Data policy

Introduction

With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as “data”) we process for which purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both within the framework the provision of our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”).

The terms used are not gender specific.

As of August 18, 2022

Table of Contents

  • introduction
  • Responsible
  • Overview of processing
  • Relevant legal bases
  • Safety measures
  • Transmission of personal data
  • Data processing in third countries
  • deletion of data
  • Use of cookies
  • Provision of the online offer and web hosting
  • Contact and request management
  • Presence in social networks (social media)
  • Plugins and embedded functions and content
  • Change and update of the privacy policy
  • Rights of data subjects
  • definitions of terms

Responsible

Phillip Wilson
Tharandter Str. 2
10717 Berlin Authorized representatives:

Phillip Wilson

Email address: datapolicy@tobetold.film

Imprint: tobetold.film/impressum

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

inventory data.

Contact details.

content data.

usage data.

Meta/Communication Data.

Categories of data subjects

communication partner.

user.

purposes of processing

Provision of contractual services and customer service.

Contact Requests and Communication.

Safety measures.

Management and response to inquiries.

feedback.

Marketing.

Provision of our online offer and user-friendliness.

information technology infrastructure.

Relevant legal bases

Below you will find an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of them in the data protection declaration.

Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) – The processing is necessary for the fulfillment of a contract to which the data subject is party, or for the implementation of pre-contractual measures which are required at the request of the data subject take place.

Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) – Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which protect personal Data require prevail.

In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data in data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

Safety measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.

The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, securing availability and their separation. Furthermore, we have set up procedures that enable the rights of those affected to be exercised, the deletion of data