable us to understand the way visitors use our website by collecting and evaluating information. This helps us to continually improve our website and, by doing this, to also increase convenience for you when you use it.
We only use statistics cookies in connection with implementing the analysis software Google Analytics (see sub-sec. 4.6.2.). Please note that we only use Google Analytics with IP anonymisation (see sub-sec. 4.6.2.).

Name Cookie provider Cookie Description Storage period
Google Analytics Google LLC _ga Statistics tool (generates statistics on use relating to visitors’ interaction with the website, without identifying the user personally). Registers a unique ID which is used to obtain statistical data on the usage behaviour of the website user. Permanent
https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631  2 years
Google Analytics Google LLC https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631 _gid Permanent
24 hours
Google Analytics Google LLC dc_gtm_UA-8201980-1 Statistics and analysis tool Permanent
https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631 (use of the Google Analytics ID for the DoubleClick Campaign Manager to analyse and track the success of an advertising campaign) is used to control the loading of the Google Analytics tag. 24 hours
Google Analytics itfs.de Opt-out status Stores the consent given to analysis for statistics purposes and to the associated provision of data to Google. Google Analytics is unblocked by this cookie.

The legal basis for the use of these cookies is your consent pursuant to Art. 6 (1) sentence. 1 (a) GDPR. These cookies are not implemented without your explicit consent.

4.3.1.3. External media / social media
We incorporate external media in our website in order to design our offer in a manner which is more interesting and informative for you. As data on your use of our website is transmitted to the operators of the external media in these cases, we require your consent in order to do so. The cookies that are used either block or unblock access to the external media, depending on the option you choose.

Name Provider Cookie Description Storage
period
Google itfs.de Opt-out status Stores the consent given to the use of and data transmission to external media and unblocks the content of these external media
Maps
https://policies.google.com/privacy?hl=de
Youtube itfs.de Opt-out status
https://policies.google.com/privacy?hl=de

The legal basis for the use of external media is your consent pursuant to Art. 6 (1) sentence 1 (a) GDPR. The external media set out above are not im-plemented without your explicit consent.

4.3.1.4. Deactivation of cookie settings
You can allow or refuse to allow the use of cookies in our cookie settings [a link]. Alternatively, in your browser settings, you can refuse to allow cookies in gen-eral, erase them from your computer, block them or activate the function that en-sures you are always asked before a cookie is set. You do not have to allow cookies to visit our website. We do point out, however, that the use of the of-fer on our website, especially the convenience of use, might be restricted if you have deactivated cookies.
The following examples show you how to deactivate cookies:
Internet Explorer browser:
1. Open the Internet Explorer.
2. Select “Internet Options” in the menu “Tools”.
3. Click on the “Privacy” tab.
4. Click on “Advanced” under the sub-heading “Settings”
5. You can now choose whether to accept all cookies, block all cookies or prompt approval of the cookies.
6. You confirm your setting by pressing “OK”.

Firefox browser:
1. Open the Firefox browser.
2. Select “Options” from the main menu (three lines) in the top right corner
3. Click on the “Privacy & Security” tab.
4. In the section “Enhanced Tracking Protection” select “Custom” and choose a setting from the cookies dropdown menu.
5. You can now choose which types of sites to accept cookies from, if any.
6. You may need to restart the browser for the changes to be applied.

Safari browser:
1. Open the Safari browser.
2. Select “Preferences” under the Safari menu tab.
3. Click “Privacy” and choose any of the following:
a. Select “Prevent cross-site referencing”.
b. Select “Block all cookies”.
c. Select “Remove” or “Remove All” to remove stored cookies from the se-lected websites or all websites.
d. Click “Manage Website Data” to see which websites store cookies or da-ta.

Google Chrome browser:
1. Open the Chrome browser.
2. Select “Settings” from the main menu (three dots) in the top right corner.
3. Under “Privacy & Security” select “Site Settings” and from this menu select “Cookies and site data”.
4. You can either switch on “Allow sites to save and read cookie data” to allow all sites to use cookies or switch off “Allow sites to save and read cookie da-ta” to block cookies on all sites.
5. You can also allow and block individual sites by clicking “Add” under the sub-heading of the action you want to perform.
6. The browser saves the changes made automatically.

Other browsers:
If you use any other browsers, information on cookie settings can be found by pressing the browser’s “assist” button.

Please note that browser functionalities change frequently. If the above instruc-tions are no longer up to date, please follow the instructions provided by your browser.

4.3.2. Additional information on the tracking tool Google Analytics
This website uses Google Analytics, a web analysis service of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter re-ferred to as “Google”). Google Analytics is only used in combination with an ac-tivated anonymous IP (IP masking). This means that the IP address of a user in one of the member states of the European Union or of the signatory states of the Agreement on the European Economic Area is shortened by Google. Only in ex-ceptional cases, especially if there is a technical defect in the European Union, is the IP address sent to a US server and shortened there. Google uses this in-formation on our behalf in order to analyse your use of the website, compile re-ports on website activities and to perform additional services for us associated with the use of the website and the Internet. These services include, in particu-lar, functions to visualize advertisements and Google Analytics reports contain-ing information on the service with regard to demographic aspects and interests of the website operator. If applicable, Google will transfer this information to third parties if this is prescribed by law or if third parties process data on behalf of Google. This data is not, however, personal data. The IP address transmitted in the browser is not combined with other data by Google.
Google Analytics uses so-called cookies (see secs. 4.6.1.1. to 4.6.1.4.). You can prevent cookies from being stored by selecting the appropriate settings in your browser software (see sec. 4.6.1.5.).
In addition, you can prevent the data generated by the cookie from being col-lected and the processing of data by Google as follows:
In order to prevent Google from processing the data, please select the following options in our cookie settings [https://www.itfs.de/]. We do not use Google Ana-lytics without your consent. You can withdraw your consent at any time in the cookie settings [https://www.itfs.de]. If you choose not to give your consent or to withdraw consent once given, an opt-out cookie will be installed on your device. This will thus prevent data from being collected by Google Analytics on this website and on this browser in future.
Detailed information on the terms of use and data privacy of data processing by Google during the use of the Google Analytics tracking tool is available at: https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631 and at https://policies.google.com/privacy?hl=de&gl=de.
We point out that Google LLC complies with the requirements of both the so-called EU-US Privacy Shield and also those of the Swiss-US Privacy Shield. These are treaties between the United States and the European Union and the United States and Switzerland, guaranteeing that the level of data protection stipulated in the European Union is also complied with by the relevant undertak-ings domiciled and certified in the USA. Further explanations are available at: https://www.privacyshield.gov/. You can retrieve the list of certified undertakings from: www.privacyshield.gov/list. We do, however, advise of the following: Even if undertakings in the USA have subjected themselves to the EU-US Privacy Shield and have thus undertaken to comply with the data protection rules speci-fied in the treaty, the transmission of data to countries outside Europe, especially to the USA, can nonetheless involve risks under data protection law due to the possibilities of access by the state. Your data is transmitted to Google as an ex-ception only if you have given your consent.
The legal basis for the use of Google Analytics is your consent pursuant to Art. 6 (1) sentence 1 (a) GDPR.

4.4. Inclusion of YouTube videos
We incorporate videos from “YouTube”, the platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Information on the use of the data by Google when videos are viewed, is provided in the Google privacy policy:
https://www.google.com/policies/privacy/ and in the YouTube terms of use: https://www.youtube.com/static?gl=DE&template=terms&hl=de.
When a YouTube video is viewed, personal data is generally transferred by means of cookies to YouTube and to the Google tracking service DoubleClick, so as to enable the user behaviour to be analysed. In this case, cookies are al-ready set every time the website is viewed, with the effect that Google is, in prin-ciple, able to collate all of the pages you have visited as a user, in order to com-pile a profile. It cannot, therefore, be ruled out that this data that is stored by the respective network is assigned to an individual person.
It is possible that by viewing YouTube videos, your data could be transferred to servers in third countries, e.g. in the USA. The responsibility for operating in compliance with data protection regulations has to be guaranteed by the respec-tive provider. We point out that Google LLC complies with the requirements of both the so-called EU-US Privacy Shield and also those of the Swiss-US Priva-cy Shield. These are treaties between the United States and the European Un-ion and the United States and Switzerland, guaranteeing that the level of data protection stipulated in the European Union is also complied with by the relevant undertakings domiciled and certified in the USA. Further explanations are avail-able at: https://www.privacyshield.gov/. You can retrieve the list of certified un-dertakings from: www.privacyshield.gov/list. We do, however, advise of the fol-lowing: Even if undertakings in the USA have subjected themselves to the EU-US Privacy Shield (see list of the undertakings at: www.privacyshield.gov/list) or to the EU standard contract clauses, and have thus undertaken to comply with the data protection rules specified in the contract, the transmission of data to countries outside Europe, especially to the USA, nonetheless involves risks un-der data protection law.
This use of your data by Google is conditional upon your consent. You give this consent in connection with the cookie consent or, in an individual case, by ac-cepting data processing by Google by clicking on the video interface.
By means of our software solution, there is only a transmission of data to Google if you allow only the YouTube cookies or if you allow all social media cookies. Google may not collect any data from you beforehand. This thus ensures that you can use our offer without making your data available to Google.
Your consent is voluntary as you can already choose in the cookie settings [https://www.itfs.de/] whether you agree to allowing cookies to be set by YouTube or not. It is up to you to decide not to allow YouTube cookies. Please bear in mind that in this case YouTube content cannot be displayed on our web-site.
You can withdraw your consent at any time. In order to prevent the transmission of data to Google without activating the video, you can block YouTube cookies at any time in the cookie settings [https://www.itfs.de/]. The resultant effect is that no data is transferred to Google, but you cannot be shown any videos ei-ther. You can still watch the video if you accept the data transmission to YouTube by clicking on the link on the blocked video user interface.
The legal basis for this processing of your data is your consent (Art. 6 (1) sen-tence 1 (a) GDPR).

4.5. Integration of Vimeo videos
Our website uses plugins from the Vimeo video portal. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
If you visit one of our pages equipped with a Vimeo plugin, a connection to the Vimeo servers is established. The Vimeo server is informed which of our pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by log-ging out of your Vimeo account. Further information on the handling of user da-ta can be found in Vimeo’s data protection declaration at: https://vimeo.com/privacy.
Vimeo is Privacy Shield certified.

5. Data processing by a processor / disclosing data
5.1. Data processing by a processor
Notwithstanding any other provisions, we reserve the right, on the above legal bases, to transfer or disclose your data to a third-party (processor) commis-sioned by us (e.g. in connection with IT support, hosting, destruction of files, sending the Newsletter etc.). We always have agreements on such processing on our behalf with the service providers commissioned by us in this manner. These agreements ensure that the data disclosed accordingly is only used by our commissioned processors to perform the tasks stipulated by us in accord-ance with the above purposes and that it is used in compliance with the tech-nical and organisational measures necessary for data security and data protec-tion.

5.2 Disclosing data to third parties
Further, your personal data is not transmitted to third parties for any purposes other than those set out below. We only disclose personal data to third parties if:
– you have explicitly given us your consent to do so pursuant to Art. 6 (1) sen-tence 1 (a) GDPR;
– disclosure is necessary pursuant to Art. 6 (1) sentence 1 (f) GDPR on ac-count of a legitimate interest and if there is no reason to assume that such interest is overridden by your interests or fundamental rights and freedoms to protect your personal data (Art. 6 (1) sentence 1 (f) GDPR);
– there is a legal obligation for disclosure pursuant to Art. 6 (1) sentence 1 (c) GDPR;
– the transmission is necessary, pursuant to Art. 6 (1) sentence 1 (b) GDPR, for the performance of contract relationships with you;
– the transmission is necessary, pursuant to Art. 6 (1) sentence 1 (d) GDPR, in order to protect vital interests or
– the transmission is necessary for the performance of a task carried out in the public interest pursuant to Art. 6 (1) sentence 1 (e) GDPR.

6. Encryption / data security
6.1. Your data is always encrypted by means of TLS encryption (so-called Transport Layer Security) when it is collected, processed and used. TLS is implemented to encrypt the continual flow of data on the Internet between the server and a us-er’s browser and to thus prevent any “eavesdropping and data being secretly re-trieved” – insofar as this is technically feasible. One of the ways to tell that a connection is encrypted, is if the URL in your browser’s address bar starts with “https://” and/or if the status bar at the bottom of your web browser shows a “lock” or “key” symbol (icon). By clicking on the icon, depending on the browser you use, you can receive further information on the encryption and on the TLS certificate used.
6.2. We point out that it is not possible to fully guarantee data security during e-mail communications. For transmitting confidential information, it might be preferable to use the postal service or service by a courier.
6.3. Furthermore, we apply all reasonable, suitable, technical and organisational se-curity measures to protect your data against accidental or deliberate manipula-tion, full or partial loss, destruction and unauthorized access by third parties. Our security measures are subject to on-going improvement and further development in accordance with technological developments.

7. Erasure of the data / restriction of data processing
Your data will be erased, in principle, if your consent has discontinued or if the data is no longer required for the purpose of the data processing and if there is no other legal basis for or justified interest in continued storage and processing. If, however, this data still has to be stored due to existing statutory or contractual obligations or requirements of public authorities (e.g. warranty, financial book-keeping), then data processing is restricted by marking and blocking the data. In the event that the purpose of the data processing is changed compared with the original purpose, we shall inform you of this in a manner that is in conformity with data protection law and comply with the requirements of data protection law.
8. Rights of the data subject
As the data subject whose data is being processed, you are entitled to the fol-lowing rights:
• Right to be given information (Art. 15 GDPR)
You have the right to obtain information from us on the personal data stored on you. This encompasses, in particular, information on the purposes of the processing, the categories of the personal data processed, the categories of recipient to whom the processed personal data has been or will be disclosed, the period of storage, the existence of the right to rectification or erasure of personal data, to restriction of processing and to object to such processing, the existence of a right to lodge a complaint, the source of your data if it was not collected by us, and the existence of automated decision-making, includ-ing profiling, and, if applicable, meaningful information on the details. You fur-ther have the right to receive a copy of your personal data undergoing pro-cessing by us.
• Right to rectification (Art. 16 GDPR)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data and the right to have incomplete personal data com-pleted.
• Right to erasure (‘right to be forgotten’) (Art. 17 GDPR)
You have the right to obtain from us the erasure of your personal data, subject to the statutory requirements. If such erasure is prejudiced by statutory stor-age obligations or storage requirements of public authorities or where the pro-cessing is necessary for exercising the right of freedom of expression and in-formation, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims, the processing of the data will be restricted (see below).
• Right to restriction of processing (Art. 18 GDPR)
You have the right to demand of us, subject to the statutory requirements, that we restrict the processing of your personal data, i.e. mark the data and restrict the future processing of it (blocking).
• Right to data portability (Art. 20 GDPR)
You have the right, subject to the statutory requirements, to require us to transmit to you, or to another controller named by you, the personal data con-cerning you, which you provided to us, in a structured, commonly used and machine-readable format.
• Right to object to direct marketing (Art. 21 GDPR)
You have the right to object at any time to the processing of your personal da-ta for advertising purposes (“Objection to Advertising”).
• Right to object to data processing if the legal ground is a “legitimate in-terest” (Art. 21 GDPR)
You have the right to object at any time to the processing of the data by us if the legal basis for this is a “legitimate interest”. We will then discontinue the processing of the data unless we are able to demonstrate, in accordance with the legal stipulations, compelling legitimate grounds for the continued pro-cessing which override your rights.
• Right to withdraw consent (Art. 7 (3) GDPR)
If you have given us your consent to the collection and processing of your da-ta, you may withdraw this consent at any time with effect for the future. The lawfulness of processing your data in the past up until the time of your with-drawal of consent shall remain unaffected by this.
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
You may lodge a complaint with the competent supervisory authority if you are of the opinion that the processing of your data is infringing applicable law. For this you have the right to approach the competent data protection authori-ty at your habitual residence or in your country or the data protection authority with competence for us.

9. Competent supervisory authority
The supervisory authority with competence for us is the
State Officer for data protection and
freedom of information of the German State of Baden-Württemberg
Königstrasse 10a
70173 Stuttgart, Germany
Telephone: +49 (0)711/615541-0
E-mail: poststelle@lfdi.bwl.de

10. Validity and changes to the Data Privacy Statement
This Data Privacy Statement is valid at the current time and is the version dated 5th March 2020.
It can become necessary to amend this Data Privacy Statement as a result of further developing our website and offers or due to changes to statutory provi-sions or requirements of the public authorities.
You can retrieve, print and store the Data Privacy Statement valid at any one time from our website at https://www.itfs.de/datenschutz/.

Version: 5th March 2020