00 Articles

Data privacy notice

1. Information on the collection of personal data

(1) In the following, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail address, etc.

(2) The controller pursuant to Art. 4 (7) of the General Data Protection Regulation (GDPR) is

Xavoy Filmtheater GmbH
Barmbeker Straße 4
22303 Hamburg

Phone: 01805 - 777 966
E-mail address: info@hamburg.astor-filmlounge.de

(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations.

(4) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes.

2. Your rights

(1) You have the following rights vis-à-vis us with regard to your personal data:
- Right of access,
- Right to rectification or erasure,
- Right to restriction of processing,
- Right to object to processing,
- Right to object to processing where consent has been given
- Right to data portability.
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
The contact details of the data protection supervisory authorities can be found at the following link
https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

3. AUTOMATED DECISION MAKING

Automated decision-making is not used here.

4. STORAGE OF ACCESS DATA

(1) Each time you access our website, access data is stored in a log file on our provider's server.

(2) This data record consists, for example, of your IP address, the date and time of the request, the name of the requested file, the amount of data transferred and the access status, a description of the web browser and operating system used and the name of your Internet service provider.

(3) This data is collected for technical reasons. An evaluation is carried out exclusively for statistical purposes and without personal reference (visitor numbers and page popularity). Deletion takes place automatically after 14 days at the latest.

5. COLLECTION OF PERSONAL DATA WHEN USING INFORMATION FOR INFORMATIONAL PURPOSES

Cookies are stored on your computer when you use the website. Cookies are small binary files that are stored on your hard disk assigned to the browser you are using and through which certain information flows to the site that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer.

This website uses cookies to the following extent:

- Session cookies (temporary use), which are necessary for the function of our website (e.g. shopping cart). Session cookies are automatically deleted when you close the browser. The legal basis for the use of session cookies is Art. 6 para. 1 sentence 1 f) GDPR. Our legitimate interest lies in the fact that we can use cookies to make our website functional for users.

- Persistent cookies to identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. The legal basis for persistent cookies is Art. 6 para. 1 sentence 1 a) GDPR. You may give us your consent by agreeing via the Consent Manager.

- Third-party cookies. These cookies may remain stored on your device until you delete them. This allows your device to be recognized when you return to the website. Some of the social media and integrated services described in this privacy policy store third-party cookies. The legal basis for third-party cookies is Art. 6 para. 1 sentence 1 a) GDPR. You may give us your consent by agreeing via the Consent Manager or by making your own choice of use, e.g. for Google Maps or Paypal.

You can delete cookies in the security settings of your browser at any time.

You can configure your settings according to your wishes in the Consent Manager and, for example, refuse to accept cookies.
However, we would like to point out that you may then not be able to use all the functions of this website.

6. USE OF FUNCTIONS OF OUR WEBSITE / OTHER SERVICES

In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do so, you generally have to provide additional personal data that we use to provide the respective service. If additional voluntary information is possible, it is marked accordingly.

7. SERVICES

Newsletter

We use the newsletter to inform you about us and our offers.

If you would like to receive the newsletter, we require a valid e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided or that the owner agrees to receive the newsletter. If available, you can voluntarily enter your name and title in order to personalize the newsletter mailing. This data is only used for sending the newsletter and is not passed on to third parties.

To confirm ownership of the e-mail address, an e-mail is sent with a link to activate the subscription (double opt-in). When you subscribe to the newsletter, we store your IP address and the date of subscription for the statutory limitation period, starting from the date of unsubscription. This storage serves as proof in the event that a third party misuses an email address and registers to receive the newsletter without the knowledge of the authorized party. Opening and clicking actions are recorded and evaluated by our IT systems via individualized links.

You can deactivate the analysis at any time in each newsletter. You can also revoke your consent to the processing of the data, the e-mail address and its use for sending the newsletter at any time. The revocation can be made via a link in the newsletters themselves, or by sending a message to the contact options above and below.
The processing and implementation of the newsletter is carried out for a specific purpose on our behalf by Flebbe Services GmbH, which acts as a service provider for the group of companies.
The legal basis for this is Art. 6 para. 1 lit a. GDPR.

Social media and other services

We use services from the following external providers on this website. Depending on the consent you have given, the data collected there may be transferred by the companies mentioned to countries outside the European Union and may also be merged with other data there. An agreement (DPF = Data Privacy Framework) and an adequacy decision is in force between the EU and the USA, which declares the transfer of data to be permissible under defined circumstances. Among other things, the receiving US companies must be named on a certification list. All of the US companies listed below are certified in this sense. The legal basis is generally the consent you may have given via the Consent Manager in accordance with Art. 6 para. 1 a GDPR. In the case of services that deviate from this, the legal basis is expressly stated. In the case of requests for information and the assertion of user rights, we would like to point out that these can be asserted most effectively with the respective providers. Only the providers have access to the relevant user data and can take appropriate measures directly and provide specific information.

For a detailed description of the respective processing and the possibilities of objection, please refer to the following information from the providers.

Google Marketing Platform (formerly DoubleClick by Google) & Google Ads

This website also uses Google's online marketing tool Campaign Manager and Google Ads. Campaign Manager and Google Ads use cookies to display ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, Campaign Manager and Google Ads can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a Campaign Manager or Google Ads ad and later visits the advertiser's website with the same browser and makes a purchase there.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: Through the integration of Campaign Manager and Google Ads, Google receives the information that you have accessed the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out your IP address and store it.

In addition, the Campaign Manager (DoubleClick Floodlight) cookies used, as well as Google Ads conversion and Google Ads remarketing cookies, enable us to understand whether you perform certain actions on our website after you have accessed or clicked on one of our display/video ads on Google or on another platform via Campaign Manager or Google Ads (conversion tracking). Campaign Manager and Google Ads use these cookies to understand the content with which you have interacted on our websites in order to be able to send you targeted advertising later.

The legal basis for this is Art. 6 para. 1 lit a. GDPR.

You can configure your settings according to your wishes at any time in the Consent Manager and, for example, refuse to accept cookies.
However, we would like to point out that you may then not be able to use all the functions of this website.

Our website also uses the "Google Tag Manager", a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). This service enables us to integrate and manage tags on our website. Tags are small code elements on our website that are useful for measuring traffic and visitor behavior with other tools, measuring the impact of online advertising and social channels, remarketing and targeting, testing and optimizing the website. You can find more information about Google Tag Manager here: www.google.com/intl/de/tagmanager/use-policy.html
The legal basis for this is Art. 6 para. 1 lit a. GDPR.

Google Maps
This site uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. You can find more information on the handling of user data in Google's privacy policy:

www.google.com/intl/de/policies/privacy/index.html
www.google.com/intl/de_de/help/terms_maps.html

Facebook
Links of the social network Facebook, provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. When you click on the Facebook icon, a connection to Facebook is established and the information that you have visited our site with your IP address is transmitted. This allows Facebook to associate your visit to our site with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. You can find more information on this in Facebook's privacy policy at: https://de-de.facebook.com/policy.php. If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

The regulations on internal INSIGHTS processing at Facebook can be found at https://www.facebook.com/legal/terms/page_controller_addendum and are briefly summarized here:
Data subject rights can be asserted with Facebook Ireland as well as with us, but the primary responsibility under the GDPR for the processing of Insights data lies with Facebook.
We do not make any decisions regarding the processing of Insights data and all other information resulting from Art. 13 GDPR, including the legal basis, identity of the controller and storage duration of cookies on user end devices.
Facebook fulfills all obligations under the GDPR with regard to the processing of Insights data. Facebook Ireland provides the essentials of the Page Insights Supplement to data subjects.

Meta Platforms (Facebook) Ads
We work with Meta Platforms Ireland Limited (formerly known as Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) to report on the effectiveness of our advertising campaigns and other online content, to analyze the use of our offers and to show you targeted advertising.
When you access our offers, cookies are set and Facebook tracking pixels are used to carry out measurements and ad targeting through Facebook Custom Audiences.
Facebook data policy: https://www.facebook.com/policy
Information on Page Insights https://www.facebook.com/legal/terms/information_about_page_insights_data
Privacy policy: https://www.facebook.com/about/privacyStandardvertragsklauseln: https://www.facebook.com/legal/EU_data_transfer_addendum
The legal basis for this is Art. 6 para. 1 lit a. GDPR.

Instagram
Functions of the Instagram service are integrated on our pages. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account, clicking on the Instagram button will link your visit to our website to your Instagram profile. This allows Instagram to associate your visit to our pages with your user account. If you do not want Instagram to be able to associate your visit to our pages with your Instagram user account, please log out of your Instagram user account.
We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
You can find more information on this in Instagram's privacy policy: https://instagram.com/about/legal/privacy/

Your order data (e.g. in the online shop) will be used and stored in compliance with data protection law to the extent necessary for the processing and documentation of orders. Your order data will be encrypted in the shop for security reasons. You can recognize this by the fact that the browser line begins with „https:“ and the closed lock symbol. We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

Additional offers and services

Shop
Your order data (e.g. in the online store) will be used and stored in compliance with data protection law to the extent necessary for the processing and documentation of orders. For security reasons, your order data is transmitted to us in encrypted form in the store. You can recognize this by the fact that the browser line begins with "https:" and by the closed lock symbol. We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

We also process the order data and the receipt and opening of the confirmation emails with any ticket data contained therein to detect and prevent attempted fraud on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. Our aim is to protect ourselves against fraudulent transactions and misuse. Data stored in connection with the conclusion of a contract for the purchase of a card will be deleted after expiry of the statutory retention period.

The address data you provide will be passed on to our transport company for shipping items in accordance with data protection regulations. The processing takes place on the basis of Art. 6 (1) lit. a DSGVO.

PayPal
In the event that you or the buyer chooses Paypal as the payment method, the regulations already accepted by the buyer in the course of the contractual relationship with Paypal apply to the processing of data in the course of the transaction. These can also be viewed at
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Draws (competitions)
Please refer to the information above and below for data protection information in accordance with Art. 13 GDPR in relation to prize draws.
To enable you to participate in prize draws, we collect personal data (surname, first name, date of birth, country and email address).
In accordance with Art. 6 para. 1 a.) -c.) GDPR, we are entitled to collect, store and transfer personal data if the data subject has consented to the data processing or if a contract or legal obligation is to be fulfilled.
Your personal data will be stored and used exclusively for the purpose of conducting the draw and will be deleted within a maximum of 30 days after the end of the draw.

The winner must provide their postal address for the purpose of processing the prize. Your data will only be used to conduct the draw and not for any other purpose. Your data will only be transmitted to third parties if this is necessary for the execution of the draw (e.g. web agencies). Your data will not be transferred to other third parties.
Furthermore, your data will be transmitted to internal departments involved in the execution of the respective business processes, e.g. bookkeeping, accounting, purchasing, IT. As soon as the business purpose of conducting the draw has been fulfilled and you have not been determined as the winner, we will delete your data within one month of the end of the draw. If you have been determined as the winner, there are retention periods under tax and commercial law. These are 10 years for accounting documents in accordance with Section 147 (1) of the German Fiscal Code (AO) and 6 years for business documents in accordance with Section 257 (1) of the German Commercial Code (HGB).

Participants have the opportunity at any time to obtain information on the status of the storage of their personal data and to request its deletion. However, further participation in the draw is then no longer possible. The blocking/deletion request (revocation) should be sent to the address stated under point 1.

8. DISCLOSURE OF DATA

Your personal data will only be passed on to third parties
- if you have given your express consent to this in accordance with Art. 6 para. 1 a) GDPR;
- if the disclosure is necessary for the fulfillment of contractual obligations pursuant to Art. 6 para. 1 b) GDPR;
- if we are legally obliged to pass on the data within the meaning of Art. 6 para. 1 c) GDPR;
- if the disclosure of the data is in the public interest within the meaning of Art. 6 para. 1 e) GDPR or;
- if the disclosure of the data is necessary to protect our legitimate interests or the legitimate interests of a third party in accordance with Art. 6 para. 1 f) GDPR, unless your interests in the protection of your data prevail.

9. DATA CATEGORIES

We process the following categories of data: master data (such as company, contact person if applicable, address), communication data, contract data, receivables data, payment and default information if applicable. See the information above.

10. CATEGORIES OF RECIPIENTS

Processors
We use IT service providers who work exclusively on our behalf and in accordance with our instructions (order processing) to provide the service offered, e.g. the hosting of this website or the operation of our IT. These service providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
Third party recipients
In order to process your requests satisfactorily, we may have to pass on your personal data to third-party recipients such as e-mail providers.

11. DURATION OF STORAGE OF PERSONAL DATA

Your data will be stored by us for as long as it is required for the purposes on which the processing is based. Beyond this, we only store data insofar as we are legally obliged to do so, e.g. due to statutory retention obligations.

12. INFORMATION ON THE RIGHT OF OBJECTION

An objection to the processing of personal data concerning you on the basis of Article 6 (1) e) GDPR (data processing in the public interest) or Article 6 (1) f) GDPR (data processing to safeguard legitimate interests on the basis of a balancing of interests) is possible at any time in accordance with Article 21 GDPR. In the event of an objection, the personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Please address your objection to the address stated under point 1.

13. INFORMATION ON THE RIGHT OF WITHDRAWAL

If you have given us your consent to process your personal data, you can withdraw this consent at any time. Of course, this also applies to declarations of consent given to us before May 25, 2018 (before the GDPR came into force). The revocation of consent can only take effect for the future. The legality of the processing is not retroactively removed by a revocation.
Please send your revocation to the address stated under point 1.

14. CURRENCY

This privacy policy is dated 23.11.2023. It is the current and valid version of our privacy policy.
However, we would like to point out that it may be necessary to revise this privacy policy from time to time due to actual or legal changes.