Seite wählen

Privacy Policy

The following Privacy Policy applies to the use of our online service at www.nordstreamfilm.com (hereinafter referred to as the “Website”).

We attach great importance to data protection. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).

1 Data Controller

The controller responsible for the collection, processing, and use of your personal data within the meaning of Article 4(7) GDPR is:

Ronald Thoden
Hintergrund GmbH
Rosa-Luxemburg-Str. 17
10178 Berlin
Germany
verlag@hintergrund.de
www.nordstreamfilm.com

If you wish to object, in whole or in part, to the collection, processing, or use of your data by us in accordance with this Privacy Policy, you may direct your objection to the data controller.

You may save and print this Privacy Policy at any time.

2 General Purposes of Processing

We use personal data for the operation of the Website and for processing orders and contractual transactions.

3 What Data We Use and Why

Our Website uses the Fastcounter visitor counter service. Fastcounter is operated by DEVROCK Ltd., Phoenix Business Centre, The Penthouse, Old Railway Track, SVR9022 Santa Venera, Malta. The server location is Frankfurt am Main, Germany.

Fastcounter is a free visitor counter that analyzes and evaluates visitors and page views on this website. In the process, the IP address, date and time of the request, browser type, browser language, screen resolution, referrer, and device type are collected and transmitted to the operator of Fastcounter.

All data is transmitted using SSL encryption and is fully anonymized and evaluated in accordance with the GDPR. The IP address is pseudonymized during transmission so that no personal data is transmitted to the operator of Fastcounter.

You may object to the collection and storage of your data at any time with effect for the future. To prevent the future collection and storage of your visitor data by Fastcounter, you may obtain an opt-out cookie from the following link:

https://www.fastcounter.de/de/privacy/23300.htm

This will set an opt-out cookie named “privcookie” on your device. Please do not delete this cookie if you wish to maintain your objection.

Further information can be found in Fastcounter’s Privacy Policy:

https://www.fastcounter.de/datenschutz.html

3.1 Hosting

The hosting services we use serve the purpose of providing the following services:

  • Infrastructure and platform services
  • Computing capacity
  • Storage space and database services
  • Security services
  • Technical maintenance services

These services are required for the operation of the Website.

In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, metadata, and communication data of customers, prospective customers, and visitors to this Website on the basis of our legitimate interest in providing an efficient and secure website in accordance with Article 6(1)(f) GDPR in conjunction with Article 28 GDPR.

3.2 Access Data

We collect information about you when you use this Website.

We automatically collect information regarding your usage behavior and your interaction with us and record data relating to your computer or mobile device. We collect, store, and use data relating to every access to our Website (so-called server log files).

Access data includes:

  • Name and URL of the retrieved file
  • Date and time of access
  • Amount of data transferred
  • Notification of successful retrieval (HTTP response code)
  • Browser type and browser version
  • Operating system
  • Referrer URL (the previously visited page)
  • Websites accessed through our Website
  • User’s internet service provider
  • IP address and requesting provider

We use this log data without assigning it to your person or creating user profiles for statistical evaluations for the purposes of operation, security, and optimization of our Website, as well as for anonymously recording visitor numbers (traffic), the scope and nature of the use of our Website and services, and for billing purposes, such as measuring clicks generated through cooperation partners.

Based on this information, we can provide personalized and location-based content, analyze traffic, identify and correct errors, and improve our services.

This also constitutes our legitimate interest pursuant to Article 6(1)(f) GDPR.

We reserve the right to subsequently review log data if there is concrete evidence giving rise to a legitimate suspicion of unlawful use.

We store IP addresses in log files for a limited period if this is necessary for security purposes or for providing or billing a service, for example when you use one of our services. Following completion of an order process or receipt of payment, we delete the IP address if it is no longer required for security purposes.

We also store IP addresses where there is a specific suspicion of a criminal offense in connection with the use of our Website.

Furthermore, as part of your account, we store the date of your last visit (for example during registration, login, or clicking links).

3.3 Cookies

We use so-called session cookies to optimize our Website.

A session cookie is a small text file sent by a web server when a website is visited and temporarily stored on your hard drive. This file contains a session ID that enables various requests from your browser to be assigned to the same session. This allows your device to be recognized when you return to our Website.

These cookies are deleted when you close your browser. They are used, for example, to enable the shopping cart function across multiple pages.

To a limited extent, we also use persistent cookies (small text files stored on your device) that remain on your device and allow us to recognize your browser the next time you visit.

These cookies are stored on your hard drive and automatically delete themselves after a specified period. Their lifespan ranges from one month to ten years.

This enables us to present our services in a more user-friendly, effective, and secure manner and, for example, display information tailored to your interests.

Our legitimate interest in using cookies pursuant to Article 6(1)(f) GDPR is to make our Website more user-friendly, effective, and secure.

The following information may be stored in cookies:

  • Login information
  • Language settings
  • Search terms entered
  • Information regarding the number of visits to our Website and use of individual website functions

When a cookie is activated, it is assigned an identification number. Your personal data is not assigned to this identification number.

Your name, IP address, or similar information that could directly identify you are not stored in the cookie.

Through cookie technology, we receive only pseudonymized information, such as which pages of our website were visited and which products were viewed.

You may configure your browser to notify you before cookies are stored and decide individually whether to accept cookies in specific cases, generally reject cookies, or prevent cookies entirely.

Please note that disabling cookies may limit the functionality of the Website.

3.4 Data Required for the Fulfilment of Contractual Obligations

We process personal data that is required to fulfil our contractual obligations, such as your name, address, email address, ordered products, billing information, and payment details. The collection of this data is necessary for the conclusion of a contract.

The data will be deleted after the expiry of statutory warranty periods and legal retention periods. Data associated with a user account (see below) will remain stored for the duration of the account.

The legal basis for processing this data is Article 6(1)(b) GDPR, as this data is required for us to fulfil our contractual obligations towards you.

3.5 User Account

You may create a user account on our Website. If you choose to do so, we require the personal data requested during registration and login. For subsequent logins, only your email address or username and your chosen password will be required.

For new registrations, we collect master data (e.g., name and address), communication data (e.g., email address), payment data (bank account details), and access data (username and password).

To ensure proper registration and prevent unauthorized registrations by third parties, you will receive an activation link by email after registration. Your account will only be activated after you confirm this link. We store your transmitted data permanently only after successful registration.

You may request deletion of your user account at any time without incurring any costs other than standard transmission costs. A notification in text form (e.g., email, fax, or letter) to the contact details specified in Section 1 is sufficient. We will then delete your stored personal data unless we are required to retain it for order processing or due to statutory retention obligations.

The legal basis for processing this data is your consent pursuant to Article 6(1)(a) GDPR.

3.6 Newsletter

To subscribe to our newsletter, the data requested during the registration process is required. Newsletter registration is logged.

After registration, you will receive an email asking you to confirm your subscription (“double opt-in”). This is necessary to prevent third parties from subscribing using your email address.

You may revoke your consent to receive the newsletter at any time and unsubscribe from future newsletters.

We store the registration data for as long as it is required for newsletter distribution. We retain the registration log and the email address for as long as there is a legitimate interest in proving the original consent. As a rule, this corresponds to the statutory limitation period for civil law claims, generally up to three years.

The legal basis for sending the newsletter is your consent pursuant to Article 6(1)(a) GDPR in conjunction with Article 7 GDPR and Section 7(2)(3) of the German Unfair Competition Act (UWG).

The legal basis for logging the registration process is our legitimate interest in demonstrating that the newsletter was sent based on your consent.

You may unsubscribe at any time without incurring costs other than standard transmission costs. A notification in text form (e.g., email, fax, or letter) to the contact details listed in Section 1 is sufficient. In addition, every newsletter contains an unsubscribe link.

3.7 Product Recommendations

Regardless of newsletter subscriptions, we may regularly send you product recommendations by email.

In this way, we provide information about products from our range that may be of interest to you based on your previous purchases of goods or services from us.

We strictly comply with applicable legal requirements.

You may object to receiving such recommendations at any time without incurring costs other than standard transmission costs. A notification in text form (e.g., email, fax, or letter) to the contact details listed in Section 1 is sufficient. Every such email also contains an unsubscribe link.

The legal basis for this processing is our legitimate interest pursuant to Article 6(1)(f) GDPR in conjunction with Section 7(3) UWG.

3.8 Email Contact

If you contact us (for example via a contact form or email), we process the information you provide for the purpose of handling your inquiry and any follow-up questions.

Where data processing is carried out in connection with pre-contractual measures initiated by your request, or where you are already our customer, for the performance of a contract, the legal basis is Article 6(1)(b) GDPR.

We process additional personal data only if:

  • You have given your consent (Article 6(1)(a) GDPR), or
  • We have a legitimate interest in processing your data (Article 6(1)(f) GDPR).

Such a legitimate interest may exist, for example, in responding to your email.

4 Data Retention Period

Unless otherwise specified, we store personal data only for as long as necessary to fulfil the purposes for which it was collected.

In some cases, legal regulations require the retention of personal data, for example under tax or commercial law. In such cases, the data will only be retained for those statutory purposes and will not be processed for any other purpose. The data will be deleted once the applicable retention period has expired.

5 Your Rights as a Data Subject

Under applicable data protection laws, you have various rights regarding your personal data.

If you wish to exercise any of these rights, please submit your request by email or post to the address specified in Section 1, clearly identifying yourself.

The following provides an overview of your rights.

5.1 Right to Confirmation and Access

You have the right to obtain clear information regarding the processing of your personal data.

Specifically, you have the right to obtain confirmation as to whether personal data concerning you is being processed.

If this is the case, you have the right to receive, free of charge, information about the personal data stored about you and a copy of that data.

You are also entitled to the following information:

  1. The purposes of the processing;
  2. The categories of personal data being processed;
  3. The recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organizations;
  4. Where possible, the planned retention period for the personal data or, if this is not possible, the criteria used to determine that period;
  5. The existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing, or a right to object to such processing;
  6. The existence of a right to lodge a complaint with a supervisory authority;
  7. Where the personal data has not been collected from you, any available information about its source;
  8. The existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR, and meaningful information about the logic involved and the significance and envisaged consequences of such processing.

Where personal data is transferred to a third country or an international organization, you have the right to be informed about the appropriate safeguards pursuant to Article 46 GDPR.

5.2 Right to Rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.

Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of a supplementary statement.

5.3 Right to Erasure (“Right to be Forgotten”)

In certain circumstances, we are obliged to delete personal data concerning you.

Pursuant to Article 17(1) GDPR, you have the right to request the immediate deletion of personal data concerning you, and we are obliged to erase such data without undue delay where one of the following grounds applies:

  1. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent on which the processing is based pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for processing.
  3. You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for processing, or you object pursuant to Article 21(2) GDPR.
  4. The personal data has been unlawfully processed.
  5. Erasure is required to comply with a legal obligation under European Union law or the law of a Member State to which we are subject.
  6. The personal data was collected in relation to information society services offered pursuant to Article 8(1) GDPR.

Where we have made personal data public and are obliged pursuant to Article 17(1) GDPR to erase it, we shall take reasonable steps, including technical measures, taking account of available technology and implementation costs, to inform other controllers processing the personal data that you have requested the erasure of any links to, copies of, or replications of that personal data.

5.4 Right to Restriction of Processing

In certain circumstances, you have the right to obtain restriction of the processing of your personal data.

Specifically, you have the right to request restriction of processing where one of the following conditions applies:

  1. You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
  2. The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
  3. We no longer need the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims; or
  4. You have objected to processing pursuant to Article 21(1) GDPR, pending verification of whether our legitimate grounds override yours.

5.5 Right to Data Portability

You have the right to receive the personal data concerning you in a machine-readable format and to transmit that data to another controller, or to have it transmitted by us where technically feasible.

Specifically, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller without hindrance from us, where:

  1. The processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR; and
  2. The processing is carried out by automated means.

In exercising your right to data portability, you also have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

5.6 Right to Object

You have the right to object to the lawful processing of your personal data where such objection arises from your particular situation and where our legitimate interests do not override your interests.

Specifically, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on those provisions.

We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defense of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes. This also applies to profiling insofar as it is related to such direct marketing.

You also have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

5.7 Automated Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

No automated decision-making based on the personal data collected takes place.

5.8 Right to Withdraw Consent

You have the right to withdraw your consent to the processing of personal data at any time.

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

5.9 Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data is unlawful.

6 Data Security

We make every effort to ensure the security of your data within the framework of applicable data protection laws and available technical possibilities.

Your personal data is transmitted in encrypted form. This applies both to orders placed through our Website and to customer login access.

We use SSL (Secure Socket Layer) encryption technology. However, we would like to point out that data transmission over the Internet (for example, communication by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

To safeguard your data, we maintain technical and organizational security measures in accordance with Article 32 GDPR and continuously adapt them to the current state of the art.

We also cannot guarantee that our Website and services will be available at all times. Disruptions, interruptions, or failures cannot be completely ruled out. The servers we use are regularly and carefully secured.

7 Disclosure of Data to Third Parties; No Transfer to Non-EU Countries

As a general rule, we use your personal data only within our company.

Where and to the extent that we engage third parties for the performance of contracts (for example, logistics service providers), such parties receive personal data only to the extent necessary for the provision of the respective service.

Where we outsource parts of our data processing operations (“processing on behalf”), we contractually require processors to process personal data only in accordance with the requirements of applicable data protection laws and to ensure the protection of the rights of the data subject.

No transfer of personal data to entities or persons outside the European Union takes place or is planned, except where expressly stated in this Privacy Policy.

8 Contact for Data Protection Matters

If you have any questions or concerns regarding data protection, please contact:

Ronald Thoden
Hintergrund GmbH
Rosa-Luxemburg-Str. 17
10178 Berlin
Germany

Email: verlag@hintergrund.de
Website: www.nordstreamfilm.com