Data Protection Declaration
This data protection declaration covers the processing of personal data on this website, including the services offered there as well as our social media channels and to the extent that no special information is provided.
For more information on the processing of your data, please use the contact details given below.
A. General information
Contact details of the controller
The controller, i.e. the organisation responsible for data processing as defined in data protection legislation, especially the General Data Protection Regulation (GDPR), is the:
University of Television and Film Munich
Bernd-Eichinger-Platz 1
80333 München
Telephone +49 89 68957-0
Telefax +49 89 68957-9900
The University of Television and Film Munich is an organisation under public law and a state institution (article 11 (1) of the Bavarian Higher Education Act (BayHSchG)). It is represented by the president, Prof. Bettina Reitz.
Contact details of the Data Protection Officer
Data Protection Officer of the University of Television and Film Munich
Bernd-Eichinger-Platz 1
80333 München
Email datenschutz@hff-muc.de
Purpose of and legal basis for the processing of personal data
The purpose of our data processing is to perform public services delegated to us by law, especially those tasks of public information.
The legal basis for processing your personal data, unless indicated otherwise, is article 4 (1) of the Bavarian Data Protection Act (BayDSG) in combination with Article 6 (1) point e) of the General Data Protection Regulation (GDPR). Pursuant to this legislation, we are authorised to process data required for us to fulfil our responsibilities.
Where you have given consent for your data to be processed, processing is covered by article 6 (1) point a) of the GDPR.
Recipients of personal data
Technical operation of our data processing systems is conducted by
Stiftung kulturserver.de gGmbH
Almstadtstr. 4
10119 Berlin
Telephone.: +49 30 22667748
Telefax: +49 241 33636
Email: info@kulturserver.de
https://ggmbh.kulturserver.de/
Storage period for personal data
Your data is only stored as long as it is necessary to complete relevant tasks whilst observing legal retention requirements.
B. Rights of the data subject
General regulations
Pursuant to article 15 of the GDPR, you, the data subject, are entitled to the following rights concerning the processing of your data:
- You can ask for information about whether data concerning you is being processed. If this is the case, you are entitled to information about which data is processed and other information relating to the processing (article 15 of the GDPR). Please note that this right to information can be restricted or excluded in certain cases (see in particular article 10 of the BayDSG).
- If the personal data concerning you is/has become inaccurate or incomplete, you can request that this data is rectified and/or completed (article 16 of the GDPR).
- If the legal requirements are met, you can request that your personal data be deleted (article 17 of the GDPR) or processing of your data be restricted (article 18 of the GDPR). The right to deletion pursuant to article 17 (1) and (2) of the GDPR does not apply, however, if the processing of personal data is vital for the performance of a task that is in the public interest or is performed in the exercise of official authority (article 17 (3) point b) of the GDPR).
- If you have consented to data processing or there is a contract concerning data processing and data is processed automatically, you may be entitled to data portability (article 20 of the GDPR).
- If there is an international transfer of personal data without the basis of an adequacy decision of the EU Commission, you have the right to obtain a copy of the contractual safeguards from us upon request.
- You are entitled to file a complaint concerning the processing of your personal data with a supervisory authority as defined in article 51 of the GDPR. The pertinent supervisory authority for the Bavarian public service is the Bavarian Data Protection Commissioner, Wagmüllerstraße 18, 80538 München.
In addition to the right of appeal, you can also seek a judicial remedy.
Right of revocation |
Insofar as processing is based on consent, you have the right to revoke your consent at any time. The revocation is only effective for the future; this means that the revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. |
Right to object
You may object to the processing of your personal data at any time due to reasons based on your personal circumstances (pursuant to article 21 of the GDPR). If the legal requirements are met, we will then not further process your personal data.
C. Information about the website
Technical implementation
Our web server is operated by several providers. The personal data transmitted by you when you visit our website is therefore processed by
RelAIx Networks GmbH
Auf der Hüls 172
52068 Aachen
Telephone: +49 241 9900010
Email: info@relaix.com
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhaus
Telephone: +49 9831 505-0
Email: info@hetzner.com
on our behalf.
Creation of log files
By using this or other web pages, you transmit data to our web server through your internet browser. The following data is recorded during any open connection for communication between your internet browser and our web server:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the accessed file and data volume transmitted
- Access status (file transmitted, not found etc.)
- Identifying data of browser and operating system used (if transmitted by the browser accessing the site)
- The website from which our website is accessed (if transmitted by the browser accessing the site)
The data in this log file is processed as follows:
- Log entries are continually and automatically analysed, with the purpose of recognising attacks on the server and being able to react accordingly.
- In some instances, for example if an error or security breach is reported, a manual analysis is performed.
We store this data for reasons of technical security, in particular to prevent attempted hacking of our web server. After thirty days at the latest, the data will be deleted.
SSL encryption
We use state-of-the-art encryption processes (such as SSL) using HTTPS to protect your data while it is being transferred.
Active Components
We use active components such as JavaScript, Java-Applets or Active-X-Controls. You can adjust your browser settings to disable this function.
Cookies
When you access this website, we store cookies (small files) on your device that are valid for the duration of your visit to our website (session cookies). These are only used while you are accessing our website. Most web browsers are set up to allow the use of cookies. You can deactivate this function using your browser settings, either for the current session or permanently. Your browser will delete these cookies automatically when you leave the site.
Analysis of user behaviour (web tracking systems; audience reach measurement)
For the purpose of optimising our website based on user needs we use the web analysis tool Matomo to analyse user behaviour on the site. Matomo (formerly Piwik) is an open source software application that creates statistical analyses of user access. Matomo software is provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zeeland.
Your IP address is first anonymised and then analyse in anonymised form. You can adjust your browser settings to disable this function.
You can choose whether a unique web analysis cookie may be stored in your browser, to enable the operator of the website to record and analyse various statistical data.
If you do not wish your data to be collected and analysed, click on the following link to store the Matomo deactivation cookie in your browser.
Your visit to this website is currently being recorded by Matomo web analysis software. Click here to stop your visit from being recorded.
D. Information on specific instances of data processing
Social Media
On our social media pages, we create content within the scope of our public relations activities and our freedom of research, teaching and art, and we see the contributions and interactions of the community there. We endeavour to inform our users according to the needs of our target audience and to engage in a dialogue with our target audience.
We will expose any content, contributions or enquiries that violate the rights of third parties or that constitute a criminal or regulatory offence by transmitting it to the responsible authority or the social media provider; we will also block or delete it.
The legal basis for data processing on our social media pages and elements is article 6 (1) point e) of the GDPR in connection with article 2 (6) of the Bavarian Higher Education Act (BayHSchG), article 3 of the BayHschG, article 4 (1) sentences 1 and 2 of the BayEGovG, section 5 (1) point 2) of the German Broadcast Media Act (TMG) and, if applicable, the contract between the respective service provider pursuant to article 6 (1) point b) of the GDPR.
Social media posts and messages that you transmit to us in non-public form are checked at regular intervals, as to whether storing these requests is still necessary for the purpose of dealing with possible follow-up questions. If it is no longer necessary to store them, their processing will be limited and they will still be stored in accordance with legal retention requirements and archiving regulations.
If you have publicly communicated with us via social media, you can decide yourself how long the data should remain public or ask us to delete it. We will then delete this data in accordance with archiving regulations within our area of responsibility. Should any copies of the data remain after deletion, their processing will be restricted and they will be stored in accordance with legal retention requirements and archiving regulations
Additional data protection information on the service providers or services
Social media providers often create extensive profiles of their members and of those they are in contact with via tele-media services (for example by clicking a like button or accessing a website). These profiles are used for the purpose of selling advertisements, amongst other things. So if you use our services with these providers, they will know that there is a connection between you and us. As we are jointly responsible for some of this data processing, we provide further information on the processing by the social media providers.
You can limit the scope of data processing to some extent by adjusting your browser setting or installing browser add-ons. Useful information about this is available at https://www.privacy-handbuch.de/handbuch_21.htm (available only in German). The providers also offer individual settings to regulate advertising and tracking, for example. This may only be possible if you have an account with the respective provider. We have listed important information sources as well as terms of use for the most important ones here.
Facebook (including Instagram)
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland and Facebook, Inc. 1601 Willow Road Menlo Park, California 94025, USA |
• Website (Facebook): https://www.facebook.com
• Website (Instagram): https://www.instagram.com
• Terms of use (Facebook): https://en-gb.facebook.com/legal/terms/
• Terms of use (Instagram): https://help.instagram.com/581066165581870
• Data protection policy (Facebook): https://en-gb.facebook.com/about/privacy/
• Data protection policy (Instagram): https://help.instagram.com/519522125107875
• Cookie policy (Facebook): https://en-gb.facebook.com/policies/cookies/
• Cookie policy (Instagram): https://help.instagram.com/1896641480634370
• Pages, Groups and Events Policies (Facebook): https://www.facebook.com/policies/pages_groups_events#
• Platform Policy (Instagram): https://help.instagram.com/325135857663734/
• Information on page insights data (Facebook): https://www.facebook.com/legal/terms/information_about_page_insights_data
• Additional agreement on Page Insights (Facebook):https://engb.facebook.com/legal/terms/page_controller_addendum
• Possibilities to object (Facebook): https://www.facebook.com/settings?tab=ads
• Possibilities to object (Instagram): https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland and Twitter Inc., 1355 Market Street #900, San Francisco, California 94103, USA
- Terms of service: https://twitter.com/en/tos#intlTerms
- Data protection policy: https://twitter.com/en/privacy
- Cookies: https://help.twitter.com/en/rules-and-policies/twitter-cookies
Google YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
- Data protection policy for Google: https://policies.google.com/privacy?hl=en-GB&gl=de
- Google terms of use: https://policies.google.com/terms?hl=en-GB
- Google+ terms of use: https://www.google.com/intl/de_de/+/policy/plus-terms-de.html
- YouTube terms of use: https://www.youtube.com/t/terms
- Possibilities to object: https://adssettings.google.com/authenticated
Contact form
The data you enter is stored for the purpose of communicating with you individually. To do this we need a valid email address and your name. This serves the purpose of assigning and subsequently answering your enquiry. Any further information is optional.
The basis for the processing of the personal data you enter in the obligatory fields is, if nothing else is specified, article 4 (1) of the Bavarian Data Protection Act (BayDSG) in combination with article 2 of the Bavarian Higher Education Act (BayHSchG) within the scope of the opening clause of article 6 (2)-(3) in combination with article 6 (1) point (1) point (e) of the GDPR. These provisions allow the Hochschule für Fernsehen und Film München to process the data necessary to complete its tasks as stated in the higher education act. Permission to process data can also be based on a legal duty of the Hochschule für Fernsehen und Film München pursuant to article 6 (1) point 1 (c) of the GDPR in combination with duties resulting from the BayHSchG.
Events
For our events, we process the data necessary for registration and organisation in accordance with article 6 (1) point e) of the GDPR. Data is deleted in accordance with legal retention periods, i.e. after six years for business letters and after ten years for invoices, unless the data of the participants is required beyond these periods to be able to issue copies or confirmations.
Screenings
For the HFF Screenings we process the data required for registration and organisation in accordance with Art. 6 para. 1 lit. e DSGVO. A separate platform is operated for this purpose in cooperation with aceArt GmbH, Sieglestraße 33H, 70469 Stuttgart. Further information on aceART can be found on the website: https://www.aceart.de.
The invitation management is carried out by our order processor G.R.A.L. GmbH, Theresienstr. 134 Rgb., 80333 Munich. For more information on G.R.A.L, please visit the website: https://www.gral-gmbh.de
Pictures and video recordings
For our press and public relations work, pictures or videos are taken at events and meetings, and you may be recognisable in these. You may object to such pictures and/or to their publication. The legal basis is article 6 (1) point e in combination with article 4 of the BayDSG.
In order to submit your objection, please use the above-mentioned contact information (beginning of section A).
E. Amendments to our data protection declaration
We reserve the right to change our data protection declaration, to accommodate changes to legislation or changes in the services we provide, (e.g., if we introduce new services). The new data protection policy will then apply to your future visit to our website.
Do you have any questions?
If you have questions about data protection, please write us an email or contact the person responsible for data protection in our organisation directly:
Data Protection Officer of the Hochschule für Fernsehen und Film München
Bernd-Eichinger-Platz 1
80333 München
Email datenschutz@hff-muc.de