filmfriend.de is subject to the strict German data protection law and is anxious to treat your data with the greatest care. Here you can find out which data filmfriend.de collects and how it is processed and used.
The party responsible for this website (the "controller") for purposes of data protection law is:
represented by the managing director Andreas Vogel
Telephone: +49 (0)331 721 21 78
Fax: +49 (0)331 721 21 77
Data Security Engineer
If you have any questions about whether filmwerte GmbH processes your data in accordance with data protection regulations, you can contact our data protection officer at:
Telephone: + 49 (0)331 721 21 78
a) Visiting the website
When you visit our website www.filmfriend.de, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
The data mentioned will be processed by us for the following purposes:
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. b DSGVO (Fullfilment of contract). Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.
b) When installing the app filmfriend
When you download the app, the necessary information is transferred to the App Store you use (e.g. Apple App Store, Google Play Store), including your username, email address, account number, download time, and unique device ID. However, we do not control and are not responsible for this data collection. We only process the data provided to us to the extent necessary to download the app to your device. Beyond that they are not stored further by us.
c) When logging in and using the Service of filmfriend and the App
No registration and thus no user account on filmfriend.de is required for the use of the service. All you have to do to log in is enter the library card number and a password issued by the library. We do not collect any personal data ourselves. For the purpose of authentication by the library, an encrypted channel to the library's user database is established. After successful authentication, the library transmits the following status information to filmfriend.de: Loan authorization, age rating. This status information is temporarily stored by filmfriend for the duration of use.
User account and watchlist
With the first login, an anonymous user account is created with the user name "filmfriend". In the user account, the user permanently stores pre-selected films (watch list), a PIN for child viewing, if assigned, and the language setting.
The user has the option of entering his own user name in the user account, which is then also permanently saved. If the user name is a clear name, these usage data can be associated with the person of the user. By assigning a clear name, the user actively consents to the storage and processing of this use-related data.
d) When playing a movie (Intertrust ExpressPlay)
Our movies are copyrighted. To view the movies it is necessary to use the service "Intertrust ExpressPlay" of Intertrust Technologies Corporation, 920 Stewart Drive, Sunnyvale, CA 94085, USA (Intertrust). To do this, the user browser connects to Intertrust's license servers to retrieve the keys required to decrypt the movies. The browser transmits the data required for proper viewing to Intertrust's servers, including the user's IP address. This only acts as a sender adress and is not processed.
If processing is carried out by us in this context, the legal basis is Art. 6 para. 1 sentence 1 lit. b) DSGVO, as well as Art. 6 para. 1 sentence 1 lit. f) DSGVO.
The described data exchange is necessary for the presentation and playback of the films within the scope of our contractual offer. It also serves to prevent misuse. Our legitimate interest also lies in the aforementioned reasons, provided that we process the data in the process.
The Intertrust keys provided for decryption are valid for a limited period of time. We do not store any further information about the use of Intertrust services. The other data will be deleted as soon as they are no longer required for the purpose for which they were collected.
e) When using our contact form
If you have any questions, we offer you the possibility to contact us via a form provided on the website and the app. We require a name, a valid e-mail address and your request so that we know who sent the request and can answer it. Further information can be provided voluntarily.
Data processing for the purpose of contacting us is carried out in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO on the basis of your voluntary consent.
The personal data collected by us for the use of the contact form will be deleted by us after we have received your request.
f) When subscribing to our newsletter
We only send our newsletter with your explicit consent.
To subscribe to our newsletter, you have to provide your e-mail address. By completing the registration, you give your consent to receive the newsletter, which can be revoked at any time.
To confirm your newsletter subscription, you have to explicitly confirm that you want us to activate the receipt of the newsletter for you within the scope of the so-called "double opt-in procedure". For this purpose, you will receive a confirmation e-mail from us following your registration, in which we ask you to click on the link contained therein and thus confirm that you would like to receive our newsletter.
You can object to this use of your data at any time by sending a message to the above-mentioned contact options or via the unsubscribe link in the e-mail, without incurring any costs other than the transmission costs according to the basic rates.
Newsletter dispatch with Brevo
We use the Brevo service for sending newsletters. The provider in Germany is SendinBlue GmbH, Köpenicker Straße 126, 10179 Berlin, a subsidiary of the French parent company SendinBlue SAS, 55 rue d'Amsterdam, 75008 Paris, France. Brevo is a service with which the newsletter dispatch can be organised and analysed. The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on SendinBlue's servers.
Our newsletters sent with Brevo enable us to analyse the behaviour of the newsletter recipients. Among other things, we can analyse how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. All links in the email are so-called tracking links, with which your clicks can be counted.
If you do not want Brevo to analyse your email, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also revoke your consent at any time with effect for the future on our website here.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of SendinBlue after you unsubscribe from the newsletter.
We have concluded a corresponding contract with SendinBlue in which we oblige SendinBlue to protect our customers' data and not to pass it on to third parties.
Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:
You have the right:
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO, you have the right, pursuant to Art. 21 DSGVO, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or which are directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without stating a particular situation.
If you wish to exercise your right of revocation or objection, simply send an e-mail to firstname.lastname@example.org
We use the common SSL procedure (Secure Socket Layer) within the website/app visit in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.